From 6b988b499aaec74318c9430c96ba9868b8a779d7 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sat, 9 Jun 2018 11:09:10 -0400
Subject: wireless support

---
 src/firejail/checkcfg.c |  7 +++++++
 src/fnet/main.c         | 38 +++++++++++++++++++++++++++++++-------
 src/fnet/veth.c         |  3 ++-
 src/man/firejail.txt    |  1 +
 4 files changed, 41 insertions(+), 8 deletions(-)

(limited to 'src')

diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index f8094e893..ac3ad7cd8 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -492,6 +492,13 @@ void print_compiletime_support(void) {
 		"enabled"
 #else
 		"disabled"
+#endif
+		);
+	printf("\t- Wireless interface support is %s\n",
+#ifdef IPVLAN_MODE_L2
+		"enabled"
+#else
+		"disabled"
 #endif
 		);
 
diff --git a/src/fnet/main.c b/src/fnet/main.c
index 3832cfaef..5be15bc75 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -90,14 +90,38 @@ printf("\n");
 	}
 	else if (argc == 6 && strcmp(argv[1], "create") == 0 && strcmp(argv[2], "macvlan") == 0) {
 		// use ipvlan for wireless devices
-		struct stat s;
-		char *fname;
-		if (asprintf(&fname, "/sys/class/net/%s/wireless", argv[4]) == -1)
-			errExit("asprintf");
-		if (stat(fname, &s) == 0) // wireless
-			net_create_ipvlan(argv[3], argv[4], atoi(argv[5]));
-		else // regular ethernet
+		// ipvlan driver was introduced in Linux kernel 3.19
+		// detect both compile time and run time
+#ifndef IPVLAN_MODE_L2	// compile time
+		net_create_macvlan(argv[3], argv[4], atoi(argv[5]));
+#else
+		// check kernel version
+		struct utsname u;
+		int rv = uname(&u);
+		if (rv != 0)
+			errExit("uname");
+		int major;
+		int minor;
+		if (2 != sscanf(u.release, "%d.%d", &major, &minor)) {
+			fprintf(stderr, "Error fnet: cannot extract Linux kernel version: %s\n", u.version);
+			exit(1);
+		}
+
+		if (arg_debug)
+			printf("Linux kernel version %d.%d\n", major, minor);
+		if (major <= 3 && minor < 18)
 			net_create_macvlan(argv[3], argv[4], atoi(argv[5]));
+		else {
+			struct stat s;
+			char *fname;
+			if (asprintf(&fname, "/sys/class/net/%s/wireless", argv[4]) == -1)
+				errExit("asprintf");
+			if (stat(fname, &s) == 0) // wireless
+				net_create_ipvlan(argv[3], argv[4], atoi(argv[5]));
+			else // regular ethernet
+				net_create_macvlan(argv[3], argv[4], atoi(argv[5]));
+		}
+#endif
 	}
 	else if (argc == 7 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "interface") == 0) {
 		char *dev = argv[3];
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index fb4f3dc31..36362f1c1 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -176,6 +176,7 @@ int net_create_macvlan(const char *dev, const char *parent, unsigned pid) {
 	return 0;
 }
 
+#ifdef IPVLAN_MODE_L2
 int net_create_ipvlan(const char *dev, const char *parent, unsigned pid) {
 	int len;
 	struct iplink_req req;
@@ -237,7 +238,7 @@ int net_create_ipvlan(const char *dev, const char *parent, unsigned pid) {
 
 	return 0;
 }
-
+#endif
 
 // move the interface dev in namespace of program pid
 // when the interface is moved, netlink does not preserve interface configuration
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 7d3cc89d8..aad678aa4 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -795,6 +795,7 @@ IP address and a default gateway will be assigned automatically
 to the sandbox. The IP address is verified using ARP before
 assignment. The address configured as default gateway is the
 default gateway of the host. Up to four \-\-net options can be specified.
+Support for ipvlan driver was introduced in Linux kernel 3.19.
 .br
 
 .br
-- 
cgit v1.2.3-54-g00ecf