feature: add tun2tap support for tun client with tap server

src/Makefile.am

@@ -12,4 +12,4 @@
 MAINTAINERCLEANFILES = \
 	$(srcdir)/Makefile.in
 
-SUBDIRS = compat openvpn openvpnmsica openvpnserv plugins tapctl
+SUBDIRS = compat openvpn openvpnmsica openvpnserv plugins tapctl 

src/openvpn/Makefile.am

@@ -126,6 +126,7 @@ openvpn_SOURCES = \
 	syshead.h \
 	tls_crypt.c tls_crypt.h \
 	tun.c tun.h \
+	tun2tap.c tun2tap.h \
 	vlan.c vlan.h \
 	win32.h win32.c \
 	cryptoapi.h cryptoapi.c

src/openvpn/errlevel.h

@@ -149,6 +149,7 @@
 #define D_PUSH_DEBUG         LOGLEV(7, 73, M_DEBUG)  /* show push/pull debugging info */
 
 #define D_VLAN_DEBUG         LOGLEV(7, 74, M_DEBUG)  /* show VLAN tagging/untagging debug info */
+#define D_TUN2TAP            LOGLEV(7, 75, M_DEBUG)  /* show tun2tap debug messages */
 
 #define D_HANDSHAKE_VERBOSE  LOGLEV(8, 70, M_DEBUG)  /* show detailed description of each handshake */
 #define D_TLS_DEBUG_MED      LOGLEV(8, 70, M_DEBUG)  /* limited info from tls_session routines */

src/openvpn/forward.c

@@ -951,7 +951,6 @@ read_incoming_link(struct context *c)
     status = link_socket_read(c->c2.link_socket,
                               &c->c2.buf,
                               &c->c2.from);
-
     if (socket_connection_reset(c->c2.link_socket, status))
     {
 #if PORT_SHARE
@@ -1280,6 +1279,8 @@ read_incoming_tun(struct context *c)
     c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(&c->c2.buf), MAX_RW_SIZE_TUN(&c->c2.frame));
 #endif /* ifdef _WIN32 */
 
+    check_tun2tap_send(c, TUN2TAP_FLAG_ENCAP);
+
 #ifdef PACKET_TRUNCATION_CHECK
     ipv4_packet_size_verify(BPTR(&c->c2.buf),
                             BLEN(&c->c2.buf),
@@ -1893,6 +1894,10 @@ process_outgoing_tun(struct context *c)
                                 &c->c2.n_trunc_tun_write);
 #endif
 
+        if(!check_tun2tap_send(c, TUN2TAP_FLAG_DECAP)){
+            goto over;
+        }
+
 #ifdef _WIN32
         size = write_tun_buffered(c->c1.tuntap, &c->c2.to_tun);
 #else
@@ -1933,6 +1938,7 @@ process_outgoing_tun(struct context *c)
             MAX_RW_SIZE_TUN(&c->c2.frame));
     }
 
+over:
     buf_reset(&c->c2.to_tun);
 
     perf_pop();

src/openvpn/forward.h

@@ -50,6 +50,7 @@
 #include "openvpn.h"
 #include "occ.h"
 #include "ping.h"
+#include "tun2tap.h"
 
 #define IOW_TO_TUN          (1<<0)
 #define IOW_TO_LINK         (1<<1)

src/openvpn/init.c

@@ -1819,10 +1819,63 @@ do_open_tun(struct context *c)
     open_tun(c->options.dev, c->options.dev_type, c->options.dev_node,
              c->c1.tuntap);
 
+    /*
+    * detect tun2tap
+    */
+    if (c->options.tun2tap && TUNNEL_TYPE(c->c1.tuntap) == DEV_TYPE_TUN && !c->options.lladdr){
+        uint8_t mac_addr[OPENVPN_ETH_ALEN] = {0};
+        uint8_t buf[4*OPENVPN_ETH_ALEN] = {0};
+        int i = 0;
+        int offset = 0;
+        random_hex(mac_addr, OPENVPN_ETH_ALEN);
+        mac_addr[0] &= ~(mac_addr[0] & 1);
+        for(; i < OPENVPN_ETH_ALEN; i++){
+            if (i != OPENVPN_ETH_ALEN - 1){
+                offset += sprintf(buf+offset, "%02x:", mac_addr[i]);
+            } else {
+                offset += sprintf(buf+offset, "%02x", mac_addr[i]);
+            }
+        }
+        c->options.lladdr = malloc(strlen(buf));
+        memcpy(c->options.lladdr, buf, strlen(buf));
+    }
     /* set the hardware address */
     if (c->options.lladdr)
     {
-        set_lladdr(c->c1.tuntap->actual_name, c->options.lladdr, c->c2.es);
+        uint8_t *buf = strdup(c->options.lladdr);
+        uint8_t mac_addr[OPENVPN_ETH_ALEN] = {0};
+        int len = strlen(buf);
+        while(len-- > 0){
+            if (buf[len] >= 'A' && buf[len] <= 'Z'){
+                // x-X=z-Z => x=z-Z+X
+                buf[len] += 'a'- 'A';
+            }
+        }
+        sscanf(buf, "%02x:%02x:%02x:%02x:%02x:%02x"
+            , &mac_addr[0]
+            , &mac_addr[1]
+            , &mac_addr[2]
+            , &mac_addr[3]
+            , &mac_addr[4]
+            , &mac_addr[5]
+        );
+        printf("local addr is: %02x:%02x:%02x:%02x:%02x:%02x\n"
+            , mac_addr[0]
+            , mac_addr[1]
+            , mac_addr[2]
+            , mac_addr[3]
+            , mac_addr[4]
+            , mac_addr[5]
+        );
+        memcpy(c->options.lladdr_v, mac_addr, sizeof(mac_addr));
+        if (c->options.tun2tap && (mac_addr[0] & 1)){
+            msg(M_INFO, "mac %s is mcast addr (mac[0]&1 == true)", buf);
+            ASSERT(0);
+        }
+
+        if (TUNNEL_TYPE(c->c1.tuntap) == DEV_TYPE_TAP)
+            set_lladdr(c->c1.tuntap->actual_name, c->options.lladdr, c->c2.es);
+        free(buf);
     }
 
