1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-01 12:19:28 +00:00

Improve the handling of IPv6 configuration in rc.d. The ipv6_enable

and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.

With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.

Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].

1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.

2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.

3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.

4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.

5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).

6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.

7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.

8. In /etc/defaults/rc.conf:

Add an example for RTADV configuration.

Set ipv6_network_interfaces to AUTO.

Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.

Add a default for ipv6_privacy (NO).

9. Document all of this in rc.conf.5.
This commit is contained in:
Doug Barton 2010-04-09 01:35:09 +00:00
parent ad723e42a4
commit 8aa4c57946
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=206408
6 changed files with 177 additions and 188 deletions

View File

@ -210,6 +210,7 @@ cloned_interfaces="" # List of cloned network interfaces to create.
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
#ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry.
#ifconfig_ed0_ipv6="RTADV" # Sample IPv6 entry for RA/rtsol(8)
#ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry
#ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias
#ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0.
@ -439,8 +440,9 @@ rfcomm_pppd_server_two_channel="3" # Override local channel for 'two'
icmp_bmcastecho="NO" # respond to broadcast ping packets
### IPv6 options: ###
ipv6_network_interfaces="none" # List of IPv6 network interfaces
# (or "auto" or "none").
ipv6_network_interfaces="AUTO" # List of IPv6 network interfaces
ipv6_prefer="YES" # Use IPv6 when both IPv4 and IPv6 can be used
ipv6_privacy="NO" # Use privacy addresses with RTADV (RFC 4193)
ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO).
#ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068)
ipv6_static_routes="" # Set to static route list (or leave empty).
@ -499,7 +501,6 @@ ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
# for examples
ip6addrctl_enable="YES" # Set to YES to enable default address selection
ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages
ipv6_prefer="NO" # Use IPv6 when both IPv4 and IPv6 can be used
##############################################################
### System console options #################################

