diff --git a/etc/network.subr b/etc/network.subr index e794faba2d70..c9462fac22d5 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -45,13 +45,14 @@ ifn_start() ifscript_up ${ifn} && cfg=0 ifconfig_up ${ifn} && cfg=0 ipv4_up ${ifn} && cfg=0 + ipv6_up ${ifn} && cfg=0 ipx_up ${ifn} && cfg=0 - childif_create ${ifn} + childif_create ${ifn} && cfg=0 return $cfg } -# ifn_start ifn +# ifn_stop ifn # Shutdown and de-configure an interface. If action is taken print the # interface name. # @@ -61,13 +62,14 @@ ifn_stop() ifn="$1" cfg=1 - [ -z "$ifn" ] && return 1 + [ -z "$ifn" ] && err 1 "ifn_stop called without an interface" ipx_down ${ifn} && cfg=0 + ipv6_down ${ifn} && cfg=0 ipv4_down ${ifn} && cfg=0 ifconfig_down ${ifn} && cfg=0 ifscript_down ${ifn} && cfg=0 - childif_destroy ${ifn} + childif_destroy ${ifn} && cfg=0 return $cfg } @@ -81,15 +83,53 @@ ifn_stop() # ifconfig_up() { + local _cfg _ipv6_opts ifconfig_args _cfg=1 + # ifconfig_IF ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then ifconfig $1 ${ifconfig_args} - ifconfig $1 up _cfg=0 fi + # inet6 specific + if afexists inet6; then + if ipv6if $1; then + if checkyesno ipv6_gateway_enable; then + _ipv6_opts="-accept_rtadv auto_linklocal" + else + _ipv6_opts="auto_linklocal" + fi + else + _ipv6_opts="-auto_linklocal ifdisabled" + fi + + ifconfig $1 inet6 ${_ipv6_opts} + + # ifconfig_IF_ipv6 + ifconfig_args=`ifconfig_getargs $1 ipv6` + if [ -n "${ifconfig_args}" ]; then + ifconfig $1 inet6 -ifdisabled + ifconfig $1 ${ifconfig_args} + _cfg=0 + fi + + # backward compatiblity: $ipv6_ifconfig_IF + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` + if [ -n "${ifconfig_args}" ]; then + warn "\$ipv6_ifconfig_$1 is obsolete." \ + " Use ifconfig_$1_ipv6 instead." + ifconfig $1 inet6 -ifdisabled + ifconfig $1 inet6 ${ifconfig_args} + _cfg=0 + fi + fi + + if [ ${_cfg} -eq 0 ]; then + ifconfig $1 up + fi + if wpaif $1; then /etc/rc.d/wpa_supplicant start $1 _cfg=0 # XXX: not sure this should count @@ -114,7 +154,7 @@ ifconfig_up() # ifconfig_down() { - [ -z "$1" ] && return 1 + local _cfg _cfg=1 if wpaif $1; then @@ -143,6 +183,8 @@ ifconfig_down() # $default if given. get_if_var() { + local _if _punct _var _default prefix suffix + if [ $# -ne 2 -a $# -ne 3 ]; then err 3 'USAGE: get_if_var name var [default]' fi @@ -160,26 +202,30 @@ get_if_var() eval echo \${${prefix}${_if}${suffix}-${_default}} } -# _ifconfig_getargs if +# _ifconfig_getargs if [af] # Echos the arguments for the supplied interface to stdout. # returns 1 if empty. In general, ifconfig_getargs should be used # outside this file. _ifconfig_getargs() { + local _ifn _af _ifn=$1 + _af=${2+_$2} + if [ -z "$_ifn" ]; then return 1 fi - get_if_var $_ifn ifconfig_IF "$ifconfig_DEFAULT" + get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" } -# ifconfig_getargs if +# ifconfig_getargs if [af] # Takes the result from _ifconfig_getargs and removes pseudo # args such as DHCP and WPA. ifconfig_getargs() { - _tmpargs=`_ifconfig_getargs $1` + local _tmpargs _arg _args + _tmpargs=`_ifconfig_getargs $1 $2` if [ $? -eq 1 ]; then return 1 fi @@ -206,7 +252,9 @@ ifconfig_getargs() # boot time and 1 otherwise. autoif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Aa][Uu][Tt][Oo]) @@ -214,6 +262,7 @@ autoif() ;; esac done + return 0 } @@ -221,7 +270,9 @@ autoif() # Returns 0 if the interface is a DHCP interface and 1 otherwise. dhcpif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Dd][Hh][Cc][Pp]) @@ -235,6 +286,7 @@ dhcpif() ;; esac done + return 1 } @@ -243,7 +295,9 @@ dhcpif() # 1 otherwise. syncdhcpif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) @@ -254,18 +308,17 @@ syncdhcpif() ;; esac done - if checkyesno synchronous_dhclient; then - return 0 - else - return 1 - fi + + checkyesno synchronous_dhclient } # wpaif if # Returns 0 if the interface is a WPA interface and 1 otherwise. wpaif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Ww][Pp][Aa]) @@ -273,6 +326,54 @@ wpaif() ;; esac done + + return 1 +} + +# afexists af +# Returns 0 if the address family is enabled in the kernel +# 1 otherwise. +afexists() +{ + local _af + _af=$1 + + case ${_af} in + inet) + ${SYSCTL_N} net.inet > /dev/null 2>&1 + ;; + inet6) + ${SYSCTL_N} net.inet6 > /dev/null 2>&1 + ;; + *) + err 1 "afexists(): Unsupported address family: $_af" + ;; + esac +} + +# noafif if +# Returns 0 if the interface has no af configuration and 1 otherwise. +noafif() +{ + local _if + _if=$1 + + case $_if in + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) + return 0 + ;; + esac + return 1 } @@ -281,9 +382,20 @@ wpaif() # 1 otherwise. ipv6if() { - if ! checkyesno ipv6_enable; then + local _if i + _if=$1 + + if ! afexists inet6; then return 1 fi + + # lo0 is always IPv6-enabled + case $_if in + lo0) + return 0 + ;; + esac + case "${ipv6_network_interfaces}" in [Aa][Uu][Tt][Oo]) return 0 @@ -292,11 +404,53 @@ ipv6if() return 1 ;; esac - for v6if in ${ipv6_network_interfaces}; do - if [ "${v6if}" = "${1}" ]; then + + for i in ${ipv6_network_interfaces}; do + if [ "$i" = "$_if" ]; then return 0 fi done + + return 1 +} + +# ipv6_autoconfif if +# Returns 0 if the interface should be configured for IPv6 with +# Stateless Address Configuration, 1 otherwise. +ipv6_autoconfif() +{ + local _if _tmpargs _arg + _if=$1 + + if ! ipv6if $_if; then + return 1 + fi + if noafif $_if; then + return 1 + fi + if checkyesno ipv6_gateway_enable; then + return 1 + fi + + case $_if in + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*) + return 1 + ;; + esac + + _tmpargs=`_ifconfig_getargs $_if ipv6` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + return 1 } @@ -304,6 +458,7 @@ ipv6if() # Returns 0 if the interface exists and 1 otherwise. ifexists() { + [ -z "$1" ] && return 1 ifconfig -n $1 > /dev/null 2>&1 } @@ -311,21 +466,48 @@ ifexists() # add IPv4 addresses to the interface $if ipv4_up() { + local _if _ret _if=$1 - ifalias_up ${_if} - ipv4_addrs_common ${_if} alias + _ret=1 + + ifalias_up ${_if} inet && _ret=0 + ipv4_addrs_common ${_if} alias && _ret=0 + + return $_ret +} + +# ipv6_up if +# add IPv6 addresses to the interface $if +ipv6_up() +{ + local _if _ret + _if=$1 + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ifalias_up ${_if} inet6 && _ret=0 + ipv6_prefix_hostid_addr_up ${_if} && _ret=0 + ipv6_accept_rtadv_up ${_if} && _ret=0 + + # wait for DAD + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + sleep 1 + + return $_ret } # ipv4_down if # remove IPv4 addresses from the interface $if ipv4_down() { + local _if _ifs _ret inetList oldifs _inet _if=$1 _ifs="^" _ret=1 - ifexists ${_if} || return 1 - inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" oldifs="$IFS" @@ -343,17 +525,55 @@ ipv4_down() done IFS="$oldifs" - ifalias_down ${_if} && _ret=0 + ifalias_down ${_if} inet && _ret=0 ipv4_addrs_common ${_if} -alias && _ret=0 return $_ret } +# ipv6_down if +# remove IPv6 addresses from the interface $if +ipv6_down() +{ + local _if _ifs _ret inetList oldifs _inet6 + _if=$1 + _ifs="^" + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ipv6_accept_rtadv_down ${_if} && _ret=0 + ifalias_down ${_if} inet6 && _ret=0 + + inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" + + oldifs="$IFS" + IFS="$_ifs" + for _inet6 in $inetList ; do + # get rid of extraneous line + [ -z "$_inet6" ] && break + + _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` + + IFS="$oldifs" + ifconfig ${_if} ${_inet6} -alias + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + return $_ret +} + # ipv4_addrs_common if action # Evaluate the ifconfig_if_ipv4 arguments for interface $if # and use $action to add or remove IPv4 addresses from $if. ipv4_addrs_common() { + local _ret _if _action _cidr _cidr_addr + local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount _ret=1 _if=$1 _action=$2 @@ -386,53 +606,239 @@ ipv4_addrs_common() fi done done + return $_ret } -# ifalias_up if +# ifalias_up if af # Configure aliases for network interface $if. # It returns 0 if at least one alias was configured or # 1 if there were none. # ifalias_up() { + local _ret _ret=1 - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then - ifconfig $1 ${ifconfig_args} alias - alias=$((${alias} + 1)) - _ret=0 - else - break - fi - done + + case "$2" in + inet) + _ret=`ifalias_ipv4_up "$1"` + ;; + inet6) + _ret=`ifalias_ipv6_up "$1"` + ;; + esac + return $_ret } -#ifalias_down if +# ifalias_ipv4_up if +# Helper function for ifalias_up(). Handles IPv4. +# +ifalias_ipv4_up() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet\ *) + ifconfig $1 ${ifconfig_args} alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +# ifalias_ipv6_up if +# Helper function for ifalias_up(). Handles IPv6. +# +ifalias_ipv6_up() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet6" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0 + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." + " Use ifconfig_$1_aliasN instead." + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +#ifalias_down if af # Remove aliases for network interface $if. # It returns 0 if at least one alias was removed or # 1 if there were none. # ifalias_down() { + local _ret _ret=1 + + case "$2" in + inet) + _ret=`ifalias_ipv4_down "$1"` + ;; + inet6) + _ret=`ifalias_ipv6_down "$1"` + ;; + esac + + return $_ret +} + +#ifalias_ipv4_down if +# Helper function for ifalias_down(). Handles IPv4. +# +ifalias_ipv4_down() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then - ifconfig $1 ${ifconfig_args} -alias - alias=$((${alias} + 1)) - _ret=0 - else + case "${ifconfig_args}" in + inet\ *) + ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ;; + "") break - fi + ;; + esac + alias=$((${alias} + 1)) done + return $_ret } +#ifalias_ipv6_down if +# Helper function for ifalias_down(). Handles IPv6. +# +ifalias_ipv6_down() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet6" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} -alias + alias=$((${alias} + 