From owner-freebsd-rc@FreeBSD.ORG Sun Jun 28 10:44:09 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46846106566C; Sun, 28 Jun 2009 10:44:09 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.allbsd.org (unknown [IPv6:2001:2f0:104:e002::2]) by mx1.freebsd.org (Postfix) with ESMTP id 48BB58FC14; Sun, 28 Jun 2009 10:44:08 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from delta.allbsd.org (p3185-ipbf514funabasi.chiba.ocn.ne.jp [123.225.96.185]) (authenticated bits=128) by mail.allbsd.org (8.14.3/8.14.3) with ESMTP id n5SAhttS003298; Sun, 28 Jun 2009 19:44:05 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (alph.allbsd.org [192.168.0.10]) (authenticated bits=0) by delta.allbsd.org (8.13.4/8.13.4) with ESMTP id n5SAhkA1009655; Sun, 28 Jun 2009 19:43:48 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Sun, 28 Jun 2009 19:43:42 +0900 (JST) Message-Id: <20090628.194342.254155418.hrs@allbsd.org> To: freebsd-rc@FreeBSD.org From: Hiroki Sato X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.2.51 on Emacs 22.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart0(Sun_Jun_28_19_43_42_2009_102)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.93.3, clamav-milter version 0.93.3 on gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (mail.allbsd.org [133.31.130.32]); Sun, 28 Jun 2009 19:44:06 +0900 (JST) Cc: hrs@FreeBSD.org Subject: RFC: integrate network_ipv6 to netif and tidy up several rc.d scripts X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jun 2009 10:44:09 -0000 ----Security_Multipart0(Sun_Jun_28_19_43_42_2009_102)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Sun_Jun_28_19_43_42_2009_953)--" Content-Transfer-Encoding: 7bit ----Next_Part(Sun_Jun_28_19_43_42_2009_953)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi all, I would like your review on the attached patch. Changes are the following: 1. Integrate IPv6 interface configuration to rc.d/netif. Also, IPv6 routing and options are handled rc.d/routing and rc.d/netoptions now. If no INET6, IPv6 configuration is safely ignored. 2. rc.conf variable change. ipv6_enable -> (removed) ipv6_ifconfig_IF -> ifconfig_ipv6_IF ipv6_ifconfig_IF_aliasN -> ifconfig_IF_aliasN (same as IPv4) The old variables still valid, but display a warning. 3. rc.d/routed and rc.d/route6d now accept standard rc.d variables like $routed_enable. The old $router_enable, $ipv6_router_enable and so on are still valid, but display a warning. 4. Clean up rc.d/netoptions to adjust it to the rc.d framework. No functional change but IPv6 specific options are added. 5. Remove rc.d/auto_linklocal and rc.d/network_ipv6. No longer needed. 6. Fix rc.d/defaultroute to suppress an extra blank line. 7. rc.conf(5) update. The default value of $ipv6_network_interfaces is changed from "auto" to "none". Basically these changes should be backward compatible except for $ipv6_enable and $ipv6_network_interfaces. Note that a part of these changes depend on another patch I posted on -net@ recently (ifconfig ND6 flags and so on), so simply applying the diff to the current system does not work. Any comments (or objections) are welcome. -- Hiroki ----Next_Part(Sun_Jun_28_19_43_42_2009_953)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rc_20090628.diff" Index: etc/network.subr =================================================================== --- etc/network.subr (revision 195123) +++ etc/network.subr (working copy) @@ -45,6 +45,7 @@ ifscript_up ${ifn} && cfg=0 ifconfig_up ${ifn} && cfg=0 ipv4_up ${ifn} && cfg=0 + ipv6_up ${ifn} && cfg=0 ipx_up ${ifn} && cfg=0 childif_create ${ifn} @@ -64,6 +65,7 @@ [ -z "$ifn" ] && return 1 ipx_down ${ifn} && cfg=0 + ipv6_down ${ifn} && cfg=0 ipv4_down ${ifn} && cfg=0 ifconfig_down ${ifn} && cfg=0 ifscript_down ${ifn} && cfg=0 @@ -86,10 +88,43 @@ ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then ifconfig $1 ${ifconfig_args} - ifconfig $1 up _cfg=0 fi + # inet6 specific + if afexists ipv6; then + if ipv6if $1; then + if checkyesno ipv6_gateway_enable ]; then + _ipv6_opts="-accept_rtadv auto_linklocal" + else + _ipv6_opts="auto_linklocal" + fi + else + _ipv6_opts="-auto_linklocal" + fi + + ifconfig $1 inet6 ${_ipv6_opts} + + ifconfig_args=`ifconfig_getargs $1 ipv6` + if [ -n "${ifconfig_args}" ]; then + ifconfig $1 ${ifconfig_args} + _cfg=0 + fi + + # backward compatiblity: $ipv6_ifconfig_IF + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` + if [ -n "${ifconfig_args}" ]; then + warn "\$ipv6_ifconfig_$1 is obsolete." \ + " Use ifconfig_$1_ipv6 instead." + ifconfig $1 inet6 ${ifconfig_args} + _cfg=0 + fi + fi + + if [ ${_cfg} = 0 ]; then + ifconfig $1 up + fi + if wpaif $1; then /etc/rc.d/wpa_supplicant start $1 _cfg=0 # XXX: not sure this should count @@ -160,26 +195,31 @@ eval echo \${${prefix}${_if}${suffix}-${_default}} } -# _ifconfig_getargs if +# _ifconfig_getargs if [af] # Echos the arguments for the supplied interface to stdout. # returns 1 if empty. In general, ifconfig_getargs should be used # outside this file. _ifconfig_getargs() { _ifn=$1 + case $2 in + "") _af= ;; + *) _af=_$2 ;; + esac + if [ -z "$_ifn" ]; then return 1 fi - get_if_var $_ifn ifconfig_IF "$ifconfig_DEFAULT" + get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" } -# ifconfig_getargs if +# ifconfig_getargs if [af] # Takes the result from _ifconfig_getargs and removes pseudo # args such as DHCP and WPA. ifconfig_getargs() { - _tmpargs=`_ifconfig_getargs $1` + _tmpargs=`_ifconfig_getargs $1 $2` if [ $? -eq 1 ]; then return 1 fi @@ -276,14 +316,49 @@ return 1 } +# afexists af +# Returns 0 if the address family is enabled in the kernel +# 1 otherwise. +afexists() +{ + _af=$1 + + case ${_af} in + inet|ipv4|ip|ip4) + if ${SYSCTL_N} net.inet > /dev/null; then + return 0 + else + return 1 + fi + ;; + inet6|ipv6|ip6) + if ${SYSCTL_N} net.inet6 > /dev/null; then + return 0 + else + return 1 + fi + ;; + esac +} + # ipv6if if # Returns 0 if the interface should be configured for IPv6 and # 1 otherwise. ipv6if() { - if ! checkyesno ipv6_enable; then + _if=$1 + + if ! afexists ipv6; then return 1 fi + + # lo0 is always IPv6-enabled + case $_if in + lo[0-9]*) + return 0 + ;; + esac + case "${ipv6_network_interfaces}" in [Aa][Uu][Tt][Oo]) return 0 @@ -292,14 +367,61 @@ return 1 ;; esac - for v6if in ${ipv6_network_interfaces}; do - if [ "${v6if}" = "${1}" ]; then + for i in ${ipv6_network_interfaces}; do + if [ "$i" = "$_if" ]; then return 0 fi done return 1 } +# ipv6_autoconfif if +# Returns 0 if the interface should be configured for IPv6 with +# Stateless Address Configuration, 1 otherwise. +ipv6_autoconfif() +{ + _if=$1 + + if ! ipv6if $_if; then + return 1 + fi + if checkyesno ipv6_gateway_enable; then + return 1 + fi + + case $_if in + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*|\ + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) + return 1 + ;; + esac + + _tmpargs=`_ifconfig_getargs $_if ipv6` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + + return 1 +} + # ifexists if # Returns 0 if the interface exists and 1 otherwise. ifexists() @@ -312,10 +434,30 @@ ipv4_up() { _if=$1 - ifalias_up ${_if} + + ifalias_up ${_if} inet ipv4_addrs_common ${_if} alias } +# ipv6_up if +# add IPv6 addresses to the interface $if +ipv6_up() +{ + _if=$1 + + if ! ipv6if $_if; then + return + fi + + ifalias_up ${_if} inet6 + ipv6_prefix_hostid_addr_up ${_if} + ipv6_accept_rtadv_up ${_if} + + # wait for DAD + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + sleep 1 +} + # ipv4_down if # remove IPv4 addresses from the interface $if ipv4_down() @@ -343,12 +485,49 @@ done IFS="$oldifs" - ifalias_down ${_if} && _ret=0 + ifalias_down ${_if} inet && _ret=0 ipv4_addrs_common ${_if} -alias && _ret=0 return $_ret } +# ipv6_down if +# remove IPv6 addresses from the interface $if +ipv6_down() +{ + _if=$1 + _ifs="^" + _ret=1 + + ifexists ${_if} || return 1 + + if ! ipv6if $_if; then + return 0 + fi + + ipv6_accept_rtadv_down ${_if} + ifalias_down ${_if} inet6 && _ret=0 + + inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" + + oldifs="$IFS" + IFS="$_ifs" + for _inet6 in $inetList ; do + # get rid of extraneous line + [ -z "$_inet6" ] && break + + _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` + + IFS="$oldifs" + ifconfig ${_if} ${_inet6} -alias + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + return $_ret +} + # ipv4_addrs_common if action # Evaluate the ifconfig_if_ipv4 arguments for interface $if # and use $action to add or remove IPv4 addresses from $if. @@ -389,7 +568,7 @@ return $_ret } -# ifalias_up if +# ifalias_up if af # Configure aliases for network interface $if. # It returns 0 if at least one alias was configured or # 1 if there were none. @@ -397,21 +576,86 @@ ifalias_up() { _ret=1 + + case "$2" in + inet|ipv4|ip4) + _ret=`ifalias_ipv4_up "$1"` + ;; + inet6|ipv6|ip6) + _ret=`ifalias_ipv6_up "$1"` + ;; + esac + + return $_ret +} + +# ifalias_ipv4_up if +# Helper function for ifalias_up(). Handles IPv4. +# +ifalias_ipv4_up() +{ + _ret=1 + alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then + case "${ifconfig_args}" in + inet\ *) ifconfig $1 ${ifconfig_args} alias alias=$((${alias} + 1)) _ret=0 - else + ;; + *) break - fi + ;; + esac done return $_ret } -#ifalias_down if +# ifalias_ipv6_up if +# Helper function for ifalias_up(). Handles IPv6. +# +ifalias_ipv6_up() +{ + _ret=1 + + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} alias + alias=$((${alias} + 1)) + _ret=0 + ;; + *) + break + ;; + esac + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} alias + alias=$((${alias} + 1)) + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." + " Use ifconfig_$1_alias${alias} instead." + _ret=0 + ;; + esac + done + return $_ret +} + +# ifalias_down if af # Remove aliases for network interface $if. # It returns 0 if at least one alias was removed or # 1 if there were none. @@ -419,20 +663,130 @@ ifalias_down() { _ret=1 + + case "$2" in + inet|ipv4|ip4) + _ret=`ifalias_ipv4_down "$1"` + ;; + inet6|ipv6|ip6) + _ret=`ifalias_ipv6_down "$1"` + ;; + esac + + return $_ret +} + +#ifalias_ipv4_down if +# Helper function for ifalias_down(). Handles IPv4. +# +ifalias_ipv4_down() +{ + _ret=1 + alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then + case "${ifconfig_args}" in + inet\ *) ifconfig $1 ${ifconfig_args} -alias alias=$((${alias} + 1)) _ret=0 - else + ;; + *) break - fi + ;; + esac done return $_ret } +#ifalias_ipv6_down if +# Helper function for ifalias_down(). Handles IPv6. +# +ifalias_ipv6_down() +{ + _ret=1 + + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} -alias + alias=$((${alias} + 1)) + _ret=0 + ;; + *) + break + ;; + esac + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} -alias + alias=$((${alias} + 1)) + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." + " Use ifconfig_$1_alias${alias} instead." + _ret=0 + esac + done + return $_ret +} + +# ipv6_prefix_hostid_addr_up if +# add IPv6 prefix + hostid addr to the interface $if +ipv6_prefix_hostid_addr_up() +{ + _if=$1 + prefix=`get_if_var ${_if} ipv6_prefix_IF` + + if [ -n "${prefix}" ]; then + laddr=`network6_getladdr ${_if}` + hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` + for j in ${prefix}; do + address=$j\:${hostid} + ifconfig ${_if} inet6 ${address} prefixlen 64 alias + + # if I am a router, add subnet router + # anycast address (RFC 2373). + if checkyesno ipv6_gateway_enable; then + ifconfig ${_if} inet6 $j:: prefixlen 64 \ + alias anycast + fi + done + fi +} + +# ipv6_accept_rtadv_up if +# Enable accepting Router Advertisement and send Router Solicitation message +ipv6_accept_rtadv_up() +{ + _if=$1 + + if ipv6_autoconfif $_if; then + ifconfig ${_if} inet6 