View File

@ -96,44 +96,32 @@ ifconfig_up()
# inet6 specific
if afexists inet6; then
if ipv6if $1; then
if checkyesno ipv6_gateway_enable; then
_ipv6_opts="-accept_rtadv"
# Implicitly handles ipv6_gateway_enable
_ipv6_opts='-ifdisabled -accept_rtadv'
if ipv6_autoconfif $1; then
_ipv6_opts='-ifdisabled accept_rtadv'
fi
ifconfig $1 inet6 $_ipv6_opts
# ifconfig_IF_ipv6
ifconfig_args=`ifconfig_getargs $1 ipv6`
if [ -n "$ifconfig_args" ]; then
ifconfig $1 $ifconfig_args
_cfg=0
fi
else
if checkyesno ipv6_prefer; then
_ipv6_opts="-ifdisabled"
else
_ipv6_opts="ifdisabled"
fi
# backward compatibility: $ipv6_enable
case $ipv6_enable in
[Yy][Ee][Ss])
_ipv6_opts="${_ipv6_opts} accept_rtadv"
# Remove in FreeBSD 10.x
# Explicit test is necessary here to avoid nonexistence error
case "$ipv6_enable" in
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
warn "Interface $1 will NOT be configured for IPv6"
;;
esac
fi
if [ -n "${_ipv6_opts}" ]; then
ifconfig $1 inet6 ${_ipv6_opts}
fi
# ifconfig_IF_ipv6
ifconfig_args=`ifconfig_getargs $1 ipv6`
if [ -n "${ifconfig_args}" ]; then
ifconfig $1 inet6 -ifdisabled
ifconfig $1 ${ifconfig_args}
_cfg=0
fi
# backward compatiblity: $ipv6_ifconfig_IF
ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF`
if [ -n "${ifconfig_args}" ]; then
warn "\$ipv6_ifconfig_$1 is obsolete." \
" Use ifconfig_$1_ipv6 instead."
ifconfig $1 inet6 -ifdisabled
ifconfig $1 inet6 ${ifconfig_args}
_cfg=0
ifconfig $1 inet6 ifdisabled
fi
fi
@ -194,7 +182,7 @@ ifconfig_down()
# $default if given.
get_if_var()
{
local _if _punct _var _default prefix suffix
local _if _punct _punct_c _var _default prefix suffix
if [ $# -ne 2 -a $# -ne 3 ]; then
err 3 'USAGE: get_if_var name var [default]'
@ -219,7 +207,7 @@ get_if_var()
# outside this file.
_ifconfig_getargs()
{
local _ifn _af
local _ifn _af value
_ifn=$1
_af=${2+_$2}
@ -227,7 +215,18 @@ _ifconfig_getargs()
return 1
fi
get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT"
value=`get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT"`
# Remove in FreeBSD 10.x
if [ "$_af" = _ipv6 -a -z "$value" ]; then
value=`get_if_var $_ifn ipv6_ifconfig_IF "$ifconfig_DEFAULT"`
if [ -n "$value" ]; then
warn "\$ipv6_ifconfig_$1 is obsolete." \
" Use ifconfig_$1_ipv6 instead."
fi
fi
echo $value
}
# ifconfig_getargs if [af]
@ -249,6 +248,8 @@ ifconfig_getargs()
[Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;;
[Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;;
[Ww][Pp][Aa]) ;;
[Rr][Tt][Aa][Dd][Vv]) ;;
[Nn][Oo][Rr][Tt][Aa][Dd][Vv]) ;;
*)
_args="$_args $_arg"
;;
@ -372,77 +373,45 @@ afexists()
esac
}
# noafif if
# Returns 0 if the interface has no af configuration and 1 otherwise.
noafif()
{
local _if
_if=$1
case $_if in
pflog[0-9]*|\
pfsync[0-9]*|\
an[0-9]*|\
ath[0-9]*|\
ipw[0-9]*|\
iwi[0-9]*|\
iwn[0-9]*|\
ral[0-9]*|\
wi[0-9]*|\
wl[0-9]*|\
wpi[0-9]*)
return 0
;;
esac
return 1
}
# ipv6if if
# Returns 0 if the interface should be configured for IPv6 and
# 1 otherwise.
ipv6if()
{
local _if _tmpargs i
_if=$1
if ! afexists inet6; then
return 1
fi
# lo0 is always IPv6-enabled
case $_if in
case $1 in
lo0)
return 0
;;
esac
# True if $ifconfig_IF_ipv6 is defined.
_tmpargs=`_ifconfig_getargs $_if ipv6`
if [ -n "${_tmpargs}" ]; then
return 0
fi
local _if _tmpargs i
_if=$1
# backward compatibility: True if $ipv6_ifconfig_IF is defined.
_tmpargs=`get_if_var $_if ipv6_ifconfig_IF`
if [ -n "${_tmpargs}" ]; then
return 0
fi
case "${ipv6_network_interfaces}" in
[Aa][Uu][Tt][Oo])
return 0
;;
case "$ipv6_network_interfaces" in
''|[Nn][Oo][Nn][Ee])
return 1
;;
$_if|"$_if "*|*" $_if"|*" $_if "*|[Aa][Uu][Tt][Oo])
# True if $ifconfig_IF_ipv6 is defined.
_tmpargs=`_ifconfig_getargs $_if ipv6`
;;
esac
for i in ${ipv6_network_interfaces}; do
if [ "$i" = "$_if" ]; then
return 0
fi
done
if [ -n "$_tmpargs" ]; then
# Remove in FreeBSD 10.x
# Explicit test is necessary here to avoid nonexistence error
case "$ipv6_enable" in
[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
;;
*) return 0
;;
esac
fi
return 1
}
@ -452,24 +421,7 @@ ipv6if()
# Stateless Address Configuration, 1 otherwise.
ipv6_autoconfif()
{
local _if _tmpargs _arg
_if=$1
if ! ipv6if $_if; then
return 1
fi
if noafif $_if; then
return 1
fi
if checkyesno ipv6_gateway_enable; then
return 1
fi
_tmpargs=`get_if_var $_if ipv6_prefix_IF`
if [ -n "${_tmpargs}" ]; then
return 1
fi
case $_if in
case $1 in
lo0|\
stf[0-9]*|\
faith[0-9]*|\
@ -481,32 +433,37 @@ ipv6_autoconfif()
;;
esac
# backward compatibility: $ipv6_enable
case $ipv6_enable in
[Yy][Ee][Ss])
local _if _tmpargs _arg
_if=$1
if ! ipv6if $_if; then
return 1
fi
if checkyesno ipv6_gateway_enable; then
return 1
fi
_tmpargs=`get_if_var $_if ipv6_prefix_IF`
if [ -n "${_tmpargs}" ]; then
return 1
fi
if ! is_wired_interface $_if; then
case $_if in
wlan[0-9]*) ;; # Allow test to continue
*) return 1
;;
esac
fi
_tmpargs=`_ifconfig_getargs $_if ipv6`
case "$_tmpargs" in
*inet6\ *|*[Nn][Oo][Rr][Tt][Aa][Dd][Vv]*|*-accept_rtadv*)
return 1
;;
*[Rr][Tt][Aa][Dd][Vv]*|*accept_rtadv*)
return 0
;;
esac
_tmpargs=`_ifconfig_getargs $_if ipv6`
for _arg in $_tmpargs; do
case $_arg in
accept_rtadv)
return 0
;;
esac
done
# backward compatibility: $ipv6_ifconfig_IF
_tmpargs=`get_if_var $_if ipv6_ifconfig_IF`
for _arg in $_tmpargs; do
case $_arg in
accept_rtadv)
return 0
;;
esac
done
return 1
}

View File

@ -20,8 +20,6 @@ status_cmd="ip6addrctl"
prefer_ipv6_cmd="ip6addrctl_prefer_ipv6"
prefer_ipv4_cmd="ip6addrctl_prefer_ipv4"
set_rcvar_obsolete ipv6_enable ipv6_prefer
ip6addrctl_prefer_ipv6()
{
afexists inet6 || return 0

