Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Aug 2014 08:58:36 +0000 (UTC)
From:      Steven Hartland <smh@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r269805 - stable/10/usr.sbin/jail
Message-ID:  <53e885bc.29e9.5339cb6e@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: smh
Date: Mon Aug 11 08:58:35 2014
New Revision: 269805
URL: http://svnweb.freebsd.org/changeset/base/269805

Log:
  MFC r269522
  
  Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
  
  This allows for CARP interfaces to be  used in jails e.g.
  ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"
  
  r269340 will not be MFC'ed as mentioned due to the slim window and the
  amount of additional commits required to support it.
  
  Sponsored by:	Multiplay

Modified:
  stable/10/usr.sbin/jail/command.c
  stable/10/usr.sbin/jail/config.c
  stable/10/usr.sbin/jail/jail.8
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.sbin/jail/command.c
==============================================================================
--- stable/10/usr.sbin/jail/command.c	Mon Aug 11 07:04:08 2014	(r269804)
+++ stable/10/usr.sbin/jail/command.c	Mon Aug 11 08:58:35 2014	(r269805)
@@ -268,7 +268,7 @@ run_command(struct cfjail *j)
 	pid_t pid;
 	int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout;
 #if defined(INET) || defined(INET6)
-	char *addr;
+	char *addr, *extrap, *p, *val;
 #endif
 
 	static char *cleanenv;
@@ -317,16 +317,30 @@ run_command(struct cfjail *j)
 	switch (comparam) {
 #ifdef INET
 	case IP__IP4_IFADDR:
-		argv = alloca(8 * sizeof(char *));
+		argc = 0;
+		val = alloca(strlen(comstring->s) + 1);
+		strcpy(val, comstring->s);
+		cs = val;
+		extrap = NULL;
+		while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
+			if (extrap == NULL) {
+				*p = '\0';
+				extrap = p + 1;
+			}
+			cs = p + 1;
+			argc++;
+		}
+
+		argv = alloca((8 + argc) * sizeof(char *));
 		*(const char **)&argv[0] = _PATH_IFCONFIG;
-		if ((cs = strchr(comstring->s, '|'))) {
-			argv[1] = alloca(cs - comstring->s + 1);
-			strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
+		if ((cs = strchr(val, '|'))) {
+			argv[1] = alloca(cs - val + 1);
+			strlcpy(argv[1], val, cs - val + 1);
 			addr = cs + 1;
 		} else {
 			*(const char **)&argv[1] =
 			    string_param(j->intparams[IP_INTERFACE]);
-			addr = comstring->s;
+			addr = val;
 		}
 		*(const char **)&argv[2] = "inet";
 		if (!(cs = strchr(addr, '/'))) {
@@ -344,6 +358,15 @@ run_command(struct cfjail *j)
 			argv[3] = addr;
 			argc = 4;
 		}
+
+		if (!down) {
+			for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
+				size_t len = strlen(cs) + 1;
+				argv[argc] = alloca(len);
+				strlcpy(argv[argc++], cs, len);
+			}
+		}
+
 		*(const char **)&argv[argc] = down ? "-alias" : "alias";
 		argv[argc + 1] = NULL;
 		break;
@@ -351,16 +374,30 @@ run_command(struct cfjail *j)
 
