From df5da728172d69e23445922deb21f28320792fd7 Mon Sep 17 00:00:00 2001
From: tschettervictor <tschetter.victor@gmail.com>
Date: Sun, 2 Nov 2025 17:46:19 -0700
Subject: [PATCH] vnet: set jail descr + fix vnet number

---
 usr/local/share/bastille/clone.sh             |  7 ++++
 usr/local/share/bastille/create.sh            | 23 +++++++---
 usr/local/share/bastille/network.sh           | 42 ++++++++++++-------
 .../templates/default/vnet/Bastillefile       |  4 +-
 4 files changed, 53 insertions(+), 23 deletions(-)

diff --git a/usr/local/share/bastille/clone.sh b/usr/local/share/bastille/clone.sh
index d74f6626..e20edd21 100644
--- a/usr/local/share/bastille/clone.sh
+++ b/usr/local/share/bastille/clone.sh
@@ -304,7 +304,9 @@ update_jailconf_vnet() {
 
                 # Replace epair name in /etc/rc.conf
                 sed -i '' "/ifconfig/ s|${old_jail_epair}|${new_jail_epair}|g" "${jail_rc_config}"
+
             else
+
                 # For -B jails
                 # Replace host epair name in jail.conf
                 sed -i '' "s|up name ${old_host_epair}|up name ${new_host_epair}|g" "${jail_config}"
@@ -331,12 +333,16 @@ update_jailconf_vnet() {
 
                 # Replace epair name in /etc/rc.conf
                 sed -i '' "/ifconfig/ s|${old_jail_epair}|${new_jail_epair}|g" "${jail_rc_config}"
+
             fi
 
             # Update /etc/rc.conf
             local jail_vnet="$(grep ${old_jail_epair} "${jail_rc_config}" | grep -Eo -m 1 "vnet[0-9]+")"
             local jail_vnet_vlan="$(grep "vlans_${jail_vnet}" "${jail_rc_config}" | sed 's/.*=//g')"
+
+            # Change epair name
             sed -i '' "s|${old_jail_epair}_name|${new_jail_epair}_name|" "${jail_rc_config}"
+
             # IP4
             if [ -n "${IP4_ADDR}" ]; then
                 if grep "vnet0" "${jail_rc_config}" | grep -q "${new_jail_epair}_name"; then
@@ -361,6 +367,7 @@ update_jailconf_vnet() {
                     fi
                 fi
             fi
+
             # IP6
             if [ -n "${IP6_ADDR}" ]; then
                 if grep "vnet0" "${jail_rc_config}" | grep -q "${new_jail_epair}_name"; then
diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh
index 15039dc4..1c2cfc60 100644
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -700,12 +700,23 @@ create_jail() {
             _ifconfig="${_ifconfig_inet}"
             _ifconfig6="${_ifconfig_inet6}"
 
-            # Use interface name as INTERFACE+VNET when PASSTHROUGH is selected
-            # Use default "vnet0" otherwise
-            if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then
-                bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
-            else
-                bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
+            # Set jail interface description if "if_bridge"
+            if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then
+                # Use interface name as INTERFACE+VNET when PASSTHROUGH is selected
+                # Use default "vnet0" otherwise
+                if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then
+                    bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
+                else
+                    bastille template "${NAME}" ${bastille_template_vnet} --arg EXT_INTERFACE="${INTERFACE}" --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
+                fi
+            elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
+                # Use interface name as INTERFACE+VNET when PASSTHROUGH is selected
+                # Use default "vnet0" otherwise
+                if [ "${VNET_JAIL_PASSTHROUGH}" -eq 1 ]; then
+                    bastille template "${NAME}" ${bastille_template_vnet} --arg INTERFACE="${uniq_epair}" --arg VNET="${INTERFACE}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
+                else
+                    bastille template "${NAME}" ${bastille_template_vnet}  --arg INTERFACE="${uniq_epair}" --arg VNET="vnet0" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" --arg IFCONFIG6="${_ifconfig6}"
+                fi
             fi
 
             # Add VLAN ID if it was given
diff --git a/usr/local/share/bastille/network.sh b/usr/local/share/bastille/network.sh
index 148f87e0..184885be 100644
--- a/usr/local/share/bastille/network.sh
+++ b/usr/local/share/bastille/network.sh
@@ -242,25 +242,40 @@ add_interface() {
     local ip="${3}"
     local jail_config="${bastille_jailsdir}/${jailname}/jail.conf"
     local jail_rc_config="${bastille_jailsdir}/${jailname}/root/etc/rc.conf"
-    local jail_vnet_count="$(grep -Eo 'vnet[1-9]+' ${jail_rc_config} | sort -u | wc -l)"
-    local jail_vnet="vnet$((jail_vnet_count + 1))"
+    local jail_vnet_list="$(grep -Eo 'vnet[0-9]+' ${jail_rc_config} | sort -u | wc -l)"
+    # Set vnetX number
+    local jail_vnet_num="0"
+    while echo "${jail_vnet_list}" | grep -Eosq "vnet${jail_vnet_num}"; do
+        jail_vnet_num=$((jail_vnet_num + 1))
+    done
+    local jail_vnet="vnet${jail_vnet_num}"
 
