From owner-freebsd-net@freebsd.org Thu Sep 24 19:36:38 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6FC2C426205 for ; Thu, 24 Sep 2020 19:36:38 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4By4zp1nldz45Kk for ; Thu, 24 Sep 2020 19:36:38 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: by mailman.nyi.freebsd.org (Postfix) id 3D1B5426204; Thu, 24 Sep 2020 19:36:38 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3CDE9426203 for ; Thu, 24 Sep 2020 19:36:38 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gate2.funkthat.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4By4zn2r7Yz456q for ; Thu, 24 Sep 2020 19:36:37 +0000 (UTC) (envelope-from jmg@gold.funkthat.com) Received: from gold.funkthat.com (localhost [127.0.0.1]) by gold.funkthat.com (8.15.2/8.15.2) with ESMTPS id 08OJaZxn089131 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Thu, 24 Sep 2020 12:36:36 -0700 (PDT) (envelope-from jmg@gold.funkthat.com) Received: (from jmg@localhost) by gold.funkthat.com (8.15.2/8.15.2/Submit) id 08OJaZnw089130 for net@FreeBSD.org; Thu, 24 Sep 2020 12:36:35 -0700 (PDT) (envelope-from jmg) Date: Thu, 24 Sep 2020 12:36:35 -0700 From: John-Mark Gurney To: net@FreeBSD.org Subject: odd behavior w/ renaming interfaces and jails... Message-ID: <20200924193635.GD4213@funkthat.com> Mail-Followup-To: net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD 11.3-STABLE amd64 X-PGP-Fingerprint: D87A 235F FB71 1F3F 55B7 ED9B D5FF 5A51 C0AC 3D65 X-Files: The truth is out there X-URL: https://www.funkthat.com/ X-Resume: https://www.funkthat.com/~jmg/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (gold.funkthat.com [127.0.0.1]); Thu, 24 Sep 2020 12:36:36 -0700 (PDT) X-Rspamd-Queue-Id: 4By4zn2r7Yz456q X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=none (mx1.freebsd.org: domain of jmg@gold.funkthat.com has no SPF policy when checking 208.87.223.18) smtp.mailfrom=jmg@gold.funkthat.com X-Spamd-Result: default: False [1.81 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; FREEFALL_USER(0.00)[jmg]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[net@freebsd.org]; TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.11)[-0.109]; NEURAL_SPAM_MEDIUM(0.04)[0.037]; DMARC_NA(0.00)[funkthat.com]; NEURAL_SPAM_SHORT(0.68)[0.682]; R_SPF_NA(0.00)[no SPF record]; FORGED_SENDER(0.30)[jmg@funkthat.com,jmg@gold.funkthat.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:32354, ipnet:208.87.216.0/21, country:US]; FROM_NEQ_ENVFROM(0.00)[jmg@funkthat.com,jmg@gold.funkthat.com]; MAILMAN_DEST(0.00)[net]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Sep 2020 19:36:38 -0000 Last night, I was wondering what would happen if you changed the name of a jail's vnet interface to be the same as one as one that exists in vnet0. Well, things work fine, but the surprise is when you destroy the jail, which reparents the interface back to vnet0... The short is that ifconfig can't tell the two interfaces apart, as they both have the same name, BUT you can still rename one interface to make them unique again, but I'm not sure if it's consistent which one gets renamed... I think that the best solution is that if there is a name collision, that the kernel renames the interface to something like collidedX. This seems like a minor security issue as it can allow a jail's owner to cause problems w/ the parent jail unless a very careful process is done to shutdown the jail (kill all processes, make sure the jail has no colliding interface names, then destroy jail)... Thoughts? root@test:/home/freebsd # jail -c path=/ name=test vnet=new persist=1 vnet.interface=ue0 root@test:/home/freebsd # jexec test sh root@:/ # set -o vi root@:/ # ifconfig foobar0 ue0 ue1 ue1 root@:/ # ifconfig -a lo0: flags=8008 metric 0 mtu 16384 options=680003 groups: lo nd6 options=21 ue1: flags=8802 metric 0 mtu 1500 options=80000 ether xx:xx:xx:xx:xx:xx media: Ethernet autoselect (1000baseT ) status: active nd6 options=21 root@:/ # ^D root@test:/home/freebsd # jail -r test root@test:/home/freebsd # ifconfig -a (0 results) [43/121] [...] ue1: flags=8802 metric 0 mtu 1500 options=80000 ether yy:yy:yy:yy:yy:yy ether xx:xx:xx:xx:xx:xx hwaddr yy:yy:yy:yy:yy:yy media: Ethernet autoselect (1000baseT ) status: active nd6 options=29 [...] root@test:/home/freebsd # ifconfig ue1 name somethingelse0 somethingelse0 root@test:/home/freebsd # ifconfig -a [...] somethingelse0: flags=8802 metric 0 mtu 1500 options=80000 ether yy:yy:yy:yy:yy:yy media: Ethernet autoselect (1000baseT ) status: active nd6 options=29 ue1: flags=8802 metric 0 mtu 1500 options=80000 ether xx:xx:xx:xx:xx:xx media: Ethernet autoselect (1000baseT ) status: active nd6 options=21 -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."