4 files changed, 41 insertions, 8 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index f8094e893..ac3ad7cd8 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -494,5 +494,12 @@ void print_compiletime_support(void) {
                "disabled"
 #endif
                );
+        printf("\t- Wireless interface support is %s\n",
+#ifdef IPVLAN_MODE_L2
+                "enabled"
+#else
+                "disabled"
+#endif
+                );
 }
diff --git a/src/fnet/main.c b/src/fnet/main.c
index 3832cfaef..5be15bc75 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -90,14 +90,38 @@ printf("\n");
        }
        else if (argc == 6 && strcmp(argv[1], "create") == 0 && strcmp(argv[2], "macvlan") == 0) {
                // use ipvlan for wireless devices
-                struct stat s;
+                // ipvlan driver was introduced in Linux kernel 3.19
-                char *fname;
+                // detect both compile time and run time
-                if (asprintf(&fname, "/sys/class/net/%s/wireless", argv[4]) == -1)
+#ifndef IPVLAN_MODE_L2  // compile time
-                        errExit("asprintf");
+                net_create_macvlan(argv[3], argv[4], atoi(argv[5]));
-                if (stat(fname, &s) == 0) // wireless
+#else
-                        net_create_ipvlan(argv[3], argv[4], atoi(argv[5]));
+                // check kernel version
-                else // regular ethernet
+                struct utsname u;
+                int rv = uname(&u);
+                if (rv != 0)
+                        errExit("uname");
+                int major;
+                int minor;
+                if (2 != sscanf(u.release, "%d.%d", &major, &minor)) {
+                        fprintf(stderr, "Error fnet: cannot extract Linux kernel version: %s\n", u.version);
+                        exit(1);
+                }
+                if (arg_debug)
+                        printf("Linux kernel version %d.%d\n", major, minor);
+                if (major <= 3 && minor < 18)
                        net_create_macvlan(argv[3], argv[4], atoi(argv[5]));
+                else {
+                        struct stat s;
+                        char *fname;
+                        if (asprintf(&fname, "/sys/class/net/%s/wireless", argv[4]) == -1)
+                                errExit("asprintf");
+                        if (stat(fname, &s) == 0) // wireless
+                                net_create_ipvlan(argv[3], argv[4], atoi(argv[5]));
+                        else // regular ethernet
+                                net_create_macvlan(argv[3], argv[4], atoi(argv[5]));
+                }
+#endif
        }
        else if (argc == 7 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "interface") == 0) {
                char *dev = argv[3];
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index fb4f3dc31..36362f1c1 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -176,6 +176,7 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) {
        return 0;
 }
+#ifdef IPVLAN_MODE_L2
 int net_create_ipvlan(const char *dev, const char *parent, unsigned pid) {
        int len;
        struct iplink_req req;
@@ -237,7 +238,7 @@ int net_create_ipvlan(const char *dev, const char *parent, unsigned pid) {
        return 0;
 }
+#endif
 // move the interface dev in namespace of program pid
 // when the interface is moved, netlink does not preserve interface configuration
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 7d3cc89d8..aad678aa4 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -795,6 +795,7 @@ IP address and a default gateway will be assigned automatically
 to the sandbox. The IP address is verified using ARP before
 assignment. The address configured as default gateway is the
 default gateway of the host. Up to four \-\-net options can be specified.
+Support for ipvlan driver was introduced in Linux kernel 3.19.
 .br
 .br

diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index f8094e893..ac3ad7cd8 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c
@@ -494,5 +494,12 @@ void print_compiletime_support(void) {
494	"disabled"	494	"disabled"
495	#endif	495	#endif
496	);	496	);
		497	printf("\t- Wireless interface support is %s\n",
		498	#ifdef IPVLAN_MODE_L2
		499	"enabled"
		500	#else
		501	"disabled"
		502	#endif
		503	);
497		504
498	}	505	}