     # Determine number of interfaces
     if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then
         local epair_list="$(grep -Eo 'e[0-9]+a_[^;" ]+' ${jail_config} | sort -u)"
         local epair_suffix="$(grep -m 1 -Eo 'e[0-9]+a_[^;" ]+' ${jail_config} | awk -F"_" '{print $2}')"
+        local epair_num="0"
+        while echo "${epair_list}" | grep -Eosq "e${epair_num}a_"; do
+            epair_num=$((epair_num + 1))
+        done
+        if [ "${jail_vnet_num}" -ne "${epair_num}" ]; then
+            error_exit "[ERROR]: Jail vnet+epair interface numbers do not match."
+        fi
     elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
         local ng_list="$(grep -Eo 'ng[0-9]+_[^;" ]+' ${jail_config} | sort -u)"
         local ng_suffix="$(grep -m 1 -Eo 'ng[0-9]+_[^;" ]+' ${jail_config} | awk -F"_" '{print $2}')"
+        local ng_num="0"
+        while echo "${ng_list}" | grep -Eosq "ng${ng_num}_"; do
+            ng_num=$((ng_num + 1))
+        done
+        if [ "${jail_vnet_num}" -ne "${ng_num}" ]; then
+            error_exit "[ERROR]: Jail vnet+netgraph interface numbers do not match."
+        fi
     fi
 
     # BRIDGE interface
     if [ "${BRIDGE}" -eq 1 ]; then
 
-        local epair_num=1
-        while echo "${epair_list}" | grep -Eosq "e${epair_num}a_"; do
-            epair_num=$((epair_num + 1))
-        done
         local host_epair=e${epair_num}a_${epair_suffix}
         local jail_epair=e${epair_num}b_${epair_suffix}
 
@@ -296,7 +311,9 @@ EOF
 
         # Add config to /etc/rc.conf
         sysrc -f "${jail_rc_config}" ifconfig_${jail_epair}_name="${jail_vnet}"
-	if [ -n "${IP6_ADDR}" ]; then
+        sysrc -f "${jail_rc_config}" ifconfig_${jail_epair}_descr="jail interface for ${if}"
+
+        if [ -n "${IP6_ADDR}" ]; then
             if [ "${IP6_ADDR}" = "SLAAC" ]; then
                 sysrc -f "${jail_rc_config}" ifconfig_${jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
             else
@@ -318,10 +335,6 @@ EOF
         # if_bridge
         if [ "${bastille_network_vnet_type}" = "if_bridge" ]; then
 
-            local epair_num=1
-            while echo "${epair_list}" | grep -Eosq "e${epair_num}a_"; do
-                epair_num=$((epair_num + 1))
-            done
             local host_epair=e${epair_num}a_${epair_suffix}
             local jail_epair=e${epair_num}b_${epair_suffix}
             local jib_epair=${epair_suffix}
@@ -356,8 +369,9 @@ EOF
 
             # Add config to /etc/rc.conf
             sysrc -f "${jail_rc_config}" ifconfig_${jail_epair}_name="${jail_vnet}"
+            sysrc -f "${jail_rc_config}" ifconfig_${jail_epair}_descr="jail interface for ${if}"
 
-	    if [ -n "${IP6_ADDR}" ]; then
+            if [ -n "${IP6_ADDR}" ]; then
                 if [ "${IP6_ADDR}" = "SLAAC" ]; then
                     sysrc -f "${jail_rc_config}" ifconfig_${jail_vnet}_ipv6="inet6 -ifdisabled accept_rtadv"
                 else
@@ -376,10 +390,6 @@ EOF
         # netgraph
         elif [ "${bastille_network_vnet_type}" = "netgraph" ]; then
 
-            local ng_num=1
-            while echo "${ng_list}" | grep -Eosq "ng${ng_num}_"; do
-                ng_num=$((ng_num + 1))
-            done
             local ng_if=ng${ng_num}_${ng_suffix}
             local jng_if=${ng_suffix}
 
diff --git a/usr/local/share/bastille/templates/default/vnet/Bastillefile b/usr/local/share/bastille/templates/default/vnet/Bastillefile
index c903096c..f0c4cadb 100644
--- a/usr/local/share/bastille/templates/default/vnet/Bastillefile
+++ b/usr/local/share/bastille/templates/default/vnet/Bastillefile
@@ -8,7 +8,9 @@ ARG IFCONFIG6
 
 SYSRC ifconfig_${INTERFACE}_name=${VNET}
 SYSRC ifconfig_${VNET}="${IFCONFIG}"
-SYSRC ifconfig_${VNET}_descr="${EXT_INTERFACE} jail interface"
+
+# Set description if EXT_INTERFACE is set
+CMD if [ -n "${EXT_INTERFACE}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_descr="jail interface for ${EXT_INTERFACE}"; fi
 
 # Apply IFCONFIG6 if set
 CMD if [ -n "${IFCONFIG6}" ]; then /usr/sbin/sysrc ifconfig_${VNET}_ipv6="${IFCONFIG6}"; fi