View File

@ -34,6 +34,7 @@
. /etc/network.subr
name="network"
start_precmd="network_prestart"
start_cmd="network_start"
stop_cmd="network_stop"
cloneup_cmd="clone_up"
@ -41,7 +42,13 @@ clonedown_cmd="clone_down"
extra_commands="cloneup clonedown"
cmdifn=
set_rcvar_obsolete ipv6_enable ipv6_prefer
network_prestart()
{
if [ -n "$ipv6_enable" ]; then
warn 'The ipv6_enable option is deprecated.'
warn 'See rc.conf(5) for information on disabling IPv6.'
fi
}
network_start()
{

View File

@ -99,6 +99,13 @@ netoptions_inet6()
else
${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null
fi
if checkyesno ipv6_privacy; then
netoptions_init
echo -n " IPv6 Privacy Addresses"
${SYSCTL_W} net.inet6.ip6.use_tempaddr=1 >/dev/null
${SYSCTL_W} net.inet6.ip6.prefer_tempaddr=1 >/dev/null
fi
}
load_rc_config $name

View File

@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd March 05, 2010
.Dd April 8, 2010
.Dt RC.CONF 5
.Os
.Sh NAME
@ -1292,26 +1292,79 @@ It is also possible to rename an interface by doing:
ifconfig_ed0_name="net0"
ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
.Ed
.\" Remove in FreeBSD 10.x
.It Va ipv6_enable
.Pq Vt bool
If the variable is
.Dq Li YES ,
.Dq Li inet6 accept_rtadv
is added to all of
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
and the
.Va ipv6_prefer
is defined as
.Dq Li YES .
.Pp
This variable is deprecated. Use
.Va ipv6_prefer
and
This option is deprecated.
.Pp
If the variable is
.Dq Li YES
it has no effect.
To configure IPv6 for an interface see
.Va ipv6_network_interfaces
below.
.Pp
If the variable is
.Dq Li NO
then other than
.Dq Li lo0
IPv6 will be disabled for each interface,
however the same effect can be achieved by
not configuring the interface.
.It Va ipv6_network_interfaces
.Pq Vt str
This is the IPv6 equivalent of
.Va network_interfaces .
Normally configuration of this variable is not needed,
the value should be left as
.Dq Li AUTO .
.Pp
If
.Dq Li INET6
is configured in the kernel configuration for the
.Dq Li lo0
interface will always be performed.
It is not necessary to list it in
.Va ipv6_network_interfaces .
.Pp
Example configuration to accept Router Advertisements (RA) for the
.Dq Li ed0
interface:
.Bd -literal
ifconfig_ed0_ipv6="RTADV"
.Ed
.Pp
To disable RA the
.Dq Li NORTADV
option is available, although not required if manual
configuration is performed as described below.
.Pp
An IPv6 interface can be configured manually with
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 .
For example:
.Bd -literal
ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
.Ed
.Pp
Manual configuration of an IPv6 address will also
require configuration of the
.Va ipv6_defaultrouter
option.
.Pp
Aliases should be set by
.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
with the
.Dq Li inet6
keyword.
For example:
.Pp
.Bd -literal
ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
.Ed
.Pp
.It Va ipv6_prefer
.Pq Vt bool
This variable does the following:
.Pp
If the variable is
.Dq Li YES ,
the default policy of the source address selection set by
@ -1322,49 +1375,15 @@ If the variable is
.Dq Li NO ,
the default policy of the source address selection set by
.Xr ip6addrctl 8
will be IPv4-preferred, and all of interfaces which does not have the
corrsponding
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
variable will be marked as
.Dq Li IFDISABLED .
This means only IPv6 functionality on that interface is completely
disabled. For more details of
.Dq Li IFDISABLED
flag and keywords
.Dq Li inet6 ifdisabled ,
see
.Xr ifconfig 8 .
will be IPv4-preferred.
.Pp
.It Va ipv6_network_interfaces
.Pq Vt str
This is the IPv6 equivalent of
.Va network_interfaces .
Normally manual configuration of this variable is not needed.
.It Va ipv6_privacy
.Pq Vt bool
If the variable is
.Dq Li YES
privacy addresses will be generated for each IPv6
interface as described in RFC 4193.
.Pp
IPv6 functionality on an interface should be configured by
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
instead of setting ifconfig parameters in
.Va ifconfig_ Ns Aq Ar interface .
Aliases should be set by
.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
with
.Dq Li inet6
keyword. For example:
.Bd -literal
ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
.Ed
.Pp
Interfaces that have an
.Dq Li inet6 accept_rtadv
keyword in
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
setting will be automatically configured by
.Xr rtsol 8 .
Note that this automatic configuration is disabled if the
.Va ipv6_gateway_enable
is set to
.Dq Li YES .
.It Va ipv6_prefix_ Ns Aq Ar interface
.Pq Vt str
If one or more prefixes are defined in