Skip to content

Commit

Permalink
hash mac of host for prefix
Browse files Browse the repository at this point in the history
  • Loading branch information
@tschettervictor
tschettervictor authored Dec 30, 2024
1 parent d3fd055 commit 3c60a4b
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions usr/local/share/bastille/common.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,9 @@ warn() {
generate_static_mac() {
local jail_name="${1}"
local external_interface="${2}"
local macaddr_prefix="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | cut -d':' -f1-3)"
local macaddr_suffix="$(echo -n "${external_interface}${jail_name}" | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
local external_interface_mac="$(ifconfig ${external_interface} | grep ether | awk '{print $2}' | sed 's#:##g')"
local macaddr_prefix="$(echo -n "${external_interface_mac}" | sha256 | cut -b -6 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
local macaddr_suffix="$(echo -n "${jail_name}" | sha256 | cut -b -5 | sed 's/\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F][0-9a-fA-F]\)\([0-9a-fA-F]\)/\1:\2:\3/')"
if [ -z "${macaddr_prefix}" ] || [ -z "${macaddr_suffix}" ]; then
error_notify "Failed to generate MAC address."
fi
Expand Down

3 comments on commit 3c60a4b

@JRGTH
Copy link
Collaborator

@JRGTH JRGTH commented on 3c60a4b Dec 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @tschettervictor, please see: d3fd055#commitcomment-150827544

Regards!

@tschettervictor
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked at the comment, and tried to explain my reasoning. This is my current goal on this commit.

Hash the host MAC (the full MAC) and strip the first 6 digits.
Hash the jail name for the last 5 digits.

The very last digit is used as "a" and "b" for the host side of the epair/bastille interface respectively to differentiate better.

@tschettervictor
Copy link
Collaborator Author

@tschettervictor tschettervictor commented on 3c60a4b Dec 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Below is a jail with two interfaces created with the code in PR #783 and the corresponding jail.conf file.
Notice the MAC addresses are completely different even though the interfaces are bridge0 and bridge1, but since the name of the jail remains the same, the last half of the MAC is the same.

vnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 32:15:c5:9f:86:db
        hwaddr 02:60:3e:34:2c:0b
        inet 192.168.1.159 netmask 0xfffffe00 broadcast 192.168.1.255
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vnet1: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 18:30:f4:9f:86:db
        hwaddr 02:7a:8b:14:23:0b
        inet 192.168.1.156 netmask 0xfffffe00 broadcast 192.168.1.255
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

test1 {
  devfs_ruleset = 13;
  enforce_statfs = 2;
  exec.clean;
  exec.consolelog = /var/log/bastille/test1_console.log;
  exec.start = '/bin/sh /etc/rc';
  exec.stop = '/bin/sh /etc/rc.shutdown';
  host.hostname = test1;
  mount.devfs;
  mount.fstab = /usr/local/bastille/jails/test1/fstab;
  path = /usr/local/bastille/jails/test1/root;
  securelevel = 2;
  osrelease = 13.4-RELEASE;

  vnet;
  vnet.interface = e3b_test1;
  exec.prestart += "ifconfig epair3 create";
  exec.prestart += "ifconfig bridge0 addm epair3a";
  exec.prestart += "ifconfig epair3a up name e3a_test1";
  exec.prestart += "ifconfig epair3b up name e3b_test1";
  exec.prestart += "ifconfig e3a_test1 ether 32:15:c5:9f:86:da";
  exec.prestart += "ifconfig e3b_test1 ether 32:15:c5:9f:86:db";
  exec.poststop += "ifconfig bridge0 deletem e3a_test1";
  exec.poststop += "ifconfig e3a_test1 destroy";

  ## epair4 interface
  vnet.interface += e4b_test1;
  exec.prestart += "ifconfig epair4 create";
  exec.prestart += "ifconfig bridge1 addm epair4a";
  exec.prestart += "ifconfig epair4a up name e4a_test1";
  exec.prestart += "ifconfig epair4b up name e4b_test1";
  exec.prestart += "ifconfig e4a_test1 ether 18:30:f4:9f:86:da";
  exec.prestart += "ifconfig e4b_test1 ether 18:30:f4:9f:86:db";
  exec.poststop += "ifconfig bridge1 deletem e4a_test1";
  exec.poststop += "ifconfig e4a_test1 destroy";
}

Please sign in to comment.