public/homebrew-sid
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
homebrew-sid/patches/feth-device.patch

438 lines
10 KiB
Diff
Raw Permalink Normal View History

Initial commit
2026-04-13 10:03:41 -06:00
--- tinc-1.0.37/src/bsd/device.c 2025-11-08 15:46:26
+++ tinc-1.0.37-patched/src/bsd/device.c 2026-03-21 14:13:44
@@ -39,6 +39,11 @@
#include <net/if_utun.h>
#endif
+#ifdef HAVE_DARWIN
+#include <net/bpf.h>
+#include <net/ndrv.h>
+#endif
+
#define DEFAULT_TUN_DEVICE "/dev/tun0"
#define DEFAULT_TAP_DEVICE "/dev/tap0"
@@ -50,6 +55,9 @@
DEVICE_TYPE_TUNEMU,
#endif
DEVICE_TYPE_UTUN,
+#ifdef HAVE_DARWIN
+ DEVICE_TYPE_FETH,
+#endif
} device_type_t;
int device_fd = -1;
@@ -64,8 +72,302 @@
static device_type_t device_type = DEVICE_TYPE_TUNIFHEAD;
#else
static device_type_t device_type = DEVICE_TYPE_TUN;
+#endif
+
+#ifdef HAVE_DARWIN
+/* feth (fake ethernet) device support for macOS 10.13+
+ *
+ * Uses undocumented feth interfaces (like Linux veth pairs) to provide
+ * Layer 2 / TAP functionality without kernel extensions.
+ *
+ * Architecture:
+ * feth<N> (primary) - gets IP assignments, used by tinc-up scripts
+ * feth<N+5000> (peer) - used for packet I/O via BPF read + AF_NDRV write
+ *
+ * Based on ZeroTier's MacEthernetTapAgent approach.
+ */
+
+#define FETH_BPF_BUFSIZE 131072
+#define FETH_PEER_OFFSET 5000
+#define DEFAULT_FETH_NUM 0
+
+static int feth_ndrv_fd = -1;
+static int feth_num = -1;
+static char feth_primary[IFNAMSIZ];
+static char feth_peer[IFNAMSIZ];
+static uint8_t feth_bpf_buf[FETH_BPF_BUFSIZE];
+static int feth_bpf_buf_len = 0;
+static int feth_bpf_buf_offset = 0;
+
+static bool feth_run_cmd(const char *cmd) {
+ ifdebug(TRAFFIC) logger(LOG_DEBUG, "Executing: %s", cmd);
+
+ int ret = system(cmd);
+
+ if(ret != 0) {
+ logger(LOG_ERR, "Command failed (exit %d): %s", ret, cmd);
+ return false;
+ }
+
+ return true;
+}
+
+static bool setup_feth(void) {
+ char cmd[512];
+
+ /* Parse device number from Device config (e.g. "feth0" -> 0) */
+ feth_num = DEFAULT_FETH_NUM;
+
+ if(device) {
+ char *p = strstr(device, "feth");
+
+ if(p) {
+ int n = atoi(p + 4);
+
+ if(n >= 0 && n < FETH_PEER_OFFSET) {
+ feth_num = n;
+ }
+ }
+ }
+
+ snprintf(feth_primary, sizeof(feth_primary), "feth%d", feth_num);
+ snprintf(feth_peer, sizeof(feth_peer), "feth%d", feth_num + FETH_PEER_OFFSET);
+
+ /* Create feth pair */
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s create", feth_peer);
+
+ if(!feth_run_cmd(cmd)) {
+ logger(LOG_ERR, "Could not create feth peer interface %s", feth_peer);
+ return false;
+ }
+
+ usleep(10000); /* Brief delay for interface to stabilize */
+
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s create", feth_primary);
+
+ if(!feth_run_cmd(cmd)) {
+ logger(LOG_ERR, "Could not create feth primary interface %s", feth_primary);
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s destroy 2>/dev/null", feth_peer);
+ feth_run_cmd(cmd);
+ return false;
+ }
+
+ /* Peer the interfaces */
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s peer %s", feth_peer, feth_primary);
+
+ if(!feth_run_cmd(cmd)) {
+ logger(LOG_ERR, "Could not peer %s with %s", feth_peer, feth_primary);
+ goto cleanup;
+ }
+
+ /* Set MTU */
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s mtu 1500", feth_primary);
+ feth_run_cmd(cmd);
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s mtu 1500", feth_peer);
+ feth_run_cmd(cmd);
+
+ /* Bring interfaces up */
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s up", feth_primary);
+
+ if(!feth_run_cmd(cmd)) {
+ goto cleanup;
+ }
+
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s up", feth_peer);
+
+ if(!feth_run_cmd(cmd)) {
+ goto cleanup;
+ }
+
+ /* Open BPF device */
+ char bpf_path[32];
+
+ for(int i = 1; i < 5000; i++) {
+ snprintf(bpf_path, sizeof(bpf_path), "/dev/bpf%d", i);
