From owner-freebsd-jail@FreeBSD.ORG Fri Jun 20 14:26:39 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73C561065670 for ; Fri, 20 Jun 2008 14:26:39 +0000 (UTC) (envelope-from ruben@verweg.com) Received: from erg.verweg.com (erg.verweg.com [217.77.141.129]) by mx1.freebsd.org (Postfix) with ESMTP id E6EA18FC0A for ; Fri, 20 Jun 2008 14:26:38 +0000 (UTC) (envelope-from ruben@verweg.com) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verweg.com; s=verweg; t=1213971051; bh=JoWnMu/Y/iaj2rzDbdGDXcTPdqRW4wcIquU+KhluEts=; h=Message-Id:From:To:Content-Type:Mime-Version:Subject:Date:Cc: X-Pgp-Agent:Content-Transfer-Encoding:X-Mailer; b=BNIdOk9lwgqVU6Ro pVLjgWP/r2kr7nX+af02M2T9+RjgUOVSQry9RlBI8D7s/TMzh4ax5oTp46BJlKWJ7Gd xV2Of0eGFB1iyxJ+kA8lsvBg6DOjO0WEmAtQGCZDDHrq1jfFIzXoODk055uLXMXemaU 8kfLY7E4/I2M2pLje+Uz0= Received: from [IPv6:::1] (chimp.ripe.net [193.0.1.199]) (authenticated bits=0) by erg.verweg.com (8.14.2/8.14.2) with ESMTP id m5KEAkOi008719 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 20 Jun 2008 14:10:51 GMT (envelope-from ruben@verweg.com) X-Authentication-Warning: erg.verweg.com: Host chimp.ripe.net [193.0.1.199] claimed to be [IPv6:::1] Message-Id: <78553FE8-BB3A-4AD5-9926-7B095260741D@verweg.com> From: Ruben van Staveren To: peter@pean.org Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Apple-Mail-94--559366149" Mime-Version: 1.0 (Apple Message framework v924) Date: Fri, 20 Jun 2008 16:10:34 +0200 X-Pgp-Agent: GPGMail d52 (v52, Leopard) Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.924) X-Virus-Scanned: ClamAV 0.93/6805/Wed Apr 16 19:57:54 2008 on erg.verweg.com X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (erg.verweg.com [217.77.141.129]); Fri, 20 Jun 2008 14:10:52 +0000 (UTC) Cc: freebsd-jail@freebsd.org Subject: Re: new set of multi-IPv4/v6/noIP jail patches X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2008 14:26:39 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --Apple-Mail-94--559366149 Content-Type: multipart/mixed; boundary=Apple-Mail-93--559366394 --Apple-Mail-93--559366394 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit > Maybe Im stupid, but I cant figure out the syntax in rc.conf for > multiple ips. You might try this patch against /etc/rc.d/jail to help starting multi- IPv4/v6/no-IP jails Just the 1st iteration open issues * add support for no-IP jails * handle ipv6 addresses more cleanly (support notations like 2001:888:1029::10.1.1.1, 2001:888:1029:0:0:0:0:1) this is because you'll get "address not assigned" errors because ifconfig doesn't seem to make the v6 address canonical. This only happens when you stop the jail btw. you'll need to stuff v6 stuff in _ipv6 variables though. --Apple-Mail-93--559366394 Content-Disposition: attachment; filename=rc.d-jail.diff Content-Type: text/x-diff; x-unix-mode=0644; name="rc.d-jail.diff" Content-Transfer-Encoding: 7bit --- /etc/rc.d/jail 2008-06-20 12:48:19.000000000 +0200 +++ /usr/src/etc/rc.d/jail 2008-02-12 22:08:20.000000000 +0100 @@ -39,7 +39,6 @@ _procdir="${_rootdir}/proc" eval _hostname=\"\$jail_${_j}_hostname\" eval _ip=\"\$jail_${_j}_ip\" - eval _ipv6=\"\$jail_${_j}_ipv6\" eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\" eval _exec=\"\$jail_${_j}_exec\" eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\" @@ -93,7 +92,6 @@ debug "$_j mount enable: $_mount" debug "$_j hostname: $_hostname" debug "$_j ip: $_ip" - debug "$_j ipv6: $_ipv6" debug "$_j interface: $_interface" debug "$_j root: $_rootdir" debug "$_j devdir: $_devdir" @@ -297,12 +295,7 @@ continue; fi if [ -n "${_interface}" ]; then - for __ip in ${_ip}; do - ifconfig ${_interface} alias ${__ip} netmask 255.255.255.255 - done - for __ipv6 in ${_ipv6}; do - ifconfig ${_interface} inet6 alias ${__ipv6} prefixlen 128 - done + ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255 fi if checkyesno _mount; then info "Mounting fstab for jail ${_jail} (${_fstab})" @@ -358,7 +351,7 @@ fi _tmp_jail=${_tmp_dir}/jail.$$ eval jail ${_flags} -i ${_rootdir} ${_hostname} \ - $(echo ${_ip} ${_ipv6} | tr ' ' ',') ${_exec_start} > ${_tmp_jail} 2>&1 + ${_ip} ${_exec_start} > ${_tmp_jail} 2>&1 if [ "$?" -eq 0 ] ; then _jail_id=$(head -1 ${_tmp_jail}) @@ -380,12 +373,7 @@ else jail_umount_fs if [ -n "${_interface}" ]; then - for __ip in ${_ip}; do - ifconfig ${_interface} -alias ${_ip} - done - for __ipv6 in ${_ipv6}; do - ifconfig ${_interface} inet6 ${_ipv6} -alias - done + ifconfig ${_interface} -alias ${_ip} fi echo " cannot start jail \"${_jail}\": " tail +2 ${_tmp_jail} @@ -416,12 +404,7 @@ echo -n " $_hostname" fi if [ -n "${_interface}" ]; then - for __ip in ${_ip}; do - ifconfig ${_interface} -alias ${_ip} - done - for __ipv6 in ${_ipv6}; do - ifconfig ${_interface} inet6 ${_ipv6} -alias - done + ifconfig ${_interface} -alias ${_ip} fi rm /var/run/jail_${_jail}.id else --Apple-Mail-93--559366394 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Regards, Ruben --Apple-Mail-93--559366394-- --Apple-Mail-94--559366149 content-type: application/pgp-signature; x-mac-type=70674453; name=PGP.sig content-description: This is a digitally signed message part content-disposition: inline; filename=PGP.sig content-transfer-encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFIW7pgZ88+mcQxRw0RAnAsAJ9fqPTf2McK4Skveus0NeegBE5W/gCfcaf9 K4uA0kMaEp1GXQJB2Qs1NB8= =/WKT -----END PGP SIGNATURE----- --Apple-Mail-94--559366149--