Following r222465:

Check for IPv4 or IPv6 to be available by the kernel to not
  provoke errors trying to query options not available.
  Make it possible to compile out INET or INET6 only parts.

usr.sbin/jail/Makefile

@@ -15,6 +15,9 @@ CFLAGS+=-I. -I${.CURDIR}
 .if ${MK_INET6_SUPPORT} != "no"
 CFLAGS+= -DINET6
 .endif
+.if ${MK_INET_SUPPORT} != "no"
+CFLAGS+= -DINET
+.endif
 
 CLEANFILES= y.output
 

usr.sbin/jail/command.c

@@ -247,12 +247,15 @@ run_command(struct cfjail *j)
 	const struct cfstring *comstring, *s;
 	login_cap_t *lcap;
 	char **argv;
-	char *cs, *addr, *comcs, *devpath;
+	char *cs, *comcs, *devpath;
 	const char *jidstr, *conslog, *path, *ruleset, *term, *username;
 	enum intparam comparam;
 	size_t comlen;
 	pid_t pid;
 	int argc, bg, clean, consfd, down, fib, i, injail, sjuser, timeout;
+#if defined(INET) || defined(INET6)
+	char *addr;
+#endif
 
 	static char *cleanenv;
 
@@ -295,6 +298,7 @@ run_command(struct cfjail *j)
 	comstring = j->comstring;
 	bg = 0;
 	switch (comparam) {
+#ifdef INET
 	case IP__IP4_IFADDR:
 		argv = alloca(8 * sizeof(char *));
 		*(const char **)&argv[0] = _PATH_IFCONFIG;
@@ -326,6 +330,7 @@ run_command(struct cfjail *j)
 		*(const char **)&argv[argc] = down ? "-alias" : "alias";
 		argv[argc + 1] = NULL;
 		break;
+#endif
 
 #ifdef INET6
 	case IP__IP6_IFADDR:

usr.sbin/jail/config.c

@@ -40,6 +40,7 @@ __FBSDID("$FreeBSD$");
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #include "jailp.h"
 
@@ -74,15 +75,19 @@ static const struct ipspec intparams[] = {
 							PF_INTERNAL | PF_BOOL},
     [IP_EXEC_SYSTEM_USER] =	{"exec.system_user",	PF_INTERNAL},
     [IP_EXEC_TIMEOUT] =		{"exec.timeout",	PF_INTERNAL | PF_INT},
+#if defined(INET) || defined(INET6)
     [IP_INTERFACE] =		{"interface",		PF_INTERNAL},
     [IP_IP_HOSTNAME] =		{"ip_hostname",		PF_INTERNAL | PF_BOOL},
+#endif
     [IP_MOUNT] =		{"mount",		PF_INTERNAL},
     [IP_MOUNT_DEVFS] =		{"mount.devfs",		PF_INTERNAL | PF_BOOL},
     [IP_MOUNT_DEVFS_RULESET]=	{"mount.devfs.ruleset",	PF_INTERNAL},
     [IP_MOUNT_FSTAB] =		{"mount.fstab",		PF_INTERNAL},
     [IP_STOP_TIMEOUT] =		{"stop.timeout",	PF_INTERNAL | PF_INT},
     [IP_VNET_INTERFACE] =	{"vnet.interface",	PF_INTERNAL},
+#ifdef INET
     [IP__IP4_IFADDR] =		{"ip4.addr",		PF_INTERNAL | PF_CONV},
+#endif
 #ifdef INET6
     [IP__IP6_IFADDR] =		{"ip6.addr",		PF_INTERNAL | PF_CONV},
 #endif
@@ -96,7 +101,9 @@ static const struct ipspec intparams[] = {
     [KP_ALLOW_SYSVIPC] =	{"allow.sysvipc",	0},
     [KP_ENFORCE_STATFS] =	{"enforce_statfs",	0},
     [KP_HOST_HOSTNAME] =	{"host.hostname",	0},
+#ifdef INET
     [KP_IP4_ADDR] =		{"ip4.addr",		0},
+#endif
 #ifdef INET6
     [KP_IP6_ADDR] =		{"ip6.addr",		0},
 #endif
@@ -427,21 +434,27 @@ string_param(const struct cfparam *p)
 int
 check_intparams(struct cfjail *j)
 {
-	struct in_addr addr4;
-	struct addrinfo hints;
-	struct addrinfo *ai0, *ai;
 	struct cfparam *p;
 	struct cfstring *s;
 	FILE *f;
-	const char *hostname, *val;
+	const char *val;
 	char *cs, *ep, *ln;
-	size_t size, lnlen;
-	int error, gicode, ip4ok, defif, prefix;
-	int mib[4];
+	size_t lnlen;
+	int error;
+#if defined(INET) || defined(INET6)
+	struct addrinfo hints;
+	struct addrinfo *ai0, *ai;
+	const char *hostname;
+	int gicode, defif, prefix;
+#endif
+#ifdef INET
+	struct in_addr addr4;
+	int ip4ok;
 	char avalue4[INET_ADDRSTRLEN];
+#endif
 #ifdef INET6
 	struct in6_addr addr6;
-	int ip6ok, isip6;
+	int ip6ok;
 	char avalue6[INET6_ADDRSTRLEN];
 #endif
 
