Bug 2855 - Opening tun devices fails in OpenSSH v7.7
Summary: Opening tun devices fails in OpenSSH v7.7
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: -current
Hardware: All Linux
: P5 normal
Assignee: Damien Miller
URL:
Keywords:
: 2864 (view as bug list)
Depends on:
Blocks: V_7_8
  Show dependency treegraph
 
Reported: 2018-04-11 07:47 AEST by nschiess
Modified: 2018-10-19 17:17 AEDT (History)
3 users (show)

See Also:

Attachments
fix strdup failure tests (711 bytes, patch)
2018-04-11 08:48 AEST, Damien Miller 		dtucker: ok+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description nschiess 2018-04-11 07:47:43 AEST 
I've experienced some strange behaviour in OpenSSH portable v7.7 (on
ArchLinux) when I tried to create a layer-3 VPN connection. Running ssh
with "-w 444:444" (or any other argument, even "any:any") failed with
"Tunnel device open failed.". I traced this error back to the following
check [1]:

"""
if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
	goto failed;
"""

In my case this check is always true, resulting in the error message
mentioned above. The following strace output shows how ssh successfully
opens and configures the tun device, but ultimately goes to "failed":

"""
[pid  6229] write(2, "debug1: Requesting tun unit 444 "..., 43debug1:
Requesting tun unit 444 in mode 1
) = 43
[pid  6229] openat(AT_FDCWD, "/dev/net/tun", O_RDWR) = 3
[pid  6229] ioctl(3, TUNSETIFF, 0x7ffca40818b0) = 0
[pid  6229] write(2, "debug1: sys_tun_open: tun444 mod"..., 42debug1:
sys_tun_open: tun444 mode 1 fd 3
) = 42
[pid  6229] close(3)                    = 0
[pid  6229] write(2, "Tunnel device open failed.\r\n", 28Tunnel device
open failed.
"""

The write call after ioctl corresponds to the debug output here [2].
Where everything seems to be fine, but then it just closes the fd and
returns "an error". I don't see why the check in [1] should fail, I
haven't run it in gdb yet. But maybe the issue is more obvious to you guys?

Rolling back to 7.6 resolves the issue, seems like this has been
introduced in 7.7 (the files have also been renamed).

[1]
https://github.com/openssh/openssh-portable/blob/V_7_7/openbsd-compat/port-net.c#L188-L189
[2]
https://github.com/openssh/openssh-portable/blob/V_7_7/openbsd-compat/port-net.c#L186
Comment 1 Damien Miller 2018-04-11 08:48:33 AEST 
Created attachment 3140 [details]
fix strdup failure tests

I think this fixes the bug. Could you give it a try?
Comment 2 nschiess 2018-04-11 19:20:13 AEST 
The patch fixes the issue for me, thanks.
Comment 3 Damien Miller 2018-04-13 13:40:53 AEST 
Fix is applied in master and on the V_7_7 branch.

commit cfb1d9bc76734681e3dea532a1504fcd466fbe91 (HEAD -> master, origin/master, origin/HEAD)
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Apr 13 13:38:06 2018 +1000

    Fix tunnel forwarding broken in 7.7p1
    
    bz2855, ok dtucker@
Comment 4 Jakub Jelen 2018-05-07 17:25:49 AEST 
*** Bug 2864 has been marked as a duplicate of this bug. ***
Comment 5 Damien Miller 2018-10-19 17:17:26 AEDT 
Close RESOLVED bugs with the release of openssh-8.0