1)) + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." + " Use ifconfig_$1_aliasN instead." + _ret=0 + ;; + esac + done + + return $_ret +} + +# ipv6_prefix_hostid_addr_up if +# add IPv6 prefix + hostid addr to the interface $if +ipv6_prefix_hostid_addr_up() +{ + local _if prefix laddr hostid j address + _if=$1 + prefix=`get_if_var ${_if} ipv6_prefix_IF` + + if [ -n "${prefix}" ]; then + laddr=`network6_getladdr ${_if}` + hostid=${laddr#fe80::} + hostid=${hostid%\%*} + + for j in ${prefix}; do + address=$j\:${hostid} + ifconfig ${_if} inet6 ${address} prefixlen 64 alias + + # if I am a router, add subnet router + # anycast address (RFC 2373). + if checkyesno ipv6_gateway_enable; then + ifconfig ${_if} inet6 $j:: prefixlen 64 \ + alias anycast + fi + done + fi +} + +# ipv6_accept_rtadv_up if +# Enable accepting Router Advertisement and send Router +# Solicitation message +ipv6_accept_rtadv_up() +{ + if ipv6_autoconfif $1; then + ifconfig $1 inet6 accept_rtadv up + rtsol ${rtsol_flags} $1 + fi +} + +# ipv6_accept_rtadv_down if +# Disable accepting Router Advertisement +ipv6_accept_rtadv_down() +{ + if ipv6_autoconfif $1; then + ifconfig $1 inet6 -accept_rtadv + fi +} + # ifscript_up if # Evaluate a startup script for the $if interface. # It returns 0 if a script was found and processed or @@ -443,8 +849,9 @@ ifscript_up() if [ -r /etc/start_if.$1 ]; then . /etc/start_if.$1 return 0 + else + return 1 fi - return 1 } # ifscript_down if @@ -457,16 +864,20 @@ ifscript_down() if [ -r /etc/stop_if.$1 ]; then . /etc/stop_if.$1 return 0 + else + return 1 fi - return 1 } # Create cloneable interfaces. # clone_up() { + local _prefix _list ifn _prefix= _list= + + # create_args_IF for ifn in ${cloned_interfaces}; do ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF` if [ $? -eq 0 ]; then @@ -482,8 +893,10 @@ clone_up() # clone_down() { + local _prefix _list ifn _prefix= _list= + for ifn in ${cloned_interfaces}; do ifconfig ${ifn} destroy if [ $? -eq 0 ]; then @@ -501,7 +914,6 @@ childif_create() { local cfg child child_wlans create_args debug_flags ifn i cfg=1 - ifn=$1 # Create wireless interfaces @@ -536,11 +948,14 @@ childif_create() childif_destroy() { local cfg child child_wlans ifn + cfg=1 child_wlans="`get_if_var $ifn wlans_IF` `get_if_var $ifn vaps_IF`" for child in ${child_wlans}; do ifconfig $child destroy && cfg=0 done + + return ${cfg} } # Create netgraph nodes. @@ -553,6 +968,8 @@ EOF } ng_create_one() { + local t + ng_mkpeer $* | while read line; do t=`expr "${line}" : '.* name="\([a-z]*[0-9]*\)" .*'` if [ -n "${t}" ]; then @@ -563,6 +980,8 @@ ng_create_one() { } gif_up() { + local i peers + for i in ${gif_interfaces}; do peers=`get_if_var $i gifconfig_IF` case ${peers} in @@ -586,7 +1005,8 @@ gif_up() { # ng_fec_create ifn # Configure Fast EtherChannel for interface $ifn. Returns 0 if FEC # arguments were found and configured; returns !0 otherwise. -ng_fec_create() { +ng_fec_create() +{ local req_iface iface bogus req_iface="$1" @@ -610,6 +1030,8 @@ ng_fec_create() { } fec_up() { + local i j + for i in ${fec_interfaces}; do ng_fec_create $i for j in `get_if_var $i fecconfig_IF`; do @@ -632,12 +1054,16 @@ fec_up() { # ipx_up() { + local ifn ifn="$1" - ifconfig_args=`get_if_var $ifn ifconfig_IF_ipx` + + # ifconfig_IF_ipx + ifconfig_args=`_ifconfig_getargs $ifn ipx` if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} return 0 fi + return 1 } @@ -647,15 +1073,13 @@ ipx_up() # ipx_down() { - [ -z "$1" ] && return 1 + local _if _ifs _ret ipxList oldifs _ipx + _if=$1 _ifs="^" _ret=1 - - ifexists $1 || return 1 - - ipxList="`ifconfig $1 | grep 'ipx ' | tr "\n" "$_ifs"`" - + ipxList="`ifconfig ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`" oldifs="$IFS" + IFS="$_ifs" for _ipx in $ipxList ; do # get rid of extraneous line @@ -664,7 +1088,7 @@ ipx_down() _ipx=`expr "$_ipx" : '.*\(ipx [0-9a-h]\{1,8\}H*\.[0-9a-h]\{1,12\}\).*'` IFS="$oldifs" - ifconfig $1 ${_ipx} delete + ifconfig ${_if} ${_ipx} delete IFS="$_ifs" _ret=0 done @@ -678,25 +1102,29 @@ ipx_down() # ifnet_rename() { + local _if _ifname - _ifn_list="`ifconfig -l`" - [ -z "$_ifn_list" ] && return 0 - for _if in ${_ifn_list} ; do + # ifconfig_IF_name + for _if in `ifconfig -l`; do _ifname=`get_if_var $_if ifconfig_IF_name` if [ ! -z "$_ifname" ]; then ifconfig $_if name $_ifname fi done + return 0 } -# # list_net_interfaces type # List all network interfaces. The type of interface returned # can be controlled by the type argument. The type # argument can be any of the following: # nodhcp - all interfaces, excluding DHCP configured interfaces # dhcp - list only DHCP configured interfaces +# noautoconf - all interfaces, excluding IPv6 Stateless +# Address Autoconf configured interfaces +# autoconf - list only IPv6 Stateless Address Autoconf +# configured interfaces # If no argument is specified all network interfaces are output. # Note that the list will include cloned interfaces if applicable. # Cloned interfaces must