From owner-svn-src-head@FreeBSD.ORG Fri Jul 31 14:30:06 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D0F01065670; Fri, 31 Jul 2009 14:30:06 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 50B458FC1A; Fri, 31 Jul 2009 14:30:06 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n6VEU6qU071839; Fri, 31 Jul 2009 14:30:06 GMT (envelope-from jamie@svn.freebsd.org) Received: (from jamie@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n6VEU6Hm071837; Fri, 31 Jul 2009 14:30:06 GMT (envelope-from jamie@svn.freebsd.org) Message-Id: <200907311430.n6VEU6Hm071837@svn.freebsd.org> From: Jamie Gritton Date: Fri, 31 Jul 2009 14:30:06 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r195998 - head/usr.sbin/jail X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Jul 2009 14:30:06 -0000 Author: jamie Date: Fri Jul 31 14:30:06 2009 New Revision: 195998 URL: http://svn.freebsd.org/changeset/base/195998 Log: Handle kernels that don't have IPv6 by not sending an "ip6.addr" parameter unless a (numeric) IPv6 address is given. Even the default binaries built with -DINET6 will work with IPv6-less kernels. With an eye to the future, similarly handle the possibility of an IPv4-less kernel. Approved by: re (kib), bz (mentor) Modified: head/usr.sbin/jail/jail.c Modified: head/usr.sbin/jail/jail.c ============================================================================== --- head/usr.sbin/jail/jail.c Fri Jul 31 14:19:57 2009 (r195997) +++ head/usr.sbin/jail/jail.c Fri Jul 31 14:30:06 2009 (r195998) @@ -231,10 +231,11 @@ main(int argc, char **argv) set_param("host.hostname", argv[1]); if (hflag) add_ip_addrinfo(0, argv[1]); + if (argv[2][0] != '\0') #ifdef INET6 - add_ip_addr46(argv[2]); + add_ip_addr46(argv[2]); #else - add_ip_addr(&ip4_addr, argv[2]); + add_ip_addr(&ip4_addr, argv[2]); #endif cmdarg = 3; /* Emulate the defaults from security.jail.* sysctls */ @@ -374,11 +375,6 @@ add_ip_addr46(char *value) { char *p, *np; - if (!value[0]) { - add_ip_addr(&ip4_addr, value); - add_ip_addr(&ip6_addr, value); - return; - } for (p = value;; p = np + 1) { np = strchr(p, ','); @@ -396,10 +392,13 @@ add_ip_addrinfo(int ai_flags, char *valu { struct addrinfo hints, *ai0, *ai; struct in_addr addr4; - int error; + size_t size; + int error, ip4ok; + int mib[4]; char avalue4[INET_ADDRSTRLEN]; #ifdef INET6 struct in6_addr addr6; + int ip6ok; char avalue6[INET6_ADDRSTRLEN]; #endif @@ -415,11 +414,34 @@ add_ip_addrinfo(int ai_flags, char *valu error = getaddrinfo(value, NULL, &hints, &ai0); if (error != 0) errx(1, "hostname %s: %s", value, gai_strerror(error)); + + /* + * Silently ignore unsupported address families from DNS lookups. + * But if this is a numeric address, let the kernel give the error. + */ + if (ai_flags & AI_NUMERICHOST) + ip4ok = +#ifdef INET6 + ip6ok = +#endif + 1; + else { + size = 4; + ip4ok = (sysctlnametomib("security.jail.param.ip4", mib, + &size) == 0); +#ifdef INET6 + size = 4; + ip6ok = (sysctlnametomib("security.jail.param.ip6", mib, + &size) == 0); +#endif + } /* Convert the addresses to ASCII so set_param can convert them back. */ for (ai = ai0; ai; ai = ai->ai_next) switch (ai->ai_family) { case AF_INET: + if (!ip4ok) + break; memcpy(&addr4, &((struct sockaddr_in *) (void *)ai->ai_addr)->sin_addr, sizeof(addr4)); if (inet_ntop(AF_INET, &addr4, avalue4, @@ -429,6 +451,8 @@ add_ip_addrinfo(int ai_flags, char *valu break; #ifdef INET6 case AF_INET6: + if (!ip6ok) + break; memcpy(&addr6, &((struct sockaddr_in6 *) (void *)ai->ai_addr)->sin6_addr, sizeof(addr6)); if (inet_ntop(AF_INET6, &addr6, avalue6,