when the jail is created by config file with multiple ips, jail loses all ip assignment which sets after ips with /"network prefix" Nevertheless, all IP are established on the interface with the correct mask How-To-Repeat: Have jail config with multiple ips with prefix in the list. Config sample (we mean that in /usr/jails/jail1 we have a complete freebsd base environment): % cat jail1.conf jail1 { exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; #mount.devfs; host.hostname = "jail1.my.domain"; path = "/usr/jails/jail1"; allow.raw_sockets; allow.socket_af; allow.chflags; allow.sysvipc; ip4.addr = 10.0.0.1,10.0.0.2,172.17.0.0/16,10.0.0.3; interface="em0"; mount.devfs; devfs_ruleset="4"; } // Before jail creation, interfaces em0 have: % ifconfig em0 | grep "inet " inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 // Jail start: % jail -f jail1.conf -c jail1 jail1: created .. //done. Check for IPs on interface. 172.17.0.0 have correct mask: ifconfig em0 | grep "inet " inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 inet 10.0.0.1 netmask 0xffffffff broadcast 10.0.0.1 inet 10.0.0.2 netmask 0xffffffff broadcast 10.0.0.2 inet 172.17.0.0 netmask 0xffff0000 broadcast 172.17.255.255 inet 10.0.0.3 netmask 0xffffffff broadcast 10.0.0.3 //Check for IP in jls: % jls -v JID Hostname Path Name State CPUSetID IP Address(es) 1 jail1.my.domain /usr/jails/jail1 jail1 ACTIVE 2 10.0.0.1 10.0.0.2 172.17.0.0 We have 10.0.0.1/32,10.0.0.2/32 and 172.17.0.0/16 but loose 10.0.0.3
Responsible Changed From-To: freebsd-bugs->jamie I think this is yours.
Author: jamie Date: Thu Aug 23 01:43:01 2012 New Revision: 239601 URL: http://svn.freebsd.org/changeset/base/239601 Log: Remember that I'm using length-defined strings in parameters: Remove a bogus null terminator when stripping the netmask from IP addresses. This was causing later addresses in a comma-separated string to disappear. Use memcpy instead of strcpy. This could just cause Bad Things. PR: 170832 MFC after: 1 week Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c ============================================================================== --- head/usr.sbin/jail/config.c Thu Aug 23 00:39:08 2012 (r239600) +++ head/usr.sbin/jail/config.c Thu Aug 23 01:43:01 2012 (r239601) @@ -597,8 +597,7 @@ check_intparams(struct cfjail *j) "ip4.addr: bad netmask \"%s\"", cs); error = -1; } - *cs = '\0'; - s->len = cs - s->s + 1; + s->len = cs - s->s; } } } @@ -621,8 +620,7 @@ check_intparams(struct cfjail *j) cs); error = -1; } - *cs = '\0'; - s->len = cs - s->s + 1; + s->len = cs - s->s; } } } @@ -714,7 +712,7 @@ import_params(struct cfjail *j) value = alloca(vallen); cs = value; TAILQ_FOREACH_SAFE(s, &p->val, tq, ts) { - strcpy(cs, s->s); + memcpy(cs, s->s, s->len); if (ts != NULL) { cs += s->len + 1; cs[-1] = ','; _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
State Changed From-To: open->patched Fixed in r239601: I had a '0' where it didn't belong.
