Overview
What is it?
The TunTap project provides kernel extensions for Mac OS X that allow to create virtual network interfaces. From the operating system kernel's point of view, these interfaces behave similar to physical network adapters such as an Ethernet network interface. However, the virtual interface does not send the packets into a wire, but makes them available to programs running in the system.
The software comes as a pair of kernel extensions that create virtual network interfaces on the IP and Ethernet level, respectively. These kind of network interfaces are commonly referred to as tun and tap devices on Unix-like platforms. This way of interfacing with the operating system's network stack is available on many platforms (cf. the TUN/TAP wikipedia article).
Who needs it?
By design, virtual network interfaces can be very flexibly used by any program that wants to receive packets from and inject them into the network stack. Generally, tun and tap devices are most commonly used in two distinct application scenarios: The first one is VPN software (such as OpenVPN). In this scenario, the kernel sends its network packets to the tun or tap devices. The VPN software will then encrypt and forward them to the other side of the VPN tunnel where they get decrypted and delivered to their destination. The second area in which tun and tap devices are popular are system virtualization/emulation packages. In this case, the virtualized operating system instance talks to a fake network device (commonly a virtual Ethernet adapter). The virtualization software then creates a tap device and interconnects the two such that the host system can talk to the guest and vice versa.
How does it work?
The TunTap package is comprised of a pair of kernel extensions, one providing tun and
one providing tap interfaces. They create a set of character devices
/dev/tunX and /dev/tapX, respectively, where X
is a number between zero and the maximum number of supported virtual interfaces. Once an
application opens the character device, say /dev/tap0, a virtual network
interface is created in the system, which will be named accordingly, i.e.
tap0. The network interface can be assigned addresses just like any other
network interfaces. After configuring the interface, packets that the kernel sends
through this interface (as determined by the routing table) can be read one packet at a
time from the character device. Likewise, packets written to the character device will
be injected into the kernel's network stack. For tun interfaces, the packets that are
read and written are IP packets. For tap interfaces, the packet format is Ethernet
frames.
Mailing list
There is a mailing list available through the Sourceforge project that is meant for
general discussion about the TunTap software, asking questions, reporting bugs etc. It
is called tuntaposx-users. If you are interested, you can register or have
a look at the archives.
Donations
So far, I have spent my spare time to run this project. If you want to show your gratitude or support further maintenance or development of the software, you can donate either via the Sourceforge donation system or directly to me via PayPal, just click the appropriate button below. In either case, your money enables me to buy copies of upcoming Mac OS X releases as well as development machines. A huge thank you goes to the nice people at mozilla.com who have given me the Mac Mini I currently use as development machine.