ifconfig epair limits

toddg · 2026-04-23T19:28:22+0100

Overview

When creating epairs:

Code:

ifconfig epair[N][a|b] create up

N is limited to 9999. I'd like this number to be larger, ideally, 2^24.

Discussion

Here's my use case:
I've created an application stack on my host and divided the ipv4 network up like this:

Code:

[A].[B].[C].[D]

A: static, always 10
B: a value of either global, dev, stage, or prod
C: a component type (foo, bar, baz, etc.)
D: instance (actual running jail instance)

I have written automation to create a bunch of jails, and the jails are named: (B)_(C)_(D) like this:
* global_host_lb_10.0.0.2
* dev_bicycle_10.1.2.3

I was hoping to extend my naming scheme to the epairs that are created for the jails, like this:

Code:

epair10.1.2.3a and epair10.1.2.3b

This would be cool, as I could map ip address directly to the epair id (N) and life would be easy.
However, this isn't supported. From my testing, N must be a number between 0 and 9999.

epair

man.freebsd.org

So in my case, if I squint my eyes, I can compress things a bit:

Code:

[A].[B].[C].[D]

A: 10, static, requires:  zero bits
B: limit environments to 4 values, requires: 2^2 bits
C: limit components to 8 values, requires: 2^3 bits
D: no easy way to limit this, so one of 255 values, requires: 2^8 bits

That's a total of 2^13 bits -> 0 to 8192. So I can just barely squeeze my app stack into the limits here. Note: I'll never create this many epairs... it'll be fairly sparse, so only a few hundred epairs will ever be created on a single host.

But if I want more component types in C, then my input domain expands, and I'll need an output range > 0 to 9999... as mentioned, 2^24 would be ideal.

Hopefully Bjoern A. Zeeb (epair author) will see this.

Alternatively, if someone has a great idea for how I can perform this sort of sparse mapping, I'm all ears.

-ToddG

Emrion · 2026-04-23T20:39:07+0100

toddg said:
N is limited to 9999. I'd like this number to be larger, ideally, 2^24.

Seriously? And what about ipv6 or ipv8? How many bits will you need?

Ok, joke apart, you can rename an interface.

 ifconfig epair0 create

ifconfig epair0a name epair10.1.2.3a

ifconfig epair0b name epair10.1.2.3b

toddg said:
Hopefully Bjoern A. Zeeb (epair author) will see this.

This is not a dev forum, even if some of the developers come from time to time.

toddg · 2026-04-23T21:12:46+0100

Emrion Thank you! You saved the day!

toddg · 2026-04-23T22:20:36+0100

Emrion It seems that renaming the interface does not deeply rename the object, it's still named with the original name somewhere, such that you cannot create two of them.

Code:

ifconfig epair0 create
ifconfig epair0a name epair10.1.2.3a
ifconfig epair0b name epair10.1.2.3b

# now try this a second time for a different ip address, such as 10.4.5.6...

ifconfig epair0 create
ifconfig: interface epair0 already exists

If I destroy epair10.1.2.3a then I can create a new epair0...

The rename get's me most of the way there. I guess I could write some code to just keep trying to create an interface with an incrementing number.

victort · 2026-04-23T22:24:49+0100

You can do myepair=$(ifconfig epair create) && ifconfig ${myepair} name my_a_epair && ifconfig ${epair0%a}b name my_b_epair

This will create epairs incrementally and then name a and b to your respective values.

You don’t have to give a value with epair. If you leave it out, it just increments.

toddg · 2026-04-23T22:28:54+0100

victort Oh great! I'll do that. Thank you.

toddg · 2026-04-23T22:47:52+0100

victort could you explain what this is doing?

${epair0%a}b

atax1a · 2026-04-23T22:51:50+0100

i think he meant ${myepair%a} — it's a shell feature to expand a variable but trim a suffix:

Code:

$ pear="epair420a"
$ echo ${pear%a}
epair420

toddg · 2026-04-23T22:59:26+0100

atax1a

Ok, cool, thx! I just found out about `%?` which pulls a single character off the end, too. Which reminds me, what are some good sites / books to really learn all the tricks of `/bin/sh` ?

Code:

myepair=$(ifconfig epair create)
echo "renaming $myepair to be epair${ipaddr}a and epair${ipaddr}b"
ifconfig ${myepair} name epair${ipaddr}a
ifconfig ${myepair%?}b name epair${ipaddr}b

toddg · 2026-04-23T23:10:24+0100

One other thing...