Ive got another problem now. root@gizmo:/ # cat jail1.conf=20 jail1 { exec.start =3D "/bin/sh /etc/rc"; exec.stop =3D "/bin/sh /etc/rc.shutdown"; exec.clean; #mount.devfs; host.hostname =3D "jail1.my.domain"; path =3D "/usr/jails/jail1"; allow.raw_sockets; allow.socket_af; allow.chflags; allow.sysvipc; ip4.addr =3D 10.0.0.2/24; ip4.addr +=3D 192.168.0.4/24; ip4.addr +=3D 172.17.9.99/16; ip4.addr +=3D 10.0.0.4; interface=3D"re0"; mount.devfs; devfs_ruleset=3D"4"; } root@gizmo:/ # jail -f jail1.conf -c jail1 jail: jail1: ip4.addr: not an IPv4 address: 10.0.0.4=B1
----- Forwarded message from Jamie Gritton <jamie@FreeBSD.org> ----- Date: Wed, 22 Aug 2012 19:47:11 -0600 From: Jamie Gritton <jamie@FreeBSD.org> To: Oleg Ginzburg <olevole@olevole.ru> Cc: FreeBSD-Jail <freebsd-jail@FreeBSD.org> Subject: Re: misc/170832: jail v2 loses a binding of ip which sets after ips with /"network prefix" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0) Gecko/20120126 Thunderbird/9.0 I confused myself on the difference between null-terminated and length-defined strings, and stuck a '\0' were it didn't belong. I've committed the fix to HEAD, and I'll have it in 9.1 next week. - Jamie ----- End forwarded message -----
Author: jamie Date: Wed Aug 29 16:11:03 2012 New Revision: 239854 URL: http://svn.freebsd.org/changeset/base/239854 Log: MFC r239601: Remember that I'm using length-defined strings in parameters: Remove a bogus null terminator when stripping the netmask from IP addresses. This was causing later addresses in a comma-separated string to disappear. Use memcpy instead of strcpy. This could just cause Bad Things. MFC r239602: Pre-separate IP addresses passed on the command line, so they can be properly parsed for interface prefixes and netmask suffixes. This was already done for the old-style (fixed) command line, but missed for the new-style. MFC r239621: Partially roll back r239601 - keep parameter strings both length-delimited and null-terminated at the same time, because they're later passed to libjail as null-terminated. That means I also need to add a nul byte when comma-combining array parameters. PR: 170832 Modified: stable/9/usr.sbin/jail/config.c stable/9/usr.sbin/jail/jail.c Directory Properties: stable/9/usr.sbin/jail/ (props changed) Modified: stable/9/usr.sbin/jail/config.c ============================================================================== --- stable/9/usr.sbin/jail/config.c Wed Aug 29 16:00:26 2012 (r239853) +++ stable/9/usr.sbin/jail/config.c Wed Aug 29 16:11:03 2012 (r239854) @@ -596,7 +596,7 @@ check_intparams(struct cfjail *j) error = -1; } *cs = '\0'; - s->len = cs - s->s + 1; + s->len = cs - s->s; } } } @@ -620,7 +620,7 @@ check_intparams(struct cfjail *j) error = -1; } *cs = '\0'; - s->len = cs - s->s + 1; + s->len = cs - s->s; } } } @@ -712,12 +712,11 @@ import_params(struct cfjail *j) value = alloca(vallen); cs = value; TAILQ_FOREACH_SAFE(s, &p->val, tq, ts) { - strcpy(cs, s->s); - if (ts != NULL) { - cs += s->len + 1; - cs[-1] = ','; - } + memcpy(cs, s->s, s->len); + cs += s->len + 1; + cs[-1] = ','; } + value[vallen - 1] = '\0'; } if (jailparam_import(jp, value) < 0) { error = -1; Modified: stable/9/usr.sbin/jail/jail.c ============================================================================== --- stable/9/usr.sbin/jail/jail.c Wed Aug 29 16:00:26 2012 (r239853) +++ stable/9/usr.sbin/jail/jail.c Wed Aug 29 16:11:03 2012 (r239854) @@ -304,9 +304,33 @@ main(int argc, char **argv) for (i++; i < argc; i++) add_param(NULL, NULL, IP_COMMAND, argv[i]); - break; } - add_param(NULL, NULL, 0, argv[i]); +#ifdef