Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accommodate IPv4 netmask or IPv6 prefix length for pots that use alias networking and explicit addresses #268

Open
tnalpgge opened this issue Jun 2, 2023 · 0 comments
Open

Accommodate IPv4 netmask or IPv6 prefix length for pots that use alias networking and explicit addresses #268

tnalpgge opened this issue Jun 2, 2023 · 0 comments
Labels
feature

Comments

@tnalpgge
Copy link

tnalpgge commented Jun 2, 2023

Is your feature request related to a problem? Please describe.
I am trying to use jails to make a few services appear on the local house network without any more middleboxes or layers of NAT or routing or any of that other stuff. Essentially, assigning IP addresses to services that happen to all be running on the same physical hardware.

Describe the feature you'd like to have
According to the jail(8) manual page, one may provide a netmask as part of the ip4.addr parameter, or a prefix length as part of the ip6.addr parameter. When I try to use the alias network type, I get netmask of 32 bits (IPv4) or prefix length of 128 bits (IPv6) if I only specify the addresses without netmask/prefix length. The pot scripts do not seem to anticipate this and reject attempts to add the netmask or prefix length in the accepted notation, claiming that the supplied address is invalid.

Or in code, I want to do this...assuming that my house network is IPv4-wise 192.0.2.0/24 (TEST-NET-1 from RFC5737) and IPv6-wise 2001:db8:c000:200::/64 (from RFC3849).

pot create -p zark -t single -b 13.2 -N alias \
    -i 2001:db8:c000:200:6c61:6169:3673:a/64 \
    -i 2001:db8:c000:200:6c61:6169:3673:b \
    -i 192.0.2.195/24 \
    -i 192.0.2.196
pot start -p zark

And have it all work out so that all four specified addresses are added as alias to my primary ethernet interface em0, but the two without explicit netmask/prefix work exactly as they do now: the implied netmask/prefix is the entire length of the address.

$ ifconfig em0
em0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=481249b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LRO,WOL_MAGIC,VLAN_HWFILTER,NOMAP>
        ether e0:4f:43:24:15:fd
        inet 192.0.2.252 netmask 0xffffff00 broadcast 192.0.2.255
        inet 192.0.2.195 netmask 0xffffff00 broadcast 192.0.2.255
        inet 192.0.2.196 netmask 0xffffffff broadcast 192.0.2.196
        inet6 fe80::e24f:43ff:fe24:15fd%em0 prefixlen 64 scopeid 0x1
        inet6 2001:db8:c000:200:e24f:43ff:fe24:15fd prefixlen 64 autoconf
        inet6 2001:db8:c000:200:6c61:6169:3673:a prefixlen 64
        inet6 2001:db8:c000:200:6c61:6169:3673:b prefixlen 128
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

Describe potential alternatives or workaround you've considered (if any)
I believe I can implement the feature entirely in shell script, and a pull request may be forthcoming.

I've been looking at several jail management frameworks recently to see which one suits me best, and pot seems to be the front runner, again! 😄
tnalpgge added a commit to tnalpgge/pot that referenced this issue Jun 2, 2023
@tnalpgge
Allow netmask in IPv4 alias address
6ec4d1d 
`jail(8)` manual page states that the `ip4.addr` parameter supports
the format `interface|ip-address/netmask param ...`.  While we can't
really accommodate the `param ...` portion easily with shell scripts,
we can pretty easily deal with the presence or absence of the extra
notation for the netmask.

Part of bsdpot#268
tnalpgge added a commit to tnalpgge/pot that referenced this issue Jun 2, 2023
@tnalpgge
Allow prefix length in IPv6 alias address
a9e0a6d 
`jail(8)` manual page states that the `ip6.addr` parameter supports
the format `interface|ip-address/prefix param ...`.  Same approach to
the problem as the previous commit, with slightly different terminology.

Part of bsdpot#268
tnalpgge added a commit to tnalpgge/pot that referenced this issue Jun 2, 2023
@tnalpgge
Separate address from netmask or prefix length before validation
e7b80eb 
The previous commits will help you start a pot that has been
configured with alias networking and addresses with netmasks or prefix
lengths, but stopping a pot may fail when it tries to remove addresses
from network interfaces.  If the netmask or prefix length is present,
ifconfig(8) won't like it very much when you try to `-alias`
a.k.a. `delete`.  So we parse the recorded addresses yet again in
order to ensure proper cleanup of network addresses.

Fixes bsdpot#268
tnalpgge added a commit to tnalpgge/pot that referenced this issue Jun 2, 2023
@tnalpgge
Update change log for bsdpot#268
6de19b3
tnalpgge added a commit to tnalpgge/pot that referenced this issue Nov 5, 2023
@tnalpgge
Allow netmask in IPv4 alias address
193c41d 
`jail(8)` manual page states that the `ip4.addr` parameter supports
the format `interface|ip-address/netmask param ...`.  While we can't
really accommodate the `param ...` portion easily with shell scripts,
we can pretty easily deal with the presence or absence of the extra
notation for the netmask.

Part of bsdpot#268
tnalpgge added a commit to tnalpgge/pot that referenced this issue Nov 5, 2023
@tnalpgge
Allow prefix length in IPv6 alias address
ce9bdfb 
`jail(8)` manual page states that the `ip6.addr` parameter supports
the format `interface|ip-address/prefix param ...`.  Same approach to
the problem as the previous commit, with slightly different terminology.

Part of bsdpot#268
tnalpgge added a commit to tnalpgge/pot that referenced this issue Nov 5, 2023
@tnalpgge
Separate address from netmask or prefix length before validation
012d70e 
The previous commits will help you start a pot that has been
configured with alias networking and addresses with netmasks or prefix
lengths, but stopping a pot may fail when it tries to remove addresses
from network interfaces.  If the netmask or prefix length is present,
ifconfig(8) won't like it very much when you try to `-alias`
a.k.a. `delete`.  So we parse the recorded addresses yet again in
order to ensure proper cleanup of network addresses.

Fixes bsdpot#268
tnalpgge added a commit to tnalpgge/pot that referenced this issue Nov 5, 2023
@tnalpgge
Update change log for bsdpot#268
29ec030
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tnalpgge