From owner-svn-src-head@FreeBSD.ORG Mon Sep 13 19:55:40 2010 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E73F1065672; Mon, 13 Sep 2010 19:55:40 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 7C8208FC19; Mon, 13 Sep 2010 19:55:40 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o8DJteHM028754; Mon, 13 Sep 2010 19:55:40 GMT (envelope-from hrs@svn.freebsd.org) Received: (from hrs@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o8DJteMC028747; Mon, 13 Sep 2010 19:55:40 GMT (envelope-from hrs@svn.freebsd.org) Message-Id: <201009131955.o8DJteMC028747@svn.freebsd.org> From: Hiroki Sato Date: Mon, 13 Sep 2010 19:55:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r212579 - in head: . etc etc/defaults etc/rc.d share/man/man5 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Sep 2010 19:55:40 -0000 Author: hrs Date: Mon Sep 13 19:55:40 2010 New Revision: 212579 URL: http://svn.freebsd.org/changeset/base/212579 Log: Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces. The $ip6addrctl_policy is a variable to choose a pre-defined address selection policy set by ip6addrctl(8). The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3, the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484, respectively. When "AUTO" is specified, it attempts to read /etc/ip6addrctl.conf first. If it is found, it reads and installs it as a policy table. If not, either of the two pre-defined policy tables is chosen automatically according to $ipv6_activate_all_interfaces. When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding $ifconfig_IF_ipv6 is marked as IFDISABLED for security reason. The default values are ip6addrctl_policy=AUTO and ipv6_activate_all_interfaces=NO. Discussed with: ume and bz Modified: head/UPDATING head/etc/defaults/rc.conf head/etc/network.subr head/etc/rc.d/ip6addrctl head/etc/rc.d/netif head/share/man/man5/rc.conf.5 Modified: head/UPDATING ============================================================================== --- head/UPDATING Mon Sep 13 19:53:54 2010 (r212578) +++ head/UPDATING Mon Sep 13 19:55:40 2010 (r212579) @@ -23,6 +23,25 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 9. ln -s aj /etc/malloc.conf.) 20100913: + The $ipv6_prefer variable in rc.conf(5) has been split into + $ip6addrctl_policy and $ipv6_activate_all_interfaces. + + The $ip6addrctl_policy is a variable to choose a pre-defined + address selection policy set by ip6addrctl(8). A value + "ipv4_prefer", "ipv6_prefer" or "AUTO" can be specified. The + default is "AUTO". + + The $ipv6_activate_all_interfaces specifies whether IFDISABLED + flag (see an entry of 20090926) is set on an interface with no + corresponding $ifconfig_IF_ipv6 line. The default is "NO" for + security reason. If you want IPv6 link-local address on all + interfaces by default, set this to "YES". + + The old ipv6_prefer="YES" is equivalent to + ipv6_activate_all_interfaces="YES" and + ip6addrctl_policy="ipv6_prefer". + +20100913: DTrace has grown support for userland tracing. Due to this, DTrace is now i386 and amd64 only. dtruss(1) is now installed by default on those systems and a new Modified: head/etc/defaults/rc.conf ============================================================================== --- head/etc/defaults/rc.conf Mon Sep 13 19:53:54 2010 (r212578) +++ head/etc/defaults/rc.conf Mon Sep 13 19:55:40 2010 (r212579) @@ -446,6 +446,10 @@ icmp_bmcastecho="NO" # respond to broadc ### IPv6 options: ### ipv6_network_interfaces="auto" # List of IPv6 network interfaces # (or "auto" or "none"). +ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no + # corresponding $ifconfig_IF_ipv6 is + # marked as IFDISABLED for security + # reason. ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). #ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) ipv6_static_routes="" # Set to static route list (or leave empty). @@ -506,7 +510,8 @@ ipv6_ipfilter_rules="/etc/ipf6.rules" # # for examples ip6addrctl_enable="YES" # Set to YES to enable default address selection ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages -ipv6_prefer="NO" # Use IPv6 when both IPv4 and IPv6 can be used +ip6addrctl_policy="AUTO" # A pre-defined address selection policy + # (ipv4_prefer, ipv6_prefer, or AUTO) ############################################################## ### System console options ################################# Modified: head/etc/network.subr ============================================================================== --- head/etc/network.subr Mon Sep 13 19:53:54 2010 (r212578) +++ head/etc/network.subr Mon Sep 13 19:55:40 2010 (r212579) @@ -100,7 +100,7 @@ ifconfig_up() _ipv6_opts="-accept_rtadv" fi else - if checkyesno ipv6_prefer; then + if checkyesno ipv6_activate_all_interfaces; then _ipv6_opts="-ifdisabled" else _ipv6_opts="ifdisabled" Modified: head/etc/rc.d/ip6addrctl ============================================================================== --- head/etc/rc.d/ip6addrctl Mon Sep 13 19:53:54 2010 (r212578) +++ head/etc/rc.d/ip6addrctl Mon Sep 13 19:55:40 2010 (r212579) @@ -19,8 +19,10 @@ extra_commands="status prefer_ipv6 prefe status_cmd="ip6addrctl" prefer_ipv6_cmd="ip6addrctl_prefer_ipv6" prefer_ipv4_cmd="ip6addrctl_prefer_ipv4" +config_file="/etc/ip6addrctl.conf" -set_rcvar_obsolete ipv6_enable ipv6_prefer +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer ip6addrctl_policy ip6addrctl_prefer_ipv6() { @@ -53,17 +55,40 @@ ip6addrctl_start() afexists inet6 || return 0 # install