MFC r259916:

 Use feature_present(3) to determine whether to open an INET or an
 INET6 socket when needed to allow pfctl to work on noinet and noinet6
 kernels (and try to provide a fallback using AF_LINK as best effort).
 Adjust the Makefile to also respect relevant src.conf(5) options
 for compile time decisions on INET and INET6 support.

 Reviewed by:	glebius (no objections)

4 files changed, 35 insertions, 4 deletions

diff --git a/sbin/pfctl/Makefile b/sbin/pfctl/Makefile
index 26c2258..5b3735c 100644
--- a/sbin/pfctl/Makefile
+++ b/sbin/pfctl/Makefile
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+.include <bsd.own.mk>
+
 # pf_ruleset.c is shared between kernel and pfctl
 .PATH: ${.CURDIR}/../../sys/netpfil/pf
 
@@ -16,6 +18,14 @@ CFLAGS+= -Wall -Wmissing-prototypes -Wno-uninitialized
 CFLAGS+= -Wstrict-prototypes
 CFLAGS+= -DENABLE_ALTQ -I${.CURDIR}
 
+# Need to use "WITH_" prefix to not conflict with the l/y INET/INET6 keywords
+.if ${MK_INET6_SUPPORT} != "no"
+CFLAGS+= -DWITH_INET6
+.endif
+.if ${MK_INET_SUPPORT} != "no"
+CFLAGS+= -DWITH_INET
+.endif
+
 YFLAGS=
 
 LDADD+=	-lm -lmd
diff --git a/sbin/pfctl/pfctl_altq.c b/sbin/pfctl/pfctl_altq.c
index 40e11d5..ae566f8 100644
--- a/sbin/pfctl/pfctl_altq.c
+++ b/sbin/pfctl/pfctl_altq.c
@@ -1122,7 +1122,7 @@ getifspeed(char *ifname)
 	struct ifreq	ifr;
 	struct if_data	ifrdat;
 
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0)
 		err(1, "socket");
 	bzero(&ifr, sizeof(ifr));
 	if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >=
@@ -1143,7 +1143,7 @@ getifmtu(char *ifname)
 	int		s;
 	struct ifreq	ifr;
 
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) < 0)
 		err(1, "socket");
 	bzero(&ifr, sizeof(ifr));
 	if (strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)) >=
diff --git a/sbin/pfctl/pfctl_parser.c b/sbin/pfctl/pfctl_parser.c
index f248995..1f4375a 100644
--- a/sbin/pfctl/pfctl_parser.c
+++ b/sbin/pfctl/pfctl_parser.c
@@ -1231,6 +1231,26 @@ ifa_load(void)
 	freeifaddrs(ifap);
 }
 
+int
+get_socket_domain(void)
+{
+	int sdom;
+
+	sdom = AF_UNSPEC;
+#ifdef WITH_INET6
+	if (sdom == AF_UNSPEC && feature_present("inet6"))
+		sdom = AF_INET6;
+#endif
+#ifdef WITH_INET
+	if (sdom == AF_UNSPEC && feature_present("inet"))
+		sdom = AF_INET;
+#endif
+	if (sdom == AF_UNSPEC)
+		sdom = AF_LINK;
+
+	return (sdom);
+}
+
 struct node_host *
 ifa_exists(const char *ifa_name)
 {
@@ -1242,7 +1262,7 @@ ifa_exists(const char *ifa_name)
 		ifa_load();
 
 	/* check wether this is a group */
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1)
 		err(1, "socket");
 	bzero(&ifgr, sizeof(ifgr));
 	strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name));
@@ -1273,7 +1293,7 @@ ifa_grouplookup(const char *ifa_name, int flags)
 	int			 s, len;
 	struct node_host	*n, *h = NULL;
 
-	if ((s = socket(AF_INET, SOCK_DGRAM, 0)) == -1)
+	if ((s = socket(get_socket_domain(), SOCK_DGRAM, 0)) == -1)
 		err(1, "socket");
 	bzero(&ifgr, sizeof(ifgr));
 	strlcpy(ifgr.ifgr_name, ifa_name, sizeof(ifgr.ifgr_name));
diff --git a/sbin/pfctl/pfctl_parser.h b/sbin/pfctl/pfctl_parser.h
index 4560d66..5c909e9 100644
--- a/sbin/pfctl/pfctl_parser.h
+++ b/sbin/pfctl/pfctl_parser.h
@@ -294,6 +294,7 @@ void			 set_ipmask(struct node_host *, u_int8_t);
 int			 check_netmask(struct node_host *, sa_family_t);
 int			 unmask(struct pf_addr *, sa_family_t);
 void			 ifa_load(void);
+int			 get_socket_domain(void);
 struct node_host	*ifa_exists(const char *);
 struct node_host	*ifa_lookup(const char *, int);
 struct node_host	*host(const char *);