Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be used in jails e.g. ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100" Before this change using exec.prestart to configure a CARP address would result in the wrong MAC being broadcast on startup as jail creates IP aliases to support ip[4|6].addr before exec.prestart is executed. PR: 191832 Reviewed by: jamie MFC after: 1 week X-MFC-With: r269340 Phabric: D528 Sponsored by: Multiplay
This commit is contained in:
parent
c2641d23e1
commit
b22b6abd34
|
@ -268,7 +268,7 @@ run_command(struct cfjail *j)
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout;
|
int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout;
|
||||||
#if defined(INET) || defined(INET6)
|
#if defined(INET) || defined(INET6)
|
||||||
char *addr;
|
char *addr, *extrap, *p, *val;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
static char *cleanenv;
|
static char *cleanenv;
|
||||||
|
@ -317,16 +317,30 @@ run_command(struct cfjail *j)
|
||||||
switch (comparam) {
|
switch (comparam) {
|
||||||
#ifdef INET
|
#ifdef INET
|
||||||
case IP__IP4_IFADDR:
|
case IP__IP4_IFADDR:
|
||||||
argv = alloca(8 * sizeof(char *));
|
argc = 0;
|
||||||
|
val = alloca(strlen(comstring->s) + 1);
|
||||||
|
strcpy(val, comstring->s);
|
||||||
|
cs = val;
|
||||||
|
extrap = NULL;
|
||||||
|
while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
|
||||||
|
if (extrap == NULL) {
|
||||||
|
*p = '\0';
|
||||||
|
extrap = p + 1;
|
||||||
|
}
|
||||||
|
cs = p + 1;
|
||||||
|
argc++;
|
||||||
|
}
|
||||||
|
|
||||||
|
argv = alloca((8 + argc) * sizeof(char *));
|
||||||
*(const char **)&argv[0] = _PATH_IFCONFIG;
|
*(const char **)&argv[0] = _PATH_IFCONFIG;
|
||||||
if ((cs = strchr(comstring->s, '|'))) {
|
if ((cs = strchr(val, '|'))) {
|
||||||
argv[1] = alloca(cs - comstring->s + 1);
|
argv[1] = alloca(cs - val + 1);
|
||||||
strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
|
strlcpy(argv[1], val, cs - val + 1);
|
||||||
addr = cs + 1;
|
addr = cs + 1;
|
||||||
} else {
|
} else {
|
||||||
*(const char **)&argv[1] =
|
*(const char **)&argv[1] =
|
||||||
string_param(j->intparams[IP_INTERFACE]);
|
string_param(j->intparams[IP_INTERFACE]);
|
||||||
addr = comstring->s;
|
addr = val;
|
||||||
}
|
}
|
||||||
*(const char **)&argv[2] = "inet";
|
*(const char **)&argv[2] = "inet";
|
||||||
if (!(cs = strchr(addr, '/'))) {
|
if (!(cs = strchr(addr, '/'))) {
|
||||||
|
@ -344,6 +358,15 @@ run_command(struct cfjail *j)
|
||||||
argv[3] = addr;
|
argv[3] = addr;
|
||||||
argc = 4;
|
argc = 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!down) {
|
||||||
|
for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
|
||||||
|
size_t len = strlen(cs) + 1;
|
||||||
|
argv[argc] = alloca(len);
|
||||||
|
strlcpy(argv[argc++], cs, len);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
*(const char **)&argv[argc] = down ? "-alias" : "alias";
|
*(const char **)&argv[argc] = down ? "-alias" : "alias";
|
||||||
argv[argc + 1] = NULL;
|
argv[argc + 1] = NULL;
|
||||||
break;
|
break;
|
||||||
|
@ -351,16 +374,30 @@ run_command(struct cfjail *j)
|
||||||
|
|
||||||
#ifdef INET6
|
#ifdef INET6
|
||||||
case IP__IP6_IFADDR:
|
case IP__IP6_IFADDR:
|
||||||
argv = alloca(8 * sizeof(char *));
|
argc = 0;
|
||||||
|
val = alloca(strlen(comstring->s) + 1);
|
||||||
|
strcpy(val, comstring->s);
|
||||||
|
cs = val;
|
||||||
|
extrap = NULL;
|
||||||
|
while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
|
||||||
|
if (extrap == NULL) {
|
||||||
|
*p = '\0';
|
||||||
|
extrap = p + 1;
|
||||||
|
}
|
||||||
|
cs = p + 1;
|
||||||
|
argc++;
|
||||||
|
}
|
||||||
|
|
||||||
|
argv = alloca((8 + argc) * sizeof(char *));
|
||||||
*(const char **)&argv[0] = _PATH_IFCONFIG;
|
*(const char **)&argv[0] = _PATH_IFCONFIG;
|
||||||
if ((cs = strchr(comstring->s, '|'))) {
|
if ((cs = strchr(val, '|'))) {
|
||||||
argv[1] = alloca(cs - comstring->s + 1);
|
argv[1] = alloca(cs - val + 1);
|
||||||
strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
|
strlcpy(argv[1], val, cs - val + 1);
|
||||||
addr = cs + 1;
|
addr = cs + 1;
|
||||||
} else {
|
} else {
|
||||||
*(const char **)&argv[1] =
|
*(const char **)&argv[1] =
|
||||||
string_param(j->intparams[IP_INTERFACE]);
|
string_param(j->intparams[IP_INTERFACE]);
|
||||||
addr = comstring->s;
|
addr = val;
|
||||||
}
|
}
|
||||||
*(const char **)&argv[2] = "inet6";
|
*(const char **)&argv[2] = "inet6";
|
||||||
argv[3] = addr;
|
argv[3] = addr;
|
||||||
|
@ -370,6 +407,15 @@ run_command(struct cfjail *j)
|
||||||
argc = 6;
|
argc = 6;
|
||||||
} else
|
} else
|
||||||
argc = 4;
|
argc = 4;
|
||||||
|
|
||||||
|
if (!down) {
|
||||||
|
for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
|
||||||
|
size_t len = strlen(cs) + 1;
|
||||||
|
argv[argc] = alloca(len);
|
||||||
|
strlcpy(argv[argc++], cs, len);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
*(const char **)&argv[argc] = down ? "-alias" : "alias";
|
*(const char **)&argv[argc] = down ? "-alias" : "alias";
|
||||||
argv[argc + 1] = NULL;
|
argv[argc + 1] = NULL;
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -576,7 +576,9 @@ check_intparams(struct cfjail *j)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* IP addresses may include an interface to set that address on,
|
* IP addresses may include an interface to set that address on,
|
||||||
* and a netmask/suffix for that address.