the policy of the address selection algorithm. - if [ -f /etc/ip6addrctl.conf ]; then - ip6addrctl flush >/dev/null 2>&1 - ip6addrctl install /etc/ip6addrctl.conf - checkyesno ip6addrctl_verbose && ip6addrctl - else - if checkyesno ipv6_prefer; then - ip6addrctl_prefer_ipv6 + case "${ip6addrctl_policy}" in + [Aa][Uu][Tt][Oo]) + if [ -r "${config_file}" -a -s "${config_file}" ]; then + ip6addrctl flush >/dev/null 2>&1 + ip6addrctl install "${config_file}" + checkyesno ip6addrctl_verbose && ip6addrctl else - ip6addrctl_prefer_ipv4 + if checkyesno ipv6_activate_all_interfaces; then + ip6addrctl_prefer_ipv6 + else + ip6addrctl_prefer_ipv4 + fi fi - fi + ;; + ipv4_prefer) + ip6addrctl_prefer_ipv4 + ;; + ipv6_prefer) + ip6addrctl_prefer_ipv6 + ;; + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + # Backward compatibility when ipv6_prefer=YES + ip6addrctl_prefer_ipv6 + ;; + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + # Backward compatibility when ipv6_prefer=NO + ip6addrctl_prefer_ipv4 + ;; + *) + warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \ + " \"ipv4_prefer\" is used instead." + ip6addrctl_prefer_ipv4 + ;; + esac } ip6addrctl_stop() Modified: head/etc/rc.d/netif ============================================================================== --- head/etc/rc.d/netif Mon Sep 13 19:53:54 2010 (r212578) +++ head/etc/rc.d/netif Mon Sep 13 19:55:40 2010 (r212579) @@ -41,7 +41,8 @@ clonedown_cmd="clone_down" extra_commands="cloneup clonedown" cmdifn= -set_rcvar_obsolete ipv6_enable ipv6_prefer +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer network_start() { Modified: head/share/man/man5/rc.conf.5 ============================================================================== --- head/share/man/man5/rc.conf.5 Mon Sep 13 19:53:54 2010 (r212578) +++ head/share/man/man5/rc.conf.5 Mon Sep 13 19:55:40 2010 (r212579) @@ -1269,41 +1269,49 @@ If the variable is is added to all of .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 and the -.Va ipv6_prefer +.Va ipv6_activate_all_interfaces is defined as .Dq Li YES . .Pp This variable is deprecated. Use -.Va ipv6_prefer +.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 and -.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 . +.Va ipv6_activate_all_interfaces +if necessary. .It Va ipv6_prefer .Pq Vt bool -This variable does the following: -.Pp If the variable is .Dq Li YES , -the default policy of the source address selection set by +the default address selection policy table set by .Xr ip6addrctl 8 will be IPv6-preferred. .Pp If the variable is .Dq Li NO , -the default policy of the source address selection set by +the default address selection policy table set by .Xr ip6addrctl 8 -will be IPv4-preferred, and all of interfaces which does not have the -corrsponding +will be IPv4-preferred. +.Pp +This variable is deprecated. Use +.Va ip6addtctl_policy +instead. +.It Va ipv6_activate_all_interfaces +If the variable is +.Dq Li NO , +all of interfaces which do not have the corrsponding .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 variable will be marked as -.Dq Li IFDISABLED . -This means only IPv6 functionality on that interface is completely -disabled. For more details of +.Dq Li IFDISABLED +for security reason. This means only IPv6 functionality on that interface +is completely disabled. For more details of .Dq Li IFDISABLED flag and keywords .Dq Li inet6 ifdisabled , see .Xr ifconfig 8 . .Pp +Default is +.Dq Li NO . .It Va ipv6_privacy .Pq Vt bool If the variable is @@ -1316,6 +1324,8 @@ This is the IPv6 equivalent of .Va network_interfaces . Normally manual configuration of this variable is not needed. .Pp +.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 +.Pq Vt str IPv6 functionality on an interface should be configured by .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , instead of setting ifconfig parameters in @@ -1354,22 +1364,52 @@ this is the default output interface for This works only with ipv6_gateway_enable="NO". .It Va ip6addrctl_enable .Pq Vt bool -If set to -.Dq Li YES , -install default address selection policy table +This variable is to enable configuring default address selection policy table .Pq RFC 3484 . -If a file +The table can be specified in another variable +.Va ip6addrctl_policy . +For +.Va ip6addrctl_policy +the following keywords can be specified: +.Dq Li ipv4_prefer , +.Dq Li ipv6_prefer , +or +.Dq Li AUTO . +.Pp +If +.Dq Li ipv4_prefer +or +.Dq Li ipv6_prefer +is specified, +.Xr ip6addrctl 8 +installs a pre-defined policy table described in Section 2.1 +.Pq IPv6-preferred +or 10.3 +.Pq IPv4-preferred +of RFC 3484. +.Pp +If +.Dq Li AUTO +is specified, it attempts to read a file .Pa /etc/ip6addrctl.conf -is found the +first. If this file is found, .Xr ip6addrctl 8 -reads and installs it. -If not, a pre-defined policy table will be installed. -There are two pre-defined ones; IPv4-preferred and IPv6-preferred. -If set -.Va ipv6_prefer -variable to +reads and installs it. If not found, a policy is automatically set +according to +.Va ipv6_activate_all_interfaces +variable; if the variable is set to +.Dq Li YES +the IPv6-preferred one is used. Otherwise IPv4-preferred. +.Pp +The default value of +.Va ip6addrctl_enable +and +.Va ip6addrctl_policy +are .Dq Li YES -the IPv6-preferred one is used. Default is IPv4-preferred. +and +.Dq Li AUTO , +respectively. .It Va cloned_interfaces .Pq Vt str Set to the list of clonable network interfaces to create on this host.