diff --git a/usr/local/share/bastille/network.sh b/usr/local/share/bastille/network.sh index 16a5dcbd..bf220dc2 100644 --- a/usr/local/share/bastille/network.sh +++ b/usr/local/share/bastille/network.sh @@ -65,7 +65,7 @@ while [ "$#" -gt 0 ]; do FORCE=1 shift ;; - -m|--static-mac) + -m|-M|--static-mac) STATIC_MAC=1 shift ;; @@ -78,11 +78,11 @@ while [ "$#" -gt 0 ]; do shift ;; -*) - for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do - case ${_opt} in + for _o in $(echo ${1} 2>/dev/null | sed 's/-//g' | fold -w1); do + case ${_o} in b|B) BRIDGE_VNET_JAIL=1 ;; f) FORCE=1 ;; - m) STATIC_MAC=1 ;; + m|M) STATIC_MAC=1 ;; s) START=1 ;; v|V) VNET_JAIL=1 ;; *) error_exit "Unknown Option: \"${1}\"" ;; @@ -189,51 +189,12 @@ add_vnet_interface_block() { break fi done - generate_static_mac "${_jailname}" "${_if}" sed -i '' "s|}||" "${_jail_config}" - ## generate config - cat << EOF >> "${_jail_config}" - ## ${uniq_epair} interface - vnet.interface += e0b_${uniq_epair}; - exec.prestart += "jib addm ${uniq_epair} ${_if}"; - exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${_jailname}\""; - exec.poststop += "jib destroy ${uniq_epair}"; -} -EOF - - # add config to /etc/rc.conf - sysrc -f "${_jail_rc_config}" ifconfig_e0b_${uniq_epair}_name="${_if_vnet}" - # If 0.0.0.0 set DHCP, else set static IP address - if [ "${_ip}" = "0.0.0.0" ]; then - sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP" - else - sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}=" inet ${_ip} " - fi - - info "[${_jailname}]:" - echo "Added interface: \"${_if}\"" -} - -add_vnet_interface_block_static_mac() { - local _jailname="${1}" - local _if="${2}" - local _ip="${3}" - local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf" - local _jail_rc_config="${bastille_jailsdir}/${_jailname}/root/etc/rc.conf" - local _if_count="$(grep -Eo 'bastille[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')" - local _if_vnet_count="$(grep -Eo 'vnet[1-9]+' ${_jail_rc_config} | sort -u | wc -l | awk '{print $1}')" - local _if_vnet="vnet$((_if_vnet_count + 1))" - local num_range=$((_if_count + 1)) - for _num in $(seq 0 "${num_range}"); do - if ! grep -Eq "bastille${_num}" "${bastille_jailsdir}"/*/jail.conf; then - local uniq_epair="bastille${_num}" - break - fi - done - generate_static_mac "${_jailname}" "${_if}" - sed -i '' "s|}||" "${_jail_config}" - ## generate config - cat << EOF >> "${_jail_config}" + # Generate VNET block + if [ "${STATIC_MAC}" -eq 1 ]; then + # Generate NETBLOCK with static MAC + generate_static_mac "${_jailname}" "${_if}" + cat << EOF >> "${_jail_config}" ## ${uniq_epair} interface vnet.interface += e0b_${uniq_epair}; exec.prestart += "jib addm ${uniq_epair} ${_if}"; @@ -243,8 +204,19 @@ add_vnet_interface_block_static_mac() { exec.poststop += "jib destroy ${uniq_epair}"; } EOF + else + # Generate NETBLOCK without static MAC + cat << EOF >> "${_jail_config}" + ## ${uniq_epair} interface + vnet.interface += e0b_${uniq_epair}; + exec.prestart += "jib addm ${uniq_epair} ${_if}"; + exec.prestart += "ifconfig e0a_${uniq_epair} description \"vnet host interface for Bastille jail ${_jailname}\""; + exec.poststop += "jib destroy ${uniq_epair}"; +} +EOF + fi - # add config to /etc/rc.conf + # Add config to /etc/rc.conf sysrc -f "${_jail_rc_config}" ifconfig_e0b_${uniq_epair}_name="${_if_vnet}" # If 0.0.0.0 set DHCP, else set static IP address if [ "${_ip}" = "0.0.0.0" ]; then @@ -254,7 +226,7 @@ EOF fi info "[${_jailname}]:" - echo "Added interface: \"${_if}\"" + echo "Added VNET interface: \"${_if}\"" } add_bridge_interface_block() { @@ -273,54 +245,12 @@ add_bridge_interface_block() { break fi done - generate_static_mac "${_jailname}" "${_if}" sed -i '' "s|}||" "${_jail_config}" - ## generate config - cat << EOF >> "${_jail_config}" - ## epair${uniq_epair} interface - vnet.interface += e${uniq_epair}b_${_jailname}; - exec.prestart += "ifconfig epair${uniq_epair} create"; - exec.prestart += "ifconfig ${_if} addm epair${uniq_epair}a"; - exec.prestart += "ifconfig epair${uniq_epair}a up name e${uniq_epair}a_${_jailname}"; - exec.prestart += "ifconfig epair${uniq_epair}b up name e${uniq_epair}b_${_jailname}"; - exec.poststop += "ifconfig ${_if} deletem e${uniq_epair}a_${_jailname}"; - exec.poststop += "ifconfig e${uniq_epair}a_${_jailname} destroy"; -} -EOF - - # Add config to /etc/rc.conf - sysrc -f "${_jail_rc_config}" ifconfig_e${uniq_epair}b_${_jailname}_name="${_if_vnet}" - # If 0.0.0.0 set DHCP, else set static IP address - if [ "${_ip}" = "0.0.0.0" ]; then - sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}="SYNCDHCP" - else - sysrc -f "${_jail_rc_config}" ifconfig_${_if_vnet}=" inet ${_ip} " - fi - - info "[${_jailname}]:" - echo "Added interface: \"${_if}\"" -} - -add_bridge_interface_block_static_mac() { - local _jailname="${1}" - local _if="${2}" - local _ip="${3}" - local _jail_config="${bastille_jailsdir}/${_jailname}/jail.conf" - local _jail_rc_config="${bastille_jailsdir}/${_jailname}/root/etc/rc.conf" - local _if_count="$(grep -Eo 'epair[0-9]+' ${bastille_jailsdir}/*/jail.conf | sort -u | wc -l | awk '{print $1}')" - local _if_vnet_count="$(grep -Eo 'vnet[1-9]+' ${_jail_rc_config} | sort -u | wc -l | awk '{print $1}')" - local _if_vnet=vnet$((_if_vnet_count + 1)) - local num_range=$((_if_count + 1)) - for _num in $(seq 0 "${num_range}"); do - if ! grep -Eq "epair${_num}" "${bastille_jailsdir}"/*/jail.conf; then - local uniq_epair="${_num}" - break - fi - done - generate_static_mac "${_jailname}" "${_if}" - sed -i '' "s|}||" "${_jail_config}" - ## generate config - cat << EOF >> "${_jail_config}" + # Generate bridged VNET block + if [ "${STATIC_MAC}" -eq 1 ]; then + # Generate NETBLOCK with static MAC + generate_static_mac "${_jailname}" "${_if}" + cat << EOF >> "${_jail_config}" ## epair${uniq_epair} interface vnet.interface += e${uniq_epair}b_${_jailname}; exec.prestart += "ifconfig epair${uniq_epair} create"; @@ -333,6 +263,20 @@ add_bridge_interface_block_static_mac() { exec.poststop += "ifconfig e${uniq_epair}a_${_jailname} destroy"; } EOF + else + # Generate NETBLOCK without static MAC + cat << EOF >> "${_jail_config}" + ## epair${uniq_epair} interface + vnet.interface += e${uniq_epair}b_${_jailname}; + exec.prestart += "ifconfig epair${uniq_epair} create"; + exec.prestart += "ifconfig ${_if} addm epair${uniq_epair}a"; + exec.prestart += "ifconfig epair${uniq_epair}a up name e${uniq_epair}a_${_jailname}"; + exec.prestart += "ifconfig epair${uniq_epair}b up name e${uniq_epair}b_${_jailname}"; + exec.poststop += "ifconfig ${_if} deletem e${uniq_epair}a_${_jailname}"; + exec.poststop += "ifconfig e${uniq_epair}a_${_jailname} destroy"; +} +EOF + fi # Add config to /etc/rc.conf sysrc -f "${_jail_rc_config}" ifconfig_e${uniq_epair}b_${_jailname}_name="${_if_vnet}" @@ -451,11 +395,7 @@ case "${ACTION}" in if ifconfig | grep "${INTERFACE}" | grep -q bridge; then error_exit "\"${INTERFACE}\" is a bridge interface." else - if [ "${STATIC_MAC}" -eq 1 ]; then - add_vnet_interface_block_static_mac "${TARGET}" "${INTERFACE}" "${IP}" - else - add_vnet_interface_block "${TARGET}" "${INTERFACE}" "${IP}" - fi + add_vnet_interface_block "${TARGET}" "${INTERFACE}" "${IP}" if [ "${START}" -eq 1 ]; then bastille start "${TARGET}" fi @@ -464,11 +404,7 @@ case "${ACTION}" in if ! ifconfig | grep "${INTERFACE}" | grep -q bridge; then error_exit "\"${INTERFACE}\" is not a bridge interface." else - if [ "${STATIC_MAC}" -eq 1 ]; then - add_bridge_interface_block_static_mac "${TARGET}" "${INTERFACE}" "${IP}" - else - add_bridge_interface_block "${TARGET}" "${INTERFACE}" "${IP}" - fi + add_bridge_interface_block "${TARGET}" "${INTERFACE}" "${IP}" if [ "${START}" -eq 1 ]; then bastille start "${TARGET}" fi