Added --macvlan_vs_ma switch to be able to set macvlan's mac-address.
Signed-off-by: Micky Del Favero <micky@BeeCloudy.net>
diff --git a/cmdline.cc b/cmdline.cc
index bcd7ac8..0bd0a24 100644
--- a/cmdline.cc
+++ b/cmdline.cc
@@ -151,6 +151,7 @@
{ { "macvlan_vs_ip", required_argument, NULL, 0x701 }, "IP of the 'vs' interface (e.g. \"192.168.0.1\")" },
{ { "macvlan_vs_nm", required_argument, NULL, 0x702 }, "Netmask of the 'vs' interface (e.g. \"255.255.255.0\")" },
{ { "macvlan_vs_gw", required_argument, NULL, 0x703 }, "Default GW for the 'vs' interface (e.g. \"192.168.0.1\")" },
+ { { "macvlan_vs_ma", required_argument, NULL, 0x705 }, "Mac-address of the 'vs' interface (e.g. \"ba:ad:ba:be:45:00\")" },
};
// clang-format on
@@ -417,6 +418,7 @@
nsjconf->iface_vs_ip = "0.0.0.0";
nsjconf->iface_vs_nm = "255.255.255.0";
nsjconf->iface_vs_gw = "0.0.0.0";
+ nsjconf->iface_vs_ma = "";
nsjconf->orig_uid = getuid();
nsjconf->num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
nsjconf->seccomp_fprog.filter = NULL;
@@ -760,6 +762,9 @@
case 0x704:
nsjconf->ifaces.push_back(optarg);
break;
+ case 0x705:
+ nsjconf->iface_vs_ma = optarg;
+ break;
case 0x801:
nsjconf->cgroup_mem_max = (size_t)strtoull(optarg, NULL, 0);
break;
diff --git a/config.cc b/config.cc
index 3841dc2..0e28b4b 100644
--- a/config.cc
+++ b/config.cc
@@ -262,6 +262,7 @@
nsjconf->iface_vs_ip = njc.macvlan_vs_ip();
nsjconf->iface_vs_nm = njc.macvlan_vs_nm();
nsjconf->iface_vs_gw = njc.macvlan_vs_gw();
+ nsjconf->iface_vs_ma = njc.macvlan_vs_ma();
if (njc.has_exec_bin()) {
nsjconf->exec_file = njc.exec_bin().path();
diff --git a/config.proto b/config.proto
index 129130c..b621f7b 100644
--- a/config.proto
+++ b/config.proto
@@ -234,6 +234,7 @@
optional string macvlan_vs_ip = 73 [default = "192.168.0.2"];
optional string macvlan_vs_nm = 74 [default = "255.255.255.0"];
optional string macvlan_vs_gw = 75 [default = "192.168.0.1"];
+ optional string macvlan_vs_ma = 80 [default = "ba:ad:ba:be:45:00"];
/* Binary path (with arguments) to be executed. If not specified here, it
can be specified with cmd-line as "-- /path/to/command arg1 arg2" */
diff --git a/net.cc b/net.cc
index 880c7fa..7f2c8e6 100644
--- a/net.cc
+++ b/net.cc
@@ -187,13 +187,21 @@
LOG_D("Putting iface:'%s' into namespace of PID:%d (with /sbin/ip)",
nsjconf->iface_vs.c_str(), pid);
- const std::vector<std::string> argv{"/sbin/ip", "link", "add", "link", nsjconf->iface_vs,
- "name", IFACE_NAME, "netns", std::to_string(pid), "type", "macvlan", "mode", "bridge"};
- if (subproc::systemExe(argv, environ) != 0) {
- LOG_E("Couldn't create MACVTAP interface for '%s'", nsjconf->iface_vs.c_str());
- return false;
+ if ( nsjconf->iface_vs_ma != "" ) {
+ const std::vector<std::string> argv{"/sbin/ip", "link", "add", "link", nsjconf->iface_vs,
+ "name", IFACE_NAME, "netns", std::to_string(pid), "address", nsjconf->iface_vs_ma, "type", "macvlan", "mode", "bridge"};
+ if (subproc::systemExe(argv, environ) != 0) {
+ LOG_E("Couldn't create MACVTAP interface for '%s'", nsjconf->iface_vs.c_str());
+ return false;
+ }
+ } else {
+ const std::vector<std::string> argv{"/sbin/ip", "link", "add", "link", nsjconf->iface_vs,
+ "name", IFACE_NAME, "netns", std::to_string(pid), "type", "macvlan", "mode", "bridge"};
+ if (subproc::systemExe(argv, environ) != 0) {
+ LOG_E("Couldn't create MACVTAP interface for '%s'", nsjconf->iface_vs.c_str());
+ return false;
+ }
}
-
return true;
}
#endif // defined(NSJAIL_NL3_WITH_MACVLAN)
diff --git a/nsjail.1 b/nsjail.1
index 6e08ecf..1ef8119 100644
--- a/nsjail.1
+++ b/nsjail.1
@@ -264,6 +264,9 @@
.TP
\fB\-\-macvlan_vs_gw\fR VALUE
Default GW for the 'vs' interface (e.g. "192.168.0.1")
+.TP
+\fB\-\-macvlan_vs_ma\fR VALUE
+Mac-address of the 'vs' interface (e.g. "ba:ad:ba:be:45:00")
\"
.SH Examples
.PP
diff --git a/nsjail.h b/nsjail.h
index ee95fcc..1f8efb9 100644
--- a/nsjail.h
+++ b/nsjail.h
@@ -125,6 +125,7 @@
std::string iface_vs_ip;
std::string iface_vs_nm;
std::string iface_vs_gw;
+ std::string iface_vs_ma;
std::string cgroup_mem_mount;
std::string cgroup_mem_parent;
size_t cgroup_mem_max;
