Check for IPv4 or IPv6 to be available by the kernel to not

provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.

Reviewed by:	jamie
Sponsored by:	The FreeBSD Foundation
Sponsored by:	iXsystems
MFC after:	10 days

2 files changed, 45 insertions, 34 deletions

diff --git a/usr.sbin/jail/Makefile b/usr.sbin/jail/Makefile
index de35dcf..52d237b 100644
--- a/usr.sbin/jail/Makefile
+++ b/usr.sbin/jail/Makefile
@@ -10,5 +10,8 @@ LDADD=	-ljail -lutil
 .if ${MK_INET6_SUPPORT} != "no"
 CFLAGS+= -DINET6
 .endif
+.if ${MK_INET_SUPPORT} != "no"
+CFLAGS+= -DINET
+.endif
 
 .include <bsd.prog.mk>
diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c
index 0722bfd..fc4f71c 100644
--- a/usr.sbin/jail/jail.c
+++ b/usr.sbin/jail/jail.c
@@ -54,12 +54,18 @@ static struct jailparam *params;
 static char **param_values;
 static int nparams;
 
-static char *ip4_addr;
 #ifdef INET6
+static int ip6_ok;
 static char *ip6_addr;
 #endif
+#ifdef INET
+static int ip4_ok;
+static char *ip4_addr;
+#endif
 
+#if defined(INET6) || defined(INET)
 static void add_ip_addr(char **addrp, char *newaddr);
+#endif
 #ifdef INET6
 static void add_ip_addr46(char *newaddr);
 #endif
@@ -194,6 +200,13 @@ main(int argc, char **argv)
 	if (uflag)
 		GET_USER_INFO;
 
+#ifdef INET6
+	ip6_ok = feature_present("inet6");
+#endif
+#ifdef INET
+	ip4_ok = feature_present("inet");
+#endif
+
 	if (jailname)
 		set_param("name", jailname);
 	if (securelevel)
@@ -207,10 +220,12 @@ main(int argc, char **argv)
 				break;
 			}
 			if (hflag) {
+#ifdef INET
 				if (!strncmp(argv[i], "ip4.addr=", 9)) {
 					add_ip_addr(&ip4_addr, argv[i] + 9);
 					break;
 				}
+#endif
 #ifdef INET6
 				if (!strncmp(argv[i], "ip6.addr=", 9)) {
 					add_ip_addr(&ip6_addr, argv[i] + 9);
@@ -231,12 +246,14 @@ main(int argc, char **argv)
 		set_param("host.hostname", argv[1]);
 		if (hflag)
 			add_ip_addrinfo(0, argv[1]);
+#if defined(INET6) || defined(INET)
 		if (argv[2][0] != '\0')
 #ifdef INET6
 			add_ip_addr46(argv[2]);
 #else
 			add_ip_addr(&ip4_addr, argv[2]);
 #endif
+#endif
 		cmdarg = 3;
 		/* Emulate the defaults from security.jail.* sysctls */
 		sysvallen = sizeof(sysval);
@@ -259,8 +276,10 @@ main(int argc, char **argv)
 			}
 		}
 	}
+#ifdef INET
 	if (ip4_addr != NULL)
 		set_param("ip4.addr", ip4_addr);
+#endif
 #ifdef INET6
 	if (ip6_addr != NULL)
 		set_param("ip6.addr", ip6_addr);
@@ -297,14 +316,19 @@ main(int argc, char **argv)
 			for (i = 0; i < nparams; i++)
 				if (!strcmp(params[i].jp_name, "path"))
 					break;
-#ifdef INET6
+#if defined(INET6) && defined(INET)
 			fprintf(fp, "%d\t%s\t%s\t%s%s%s\t%s\n",
 			    jid, i < nparams
 			    ? (char *)params[i].jp_value : argv[0],
 			    argv[1], ip4_addr ? ip4_addr : "",
 			    ip4_addr && ip4_addr[0] && ip6_addr && ip6_addr[0]
 			    ? "," : "", ip6_addr ? ip6_addr : "", argv[3]);
-#else
+#elif defined(INET6)
+			fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
+			    jid, i < nparams
+			    ?  (char *)params[i].jp_value : argv[0],
+			    argv[1], ip6_addr ? ip6_addr : "", argv[3]);
+#elif defined(INET)
 			fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
 			    jid, i < nparams
 			    ? (char *)params[i].jp_value : argv[0],
@@ -348,6 +372,7 @@ main(int argc, char **argv)
 	err(1, "execvp: %s", argv[cmdarg]);
 }
 