|
* a netmask/suffix for that address and options for ifconfig.
|
||||||
|
* These are copied to an internal command parameter and then stripped
|
||||||
|
* so they won't be passed on to jailparam_set.
|
||||||
*/
|
*/
|
||||||
defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
|
defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
|
||||||
#ifdef INET
|
#ifdef INET
|
||||||
|
@ -601,6 +603,10 @@ check_intparams(struct cfjail *j)
|
||||||
*cs = '\0';
|
*cs = '\0';
|
||||||
s->len = cs - s->s;
|
s->len = cs - s->s;
|
||||||
}
|
}
|
||||||
|
if ((cs = strchr(s->s, ' ')) != NULL) {
|
||||||
|
*cs = '\0';
|
||||||
|
s->len = cs - s->s;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -625,6 +631,10 @@ check_intparams(struct cfjail *j)
|
||||||
*cs = '\0';
|
*cs = '\0';
|
||||||
s->len = cs - s->s;
|
s->len = cs - s->s;
|
||||||
}
|
}
|
||||||
|
if ((cs = strchr(s->s, ' ')) != NULL) {
|
||||||
|
*cs = '\0';
|
||||||
|
s->len = cs - s->s;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -25,7 +25,7 @@
|
||||||
.\"
|
.\"
|
||||||
.\" $FreeBSD$
|
.\" $FreeBSD$
|
||||||
.\"
|
.\"
|
||||||
.Dd July 10, 2014
|
.Dd August 4, 2014
|
||||||
.Dt JAIL 8
|
.Dt JAIL 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -687,18 +687,24 @@ jail is created, and will be removed from the interface after the
|
||||||
jail is removed.
|
jail is removed.
|
||||||
.It Va ip4.addr
|
.It Va ip4.addr
|
||||||
In addition to the IP addresses that are passed to the kernel, an
|
In addition to the IP addresses that are passed to the kernel, an
|
||||||
interface and/or a netmask may also be specified, in the form
|
interface, netmask and additional paramters (as supported by
|
||||||
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask .
|
.Xr ifconfig 8 Ns )
|
||||||
|
may also be specified, in the form
|
||||||
|
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask param ... .
|
||||||
If an interface is given before the IP address, an alias for the address
|
If an interface is given before the IP address, an alias for the address
|
||||||
will be added to that interface, as it is with the
|
will be added to that interface, as it is with the
|
||||||
.Va interface
|
.Va interface
|
||||||
parameter.
|
parameter.
|
||||||
If a netmask in either dotted-quad or CIDR form is given
|
If a netmask in either dotted-quad or CIDR form is given
|
||||||
after an IP address, it will be used when adding the IP alias.
|
after an IP address, it will be used when adding the IP alias.
|
||||||
|
If additional parameters are specified then they will also be used when
|
||||||
|
adding the IP alias.
|
||||||
.It Va ip6.addr
|
.It Va ip6.addr
|
||||||
In addition to the IP addresses that are passed to the kernel,
|
In addition to the IP addresses that are passed to the kernel,
|
||||||
an interface and/or a prefix may also be specified, in the form
|
an interface, prefix and additional parameters (as supported by
|
||||||
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix .
|
.Xr ifconfig 8 Ns )
|
||||||
|
may also be specified, in the form
|
||||||
|
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... .
|
||||||
.It Va vnet.interface
|
.It Va vnet.interface
|
||||||
A network interface to give to a vnet-enabled jail after is it created.
|
A network interface to give to a vnet-enabled jail after is it created.
|
||||||
The interface will automatically be released when the jail is removed.
|
The interface will automatically be released when the jail is removed.
|
||||||
|
@ -1177,6 +1183,7 @@ environment of the first jail.
|
||||||
.Xr pkill 1 ,
|
.Xr pkill 1 ,
|
||||||
.Xr ps 1 ,
|
.Xr ps 1 ,
|
||||||
.Xr quota 1 ,
|
.Xr quota 1 ,
|
||||||
|
.Xr ifconfig 8 ,
|
||||||
.Xr jail_set 2 ,
|
.Xr jail_set 2 ,
|
||||||
.Xr devfs 5 ,
|
.Xr devfs 5 ,
|
||||||
.Xr fdescfs 5 ,
|
.Xr fdescfs 5 ,
|
||||||
|
|
Loading…
Reference in New Issue