Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be used in jails e.g. ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100" Before this change using exec.prestart to configure a CARP address would result in the wrong MAC being broadcast on startup as jail creates IP aliases to support ip[4|6].addr before exec.prestart is executed. PR: 191832 Reviewed by: jamie MFC after: 1 week X-MFC-With: r269340 Phabric: D528 Sponsored by: Multiplay
This commit is contained in:
parent
c2641d23e1
commit
b22b6abd34
|
@ -268,7 +268,7 @@ run_command(struct cfjail *j)
|
|||
pid_t pid;
|
||||
int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout;
|
||||
#if defined(INET) || defined(INET6)
|
||||
char *addr;
|
||||
char *addr, *extrap, *p, *val;
|
||||
#endif
|
||||
|
||||
static char *cleanenv;
|
||||
|
@ -317,16 +317,30 @@ run_command(struct cfjail *j)
|
|||
switch (comparam) {
|
||||
#ifdef INET
|
||||
case IP__IP4_IFADDR:
|
||||
argv = alloca(8 * sizeof(char *));
|
||||
argc = 0;
|
||||
val = alloca(strlen(comstring->s) + 1);
|
||||
strcpy(val, comstring->s);
|
||||
cs = val;
|
||||
extrap = NULL;
|
||||
while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
|
||||
if (extrap == NULL) {
|
||||
*p = '\0';
|
||||
extrap = p + 1;
|
||||
}
|
||||
cs = p + 1;
|
||||
argc++;
|
||||
}
|
||||
|
||||
argv = alloca((8 + argc) * sizeof(char *));
|
||||
*(const char **)&argv[0] = _PATH_IFCONFIG;
|
||||
if ((cs = strchr(comstring->s, '|'))) {
|
||||
argv[1] = alloca(cs - comstring->s + 1);
|
||||
strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
|
||||
if ((cs = strchr(val, '|'))) {
|
||||
argv[1] = alloca(cs - val + 1);
|
||||
strlcpy(argv[1], val, cs - val + 1);
|
||||
addr = cs + 1;
|
||||
} else {
|
||||
*(const char **)&argv[1] =
|
||||
string_param(j->intparams[IP_INTERFACE]);
|
||||
addr = comstring->s;
|
||||
addr = val;
|
||||
}
|
||||
*(const char **)&argv[2] = "inet";
|
||||
if (!(cs = strchr(addr, '/'))) {
|
||||
|
@ -344,6 +358,15 @@ run_command(struct cfjail *j)
|
|||
argv[3] = addr;
|
||||
argc = 4;
|
||||
}
|
||||
|
||||
if (!down) {
|
||||
for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
|
||||
size_t len = strlen(cs) + 1;
|
||||
argv[argc] = alloca(len);
|
||||
strlcpy(argv[argc++], cs, len);
|
||||
}
|
||||
}
|
||||
|
||||
*(const char **)&argv[argc] = down ? "-alias" : "alias";
|
||||
argv[argc + 1] = NULL;
|
||||
break;
|
||||
|
@ -351,16 +374,30 @@ run_command(struct cfjail *j)
|
|||
|
||||
#ifdef INET6
|
||||
case IP__IP6_IFADDR:
|
||||
argv = alloca(8 * sizeof(char *));
|
||||
argc = 0;
|
||||
val = alloca(strlen(comstring->s) + 1);
|
||||
strcpy(val, comstring->s);
|
||||
cs = val;
|
||||
extrap = NULL;
|
||||
while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
|
||||
if (extrap == NULL) {
|
||||
*p = '\0';
|
||||
extrap = p + 1;
|
||||
}
|
||||
cs = p + 1;
|
||||
argc++;
|
||||
}
|
||||
|
||||
argv = alloca((8 + argc) * sizeof(char *));
|
||||
*(const char **)&argv[0] = _PATH_IFCONFIG;
|
||||
if ((cs = strchr(comstring->s, '|'))) {
|
||||
argv[1] = alloca(cs - comstring->s + 1);
|
||||
strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
|
||||
if ((cs = strchr(val, '|'))) {
|
||||
argv[1] = alloca(cs - val + 1);
|
||||
strlcpy(argv[1], val, cs - val + 1);
|
||||
addr = cs + 1;
|
||||
} else {
|
||||
*(const char **)&argv[1] =
|
||||
string_param(j->intparams[IP_INTERFACE]);
|
||||
addr = comstring->s;
|
||||
addr = val;
|
||||
}
|
||||
*(const char **)&argv[2] = "inet6";
|
||||
argv[3] = addr;
|
||||
|
@ -370,6 +407,15 @@ run_command(struct cfjail *j)
|
|||
argc = 6;
|
||||
} else
|
||||
argc = 4;
|
||||
|
||||
if (!down) {
|
||||
for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
|
||||
size_t len = strlen(cs) + 1;
|
||||
argv[argc] = alloca(len);
|
||||
strlcpy(argv[argc++], cs, len);
|
||||
}
|
||||
}
|
||||
|
||||
*(const char **)&argv[argc] = down ? "-alias" : "alias";
|
||||
argv[argc + 1] = NULL;
|
||||
break;
|
||||
|
|
|
@ -576,7 +576,9 @@ check_intparams(struct cfjail *j)
|
|||
|
||||
/*
|
||||
* IP addresses may include an interface to set that address on,
|
||||
* and a netmask/suffix for that address.
