Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2026-03-25 18:24:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

vnet: set jail descr + fix vnet number

Browse Source
This commit is contained in:
tschettervictor
2025-11-02 17:46:19 -07:00
parent e8d564a695
commit df5da72817
4 changed files with 53 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
usr/local/share/bastille/clone.sh
View File

@@ -304,7 +304,9 @@ update_jailconf_vnet() {
# Replace epair name in /etc/rc.conf
sed -i '' "/ifconfig/ s|${old_jail_epair}|${new_jail_epair}|g" "${jail_rc_config}"
else
# For -B jails
# Replace host epair name in jail.conf
sed -i '' "s|up name ${old_host_epair}|up name ${new_host_epair}|g" "${jail_config}"
@@ -331,12 +333,16 @@ update_jailconf_vnet() {
# Replace epair name in /etc/rc.conf
sed -i '' "/ifconfig/ s|${old_jail_epair}|${new_jail_epair}|g" "${jail_rc_config}"
fi
# Update /etc/rc.conf
local jail_vnet="$(grep ${old_jail_epair} "${jail_rc_config}" | grep -Eo -m 1 "vnet[0-9]+")"
local jail_vnet_vlan="$(grep "vlans_${jail_vnet}" "${jail_rc_config}" | sed 's/.*=//g')"
# Change epair name
sed -i '' "s|${old_jail_epair}_name|${new_jail_epair}_name|" "${jail_rc_config}"
# IP4
if [ -n "${IP4_ADDR}" ]; then
if grep "vnet0" "${jail_rc_config}" | grep -q "${new_jail_epair}_name"; then
@@ -361,6 +367,7 @@ update_jailconf_vnet() {
fi
fi
fi
# IP6
if [ -n "${IP6_ADDR}" ]; then
if grep "vnet0" "${jail_rc_config}" | grep -q "${new_jail_epair}_name"; then

23
usr/local/share/bastille/create.sh
View File

@@ -700,12 +700,23 @@ create_jail() {
_ifconfig="${_ifconfig_inet}"
_ifconfig6="${_ifconfig_inet6}"
# Use interface name as INTERFACE+VNET when PASSTHROUGH is selected
# Use default "vnet0" otherwise
if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then
bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
else
bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
# Set jail interface description if "if_bridge"
if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then
# Use interface name as INTERFACE+VNET when PASSTHROUGH is selected
# Use default "vnet0" otherwise
if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then
bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
else
bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
fi
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
# Use interface name as INTERFACE+VNET when PASSTHROUGH is selected
# Use default "vnet0" otherwise
if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then
bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
else
bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
fi
fi
# Add VLAN ID if it was given

42
usr/local/share/bastille/network.sh
View File

@@ -242,25 +242,40 @@ add_interface() {
local ip="${3}"
local jail_config="${bastille_jailsdir}/${jailname}/jail.conf"
local jail_rc_config="${bastille_jailsdir}/${jailname}/root/etc/rc.conf"
local jail_vnet_count="$(grep -Eo 'vnet[1-9]+' ${jail_rc_config} | sort -u | wc -l)"
local jail_vnet="vnet$((jail_vnet_count + 1))"
local jail_vnet_list="$(grep -Eo 'vnet[0-9]+' ${jail_rc_config} | sort -u | wc -l)"
# Set vnetX number
local jail_vnet_num="0"
while echo "${jail_vnet_list}" | grep -Eosq "vnet${jail_vnet_num}"; do
jail_vnet_num=$((jail_vnet_num + 1))
done
local jail_vnet="vnet${jail_vnet_num}"
# Determine number of interfaces
if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then
local epair_list="$(grep -Eo 'e[0-9]+a_[^;" ]+' ${jail_config} | sort -u)"
local epair_suffix="$(grep -m 1 -Eo 'e[0-9]+a_[^;" ]+' ${jail_config} | awk -F"_" '{print $2}')"
local epair_num="0"
while echo "${epair_list}" | grep -Eosq "e${epair_num}a_"; do
epair_num=$((epair_num + 1))
done
if [ "${jail_vnet_num}" -ne "${epair_num}" ]; then
error_exit "[ERROR]: Jail vnet+epair interface numbers do not match."
fi
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
local ng_list="$(grep -Eo 'ng[0-9]+_[^;" ]+' ${jail_config} | sort -u)"
local ng_suffix="$(grep -m 1 -Eo 'ng[0-9]+_[^;" ]+' ${jail_config} | awk -F"_" '{print $2}')"
local ng_num="0"
while echo "${ng_list}" | grep -Eosq "ng${ng_num}_"; do
ng_num=$((ng_num + 1))
done
if [ "${jail_vnet_num}" -ne "${ng_num}" ]; then
error_exit "[ERROR]: Jail vnet+netgraph interface numbers do not match."
fi
fi
# BRIDGE interface
if [ "${BRIDGE}" -eq 1 ]; then
local epair_num=1
while echo "${epair_list}" | grep -Eosq "e${epair_num}a_"; do
epair_num=$((epair_num + 1))
done
local host_epair=e${epair_num}a_${epair_suffix}
local jail_epair=e${epair_num}b_${epair_suffix}
@@ -296,7 +311,9 @@ EOF
# Add config to /etc/rc.conf
sysrc -f "${jail_rc_config}" ifconfig_${jail_epair}_name="${jail_vnet}"
if [ -n "${IP6_ADDR}" ]; then
sysrc -f "${jail_rc_config}" ifconfig_${jail_epair}_descr="jail interface for ${if}"
if [ -n "${IP6_ADDR}" ]; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${jail_rc_config}" ifconfig_${jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
else
@@ -318,10 +335,6 @@ EOF
# if_bridge
if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then
local epair_num=1
while echo "${epair_list}" | grep -Eosq "e${epair_num}a_"; do
epair_num=$((epair_num + 1))
done
local host_epair=e${epair_num}a_${epair_suffix}
local jail_epair=e${epair_num}b_${epair_suffix}
local jib_epair=${epair_suffix}
@@ -356,8 +369,9 @@ EOF
# Add config to /etc/rc.conf
sysrc -f "${jail_rc_config}" ifconfig_${jail_epair}_name="${jail_vnet}"
sysrc -f "${jail_rc_config}" ifconfig_${jail_epair}_descr="jail interface for ${if}"
if [ -n "${IP6_ADDR}" ]; then
if [ -n "${IP6_ADDR}" ]; then
if [ "${IP6_ADDR}" = "SLAAC" ]; then
sysrc -f "${jail_rc_config}" ifconfig_${jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
else
@@ -376,10 +390,6 @@ EOF
# netgraph
elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
local ng_num=1
while echo "${ng_list}" | grep -Eosq "ng${ng_num}_"; do
ng_num=$((ng_num + 1))
done
local ng_if=ng${ng_num}_${ng_suffix}
local jng_if=${ng_suffix}

4
usr/local/share/bastille/templates/default/vnet/Bastillefile
View File

@@ -8,7 +8,9 @@ ARG IFCONFIG6
SYSRC ifconfig_${INTERFACE}_name=${VNET}
SYSRC ifconfig_${VNET}="${IFCONFIG}"
SYSRC ifconfig_${VNET}_descr="${EXT_INTERFACE} jail interface"
# Set description if EXT_INTERFACE is set
CMD if [ -n "${EXT_INTERFACE}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}"; fi
# Apply IFCONFIG6 if set
CMD if [ -n "${IFCONFIG6}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_ipv6="${IFCONFIG6}"; fi