@@ -471,6 +484,7 @@ check_intparams(struct cfjail *j)
 		}
 	}
 
+#if defined(INET) || defined(INET6)
 	/*
 	 * The ip_hostname parameter looks up the hostname, and adds parameters
 	 * for any IP addresses it finds.
@@ -484,27 +498,32 @@ check_intparams(struct cfjail *j)
 		 * Silently ignore unsupported address families from
 		 * DNS lookups.
 		 */
-		size = 4;
-		ip4ok = sysctlnametomib("security.jail.param.ip4", mib, &size)
-		    == 0;
-#ifdef INET6
-		size = 4;
-		ip6ok = sysctlnametomib("security.jail.param.ip6", mib, &size)
-		    == 0;
+#ifdef INET
+		ip4ok = feature_present("inet");
 #endif
-		if (ip4ok
 #ifdef INET6
-		    || ip6ok
+		ip6ok = feature_present("inet6");
 #endif
-			    ) {
+		if (
+#if defined(INET) && defined(INET6)
+		    ip4ok || ip6ok
+#elif defined(INET)
+		    ip4ok
+#elif defined(INET6)
+		    ip6ok
+#endif
+			 ) {
 			/* Look up the hostname (or get the address) */
 			memset(&hints, 0, sizeof(hints));
 			hints.ai_socktype = SOCK_STREAM;
 			hints.ai_family =
-#ifdef INET6
-			    ip6ok ? (ip4ok ? PF_UNSPEC : PF_INET6) :
-#endif
+#if defined(INET) && defined(INET6)
+			    ip4ok ? (ip6ok ? PF_UNSPEC : PF_INET) :  PF_INET6;
+#elif defined(INET)
 			    PF_INET;
+#elif defined(INET6)
+			    PF_INET6;
+#endif
 			gicode = getaddrinfo(hostname, NULL, &hints, &ai0);
 			if (gicode != 0) {
 				jail_warnx(j, "host.hostname %s: %s", hostname,
@@ -518,6 +537,7 @@ check_intparams(struct cfjail *j)
 				 */
 				for (ai = ai0; ai; ai = ai->ai_next)
 					switch (ai->ai_family) {
+#ifdef INET
 					case AF_INET:
 						memcpy(&addr4,
 						    &((struct sockaddr_in *)
@@ -530,6 +550,7 @@ check_intparams(struct cfjail *j)
 						add_param(j, NULL, KP_IP4_ADDR,
 						    avalue4);
 						break;
+#endif
 #ifdef INET6
 					case AF_INET6:
 						memcpy(&addr6,
@@ -555,43 +576,46 @@ check_intparams(struct cfjail *j)
 	 * and a netmask/suffix for that address.
 	 */
 	defif = string_param(j->intparams[IP_INTERFACE]) != NULL;
-#ifdef INET6
-	for (isip6 = 0; isip6 <= 1; isip6++)
-#else
-#define isip6 0
-	do
-#endif
-	{
-		if (j->intparams[KP_IP4_ADDR + isip6] == NULL)
-			continue;
-		TAILQ_FOREACH(s, &j->intparams[KP_IP4_ADDR + isip6]->val, tq) {
+#ifdef INET
+	if (j->intparams[KP_IP4_ADDR] != NULL) {
+		TAILQ_FOREACH(s, &j->intparams[KP_IP4_ADDR]->val, tq) {
 			cs = strchr(s->s, '|');
 			if (cs || defif)
-				add_param(j, NULL, IP__IP4_IFADDR + isip6,
-				    s->s);
+				add_param(j, NULL, IP__IP4_IFADDR, s->s);
 			if (cs) {
 				strcpy(s->s, cs + 1);
 				s->len -= cs + 1 - s->s;
 			}
 			if ((cs = strchr(s->s, '/'))) {
 				prefix = strtol(cs + 1, &ep, 10);
-				if (
-#ifdef INET6
-				    !isip6 &&
-#endif
-				    *ep == '.'
+				if (*ep == '.'
 				    ? inet_pton(AF_INET, cs + 1, &addr4) != 1
-				    : *ep || prefix < 0 || prefix > (
-#ifdef INET6
-				      isip6 ? 128 :
-#endif
-				      32)) {
+				    : *ep || prefix < 0 || prefix > 32) {
 					jail_warnx(j,
-#ifdef INET6
-					    isip6
-					    ? "ip6.addr: bad prefixlen \"%s\"" :
+					    "ip4.addr: bad netmask \"%s\"", cs);
+					error = -1;	
+				}
+				*cs = '\0';
+				s->len = cs - s->s + 1;
+			}
+		}
+	}
 #endif
-					    "ip4.addr: bad netmask \"%s\"",
+#ifdef INET6
+	if (j->intparams[KP_IP6_ADDR] != NULL) {
+		TAILQ_FOREACH(s, &j->intparams[KP_IP6_ADDR]->val, tq) {
+			cs = strchr(s->s, '|');
+			if (cs || defif)
+				add_param(j, NULL, IP__IP6_IFADDR, s->s);
+			if (cs) {
+				strcpy(s->s, cs + 1);
+				s->len -= cs + 1 - s->s;
+			}
+			if ((cs = strchr(s->s, '/'))) {
+				prefix = strtol(cs + 1, &ep, 10);
+				if (*ep || prefix < 0 || prefix > 128) {
+					jail_warnx(j,
+					    "ip6.addr: bad prefixlen \"%s\"",
 					    cs);
 					error = -1;	
 				}
@@ -600,8 +624,7 @@ check_intparams(struct cfjail *j)
 			}
 		}
 	}
-#ifndef INET6
-	while (0);
+#endif
 #endif
 
