ioc_start.py: allow setting IP address on lo0 (#48)

* ioc_start.py: allow 'none' bridge in interfaces Iocage currently expects interfaces to be specified in the nic:bridge format, where bridge cannot be none. This results in iocage always creating a bridge to which VNET jail epair interfaces are added as members. In a scenario where the user wants jails to be isolated on the data-link layer (OSI layer 2 / Ethernet) and use the host as a router, this bridge is unnecessery. It can also result in illegitimate cross-jail traffic being allowed, since pf filtering on bridge interfaces is disabled by default on FreeBSD systems (net.link.bridge.pfil_bridge=0). Closes #44 * ioc_start.py: allow setting IP address on lo0 Currently, iocage ignores IP addresses given for the loopback interface lo0 that exists by default in a VNET jail. Adding addresses to that interface can be useful, for instance to implement rfc7404 addressing where link-local addresses are used for interconnections, and routable addresses are set on loopback interfaces. This commit enables setting additional addresses on the lo0 interface using the usual ip4_addr or ip6_addr settings. For instance: ip4_addr='lo0|192.168.2.10' Closes #46 --------- Co-authored-by: dgeo <[email protected]>
freebsd · Nov 27, 2024 · 0703fb5 · 0703fb5
1 parent 8f580fa
commit 0703fb5
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 3 deletions.
diff --git a/iocage_lib/ioc_start.py b/iocage_lib/ioc_start.py
@@ -1174,7 +1174,7 @@ def start_network_interface_vnet(
 
                 dhcp = self.get('dhcp')
 
-                ifaces = []
+                ifaces = ['lo0']
 
                 for addrs, gw, ipv6 in net_configs:
                     if (
@@ -1193,7 +1193,7 @@ def start_network_interface_vnet(
                             # They didn't supply an interface, assuming default
                             iface, ip = "vnet0", addr
 
-                        if iface not in nics:
+                        if iface not in nics and iface != 'lo0':
                             continue
 
                         if iface not in ifaces:

diff --git a/tests/functional_tests/0004_start_test.py b/tests/functional_tests/0004_start_test.py
@@ -57,7 +57,8 @@ def test_02_start_rc_jail(invoke_cli, resource_selector):
     for jail in resource_selector.rcjails:
         assert jail.running is True, f'{jail.name} not running'
 
-# TODO: Let's also start jails in a single command to test that out
+# Network-related tests belong here because the code is only executed at jail
+# start time.
 
 @require_root
 @require_zpool
@@ -109,3 +110,30 @@ def test_03_create_and_start_nobridge_vnet_jail(release, jail, invoke_cli):
 
     finally:
         os.remove(path)
+
+
+# TODO: Let's also start jails in a single command to test that out
+
+@require_root
+@require_zpool
+def test_04_vnet_jail_with_loopback_alias(release, jail, invoke_cli):
+    jail = jail('loopback_alias_jail')
+
+    invoke_cli([
+        'create', '-r', release, '-n', jail.name,
+        'boot=on', 'vnet=on', 'defaultrouter=none',
+        f'ip4_addr=lo0|192.168.2.10'
+    ])
+
+    assert jail.exists is True
+    assert jail.running is True
+
+    stdout, stderr = jail.run_command(['ifconfig', 'lo0'])
+    assert bool(stderr) is False, f'Ifconfig returned an error: {stderr}'
+    assert '192.168.2.10' in stdout, (
+        'Could not set address on loopback interface.'
+    )
+
+    invoke_cli([
+        'destroy', jail.name, '-f'
+    ])