Integrate rc.d/network_ipv6 into rc.d/netif:

- Add rc.d/stf and rc.d/faith for stf(4) and faith(4). - Remove rc.d/auto_linklocal and rc.d/network_ipv6. - Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif depends on some sysctl variables. Reviewed by: brooks MFC after: 3 days
svn path=/head/; revision=197139
2024-12-27 11:55:06 +00:00 · 2009-09-12 22:13:41 +00:00 · 2009-09-12 22:13:41 +00:00 · 5d595cb88e · 2020-12-20 02:59:44 +00:00
commit 5d595cb88e
parent a283298ce3
15 changed files with 911 additions and 553 deletions
--- a/etc/network.subr
+++ b/etc/network.subr
--- a/etc/rc.d/Makefile
+++ b/etc/rc.d/Makefile
@ -4,13 +4,13 @@

 FILES=	DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \
 	abi accounting addswap adjkerntz amd \
-	apm apmd archdep atm1 atm2 atm3 auditd auto_linklocal \
+	apm apmd archdep atm1 atm2 atm3 auditd \
 	bgfsck bluetooth bootparams bridge bsnmpd bthidd \
 	ccd cleanvar cleartmp cron \
 	ddb defaultroute devd devfs dhclient \
 	dmesg dumpon \
 	encswap \
-	fsck ftp-proxy ftpd \
+	faith fsck ftp-proxy ftpd \
 	gbde geli geli2 gssd \
 	hcsecd \
 	hostapd hostid hostid_save hostname \
@ -23,7 +23,7 @@ FILES=	DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \
 	mixer motd mountcritlocal mountcritremote mountlate \
 	mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \
 	named natd netif netoptions \
-	network_ipv6 newsyslog nfsclient nfscbd nfsd \
+	newsyslog nfsclient nfscbd nfsd \
 	nfsserver nfsuserd nisdomain nsswitch ntpd ntpdate \
 	othermta \
 	pf pflog pfsync \
@ -32,7 +32,7 @@ FILES=	DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \
 	random rarpd resolv rfcomm_pppd_server root \
 	route6d routed routing rpcbind rtadvd rwho \
 	savecore sdpd securelevel sendmail \
-	serial sppp statd static_arp swap1 \
+	serial sppp statd static_arp stf swap1 \
 	syscons sysctl syslogd \
 	timed tmp \
 	ugidfw \
--- a/etc/rc.d/NETWORKING
+++ b/etc/rc.d/NETWORKING
@ -4,7 +4,7 @@
 #

 # PROVIDE: NETWORKING NETWORK
-# REQUIRE: netif netoptions routing network_ipv6 ppp ipfw
+# REQUIRE: netif netoptions routing ppp ipfw stf faith
 # REQUIRE: defaultroute routed mrouted route6d mroute6d resolv

 #	This is a dummy dependency, for services which require networking
--- a/etc/rc.d/addswap
+++ b/etc/rc.d/addswap
@ -7,7 +7,6 @@

 # PROVIDE: addswap
 # REQUIRE: FILESYSTEMS
-# BEFORE: sysctl
 # KEYWORD: nojail

 . /etc/rc.subr
--- a/etc/rc.d/auto_linklocal
+++ b/etc/rc.d/auto_linklocal
@ -1,33 +0,0 @@
-#!/bin/sh
-#
-# $FreeBSD$
-#
-
-# PROVIDE: auto_linklocal
-# REQUIRE: root
-# BEFORE:  sysctl
-# KEYWORD: nojail
-
-. /etc/rc.subr
-. /etc/network.subr
-
-name="auto_linklocal"
-start_cmd="auto_linklocal_start"
-stop_cmd=":"
-
-auto_linklocal_start()
-{
-	if ! checkyesno ipv6_enable && ${SYSCTL} net.inet6 > /dev/null 2>&1; then
-		if ! ${SYSCTL_W} net.inet6.ip6.auto_linklocal=0 >/dev/null 2>&1; then
-			warn "failed to set sysctl(8)"
-			return 1
-		fi
-		laddr=`network6_getladdr lo0`
-		if [ -z "${laddr}" ]; then
-			ifconfig lo0 inet6 fe80::1 prefixlen 64
-		fi
-	fi
-}
-
-load_rc_config $name
-run_rc_command "$1"
--- a/etc/rc.d/defaultroute
+++ b/etc/rc.d/defaultroute
@ -6,7 +6,7 @@
 #

