MFC r269522

Added support for extra ifconfig args to jail ip4.addr & ip6.addr params

This allows for CARP interfaces to be  used in jails e.g.
ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"

r269340 will not be MFC'ed as mentioned due to the slim window and the
amount of additional commits required to support it.

Sponsored by:	Multiplay

3 files changed, 80 insertions, 17 deletions

diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c
index 04a4514..0d1c898 100644
--- a/usr.sbin/jail/command.c
+++ b/usr.sbin/jail/command.c
@@ -268,7 +268,7 @@ run_command(struct cfjail *j)
 	pid_t pid;
 	int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout;
 #if defined(INET) || defined(INET6)
-	char *addr;
+	char *addr, *extrap, *p, *val;
 #endif
 
 	static char *cleanenv;
@@ -317,16 +317,30 @@ run_command(struct cfjail *j)
 	switch (comparam) {
 #ifdef INET
 	case IP__IP4_IFADDR:
-		argv = alloca(8 * sizeof(char *));
+		argc = 0;
+		val = alloca(strlen(comstring->s) + 1);
+		strcpy(val, comstring->s);
+		cs = val;
+		extrap = NULL;
+		while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
+			if (extrap == NULL) {
+				*p = '\0';
+				extrap = p + 1;
+			}
+			cs = p + 1;
+			argc++;
+		}
+
+		argv = alloca((8 + argc) * sizeof(char *));
 		*(const char **)&argv[0] = _PATH_IFCONFIG;
-		if ((cs = strchr(comstring->s, '|'))) {
-			argv[1] = alloca(cs - comstring->s + 1);
-			strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
+		if ((cs = strchr(val, '|'))) {
+			argv[1] = alloca(cs - val + 1);
+			strlcpy(argv[1], val, cs - val + 1);
 			addr = cs + 1;
 		} else {
 			*(const char **)&argv[1] =
 			    string_param(j->intparams[IP_INTERFACE]);
-			addr = comstring->s;
+			addr = val;
 		}
 		*(const char **)&argv[2] = "inet";
 		if (!(cs = strchr(addr, '/'))) {
@@ -344,6 +358,15 @@ run_command(struct cfjail *j)
 			argv[3] = addr;
 			argc = 4;
 		}
+
+		if (!down) {
+			for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
+				size_t len = strlen(cs) + 1;
+				argv[argc] = alloca(len);
+				strlcpy(argv[argc++], cs, len);
+			}
+		}
+
 		*(const char **)&argv[argc] = down ? "-alias" : "alias";
 		argv[argc + 1] = NULL;
 		break;
@@ -351,16 +374,30 @@ run_command(struct cfjail *j)
 
 #ifdef INET6
 	case IP__IP6_IFADDR:
-		argv = alloca(8 * sizeof(char *));
+		argc = 0;
+		val = alloca(strlen(comstring->s) + 1);
+		strcpy(val, comstring->s);
+		cs = val;
+		extrap = NULL;
+		while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
+			if (extrap == NULL) {
+				*p = '\0';
+				extrap = p + 1;
+			}
+			cs = p + 1;
+			argc++;
+		}
+
+		argv = alloca((8 + argc) * sizeof(char *));
 		*(const char **)&argv[0] = _PATH_IFCONFIG;
-		if ((cs = strchr(comstring->s, '|'))) {
-			argv[1] = alloca(cs - comstring->s + 1);
-			strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
+		if ((cs = strchr(val, '|'))) {
+			argv[1] = alloca(cs - val + 1);
+			strlcpy(argv[1], val, cs - val + 1);
 			addr = cs + 1;
 		} else {
 			*(const char **)&argv[1] =
 			    string_param(j->intparams[IP_INTERFACE]);
-			addr = comstring->s;
+			addr = val;
 		}
 		*(const char **)&argv[2] = "inet6";
 		argv[3] = addr;
@@ -370,6 +407,15 @@ run_command(struct cfjail *j)
 			argc = 6;
 		} else
 			argc = 4;
+
+		if (!down) {
+			for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
+				size_t len = strlen(cs) + 1;
+				argv[argc] = alloca(len);
+				strlcpy(argv[argc++], cs, len);
+			}
+		}
+
 		*(const char **)&argv[argc] = down ? "-alias" : "alias";
 		argv[argc + 1] = NULL;
 		break;	
diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c
index 5796708..cd02a50 100644
--- a/usr.sbin/jail/config.c
+++ b/usr.sbin/jail/config.c
@@ -576,7 +576,9 @@ check_intparams(struct cfjail *j)
 
 	/*
 	 * IP addresses may include an interface to set that address on,
-	 * and a netmask/suffix for that address.
+	 * a netmask/suffix for that address and options for ifconfig.
+	 * These are copied to an internal command parameter and then stripped
+	 * so they won't be passed on to jailparam_set.
 	 */
 	defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
 #ifdef INET
@@ -601,6 +603,10 @@ check_intparams(struct cfjail *j)
 				*cs = '\0';
 				s->len = cs - s->s;
 			}
+			if ((cs = strchr(s->s, ' ')) != NULL) {
+				*cs = '\0';
+				s->len = cs - s->s;
+			}
 		}
 	}
 #endif
@@ -625,6 +631,10 @@ check_intparams(struct cfjail *j)
 				*cs = '\0';
 				s->len = cs - s->s;
 			}
+			if ((cs = strchr(s->s, ' ')) != NULL) {
+				*cs = '\0';
+				s->len = cs - s->s;
+			}
 		}
 	}
 #endif
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 4a16e9a..9dd7d26 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 12, 2013
+.Dd August 4, 2014
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -684,17 +684,23 @@ prison is created, and will be removed from the interface after the
 prison is removed.
 .It Va ip4.addr
 In addition to the IP addresses that are passed to the kernel, and
-interface and/or a netmask may also be specified, in the form
-.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask .
+interface, netmask and additional paramters (as supported by
+.Xr ifconfig 8 Ns )
+may also be specified, in the form
+.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask param ... .
 If an interface is given before the IP address, an alias for the address
 will be added to that interface, as it is with the
 .Va interface
 parameter.  If a netmask in either dotted-quad or CIDR form is given
 after IP address, it will be used when adding the IP alias.
+If additional parameters are specified then they will also be used when
+adding the IP alias.
 .It Va ip6.addr
 In addition to the IP addresses that are passed to the kernel,
-and interface and/or a prefix may also be specified, in the form
-.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix .
+an interface, prefix and additional parameters (as supported by
+.Xr ifconfig 8 Ns )
+may also be specified, in the form
+.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... .
 .It Va vnet.interface
 A network interface to give to a vnet-enabled jail after is it created.
 The interface will automatically be returned when the jail is removed.
@@ -1172,6 +1178,7 @@ environment of the first jail.
 .Xr pkill 1 ,
 .Xr ps 1 ,
 .Xr quota 1 ,
+.Xr ifconfig 8 ,
 .Xr jail_set 2 ,
 .Xr devfs 5 ,
 .Xr fdescfs 5 ,