Hi,
mac 14.4 M1 Chip.
I can successfully create the utun interface by call out the exec via sudo.
the c code for this looks like this.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/kern_control.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>
#include <netinet/in.h>
#include <net/if.h>
#include <net/if_utun.h>
#include <sys/sys_domain.h>
#define UTUN_CONTROL_NAME "com.apple.net.utun_control" #define UTUN_OPT_IFNAME 2
int create_utun_interface(char *ifname) { int fd = socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL); if (fd < 0) { perror("socket(PF_SYSTEM, SOCK_DGRAM, SYSPROTO_CONTROL)"); return -1; }
struct ctl_info ctlInfo;
memset(&ctlInfo, 0, sizeof(ctlInfo));
strncpy(ctlInfo.ctl_name, UTUN_CONTROL_NAME, sizeof(ctlInfo.ctl_name));
if (ioctl(fd, CTLIOCGINFO, &ctlInfo) == -1) {
perror("ioctl(CTLIOCGINFO)");
close(fd);
return -1;
}
struct sockaddr_ctl sc;
memset(&sc, 0, sizeof(sc));
sc.sc_id = ctlInfo.ctl_id;
sc.sc_len = sizeof(sc);
sc.sc_family = AF_SYSTEM;
sc.ss_sysaddr = AF_SYS_CONTROL;
sc.sc_unit = 455; // Let the kernel choose a unit for us.
if (connect(fd, (struct sockaddr*)&sc, sizeof(sc)) == -1) {
perror("connect(AF_SYSTEM)");
close(fd);
return -1;
}
socklen_t ifname_len = IFNAMSIZ;
if (getsockopt(fd, SYSPROTO_CONTROL, UTUN_OPT_IFNAME, ifname, &ifname_len) == -1) {
perror("getsockopt(UTUN_OPT_IFNAME)");
close(fd);
return -1;
}
return fd;
}
void remove_utun_interface(const char *ifname) { char command[256]; snprintf(command, sizeof(command), "ifconfig %s down", ifname); int result = system(command); if (result == -1) { perror("system(ifconfig down)"); } else { printf("Removed utun interface: %s\n", ifname); } }
int main(int argc, char *argv[]) { if (argc > 1 && strcmp(argv[1], "remove") == 0) { if (argc != 3) { fprintf(stderr, "Usage: %s remove <interface_name>\n", argv[0]); return 1; } remove_utun_interface(argv[2]); return 0; }
char ifname[IFNAMSIZ];
int fd = create_utun_interface(ifname);
if (fd < 0) {
printf("Failed to create utun interface\n");
return 1;
}
printf("Created utun interface: %s\n", ifname);
// Keep the interface up and running
while (1) {
sleep(1);
}
return 0;
} But when run the exec and then add ip routes etc...sudo ifconfig utun454 10.0.0.2 10.0.0.100 netmask 255.255.255.0 up sudo ifconfig utun454 mtu 1500 sudo sysctl -w net.inet.ip.forwarding=1 sudo route add -net 10.0.0.0/24 -iface utun454 sudo route add 90.130.70.73 -iface utun454 sudo route add 10.0.0.100 -iface utun454 .. all looks good but when i do a tcpdump -i utun454 i see no traffic. Should be see traffic when i ping or wget to those ip in the route table. Tried the default route see no traffic. If i just add those route to utun0.... and tcpdump it i see a ton of traffic what i'm i missing....
Basically, i can create the utun454 inteface and edit it with sudo command.
sudo ifconfig utun454 10.0.0.2 10.0.0.100 netmask 255.255.255.0 up sudo ifconfig utun454 mtu 1500 sudo sysctl -w net.inet.ip.forwarding=1 sudo route add -net 10.0.0.0/24 -iface utun454 sudo route add 90.130.70.73 -iface utun454 sudo route add 10.0.0.100 -iface utun454
but when I tcpdump -i utun454 will sending traffic via ping to 10.0.0.100 i should see packets hit the interface.
Interface is up and active and routes are in place. Do i need to get creative with the pf.conf file ? Cheers Keith.