From owner-svn-src-head@freebsd.org Sun Apr 19 13:34:00 2020 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B76BF2C60BD; Sun, 19 Apr 2020 13:34:00 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 494rQH1jp6z4HKK; Sun, 19 Apr 2020 13:33:58 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smtp.greenhost.nl ([213.108.110.112]) by smarthost1.greenhost.nl with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1jQA56-0004df-PV; Sun, 19 Apr 2020 15:33:57 +0200 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org, "Kristof Provost" Subject: Re: svn commit: r360068 - in head/sys: kern net sys References: <202004180750.03I7oUK6032898@repo.freebsd.org> Date: Sun, 19 Apr 2020 15:33:55 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Ronald Klop" Message-ID: In-Reply-To: <202004180750.03I7oUK6032898@repo.freebsd.org> User-Agent: Opera Mail/12.16 (FreeBSD) X-Authenticated-As-Hash: 398f5522cb258ce43cb679602f8cfe8b62a256d1 X-Virus-Scanned: by clamav at smarthost1.samage.net X-Spam-Level: / X-Spam-Score: -0.2 X-Spam-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED, BAYES_50 autolearn=disabled version=3.4.2 X-Scan-Signature: 50d93031f3c5812f4fafdc9644ec945e X-Rspamd-Queue-Id: 494rQH1jp6z4HKK X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of ronald-lists@klop.ws designates 195.190.28.88 as permitted sender) smtp.mailfrom=ronald-lists@klop.ws X-Spamd-Result: default: False [-2.51 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:195.190.28.64/27]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[klop.ws]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; IP_SCORE(-0.71)[ip: (-0.59), ipnet: 195.190.28.0/24(-0.24), asn: 47172(-2.76), country: NL(0.03)]; RCVD_IN_DNSWL_NONE(0.00)[88.28.190.195.list.dnswl.org : 127.0.10.0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:47172, ipnet:195.190.28.0/24, country:NL]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Apr 2020 13:34:00 -0000 Nice feature. A question below. On Sat, 18 Apr 2020 09:50:30 +0200, Kristof Provost wrote: > Author: kp > Date: Sat Apr 18 07:50:30 2020 > New Revision: 360068 > URL: https://svnweb.freebsd.org/changeset/base/360068 > > Log: > ethersubr: Make the mac address generation more robust > If we create two (vnet) jails and create a bridge interface in each we > end up > with the same mac address on both bridge interfaces. > These very often conflicts, resulting in same mac address in both > jails. > Mitigate this problem by including the jail name in the mac address. > Reviewed by: kevans, melifaro > MFC after: 1 week > Differential Revision: https://reviews.freebsd.org/D24383 > > Modified: > head/sys/kern/kern_jail.c > head/sys/net/if_ethersubr.c > head/sys/sys/jail.h > > Modified: head/sys/kern/kern_jail.c > ============================================================================== > --- head/sys/kern/kern_jail.c Sat Apr 18 03:14:16 2020 (r360067) > +++ head/sys/kern/kern_jail.c Sat Apr 18 07:50:30 2020 (r360068) > @@ -2920,6 +2920,15 @@ getcredhostid(struct ucred *cred, unsigned long > *hosti > mtx_unlock(&cred->cr_prison->pr_mtx); > } > +void > +getjailname(struct ucred *cred, char *name, size_t len) > +{ > + > + mtx_lock(&cred->cr_prison->pr_mtx); > + strlcpy(name, cred->cr_prison->pr_name, len); > + mtx_unlock(&cred->cr_prison->pr_mtx); > +} > + > #ifdef VIMAGE > /* > * Determine whether the prison represented by cred owns > > Modified: head/sys/net/if_ethersubr.c > ============================================================================== > --- head/sys/net/if_ethersubr.c Sat Apr 18 03:14:16 2020 (r360067) > +++ head/sys/net/if_ethersubr.c Sat Apr 18 07:50:30 2020 (r360068) > @@ -1419,27 +1419,39 @@ ether_8021q_frame(struct mbuf **mp, struct ifnet > *ife, > /* > * Allocate an address from the FreeBSD Foundation OUI. This uses a > - * cryptographic hash function on the containing jail's UUID and the > interface > - * name to attempt to provide a unique but stable address. > Pseudo-interfaces > - * which require a MAC address should use this function to allocate > - * non-locally-administered addresses. > + * cryptographic hash function on the containing jail's name, UUID and > the > + * interface name to attempt to provide a unique but stable address. > + * Pseudo-interfaces which require a MAC address should use this > function to > + * allocate non-locally-administered addresses. > */ > void > ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr) > { > -#define ETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2 > SHA1_CTX ctx; > - char buf[ETHER_GEN_ADDR_BUFSIZ]; > + char *buf; > char uuid[HOSTUUIDLEN + 1]; > uint64_t addr; > int i, sz; > char digest[SHA1_RESULTLEN]; > + char jailname[MAXHOSTNAMELEN]; > getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid)); > - sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, > ifp->if_xname); > + /* If each (vnet) jail would also have a unique hostuuid this would not > + * be necessary. */ > + getjailname(curthread->td_ucred, jailname, sizeof(jailname)); > + sz = asprintf(&buf, M_TEMP, "%s-%s-%s", uuid, if_name(ifp), > + jailname); > + if (sz < 0) { > + /* Fall back to a random mac address. */ I was wondering if it would be valuable to give this fall back something like: printf("%s: unable to create fixed mac address; using random mac address", if_name(ifp)); This will only be printed in rare circumstances. But in that case will provide valuable information. Regards, Ronald. > + arc4rand(hwaddr, sizeof(*hwaddr), 0); > + hwaddr->octet[0] = 0x02; > + return; > + } > + > SHA1Init(&ctx); > SHA1Update(&ctx, buf, sz); > SHA1Final(digest, &ctx); > + free(buf, M_TEMP); > addr = ((digest[0] << 16) | (digest[1] << 8) | digest[2]) & > OUI_FREEBSD_GENERATED_MASK; > > Modified: head/sys/sys/jail.h > ============================================================================== > --- head/sys/sys/jail.h Sat Apr 18 03:14:16 2020 (r360067) > +++ head/sys/sys/jail.h Sat Apr 18 07:50:30 2020 (r360068) > @@ -382,6 +382,7 @@ void getcredhostname(struct ucred *, char *, size_t); > void getcreddomainname(struct ucred *, char *, size_t); > void getcredhostuuid(struct ucred *, char *, size_t); > void getcredhostid(struct ucred *, unsigned long *); > +void getjailname(struct ucred *cred, char *name, size_t len); > void prison0_init(void); > int prison_allow(struct ucred *, unsigned); > int prison_check(struct ucred *cred1, struct ucred *cred2); > _______________________________________________ > svn-src-all@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-all > To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"