| TUN(4) | Device Drivers Manual | TUN(4) | 
tun —
pseudo-device tun
tun interface is a software loopback mechanism that
  can be loosely described as the network interface analog of the
  pty(4), that is,
  tun does for network interfaces what the
  pty driver does for terminals.
The tun driver, like the
    pty driver, provides two interfaces: an interface
    like the usual facility it is simulating (a network interface in the case of
    tun, or a terminal for pty),
    and a character-special device “control” interface.
To use a tun device, the administrator
    must first create the interface. This can be done by using the
    ifconfig(8)
    create command, or via the
    SIOCIFCREATE ioctl. An
    open() call on
    /dev/tunN will also create a
    network interface with the same unit number of that device if it doesn't
    exist yet.
The network interfaces should be named
    tun0,
    tun1, etc. Each interface supports
    the usual network-interface
    ioctl(2)s, such as
    SIOCSIFADDR and
    SIOCSIFNETMASK, and thus can be used with
    ifconfig(8) like any other
    interface. At boot time, they are POINTOPOINT
    interfaces, but this can be changed; see the description of the control
    device, below. When the system chooses to transmit a packet on the network
    interface, the packet can be read from the control device (it appears there
    as “output”); writing a packet to the control device generates
    an input packet on the network interface, as if the (non-existent) hardware
    had just received it.
The tunnel device, normally
    /dev/tunN, is exclusive-open (it
    cannot be opened if it is already open) and is restricted to the super-user
    (regardless of file system permissions). A read()
    call will return an error (EHOSTDOWN) if the
    interface is not “ready” (which means that the interface
    address has not been set). Once the interface is ready,
    read() will return a packet if one is available; if
    not, it will either block until one is or return
    EAGAIN, depending on whether non-blocking I/O has
    been enabled. If the packet is longer than is allowed for in the buffer
    passed to read(), the extra data will be silently
    dropped.
Packets can be optionally prepended with the destination address
    as presented to the network interface output routine
    (‘tunoutput’). The destination address
    is in ‘struct sockaddr’ format. The
    actual length of the prepended address is in the member
    ‘sa_len’. The packet data follows
    immediately. A write(2) call
    passes a packet in to be “received” on the pseudo-interface.
    Each write() call supplies exactly one packet; the
    packet length is taken from the amount of data provided to
    write(). Writes will not block; if the packet cannot
    be accepted for a transient reason (e.g., no buffer space available), it is
    silently dropped; if the reason is not transient (e.g., packet too large),
    an error is returned. If “link-layer mode” is on (see
    TUNSLMODE below), the actual
    packet data must be preceded by a ‘struct
    sockaddr’. The driver currently only inspects the
    ‘sa_family’ field. The following
    ioctl(2) calls are supported
    (defined in ⟨net/if_tun.h⟩):
TUNSDEBUGTUNGDEBUGTUNSIFMODEIFF_POINTOPOINT or
      IFF_BROADCAST (optionally
      IFF_MULTICAST may be or'ed into the value). The
      type of the corresponding tunn
      interface is set to the supplied type. If the value is anything else, an
      EINVAL error occurs. The interface must be down at
      the time; if it is up, an EBUSY error occurs.TUNSLMODETUNGIFHEADTUNSIFHEADFIONBIOFIOASYNCSIGIO when data is available to be read) off or
      on, according as the argument int's value is or
      isn't zero.FIONREADTIOCSPGRPSIGIO signals,
      when asynchronous I/O is enabled, to the argument
      int value.TIOCGPGRPSIGIO signals
      into the argument int value.The control device also supports select(2) for read; selecting for write is pointless, and always succeeds, since writes are always non-blocking.
On the last close of the data device, by default, the interface is brought down (as if with “ifconfig tunn down”). All queued packets are thrown away. If the interface is up when the data device is not open output packets are always thrown away rather than letting them pile up.
tun character device
  the link is considered up, otherwise down. As such, it is best to open the
  character device once connectivity has been established so that Duplicate
  Address Detection, if applicable, can be performed. If connectivity is lost,
  the character device should be closed.
| September 27, 2020 | NetBSD 10.0 |