Merge pull request #1250 from BastilleBSD/epair-fix

init avoid epair name clash
2026-05-19 13:53:36 +02:00 · 2025-09-30 07:49:24 -06:00
parent dda16adf46 27cf17b20a
commit 0d92ec1990
4 changed files with 45 additions and 7 deletions
--- a/docs/chapters/networking.rst
+++ b/docs/chapters/networking.rst
@@ -140,6 +140,19 @@ by quoting an IPv4 and IPv6 address together as seen in the following example.
 For the ``inherit`` and ``ip_hostname`` options, you can also specify
 ``-D|--dual`` to use both IPv4 and IPv6 inside the jail.

+Networking Limitations
+----------------------
+
+* Bastille handles the epair naming scheme by creating an epair, then naming it ``e0a_JAILNAME`` for
+  host, and ``e0b_JAILNAME`` for the jail. A know limitaion is that interface cannot exceed 16
+  characters. If it is more that 16 characters, FreeBSD will complain and fail to bring it up. To mitigate
+  this, Bastille will truncate the interface name if it exceeds the character limit in the following manner.
+  If your jail is called ``mylongjailnamehere``, Bastille will truncate the epairs to ``e0a_mylongjxxre`` and
+  ``e0b_mylongjxxre``, by using the first 11 characters, then ``xx``, then the last two characters.
+  This can cause issues if your jail naming scheme is similar to the follwoing example...
+  
+  ``nextcloud1jail`` ``nextcloud2jail`` ``nextcloud3jail``
+
 Network Scenarios
 -----------------

--- a/usr/local/share/bastille/clone.sh
+++ b/usr/local/share/bastille/clone.sh
@@ -102,10 +102,19 @@ IP="${3}"
 bastille_root_check
 set_target_single "${TARGET}"

-## don't allow for dots(.) in container names
-if echo "${NEWNAME}" | grep -q "[.]"; then
-    error_exit "[ERROR]: Jail names may not contain a dot(.)!"
-fi
+clone_validate_jail_name() {
+    if echo "${NEWNAME}" | grep -q "[.]"; then
+        error_exit "[ERROR]: Jail names may not contain a dot(.)!"
+    elif [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
+        if [ "$(echo -n "e0a_${NEWNAME}" | awk '{print length}')" -ge 16 ]; then
+            name_prefix="$(echo ${NEWNAME} | cut -c1-7)"
+            name_suffix="$(echo ${NEWNAME} | rev | cut -c1-2 | rev)"
+            if find "${bastille_jailsdir}"/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h -oqs "e0b_${name_prefix}xx${name_suffix}" 2>/dev/null; then
+                error_exit "[ERROR]: The jail name causes a collision with the epair interface naming. See documentation for details."
+            fi
+        fi
+    fi
+}

 validate_ip() {

@@ -554,6 +563,6 @@ clone_jail() {

 info "\nAttempting to clone '${TARGET}' to '${NEWNAME}'..."

-clone_jail
+clone_validate_jail_name

-echo
+clone_jail
--- a/usr/local/share/bastille/create.sh
+++ b/usr/local/share/bastille/create.sh
@@ -76,6 +76,12 @@ validate_name() {
        error_exit "[ERROR]: Jail names may not contain special characters!"
    elif echo "${NAME_VERIFY}" | grep -qE '^[0-9]+$'; then
        error_exit "[ERROR]: Jail names may not contain only digits."
+    elif { [ "${VNET_JAIL_BRIDGE}" -eq 1 ] || [ "${VNET_JAIL_STANDARD}" -eq 1 ]; } && [ "$(echo -n "e0a_${NAME_VERIFY}" | awk '{print length}')" -ge 16 ]; then
+        name_prefix="$(echo ${NAME_VERIFY} | cut -c1-7)"
+        name_suffix="$(echo ${NAME_VERIFY} | rev | cut -c1-2 | rev)"
+        if find "${bastille_jailsdir}"/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h -oqs "e0b_${name_prefix}xx${name_suffix}" 2>/dev/null; then
+            error_exit "[ERROR]: The jail name causes a collision with the epair interface naming. See documentation for details."
+        fi
    fi
 }

--- a/usr/local/share/bastille/rename.sh
+++ b/usr/local/share/bastille/rename.sh
@@ -93,10 +93,20 @@ validate_name() {
    local NAME_VERIFY="${NEWNAME}"
    local NAME_SANITY="$(echo "${NAME_VERIFY}" | tr -c -d 'a-zA-Z0-9-_')"

-    if [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then
+    if echo "${NAME_VERIFY}" | grep -q "[.]"; then
+        error_exit "[ERROR]: Jail names may not contain a dot(.)!"
+    elif [ -n "$(echo "${NAME_SANITY}" | awk "/^[-_].*$/" )" ]; then
        error_exit "[ERROR]: Jail names may not begin with (-|_) characters!"
    elif [ "${NAME_VERIFY}" != "${NAME_SANITY}" ]; then
        error_exit "[ERROR]: Jail names may not contain special characters!"
+    elif [ "$(bastille config ${TARGET} get vnet)" = "enabled" ]; then
+        if [ "$(echo -n "e0a_${NAME_VERIFY}" | awk '{print length}')" -ge 16 ]; then
+            name_prefix="$(echo ${NAME_VERIFY} | cut -c1-7)"
+            name_suffix="$(echo ${NAME_VERIFY} | rev | cut -c1-2 | rev)"
+            if find "${bastille_jailsdir}"/*/jail.conf -maxdepth 1 -type f -print0 2> /dev/null | xargs -r0 -P0 grep -h -oqs "e0b_${name_prefix}xx${name_suffix}" 2>/dev/null; then
+                error_exit "[ERROR]: The jail name causes a collision with the epair interface naming. See documentation for details."
+            fi
+        fi
    fi
 }