[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] "Locally configured IP" check in ezjail-admin is not 100% reliable

Hello list,

The check in ezjail-admin to see if an IP is locally configured
when creating a jail is not 100% reliable. It uses the ping
command with a ttl of 1 to ping the IP and assumes that if
it gets a ping reply, the IP is locally configured.

This assumption is incorrect, as TTL is only decreased when
crossing a layer 3 router. The problem is that if the IP is not
locally configured but still active on another host
on the same subnet, the ping will still get a reply.

The patch below changes ezjail-admin to parse the
output of ifconfig instead of using ping to determine if an
ip address is locally configured. This will also work even if a
firewall is blocking pings to the IP address in question.

Best regards,

Thomas Steen Rasmussen

$ diff -u /usr/local/bin/ezjail-admin.orig /usr/local/bin/ezjail-admin
--- /usr/local/bin/ezjail-admin.orig    2012-01-14 18:35:49.484083441 +0100
+++ /usr/local/bin/ezjail-admin 2012-01-14 18:42:31.820257339 +0100
@@ -708,7 +708,7 @@
   TIFS=${IFS}; IFS=,
   for ezjail_ip in ${ezjail_ips}; do
     # check, whether IP is configured on a local interface, warn if it isnt
-    ping -c 1 -m 1 -t 1 -q ${ezjail_ip} > /dev/null
+    ifconfig -a -u | grep "    inet" | cut -d " " -f 2 | cut -d "%" -f
1 | grep -q "^${ezjail_ip}$"
     [ $? -eq 0 ] || echo "Warning: IP ${ezjail_ip} not configured on a
local interface."
     # check, whether some host system services do listen on the Jails IP

ps. in case it gets lost in transmission, the whitespace before
the word "inet" is supposed to be a tab character, not spaces.