 	/*

usr.sbin/jail/jail.c

@@ -80,7 +80,9 @@ static struct permspec perm_sysctl[] = {
 
 static const enum intparam startcommands[] = {
     0,
+#ifdef INET
     IP__IP4_IFADDR,
+#endif
 #ifdef INET6
     IP__IP6_IFADDR,
 #endif
@@ -109,25 +111,30 @@ static const enum intparam stopcommands[] = {
 #ifdef INET6
     IP__IP6_IFADDR,
 #endif
+#ifdef INET
     IP__IP4_IFADDR,
+#endif
     0
 };
 
 int
 main(int argc, char **argv)
 {
-#ifdef INET6
-	struct in6_addr addr6;
-#endif
 	struct stat st;
 	FILE *jfp;
 	struct cfjail *j;
-	char *cs, *ncs, *JidFile;
+	char *JidFile;
 	size_t sysvallen;
 	unsigned op, pi;
 	int ch, docf, error, i, oldcl, sysval;
 	int dflag, iflag, Rflag;
 	char enforce_statfs[4];
+#if defined(INET) || defined(INET6)
+	char *cs, *ncs;
+#endif
+#if defined(INET) && defined(INET6)
+	struct in6_addr addr6;
+#endif
 
 	op = 0;
 	dflag = iflag = Rflag = 0;
@@ -147,7 +154,9 @@ main(int argc, char **argv)
 			cfname = optarg;
 			break;
 		case 'h':
+#if defined(INET) || defined(INET6)
 			add_param(NULL, NULL, IP_IP_HOSTNAME, NULL);
+#endif
 			docf = 0;
 			break;
 		case 'i':
@@ -219,21 +228,27 @@ main(int argc, char **argv)
 		oldcl = 1;
 		add_param(NULL, NULL, KP_PATH, argv[0]);
 		add_param(NULL, NULL, KP_HOST_HOSTNAME, argv[1]);
+#if defined(INET) || defined(INET6)
 		if (argv[2][0] != '\0') {
 			for (cs = argv[2];; cs = ncs + 1) {
 				ncs = strchr(cs, ',');
 				if (ncs)
 					*ncs = '\0';
 				add_param(NULL, NULL,
-#ifdef INET6
+#if defined(INET) && defined(INET6)
 				    inet_pton(AF_INET6, cs, &addr6) == 1
-				    ? KP_IP6_ADDR :
+				    ? KP_IP6_ADDR : KP_IP4_ADDR,
+#elif defined(INET)
+				    KP_IP4_ADDR,
+#elif defined(INET6)
+				    KP_IP6_ADDR,
 #endif
-				    KP_IP4_ADDR, cs);
+				    cs);
 				if (!ncs)
 					break;
 			}
 		}
+#endif
 		for (i = 3; i < argc; i++)
 			add_param(NULL, NULL, IP_COMMAND, argv[i]);
 		/* Emulate the defaults from security.jail.* sysctls. */
