[Bug 205926] jail(8): fails to parse ifconfig parameters in ip4.addr and ip6.addr after /netmask

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Jan 5 17:32:10 UTC 2016


            Bug ID: 205926
           Summary: jail(8): fails to parse ifconfig parameters in
                    ip4.addr and ip6.addr after /netmask
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: Mark.Martinec at ijs.si

The jail(8) man page states that additional ifconfig parameters
may be supplied after ip-address/netmask in ip4.addr and ip6.addr
(which is needed for example to specify a CARPed IP address):

The manpage states:

  In addition to the IP addresses that are passed to the kernel,
  an interface, netmask and additional paramters (as supported
  by ifconfig(8)) may also be specified, in the form
  “interface|ip-address/netmask param ...”.

As it turns out this does not work, unless /netmask is omitted.

Seems like the check_intparams() in /usr/src/usr.sbin/jail/config.c
assumes that everything after a slash is a netmask or a mask-length
(or IPv6 prefix length), so any parameter following a /netmask
is treated as a netmask syntax error.


# jail -c ip4.addr='igb0| vhid 23 advskew 100' \
          ip6.addr='igb0|2001:db8::246/64 vhid 23 advskew 100' [...]
jail: ip4.addr: bad netmask "/24 vhid 23 advskew 100"
jail: ip6.addr: bad prefixlen "/64 vhid 23 advskew 100"

Omitting the /24 (and /64) works as intended, but the implied
mask length is /32 (and /128).

An attempted workaround like:
  ip4.addr='igb0| netmask vhid 23 advskew 100'

produces a double netmask option to ifconfig, which may be ambiguous
(or a potential syntax error) - as reported by jail -v :

  run command: /sbin/ifconfig igb0 inet \
    netmask netmask vhid 23 advskew 100 alias

( Btw, why does the jail(8) bother to convert a mask length into a
netmask, where the ifconfig is perfectly happy with a CIDR notation? )

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list