0

When we create a tun virtual interface we use read and write to read and write packets from/into network stack. My question is when we use .read, we are actually reading outgoing packets (the packets that are created by machine applications to send to another network) or incoming packets (the packets that are arrived at the machine) ?

AMIR
  • 3
  • 2

1 Answers1

1

The tun/tap interface is the way to pass packets between your application and the kernel network stack.

Create the tap interface:

ip tuntap add dev tun101 mode tun
ip link set up dev tun101
ip a add 192.0.2.1/24 dev tun101

Let's ping some address from subnet assigned to the tun101 interface.

ping 192.0.2.2

What's happen?

  • The ping creates the socket, builds the icmp echo request packet and writes it into the socket.
  • The kernel receives the icmp echo request packets from the ping through the socket, determines the route for this packets and pass the packet into the tuntap driver.
  • For the network stack this packets are local-originated and outgoing into outside.
  • The tuntap driver receives the icmp echo request packets and sends it into your application.
  • Your application calls the read function and gets the icmp echo request packet in the corresponded memory buffer.
  • Your application builds the icmp echo reply packets for received requests.
  • Your application write these replies with the write function.
  • The tuntap driver receives the packets from your application and pass them further into the network stack.
  • For the kernel network stack these packets are incoming form outside.
  • The kernel stack determines these packets as addressed for host itself and sends into the socket, that has been created by the ping.
  • The ping reads the data from socket, calculates the delay and display the received answer.

The read operation in your app means reading the packets, those have been sent into the corresponded tun interface by the kernel network stack. The write operation means sending of packets from your app into the kernel network stack.

Anton Danilov
  • 5,082
  • 2
  • 13
  • 23
  • i didn't get your mean by `those have been sent into the corresponded tun interface`. assume i set destination address `0.0.0.0` so that the entire packets will be sent to my tun. incoming or outgoing packets will be sent to the tun? – AMIR Jul 07 '19 at 12:47
  • I'll extend the answer in several minutes. – Anton Danilov Jul 07 '19 at 12:56
  • So, what if some `ping` OR any packet comes from other computer to our computer (these packets are not created by our own computer), assume our server has telnet server and other computer on the network tries to connect to our telnet server (assume tun is setup on the telnet server side). can we access telnet client packets that came from telnet client computer before they received by telnet server? – AMIR Jul 07 '19 at 18:30
  • You cannot sniff the telnet traffic because it goes bypass your tun interface if I've understood you correctly. Anyway the tuntap driver isn't for sniffing of packets. – Anton Danilov Jul 08 '19 at 06:04
  • so when we can get all traffic of IP packets, then we can sniff telnet either.isn't true? – AMIR Jul 08 '19 at 09:43