From 0703fb5c22cb33a65d7b8f5cacdb175b7a2af39b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Quentin=20Th=C3=A9bault?= Date: Wed, 27 Nov 2024 23:15:09 +0100 Subject: [PATCH] ioc_start.py: allow setting IP address on lo0 (#48) * ioc_start.py: allow 'none' bridge in interfaces Iocage currently expects interfaces to be specified in the nic:bridge format, where bridge cannot be none. This results in iocage always creating a bridge to which VNET jail epair interfaces are added as members. In a scenario where the user wants jails to be isolated on the data-link layer (OSI layer 2 / Ethernet) and use the host as a router, this bridge is unnecessery. It can also result in illegitimate cross-jail traffic being allowed, since pf filtering on bridge interfaces is disabled by default on FreeBSD systems (net.link.bridge.pfil_bridge=0). Closes #44 * ioc_start.py: allow setting IP address on lo0 Currently, iocage ignores IP addresses given for the loopback interface lo0 that exists by default in a VNET jail. Adding addresses to that interface can be useful, for instance to implement rfc7404 addressing where link-local addresses are used for interconnections, and routable addresses are set on loopback interfaces. This commit enables setting additional addresses on the lo0 interface using the usual ip4_addr or ip6_addr settings. For instance: ip4_addr='lo0|192.168.2.10' Closes #46 --------- Co-authored-by: dgeo --- iocage_lib/ioc_start.py | 4 +-- tests/functional_tests/0004_start_test.py | 30 ++++++++++++++++++++++- 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/iocage_lib/ioc_start.py b/iocage_lib/ioc_start.py index f11d986c..af5c31f3 100644 --- a/iocage_lib/ioc_start.py +++ b/iocage_lib/ioc_start.py @@ -1174,7 +1174,7 @@ def start_network_interface_vnet( dhcp = self.get('dhcp') - ifaces = [] + ifaces = ['lo0'] for addrs, gw, ipv6 in net_configs: if ( @@ -1193,7 +1193,7 @@ def start_network_interface_vnet( # They didn't supply an interface, assuming default iface, ip = "vnet0", addr - if iface not in nics: + if iface not in nics and iface != 'lo0': continue if iface not in ifaces: diff --git a/tests/functional_tests/0004_start_test.py b/tests/functional_tests/0004_start_test.py index 73f64e17..4777f26c 100644 --- a/tests/functional_tests/0004_start_test.py +++ b/tests/functional_tests/0004_start_test.py @@ -57,7 +57,8 @@ def test_02_start_rc_jail(invoke_cli, resource_selector): for jail in resource_selector.rcjails: assert jail.running is True, f'{jail.name} not running' -# TODO: Let's also start jails in a single command to test that out +# Network-related tests belong here because the code is only executed at jail +# start time. @require_root @require_zpool @@ -109,3 +110,30 @@ def test_03_create_and_start_nobridge_vnet_jail(release, jail, invoke_cli): finally: os.remove(path) + + +# TODO: Let's also start jails in a single command to test that out + +@require_root +@require_zpool +def test_04_vnet_jail_with_loopback_alias(release, jail, invoke_cli): + jail = jail('loopback_alias_jail') + + invoke_cli([ + 'create', '-r', release, '-n', jail.name, + 'boot=on', 'vnet=on', 'defaultrouter=none', + f'ip4_addr=lo0|192.168.2.10' + ]) + + assert jail.exists is True + assert jail.running is True + + stdout, stderr = jail.run_command(['ifconfig', 'lo0']) + assert bool(stderr) is False, f'Ifconfig returned an error: {stderr}' + assert '192.168.2.10' in stdout, ( + 'Could not set address on loopback interface.' + ) + + invoke_cli([ + 'destroy', jail.name, '-f' + ]) \ No newline at end of file