[Bug 2855] New: Opening tun devices fails in OpenSSH v7.7

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Apr 11 07:47:43 AEST 2018 

https://bugzilla.mindrot.org/show_bug.cgi?id=2855

            Bug ID: 2855
           Summary: Opening tun devices fails in OpenSSH v7.7
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: nschiess at adversec.com

I've experienced some strange behaviour in OpenSSH portable v7.7 (on
ArchLinux) when I tried to create a layer-3 VPN connection. Running ssh
with "-w 444:444" (or any other argument, even "any:any") failed with
"Tunnel device open failed.". I traced this error back to the following
check [1]:

"""
if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
        goto failed;
"""

In my case this check is always true, resulting in the error message
mentioned above. The following strace output shows how ssh successfully
opens and configures the tun device, but ultimately goes to "failed":

"""
[pid  6229] write(2, "debug1: Requesting tun unit 444 "..., 43debug1:
Requesting tun unit 444 in mode 1
) = 43
[pid  6229] openat(AT_FDCWD, "/dev/net/tun", O_RDWR) = 3
[pid  6229] ioctl(3, TUNSETIFF, 0x7ffca40818b0) = 0
[pid  6229] write(2, "debug1: sys_tun_open: tun444 mod"..., 42debug1:
sys_tun_open: tun444 mode 1 fd 3
) = 42
[pid  6229] close(3)                    = 0
[pid  6229] write(2, "Tunnel device open failed.\r\n", 28Tunnel device
open failed.
"""

The write call after ioctl corresponds to the debug output here [2].
Where everything seems to be fine, but then it just closes the fd and
returns "an error". I don't see why the check in [1] should fail, I
haven't run it in gdb yet. But maybe the issue is more obvious to you
guys?

Rolling back to 7.6 resolves the issue, seems like this has been
introduced in 7.7 (the files have also been renamed).

[1]
https://github.com/openssh/openssh-portable/blob/V_7_7/openbsd-compat/port-net.c#L188-L189
[2]
https://github.com/openssh/openssh-portable/blob/V_7_7/openbsd-compat/port-net.c#L186

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list