diff options
author | smh <smh@FreeBSD.org> | 2014-08-11 08:58:35 +0000 |
---|---|---|
committer | smh <smh@FreeBSD.org> | 2014-08-11 08:58:35 +0000 |
commit | ffdde8cca2df0bfc380bac235a6db29f0e6269e5 (patch) | |
tree | e1d68b3c2a49a5c5c30d4472017bfcab1e688477 /usr.sbin/jail/command.c | |
parent | dbecd3b0d9a4d78230faccf83198b48e4945cfdc (diff) | |
download | FreeBSD-src-ffdde8cca2df0bfc380bac235a6db29f0e6269e5.zip FreeBSD-src-ffdde8cca2df0bfc380bac235a6db29f0e6269e5.tar.gz |
MFC r269522
Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be used in jails e.g.
ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"
r269340 will not be MFC'ed as mentioned due to the slim window and the
amount of additional commits required to support it.
Sponsored by: Multiplay
Diffstat (limited to 'usr.sbin/jail/command.c')
-rw-r--r-- | usr.sbin/jail/command.c | 68 |
1 files changed, 57 insertions, 11 deletions
diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c index 04a4514..0d1c898 100644 --- a/usr.sbin/jail/command.c +++ b/usr.sbin/jail/command.c @@ -268,7 +268,7 @@ run_command(struct cfjail *j) pid_t pid; int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout; #if defined(INET) || defined(INET6) - char *addr; + char *addr, *extrap, *p, *val; #endif static char *cleanenv; @@ -317,16 +317,30 @@ run_command(struct cfjail *j) switch (comparam) { #ifdef INET case IP__IP4_IFADDR: - argv = alloca(8 * sizeof(char *)); + argc = 0; + val = alloca(strlen(comstring->s) + 1); + strcpy(val, comstring->s); + cs = val; + extrap = NULL; + while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) { + if (extrap == NULL) { + *p = '\0'; + extrap = p + 1; + } + cs = p + 1; + argc++; + } + + argv = alloca((8 + argc) * sizeof(char *)); *(const char **)&argv[0] = _PATH_IFCONFIG; - if ((cs = strchr(comstring->s, '|'))) { - argv[1] = alloca(cs - comstring->s + 1); - strlcpy(argv[1], comstring->s, cs - comstring->s + 1); + if ((cs = strchr(val, '|'))) { + argv[1] = alloca(cs - val + 1); + strlcpy(argv[1], val, cs - val + 1); addr = cs + 1; } else { *(const char **)&argv[1] = string_param(j->intparams[IP_INTERFACE]); - addr = comstring->s; + addr = val; } *(const char **)&argv[2] = "inet"; if (!(cs = strchr(addr, '/'))) { @@ -344,6 +358,15 @@ run_command(struct cfjail *j) argv[3] = addr; argc = 4; } + + if (!down) { + for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) { + size_t len = strlen(cs) + 1; + argv[argc] = alloca(len); + strlcpy(argv[argc++], cs, len); + } + } + *(const char **)&argv[argc] = down ? "-alias" : "alias"; argv[argc + 1] = NULL; break; @@ -351,16 +374,30 @@ run_command(struct cfjail *j) #ifdef INET6 case IP__IP6_IFADDR: - argv = alloca(8 * sizeof(char *)); + argc = 0; + val = alloca(strlen(comstring->s) + 1); + strcpy(val, comstring->s); + cs = val; + extrap = NULL; + while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) { + if (extrap == NULL) { + *p = '\0'; + extrap = p + 1; + } + cs = p + 1; + argc++; + } + + argv = alloca((8 + argc) * sizeof(char *)); *(const char **)&argv[0] = _PATH_IFCONFIG; - if ((cs = strchr(comstring->s, '|'))) { - argv[1] = alloca(cs - comstring->s + 1); - strlcpy(argv[1], comstring->s, cs - comstring->s + 1); + if ((cs = strchr(val, '|'))) { + argv[1] = alloca(cs - val + 1); + strlcpy(argv[1], val, cs - val + 1); addr = cs + 1; } else { *(const char **)&argv[1] = string_param(j->intparams[IP_INTERFACE]); - addr = comstring->s; + addr = val; } *(const char **)&argv[2] = "inet6"; argv[3] = addr; @@ -370,6 +407,15 @@ run_command(struct cfjail *j) argc = 6; } else argc = 4; + + if (!down) { + for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) { + size_t len = strlen(cs) + 1; + argv[argc] = alloca(len); + strlcpy(argv[argc++], cs, len); + } + } + *(const char **)&argv[argc] = down ? "-alias" : "alias"; argv[argc + 1] = NULL; break; |