default gw fix - #4306

author: netblue30 <netblue30@protonmail.com> 2021-05-27 11:23:50 -0400
committer: netblue30 <netblue30@protonmail.com> 2021-05-27 11:23:50 -0400
commit: 2baf7deb3041494d8b382150bf03ab643076ba5a (patch)
tree: 362394c2f29fd7c9e2e64f0ef0e3195155899117 /src
parent: remove dophin from firecfg.config (diff)
download: firejail-2baf7deb3041494d8b382150bf03ab643076ba5a.tar.gz
firejail-2baf7deb3041494d8b382150bf03ab643076ba5a.tar.zst
firejail-2baf7deb3041494d8b382150bf03ab643076ba5a.zip
2 files changed, 9 insertions, 5 deletions
diff --git a/src/firejail/arp.c b/src/firejail/arp.c
index 1e9641097..bbab9a6d9 100644
--- a/src/firejail/arp.c
+++ b/src/firejail/arp.c
@@ -277,7 +277,7 @@ static uint32_t arp_random(const char *dev, Bridge *br) {
        int i = 0;
        for (i = 0; i < 10; i++) {
                dest = start + ((uint32_t) rand()) % range;
-                if (dest == ifip)       // do not allow the interface address
+                if (dest == ifip || dest == cfg.defaultgw)      // do not allow the interface address or the default gateway
                        continue;               // try again
                // if we've made it up to here, we have a valid address
@@ -325,7 +325,7 @@ static uint32_t arp_sequential(const char *dev, Bridge *br) {
        // loop through addresses and stop as soon as you find an unused one
        while (dest <= last) {
-                if (dest == ifip) {
+                if (dest == ifip || dest == cfg.defaultgw) {
                        dest++;
                        continue;
                }
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 08f0f32c9..a6bcec02c 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -227,7 +227,7 @@ static void sandbox_if_up(Bridge *br) {
        if (br->arg_ip_none == 1);      // do nothing
        else if (br->arg_ip_none == 0 && br->macvlan == 0) {
                if (br->ipsandbox == br->ip) {
-                        fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address.\n", PRINT_IP(br->ipsandbox), br->dev);
+                        fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address, exiting...\n", PRINT_IP(br->ipsandbox), br->dev);
                        exit(1);
                }
@@ -245,13 +245,17 @@ static void sandbox_if_up(Bridge *br) {
                        br->ipsandbox = arp_assign(dev, br); //br->ip, br->mask);
                else {
                        if (br->ipsandbox == br->ip) {
-                                fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address.\n", PRINT_IP(br->ipsandbox), br->dev);
+                                fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address, exiting...\n", PRINT_IP(br->ipsandbox), br->dev);
+                                exit(1);
+                        }
+                        if (br->ipsandbox == cfg.defaultgw) {
+                                fprintf(stderr, "Error: %d.%d.%d.%d is the default gateway, exiting...\n", PRINT_IP(br->ipsandbox));
                                exit(1);
                        }
                        uint32_t rv = arp_check(dev, br->ipsandbox);
                        if (rv) {
-                                fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use.\n", PRINT_IP(br->ipsandbox));
+                                fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use, exiting...\n", PRINT_IP(br->ipsandbox));
                                exit(1);
                        }
                }
author	netblue30 <netblue30@protonmail.com>	2021-05-27 11:23:50 -0400
committer	netblue30 <netblue30@protonmail.com>	2021-05-27 11:23:50 -0400
commit	2baf7deb3041494d8b382150bf03ab643076ba5a (patch)
tree	362394c2f29fd7c9e2e64f0ef0e3195155899117 /src
parent	remove dophin from firecfg.config (diff)
download	firejail-2baf7deb3041494d8b382150bf03ab643076ba5a.tar.gz firejail-2baf7deb3041494d8b382150bf03ab643076ba5a.tar.zst firejail-2baf7deb3041494d8b382150bf03ab643076ba5a.zip