FreeBSD tun(4)

FreeBSD has a mechanism by which a tunnel has a single controlling process,
and only that one process may close the tunnel.

Kyle Evans of the FreeBSD Project authored these changes.

See issue 213.

Signed-off-by: Trond Endrestøl <trond.endrestol@ximalas.info>

src/tun.c

@@ -895,3 +895,22 @@ ssize_t tun_read(int sockfd, void *buf, size_t len)
 	return read(sockfd, buf, len);
 }
 #endif
+
+#ifndef __FreeBSD__
+int tun_claim(int sockfd)
+{
+
+	return (0);
+}
+#else
+/*
+ * FreeBSD has a mechanism by which a tunnel has a single controlling process,
+ * and only that one process may close it.  When the controlling process closes
+ * the tunnel, the state is torn down.
+ */
+int tun_claim(int sockfd)
+{
+
+	return (ioctl(sockfd, TUNSIFPID, 0));
+}
+#endif	/* !__FreeBSD__ */

src/tun.h

@@ -35,5 +35,6 @@ struct tun_lease_st {
 
 ssize_t tun_write(int sockfd, const void *buf, size_t len);
 ssize_t tun_read(int sockfd, void *buf, size_t len);
+int tun_claim(int sockfd);
 
 #endif

src/worker-auth.c

@@ -605,7 +605,10 @@ static int recv_cookie_auth_reply(worker_st * ws)
 	case AUTH__REP__OK:
 		if (socketfd != -1) {
 			ws->tun_fd = socketfd;
-
+			if (tun_claim(ws->tun_fd) != 0) {
+				ret = ERR_AUTH_FAIL;
+				goto cleanup;
+			}
 			if (msg->vname == NULL || msg->config == NULL || msg->user_name == NULL || msg->sid.len != sizeof(ws->sid)) {
 				ret = ERR_AUTH_FAIL;
 				goto cleanup;