|
||||
* a netmask/suffix for that address and options for ifconfig.
|
||||
* These are copied to an internal command parameter and then stripped
|
||||
* so they won't be passed on to jailparam_set.
|
||||
*/
|
||||
defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
|
||||
#ifdef INET
|
||||
|
@ -601,6 +603,10 @@ check_intparams(struct cfjail *j)
|
|||
*cs = '\0';
|
||||
s->len = cs - s->s;
|
||||
}
|
||||
if ((cs = strchr(s->s, ' ')) != NULL) {
|
||||
*cs = '\0';
|
||||
s->len = cs - s->s;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -625,6 +631,10 @@ check_intparams(struct cfjail *j)
|
|||
*cs = '\0';
|
||||
s->len = cs - s->s;
|
||||
}
|
||||
if ((cs = strchr(s->s, ' ')) != NULL) {
|
||||
*cs = '\0';
|
||||
s->len = cs - s->s;
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd July 10, 2014
|
||||
.Dd August 4, 2014
|
||||
.Dt JAIL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -687,18 +687,24 @@ jail is created, and will be removed from the interface after the
|
|||
jail is removed.
|
||||
.It Va ip4.addr
|
||||
In addition to the IP addresses that are passed to the kernel, an
|
||||
interface and/or a netmask may also be specified, in the form
|
||||
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask .
|
||||
interface, netmask and additional paramters (as supported by
|
||||
.Xr ifconfig 8 Ns )
|
||||
may also be specified, in the form
|
||||
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask param ... .
|
||||
If an interface is given before the IP address, an alias for the address
|
||||
will be added to that interface, as it is with the
|
||||
.Va interface
|
||||
parameter.
|
||||
If a netmask in either dotted-quad or CIDR form is given
|
||||
after an IP address, it will be used when adding the IP alias.
|
||||
If additional parameters are specified then they will also be used when
|
||||
adding the IP alias.
|
||||
.It Va ip6.addr
|
||||
In addition to the IP addresses that are passed to the kernel,
|
||||
an interface and/or a prefix may also be specified, in the form
|
||||
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix .
|
||||
an interface, prefix and additional parameters (as supported by
|
||||
.Xr ifconfig 8 Ns )
|
||||
may also be specified, in the form
|
||||
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... .
|
||||
.It Va vnet.interface
|
||||
A network interface to give to a vnet-enabled jail after is it created.
|
||||
The interface will automatically be released when the jail is removed.
|
||||
|
@ -1177,6 +1183,7 @@ environment of the first jail.
|
|||
.Xr pkill 1 ,
|
||||
.Xr ps 1 ,
|
||||
.Xr quota 1 ,
|
||||
.Xr ifconfig 8 ,
|
||||
.Xr jail_set 2 ,
|
||||
.Xr devfs 5 ,
|
||||
.Xr fdescfs 5 ,
|
||||
|
|
Loading…
Reference in New Issue