Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2026-03-25 18:24:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

epair-naming: first pass

Browse Source
This commit is contained in:
tschettervictor
2025-10-02 08:35:20 -06:00
parent 0a65cbe4ad
commit 8ec11db0aa
3 changed files with 43 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
usr/local/share/bastille/clone.sh
View File

@@ -105,14 +105,6 @@ set_target_single "${TARGET}"
clone_validate_jail_name() {
if echo "${NEWNAME}" | grep -q "[.]"; then
error_exit "[ERROR]: Jail names may not contain a dot(.)!"
elif [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
if [ "$(echo -n "e0a_${NEWNAME}" | awk '{print length}')" -ge 16 ]; then
name_prefix="$(echo ${NEWNAME} | cut -c1-7)"
name_suffix="$(echo ${NEWNAME} | rev | cut -c1-2 | rev)"
if find "${bastille_jailsdir}"/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h -oqs "e0b_${name_prefix}xx${name_suffix}" 2>/dev/null; then
error_exit "[ERROR]: The jail name causes a collision with the epair interface naming. See documentation for details."
fi
fi
fi
}
@@ -254,7 +246,7 @@ update_jailconf_vnet() {
local _old_if_prefix="$(echo ${_if} | awk -F'_' '{print $1}')"
local _old_if_suffix="$(echo ${_if} | awk -F'_' '{print $2}')"
# For if_bridge network type
# For if_bridge network type
if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then
local _epair_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")"
@@ -266,10 +258,13 @@ update_jailconf_vnet() {
local _new_host_epair="e${_epair_num}a_${NEWNAME}"
local _new_jail_epair="e${_epair_num}b_${NEWNAME}"
else
name_prefix="$(echo ${NEWNAME} | cut -c1-7)"
name_suffix="$(echo ${NEWNAME} | rev | cut -c1-2 | rev)"
local _new_host_epair="e${_epair_num}a_${name_prefix}xx${name_suffix}"
local _new_jail_epair="e${_epair_num}b_${name_prefix}xx${name_suffix}"
get_bastille_epair_count
local epair_num=1
while echo "${BASTILLE_EPAIR_LIST}" | grep -oq "bastille${epair_num}"; do
epair_num=$((epair_num + 1))
done
local host_epair="e0a_bastille${epair_num}"
local jail_epair="e0b_bastille${epair_num}"
fi
local _new_if_prefix="$(echo ${_new_host_epair} | awk -F'_' '{print $1}')"

44
usr/local/share/bastille/common.sh
View File

@@ -121,6 +121,16 @@ check_target_is_stopped() {
fi
}
get_bastille_epair_count() {
for _config in /usr/local/etc/bastille/*.conf; do
local bastille_jailsdir="$(sysrc -f "${_config}" -n bastille_jailsdir)"
BASTILLE_EPAIR_LIST="$(printf '%s\n%s' "$( (grep -Ehos '(epair[0-9]+|bastille[0-9]+)' ${bastille_jailsdir}/*/jail.conf; ifconfig -g epair | grep -Eos "_bastille[0-9]+$"; ifconfig -g epair | grep -vs 'bastille' | grep -Eos 'e[0-9]+a_') | grep -Eos '[0-9]+')" "${_epair_list}")"
done
BASTILLE_EPAIR_COUNT=$(printf '%s' "${BASTILLE_EPAIR_LIST}" | sort -u | wc -l | awk '{print $1}')
export BASTILLE_EPAIR_LIST
export BASTILLE_EPAIR_COUNT
}
get_jail_name() {
local _JID="${1}"
local _jailname="$(jls -j ${_JID} name 2>/dev/null)"
@@ -361,10 +371,13 @@ generate_vnet_jail_netblock() {
local host_epair=e0a_${jail_name}
local jail_epair=e0b_${jail_name}
else
name_prefix="$(echo ${jail_name} | cut -c1-7)"
name_suffix="$(echo ${jail_name} | rev | cut -c1-2 | rev)"
local host_epair="e0a_${name_prefix}xx${name_suffix}"
local jail_epair="e0b_${name_prefix}xx${name_suffix}"
get_bastille_epair_count
local epair_num=1
while echo "${BASTILLE_EPAIR_LIST}" | grep -oq "bastille${epair_num}"; do
epair_num=$((epair_num + 1))
done
local host_epair="e0a_bastille${epair_num}"
local jail_epair="e0b_bastille${epair_num}"
fi
elif [ "${interface_type}" = "standard" ]; then
if [ "$(echo -n "e0a_${jail_name}" | awk '{print length}')" -lt 16 ]; then
@@ -372,26 +385,21 @@ generate_vnet_jail_netblock() {
local jail_epair=e0b_${jail_name}
local jib_epair=${jail_name}
else
name_prefix="$(echo ${jail_name} | cut -c1-7)"
name_suffix="$(echo ${jail_name} | rev | cut -c1-2 | rev)"
local host_epair="e0a_${name_prefix}xx${name_suffix}"
local jail_epair="e0b_${name_prefix}xx${name_suffix}"
local jib_epair="${name_prefix}xx${name_suffix}"
get_bastille_epair_count
local epair_num=1
while echo "${BASTILLE_EPAIR_LIST}" | grep -oq "bastille${epair_num}"; do
epair_num=$((epair_num + 1))
done
local host_epair="e0a_bastille${epair_num}"
local jail_epair="e0b_bastille${epair_num}"
fi
elif [ "${interface_type}" = "passthrough" ]; then
host_epair="${external_interface}"
jail_epair="${external_interface}"
fi
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
if [ "$(echo -n "ng0_${jail_name}" | awk '{print length}')" -lt 16 ]; then
local ng_if=ng0_${jail_name}
local jng_if=${jail_name}
else
name_prefix="$(echo ${jail_name} | cut -c1-7)"
name_suffix="$(echo ${jail_name} | rev | cut -c1-2 | rev)"
local ng_if="ng0_${name_prefix}xx${name_suffix}"
local jng_if="${name_prefix}xx${name_suffix}"
fi
local ng_if=ng0_${jail_name}
local jng_if=${jail_name}
fi
# VNET_JAIL_BRIDGE

