Bug 2855

Summary:

Opening tun devices fails in OpenSSH v7.7

Product:

Portable OpenSSH

Reporter:

nschiess

Component:

ssh

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

normal

CC:

calimeroteknik, djm, dtucker

Priority:

Version:

-current

Hardware:

All

OS:

Linux

Bug Depends on:

Bug Blocks:

2852

Attachments:

Description	Flags
fix strdup failure tests	dtucker: ok+

Description nschiess 2018-04-11 07:47:43 AEST

I've experienced some strange behaviour in OpenSSH portable v7.7 (on
ArchLinux) when I tried to create a layer-3 VPN connection. Running ssh
with "-w 444:444" (or any other argument, even "any:any") failed with
"Tunnel device open failed.". I traced this error back to the following
check [1]:

"""
if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
	goto failed;
"""

In my case this check is always true, resulting in the error message
mentioned above. The following strace output shows how ssh successfully
opens and configures the tun device, but ultimately goes to "failed":

"""
[pid  6229] write(2, "debug1: Requesting tun unit 444 "..., 43debug1:
Requesting tun unit 444 in mode 1
) = 43
[pid  6229] openat(AT_FDCWD, "/dev/net/tun", O_RDWR) = 3
[pid  6229] ioctl(3, TUNSETIFF, 0x7ffca40818b0) = 0
[pid  6229] write(2, "debug1: sys_tun_open: tun444 mod"..., 42debug1:
sys_tun_open: tun444 mode 1 fd 3
) = 42
[pid  6229] close(3)                    = 0
[pid  6229] write(2, "Tunnel device open failed.\r\n", 28Tunnel device
open failed.
"""

The write call after ioctl corresponds to the debug output here [2].
Where everything seems to be fine, but then it just closes the fd and
returns "an error". I don't see why the check in [1] should fail, I
haven't run it in gdb yet. But maybe the issue is more obvious to you guys?

Rolling back to 7.6 resolves the issue, seems like this has been
introduced in 7.7 (the files have also been renamed).

[1]
https://github.com/openssh/openssh-portable/blob/V_7_7/openbsd-compat/port-net.c#L188-L189
[2]
https://github.com/openssh/openssh-portable/blob/V_7_7/openbsd-compat/port-net.c#L186

Comment 1 Damien Miller 2018-04-11 08:48:33 AEST

Created attachment 3140 [details]
fix strdup failure tests

I think this fixes the bug. Could you give it a try?

Comment 2 nschiess 2018-04-11 19:20:13 AEST

The patch fixes the issue for me, thanks.

Comment 3 Damien Miller 2018-04-13 13:40:53 AEST

Fix is applied in master and on the V_7_7 branch.

commit cfb1d9bc76734681e3dea532a1504fcd466fbe91 (HEAD -> master, origin/master, origin/HEAD)
Author: Damien Miller <djm@mindrot.org>
Date:   Fri Apr 13 13:38:06 2018 +1000

    Fix tunnel forwarding broken in 7.7p1
    
    bz2855, ok dtucker@

Comment 4 Jakub Jelen 2018-05-07 17:25:49 AEST

*** Bug 2864 has been marked as a duplicate of this bug. ***

Comment 5 Damien Miller 2018-10-19 17:17:26 AEDT

Close RESOLVED bugs with the release of openssh-8.0