1.\" $NetBSD: tun.4,v 1.8 2001/05/19 17:23:39 jdolecek Exp $ 2.\" Based on PR#2411 3.\" 4.Dd March 10, 1996 5.Dt TUN 4 6.Os 7.Sh NAME 8.Nm tun 9.Nd tunnel software network interface 10.Sh SYNOPSIS 11.Cd pseudo-device tun Op Ar count 12.Sh DESCRIPTION 13The 14.Nm tun 15interface is a software loopback mechanism that can be loosely 16described as the network interface analog of the 17.Xr pty 4 , 18that is, 19.Nm tun 20does for network interfaces what the 21.Nm pty 22driver does for terminals. 23.Pp 24The 25.Nm tun 26driver, like the 27.Nm pty 28driver, provides two interfaces: an interface like the usual facility 29it is simulating 30.Po 31a network interface in the case of 32.Nm tun , 33or a terminal for 34.Nm pty 35.Pc , 36and a character-special device 37.Dq control 38interface. 39.Pp 40The network interfaces are named 41.Sy tun Ns Ar 0 , 42.Sy tun Ns Ar 1 , 43etc, as many in all as the 44.Ar count 45figure given on the 46.Sy pseudo-device 47line. Each one supports the usual network-interface 48.Xr ioctl 2 Ns s, 49such as 50.Dv SIOCSIFADDR 51and 52.Dv SIOCSIFNETMASK , 53and thus can be used with 54.Xr ifconfig 8 55like any other interface. At boot time, they are 56.Dv POINTOPOINT 57interfaces, but this can be changed; see the description of the control 58device, below. When the system chooses to transmit a packet on the 59network interface, the packet can be read from the control device 60.Po 61it appears as 62.Dq input 63there 64.Pc ; 65writing a packet to the control device generates an input 66packet on the network interface, as if the 67.Pq non-existent 68hardware had just received it. 69.Pp 70The tunnel device, normally 71.Pa /dev/tun Ns Sy N , 72is exclusive-open 73.Po 74it cannot be opened if it is already open 75.Pc 76and is restricted to the super-user. A 77.Fn read 78call will return an error 79.Pq Er EHOSTDOWN 80if the interface is not 81.Dq ready 82(which means that the control device is open and the interface 83address has been set). 84Once the interface is ready, 85.Fn read 86will return a packet if one is available; if not, it will either block 87until one is or return 88.Er EAGAIN , 89depending on whether non-blocking I/O has been enabled. If the packet 90is longer than is allowed for in the buffer passed to 91.Fn read , 92the extra data will be silently dropped. 93.Pp 94Packets can be optionally prepended with the destination address as presented 95to the network interface output routine 96.Pq Sq Li tunoutput . 97The destination address is in 98.Sq Li struct sockaddr 99format. The actual length of the prepended address is in the member 100.Sq Li sa_len . 101The packet data follows immediately. 102A 103.Xr write 2 104call passes a packet in to be 105.Dq received 106on the pseudo-interface. Each 107.Fn write 108call supplies exactly one packet; the packet length is taken from the 109amount of data provided to 110.Fn write . 111Writes will not block; if the packet cannot be accepted for a 112transient reason 113.Pq e.g., no buffer space available , 114it is silently dropped; if the reason is not transient 115.Pq e.g., packet too large , 116an error is returned. 117If 118.Dq link-layer mode 119is on 120.Pq see Dv TUNSLMODE No below , 121the actual packet data must be preceded by a 122.Sq Li struct sockaddr . 123The driver currently only inspects the 124.Sq Li sa_family 125field. 126The following 127.Xr ioctl 2 128calls are supported 129.Pq defined in Aq Pa net/if_tun.h Ns : 130.Bl -tag -width TUNSIFMODE 131.It Dv TUNSDEBUG 132The argument should be a pointer to an 133.Va int ; 134this sets the internal debugging variable to that value. What, if 135anything, this variable controls is not documented here; see the source 136code. 137.It Dv TUNGDEBUG 138The argument should be a pointer to an 139.Va int ; 140this stores the internal debugging variable's value into it. 141.It Dv TUNSIFMODE 142The argument should be a pointer to an 143.Va int ; 144its value must be either 145.Dv IFF_POINTOPOINT 146or 147.Dv IFF_BROADCAST 148(optionally 149.Dv IFF_MULTICAST 150may be or'ed into the value). The type of the corresponding 151.Em tun Ns Sy n 152interface is set to the supplied type. If the value is anything else, 153an 154.Er EINVAL 155error occurs. The interface must be down at the time; if it is up, an 156.Er EBUSY 157error occurs. 158.It Dv TUNSLMODE 159The argument should be a pointer to an 160.Va int ; 161a non-zero value turns on 162.Dq link-layer 163mode, causing packets read from the tunnel device to be prepended with 164network destination address. 165.It Dv FIONBIO 166Turn non-blocking I/O for reads off or on, according as the argument 167.Va int Ns 's 168value is or isn't zero 169.Pq Writes are always nonblocking . 170.It Dv FIOASYNC 171Turn asynchronous I/O for reads 172.Po 173i.e., generation of 174.Dv SIGIO 175when data is available to be read 176.Pc off or on, according as the argument 177.Va int Ns 's 178value is or isn't zero. 179.It Dv FIONREAD 180If any packets are queued to be read, store the size of the first one 181into the argument 182.Va int ; 183otherwise, store zero. 184.It Dv TIOCSPGRP 185Set the process group to receive 186.Dv SIGIO 187signals, when asynchronous I/O is enabled, to the argument 188.Va int 189value. 190.It Dv TIOCGPGRP 191Retrieve the process group value for 192.Dv SIGIO 193signals into the argument 194.Va int 195value. 196.El 197.Pp 198The control device also supports 199.Xr select 2 200for read; selecting for write is pointless, and always succeeds, since 201writes are always non-blocking. 202.Pp 203On the last close of the data device, by default, the interface is 204brought down 205.Po as if with 206.Dq ifconfig tun Ns Sy n No down 207.Pc . 208All queued packets are thrown away. 209If the interface is up when the data device is not open 210output packets are always thrown away rather than letting 211them pile up. 212.Sh SEE ALSO 213.Xr intro 4 , 214.Xr inet 4 215.Sh BUGS 216Currently is IPv4-only. 217