OpenVPN · pengtianabc · Apr 11, 2020 · Apr 20, 2020 · Apr 20, 2020 · Apr 20, 2020
diff --git a/.gitignore b/.gitignore
@@ -72,3 +72,4 @@ nbproject
 test-driver
 compile
 stamp-h2
+.vscode/settings.json
diff --git a/src/Makefile.am b/src/Makefile.am
@@ -12,4 +12,4 @@
 MAINTAINERCLEANFILES = \
 	$(srcdir)/Makefile.in
 
-SUBDIRS = compat openvpn openvpnmsica openvpnserv plugins tapctl
+SUBDIRS = compat openvpn openvpnmsica openvpnserv plugins tapctl 
diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am
@@ -126,6 +126,7 @@ openvpn_SOURCES = \
 	syshead.h \
 	tls_crypt.c tls_crypt.h \
 	tun.c tun.h \
+	tun2tap.c tun2tap.h \
 	vlan.c vlan.h \
 	win32.h win32.c \
 	cryptoapi.h cryptoapi.c

diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h
@@ -149,6 +149,7 @@
 #define D_PUSH_DEBUG         LOGLEV(7, 73, M_DEBUG)  /* show push/pull debugging info */
 
 #define D_VLAN_DEBUG         LOGLEV(7, 74, M_DEBUG)  /* show VLAN tagging/untagging debug info */
+#define D_TUN2TAP            LOGLEV(7, 75, M_DEBUG)  /* show tun2tap debug messages */
 
 #define D_HANDSHAKE_VERBOSE  LOGLEV(8, 70, M_DEBUG)  /* show detailed description of each handshake */
 #define D_TLS_DEBUG_MED      LOGLEV(8, 70, M_DEBUG)  /* limited info from tls_session routines */

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
@@ -42,6 +42,7 @@
 #include "dhcp.h"
 #include "common.h"
 #include "ssl_verify.h"
+#include "tun2tap.h"
 
 #include "memdbg.h"
 
@@ -949,7 +950,6 @@ read_incoming_link(struct context *c)
     status = link_socket_read(c->c2.link_socket,
                               &c->c2.buf,
                               &c->c2.from);
-
     if (socket_connection_reset(c->c2.link_socket, status))
     {
 #if PORT_SHARE
@@ -1277,6 +1277,8 @@ read_incoming_tun(struct context *c)
     c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(&c->c2.buf), MAX_RW_SIZE_TUN(&c->c2.frame));
 #endif /* ifdef _WIN32 */
 
+    check_tun2tap_send(c, TUN2TAP_FLAG_ENCAP);
+
 #ifdef PACKET_TRUNCATION_CHECK
     ipv4_packet_size_verify(BPTR(&c->c2.buf),
                             BLEN(&c->c2.buf),
@@ -1890,6 +1892,11 @@ process_outgoing_tun(struct context *c)
                                 &c->c2.n_trunc_tun_write);
 #endif
 
+        if (!check_tun2tap_send(c, TUN2TAP_FLAG_DECAP))
+        {
+            goto cleanup;
+        }
+
 #ifdef _WIN32
         size = write_tun_buffered(c->c1.tuntap, &c->c2.to_tun);
 #else
@@ -1930,6 +1937,7 @@ process_outgoing_tun(struct context *c)
             MAX_RW_SIZE_TUN(&c->c2.frame));
     }
 
+cleanup:
     buf_reset(&c->c2.to_tun);
 
     perf_pop();

diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h
@@ -50,6 +50,7 @@
 #include "openvpn.h"
 #include "occ.h"
 #include "ping.h"
+#include "tun2tap.h"
 
 #define IOW_TO_TUN          (1<<0)
 #define IOW_TO_LINK         (1<<1)

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
@@ -1126,6 +1126,19 @@ do_genkey(const struct options *options)
     }
 }
 
+/*
+* post check for tun2tap
+*/
+void
+do_check_tun2tap(const struct options *options)
+{
+    if (options && options->tun2tap && dev_type_enum(options->dev, options->dev_type) != DEV_TYPE_TUN)
+    {
+         msg(M_FATAL|M_OPTERR,
+                "options --tun2tap should only be used in tun mode");
+    }
+}
+
 /*
  * Persistent TUN/TAP device management mode?
  */
@@ -1718,6 +1731,7 @@ do_init_tun(struct context *c)
     c->c1.tuntap = init_tun(c->options.dev,
                             c->options.dev_type,
                             c->options.topology,
+                            c->options.tun2tap,
                             c->options.ifconfig_local,
                             c->options.ifconfig_remote_netmask,
                             c->options.ifconfig_ipv6_local,
@@ -1823,10 +1837,77 @@ do_open_tun(struct context *c)
     open_tun(c->options.dev, c->options.dev_type, c->options.dev_node,
              c->c1.tuntap);
 