 # PROVIDE: defaultroute
-# REQUIRE: devd netif network_ipv6
+# REQUIRE: devd netif
 # KEYWORD: nojail

 . /etc/rc.subr
@ -18,7 +18,7 @@ stop_cmd=":"

 defaultroute_start()
 {
-	local output carrier nocarrier
+	local output carrier nocarrier nl

 	# Return without waiting if we don't have dhcp interfaces or
 	# if none of the dhcp interfaces is plugged in.
@ -41,6 +41,7 @@ defaultroute_start()
 		if [ -n "${defif}" ]; then
 			if [ ${delay} -ne ${defaultroute_delay} ]; then
 				echo -n "($defif)"
+				nl=1
 			fi
 			break
 		fi
@ -49,11 +50,12 @@ defaultroute_start()
 		else
 			echo -n .
 		fi
+		nl=1
 		sleep 1
-		delay=`expr $delay - 1`
+		delay=$(($delay - 1))
 	done

-	echo
+	[ -n "$nl" ] && echo
 }

 load_rc_config $name
--- a/etc/rc.d/devd
+++ b/etc/rc.d/devd
@ -4,7 +4,7 @@
 #

 # PROVIDE: devd
-# REQUIRE: netif network_ipv6
+# REQUIRE: netif
 # BEFORE: NETWORKING mountcritremote
 # KEYWORD: nojail shutdown

--- a/etc/rc.d/faith
+++ b/etc/rc.d/faith
@ -0,0 +1,77 @@
+#!/bin/sh
+# $FreeBSD$
+#
+
+# PROVIDE: faith
+# REQUIRE: netif routing
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="faith"
+start_cmd="faith_up"
+stop_cmd="faith_down"
+
+faith_up()
+{
+	case ${ipv6_faith_prefix} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		echo "Configuring IPv6-to-IPv4 TCP relay capturing interface:" \
+		    " faith0."
+		${SYSCTL_W} net.inet6.ip6.keepfaith=1
+		ifconfig faith0 create >/dev/null 2>&1
+		ifconfig faith0 up
+		for prefix in ${ipv6_faith_prefix}; do
+			prefixlen=`expr "${prefix}" : ".*/\(.*\)"`
+			case ${prefixlen} in
+			'')
+				prefixlen=96
+				;;
+			*)
+				prefix=`expr "${prefix}" : \
+					     "\(.*\)/${prefixlen}"`
+				;;
+			esac
+			route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1
+			route change -inet6 ${prefix} -prefixlen ${prefixlen} \
+				-ifp faith0
+		done
+		if [ -z "${rc_quiet}" ]; then
+			ifconfig faith0
+		fi
+		;;
+	esac
+}
+
+faith_down()
+{
+	echo "Removing IPv6-to-IPv4 TCP relay capturing interface: faith0."
+	ifconfig faith0 destroy
+	${SYSCTL_W} net.inet6.ip6.keepfaith=0
+
+	case ${ipv6_faith_prefix} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		for prefix in ${ipv6_faith_prefix}; do
+			prefixlen=`expr "${prefix}" : ".*/\(.*\)"`
+			case ${prefixlen} in
+			'')
+				prefixlen=96
+				;;
+			*)
+				prefix=`expr "${prefix}" : \
+					     "\(.*\)/${prefixlen}"`
+				;;
+			esac
+			route delete -inet6 ${prefix} -prefixlen ${prefixlen}
+		done
+		;;
+	esac
+}
+
+load_rc_config $name
+run_rc_command "$1"
--- a/etc/rc.d/ip6addrctl
+++ b/etc/rc.d/ip6addrctl
@ -4,8 +4,8 @@
 #