accept_rtadv up + rtsol ${rtsol_flags} ${_if} + fi +} + +# ipv6_accept_rtadv_down if +# Disabled accepting Router Advertisement +ipv6_accept_rtadv_down() +{ + _if=$1 + + if ipv6_autoconfif $_if; then + ifconfig ${_if} inet6 -accept_rtadv + fi +} + # ifscript_up if # Evaluate a startup script for the $if interface. # It returns 0 if a script was found and processed or @@ -633,7 +987,7 @@ ipx_up() { ifn="$1" - ifconfig_args=`get_if_var $ifn ifconfig_IF_ipx` + ifconfig_args=`_ifconfig_getargs $ifn ipx` if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} return 0 @@ -695,8 +1049,12 @@ # List all network interfaces. The type of interface returned # can be controlled by the type argument. The type # argument can be any of the following: -# nodhcp - all interfaces, excluding DHCP configured interfaces -# dhcp - list only DHCP configured interfaces +# nodhcp - all interfaces, excluding DHCP configured interfaces +# dhcp - list only DHCP configured interfaces +# noautoconf - all interfaces, excluding IPv6 Stateless +# Address Autoconf configured interfaces +# autoconf - list only IPv6 Stateless Address Autoconf +# configured interfaces # If no argument is specified all network interfaces are output. # Note that the list will include cloned interfaces if applicable. # Cloned interfaces must already exist to have a chance to appear @@ -708,6 +1066,7 @@ # Get a list of ALL the interfaces and make lo0 first if it's there. # + _tmplist= case ${network_interfaces} in [Aa][Uu][Tt][Oo]) _prefix='' @@ -737,26 +1096,49 @@ # Separate out dhcp and non-dhcp interfaces # - _aprefix= - _bprefix= - for _if in ${_tmplist} ; do - if dhcpif $_if; then - _dhcplist="${_dhcplist}${_aprefix}${_if}" - [ -z "$_aprefix" ] && _aprefix=' ' - elif [ -n "`_ifconfig_getargs $_if`" ]; then - _nodhcplist="${_nodhcplist}${_bprefix}${_if}" - [ -z "$_bprefix" ] && _bprefix=' ' - fi - done - + _list= + _prefix= case "$type" in nodhcp) - echo $_nodhcplist + for _if in ${_tmplist} ; do + if ! dhcpif $_if && \ + [ -n "`_ifconfig_getargs $_if`" ]; then + _list="${_list}${_prefix}${_if}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + echo $_list ;; dhcp) - echo $_dhcplist + for _if in ${_tmplist} ; do + if dhcpif $_if; then + _list="${_list}${_prefix}${_if}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + echo $_list ;; + noautoconf) + for _if in ${_tmplist} ; do + if ! ipv6_autoconfif $_if && \ + [ -n "`_ifconfig_getargs $_if ipv6`" ]; then + _list="${_list}${_prefix}${_if}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + echo $_list + ;; + autoconf) + for _if in ${_tmplist} ; do + if ipv6_autoconfif $_if; then + _list="${_list}${_prefix}${_if}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + echo $_list + ;; esac + return 0 } @@ -816,248 +1198,6 @@ echo ${str} } -# Setup the interfaces for IPv6 -network6_interface_setup() -{ - interfaces=$* - rtsol_interfaces='' - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - rtsol_available=no - ;; - *) - rtsol_available=yes - ;; - esac - for i in $interfaces; do - rtsol_interface=yes - prefix=`get_if_var $i ipv6_prefix_IF` - if [ -n "${prefix}" ]; then - rtsol_available=no - rtsol_interface=no - laddr=`network6_getladdr $i` - hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` - for j in ${prefix}; do - address=$j\:${hostid} - ifconfig $i inet6 ${address} prefixlen 64 alias - - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - # subnet-router anycast address - # (rfc2373) - ifconfig $i inet6 $j:: prefixlen 64 \ - alias anycast - ;; - esac - done - fi - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF` - if [ -n "${ipv6_ifconfig}" ]; then - rtsol_available=no - rtsol_interface=no - ifconfig $i inet6 ${ipv6_ifconfig} alias - fi - - if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ] - then - case ${i} in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*|pflog[0-9]*|pfsync[0-9]*) - ;; - # Wireless NIC cards are virtualized through the wlan interface - an[0-9]*|ath[0-9]*|ipw[0-9]*|iwi[0-9]*|iwn[0-9]*|ral[0-9]*|wi[0-9]*|wl[0-9]*|wpi[0-9]*) - ;; - *) - rtsol_interfaces="${rtsol_interfaces} ${i}" - ;; - esac - else - ifconfig $i inet6 - fi - done - - if [ ${rtsol_available} = yes -a -n "${rtsol_interfaces}" ]; then - # Act as endhost - automatically configured. - # You can configure only single interface, as - # specification assumes that autoconfigured host has - # single interface only. - sysctl net.inet6.ip6.accept_rtadv=1 - set ${rtsol_interfaces} - ifconfig $1 up - rtsol ${rtsol_flags} $1 - fi - - for i in $interfaces; do - alias=0 - while : ; do - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF_alias${alias}` - if [ -z "${ipv6_ifconfig}" ]; then - break; - fi - ifconfig $i inet6 ${ipv6_ifconfig} alias - alias=$((${alias} + 1)) - done - done -} - -# Setup IPv6 to IPv4 mapping -network6_stf_setup() -{ - case ${stf_interface_ipv4addr} in - [Nn][Oo] | '') - ;; - *) - # assign IPv6 addr and interface route for 6to4 interface - stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) - OIFS="$IFS" - IFS=".$IFS" - set ${stf_interface_ipv4addr} - IFS="$OIFS" - hexfrag1=`hexprint $(($1*256 + $2))` - hexfrag2=`hexprint $(($3*256 + $4))` - ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" - case ${stf_interface_ipv6_ifid} in - [Aa][Uu][Tt][Oo] | '') - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr ${i}` - case ${laddr} in - '') - ;; - *) - break - ;; - esac - done - stf_interface_ipv6_ifid=`expr "${laddr}" : \ - 'fe80::\(.*\)%\(.