D48679.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D48679.diff
View Options

	diff --git a/usr.sbin/ip6addrctl/Makefile b/usr.sbin/ip6addrctl/Makefile
	--- a/usr.sbin/ip6addrctl/Makefile
	+++ b/usr.sbin/ip6addrctl/Makefile
	@@ -1,5 +1,12 @@
	+.include <src.opts.mk>
	+
	PACKAGE= runtime
	PROG= ip6addrctl
	MAN= ip6addrctl.8

	+.if ${MK_JAIL} != "no"
	+CFLAGS+= -DJAIL
	+LIBADD+= jail
	+.endif
	+
	.include <bsd.prog.mk>
	diff --git a/usr.sbin/ip6addrctl/ip6addrctl.8 b/usr.sbin/ip6addrctl/ip6addrctl.8
	--- a/usr.sbin/ip6addrctl/ip6addrctl.8
	+++ b/usr.sbin/ip6addrctl/ip6addrctl.8
	@@ -27,7 +27,7 @@
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.
	.\"
	-.Dd August 10, 2024
	+.Dd January 29, 2025
	.Dt IP6ADDRCTL 8
	.Os
	.\"
	@@ -37,16 +37,21 @@
	.\"
	.Sh SYNOPSIS
	.Nm
	+.Op Fl j Ar jail
	.Op Cm show
	.Nm
	+.Op Fl j Ar jail
	.Cm add
	.Ar prefix precedence label
	.Nm
	+.Op Fl j Ar jail
	.Cm delete
	.Ar prefix
	.Nm
	+.Op Fl j Ar jail
	.Cm flush
	.Nm
	+.Op Fl j Ar jail
	.Cm install
	.Ar configfile
	.\"
	@@ -62,6 +67,10 @@
	it prints the content of the policy table currently installed in the
	kernel.
	.Pp
	+To operate inside a jail, the option
	+.Op Fl j Ar jail
	+should precede other options.
	+.Pp
	To modify the table, the following operations are available:
	.Bl -tag -width indent
	.It Cm add Ar prefix precedence label
	@@ -100,6 +109,7 @@
	.Pq Ql #
	are
	comments and are ignored.
	+Note that the configuration file will be processed before attaching to a jail.
	.El
	.\"
	.Sh EXIT STATUS
	diff --git a/usr.sbin/ip6addrctl/ip6addrctl.c b/usr.sbin/ip6addrctl/ip6addrctl.c
	--- a/usr.sbin/ip6addrctl/ip6addrctl.c
	+++ b/usr.sbin/ip6addrctl/ip6addrctl.c
	@@ -36,6 +36,9 @@
	#include <sys/queue.h>
	#include <sys/param.h>
	#include <sys/ioctl.h>
	+#ifdef JAIL
	+#include <sys/jail.h>
	+#endif
	#include <sys/sysctl.h>

	#include <net/if.h>
	@@ -45,12 +48,18 @@

	#include <stdlib.h>
	#include <netdb.h>
	+#ifdef JAIL
	+#include <jail.h>
	+#endif
	#include <stdio.h>
	#include <unistd.h>
	#include <limits.h>
	#include <string.h>
	#include <err.h>

	+#ifdef JAIL
	+static char *jailname;
	+#endif
	static char *configfile;

	struct policyqueue {
	@@ -61,6 +70,7 @@
	static struct policyhead policyhead = TAILQ_HEAD_INITIALIZER(policyhead);

	static void usage(void) __dead2;
	+static void attach_jail(void);
	static void get_policy(void);
	static void dump_policy(void);
	static int mask2plen(struct sockaddr_in6 *);
	@@ -75,27 +85,51 @@
	int
	main(int argc, char *argv[])
	{
	- if (argc == 1 \|\| (argc == 2 && strcasecmp(argv[1], "show") == 0)) {
	+ int ch;
	+
	+ while ((ch = getopt(argc, argv, "j:")) != -1) {
	+ switch (ch) {
	+ case 'j':
	+#ifdef JAIL
	+ if ((jailname = optarg) == NULL)
	+ usage();
	+#else
	+ errx(1, "not built with jail support");
	+#endif
	+ break;
	+ default:
	+ usage();
	+ }
	+ }
	+ argc -= optind;
	+ argv += optind;
	+
	+ if (argc == 0 \|\| (argc == 1 && strcasecmp(argv[0], "show") == 0)) {
	+ attach_jail();
	get_policy();
	dump_policy();
	- } else if (strcasecmp(argv[1], "add") == 0) {
	- if (argc != 5)
	+ } else if (strcasecmp(argv[0], "add") == 0) {
	+ if (argc != 4)
	usage();
	- add_policy(argv[2], argv[3], argv[4]);
	- } else if (strcasecmp(argv[1], "delete") == 0) {
	- if (argc != 3)
	- usage();
	- delete_policy(argv[2]);
	- } else if (strcasecmp(argv[1], "flush") == 0) {
	+ attach_jail();
	+ add_policy(argv[1], argv[2], argv[3]);
	+ } else if (strcasecmp(argv[0], "delete") == 0) {
	if (argc != 2)
	usage();
	+ attach_jail();
	+ delete_policy(argv[1]);
	+ } else if (strcasecmp(argv[0], "flush") == 0) {
	+ if (argc != 1)
	+ usage();
	+ attach_jail();
	get_policy();
	flush_policy();
	- } else if (strcasecmp(argv[1], "install") == 0) {
	- if (argc != 3)
	+ } else if (strcasecmp(argv[0], "install") == 0) {
	+ if (argc != 2)
	usage();
	- configfile = argv[2];
	+ configfile = argv[1];
	make_policy_fromfile(configfile);
	+ attach_jail();
	set_policy();
	} else
	usage();
	@@ -103,6 +137,23 @@
	exit(0);
	}

	+static void
	+attach_jail(void)
	+{
	+#ifdef JAIL
	+ int jid;
	+
	+ if (jailname == NULL)
	+ return;
	+
	+ jid = jail_getid(jailname);
	+ if (jid == -1)
	+ errx(1, "jail not found");
	+ if (jail_attach(jid) != 0)
	+ errx(1, "cannot attach to jail");
	+#endif
	+}
	+
	static void
	get_policy(void)
	{
	@@ -445,12 +496,12 @@
	static void
	usage(void)
	{
	- fprintf(stderr, "usage: ip6addrctl [show]\n");
	- fprintf(stderr, " ip6addrctl add "
	+ fprintf(stderr, "usage: ip6addrctl [-j jail] [show]\n");
	+ fprintf(stderr, " ip6addrctl [-j jail] add "
	"<prefix> <precedence> <label>\n");
	- fprintf(stderr, " ip6addrctl delete <prefix>\n");
	- fprintf(stderr, " ip6addrctl flush\n");
	- fprintf(stderr, " ip6addrctl install <configfile>\n");
	+ fprintf(stderr, " ip6addrctl [-j jail] delete <prefix>\n");
	+ fprintf(stderr, " ip6addrctl [-j jail] flush\n");
	+ fprintf(stderr, " ip6addrctl [-j jail] install <configfile>\n");

	exit(1);
	}

File Metadata

Mime Type: text/plain
Expires: Sat, Feb 8, 9:49 PM (20 h, 28 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16533474
Default Alt Text: D48679.diff (4 KB)

D48679.diffNo OneTemporaryActions

D48679.diffView Options

File Metadata

Event Timeline

D48679.diff
No OneTemporary
Actions

D48679.diff
View Options