jail startup script for multi-IPs + ifconfig *sigh* stuff

[Bjoern A. Zeeb]

Hi,

I have a barely tested patch to rc.d/jail for HEAD (or the multi-IP
jail patch on 7) with the defaults/rc.conf and a for sure enhanceable
rc.conf.5 patch here:
http://people.freebsd.org/~bz/20090108-02-rc-jail.diff

For everyone who wants to grab the entire rc.d/jail file, fetch it from
http://people.freebsd.org/~bz/jail

This entire patch is only needed for thos people who like to get their
IPs configured/deconfigured upon jail start/stop and you see what a
mess of extra code this gives -- I am sure someone could improve the
sh(1) code but ...

I do NOT like this and neither do other people who will need to
approve this to go in.


I have been trying to support (most, all but the _netmask) from the
old version so you can still only give a single IP, or an IP list (of
mixed address families) but you can now also leave the IP part
entirely empty and start a no-IP jail or add a _multi<n> with n
starting at 0 (like with _alias<n>) and give the IPs on an extra line
each.

If you want to give an interface you can still use the jaiL_interface
or jail_<jname>_interface but you can also give an interface per
address now in that you prefix the address with "ifName|" (yes a pipe
and no blanks!).

If you want to give a netmask you can suffix an address with one of
those:
         - "/<n>"  -- prefix notation, no spaces allowed
         - " netmask a.b.c.d"  -- netmask with a space between the
           adress and the work "netmask" and a full dot-quad mask.
           You are not allowed to be clever and wirte "netmask a.b.c"
         - " prefixlen n" -- similar to netmask but for v6

Obviously netmask will not work for a v6 address and prefixlen not for
v4 as what you give is directly passed to ifconfig.

If you give "interface" but no "netmask" '/32' is assumed for v4 and
'/128' for v6.

Anything I missed?


What I want to know from you:

1) does you current rc.conf setup work if you just replace
    /etc/rc.d/jail? (keep a backup of the old - outside of that directory!)

2) does this work for all the features *sigh* you need?

3) does it work with whatever management tool you use for jails?

4) any other comments?


In case there are bugs or problems, let me know - I'll update and
repost links.

/bz


PS: special thanks to Ruben van Staveren who had maintained a
     (slightly) different version supporting v4/v6 ifconfig all the
     time!

-- 
Bjoern A. Zeeb                      The greatest risk is not taking one.