 # PROVIDE: ip6addrctl
-# REQUIRE: FILESYSTEMS netif
-# BEFORE: network_ipv6
+# REQUIRE: FILESYSTEMS
+# BEFORE: netif
 # KEYWORD: nojail

 . /etc/rc.subr
@ -52,7 +52,7 @@ ip6addrctl_start()
 			ip6addrctl install /etc/ip6addrctl.conf
 			checkyesno ip6addrctl_verbose && ip6addrctl
 		else
-			if checkyesno ipv6_enable; then
+			if checkyesno ipv6_prefer; then
 				ip6addrctl_prefer_ipv6
 			else
 				ip6addrctl_prefer_ipv4
--- a/etc/rc.d/mroute6d
+++ b/etc/rc.d/mroute6d
@ -4,7 +4,8 @@
 #

 # PROVIDE: mroute6d
-# REQUIRE: network_ipv6
+# REQUIRE: netif routing
+# BEFORE: NETWORKING
 # KEYWORD: nojail

 . /etc/rc.subr
--- a/etc/rc.d/netif
+++ b/etc/rc.d/netif
@ -41,6 +41,8 @@ clonedown_cmd="clone_down"
 extra_commands="cloneup clonedown"
 cmdifn=

+set_rcvar_obsolete ipv6_enable
+
 network_start()
 {
 	# Set the list of interfaces to work on.
--- a/etc/rc.d/network_ipv6
+++ b/etc/rc.d/network_ipv6
@ -1,126 +0,0 @@
-#!/bin/sh
-#
-# Copyright (c) 2000  The KAME Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-#
-# $FreeBSD$
-# 	From: src/etc/rc.network6,v 1.29 2002/04/06 15:15:43
-#
-
-# PROVIDE: network_ipv6
-# REQUIRE: routing ip6fw
-# KEYWORD: nojail
-
-. /etc/rc.subr
-. /etc/network.subr
-
-name="network_ipv6"
-rcvar=`set_rcvar ipv6`
-start_cmd="network_ipv6_start"
-
-network_ipv6_start()
-{
-	# disallow "internal" addresses to appear on the wire
-	route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
-	route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
-
-	case ${ipv6_network_interfaces} in
-	[Aa][Uu][Tt][Oo])
-		# Get a list of network interfaces
-		ipv6_network_interfaces="`ifconfig -l`"
-		;;
-	[Nn][Oo][Nn][Ee])
-		ipv6_network_interfaces=''
-		;;
-	esac
-
-	if checkyesno ipv6_gateway_enable; then
-		# act as a router
-		${SYSCTL_W} net.inet6.ip6.forwarding=1
-		${SYSCTL_W} net.inet6.ip6.accept_rtadv=0
-
-		# wait for DAD
-		for i in $ipv6_network_interfaces; do
-			ifconfig $i up
-		done
-		sleep `${SYSCTL_N} net.inet6.ip6.dad_count`
-		sleep 1
-	else
-		# act as endhost - start with manual configuration
-		# Setup of net.inet6.ip6.accept_rtadv is done later by
-		# network6_interface_setup.
-		${SYSCTL_W} net.inet6.ip6.forwarding=0
-	fi
-
-	if [ -n "${ipv6_network_interfaces}" ]; then
-		# Setup the interfaces
-		network6_interface_setup $ipv6_network_interfaces
-
-		# wait for DAD's completion (for global addrs)
-		sleep `${SYSCTL_N} net.inet6.ip6.dad_count`
-		sleep 1
-	fi
-
-	# Filter out interfaces on which IPv6 initialization failed.
-	if checkyesno ipv6_gateway_enable; then
-		ipv6_working_interfaces=""
-		for i in ${ipv6_network_interfaces}; do
-			laddr=`network6_getladdr $i exclude_tentative`
-			case ${laddr} in
-			'')
-				;;
-			*)
-				ipv6_working_interfaces="$i \
-				    ${ipv6_working_interfaces}"
-				;;
-			esac
-		done
-		ipv6_network_interfaces=${ipv6_working_interfaces}
-	fi
-
-	# Setup IPv6 to IPv4 mapping
-	network6_stf_setup
-
-	# Install the "default interface" to kernel, which will be used
-	# as the default route when there's no router.
-	network6_default_interface_setup
-
-	# Setup static routes
-	network6_static_routes_setup
-
-	# Setup faith
-	network6_faith_setup
-
-	# Support for IPv4 address tacked onto an IPv6 address
-	if checkyesno ipv6_ipv4mapping; then
-		echo 'IPv4 mapped IPv6 address support=YES'
-		${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null
-	else
-		echo 'IPv4 mapped IPv6 address support=NO'
-		${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null
-	fi
-}
-
-load_rc_config $name
-run_rc_command "$1"
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@ -21,17 +21,79 @@ options_cmd="options_start"

