default gw fix - #4306

src/firejail/arp.c

@@ -277,7 +277,7 @@ static uint32_t arp_random(const char *dev, Bridge *br) {
  int i = 0;
  for (i = 0; i < 10; i++) {
  dest = start + ((uint32_t) rand()) % range;
- if (dest == ifip) // do not allow the interface address
+ if (dest == ifip || dest == cfg.defaultgw) // do not allow the interface address or the default gateway
  continue; // try again
 
  // if we've made it up to here, we have a valid address
@@ -325,7 +325,7 @@ static uint32_t arp_sequential(const char *dev, Bridge *br) {
 
  // loop through addresses and stop as soon as you find an unused one
  while (dest <= last) {
- if (dest == ifip) {
+ if (dest == ifip || dest == cfg.defaultgw) {
  dest++;
  continue;
  }

src/firejail/sandbox.c

@@ -227,7 +227,7 @@ static void sandbox_if_up(Bridge *br) {
  if (br->arg_ip_none == 1); // do nothing
  else if (br->arg_ip_none == 0 && br->macvlan == 0) {
  if (br->ipsandbox == br->ip) {
- fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address.\n", PRINT_IP(br->ipsandbox), br->dev);
+ fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address, exiting...\n", PRINT_IP(br->ipsandbox), br->dev);
  exit(1);
  }
 
@@ -245,13 +245,17 @@ static void sandbox_if_up(Bridge *br) {
  br->ipsandbox = arp_assign(dev, br); //br->ip, br->mask);
  else {
  if (br->ipsandbox == br->ip) {
- fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address.\n", PRINT_IP(br->ipsandbox), br->dev);
+ fprintf(stderr, "Error: %d.%d.%d.%d is interface %s address, exiting...\n", PRINT_IP(br->ipsandbox), br->dev);
+ exit(1);
+ }
+ if (br->ipsandbox == cfg.defaultgw) {
+ fprintf(stderr, "Error: %d.%d.%d.%d is the default gateway, exiting...\n", PRINT_IP(br->ipsandbox));
  exit(1);
  }
 
  uint32_t rv = arp_check(dev, br->ipsandbox);
  if (rv) {
- fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use.\n", PRINT_IP(br->ipsandbox));
+ fprintf(stderr, "Error: the address %d.%d.%d.%d is already in use, exiting...\n", PRINT_IP(br->ipsandbox));
  exit(1);
  }
  }