Mostly Helpful Stuff

Free Carrots #1: VNC over SSH

Free Carrots is an ongoing series of helpful tips for using Plan 9.

The canonical teaching tool for demonstrating Plan 9’s private name spaces and file interfaces is this:

   deckard; bind /net/tcp /proc
   deckard; ps
   qin               0    0:00   0:00        0K 0        Listen
   qin               1    0:00   0:00        0K 0        Listen
   qin               2    0:00   0:00        0K 0        Listen
   qin               3    0:00   0:00        0K 0        Listen
   qin               4    0:00   0:00        0K 0        Listen
   qin               5    0:00   0:00        0K 0        Established
   qin               6    0:00   0:00        0K 0        Established
   qin               7    0:00   0:00        0K 0        Established
   qin               8    0:00   0:00        0K 0        Established
   qin               9    0:00   0:00        0K 0        Finwait1

The value of this example is not that the result itself is especially useful, but that the design of the system almost inevitably produces tools that can be reused in new and surprising ways, sometimes without modification.

In Plan 9, you get a lot for free.

Another popular demonstration is borrowing the network stack of a remote machine:

   deckard; cat /net/iproute
   0.0.0.0         /96  192.168.1.254   4    dhcp   0 192.168.1.0     /120
   0.0.0.0         /96  192.168.1.254   4    dhcp   0 192.168.1.230   /128
   192.168.1.0     /120 192.168.1.0     4i   ifc    0 0.0.0.0         /96 
   192.168.1.0     /120 192.168.1.0     4i   ifc    0 192.168.1.230   /128
   192.168.1.0     /128 192.168.1.0     4b   ifc    0 192.168.1.230   /128
   192.168.1.230   /128 192.168.1.230   4u   ifc    0 0.0.0.0         /96 
   192.168.1.255   /128 192.168.1.255   4b   ifc    0 192.168.1.230   /128
   255.255.255.255 /128 255.255.255.255 4b   ifc    0 192.168.1.230   /128
   deckard; rimport mars2.inri.net /net
   deckard; cat /net/iproute
   0.0.0.0         /96  216.126.196.33  4    none   0 216.126.196.32  /123
   0.0.0.0         /96  216.126.196.33  4    none   0 216.126.196.35  /128
   216.126.196.0   /128 216.126.196.0   4b   ifc    0 216.126.196.35  /128
   216.126.196.32  /123 216.126.196.32  4i   ifc    0 0.0.0.0         /96 
   216.126.196.32  /123 216.126.196.32  4i   ifc    0 216.126.196.35  /128
   216.126.196.32  /128 216.126.196.32  4b   ifc    0 216.126.196.35  /128
   216.126.196.35  /128 216.126.196.35  4u   ifc    0 0.0.0.0         /96 
   216.126.196.63  /128 216.126.196.63  4b   ifc    0 216.126.196.35  /128
   216.126.196.255 /128 216.126.196.255 4b   ifc    0 216.126.196.35  /128
   255.255.255.255 /128 255.255.255.255 4b   ifc    0 216.126.196.35  /128
   fe80::          /64  fe80::          6i   ifc    0 fe80::5054:ff:fe09:9935 /128
   ff02::          /16  ff02::1         6m   ifc    0 fe80::5054:ff:fe09:9935 /128
   ff02::1         /128 ff02::1         6m   ifc    0 fe80::5054:ff:fe09:9935 /128
   fe80::5054:ff:fe09:9935 /128 fe80::5054:ff:fe09:9935 6u   ifc    0 fe80::5054:ff:fe09:9935 /128
   ff02::1:ff09:9935 /128 ff02::1:ff09:9935 6m   ifc    0 fe80::5054:ff:fe09:9935 /128

Now, any network connections leaving deckard from within this namespace will be routed through the encrypted connection to mars2 before they hit the outside world.

Many tools in 9front have been rewritten or otherwise created from scratch to satisfy user (read: developer) requirements, including a modern SSH client. The peculiar features of the operating system as described above suggest an opportunity to combine facilities in such a way that enables a more-or-less free capability to borrow the network stack of operating systems other than Plan 9.

Enter sshnet(4), which, you guessed it, allows for importing the network stack of another operating system over SSH.

   deckard; sshnet rachael.inri.net   # borrow network stack from openbsd machine
   deckard; ls /net     # iproute not implemented, but needed files are present
   /net/cs
   /net/tcp
   deckard; window -m vncv 192.168.1.22:0    # vnc to host behind rachael

Note that any other program on the system can also take advantage of this makeshift VPN without having to know anything at all about the SSH tunnel.

Together, ssh.c and sshnet.c comprise less than 3,000 lines of code.

Free Carrots #1