 routing_start()
 {
-	static_start
-	options_start
+	static_start "$@"
+	options_start "$@"
 }

 routing_stop()
 {
+	static_stop "$@"
 	route -n flush
+	for i in ${ipv6_network_interfaces}; do
+		ifconfig $i inet6 -defaultif
+	done
 }

 static_start()
 {
+	local _af
+	_af=$1
+
+	case ${_af} in
+	inet)
+		do_static inet add
+		;;
+	inet6)
+		do_static inet6 add
+		;;
+	atm)
+		do_static atm add
+		;;
+	*)
+		do_static inet add
+		do_static inet6 add
+		do_static atm add
+		;;
+	esac
+}
+
+static_stop()
+{
+	local _af
+	_af=$1
+
+	case ${_af} in
+	inet)
+		do_static inet delete
+		;;
+	inet6)
+		do_static inet6 delete
+		;;
+	atm)
+		do_static atm delete
+		;;
+	*)
+		do_static inet delete
+		do_static inet6 delete
+		do_static atm delete
+		;;
+	esac
+}
+
+do_static()
+{
+	local _af _action
+	_af=$1
+	_action=$2
+
+	eval $1_static $2
+}
+
+inet_static()
+{
+	local _action
+	_action=$1
+
 	case ${defaultrouter} in
 	[Nn][Oo] | '')
 		;;
@ -41,20 +103,130 @@ static_start()
 		;;
 	esac

