diff options
author | netblue30 <netblue30@protonmail.com> | 2021-05-27 11:23:50 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-05-27 11:23:50 -0400 |
commit | 2baf7deb3041494d8b382150bf03ab643076ba5a (patch) | |
tree | 362394c2f29fd7c9e2e64f0ef0e3195155899117 | |
parent | remove dophin from firecfg.config (diff) | |
download | firejail-2baf7deb3041494d8b382150bf03ab643076ba5a.tar.gz firejail-2baf7deb3041494d8b382150bf03ab643076ba5a.tar.zst firejail-2baf7deb3041494d8b382150bf03ab643076ba5a.zip |
default gw fix - #4306
-rw-r--r-- | src/firejail/arp.c | 4 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 10 |
2 files changed, 9 insertions, 5 deletions
diff --git a/src/firejail/arp.c b/src/firejail/arp.c index 1e9641097..bbab9a6d9 100644 --- a/src/firejail/arp.c +++ b/src/firejail/arp.c | |||
@@ -277,7 +277,7 @@ static uint32_t arp_random(const char *dev, Bridge *br) { | |||
277 | int i = 0; | 277 | int i = 0; |
278 | for (i = 0; i < 10; i++) { | 278 | for (i = 0; i < 10; i++) { |
279 | dest = start + ((uint32_t) rand()) % range; | 279 | dest = start + ((uint32_t) rand()) % range; |
280 | if (dest == ifip) // do not allow the interface address | 280 | if (dest == ifip || dest == cfg.defaultgw) // do not allow the interface address or the default gateway |
281 | continue; // try again | 281 | continue; // try again |
282 | 282 | ||
283 | // if we've made it up to here, we have a valid address | 283 | // if we've made it up to here, we have a valid address |
@@ -325,7 +325,7 @@ static uint32_t arp_sequential(const char *dev, Bridge *br) { | |||
325 | 325 | ||
326 | // loop through addresses and stop as soon as you find an unused one | 326 | // loop through addresses and stop as soon as you find an unused one |
327 | while (dest <= last) { | 327 | while (dest <= last) { |
328 | if (dest == ifip) { | 328 | if (dest == ifip || dest == cfg.defaultgw) { |
329 | dest++; | 329 | dest++; |
330 | continue; | 330 | continue; |
331 | } | 331 | } |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 08f0f32c9..a6bcec02c 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -227,7 +227,7 @@ static void sandbox_if_up(Bridge *br) { | |||
227 | if (br->arg_ip_none == 1); // do nothing | 227 | if (br->arg_ip_none == 1); // do nothing |
228 | else if (br->arg_ip_none == 0 && br->macvlan == 0) { | 228 | else if (br->arg_ip_none == 0 && br->macvlan == 0) { |
229 | if (br->ipsandbox == br->ip) { | 229 | if (br->ipsandbox == br->ip) { |
230 | fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address.\n", PRINT_IP(br->ipsandbox), br->dev); | 230 | fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address, exiting...\n", PRINT_IP(br->ipsandbox), br->dev); |
231 | exit(1); | 231 | exit(1); |
232 | } | 232 | } |
233 | 233 | ||
@@ -245,13 +245,17 @@ static void sandbox_if_up(Bridge *br) { | |||
245 | br->ipsandbox = arp_assign(dev, br); //br->ip, br->mask); | 245 | br->ipsandbox = arp_assign(dev, br); //br->ip, br->mask); |
246 | else { | 246 | else { |
247 | if (br->ipsandbox == br->ip) { | 247 | if (br->ipsandbox == br->ip) { |
248 | fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address.\n", PRINT_IP(br->ipsandbox), br->dev); | 248 | fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address, exiting...\n", PRINT_IP(br->ipsandbox), br->dev); |
249 | exit(1); | ||
250 | } | ||
251 | if (br->ipsandbox == cfg.defaultgw) { | ||
252 | fprintf(stderr, "Error: %d.%d.%d.%d is the default gateway, exiting...\n", PRINT_IP(br->ipsandbox)); | ||
249 | exit(1); | 253 | exit(1); |
250 | } | 254 | } |
251 | 255 | ||
252 | uint32_t rv = arp_check(dev, br->ipsandbox); | 256 | uint32_t rv = arp_check(dev, br->ipsandbox); |
253 | if (rv) { | 257 | if (rv) { |
254 | fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use.\n", PRINT_IP(br->ipsandbox)); | 258 | fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use, exiting...\n", PRINT_IP(br->ipsandbox)); |
255 | exit(1); | 259 | exit(1); |
256 | } | 260 | } |
257 | } | 261 | } |