From owner-svn-src-stable-10@FreeBSD.ORG  Mon Aug 11 08:58:36 2014
Return-Path: <owner-svn-src-stable-10@FreeBSD.ORG>
Delivered-To: svn-src-stable-10@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A1834E09
 for <svn-src-stable-10@freebsd.org>; Mon, 11 Aug 2014 08:58:36 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 8FBA3256B
 for <svn-src-stable-10@freebsd.org>; Mon, 11 Aug 2014 08:58:36 +0000 (UTC)
Received: from smh (uid 1306) (envelope-from smh@FreeBSD.org) id 29e9
 by svn.freebsd.org (DragonFly Mail Agent v0.9+);
 Mon, 11 Aug 2014 08:58:36 +0000
From: Steven Hartland <smh@FreeBSD.org>
Date: Mon, 11 Aug 2014 08:58:36 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject: svn commit: r269805 - stable/10/usr.sbin/jail
X-SVN-Group: stable-10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Message-Id: <53e885bc.29e9.5339cb6e@svn.freebsd.org>
X-BeenThere: svn-src-stable-10@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: SVN commit messages for only the 10-stable src tree
 <svn-src-stable-10.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable-10>, 
 <mailto:svn-src-stable-10-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-10/>
List-Post: <mailto:svn-src-stable-10@freebsd.org>
List-Help: <mailto:svn-src-stable-10-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10>, 
 <mailto:svn-src-stable-10-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Aug 2014 08:58:36 -0000

Author: smh
Date: Mon Aug 11 08:58:35 2014
New Revision: 269805
URL: http://svnweb.freebsd.org/changeset/base/269805

Log:
  MFC r269522
  
  Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
  
  This allows for CARP interfaces to be  used in jails e.g.
  ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"
  
  r269340 will not be MFC'ed as mentioned due to the slim window and the
  amount of additional commits required to support it.
  
  Sponsored by:	Multiplay

Modified:
  stable/10/usr.sbin/jail/command.c
  stable/10/usr.sbin/jail/config.c
  stable/10/usr.sbin/jail/jail.8
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/usr.sbin/jail/command.c
==============================================================================
--- stable/10/usr.sbin/jail/command.c	Mon Aug 11 07:04:08 2014	(r269804)
+++ stable/10/usr.sbin/jail/command.c	Mon Aug 11 08:58:35 2014	(r269805)
@@ -268,7 +268,7 @@ run_command(struct cfjail *j)
 	pid_t pid;
 	int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout;
 #if defined(INET) || defined(INET6)
-	char *addr;
+	char *addr, *extrap, *p, *val;
 #endif
 
 	static char *cleanenv;
@@ -317,16 +317,30 @@ run_command(struct cfjail *j)
 	switch (comparam) {
 #ifdef INET
 	case IP__IP4_IFADDR:
-		argv = alloca(8 * sizeof(char *));
+		argc = 0;
+		val = alloca(strlen(comstring->s) + 1);
+		strcpy(val, comstring->s);
+		cs = val;
+		extrap = NULL;
+		while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
+			if (extrap == NULL) {
+				*p = '\0';
+				extrap = p + 1;
+			}
+			cs = p + 1;
+			argc++;
+		}
+
+		argv = alloca((8 + argc) * sizeof(char *));
 		*(const char **)&argv[0] = _PATH_IFCONFIG;
-		if ((cs = strchr(comstring->s, '|'))) {
-			argv[1] = alloca(cs - comstring->s + 1);
-			strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
+		if ((cs = strchr(val, '|'))) {
+			argv[1] = alloca(cs - val + 1);
+			strlcpy(argv[1], val, cs - val + 1);
 			addr = cs + 1;
 		} else {
 			*(const char **)&argv[1] =
 			    string_param(j->intparams[IP_INTERFACE]);
-			addr = comstring->s;
+			addr = val;
 		}
 		*(const char **)&argv[2] = "inet";
 		if (!(cs = strchr(addr, '/'))) {
@@ -344,6 +358,15 @@ run_command(struct cfjail *j)
 			argv[3] = addr;
 			argc = 4;
 		}
+
+		if (!down) {
+			for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
+				size_t len = strlen(cs) + 1;
+				argv[argc] = alloca(len);
+				strlcpy(argv[argc++], cs, len);
+			}
+		}
+
 		*(const char **)&argv[argc] = down ? "-alias" : "alias";
 		argv[argc + 1] = NULL;
 		break;
@@ -351,16 +374,30 @@ run_command(struct cfjail *j)
 