diff --git a/src/fnet/main.c b/src/fnet/main.c index 3832cfaef..5be15bc75 100644 --- a/src/fnet/main.c +++ b/src/fnet/main.c
@@ -90,14 +90,38 @@ printf("\n");
90	}	90	}
91	else if (argc == 6 && strcmp(argv[1], "create") == 0 && strcmp(argv[2], "macvlan") == 0) {	91	else if (argc == 6 && strcmp(argv[1], "create") == 0 && strcmp(argv[2], "macvlan") == 0) {
92	// use ipvlan for wireless devices	92	// use ipvlan for wireless devices
93	struct stat s;	93	// ipvlan driver was introduced in Linux kernel 3.19
94	char *fname;	94	// detect both compile time and run time
95	if (asprintf(&fname, "/sys/class/net/%s/wireless", argv[4]) == -1)	95	#ifndef IPVLAN_MODE_L2 // compile time
96	errExit("asprintf");	96	net_create_macvlan(argv[3], argv[4], atoi(argv[5]));
97	if (stat(fname, &s) == 0) // wireless	97	#else
98	net_create_ipvlan(argv[3], argv[4], atoi(argv[5]));	98	// check kernel version
99	else // regular ethernet	99	struct utsname u;
		100	int rv = uname(&u);
		101	if (rv != 0)
		102	errExit("uname");
		103	int major;
		104	int minor;
		105	if (2 != sscanf(u.release, "%d.%d", &major, &minor)) {
		106	fprintf(stderr, "Error fnet: cannot extract Linux kernel version: %s\n", u.version);
		107	exit(1);
		108	}
		109
		110	if (arg_debug)
		111	printf("Linux kernel version %d.%d\n", major, minor);
		112	if (major <= 3 && minor < 18)
100	net_create_macvlan(argv[3], argv[4], atoi(argv[5]));	113	net_create_macvlan(argv[3], argv[4], atoi(argv[5]));
		114	else {
		115	struct stat s;
		116	char *fname;
		117	if (asprintf(&fname, "/sys/class/net/%s/wireless", argv[4]) == -1)
		118	errExit("asprintf");
		119	if (stat(fname, &s) == 0) // wireless
		120	net_create_ipvlan(argv[3], argv[4], atoi(argv[5]));
		121	else // regular ethernet
		122	net_create_macvlan(argv[3], argv[4], atoi(argv[5]));
		123	}
		124	#endif
101	}	125	}
102	else if (argc == 7 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "interface") == 0) {	126	else if (argc == 7 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "interface") == 0) {
103	char *dev = argv[3];	127	char *dev = argv[3];


diff --git a/src/fnet/veth.c b/src/fnet/veth.c index fb4f3dc31..36362f1c1 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c
@@ -176,6 +176,7 @@ int net_create_macvlan(const char dev, const char parent, unsigned pid) {
176	return 0;	176	return 0;
177	}	177	}
178		178
		179	#ifdef IPVLAN_MODE_L2
179	int net_create_ipvlan(const char dev, const char parent, unsigned pid) {	180	int net_create_ipvlan(const char dev, const char parent, unsigned pid) {
180	int len;	181	int len;
181	struct iplink_req req;	182	struct iplink_req req;
@@ -237,7 +238,7 @@ int net_create_ipvlan(const char dev, const char parent, unsigned pid) {
237		238
238	return 0;	239	return 0;
239	}	240	}
240		241	#endif
241		242
242	// move the interface dev in namespace of program pid	243	// move the interface dev in namespace of program pid
243	// when the interface is moved, netlink does not preserve interface configuration	244	// when the interface is moved, netlink does not preserve interface configuration


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7d3cc89d8..aad678aa4 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -795,6 +795,7 @@ IP address and a default gateway will be assigned automatically
795	to the sandbox. The IP address is verified using ARP before	795	to the sandbox. The IP address is verified using ARP before
796	assignment. The address configured as default gateway is the	796	assignment. The address configured as default gateway is the
797	default gateway of the host. Up to four \-\-net options can be specified.	797	default gateway of the host. Up to four \-\-net options can be specified.
		798	Support for ipvlan driver was introduced in Linux kernel 3.19.
798	.br	799	.br
799		800
800	.br	801	.br