and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.
With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.
Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].
1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.
2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.
3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.
4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.
5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).
6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.
7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.
8. In /etc/defaults/rc.conf:
Add an example for RTADV configuration.
Set ipv6_network_interfaces to AUTO.
Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.
Add a default for ipv6_privacy (NO).
9. Document all of this in rc.conf.5.
At least in RELENG_7 this fixes some start problems for some programs
from the ports. It is also more correct, as a jail shall not expect
input (interactivity) from the jail-host.
Revert the current behavior of starting jails in the background and
make it optional only for the start of jails (jail_parallell_start=YES
in rc.conf):
- The stop can not be done in the background, the system needs to wait
until everything is stopped correctly before it can reboot or power
down.
- The start should not be done in parallel by default, this not only
breaks POLA for people comming from RELENG_x, it may also break a
dependency chain with other scripts in the jail-host, which need to
do some stuff after the jails are up and running (e.g. hardlinking
a mysql socket from one jail into another one).
Discussed on: freebsd-jails@
HAST allows to transparently store data on two physically separated machines
connected over the TCP/IP network. HAST works in Primary-Secondary
(Master-Backup, Master-Slave) configuration, which means that only one of the
cluster nodes can be active at any given time. Only Primary node is able to
handle I/O requests to HAST-managed devices. Currently HAST is limited to two
cluster nodes in total.
HAST operates on block level - it provides disk-like devices in /dev/hast/
directory for use by file systems and/or applications. Working on block level
makes it transparent for file systems and applications. There in no difference
between using HAST-provided device and raw disk, partition, etc. All of them
are just regular GEOM providers in FreeBSD.
For more information please consult hastd(8), hastctl(8) and hast.conf(5)
manual pages, as well as http://wiki.FreeBSD.org/HAST.
Sponsored by: FreeBSD Foundation
Sponsored by: OMCnet Internet Service GmbH
Sponsored by: TransIP BV
specify list of executables and/or rc scripts that should be executed
after firewall starts/stops.
Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru>
Reviewed by: rhodes, rc@
MFC after: 1 week
The rtsol(8) handles just one RA then exit. So, the OtherConfig flag
may not be handled well by rtsol(8) in the environment where there are
multiple RA servers on the segment. In such case, rtsold(8) will be
your friend.
Reviewed by: hrs
MFC after: 2 weeks
Don't complain when we encounter the "cache" source, it's valid. Also fix
the error message to include a line feed and not include a stray comma.
PR: bin/121671
Submitted by: Artis Caune artis.caune gmail.com
Approved by: ed (mentor)
MFC after: 2 weeks
While here, change "> /dev/stderr" for more usual ">&2"
Submitted by: jilles
would be "/etc/namedb" in a number of places. Since the user may make
a different choice, introduce a new internal variable, named_confdir
that is generated relative to the location of $named_conf.
While this will work for some things (especially a highly customized
build from ISC source) there are still a number of places where
/etc/namedb is assumed that it is not easily virtualized (E.g., mtree).
If you deviate from the defaults you'd better know what you're doing. :)
command in the rc.d script if we have a corresponding ${name}_program
entry, which we do for named.
Rename named_precmd to named_prestart to make it more clear and match
convention.
Move the command_args definition related to -u up into _prestart().
It (and the associated $named_uid value) are only used there, and
unlike required_* and pidfile don't need to be used until this stage.
Fix a silly bug that would only have affected people who were using
the new named_wait or named_auto_forward features, AND had set up an
rndc.conf file instead of using the automatically generated rndc.key.
For named_conf:
Add "-c $named_conf" to command_args if it's not set to the
default. If it is set to the default and we're using the base
BIND it's not necessary. If we're using BIND from the ports
the user is likely to have included it in _flags (due to long
necessity for doing so) so don't duplicate that if it's set.
Add $named_conf to required_files
This will prevent that the script hangs during startup, which
could cause annoying effects after rebooting for example.
PR: kern/139422
Submitted by: Andrey Groshev <greenx at yartv dot ru>
Approved by: imp (mentor, implicit)
MFC after: 3 days
Facilitated by: Snow B.V.
employ a more generic solution, and use it in the individual rc.d scripts
that also have an $rc_quiet test:
1. Add check_startmsgs() to rc.subr.
2. In the rc.d scripts that use rc_quiet (and rc.subr) substitute
variations of [ -z "$rc_quiet" ] with check_startmsgs
3. In savecore add a trailing '.' to the end of the message to make it
more consistent with other scripts.
4. In newsyslog remove a : before the terminal '.' since we do not expect
there to be anything printed out in between to make it more consistent.
5. In the following scripts change "quotes" to 'quotes' where no variables
exist in the message: savecore pf newsyslog
6. In the following scripts substitute if/then/fi for the simpler (and
more consistent) check_startmsgs &&: faith stf
7. In the following scripts separate the "Starting foo:" from the terminal
'.' to make them more consistent: moused hostname pf
8. In nfsclient move the message to its own line to avoid a style bug
9. In pf rc_quiet does not apply to the _stop method, so remove the
test there.
10. In motd add 'quotes' around the terminal '.' for consistency
for each address family. Replace AF_static() with static_AF() for
consistency.
- Display a message only if the user sets a non-default value, and set
a sysctl explicitly even if it is the default value.
- Split netoptions_start() to netoptions_AF() and add afexists() check
for each address family.
- Display a message only if the user sets a non-default value, and set
a sysctl explicitly even if it is the default value.
Spotted by: Pegasus Mc Cleaft[*]
an IPv6 support.