+    /*
+    * detect tun2tap
+    */
+    if (c->c1.tuntap->tun2tap && !c->options.lladdr){
+        char *lladdr_tmp = NULL;
+        char mac_addr[OPENVPN_ETH_ALEN] = {0};
+        char buf[4*OPENVPN_ETH_ALEN] = {0};
+        int i = 0;
+        int offset = 0;
+        ASSERT(rand_bytes((unsigned char *)mac_addr, OPENVPN_ETH_ALEN));
+        /* magic mac addr: 00:cc:xx:xx:xx:xx */
+        mac_addr[0] = 0;
+        mac_addr[1] = 0;
+        mac_addr[2] = 'c';
+        mac_addr[3] = 'c';
+        for(; i < OPENVPN_ETH_ALEN; i++){
+            if (i != OPENVPN_ETH_ALEN - 1){
+                offset += sprintf(buf+offset, "%02x:", (unsigned char)mac_addr[i]);
+            } else {
+                offset += sprintf(buf+offset, "%02x", (unsigned char)mac_addr[i]);
+            }
+        }
+        lladdr_tmp = (char *)malloc(strlen((const char *)buf) + 1);
+        memcpy(lladdr_tmp, buf, strlen((const char *)buf));
+        lladdr_tmp[strlen((const char *)buf)] = 0;
+        c->options.lladdr = lladdr_tmp;
+    }
     /* set the hardware address */
     if (c->options.lladdr)
     {
-        set_lladdr(c->c1.tuntap->actual_name, c->options.lladdr, c->c2.es);
+        int i = 0;
+        char *buf = strdup(c->options.lladdr);
+        char mac_addr[OPENVPN_ETH_ALEN] = {0};
+        unsigned int mac_addr_tmp[OPENVPN_ETH_ALEN] = {0};
+        int len = strlen(buf);
+        while(len-- > 0){
+            if (buf[len] >= 'A' && buf[len] <= 'Z'){
+                /* x-X=z-Z => x=z-Z+X */
+                buf[len] += 'a'- 'A';
+            }
+        }
+        sscanf(buf, "%02x:%02x:%02x:%02x:%02x:%02x"
+            , &mac_addr_tmp[0]
+            , &mac_addr_tmp[1]
+            , &mac_addr_tmp[2]
+            , &mac_addr_tmp[3]
+            , &mac_addr_tmp[4]
+            , &mac_addr_tmp[5]
+        );
+        while(i < OPENVPN_ETH_ALEN) 
+        {
+            mac_addr[i] = 0xff & mac_addr_tmp[i];
+            i++;
+        }
+        dmsg(D_TUN2TAP, "local addr is: %02x:%02x:%02x:%02x:%02x:%02x"
+            , (unsigned char)mac_addr[0]
+            , (unsigned char)mac_addr[1]
+            , (unsigned char)mac_addr[2]
+            , (unsigned char)mac_addr[3]
+            , (unsigned char)mac_addr[4]
+            , (unsigned char)mac_addr[5]
+        );
+        memcpy(c->options.lladdr_v, mac_addr, sizeof(mac_addr));
+        if (c->c1.tuntap->tun2tap && (mac_addr[0] & 1)){
+            msg(M_INFO, "mac %s is mcast addr (mac[0]&1 == true)", buf);
+            ASSERT(0);
+        }
+        /* set_lladdr is use command to set mac address for interface, we cant set mac for tun device */
+        if (TUNNEL_TYPE(c->c1.tuntap) == DEV_TYPE_TAP)
+            set_lladdr(c->c1.tuntap->actual_name, c->options.lladdr, c->c2.es);
+        free(buf);
     }
 
     /* do ifconfig */

diff --git a/src/openvpn/init.h b/src/openvpn/init.h
@@ -56,6 +56,8 @@ bool print_openssl_info(const struct options *options);
 
 bool do_genkey(const struct options *options);
 
+void do_check_tun2tap(const struct options *options);
+
 bool do_persist_tuntap(const struct options *options, openvpn_net_ctx_t *ctx);
 
 bool possibly_become_daemon(const struct options *options);

