Locally-Hosted Collector/ stuntapen

Stuntapen

Serial TUN/TAP Encapsulation (Stuntapen) is a simplistic program, implementing a SLIP (RFC 1055)-like algorithm, extended to allow either IPv6 packets (when using a TUN device) or [Ethernet][] frames (when using TAP) to be transferred over some kind of a serial line, such as computer's serial port, TCP stream, or SSH session. When used together with Netcat or SSH, it could be used to create a crude but working IP tunnel or VPN, or to forward IP traffic to a low-feature embedded system via a serial line or USB, or for educational purposes.

Usage

# stuntapen [--tun|--tap] [DEVICE] < INPUT-FILE > OUTPUT-FILE

By default, stuntapen currently assumes --tun.

With persistent TUN/TAP devices, the program could also be started by an unprivileged user after such a device is created by, say, tunctl, like (for a TAP device):

root # tunctl -u jrh -t IFNAME 

jrh $ stuntapen --tap IFNAME

To use a TUN device, IFNAME has to begin with tun, like:

root # tunctl -u jrh -t tuntest 

jrh $ stuntapen --tun tuntest

Please note that apparently not all versions of tunctl currently in existence have support for TUN devices.

Examples

Serial line

To forward IPv6 traffic to a serial device, one may use the following (untested) sequence of commands.

root # tunctl -u jrh -t tungadget 
root # ip link set tungadget up 
root # ip address add dev tungadget \
           local 2001:db8:1337::1 \
       peer  2001:db8:1337::2/64 

jrh $ stuntapen --tun tungadget <> /dev/ttyS5

Virtual Private Network

To create a VPN over an SSH session, the following (untested) script may be used. It's assumed that the interface IFNAME specified is persistent and is configured separately.

#!/bin/bash
### tuntapvpn.sh --- Crude VPN over SSH  -*- Sh -*-

## FIXME: allow for --tun or --tap to be specified
if [ "$#" != 1 ] ; then
    printf 'Usage: %s IFNAME REMOTE stuntapen REMOTE-IFNAME\n' \
        "$(basename "$0")" >&2
    exit 1
fi
ifname="$1"
shift

set -e -x

## FIXME: remove the temporary directory on exit
d=$(mktemp -t -d tuntapvpn.XXXXXXXX)
a="$d"/remote-to-local
b="$d"/local-to-remote
mkfifo -- "$a" "$b"

## FIXME: not sure why the following was necessary
printf '' > "$a" &
printf '' > "$b" &

stuntapen "$ifname" < "$a" > "$b" &
ssh "$@" < "$b" > "$a" &

wait
### tuntapvpn.sh ends here

Note that the REMOTE stuntapen REMOTE-IFNAME arguments are actually passed to ssh directly, thus allowing different command line arguments if necessary, like:

$ tuntapvpn tunother \
      -v otherhost /where/is/stuntapen --tun tunx

TODO

Argp-based command line interface, with support for conventional GNU options (--help, --version, etc.)

Test for SLIP (RFC 1055) compatibility when passing IPv4 traffic in TUN (--tun) mode.

Implement conventional Make targets, like install.

Consider switching to the GNU build system.