[Bug 205926] jail(8): fails to parse ifconfig parameters in ip4.addr and ip6.addr after /netmask

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Jan 5 17:32:10 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=205926

            Bug ID: 205926
           Summary: jail(8): fails to parse ifconfig parameters in
                    ip4.addr and ip6.addr after /netmask
           Product: Base System
           Version: 10.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: Mark.Martinec at ijs.si

The jail(8) man page states that additional ifconfig parameters
may be supplied after ip-address/netmask in ip4.addr and ip6.addr
(which is needed for example to specify a CARPed IP address):

The manpage states:

ip4.addr
  In addition to the IP addresses that are passed to the kernel,
  an interface, netmask and additional paramters (as supported
  by ifconfig(8)) may also be specified, in the form
  “interface|ip-address/netmask param ...”.

As it turns out this does not work, unless /netmask is omitted.

Seems like the check_intparams() in /usr/src/usr.sbin/jail/config.c
assumes that everything after a slash is a netmask or a mask-length
(or IPv6 prefix length), so any parameter following a /netmask
is treated as a netmask syntax error.

Example:

# jail -c ip4.addr='igb0|10.0.0.246/24 vhid 23 advskew 100' \
          ip6.addr='igb0|2001:db8::246/64 vhid 23 advskew 100' [...]
jail: ip4.addr: bad netmask "/24 vhid 23 advskew 100"
jail: ip6.addr: bad prefixlen "/64 vhid 23 advskew 100"


Omitting the /24 (and /64) works as intended, but the implied
mask length is /32 (and /128).


An attempted workaround like:
  ip4.addr='igb0|10.0.0.246 netmask 255.255.255.0 vhid 23 advskew 100'

produces a double netmask option to ifconfig, which may be ambiguous
(or a potential syntax error) - as reported by jail -v :

  run command: /sbin/ifconfig igb0 inet 10.0.0.246 \
    netmask 255.255.255.255 netmask 255.255.255.0 vhid 23 advskew 100 alias


( Btw, why does the jail(8) bother to convert a mask length into a
netmask, where the ifconfig is perfectly happy with a CIDR notation? )

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list