 #ifdef INET6
 	case IP__IP6_IFADDR:
-		argv = alloca(8 * sizeof(char *));
+		argc = 0;
+		val = alloca(strlen(comstring->s) + 1);
+		strcpy(val, comstring->s);
+		cs = val;
+		extrap = NULL;
+		while ((p = strchr(cs, ' ')) != NULL && strlen(p) > 1) {
+			if (extrap == NULL) {
+				*p = '\0';
+				extrap = p + 1;
+			}
+			cs = p + 1;
+			argc++;
+		}
+
+		argv = alloca((8 + argc) * sizeof(char *));
 		*(const char **)&argv[0] = _PATH_IFCONFIG;
-		if ((cs = strchr(comstring->s, '|'))) {
-			argv[1] = alloca(cs - comstring->s + 1);
-			strlcpy(argv[1], comstring->s, cs - comstring->s + 1);
+		if ((cs = strchr(val, '|'))) {
+			argv[1] = alloca(cs - val + 1);
+			strlcpy(argv[1], val, cs - val + 1);
 			addr = cs + 1;
 		} else {
 			*(const char **)&argv[1] =
 			    string_param(j->intparams[IP_INTERFACE]);
-			addr = comstring->s;
+			addr = val;
 		}
 		*(const char **)&argv[2] = "inet6";
 		argv[3] = addr;
@@ -370,6 +407,15 @@ run_command(struct cfjail *j)
 			argc = 6;
 		} else
 			argc = 4;
+
+		if (!down) {
+			for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
+				size_t len = strlen(cs) + 1;
+				argv[argc] = alloca(len);
+				strlcpy(argv[argc++], cs, len);
+			}
+		}
+
 		*(const char **)&argv[argc] = down ? "-alias" : "alias";
 		argv[argc + 1] = NULL;
 		break;	

Modified: stable/10/usr.sbin/jail/config.c
==============================================================================
--- stable/10/usr.sbin/jail/config.c	Mon Aug 11 07:04:08 2014	(r269804)
+++ stable/10/usr.sbin/jail/config.c	Mon Aug 11 08:58:35 2014	(r269805)
@@ -576,7 +576,9 @@ check_intparams(struct cfjail *j)
 
 	/*
 	 * IP addresses may include an interface to set that address on,
-	 * and a netmask/suffix for that address.
+	 * a netmask/suffix for that address and options for ifconfig.
+	 * These are copied to an internal command parameter and then stripped
+	 * so they won't be passed on to jailparam_set.
 	 */
 	defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
 #ifdef INET
@@ -601,6 +603,10 @@ check_intparams(struct cfjail *j)
 				*cs = '\0';
 				s->len = cs - s->s;
 			}
+			if ((cs = strchr(s->s, ' ')) != NULL) {
+				*cs = '\0';
+				s->len = cs - s->s;
+			}
 		}
 	}
 #endif
@@ -625,6 +631,10 @@ check_intparams(struct cfjail *j)
 				*cs = '\0';
 				s->len = cs - s->s;
 			}
+			if ((cs = strchr(s->s, ' ')) != NULL) {
+				*cs = '\0';
+				s->len = cs - s->s;
+			}
 		}
 	}
 #endif

Modified: stable/10/usr.sbin/jail/jail.8
==============================================================================
--- stable/10/usr.sbin/jail/jail.8	Mon Aug 11 07:04:08 2014	(r269804)
+++ stable/10/usr.sbin/jail/jail.8	Mon Aug 11 08:58:35 2014	(r269805)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 12, 2013
+.Dd August 4, 2014
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -684,17 +684,23 @@ prison is created, and will be removed f
 prison is removed.
 .It Va ip4.addr
 In addition to the IP addresses that are passed to the kernel, and
-interface and/or a netmask may also be specified, in the form
-.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask .
+interface, netmask and additional paramters (as supported by
+.Xr ifconfig 8 Ns )
+may also be specified, in the form
+.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask param ... .
 If an interface is given before the IP address, an alias for the address
 will be added to that interface, as it is with the
 .Va interface
 parameter.  If a netmask in either dotted-quad or CIDR form is given
 after IP address, it will be used when adding the IP alias.
+If additional parameters are specified then they will also be used when
+adding the IP alias.
 .It Va ip6.addr
 In addition to the IP addresses that are passed to the kernel,
-and interface and/or a prefix may also be specified, in the form
-.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix .
+an interface, prefix and additional parameters (as supported by
+.Xr ifconfig 8 Ns )
+may also be specified, in the form
+.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... .
 .It Va vnet.interface
 A network interface to give to a vnet-enabled jail after is it created.
 The interface will automatically be returned when the jail is removed.
@@ -1172,6 +1178,7 @@ environment of the first jail.
 .Xr pkill 1 ,
 .Xr ps 1 ,
 .Xr quota 1 ,
+.Xr ifconfig 8 ,
 .Xr jail_set 2 ,
 .Xr devfs 5 ,
 .Xr fdescfs 5 ,