-	# Setup static routes. This should be done before router discovery.
-	#
 	if [ -n "${static_routes}" ]; then
 		for i in ${static_routes}; do
-			eval route_args=\$route_${i}
-			route add ${route_args}
+			route_args=`get_if_var $i route_IF`
+			route ${_action} ${route_args}
 		done
 	fi
-	# Now ATM static routes
-	#
+}
+
+inet6_static()
+{
+	local _action i
+	_action=$1
+
+	# disallow "internal" addresses to appear on the wire
+	route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
+	route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
+
+	case ${ipv6_defaultrouter} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		ipv6_static_routes="default ${ipv6_static_routes}"
+		ipv6_route_default="default ${ipv6_defaultrouter}"
+		;;
+	esac
+
+	if [ -n "${ipv6_static_routes}" ]; then
+		for i in ${ipv6_static_routes}; do
+			ipv6_route_args=`get_if_var $i ipv6_route_IF`
+			route ${_action} -inet6 ${route_args}
+		done
+	fi
+
+	# Fixup $ipv6_network_interfaces
+	case ${ipv6_network_interfaces} in
+	[Nn][Oo][Nn][Ee])
+		ipv6_network_interfaces=''
+		;;
+	esac
+
+	if checkyesno ipv6_gateway_enable; then
+		for i in ${ipv6_network_interfaces}; do
+
+			laddr=`network6_getladdr $i exclude_tentative`
+			case ${laddr} in
+			'')
+				;;
+			*)
+				ipv6_working_interfaces="$i \
+				    ${ipv6_working_interfaces}"
+				;;
+			esac
+		done
+		ipv6_network_interfaces=${ipv6_working_interfaces}
+	fi
+
+	# Install the "default interface" to kernel, which will be used
+	# as the default route when there's no router.
+	case "${ipv6_default_interface}" in
+	[Nn][Oo] | [Nn][Oo][Nn][Ee])
+		ipv6_default_interface=""
+		;;
+	[Aa][Uu][Tt][Oo] | "")
+		for i in ${ipv6_network_interfaces}; do
+			case $i in
+			lo0|faith[0-9]*)
+				continue
+				;;
+			esac
+			laddr=`network6_getladdr $i exclude_tentative`
+			case ${laddr} in
+			'')
+				;;
+			*)
+				ipv6_default_interface=$i
+				break
+				;;
+			esac
+		done
+		;;
+	esac
+
+	# Disallow unicast packets without outgoing scope identifiers,
+	# or route such packets to a "default" interface, if it is specified.
+	route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
+
+	case ${ipv6_default_interface} in
+	'')
+		route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
+		;;
+	*)
+		laddr=`network6_getladdr ${ipv6_default_interface}`
+		route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface
+
+		# Disable installing the default interface with the
+		# case net.inet6.ip6.forwarding=0 and
+		# the interface with no ND6_IFF_ACCEPT_RTADV
+		# to avoid conflict between the default router list and
+		# the manual configured default route.
+		if ! checkyesno ipv6_gateway_enable; then
+			ifconfig ${ipv6_default_interface} nd6 | \
+			while read proto options
+			do
+				case "${proto}:${options}" in
+				nd6:*ACCEPT_RTADV*)
+					ifconfig ${ipv6_default_interface} inet6 defaultif
+					break
+				;;
+				esac
+			done
+		fi
+		;;
+	esac
+}
+
+atm_static()
+{
+	local _action i
+	_action=$1
+
 	if [ -n "${natm_static_routes}" ]; then
 		for i in ${natm_static_routes}; do
-			eval route_args=\$route_${i}
-			atmconfig natm add ${route_args}
+			route_args=`get_if_var $i route_IF`
+			atmconfig natm ${_action} ${route_args}
 		done
 	fi
 }
@ -70,72 +242,62 @@ ropts_init()

 options_start()
 {
-	case ${icmp_bmcastecho} in
-	[Yy][Ee][Ss])
+	if checkyesno icmp_bmcastecho; then
 		ropts_init
 		echo -n ' broadcast ping responses=YES'
 		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
-		;;
-	esac
+	fi

-	case ${icmp_drop_redirect} in
-	[Yy][Ee][Ss])
+	if checkyesno icmp_drop_redirect; then
 		ropts_init
 		echo -n ' ignore ICMP redirect=YES'
 		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
-		;;
-	esac
+	fi

-	case ${icmp_log_redirect} in
-	[Yy][Ee][Ss])
+	if checkyesno icmp_log_redirect; then
 		ropts_init
 		echo -n ' log ICMP redirect=YES'
 		sysctl net.inet.icmp.log_redirect=1 >/dev/null
-		;;
-	esac
+	fi

-	case ${gateway_enable} in
-	[Yy][Ee][Ss])
+	if checkyesno gateway_enable; then
 		ropts_init
-		echo -n ' IP gateway=YES'
+		echo -n ' IPv4 gateway=YES'
 		sysctl net.inet.ip.forwarding=1 >/dev/null
-		;;
-	esac
+	fi

-	case ${forward_sourceroute} in
-	[Yy][Ee][Ss])
+	if checkyesno ipv6_gateway_enable; then
+		ropts_init
+		echo -n ' IPv6 gateway=YES'
+		sysctl net.inet6.ip6.forwarding=1 >/dev/null
+	fi
+
+	if checkyesno forward_sourceroute; then
 		ropts_init
 		echo -n ' do source routing=YES'
 		sysctl net.inet.ip.sourceroute=1 >/dev/null
-		;;
-	esac
+	fi