When I try and put this code inside the /etc/jail.conf file and run a `service jail start [some jail name]` then I get a list of errors:

Code:

exec.prestart   += "/bin/sh -c \"myepair=$(ifconfig epair create) && ifconfig epair ${myepair} name epair${ipaddr}a &&  ifconfig epair ${myepair%a}b name epair${ipaddr}b\"";
# or this
exec.prestart   += "myepair=$(ifconfig epair create) && ifconfig epair ${myepair} name epair${ipaddr}a &&  ifconfig epair ${myepair%a}b name epair${ipaddr}b";

So, one service running

Code:

toddg@fbsdhost4:~ $ jls
   JID  IP Address      Hostname                      Path
     7                  global_host_lb_10_0_0_2.jail  /jails/containers/global_host_lb_10_0_0_2

Either of the above exec.prestart stanzas results in output like this:

Code:

toddg@fbsdhost4:~ $ sudo service jail stop 7
Stopping jails: 7jail: dev_dev_gws_db_10_1_1_2: exec.prestart: variable "myepair" not found
jail: dev_dev_gws_db_10_1_1_2: exec.prestart: variable "myepair%a" not found
jail: dev_dev_gws_tile_10_1_2_2: exec.prestart: variable "myepair" not found
jail: dev_dev_gws_tile_10_1_2_2: exec.prestart: variable "myepair%a" not found
jail: dev_dev_gws_web_10_1_3_2: exec.prestart: variable "myepair" not found
jail: dev_dev_gws_web_10_1_3_2: exec.prestart: variable "myepair%a" not found
jail: global_host_lb_10_0_0_2: exec.prestart: variable "myepair" not found
jail: global_host_lb_10_0_0_2: exec.prestart: variable "myepair%a" not found
...

But if I replace that line in /etc/jail.conf with a shell command, things work:

Code:

exec.prestart   += "/bin/sh /create_epair.sh ${ipaddr}";

The shell command is the same code as in the oneline

Code:

#!/bin/sh

ipaddr=$1

myepair=$(ifconfig epair create)
ifconfig ${myepair} name epair${ipaddr}a
ifconfig ${myepair%?}b name epair${ipaddr}b

Here's my entire /etc/jail.conf and a sample jail config for reference:

Code:

# vim: set syntax=sh:

$j              = "/jails";
path            = "${j}/containers/${name}";
host.hostname   = "${name}.jail";

exec.start      = "/bin/sh /etc/rc";
exec.stop       = "/bin/sh /etc/rc.shutdown";

exec.clean;
mount.devfs;
devfs_ruleset=5;
exec.timeout=90;
stop.timeout=90;
allow.mount.nullfs;

# Notes: gateway and ipaddr defined in the actual jail configuration files

$mask           =  "28";
vnet;
vnet.interface  =  "epair${ipaddr}b";

exec.prestart   =  "logger jail:prestart: trying to start jail ${name}...";

#exec.prestart   += "ifconfig epair0 create";
#exec.prestart   += "/bin/sh /create_epair.sh ${ipaddr}";
#exec.prestart   += "/bin/sh -c \"myepair=$(ifconfig epair create) && ifconfig epair ${myepair} name epair${ipaddr}a &&  ifconfig epair ${myepair%a}b name epair${ipaddr}b\"";
exec.prestart   += "myepair=$(ifconfig epair create) && ifconfig epair ${myepair} name epair${ipaddr}a &&  ifconfig epair ${myepair%a}b name epair${ipaddr}b";
#exec.prestart   += "ifconfig epaira name epair${ipaddr}a";
#exec.prestart   += "ifconfig epair0b name epair${ipaddr}b";
#exec.prestart   += "ifconfig epair${ipaddr} up";
exec.prestart   += "ifconfig epair${ipaddr}a up descr vnet-${name}";
exec.prestart   += "ifconfig bridge0 addm epair${ipaddr}a up";

exec.start      =  "/sbin/ifconfig lo0 127.0.0.1 up";
exec.start      += "/sbin/ifconfig epair${ipaddr}b ${ipaddr} netmask ${mask} up";
exec.start      += "/sbin/route add default ${gw}";
exec.start      += "/bin/sh /etc/rc";

exec.poststart  =  "logger jail:poststart: jail ${name} has started";

exec.prestop    =  "logger jail:prestop: shutting down jail ${name}";
exec.prestop    += "ifconfig epair${ipaddr}b -vnet ${name}";

exec.poststop   =  "logger jail:poststop: jail ${name} has shut down";
exec.poststop   += "ifconfig bridge0 deletem epair${ipaddr}a";
exec.poststop   += "ifconfig epair${ipaddr}a destroy";

exec.consolelog="/var/log/jail-${name}.log";

# include all the jail files
.include "/etc/jail.conf.d/*.jail";

persist;

and a jail file

Code:

toddg@fbsdhost4:~ $ cat /etc/jail.conf.d/global_host_lb_10_0_0_2.jail
global_host_lb_10_0_0_2 {
    # ----------------------------------------
    # networking
    # ----------------------------------------
    $ipaddr =  "10.0.0.2";
    $gw     =  "10.0.0.1";
}

victort · 2026-04-23T23:17:14+0100

You can do myepair=$(ifconfig epair create) && ifconfig ${myepair} name myaepair and ifconfig ${epair0%a}b name mybepair

This will create epairs incrementally and then name a and b to your respective values.

toddg said:
victort could you explain what this is doing?

${epair0%a}b

What this actually does is strip the “a” and replaces it with “b” for the b side of the epair.

As for putting it in the jail.conf, see line 454 of the Bastille code. It needs some slashes to escape the $ etc…

https://github.com/BastilleBSD/bastille/blob/master/usr/local/share/bastille/common.sh