already exist to have a chance to appear @@ -704,13 +1132,14 @@ ifnet_rename() # list_net_interfaces() { + local type _tmplist _list _autolist _lo _if type=$1 # Get a list of ALL the interfaces and make lo0 first if it's there. # + _tmplist= case ${network_interfaces} in [Aa][Uu][Tt][Oo]) - _prefix='' _autolist="`ifconfig -l`" _lo= for _if in ${_autolist} ; do @@ -718,12 +1147,11 @@ list_net_interfaces() if [ "$_if" = "lo0" ]; then _lo="lo0 " else - _tmplist="${_tmplist}${_prefix}${_if}" - [ -z "$_prefix" ] && _prefix=' ' + _tmplist="${_tmplist} ${_if}" fi fi done - _tmplist="${_lo}${_tmplist}" + _tmplist="${_lo}${_tmplist# }" ;; *) _tmplist="${network_interfaces} ${cloned_interfaces}" @@ -737,33 +1165,45 @@ list_net_interfaces() ;; esac - if [ -z "$type" ]; then - echo $_tmplist - return 0 - fi - - # Separate out dhcp and non-dhcp interfaces - # - _aprefix= - _bprefix= - for _if in ${_tmplist} ; do - if dhcpif $_if; then - _dhcplist="${_dhcplist}${_aprefix}${_if}" - [ -z "$_aprefix" ] && _aprefix=' ' - elif [ -n "`_ifconfig_getargs $_if`" ]; then - _nodhcplist="${_nodhcplist}${_bprefix}${_if}" - [ -z "$_bprefix" ] && _bprefix=' ' - fi - done - + _list= case "$type" in nodhcp) - echo $_nodhcplist + for _if in ${_tmplist} ; do + if ! dhcpif $_if && \ + [ -n "`_ifconfig_getargs $_if`" ]; then + _list="${_list# } ${_if}" + fi + done ;; dhcp) - echo $_dhcplist + for _if in ${_tmplist} ; do + if dhcpif $_if; then + _list="${_list# } ${_if}" + fi + done + ;; + noautoconf) + for _if in ${_tmplist} ; do + if ! ipv6_autoconfif $_if && \ + [ -n "`_ifconfig_getargs $_if ipv6`" ]; then + _list="${_list# } ${_if}" + fi + done + ;; + autoconf) + for _if in ${_tmplist} ; do + if ipv6_autoconfif $_if; then + _list="${_list# } ${_if}" + fi + done + ;; + *) + _list=${_tmplist} ;; esac + + echo $_list + return 0 } @@ -773,12 +1213,12 @@ list_net_interfaces() # get_default_if() { - routeget="`route -n get $1 default 2>/dev/null`" + local routeget oldifs defif line + defif= oldifs="$IFS" IFS=" " - defif= - for line in $routeget ; do + for line in `route -n get $1 default 2>/dev/null`; do case $line in *interface:*) defif=${line##*: } @@ -808,12 +1248,13 @@ hexdigit() hexprint() { + local val str dig val=$1 str='' - dig=`hexdigit $((${val} & 15))` str=${dig}${str} val=$((${val} >> 4)) + while [ ${val} -gt 0 ]; do dig=`hexdigit $((${val} & 15))` str=${dig}${str} @@ -834,255 +1275,9 @@ is_wired_interface() test "$media" = "Ethernet" } -# Setup the interfaces for IPv6 -network6_interface_setup() -{ - interfaces=$* - rtsol_interfaces='' - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - rtsol_available=no - ;; - *) - rtsol_available=yes - ;; - esac - for i in $interfaces; do - rtsol_interface=yes - prefix=`get_if_var $i ipv6_prefix_IF` - if [ -n "${prefix}" ]; then - rtsol_available=no - rtsol_interface=no - laddr=`network6_getladdr $i` - hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` - for j in ${prefix}; do - address=$j\:${hostid} - ifconfig $i inet6 ${address} prefixlen 64 alias - - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - # subnet-router anycast address - # (rfc2373) - ifconfig $i inet6 $j:: prefixlen 64 \ - alias anycast - ;; - esac - done - fi - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF` - if [ -n "${ipv6_ifconfig}" ]; then - rtsol_available=no - rtsol_interface=no - ifconfig $i inet6 ${ipv6_ifconfig} alias - fi - - # Wireless NIC cards are virtualized through the wlan interface - if ! is_wired_interface ${i}; then - case "${i}" in - wlan*) rtsol_interface=yes ;; - *) rtsol_interface=no ;; - esac - fi - - if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ] - then - case ${i} in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*|pflog[0-9]*|pfsync[0-9]*) - ;; - *) - rtsol_interfaces="${rtsol_interfaces} ${i}" - ;; - esac - else - ifconfig $i inet6 - fi - done - - if [ ${rtsol_available} = yes -a -n "${rtsol_interfaces}" ]; then - # Act as endhost - automatically configured. - # You can configure only single interface, as - # specification assumes that autoconfigured host has - # single interface only. - sysctl net.inet6.ip6.accept_rtadv=1 - set ${rtsol_interfaces} - ifconfig $1 up - rtsol ${rtsol_flags} $1 - fi - - for i in $interfaces; do - alias=0 - while : ; do - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF_alias${alias}` - if [ -z "${ipv6_ifconfig}" ]; then - break; - fi - ifconfig $i inet6 ${ipv6_ifconfig} alias - alias=$((${alias} + 1)) - done - done -} - -# Setup IPv6 to IPv4 mapping -network6_stf_setup() -{ - case ${stf_interface_ipv4addr} in - [Nn][Oo] | '') - ;; - *) - # assign IPv6 addr and interface route for 6to4 interface - stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) - OIFS="$IFS" - IFS=".$IFS" - set ${stf_interface_ipv4addr} - IFS="$OIFS" - hexfrag1=`hexprint $(($1*256 + $2))` - hexfrag2=`hexprint $(($3*256 + $4))` - ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" - case ${stf_interface_ipv6_ifid} in - [Aa][Uu][Tt][Oo] | '') - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr ${i}` - case ${laddr} in - '') - ;; - *) - break - ;; - esac - done - stf_interface_ipv6_ifid=`expr "${laddr}" : \ - 'fe80::\(.