-	case ${accept_sourceroute} in
-	[Yy][Ee][Ss])
+	if checkyesno accept_sourceroute; then
 		ropts_init
 		echo -n ' accept source routing=YES'
 		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
-		;;
-	esac
+	fi

-	case ${ipxgateway_enable} in
-	[Yy][Ee][Ss])
+	if checkyesno ipxgateway_enable; then
 		ropts_init
 		echo -n ' IPX gateway=YES'
 		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
-		;;
-	esac
+	fi

-	case ${arpproxy_all} in
-	[Yy][Ee][Ss])
+	if checkyesno arpproxy_all; then
 		ropts_init
 		echo -n ' ARP proxyall=YES'
 		sysctl net.link.ether.inet.proxyall=1 >/dev/null
-		;;
-	esac
+	fi

 	 [ -n "${_ropts_initdone}" ] && echo '.'
 }

 load_rc_config $name
-run_rc_command "$1"
+run_rc_command "$@"
--- a/etc/rc.d/stf
+++ b/etc/rc.d/stf
@ -0,0 +1,79 @@
+#!/bin/sh
+# $FreeBSD$
+#
+
+# PROVIDE: stf
+# REQUIRE: netif routing
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="stf"
+start_cmd="stf_up"
+stop_cmd="stf_down"
+
+stf_up()
+{
+	case ${stf_interface_ipv4addr} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		# assign IPv6 addr and interface route for 6to4 interface
+		stf_prefixlen=$((16+${stf_interface_ipv4plen:-0}))
+		OIFS="$IFS"
+		IFS=".$IFS"
+		set ${stf_interface_ipv4addr}
+		IFS="$OIFS"
+		hexfrag1=`hexprint $(($1*256 + $2))`
+		hexfrag2=`hexprint $(($3*256 + $4))`
+		ipv4_in_hexformat="${hexfrag1}:${hexfrag2}"
+		case ${stf_interface_ipv6_ifid} in
+		[Aa][Uu][Tt][Oo] | '')
+			for i in ${ipv6_network_interfaces}; do
+				laddr=`network6_getladdr ${i}`
+				case ${laddr} in
+				'')
+					;;
+				*)
+					break
+					;;
+				esac
+			done
+			stf_interface_ipv6_ifid=`expr "${laddr}" : \
+						      'fe80::\(.*\)%\(.*\)'`
+			case ${stf_interface_ipv6_ifid} in
+			'')
+				stf_interface_ipv6_ifid=0:0:0:1
+				;;
+			esac
+			;;
+		esac
+		echo "Configuring 6to4 tunnel interface: stf0." 
+		ifconfig stf0 create >/dev/null 2>&1
+		ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \
+			prefixlen ${stf_prefixlen}
+		if [ -z "${rc_quiet}" ]; then
+			/sbin/ifconfig stf0
+		fi
+		# disallow packets to malicious 6to4 prefix
+		route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
+		route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
+		route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
+		route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
+		;;
+	esac
+}
+
+stf_down()
+{
+	echo "Removing 6to4 tunnel interface: stf0." 
+	ifconfig stf0 destroy
+	route delete -inet6 2002:e000:: -prefixlen 20 ::1
+	route delete -inet6 2002:7f00:: -prefixlen 24 ::1
+	route delete -inet6 2002:0000:: -prefixlen 24 ::1
+	route delete -inet6 2002:ff00:: -prefixlen 24 ::1
+}
+
+load_rc_config $name
+run_rc_command "$1"
--- a/etc/rc.d/sysctl
+++ b/etc/rc.d/sysctl
@ -5,7 +5,7 @@

 # PROVIDE: sysctl
 # REQUIRE: root
-# BEFORE:  DAEMON
+# BEFORE: FILESYSTEMS

 . /etc/rc.subr