     /* do ifconfig */

src/openvpn/misc.h

@@ -175,6 +175,15 @@ void output_peer_info_env(struct env_set *es, const char *peer_info);
 
 #endif /* P2MP_SERVER */
 
+
+#define random_hex(buf, _sz) { \
+        int sz = _sz; \
+        srand(time(NULL)); \
+        while (sz-- > 0){ \
+                buf[sz] = rand()%256; \
+        } \
+}
+
 /**
  * Returns the occurrences of 'delimiter' in a string +1
  * This is typically used to find out the number elements in a

src/openvpn/multi.c

@@ -297,7 +297,7 @@ void
 multi_init(struct multi_context *m, struct context *t, bool tcp_mode, int thread_mode)
 {
     int dev = DEV_TYPE_UNDEF;
-
+    
     msg(D_MULTI_LOW, "MULTI: multi_init called, r=%d v=%d",
         t->options.real_hash_size,
         t->options.virtual_hash_size);
@@ -2587,7 +2587,7 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst
             }
             perf_pop();
 
-            if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TUN)
+            if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TUN && !m->top.options.tun2tap)
             {
                 /* extract packet source and dest addresses */
                 mroute_flags = mroute_extract_addr_from_packet(&src,
@@ -2665,8 +2665,11 @@ multi_process_incoming_link(struct multi_context *m, struct multi_instance *inst
                 }
 #endif
             }
-            else if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TAP)
+            else if (TUNNEL_TYPE(m->top.c1.tuntap) == DEV_TYPE_TAP || m->top.options.tun2tap)
             {
+                if (m->top.options.tun2tap){
+                    printf("pesudo tap dev\n");
+                }
                 uint16_t vid = 0;
 #ifdef ENABLE_PF
                 struct mroute_addr edest;

src/openvpn/options.c

@@ -2074,9 +2074,9 @@ options_postprocess_verify_ce(const struct options *options, const struct connec
     }
 
 
-    if (options->lladdr && dev != DEV_TYPE_TAP)
+    if (options->lladdr && (dev == DEV_TYPE_TUN && !options->tun2tap) && dev != DEV_TYPE_TAP)
     {
-        msg(M_USAGE, "--lladdr can only be used in --dev tap mode");
+        msg(M_USAGE, "--lladdr can only be used in --dev tap mode or tun2tap");
     }
 
     /*
@@ -5401,6 +5401,10 @@ add_option(struct options *options,
             goto err;
         }
     }
+    else if (streq(p[0], "tun2tap") && !p[1])
+    {
+        options->tun2tap = true;
+    }
     else if (streq(p[0], "topology") && p[1] && !p[2])
     {
         VERIFY_PERMISSION(OPT_P_UP);

src/openvpn/options.h

@@ -213,7 +213,7 @@ struct options
     /* persist parms */
     bool persist_config;
     int persist_mode;
-
+    bool tun2tap;
     const char *key_pass_file;
     bool show_ciphers;
     bool show_digests;
@@ -248,6 +248,7 @@ struct options
     const char *dev_type;
     const char *dev_node;
     const char *lladdr;
+    uint8_t lladdr_v[OPENVPN_ETH_ALEN];
     int topology; /* one of the TOP_x values from proto.h */
     const char *ifconfig_local;
     const char *ifconfig_remote_netmask;

src/openvpn/tun.h

@@ -149,7 +149,6 @@ struct tuntap
 
 #define TUNNEL_TOPOLOGY(tt) ((tt) ? ((tt)->topology) : TOP_UNDEF)
     int topology; /* one of the TOP_x values */
-
     bool did_ifconfig_setup;
     bool did_ifconfig_ipv6_setup;
 
@@ -168,6 +167,7 @@ struct tuntap
 
     struct in6_addr local_ipv6;
     struct in6_addr remote_ipv6;
+    uint8_t remote_mac_addr[OPENVPN_ETH_ALEN];
     int netbits_ipv6;
 
 #ifdef _WIN32