*\)%\(.*\)'` - case ${stf_interface_ipv6_ifid} in - '') - stf_interface_ipv6_ifid=0:0:0:1 - ;; - esac - ;; - esac - ifconfig stf0 create >/dev/null 2>&1 - ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ - prefixlen ${stf_prefixlen} - # disallow packets to malicious 6to4 prefix - route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject - route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject - route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject - route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject - ;; - esac -} - -# Setup static routes -network6_static_routes_setup() -{ - # Set up any static routes. - case ${ipv6_defaultrouter} in - [Nn][Oo] | '') - ;; - *) - ipv6_static_routes="default ${ipv6_static_routes}" - ipv6_route_default="default ${ipv6_defaultrouter}" - ;; - esac - case ${ipv6_static_routes} in - [Nn][Oo] | '') - ;; - *) - for i in ${ipv6_static_routes}; do - ipv6_route_args=`get_if_var $i ipv6_route_IF` - route add -inet6 ${ipv6_route_args} - done - ;; - esac -} - -# Setup faith -network6_faith_setup() -{ - case ${ipv6_faith_prefix} in - [Nn][Oo] | '') - ;; - *) - sysctl net.inet6.ip6.keepfaith=1 - ifconfig faith0 create >/dev/null 2>&1 - ifconfig faith0 up - for prefix in ${ipv6_faith_prefix}; do - prefixlen=`expr "${prefix}" : ".*/\(.*\)"` - case ${prefixlen} in - '') - prefixlen=96 - ;; - *) - prefix=`expr "${prefix}" : \ - "\(.*\)/${prefixlen}"` - ;; - esac - route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 - route change -inet6 ${prefix} -prefixlen ${prefixlen} \ - -ifp faith0 - done - ;; - esac -} - -# Install the "default interface" to kernel, which will be used -# as the default route when there's no router. -network6_default_interface_setup() -{ - # Choose IPv6 default interface if it is not clearly specified. - case ${ipv6_default_interface} in - '') - for i in ${ipv6_network_interfaces}; do - case $i in - lo0|faith[0-9]*) - continue - ;; - esac - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_default_interface=$i - break - ;; - esac - done - ;; - esac - - # Disallow unicast packets without outgoing scope identifiers, - # or route such packets to a "default" interface, if it is specified. - route add -inet6 fe80:: -prefixlen 10 ::1 -reject - case ${ipv6_default_interface} in - [Nn][Oo] | '') - route add -inet6 ff02:: -prefixlen 16 ::1 -reject - ;; - *) - laddr=`network6_getladdr ${ipv6_default_interface}` - route add -inet6 ff02:: ${laddr} -prefixlen 16 -interface \ - -cloning - - # Disable installing the default interface with the - # case net.inet6.ip6.forwarding=0 and - # net.inet6.ip6.accept_rtadv=0, due to avoid conflict - # between the default router list and the manual - # configured default route. - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - ;; - *) - if [ `sysctl -n net.inet6.ip6.accept_rtadv` -eq 1 ] - then - ndp -I ${ipv6_default_interface} - fi - ;; - esac - ;; - esac -} - network6_getladdr() { + local proto addr rest ifconfig $1 2>/dev/null | while read proto addr rest; do case ${proto} in inet6) diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index 110f3d783a29..fbfac8ac83dc 100755 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -4,13 +4,13 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ abi accounting addswap adjkerntz amd \ - apm apmd archdep atm1 atm2 atm3 auditd auto_linklocal \ + apm apmd archdep atm1 atm2 atm3 auditd \ bgfsck bluetooth bootparams bridge bsnmpd bthidd \ ccd cleanvar cleartmp cron \ ddb defaultroute devd devfs dhclient \ dmesg dumpon \ encswap \ - fsck ftp-proxy ftpd \ + faith fsck ftp-proxy ftpd \ gbde geli geli2 gssd \ hcsecd \ hostapd hostid hostid_save hostname \ @@ -23,7 +23,7 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ mixer motd mountcritlocal mountcritremote mountlate \ mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \ named natd netif netoptions \ - network_ipv6 newsyslog nfsclient nfscbd nfsd \ + newsyslog nfsclient nfscbd nfsd \ nfsserver nfsuserd nisdomain nsswitch ntpd ntpdate \ othermta \ pf pflog pfsync \ @@ -32,7 +32,7 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ random rarpd resolv rfcomm_pppd_server root \ route6d routed routing rpcbind rtadvd rwho \ savecore sdpd securelevel sendmail \ - serial sppp statd static_arp swap1 \ + serial sppp statd static_arp stf swap1 \ syscons sysctl syslogd \ timed tmp \ ugidfw \ diff --git a/etc/rc.d/NETWORKING b/etc/rc.d/NETWORKING index c72fe0c0267a..8da2498ce3aa 100755 --- a/etc/rc.d/NETWORKING +++ b/etc/rc.d/NETWORKING @@ -4,7 +4,7 @@ # # PROVIDE: NETWORKING NETWORK -# REQUIRE: netif netoptions routing network_ipv6 ppp ipfw +# REQUIRE: netif netoptions routing ppp ipfw stf faith # REQUIRE: defaultroute routed mrouted route6d mroute6d resolv # This is a dummy dependency, for