Free Carrots #1: VNC over SSH
Free Carrots is an ongoing series of helpful tips for using Plan 9.
The canonical teaching tool for demonstrating Plan 9’s private name spaces and file interfaces is this:
deckard; bind /net/tcp /proc
deckard; ps
qin 0 0:00 0:00 0K 0 Listen
qin 1 0:00 0:00 0K 0 Listen
qin 2 0:00 0:00 0K 0 Listen
qin 3 0:00 0:00 0K 0 Listen
qin 4 0:00 0:00 0K 0 Listen
qin 5 0:00 0:00 0K 0 Established
qin 6 0:00 0:00 0K 0 Established
qin 7 0:00 0:00 0K 0 Established
qin 8 0:00 0:00 0K 0 Established
qin 9 0:00 0:00 0K 0 Finwait1
The value of this example is not that the result itself is especially useful, but that the design of the system almost inevitably produces tools that can be reused in new and surprising ways, sometimes without modification.
In Plan 9, you get a lot for free.
Another popular demonstration is borrowing the network stack of a remote machine:
deckard; cat /net/iproute
0.0.0.0 /96 192.168.1.254 4 dhcp 0 192.168.1.0 /120
0.0.0.0 /96 192.168.1.254 4 dhcp 0 192.168.1.230 /128
192.168.1.0 /120 192.168.1.0 4i ifc 0 0.0.0.0 /96
192.168.1.0 /120 192.168.1.0 4i ifc 0 192.168.1.230 /128
192.168.1.0 /128 192.168.1.0 4b ifc 0 192.168.1.230 /128
192.168.1.230 /128 192.168.1.230 4u ifc 0 0.0.0.0 /96
192.168.1.255 /128 192.168.1.255 4b ifc 0 192.168.1.230 /128
255.255.255.255 /128 255.255.255.255 4b ifc 0 192.168.1.230 /128
deckard; rimport mars2.inri.net /net
deckard; cat /net/iproute
0.0.0.0 /96 216.126.196.33 4 none 0 216.126.196.32 /123
0.0.0.0 /96 216.126.196.33 4 none 0 216.126.196.35 /128
216.126.196.0 /128 216.126.196.0 4b ifc 0 216.126.196.35 /128
216.126.196.32 /123 216.126.196.32 4i ifc 0 0.0.0.0 /96
216.126.196.32 /123 216.126.196.32 4i ifc 0 216.126.196.35 /128
216.126.196.32 /128 216.126.196.32 4b ifc 0 216.126.196.35 /128
216.126.196.35 /128 216.126.196.35 4u ifc 0 0.0.0.0 /96
216.126.196.63 /128 216.126.196.63 4b ifc 0 216.126.196.35 /128
216.126.196.255 /128 216.126.196.255 4b ifc 0 216.126.196.35 /128
255.255.255.255 /128 255.255.255.255 4b ifc 0 216.126.196.35 /128
fe80:: /64 fe80:: 6i ifc 0 fe80::5054:ff:fe09:9935 /128
ff02:: /16 ff02::1 6m ifc 0 fe80::5054:ff:fe09:9935 /128
ff02::1 /128 ff02::1 6m ifc 0 fe80::5054:ff:fe09:9935 /128
fe80::5054:ff:fe09:9935 /128 fe80::5054:ff:fe09:9935 6u ifc 0 fe80::5054:ff:fe09:9935 /128
ff02::1:ff09:9935 /128 ff02::1:ff09:9935 6m ifc 0 fe80::5054:ff:fe09:9935 /128
Now, any network connections leaving deckard
from within this
namespace will be routed through the encrypted connection to mars2
before they hit the outside world.
Many tools in 9front have been rewritten or otherwise created from scratch to satisfy user (read: developer) requirements, including a modern SSH client. The peculiar features of the operating system as described above suggest an opportunity to combine facilities in such a way that enables a more-or-less free capability to borrow the network stack of operating systems other than Plan 9.
Enter sshnet(4), which, you guessed it, allows for importing the network stack of another operating system over SSH.
deckard; sshnet rachael.inri.net # borrow network stack from openbsd machine
deckard; ls /net # iproute not implemented, but needed files are present
/net/cs
/net/tcp
deckard; window -m vncv 192.168.1.22:0 # vnc to host behind rachael
Note that any other program on the system can also take advantage of this makeshift VPN without having to know anything at all about the SSH tunnel.
Together, ssh.c
and sshnet.c
comprise less than 3,000 lines of code.