31
usr/local/share/bastille/rename.sh
View File

@@ -99,14 +99,6 @@ validate_name() {
error_exit "[ERROR]: Jail names may not begin with (-|_) characters!"
elif [ "${NAME_VERIFY}" != "${NAME_SANITY}" ]; then
error_exit "[ERROR]: Jail names may not contain special characters!"
elif [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
if [ "$(echo -n "e0a_${NAME_VERIFY}" | awk '{print length}')" -ge 16 ]; then
name_prefix="$(echo ${NAME_VERIFY} | cut -c1-7)"
name_suffix="$(echo ${NAME_VERIFY} | rev | cut -c1-2 | rev)"
if find "${bastille_jailsdir}"/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h -oqs "e0b_${name_prefix}xx${name_suffix}" 2>/dev/null; then
error_exit "[ERROR]: The jail name causes a collision with the epair interface naming. See documentation for details."
fi
fi
fi
}
@@ -160,10 +152,13 @@ update_jailconf_vnet() {
local _new_host_epair="e${_epair_num}a_${NEWNAME}"
local _new_jail_epair="e${_epair_num}b_${NEWNAME}"
else
name_prefix="$(echo ${NEWNAME} | cut -c1-7)"
name_suffix="$(echo ${NEWNAME} | rev | cut -c1-2 | rev)"
local _new_host_epair="e${_epair_num}a_${name_prefix}xx${name_suffix}"
local _new_jail_epair="e${_epair_num}b_${name_prefix}xx${name_suffix}"
get_bastille_epair_count
local epair_num=1
while echo "${BASTILLE_EPAIR_LIST}" | grep -oq "bastille${epair_num}"; do
epair_num=$((epair_num + 1))
done
local _new_host_epair="e0a_bastille${epair_num}"
local _new_jail_epair="e0b_bastille${epair_num}"
fi
local _new_if_prefix="$(echo ${_new_host_epair} | awk -F'_' '{print $1}')"
@@ -211,16 +206,8 @@ update_jailconf_vnet() {
local _ngif_num="$(echo "${_old_if_prefix}" | grep -Eo "[0-9]+")"
local _old_ngif="${_if}"
if [ "$(echo -n "ng${_ngif_num}_${NEWNAME}" | awk '{print length}')" -lt 16 ]; then
# Generate new netgraph interface name
local _new_ngif="ng${_ngif_num}_${NEWNAME}"
else
name_prefix="$(echo ${NEWNAME} | cut -c1-7)"
name_suffix="$(echo ${NEWNAME} | rev | cut -c1-2 | rev)"
local _new_ngif="ng${_ngif_num}_${name_prefix}xx${name_suffix}"
fi
# Generate new netgraph interface name
local _new_ngif="ng${_ngif_num}_${NEWNAME}"
local _new_if_prefix="$(echo ${_new_ngif} | awk -F'_' '{print $1}')"
local _new_if_suffix="$(echo ${_new_ngif} | awk -F'_' '{print $2}')"