services which require networking diff --git a/etc/rc.d/addswap b/etc/rc.d/addswap index 8ca3cf83696b..79bf1f1a1d95 100755 --- a/etc/rc.d/addswap +++ b/etc/rc.d/addswap @@ -7,7 +7,6 @@ # PROVIDE: addswap # REQUIRE: FILESYSTEMS -# BEFORE: sysctl # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/auto_linklocal b/etc/rc.d/auto_linklocal deleted file mode 100755 index 28d03c0cd6f0..000000000000 --- a/etc/rc.d/auto_linklocal +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: auto_linklocal -# REQUIRE: root -# BEFORE: sysctl -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="auto_linklocal" -start_cmd="auto_linklocal_start" -stop_cmd=":" - -auto_linklocal_start() -{ - if ! checkyesno ipv6_enable && ${SYSCTL} net.inet6 > /dev/null 2>&1; then - if ! ${SYSCTL_W} net.inet6.ip6.auto_linklocal=0 >/dev/null 2>&1; then - warn "failed to set sysctl(8)" - return 1 - fi - laddr=`network6_getladdr lo0` - if [ -z "${laddr}" ]; then - ifconfig lo0 inet6 fe80::1 prefixlen 64 - fi - fi -} - -load_rc_config $name -run_rc_command "$1" diff --git a/etc/rc.d/defaultroute b/etc/rc.d/defaultroute index 35b1c881e378..20e9025e18c4 100755 --- a/etc/rc.d/defaultroute +++ b/etc/rc.d/defaultroute @@ -6,7 +6,7 @@ # # PROVIDE: defaultroute -# REQUIRE: devd netif network_ipv6 +# REQUIRE: devd netif # KEYWORD: nojail . /etc/rc.subr @@ -18,7 +18,7 @@ stop_cmd=":" defaultroute_start() { - local output carrier nocarrier + local output carrier nocarrier nl # Return without waiting if we don't have dhcp interfaces or # if none of the dhcp interfaces is plugged in. @@ -41,6 +41,7 @@ defaultroute_start() if [ -n "${defif}" ]; then if [ ${delay} -ne ${defaultroute_delay} ]; then echo -n "($defif)" + nl=1 fi break fi @@ -49,11 +50,12 @@ defaultroute_start() else echo -n . fi + nl=1 sleep 1 - delay=`expr $delay - 1` + delay=$(($delay - 1)) done - echo + [ -n "$nl" ] && echo } load_rc_config $name diff --git a/etc/rc.d/devd b/etc/rc.d/devd index 8ce575a8cd35..1674a72df6fb 100755 --- a/etc/rc.d/devd +++ b/etc/rc.d/devd @@ -4,7 +4,7 @@ # # PROVIDE: devd -# REQUIRE: netif network_ipv6 +# REQUIRE: netif # BEFORE: NETWORKING mountcritremote # KEYWORD: nojail shutdown diff --git a/etc/rc.d/faith b/etc/rc.d/faith new file mode 100755 index 000000000000..020b947ec86a --- /dev/null +++ b/etc/rc.d/faith @@ -0,0 +1,77 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: faith +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="faith" +start_cmd="faith_up" +stop_cmd="faith_down" + +faith_up() +{ + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + echo "Configuring IPv6-to-IPv4 TCP relay capturing interface:" \ + " faith0." + ${SYSCTL_W} net.inet6.ip6.keepfaith=1 + ifconfig faith0 create >/dev/null 2>&1 + ifconfig faith0 up + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 + route change -inet6 ${prefix} -prefixlen ${prefixlen} \ + -ifp faith0 + done + if [ -z "${rc_quiet}" ]; then + ifconfig faith0 + fi + ;; + esac +} + +faith_down() +{ + echo "Removing IPv6-to-IPv4 TCP relay capturing interface: faith0." + ifconfig faith0 destroy + ${SYSCTL_W} net.inet6.ip6.keepfaith=0 + + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route delete -inet6 ${prefix} -prefixlen ${prefixlen} + done + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl index 88e1f990f0e2..518ac2569741 100755 --- a/etc/rc.d/ip6addrctl +++ b/etc/rc.d/ip6addrctl @@ -4,8 +4,8 @@ # # PROVIDE: ip6addrctl -# REQUIRE: FILESYSTEMS netif -# BEFORE: network_ipv6 +# REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr @@ -52,7 +52,7 @@ ip6addrctl_start() ip6addrctl install /etc/ip6addrctl.conf checkyesno ip6addrctl_verbose && ip6addrctl else - if checkyesno ipv6_enable; then + if checkyesno ipv6_prefer; then ip6addrctl_prefer_ipv6 else ip6addrctl_prefer_ipv4 diff --git a/etc/rc.d/mroute6d b/etc/rc.d/mroute6d index d733092df145..047f2419ba1d 100755 --- a/etc/rc.d/mroute6d +++ b/etc/rc.d/mroute6d @@ -4,7 +4,8 @@ # # PROVIDE: mroute6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing +# BEFORE: NETWORKING # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/netif b/etc/rc.d/netif index 7d79745c91d1..ac2cc581d521 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -41,6 +41,8 @@ clonedown_cmd="clone_down" extra_commands="cloneup clonedown" cmdifn= +set_rcvar_obsolete ipv6_enable + network_start() { # Set the list of interfaces to work on. diff --git a/etc/rc.d/network_ipv6 b/etc/rc.d/network_ipv6 deleted file mode 100755 index 381ced03de89..000000000000 --- a/etc/rc.d/network_ipv6 +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2000 The KAME Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# From: src/etc/rc.network6,v 1.29 2002/04/06 15:15:43 -# - -# PROVIDE: network_ipv6 -# REQUIRE: routing ip6fw -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="network_ipv6" -rcvar=`set_rcvar ipv6` -start_cmd="network_ipv6_start" - -network_ipv6_start() -{ - # disallow "internal" addresses to appear on the wire - route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject - route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject - - case ${ipv6_network_interfaces} in - [Aa][Uu][Tt][Oo]) - # Get a list of network interfaces - ipv6_network_interfaces="`ifconfig -l`" - ;; - [Nn][Oo][Nn][Ee]) - ipv6_network_interfaces='' - ;; - esac - - if checkyesno ipv6_gateway_enable; then - # act as a router - ${SYSCTL_W} net.inet6.ip6.forwarding=1 - ${SYSCTL_W} net.inet6.ip6.accept_rtadv=0 - - # wait for DAD - for i in $ipv6_network_interfaces; do - ifconfig $i up - done - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - else - # act as endhost - start with manual configuration - # Setup of net.inet6.ip6.accept_rtadv is done later by - # network6_interface_setup. - ${SYSCTL_W} net.inet6.ip6.forwarding=0 - fi - - if [ -n "${ipv6_network_interfaces}" ]; then - # Setup the interfaces - network6_interface_setup $ipv6_network_interfaces - - # wait for DAD's completion (for global addrs) - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - fi - - # Filter out interfaces on which IPv6 initialization failed. - if checkyesno ipv6_gateway_enable; then - ipv6_working_interfaces="" - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_working_interfaces="$i \ - ${ipv6_working_interfaces}" - ;; - esac - done - ipv6_network_interfaces=${ipv6_working_interfaces} - fi - - # Setup IPv6 to IPv4 mapping - network6_stf_setup - - # Install the "default interface" to kernel, which will be used - # as the default route when there's no router. - network6_default_interface_setup - - # Setup static routes - network6_static_routes_setup - - # Setup faith - network6_faith_setup - - # Support for IPv4 address tacked onto an IPv6 address - if checkyesno ipv6_ipv4mapping; then - echo 'IPv4 mapped IPv6 address support=YES' - ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null - else - echo 'IPv4 mapped IPv6 address support=NO' - ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null - fi -} - -load_rc_config $name -run_rc_command "$1" diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 563826d44d58..f75965cb8180 100755 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -21,17 +21,79 @@ options_cmd="options_start" routing_start() { - static_start - options_start + static_start "$@" + options_start "$@" } routing_stop() { + static_stop "$@" route -n flush + for i in ${ipv6_network_interfaces}; do + ifconfig $i inet6 -defaultif + done } static_start() { + local _af + _af=$1 + + case ${_af} in + inet) + do_static inet add + ;; + inet6) + do_static inet6 add + ;; + atm) + do_static atm add + ;; + *) + do_static inet add + do_static inet6 add + do_static atm add + ;; + esac +} + +static_stop() +{ + local _af + _af=$1 + + case ${_af} in + inet) + do_static inet delete + ;; + inet6) + do_static inet6 delete + ;; + atm) + do_static atm delete + ;; + *) + do_static inet delete + do_static inet6 delete + do_static atm delete + ;; + esac +} + +do_static() +{ + local _af _action + _af=$1 + _action=$2 + + eval $1_static $2 +} + +inet_static() +{ + local _action + _action=$1 + case ${defaultrouter} in [Nn][Oo] | '') ;; @@ -41,20 +103,130 @@ static_start() ;; esac - # Setup static routes. This should be done before router discovery. - # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} + route_args=`get_if_var $i route_IF` + route ${_action} ${route_args} done fi - # Now ATM static routes - # +} + +inet6_static() +{ + local _action i + _action=$1 + + # disallow "internal" addresses to appear on the wire + route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="default ${ipv6_static_routes}" + ipv6_route_default="default ${ipv6_defaultrouter}" + ;; + esac + + if [ -n "${ipv6_static_routes}" ]; then + for i in ${ipv6_static_routes}; do + ipv6_route_args=`get_if_var $i ipv6_route_IF` + route ${_action} -inet6 ${route_args} + done + fi + + # Fixup $ipv6_network_interfaces + case ${ipv6_network_interfaces} in + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; + esac + + if checkyesno ipv6_gateway_enable; then + for i in ${ipv6_network_interfaces}; do + + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_working_interfaces="$i \ + ${ipv6_working_interfaces}" + ;; + esac + done + ipv6_network_interfaces=${ipv6_working_interfaces} + fi + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + case "${ipv6_default_interface}" in + [Nn][Oo] | [Nn][Oo][Nn][Ee]) + ipv6_default_interface="" + ;; + [Aa][Uu][Tt][Oo] | "") + for i in ${ipv6_network_interfaces}; do + case $i in + lo0|faith[0-9]*) + continue + ;; + esac + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_default_interface=$i + break + ;; + esac + done + ;; + esac + + # Disallow unicast packets without outgoing scope identifiers, + # or route such packets to a "default" interface, if it is specified. + route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject + + case ${ipv6_default_interface} in + '') + route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject + ;; + *) + laddr=`network6_getladdr ${ipv6_default_interface}` + route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface + + # Disable installing the default interface with the + # case net.inet6.ip6.forwarding=0 and + # the interface with no ND6_IFF_ACCEPT_RTADV + # to avoid conflict between the default router list and + # the manual configured default route. + if ! checkyesno ipv6_gateway_enable; then + ifconfig ${ipv6_default_interface} nd6 | \ + while read proto options + do + case "${proto}:${options}" in + nd6:*ACCEPT_RTADV*) + ifconfig ${ipv6_default_interface} inet6 defaultif + break + ;; + esac + done + fi + ;; + esac +} + +atm_static() +{ + local _action i + _action=$1 + if [ -n "${natm_static_routes}" ]; then for i in ${natm_static_routes}; do - eval route_args=\$route_${i} - atmconfig natm add ${route_args} + route_args=`get_if_var $i route_IF` + atmconfig natm ${_action} ${route_args} done fi } @@ -70,72 +242,62 @@ ropts_init() options_start() { - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) + if checkyesno icmp_bmcastecho; then ropts_init echo -n ' broadcast ping responses=YES' sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac + fi - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_drop_redirect; then ropts_init echo -n ' ignore ICMP redirect=YES' sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac + fi - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_log_redirect; then ropts_init echo -n ' log ICMP redirect=YES' sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac + fi - case ${gateway_enable} in - [Yy][Ee][Ss]) + if checkyesno gateway_enable; then ropts_init - echo -n ' IP gateway=YES' + echo -n ' IPv4 gateway=YES' sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac + fi - case ${forward_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno ipv6_gateway_enable; then + ropts_init + echo -n ' IPv6 gateway=YES' + sysctl net.inet6.ip6.forwarding=1 >/dev/null + fi + + if checkyesno forward_sourceroute; then ropts_init echo -n ' do source routing=YES' sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac + fi - case ${accept_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno accept_sourceroute; then ropts_init echo -n ' accept source routing=YES' sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac + fi - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) + if checkyesno ipxgateway_enable; then ropts_init echo -n ' IPX gateway=YES' sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac + fi - case ${arpproxy_all} in - [Yy][Ee][Ss]) + if checkyesno arpproxy_all; then ropts_init echo -n ' ARP proxyall=YES' sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac + fi [ -n "${_ropts_initdone}" ] && echo '.' } load_rc_config $name -run_rc_command "$1" +run_rc_command "$@" diff --git a/etc/rc.d/stf b/etc/rc.d/stf new file mode 100755 index 000000000000..40b182a0de93 --- /dev/null +++ b/etc/rc.d/stf @@ -0,0 +1,79 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: stf +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="stf" +start_cmd="stf_up" +stop_cmd="stf_down" + +stf_up() +{ + case ${stf_interface_ipv4addr} in + [Nn][Oo] | '') + ;; + *) + # assign IPv6 addr and interface route for 6to4 interface + stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) + OIFS="$IFS" + IFS=".$IFS" + set ${stf_interface_ipv4addr} + IFS="$OIFS" + hexfrag1=`hexprint $(($1*256 + $2))` + hexfrag2=`hexprint $(($3*256 + $4))` + ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" + case ${stf_interface_ipv6_ifid} in + [Aa][Uu][Tt][Oo] | '') + for i in ${ipv6_network_interfaces}; do + laddr=`network6_getladdr ${i}` + case ${laddr} in + '') + ;; + *) + break + ;; + esac + done + stf_interface_ipv6_ifid=`expr "${laddr}" : \ + 'fe80::\(.*\)%\(.*\)'` + case ${stf_interface_ipv6_ifid} in + '') + stf_interface_ipv6_ifid=0:0:0:1 + ;; + esac + ;; + esac + echo "Configuring 6to4 tunnel interface: stf0." + ifconfig stf0 create >/dev/null 2>&1 + ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ + prefixlen ${stf_prefixlen} + if [ -z "${rc_quiet}" ]; then + /sbin/ifconfig stf0 + fi + # disallow packets to malicious 6to4 prefix + route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject + route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject + route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject + route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject + ;; + esac +} + +stf_down() +{ + echo "Removing 6to4 tunnel interface: stf0." + ifconfig stf0 destroy + route delete -inet6 2002:e000:: -prefixlen 20 ::1 + route delete -inet6 2002:7f00:: -prefixlen 24 ::1 + route delete -inet6 2002:0000:: -prefixlen 24 ::1 + route delete -inet6 2002:ff00:: -prefixlen 24 ::1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/sysctl b/etc/rc.d/sysctl index d1a42d152df4..1bc92aee1c40 100755 --- a/etc/rc.d/sysctl +++ b/etc/rc.d/sysctl @@ -5,7 +5,7 @@ # PROVIDE: sysctl # REQUIRE: root -# BEFORE: DAEMON +# BEFORE: FILESYSTEMS . /etc/rc.subr