 #ifdef INET6
 	case IP__IP6_IFADDR:
-		argv = alloca(8 * sizeof(char *));
+		argc = 0;
+		val = alloca(strlen(comstring->s) + 1);
+		strcpy(val, comstring->s);
+		cs = val;
+		extrap = NULL;
+		while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
+			if (extrap == NULL) {
+				*p = '\0';
+				extrap = p + 1;
+			}
+			cs = p + 1;
+			argc++;
+		}
+
+		argv = alloca((8 + argc) * sizeof(char *));
 		*(const char **)&argv[0] = _PATH_IFCONFIG;
-		if ((cs = strchr(comstring->s, '|'))) {
-			argv[1] = alloca(cs - comstring->s + 1);
-			strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
+		if ((cs = strchr(val, '|'))) {
+			argv[1] = alloca(cs - val + 1);
+			strlcpy(argv[1], val, cs - val + 1);
 			addr = cs + 1;
 		} else {
 			*(const char **)&argv[1] =
 			    string_param(j->intparams[IP_INTERFACE]);
-			addr = comstring->s;
+			addr = val;
 		}
 		*(const char **)&argv[2] = "inet6";
 		argv[3] = addr;
@@ -370,6 +407,15 @@ run_command(struct cfjail *j)
 			argc = 6;
 		} else
 			argc = 4;
+
+		if (!down) {
+			for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
+				size_t len = strlen(cs) + 1;
+				argv[argc] = alloca(len);
+				strlcpy(argv[argc++], cs, len);
+			}
+		}
+
 		*(const char **)&argv[argc] = down ? "-alias" : "alias";
 		argv[argc + 1] = NULL;
 		break;	

Modified: stable/10/usr.sbin/jail/config.c
==============================================================================
--- stable/10/usr.sbin/jail/config.c	Mon Aug 11 07:04:08 2014	(r269804)
+++ stable/10/usr.sbin/jail/config.c	Mon Aug 11 08:58:35 2014	(r269805)
@@ -576,7 +576,9 @@ check_intparams(struct cfjail *j)
 
 	/*
 	 * IP addresses may include an interface to set that address on,
-	 * and a netmask/suffix for that address.
+	 * a netmask/suffix for that address and options for ifconfig.
+	 * These are copied to an internal command parameter and then stripped
+	 * so they won't be passed on to jailparam_set.
 	 */
 	defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
 #ifdef INET
@@ -601,6 +603,10 @@ check_intparams(struct cfjail *j)
 				*cs = '\0';
 				s->len = cs - s->s;
 			}
+			if ((cs = strchr(s->s, ' ')) != NULL) {
+				*cs = '\0';
+				s->len = cs - s->s;
+			}
 		}
 	}
 #endif
@@ -625,6 +631,10 @@ check_intparams(struct cfjail *j)
 				*cs = '\0';
 				s->len = cs - s->s;
 			}
+			if ((cs = strchr(s->s, ' ')) != NULL) {
+				*cs = '\0';
+				s->len = cs - s->s;
+			}
 		}
 	}
 #endif

Modified: stable/10/usr.sbin/jail/jail.8
==============================================================================
--- stable/10/usr.sbin/jail/jail.8	Mon Aug 11 07:04:08 2014	(r269804)
+++ stable/10/usr.sbin/jail/jail.8	Mon Aug 11 08:58:35 2014	(r269805)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 12, 2013
+.Dd August 4, 2014
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -684,17 +684,23 @@ prison is created, and will be removed f
 prison is removed.
 .It Va ip4.addr
 In addition to the IP addresses that are passed to the kernel, and
-interface and/or a netmask may also be specified, in the form
-.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask .
+interface, netmask and additional paramters (as supported by
+.Xr ifconfig 8 Ns )
+may also be specified, in the form
+.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask param ... .
 If an interface is given before the IP address, an alias for the address
 will be added to that interface, as it is with the
 .Va interface
 parameter.  If a netmask in either dotted-quad or CIDR form is given
 after IP address, it will be used when adding the IP alias.
+If additional parameters are specified then they will also be used when
+adding the IP alias.
 .It Va ip6.addr
 In addition to the IP addresses that are passed to the kernel,
-and interface and/or a prefix may also be specified, in the form
-.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix .
+an interface, prefix and additional parameters (as supported by
+.Xr ifconfig 8 Ns )
+may also be specified, in the form
+.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... .
 .It Va vnet.interface
 A network interface to give to a vnet-enabled jail after is it created.
 The interface will automatically be returned when the jail is removed.
@@ -1172,6 +1178,7 @@ environment of the first jail.
 .Xr pkill 1 ,
 .Xr ps 1 ,
 .Xr quota 1 ,
+.Xr ifconfig 8 ,
 .Xr jail_set 2 ,
 .Xr devfs 5 ,
 .Xr fdescfs 5 ,



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53e885bc.29e9.5339cb6e>