+ device_fd = open(bpf_path, O_RDWR);
+
+ if(device_fd >= 0) {
+ break;
+ }
+ }
+
+ if(device_fd < 0) {
+ logger(LOG_ERR, "Could not open any BPF device: %s", strerror(errno));
+ goto cleanup;
+ }
+
+#ifdef FD_CLOEXEC
+ fcntl(device_fd, F_SETFD, FD_CLOEXEC);
+#endif
+
+ /* Configure BPF - order matters: BIOCSBLEN must come before BIOCSETIF */
+ int bpf_bufsize = FETH_BPF_BUFSIZE;
+
+ if(ioctl(device_fd, BIOCSBLEN, &bpf_bufsize) == -1) {
+ logger(LOG_ERR, "Could not set BPF buffer size: %s", strerror(errno));
+ goto cleanup_bpf;
+ }
+
+ struct ifreq ifr;
+ memset(&ifr, 0, sizeof(ifr));
+ strlcpy(ifr.ifr_name, feth_peer, sizeof(ifr.ifr_name));
+
+ if(ioctl(device_fd, BIOCSETIF, &ifr) == -1) {
+ logger(LOG_ERR, "Could not bind BPF to %s: %s", feth_peer, strerror(errno));
+ goto cleanup_bpf;
+ }
+
+ int enable = 1;
+
+ if(ioctl(device_fd, BIOCIMMEDIATE, &enable) == -1) {
+ logger(LOG_ERR, "Could not set BIOCIMMEDIATE: %s", strerror(errno));
+ goto cleanup_bpf;
+ }
+
+ int disable = 0;
+
+ if(ioctl(device_fd, BIOCSSEESENT, &disable) == -1) {
+ logger(LOG_ERR, "Could not set BIOCSSEESENT: %s", strerror(errno));
+ goto cleanup_bpf;
+ }
+
+ if(ioctl(device_fd, BIOCSHDRCMPLT, &enable) == -1) {
+ logger(LOG_ERR, "Could not set BIOCSHDRCMPLT: %s", strerror(errno));
+ goto cleanup_bpf;
+ }
+
+ if(ioctl(device_fd, BIOCPROMISC, NULL) == -1) {
+ logger(LOG_ERR, "Could not set BPF promiscuous mode: %s", strerror(errno));
+ goto cleanup_bpf;
+ }
+
+ /* Set non-blocking mode for integration with tinc's event loop */
+ fcntl(device_fd, F_SETFL, O_NONBLOCK);
+
+ /* Open AF_NDRV socket for writing packets */
+ feth_ndrv_fd = socket(PF_NDRV, SOCK_RAW, 0);
+
+ if(feth_ndrv_fd < 0) {
+ logger(LOG_ERR, "Could not create AF_NDRV socket: %s", strerror(errno));
+ goto cleanup_bpf;
+ }
+
+#ifdef FD_CLOEXEC
+ fcntl(feth_ndrv_fd, F_SETFD, FD_CLOEXEC);
#endif
+ struct sockaddr_ndrv sa_ndrv;
+ memset(&sa_ndrv, 0, sizeof(sa_ndrv));
+ sa_ndrv.snd_len = sizeof(sa_ndrv);
+ sa_ndrv.snd_family = AF_NDRV;
+ strlcpy((char *)sa_ndrv.snd_name, feth_peer, sizeof(sa_ndrv.snd_name));
+
+ if(bind(feth_ndrv_fd, (struct sockaddr *)&sa_ndrv, sizeof(sa_ndrv)) == -1) {
+ logger(LOG_ERR, "Could not bind AF_NDRV socket to %s: %s", feth_peer, strerror(errno));
+ goto cleanup_ndrv;
+ }
+
+ if(connect(feth_ndrv_fd, (struct sockaddr *)&sa_ndrv, sizeof(sa_ndrv)) == -1) {
+ logger(LOG_ERR, "Could not connect AF_NDRV socket to %s: %s", feth_peer, strerror(errno));
+ goto cleanup_ndrv;
+ }
+
+ /* Set interface name for tinc-up scripts */
+ iface = xstrdup(feth_primary);
+ device_info = "macOS feth device";
+
+ /* Initialize BPF read buffer state */
+ feth_bpf_buf_len = 0;
+ feth_bpf_buf_offset = 0;
+
+ logger(LOG_INFO, "%s is a %s (peer: %s, bpf: %s)", feth_primary, device_info, feth_peer, bpf_path);
+
+ return true;
+
+cleanup_ndrv:
+ close(feth_ndrv_fd);
+ feth_ndrv_fd = -1;
+cleanup_bpf:
+ close(device_fd);
+ device_fd = -1;
+cleanup:
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s destroy 2>/dev/null", feth_primary);
+ feth_run_cmd(cmd);
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s destroy 2>/dev/null", feth_peer);
+ feth_run_cmd(cmd);
+ return false;
+}
+
+static void close_feth(void) {
+ char cmd[256];
+
+ if(feth_ndrv_fd >= 0) {
+ close(feth_ndrv_fd);
+ feth_ndrv_fd = -1;
+ }
+
+ if(device_fd >= 0) {
+ close(device_fd);
+ device_fd = -1;
+ }
+
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s destroy 2>/dev/null", feth_primary);
+ feth_run_cmd(cmd);
+ snprintf(cmd, sizeof(cmd), "/sbin/ifconfig %s destroy 2>/dev/null", feth_peer);
+ feth_run_cmd(cmd);
+
+ logger(LOG_INFO, "Destroyed feth pair %s/%s", feth_primary, feth_peer);
+}
+
+static bool read_feth_packet(vpn_packet_t *packet) {
+ /* BPF returns multiple packets per read() in a buffer with bpf_hdr prefixes.