+#if defined(INET6) || defined(INET)
 static void
 add_ip_addr(char **addrp, char *value)
 {
@@ -368,6 +393,7 @@ add_ip_addr(char **addrp, char *value)
 		*addrp = addr;
 	}
 }
+#endif
 
 #ifdef INET6
 static void
@@ -391,23 +417,24 @@ static void
 add_ip_addrinfo(int ai_flags, char *value)
 {
 	struct addrinfo hints, *ai0, *ai;
-	struct in_addr addr4;
-	size_t size;
-	int error, ip4ok;
-	int mib[4];
+	int error;
+#ifdef INET
 	char avalue4[INET_ADDRSTRLEN];
+	struct in_addr addr4;
+#endif
 #ifdef INET6
-	struct in6_addr addr6;
-	int ip6ok;
 	char avalue6[INET6_ADDRSTRLEN];
+	struct in6_addr addr6;
 #endif
 
 	/* Look up the hostname (or get the address) */
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_socktype = SOCK_STREAM;
-#ifdef INET6
+#if defined(INET6) && defined(INET)
 	hints.ai_family = PF_UNSPEC;
-#else
+#elif defined(INET6)
+	hints.ai_family = PF_INET6;
+#elif defined(INET)
 	hints.ai_family = PF_INET;
 #endif
 	hints.ai_flags = ai_flags;
@@ -415,32 +442,12 @@ add_ip_addrinfo(int ai_flags, char *value)
 	if (error != 0)
 		errx(1, "hostname %s: %s", value, gai_strerror(error));
 
-	/*
-	 * Silently ignore unsupported address families from DNS lookups.
-	 * But if this is a numeric address, let the kernel give the error.
-	 */
-	if (ai_flags & AI_NUMERICHOST)
-		ip4ok =
-#ifdef INET6
-		    ip6ok =
-#endif
-		    1;
-	else {
-		size = 4;
-		ip4ok = (sysctlnametomib("security.jail.param.ip4", mib,
-		    &size) == 0);
-#ifdef INET6
-		size = 4;
-		ip6ok = (sysctlnametomib("security.jail.param.ip6", mib,
-		    &size) == 0);
-#endif
-	}
-	
 	/* Convert the addresses to ASCII so set_param can convert them back. */
 	for (ai = ai0; ai; ai = ai->ai_next)
 		switch (ai->ai_family) {
+#ifdef INET
 		case AF_INET:
-			if (!ip4ok)
+			if (!ip4_ok && (ai_flags & AI_NUMERICHOST) == 0)
 				break;
 			memcpy(&addr4, &((struct sockaddr_in *)
 			    (void *)ai->ai_addr)->sin_addr, sizeof(addr4));
@@ -449,9 +456,10 @@ add_ip_addrinfo(int ai_flags, char *value)
 				err(1, "inet_ntop");
 			add_ip_addr(&ip4_addr, avalue4);
 			break;
+#endif
 #ifdef INET6
 		case AF_INET6:
-			if (!ip6ok)
+			if (!ip6_ok && (ai_flags & AI_NUMERICHOST) == 0)
 				break;
 			memcpy(&addr6, &((struct sockaddr_in6 *)
 			    (void *)ai->ai_addr)->sin6_addr, sizeof(addr6));