*\)'` - case ${stf_interface_ipv6_ifid} in - '') - stf_interface_ipv6_ifid=0:0:0:1 - ;; - esac - ;; - esac - ifconfig stf0 create >/dev/null 2>&1 - ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ - prefixlen ${stf_prefixlen} - # disallow packets to malicious 6to4 prefix - route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject - route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject - route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject - route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject - ;; - esac -} - -# Setup static routes -network6_static_routes_setup() -{ - # Set up any static routes. - case ${ipv6_defaultrouter} in - [Nn][Oo] | '') - ;; - *) - ipv6_static_routes="default ${ipv6_static_routes}" - ipv6_route_default="default ${ipv6_defaultrouter}" - ;; - esac - case ${ipv6_static_routes} in - [Nn][Oo] | '') - ;; - *) - for i in ${ipv6_static_routes}; do - ipv6_route_args=`get_if_var $i ipv6_route_IF` - route add -inet6 ${ipv6_route_args} - done - ;; - esac -} - -# Setup faith -network6_faith_setup() -{ - case ${ipv6_faith_prefix} in - [Nn][Oo] | '') - ;; - *) - sysctl net.inet6.ip6.keepfaith=1 - ifconfig faith0 create >/dev/null 2>&1 - ifconfig faith0 up - for prefix in ${ipv6_faith_prefix}; do - prefixlen=`expr "${prefix}" : ".*/\(.*\)"` - case ${prefixlen} in - '') - prefixlen=96 - ;; - *) - prefix=`expr "${prefix}" : \ - "\(.*\)/${prefixlen}"` - ;; - esac - route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 - route change -inet6 ${prefix} -prefixlen ${prefixlen} \ - -ifp faith0 - done - ;; - esac -} - -# Install the "default interface" to kernel, which will be used -# as the default route when there's no router. -network6_default_interface_setup() -{ - # Choose IPv6 default interface if it is not clearly specified. - case ${ipv6_default_interface} in - '') - for i in ${ipv6_network_interfaces}; do - case $i in - lo0|faith[0-9]*) - continue - ;; - esac - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_default_interface=$i - break - ;; - esac - done - ;; - esac - - # Disallow unicast packets without outgoing scope identifiers, - # or route such packets to a "default" interface, if it is specified. - route add -inet6 fe80:: -prefixlen 10 ::1 -reject - case ${ipv6_default_interface} in - [Nn][Oo] | '') - route add -inet6 ff02:: -prefixlen 16 ::1 -reject - ;; - *) - laddr=`network6_getladdr ${ipv6_default_interface}` - route add -inet6 ff02:: ${laddr} -prefixlen 16 -interface \ - -cloning - - # Disable installing the default interface with the - # case net.inet6.ip6.forwarding=0 and - # net.inet6.ip6.accept_rtadv=0, due to avoid conflict - # between the default router list and the manual - # configured default route. - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - ;; - *) - if [ `sysctl -n net.inet6.ip6.accept_rtadv` -eq 1 ] - then - ndp -I ${ipv6_default_interface} - fi - ;; - esac - ;; - esac -} - network6_getladdr() { ifconfig $1 2>/dev/null | while read proto addr rest; do Index: etc/rc.d/NETWORKING =================================================================== --- etc/rc.d/NETWORKING (revision 195133) +++ etc/rc.d/NETWORKING (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: NETWORKING NETWORK -# REQUIRE: netif netoptions routing network_ipv6 ppp ipfw +# REQUIRE: netif netoptions routing ppp ipfw stf faith # REQUIRE: defaultroute routed mrouted route6d mroute6d resolv # This is a dummy dependency, for services which require networking Index: etc/rc.d/network_ipv6 =================================================================== --- etc/rc.d/network_ipv6 (revision 195123) +++ etc/rc.d/network_ipv6 (working copy) @@ -1,126 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2000 The KAME Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# From: src/etc/rc.network6,v 1.29 2002/04/06 15:15:43 -# - -# PROVIDE: network_ipv6 -# REQUIRE: routing ip6fw -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="network_ipv6" -rcvar=`set_rcvar ipv6` -start_cmd="network_ipv6_start" - -network_ipv6_start() -{ - # disallow "internal" addresses to appear on the wire - route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject - route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject - - case ${ipv6_network_interfaces} in - [Aa][Uu][Tt][Oo]) - # Get a list of network interfaces - ipv6_network_interfaces="`ifconfig -l`" - ;; - [Nn][Oo][Nn][Ee]) - ipv6_network_interfaces='' - ;; - esac - - if checkyesno ipv6_gateway_enable; then - # act as a router - ${SYSCTL_W} net.inet6.ip6.forwarding=1 - ${SYSCTL_W} net.inet6.ip6.accept_rtadv=0 - - # wait for DAD - for i in $ipv6_network_interfaces; do - ifconfig $i up - done - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - else - # act as endhost - start with manual configuration - # Setup of net.inet6.ip6.accept_rtadv is done later by - # network6_interface_setup. - ${SYSCTL_W} net.inet6.ip6.forwarding=0 - fi - - if [ -n "${ipv6_network_interfaces}" ]; then - # Setup the interfaces - network6_interface_setup $ipv6_network_interfaces - - # wait for DAD's completion (for global addrs) - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - fi - - # Filter out interfaces on which IPv6 initialization failed. - if checkyesno ipv6_gateway_enable; then - ipv6_working_interfaces="" - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_working_interfaces="$i \ - ${ipv6_working_interfaces}" - ;; - esac - done - ipv6_network_interfaces=${ipv6_working_interfaces} - fi - - # Setup IPv6 to IPv4 mapping - network6_stf_setup - - # Install the "default interface" to kernel, which will be used - # as the default route when there's no router. - network6_default_interface_setup - - # Setup static routes - network6_static_routes_setup - - # Setup faith - network6_faith_setup - - # Support for IPv4 address tacked onto an IPv6 address - if checkyesno ipv6_ipv4mapping; then - echo 'IPv4 mapped IPv6 address support=YES' - ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null - else - echo 'IPv4 mapped IPv6 address support=NO' - ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null - fi -} - -load_rc_config $name -run_rc_command "$1" Index: etc/rc.d/devd =================================================================== --- etc/rc.d/devd (revision 195133) +++ etc/rc.d/devd (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: devd -# REQUIRE: netif network_ipv6 +# REQUIRE: netif # BEFORE: NETWORKING mountcritremote # KEYWORD: nojail shutdown Index: etc/rc.d/addswap =================================================================== --- etc/rc.d/addswap (revision 195133) +++ etc/rc.d/addswap (working copy) @@ -7,7 +7,6 @@ # PROVIDE: addswap # REQUIRE: FILESYSTEMS -# BEFORE: sysctl # KEYWORD: nojail . /etc/rc.subr Index: etc/rc.d/faith =================================================================== --- etc/rc.d/faith (revision 0) +++ etc/rc.d/faith (revision 0) @@ -0,0 +1,74 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: faith +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="faith" +start_cmd="faith_up" +stop_cmd="faith_down" + +faith_up() +{ + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + echo "Configuring faith0 interface: " + ${SYSCTL_W} net.inet6.ip6.keepfaith=1 + ifconfig faith0 create >/dev/null 2>&1 + ifconfig faith0 up + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 + route change -inet6 ${prefix} -prefixlen ${prefixlen} \ + -ifp faith0 + done + ifconfig faith0 + ;; + esac +} + +faith_down() +{ + echo "Removing faith0 interface." + ifconfig faith0 destroy + ${SYSCTL_W} net.inet6.ip6.keepfaith=0 + + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route delete -inet6 ${prefix} -prefixlen ${prefixlen} + done + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" Property changes on: etc/rc.d/faith ___________________________________________________________________ Added: svn:executable + * Index: etc/rc.d/sysctl =================================================================== --- etc/rc.d/sysctl (revision 195133) +++ etc/rc.d/sysctl (working copy) @@ -5,7 +5,7 @@ # PROVIDE: sysctl # REQUIRE: root -# BEFORE: DAEMON +# BEFORE: FILESYSTEMS . /etc/rc.subr Index: etc/rc.d/mroute6d =================================================================== --- etc/rc.d/mroute6d (revision 195133) +++ etc/rc.d/mroute6d (working copy) @@ -4,7 +4,8 @@ # # PROVIDE: mroute6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing +# BEFORE: NETWORKING # KEYWORD: nojail . /etc/rc.subr Index: etc/rc.d/stf =================================================================== --- etc/rc.d/stf (revision 0) +++ etc/rc.d/stf (revision 0) @@ -0,0 +1,77 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: stf +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="stf" +start_cmd="stf_up" +stop_cmd="stf_down" + +stf_up() +{ + case ${stf_interface_ipv4addr} in + [Nn][Oo] | '') + ;; + *) + # assign IPv6 addr and interface route for 6to4 interface + stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) + OIFS="$IFS" + IFS=".$IFS" + set ${stf_interface_ipv4addr} + IFS="$OIFS" + hexfrag1=`hexprint $(($1*256 + $2))` + hexfrag2=`hexprint $(($3*256 + $4))` + ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" + case ${stf_interface_ipv6_ifid} in + [Aa][Uu][Tt][Oo] | '') + for i in ${ipv6_network_interfaces}; do + laddr=`network6_getladdr ${i}` + case ${laddr} in + '') + ;; + *) + break + ;; + esac + done + stf_interface_ipv6_ifid=`expr "${laddr}" : \ + 'fe80::\(.*\)%\(.*\)'` + case ${stf_interface_ipv6_ifid} in + '') + stf_interface_ipv6_ifid=0:0:0:1 + ;; + esac + ;; + esac + echo "Configuring stf0 interface: " + ifconfig stf0 create >/dev/null 2>&1 + ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ + prefixlen ${stf_prefixlen} + ifconfig stf0 + # disallow packets to malicious 6to4 prefix + route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject + route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject + route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject + route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject + ;; + esac +} + +stf_down() +{ + echo "Removing stf0 interface." + ifconfig stf0 destroy + route delete -inet6 2002:e000:: -prefixlen 20 ::1 + route delete -inet6 2002:7f00:: -prefixlen 24 ::1 + route delete -inet6 2002:0000:: -prefixlen 24 ::1 + route delete -inet6 2002:ff00:: -prefixlen 24 ::1 +} + +load_rc_config $name +run_rc_command "$1" Property changes on: etc/rc.d/stf ___________________________________________________________________ Added: svn:executable + * Index: etc/rc.d/ip6addrctl =================================================================== --- etc/rc.d/ip6addrctl (revision 195133) +++ etc/rc.d/ip6addrctl (working copy) @@ -4,8 +4,8 @@ # # PROVIDE: ip6addrctl -# REQUIRE: FILESYSTEMS netif -# BEFORE: network_ipv6 +# REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr @@ -52,7 +52,7 @@ ip6addrctl install /etc/ip6addrctl.conf checkyesno ip6addrctl_verbose && ip6addrctl else - if checkyesno ipv6_enable; then + if checkyesno ipv6_prefer; then ip6addrctl_prefer_ipv6 else ip6addrctl_prefer_ipv4 Index: etc/rc.d/Makefile =================================================================== --- etc/rc.d/Makefile (revision 195133) +++ etc/rc.d/Makefile (working copy) @@ -4,13 +4,13 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ abi accounting addswap adjkerntz amd \ - apm apmd archdep atm1 atm2 atm3 auditd auto_linklocal \ + apm apmd archdep atm1 atm2 atm3 auditd \ bgfsck bluetooth bootparams bridge bsnmpd bthidd \ ccd cleanvar cleartmp cron \ ddb defaultroute devd devfs dhclient \ dmesg dumpon \ encswap \ - fsck ftp-proxy ftpd \ + faith fsck ftp-proxy ftpd \ gbde geli geli2 gssd \ hcsecd \ hostapd hostid hostname \ @@ -23,7 +23,7 @@ mixer motd mountcritlocal mountcritremote mountlate \ mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \ named natd netif netoptions \ - network_ipv6 newsyslog nfsclient nfscbd nfsd \ + newsyslog nfsclient nfscbd nfsd \ nfsserver nfsuserd nisdomain nsswitch ntpd ntpdate \ othermta \ pf pflog