+ * We maintain a static buffer and return one packet per call. */
+
+ if(feth_bpf_buf_offset >= feth_bpf_buf_len) {
+ /* Buffer exhausted, read more from BPF */
+ feth_bpf_buf_len = read(device_fd, feth_bpf_buf, FETH_BPF_BUFSIZE);
+
+ if(feth_bpf_buf_len <= 0) {
+ if(errno == EAGAIN || errno == EWOULDBLOCK) {
+ return false;
+ }
+
+ logger(LOG_ERR, "Error reading from BPF: %s", strerror(errno));
+ return false;
+ }
+
+ feth_bpf_buf_offset = 0;
+ }
+
+ /* Parse next packet from buffer */
+ struct bpf_hdr *bh = (struct bpf_hdr *)(feth_bpf_buf + feth_bpf_buf_offset);
+ uint8_t *frame = feth_bpf_buf + feth_bpf_buf_offset + bh->bh_hdrlen;
+ int caplen = bh->bh_caplen;
+
+ /* Advance offset to next packet (word-aligned) */
+ feth_bpf_buf_offset += BPF_WORDALIGN(bh->bh_hdrlen + bh->bh_caplen);
+
+ if(caplen <= 0 || caplen > MTU) {
+ ifdebug(TRAFFIC) logger(LOG_DEBUG, "Dropping oversized feth packet (%d bytes)", caplen);
+ return false;
+ }
+
+ memcpy(packet->data, frame, caplen);
+ packet->len = caplen;
+
+ return true;
+}
+
+static bool write_feth_packet(vpn_packet_t *packet) {
+ if(write(feth_ndrv_fd, packet->data, packet->len) < 0) {
+ logger(LOG_ERR, "Error writing to feth AF_NDRV: %s", strerror(errno));
+ return false;
+ }
+
+ return true;
+}
+#endif /* HAVE_DARWIN */
+
#ifdef HAVE_NET_IF_UTUN_H
static bool setup_utun(void) {
device_fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL);
@@ -154,6 +456,12 @@
}
#endif
+#ifdef HAVE_DARWIN
+ else if(!strcasecmp(type, "feth")) {
+ device_type = DEVICE_TYPE_FETH;
+ }
+
+#endif
else if(!strcasecmp(type, "tunnohead")) {
device_type = DEVICE_TYPE_TUN;
} else if(!strcasecmp(type, "tunifhead")) {
@@ -169,6 +477,12 @@
if(strncmp(device, "utun", 4) == 0 || strncmp(device, "/dev/utun", 9) == 0) {
device_type = DEVICE_TYPE_UTUN;
+ } else
+#endif
+#ifdef HAVE_DARWIN
+
+ if(strncmp(device, "feth", 4) == 0) {
+ device_type = DEVICE_TYPE_FETH;
} else
#endif
if(strstr(device, "tap") || routing_mode != RMODE_ROUTER) {
@@ -176,11 +490,22 @@
}
}
+#ifdef HAVE_DARWIN
+
+ if(routing_mode == RMODE_SWITCH && device_type != DEVICE_TYPE_TAP && device_type != DEVICE_TYPE_FETH) {
+ logger(LOG_ERR, "Only tap or feth devices support switch mode!");
+ return false;
+ }
+
+#else
+
if(routing_mode == RMODE_SWITCH && device_type != DEVICE_TYPE_TAP) {
logger(LOG_ERR, "Only tap devices support switch mode!");
return false;
}
+#endif
+
// Open the device
switch(device_type) {
@@ -197,7 +522,12 @@
case DEVICE_TYPE_UTUN:
return setup_utun();
#endif
+#ifdef HAVE_DARWIN
+ case DEVICE_TYPE_FETH:
+ return setup_feth();
+#endif
+
default:
device_fd = open(device, O_RDWR | O_NONBLOCK);
}
@@ -336,7 +666,13 @@
tunemu_close(device_fd);
break;
#endif
+#ifdef HAVE_DARWIN
+ case DEVICE_TYPE_FETH:
+ close_feth();
+ break;
+#endif
+
default:
close(device_fd);
}
@@ -427,6 +763,16 @@
packet->len = lenin;
break;
+#ifdef HAVE_DARWIN
+
+ case DEVICE_TYPE_FETH:
+ if(!read_feth_packet(packet)) {
+ return false;
+ }
+
+ break;
+#endif
+
default:
return false;
}
@@ -506,6 +852,16 @@
break;
#endif
+#ifdef HAVE_DARWIN
+
+ case DEVICE_TYPE_FETH:
+ if(!write_feth_packet(packet)) {
+ return false;
+ }
+
+ break;
+#endif
+
default:
return false;
}
Reference in a new issue Copy permalink