INET + else if (!strncmp(argv[i], "ip4.addr=", 9)) { + for (cs = argv[i] + 9;; cs = ncs + 1) { + ncs = strchr(cs, ','); + if (ncs) + *ncs = '\0'; + add_param(NULL, NULL, KP_IP4_ADDR, cs); + if (!ncs) + break; + } + } +#endif +#ifdef INET6 + else if (!strncmp(argv[i], "ip6.addr=", 9)) { + for (cs = argv[i] + 9;; cs = ncs + 1) { + ncs = strchr(cs, ','); + if (ncs) + *ncs = '\0'; + add_param(NULL, NULL, KP_IP6_ADDR, cs); + if (!ncs) + break; + } + } +#endif + else + add_param(NULL, NULL, 0, argv[i]); } } else { /* From the config file, perhaps with a specified jail */ _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Author: jamie Date: Wed Aug 29 18:40:12 2012 New Revision: 239871 URL: http://svn.freebsd.org/changeset/base/239871 Log: MFS r239854 (including MFC r239601, r239602, r239621): Remember that I'm using length-defined strings in parameters: Don't include the null terminator when recomputing the parameter length when stripping the netmask from IP addresses. This was causing later addresses in a comma-separated string to disappear. Use memcpy instead of strcpy. This could just cause Bad Things. Add a null byte when comma-combining array parameters. Pre-separate IP addresses passed on the command line, so they can be properly parsed for interface prefixes and netmask suffixes. This was already done for the old-style (fixed) command line, but missed for the new-style. PR: 170832 Approved by: re (kib) Modified: releng/9.1/usr.sbin/jail/config.c releng/9.1/usr.sbin/jail/jail.c Directory Properties: releng/9.1/usr.sbin/jail/ (props changed) Modified: releng/9.1/usr.sbin/jail/config.c ============================================================================== --- releng/9.1/usr.sbin/jail/config.c Wed Aug 29 18:37:10 2012 (r239870) +++ releng/9.1/usr.sbin/jail/config.c Wed Aug 29 18:40:12 2012 (r239871) @@ -596,7 +596,7 @@ check_intparams(struct cfjail *j) error = -1; } *cs = '\0'; - s->len = cs - s->s + 1; + s->len = cs - s->s; } } } @@ -620,7 +620,7 @@ check_intparams(struct cfjail *j) error = -1; } *cs = '\0'; - s->len = cs - s->s + 1; + s->len = cs - s->s; } } } @@ -712,12 +712,11 @@ import_params(struct cfjail *j) value = alloca(vallen); cs = value; TAILQ_FOREACH_SAFE(s, &p->val, tq, ts) { - strcpy(cs, s->s); - if (ts != NULL) { - cs += s->len + 1; - cs[-1] = ','; - } + memcpy(cs, s->s, s->len); + cs += s->len + 1; + cs[-1] = ','; } + value[vallen - 1] = '\0'; } if (jailparam_import(jp, value) < 0) { error = -1; Modified: releng/9.1/usr.sbin/jail/jail.c ============================================================================== --- releng/9.1/usr.sbin/jail/jail.c Wed Aug 29 18:37:10 2012 (r239870) +++ releng/9.1/usr.sbin/jail/jail.c Wed Aug 29 18:40:12 2012 (r239871) @@ -304,9 +304,33 @@ main(int argc, char **argv) for (i++; i < argc; i++) add_param(NULL, NULL, IP_COMMAND, argv[i]); - break; } - add_param(NULL, NULL, 0, argv[i]); +#ifdef INET + else if (!strncmp(argv[i], "ip4.addr=", 9)) { + for (cs = argv[i] + 9;; cs = ncs + 1) { + ncs = strchr(cs, ','); + if (ncs) + *ncs = '\0'; + add_param(NULL, NULL, KP_IP4_ADDR, cs); + if (!ncs) + break; + } + } +#endif +#ifdef INET6 + else if (!strncmp(argv[i], "ip6.addr=", 9)) { + for (cs = argv[i] + 9;; cs = ncs + 1) { + ncs = strchr(cs, ','); + if (ncs) + *ncs = '\0'; + add_param(NULL, NULL, KP_IP6_ADDR, cs); + if (!ncs) + break; + } + } +#endif + else + add_param(NULL, NULL, 0, argv[i]); } } else { /* From the config file, perhaps with a specified jail */ _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
State Changed From-To: patched->closed MFCd to 9 and 9.1.