@@ -866,15 +881,18 @@ print_jail(FILE *fp, struct cfjail *j, int oldcl)
 		putc('\t', fp);
 		print_param(fp, j->intparams[KP_HOST_HOSTNAME], ',', 0);
 		putc('\t', fp);
+#ifdef INET
 		print_param(fp, j->intparams[KP_IP4_ADDR], ',', 0);
 #ifdef INET6
-		if (j->intparams[KP_IP6_ADDR] &&
-		    !TAILQ_EMPTY(&j->intparams[KP_IP6_ADDR]->val)) {
-			if (j->intparams[KP_IP4_ADDR] &&
-			    !TAILQ_EMPTY(&j->intparams[KP_IP4_ADDR]->val))
-				putc(',', fp);
-			print_param(fp, j->intparams[KP_IP6_ADDR], ',', 0);
-		}
+		if (j->intparams[KP_IP4_ADDR] &&
+		    !TAILQ_EMPTY(&j->intparams[KP_IP4_ADDR]->val) &&
+		    j->intparams[KP_IP6_ADDR] &&
+		    !TAILQ_EMPTY(&j->intparams[KP_IP6_ADDR]->val))
+		    putc(',', fp);
+#endif
+#endif
+#ifdef INET6
+		print_param(fp, j->intparams[KP_IP6_ADDR], ',', 0);
 #endif
 		putc('\t', fp);
 		print_param(fp, j->intparams[IP_COMMAND], ' ', 0);

usr.sbin/jail/jailp.h

@@ -87,15 +87,19 @@ enum intparam {
 	IP_EXEC_SYSTEM_JAIL_USER,/* Get jail_user from system passwd file */
 	IP_EXEC_SYSTEM_USER,	/* Run non-jailed commands as this user */
 	IP_EXEC_TIMEOUT,	/* Time to wait for a command to complete */
+#if defined(INET) || defined(INET6)
 	IP_INTERFACE,		/* Add IP addresses to this interface */
 	IP_IP_HOSTNAME,		/* Get jail IP address(es) from hostname */
+#endif
 	IP_MOUNT,		/* Mount points in fstab(5) form */
 	IP_MOUNT_DEVFS,		/* Mount /dev under prison root */
 	IP_MOUNT_DEVFS_RULESET,	/* Ruleset for the devfs mount */
 	IP_MOUNT_FSTAB,		/* A standard fstab(5) file */
 	IP_STOP_TIMEOUT,	/* Time to wait after sending SIGTERM */
 	IP_VNET_INTERFACE,	/* Assign interface(s) to vnet jail */
+#ifdef INET
 	IP__IP4_IFADDR,		/* Copy of ip4.addr with interface/netmask */
+#endif
 #ifdef INET6
 	IP__IP6_IFADDR,		/* Copy of ip6.addr with interface/prefixlen */
 #endif
@@ -109,7 +113,9 @@ enum intparam {
 	KP_ALLOW_SYSVIPC,
 	KP_ENFORCE_STATFS,
 	KP_HOST_HOSTNAME,
+#ifdef INET
 	KP_IP4_ADDR,
+#endif
 #ifdef INET6
 	KP_IP6_ADDR,
 #endif