Reported by: Alexander Best <alexbestms__at__math.uni-muenster.de>
Confirmed by: Paul B. Mahol <onemda__at__gmail.com>,
Alexander Best <alexbestms__at__math.uni-muenster.de>
re-add $ipv6_enable support for backward compatibility. From
UPDATING:
1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF
for IPv4. For aliases, $ifconfig_IF_aliasN should be used.
Note that both variables need the "inet6" keyword at the head.
Do not set $ipv6_network_interfaces manually if you do not
understand what you are doing. It is not needed in most cases.
$ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but
they are obsolete.
2. $ipv6_enable is obsolete. Use $ipv6_prefer and/or
"inet6 accept_rtadv" keyword in ifconfig(8) instead.
If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and
all configured interfaces have "inet6 accept_rtadv" in the
$ifconfig_IF_ipv6. These are for backward compatibility.
3. A new variable $ipv6_prefer has been added. If NO, IPv6
functionality of interfaces with no corresponding
$ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag,
and the default address selection policy of ip6addrctl(8)
is the IPv4-preferred one (see rc.d/ip6addrctl for more details).
Note that if you want to configure IPv6 functionality on the
disabled interfaces after boot, first you need to clear the flag by
using ifconfig(8) like:
ifconfig em0 inet6 -ifdisabled
If YES, the default address selection policy is set as
IPv6-preferred.
The default value of $ipv6_prefer is NO.
4. If your system need to receive Router Advertisement messages,
define "inet6 accept_rtadv" in $ifconfig_IF_ipv6. The rc(8)
scripts automatically invoke rtsol(8) when the interface becomes
UP. The Router Advertisement messages are used for SLAAC
(State-Less Address AutoConfiguration).
legacy IP handling rather than the IPv6 version.
Reported by: Pegasus Mc Cleaft (ken mthelicon.com)
Tested by: Pegasus Mc Cleaft (ken mthelicon.com)
MFC after: 2 days
X-MFX with: r197139
and $desc.
The set_rcvar_obsolete() is for displaying an obsolete variable
and the new one. More specifically, a warning is displayed when
a variable is removed or changed in the source tree and the user
still defines the old one.
$router* and $ipv6_router* are replaced with $routed_* and
$route6d_* for consistency. The old variables still work but
can be removed in the future.
MFC after: 3 days
- Add rc.d/stf and rc.d/faith for stf(4) and faith(4).
- Remove rc.d/auto_linklocal and rc.d/network_ipv6.
- Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif
depends on some sysctl variables.
Reviewed by: brooks
MFC after: 3 days
statically bind IPv4 <-> MAC address at boot time.
In order to use this, the administrator needs to configure the following
rc.conf(5) variable:
- static_arp_pairs: A list of names for static bind pairs, and,
- a series of static_arp_(name): the arguments that is being passed to
``arp -S'' operation.
Example:
static_arp_pairs="gw"
static_arp_gw="192.168.1.1 00:01:02:03:04:05"
See the rc.conf(5) manual page for more details.
Reviewed by: -rc@
MFC after: 2 weeks
simplify it a bit, and make use of that method to determine if an
interface is a candidate for IPv6 rtsol rather than listing all of the
possible wireless interfaces that should _not_ get rtsol'ed.
This change is only relevant for 8.0+ unless the "wlan mandatory" code
gets ported back to RELENG_7.
top of ZVOLs. The problem is that rc.d/fsck runs before rc.d/zfs. The
latter makes ZVOLs to appear in /dev/. In such case rc.d/fsck cannot
find devfs entry and aborts. We cannot simply move rc.d/zfs before
rc.d/fsck, because we first want kern.hostid to be configured (by
rc.d/hostid). If we won't wait (hostid will be 0) we can reuse disks
which are in use by different systems (eg. in SAN/NAS environment).
We also cannot move rc.d/hostid before rc.d/fsck, because rc.d/hostid on
first system start stores generated kern.hostuuid in /etc/hostid file,
so it needs root file system to be mounted read-write.
The fix is to split rc.d/hostid so that rc.d/hostid (which will now run
before rc.d/fsck) only generates hostid and sets up sysctls, but doesn't
touch root file system and rc.d/hostid_save (which is run after
rc.d/root) and only creates /etc/hostid file.
With that in place, we can move ZVOL initialization to dedicated
rc.d/zvol script which runs before rc.d/fsck.
PR: conf/120194
Reported by: James Snow <snow@teardrop.org>
Reviewed by: brooks
Approved by: re (kib)
MFC after: 2 weeks
allow them to start after netif. There were too many problems reported
with this change in the short period of time that it lived in HEAD, and
we are too late in the release cycle to properly shake it out.
IMO the issue of having the firewalls up before the network is still a
valid concern, particularly for pf whose default state is wide open.
However properly solving this issue is going to take some investment
on the part of the people who actually use those tools.
This is not a strict reversion of all the changes for r193198 since it
also included some simplification of the BEFORE/REQUIRE logic which is
still valid for ipfilter and ip6fw.
- Remove redundant debugging of consolelog.
- Use `while :', instead of `while [ true ]'. This is done in other
places as well.
Submitted by: Jille Timmermans <jille quis cx> (not jilles)
Reviewed by: jilles
/etc/rc.d. They use the following new rc variables:
nfsv4_server_enable - set to "YES" to run the experimental server
nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
server
nfsuserd_flags - command line flags for nfsuserd
nfscbd_enable - set to "YES" to run the experimental nfs client's
NFSv4 callback daemon
nfscbd_flags - command line flags for nfscbd
Reviewed by: dougb
Approved by: kib (mentor)