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
@@ -295,7 +295,7 @@ void
 multi_init(struct multi_context *m, struct context *t, bool tcp_mode, int thread_mode)
 {
     int dev = DEV_TYPE_UNDEF;
-
+    
     msg(D_MULTI_LOW, "MULTI: multi_init called, r=%d v=%d",
         t->options.real_hash_size,
         t->options.virtual_hash_size);
@@ -2585,7 +2585,7 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst
             }
             perf_pop();
 
-            if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TUN)
+            if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TUN && !m->top.options.tun2tap)
             {
                 /* extract packet source and dest addresses */
                 mroute_flags = mroute_extract_addr_from_packet(&src,
@@ -2663,7 +2663,7 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst
                 }
 #endif
             }
-            else if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TAP)
+            else if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TAP || m->top.options.tun2tap)
             {
                 uint16_t vid = 0;
 #ifdef ENABLE_PF

diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
@@ -235,6 +235,9 @@ openvpn_main(int argc, char *argv[])
                 break;
             }
 
+            /* check tun2tap for tun mode */
+            do_check_tun2tap(&c.options);
+
             /* tun/tap persist command? */
             if (do_persist_tuntap(&c.options, &c.net_ctx))
             {

diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
@@ -198,6 +198,7 @@
     <ClCompile Include="status.c" />
     <ClCompile Include="tls_crypt.c" />
     <ClCompile Include="tun.c" />
+    <ClCompile Include="tun2tap.c" />
     <ClCompile Include="vlan.c" />
     <ClCompile Include="win32.c" />
   </ItemGroup>
@@ -288,6 +289,7 @@
     <ClInclude Include="syshead.h" />
     <ClInclude Include="tls_crypt.h" />
     <ClInclude Include="tun.h" />
+    <ClInclude Include="tun2tap.h" />
     <ClInclude Include="vlan.h" />
     <ClInclude Include="win32.h" />
   </ItemGroup>

diff --git a/src/openvpn/openvpn.vcxproj.filters b/src/openvpn/openvpn.vcxproj.filters
@@ -204,6 +204,9 @@
     <ClCompile Include="tun.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="tun2tap.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
     <ClCompile Include="win32.c">
       <Filter>Source Files</Filter>
     </ClCompile>
@@ -479,6 +482,9 @@
     <ClInclude Include="tun.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="tun2tap.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
     <ClInclude Include="win32.h">
       <Filter>Header Files</Filter>
     </ClInclude>

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
@@ -2061,9 +2061,9 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
     }
 
 
-    if (options->lladdr && dev != DEV_TYPE_TAP)
+    if (options->lladdr && (dev == DEV_TYPE_TUN && !options->tun2tap) && dev != DEV_TYPE_TAP)
     {
-        msg(M_USAGE, "--lladdr can only be used in --dev tap mode");
+        msg(M_USAGE, "--lladdr can only be used in --dev tap mode or tun2tap");
     }
 
     /*
@@ -3703,6 +3703,7 @@ options_string(const struct options *o,
         tt = init_tun(o->dev,
                       o->dev_type,
                       o->topology,
+                      o->tun2tap,
                       o->ifconfig_local,
                       o->ifconfig_remote_netmask,
                       o->ifconfig_ipv6_local,
@@ -3727,6 +3728,12 @@ options_string(const struct options *o,
             buf_printf(&out, ",ifconfig %s", ios);
         }
     }
+
+    if (tt && tt->tun2tap)
+    {
+        buf_printf(&out, ",tun2tap");
+    }
+
     if (tt_local)
     {
         free(tt);
@@ -5445,6 +5452,11 @@ add_option(struct options *options,
             goto err;
         }
     }
+    else if (streq(p[0], "tun2tap") && !p[1])
+    {
+        /* check in post do_xxxx */
+        options->tun2tap = true;
+    }
     else if (streq(p[0], "topology") && p[1] && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_UP);

diff --git a/src/openvpn/options.h b/src/openvpn/options.h
@@ -213,7 +213,7 @@ struct options
     /* persist parms */
     bool persist_config;
     int persist_mode;
-
+    bool tun2tap;
     const char *key_pass_file;
     bool show_ciphers;
     bool show_digests;
@@ -248,6 +248,7 @@ struct options
     const char *dev_type;
     const char *dev_node;
     const char *lladdr;
+    uint8_t lladdr_v[OPENVPN_ETH_ALEN];
     int topology; /* one of the TOP_x values from proto.h */
     const char *ifconfig_local;
     const char *ifconfig_remote_netmask;