odd behavior w/ renaming interfaces and jails...

John-Mark Gurney jmg at funkthat.com
Thu Sep 24 19:36:38 UTC 2020 

Last night, I was wondering what would happen if you changed the name
of a jail's vnet interface to be the same as one as one that exists
in vnet0.

Well, things work fine, but the surprise is when you destroy the jail,
which reparents the interface back to vnet0...

The short is that ifconfig can't tell the two interfaces apart, as they
both have the same name, BUT you can still rename one interface to make
them unique again, but I'm not sure if it's consistent which one gets
renamed...

I think that the best solution is that if there is a name collision,
that the kernel renames the interface to something like collidedX.

This seems like a minor security issue as it can allow a jail's owner
to cause problems w/ the parent jail unless a very careful process is
done to shutdown the jail (kill all processes, make sure the jail has
no colliding interface names, then destroy jail)...

Thoughts?


root at test:/home/freebsd # jail -c path=/ name=test vnet=new persist=1 vnet.interface=ue0
root at test:/home/freebsd # jexec test sh
root@:/ # set -o vi
root@:/ # ifconfig foobar0 ue0 ue1                                            
ue1
root@:/ # ifconfig -a
lo0: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ue1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether xx:xx:xx:xx:xx:xx
        media: Ethernet autoselect (1000baseT <full-duplex,master>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
root@:/ # ^D
root at test:/home/freebsd # jail -r test                                                                                                                        
root at test:/home/freebsd # ifconfig -a                                                                                                     (0 results) [43/121]
[...]
ue1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>                                               
        ether yy:yy:yy:yy:yy:yy
        ether xx:xx:xx:xx:xx:xx
        hwaddr yy:yy:yy:yy:yy:yy
        media: Ethernet autoselect (1000baseT <full-duplex,master>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
[...]
root at test:/home/freebsd # ifconfig ue1 name somethingelse0
somethingelse0
root at test:/home/freebsd # ifconfig -a
[...]
somethingelse0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether yy:yy:yy:yy:yy:yy
        media: Ethernet autoselect (1000baseT <full-duplex,master>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ue1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether xx:xx:xx:xx:xx:xx
        media: Ethernet autoselect (1000baseT <full-duplex,master>)
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

More information about the freebsd-net mailing list