Index: sys/kern/kern_jail.c =================================================================== --- sys/kern/kern_jail.c +++ sys/kern/kern_jail.c @@ -2889,6 +2889,15 @@ mtx_unlock(&cred->cr_prison->pr_mtx); } +void +getjailname(struct ucred *cred, char *name, size_t len) +{ + + mtx_lock(&cred->cr_prison->pr_mtx); + strlcpy(name, cred->cr_prison->pr_name, len); + mtx_unlock(&cred->cr_prison->pr_mtx); +} + #ifdef VIMAGE /* * Determine whether the prison represented by cred owns Index: sys/net/if_ethersubr.c =================================================================== --- sys/net/if_ethersubr.c +++ sys/net/if_ethersubr.c @@ -1427,19 +1427,29 @@ void ether_gen_addr(struct ifnet *ifp, struct ether_addr *hwaddr) { -#define ETHER_GEN_ADDR_BUFSIZ HOSTUUIDLEN + IFNAMSIZ + 2 SHA1_CTX ctx; - char buf[ETHER_GEN_ADDR_BUFSIZ]; + char *buf; char uuid[HOSTUUIDLEN + 1]; uint64_t addr; int i, sz; char digest[SHA1_RESULTLEN]; + char name[MAXHOSTNAMELEN]; getcredhostuuid(curthread->td_ucred, uuid, sizeof(uuid)); - sz = snprintf(buf, ETHER_GEN_ADDR_BUFSIZ, "%s-%s", uuid, ifp->if_xname); + /* If each (vnet) jail would also have a unique hostuuid this would not + * be necessary. */ + getjailname(curthread->td_ucred, name, sizeof(name)); + sz = asprintf(&buf, M_TEMP, "%s-%s-%s", uuid, ifp->if_xname, name); + if (sz < 0) { + /* Fall back to a random mac address. */ + arc4rand(hwaddr, sizeof(*hwaddr), 0); + return; + } + SHA1Init(&ctx); SHA1Update(&ctx, buf, sz); SHA1Final(digest, &ctx); + free(buf, M_TEMP); addr = ((digest[0] << 16) | (digest[1] << 8) | digest[2]) & OUI_FREEBSD_GENERATED_MASK; Index: sys/sys/jail.h =================================================================== --- sys/sys/jail.h +++ sys/sys/jail.h @@ -382,6 +382,7 @@ void getcreddomainname(struct ucred *, char *, size_t); void getcredhostuuid(struct ucred *, char *, size_t); void getcredhostid(struct ucred *, unsigned long *); +void getjailname(struct ucred *cred, char *name, size_t len); void prison0_init(void); int prison_allow(struct ucred *, unsigned); int prison_check(struct ucred *cred1, struct ucred *cred2);