pfsync \ @@ -32,7 +32,7 @@ random rarpd resolv rfcomm_pppd_server root \ route6d routed routing rpcbind rtadvd rwho \ savecore sdpd securelevel sendmail \ - serial sppp statd swap1 \ + serial sppp statd stf swap1 \ syscons sysctl syslogd \ timed tmp \ ugidfw \ Index: etc/rc.d/route6d =================================================================== --- etc/rc.d/route6d (revision 195133) +++ etc/rc.d/route6d (working copy) @@ -4,22 +4,35 @@ # # PROVIDE: route6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing # KEYWORD: nojail . /etc/rc.subr name="route6d" - -# XXX - Executable may be in a different location. The $name variable -# is different from the variable in rc.conf(5) so the -# subroutines in rc.subr won't catch it. In this case, it -# is also needed by the eval statement in the FreeBSD conditional. -# +rcvar=`set_rcvar` load_rc_config $name -rcvar="ipv6_router_enable" -command="${ipv6_router:-/usr/sbin/${name}}" -eval ${name}_flags=\"${ipv6_router_flags}\" +case ${ipv6_router_enable} in +"") ;; +*) + warn "\$ipv6_router_enable is obsolete. Use \$route6d_enable instead." + route6d_enable=$ipv6_router_enable + ;; +esac +case ${ipv6_router} in +"") ;; +*) + warn "\$ipv6_router is obsolete. Use \$route6d_program instead." + route6d_program=$ipv6_router + ;; +esac +case ${router_flags} in +"") ;; +*) + warn "\$ipv6_router_flags is obsolete. Use \$route6d_flags instead." + route6d_flags=$ipv6_router_flags + ;; +esac run_rc_command "$1" Index: etc/rc.d/netoptions =================================================================== --- etc/rc.d/netoptions (revision 195133) +++ etc/rc.d/netoptions (working copy) @@ -5,10 +5,15 @@ # PROVIDE: netoptions # REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr +name="netoptions" +start_cmd="netoptions_start" +stop_cmd=: + _netoptions_initdone= netoptions_init() { @@ -18,75 +23,58 @@ fi } -load_rc_config 'XXX' +netoptions_start() +{ + if checkyesno log_in_vain; then + netoptions_init + echo -n " log_in_vain=${log_in_vain}" + ${SYSCTL_W} net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null + ${SYSCTL_W} net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null + fi -case ${log_in_vain} in -[Nn][Oo] | '') - log_in_vain=0 - ;; -[Yy][Ee][Ss]) - log_in_vain=1 - ;; -[0-9]*) - ;; -*) - netoptions_init - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; -esac + if checkyesno tcp_extensions; then + netoptions_init + echo -n ' rfc1323 extensions=NO' + ${SYSCTL_W} net.inet.tcp.rfc1323=0 >/dev/null + fi -if [ "${log_in_vain}" -ne 0 ]; then - netoptions_init - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null -fi + if ! checkyesno tcp_keepalive; then + netoptions_init + echo -n ' TCP keepalive=NO' + ${SYSCTL_W} net.inet.tcp.always_keepalive=0 >/dev/null + fi -case ${tcp_extensions} in -[Yy][Ee][Ss] | '') - ;; -*) - netoptions_init - echo -n ' tcp extensions=NO' - sysctl net.inet.tcp.rfc1323=0 >/dev/null - ;; -esac + if checkyesno tcp_drop_synfin; then + netoptions_init + echo -n ' drop SYN+FIN packets=YES' + ${SYSCTL_W} net.inet.tcp.drop_synfin=1 >/dev/null + fi -case ${tcp_keepalive} in -[Nn][Oo]) - netoptions_init - echo -n ' TCP keepalive=NO' - sysctl net.inet.tcp.always_keepalive=0 >/dev/null - ;; -esac + case ${ip_portrange_first} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_first=$ip_portrange_first" + ${SYSCTL_W} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null + ;; + esac -case ${tcp_drop_synfin} in -[Yy][Ee][Ss]) - netoptions_init - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null - ;; -esac + case ${ip_portrange_last} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_last=$ip_portrange_last" + ${SYSCTL_W} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null + ;; + esac -case ${ip_portrange_first} in -[Nn][Oo] | '') - ;; -*) - netoptions_init - echo -n " ip_portrange_first=$ip_portrange_first" - sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null - ;; -esac + if checkyesno ipv6_ipv4mapping; then + ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null + else + echo -n " no-ipv4-mapped-ipv6" + ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null + fi -case ${ip_portrange_last} in -[Nn][Oo] | '') - ;; -*) - netoptions_init - echo -n " ip_portrange_last=$ip_portrange_last" - sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null - ;; -esac + [ -n "${_netoptions_initdone}" ] && echo '.' +} -[ -n "${_netoptions_initdone}" ] && echo '.' +load_rc_config $name +run_rc_command $1 Index: etc/rc.d/auto_linklocal =================================================================== --- etc/rc.d/auto_linklocal (revision 195123) +++ etc/rc.d/auto_linklocal (working copy) @@ -1,33 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: auto_linklocal -# REQUIRE: root -# BEFORE: sysctl -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="auto_linklocal" -start_cmd="auto_linklocal_start" -stop_cmd=":" - -auto_linklocal_start() -{ - if ! checkyesno ipv6_enable && ${SYSCTL} net.inet6 > /dev/null 2>&1; then - if ! ${SYSCTL_W} net.inet6.ip6.auto_linklocal=0 >/dev/null 2>&1; then - warn "failed to set sysctl(8)" - return 1 - fi - laddr=`network6_getladdr lo0` - if [ -z "${laddr}" ]; then - ifconfig lo0 inet6 fe80::1 prefixlen 64 - fi - fi -} - -load_rc_config $name -run_rc_command "$1" Index: etc/rc.d/routed =================================================================== --- etc/rc.d/routed (revision 195133) +++ etc/rc.d/routed (working copy) @@ -10,13 +10,29 @@ . /etc/rc.subr name="routed" +rcvar=`set_rcvar` +load_rc_config $name -# XXX - Executable may be in a different location. The $name variable -# is different from the variable in rc.conf(5) so the -# subroutines in rc.subr won't catch it. -# -load_rc_config $name -rcvar="router_enable" -command="${router:-/sbin/${name}}" -eval ${name}_flags=\"${router_flags}\" +case ${router_enable} in +"") ;; +*) + warn "\$router_enable is obsolete. Use \$routed_enable instead." + routed_enable=$router_enable + ;; +esac +case ${router} in +"") ;; +*) + warn "\$router is obsolete. Use \$routed_program instead." + routed_program=$router + ;; +esac +case ${router_flags} in +"") ;; +*) + warn "\$router_flags is obsolete. Use \$routed_flags instead." + routed_flags=$router_flags + ;; +esac + run_rc_command "$1" Index: etc/rc.d/defaultroute =================================================================== --- etc/rc.d/defaultroute (revision 195133) +++ etc/rc.d/defaultroute (working copy) @@ -6,7 +6,7 @@ # # PROVIDE: defaultroute -# REQUIRE: devd netif network_ipv6 +# REQUIRE: devd netif # KEYWORD: nojail . /etc/rc.subr @@ -18,7 +18,7 @@ defaultroute_start() { - local output carrier nocarrier + local output carrier nocarrier nl # Return without waiting if we don't have dhcp interfaces or # if none of the dhcp interfaces is plugged in. @@ -41,6 +41,7 @@ if [ -n "${defif}" ]; then if [ ${delay} -ne ${defaultroute_delay} ]; then echo -n "($defif)" + nl=1 fi break fi @@ -49,11 +50,12 @@ else echo -n . fi + nl=1 sleep 1 delay=`expr $delay - 1` done - echo + [ -n "$nl" ] && echo } load_rc_config $name Index: etc/rc.d/rtadvd =================================================================== --- etc/rc.d/rtadvd (revision 195133) +++ etc/rc.d/rtadvd (working copy) @@ -40,10 +40,25 @@ # get a list of interfaces and enable it on them # case ${rtadvd_interfaces} in - '') + [Aa][Uu][Tt][Oo]|'') for i in `ifconfig -l` ; do case $i in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*|\ + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) continue ;; *) Index: etc/rc.d/routing =================================================================== --- etc/rc.d/routing (revision 195133) +++ etc/rc.d/routing (working copy) @@ -21,17 +21,75 @@ routing_start() { - static_start - options_start + static_start $* + options_start $* } routing_stop() { + static_stop $* route -n flush + for i in ${ipv6_network_interfaces}; do + ifconfig $i inet6 -defaultif + done } static_start() { + _af=$1 + + case ${_af} in + inet | ipv4 | ip4) + do_static ipv4 add + ;; + inet6 | ipv6 | ip6) + do_static ipv6 add + ;; + atm) + do_static atm add + ;; + *) + do_static ipv4 add + do_static ipv6 add + do_static atm add + ;; + esac +} + +static_stop() +{ + _af=$1 + + case ${_af} in + inet | ipv4 | ip4) + do_static ipv4 delete + ;; + inet6 | ipv6 | ip6) + do_static ipv6 delete + ;; + atm) + do_static atm delete + ;; + *) + do_static ipv4 delete + do_static ipv6 delete + do_static atm delete + ;; + esac +} + +do_static() +{ + _af=$1 + _action=$2 + + eval $1_static $2 +} + +ipv4_static() +{ + _action=$1 + case ${defaultrouter} in [Nn][Oo] | '') ;; @@ -41,20 +99,128 @@ ;; esac - # Setup static routes. This should be done before router discovery. - # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} + route_args=`get_if_var $i route_IF` + route ${_action} ${route_args} done fi - # Now ATM static routes - # +} + +ipv6_static() +{ + _action=$1 + + # disallow "internal" addresses to appear on the wire + route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="default ${ipv6_static_routes}" + ipv6_route_default="default ${ipv6_defaultrouter}" + ;; + esac + + if [ -n "${ipv6_static_routes}" ]; then + for i in ${ipv6_static_routes}; do + ipv6_route_args=`get_if_var $i ipv6_route_IF` + route ${_action} -inet6 ${route_args} + done + fi + + # Fixup $ipv6_network_interfaces + case ${ipv6_network_interfaces} in + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; + esac + + if checkyesno ipv6_gateway_enable; then + for i in ${ipv6_network_interfaces}; do + + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_working_interfaces="$i \ + ${ipv6_working_interfaces}" + ;; + esac + done + ipv6_network_interfaces=${ipv6_working_interfaces} + fi + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + case "${ipv6_default_interface}" in + [Nn][Oo] | [Nn][Oo][Nn][Ee]) + ipv6_default_interface="" + ;; + [Aa][Uu][Tt][Oo] | "") + for i in ${ipv6_network_interfaces}; do + case $i in + lo0|faith[0-9]*) + continue + ;; + esac + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_default_interface=$i + break + ;; + esac + done + ;; + esac + + # Disallow unicast packets without outgoing scope identifiers, + # or route such packets to a "default" interface, if it is specified. + route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject + + case ${ipv6_default_interface} in + '') + route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject + ;; + *) + laddr=`network6_getladdr ${ipv6_default_interface}` + route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface + + # Disable installing the default interface with the + # case net.inet6.ip6.forwarding=0 and + # the interface with no ND6_IFF_ACCEPT_RTADV + # to avoid conflict between the default router list and + # the manual configured default route. + if ! checkyesno ipv6_gateway_enable; then + ifconfig ${ipv6_default_interface} nd6 | \ + while read proto options + do + case "${proto}:${options}" in + nd6:*ACCEPT_RTADV*) + ifconfig ${ipv6_default_interface} inet6 defaultif + break + ;; + esac + done + fi + ;; + esac +} + +atm_static() +{ + _action=$1 + if [ -n "${natm_static_routes}" ]; then for i in ${natm_static_routes}; do - eval route_args=\$route_${i} - atmconfig natm add ${route_args} + route_args=`get_if_var $i route_IF` + atmconfig natm ${_action} ${route_args} done fi } @@ -70,72 +236,62 @@ options_start() { - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) + if checkyesno icmp_bmcastecho; then ropts_init echo -n ' broadcast ping responses=YES' sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac + fi - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_drop_redirect; then ropts_init echo -n ' ignore ICMP redirect=YES' sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac + fi - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_log_redirect; then ropts_init echo -n ' log ICMP redirect=YES' sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac + fi - case ${gateway_enable} in - [Yy][Ee][Ss]) + if checkyesno gateway_enable; then ropts_init - echo -n ' IP gateway=YES' + echo -n ' IPv4 gateway=YES' sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac + fi - case ${forward_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno ipv6_gateway_enable; then ropts_init + echo -n ' IPv6 gateway=YES' + sysctl net.inet6.ip6.forwarding=1 >/dev/null + fi + + if checkyesno forward_sourceroute; then + ropts_init echo -n ' do source routing=YES' sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac + fi - case ${accept_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno accept_sourceroute; then ropts_init echo -n ' accept source routing=YES' sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac + fi - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) + if checkyesno ipxgateway_enable; then ropts_init echo -n ' IPX gateway=YES' sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac + fi - case ${arpproxy_all} in - [Yy][Ee][Ss]) + if checkyesno arpproxy_all; then ropts_init echo -n ' ARP proxyall=YES' sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac + fi [ -n "${_ropts_initdone}" ] && echo '.' } load_rc_config $name -run_rc_command "$1" +run_rc_command $* Index: etc/defaults/rc.conf =================================================================== --- etc/defaults/rc.conf (revision 195123) +++ etc/defaults/rc.conf (working copy) @@ -196,6 +196,8 @@ ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. #ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. +#ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry +#ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias #ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. #wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device #wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlanddebug(8) @@ -360,9 +362,12 @@ static_routes="" # Set to static route list (or leave empty). natm_static_routes="" # Set to static route list for NATM (or leave empty). gateway_enable="NO" # Set to YES if this host will be a gateway. -router_enable="NO" # Set to YES to enable a routing daemon. -router="/sbin/routed" # Name of routing daemon to use if enabled. -router_flags="-q" # Flags for routing daemon. +routed_enable="NO" # Set to YES to enable a routing daemon. +#router_enable="NO" # (works but obsolete) +routed_program="/sbin/routed" # Name of routing daemon to use if enabled. +#router="/sbin/routed" # (works but obsolete) +routed_flags="-q" # Flags for routing daemon. +#router_flags="-q" # (works but obsolete) mrouted_enable="NO" # Do IPv4 multicast routing. mrouted_program="/usr/local/sbin/mrouted" # Name of IPv4 multicast # routing daemon. You need to @@ -417,8 +422,8 @@ icmp_bmcastecho="NO" # respond to broadcast ping packets ### IPv6 options: ### -ipv6_enable="NO" # Set to YES to set up for IPv6. -ipv6_network_interfaces="auto" # List of network interfaces (or "auto"). +ipv6_network_interfaces="none" # List of IPv6 network interfaces + # (or "auto" or "none"). ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). #ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) ipv6_static_routes="" # Set to static route list (or leave empty). @@ -426,20 +431,22 @@ # route toward loopback interface. #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway. -ipv6_router_enable="NO" # Set to YES to enable an IPv6 routing daemon. -ipv6_router="/usr/sbin/route6d" # Name of IPv6 routing daemon. -ipv6_router_flags="" # Flags to IPv6 routing daemon. -#ipv6_router_flags="-l" # Example for route6d with only IPv6 site local + +route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon. +#ipv6_router_enable="NO" # (works but obsolete) +route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon. +#ipv6_router="/usr/sbin/route6d" # (works but obsolete) +route6d_flags="" # Flags to IPv6 routing daemon. +#ipv6_router_flags="" # (works but obsolete) +#route6d_flags="-l" # Example for route6d with only IPv6 site local # addrs. -#ipv6_router_flags="-q" # If you want to run a routing daemon on an end +#route6d_flags="-q" # If you want to run a routing daemon on an end # node, you should stop advertisement. #ipv6_network_interfaces="ed0 ep0" # Examples for router # or static configuration for end node. # Choose correct prefix value. #ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr. #ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr. -#ipv6_ifconfig_ed0="fec0:0:0:5::1 prefixlen 64" # Sample manual assign entry -#ipv6_ifconfig_ed0_alias0="fec0:0:0:5::2 prefixlen 64" # Sample alias entry. ipv6_default_interface="NO" # Default output interface for scoped addrs. # Now this works only for IPv6 link local # multicast addrs. @@ -481,6 +488,7 @@ # for examples ip6addrctl_enable="YES" # Set to YES to enable default address selection ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages +ipv6_prefer="NO" # Use IPv6 when both IPv4 and IPv6 can be used ############################################################## ### System console options ################################# Index: share/man/man5/rc.conf.5 =================================================================== --- share/man/man5/rc.conf.5 (revision 195123) +++ share/man/man5/rc.conf.5 (working copy) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 10, 2009 +.Dd June 28, 2009 .Dt RC.CONF 5 .Os .Sh NAME @@ -344,11 +344,6 @@ .Xr dhclient 8 is used to set the hostname via DHCP, this variable should be set to an empty string. -.It Va ipv6_enable -.Pq Vt bool -Enable support for IPv6 networking. -Note that this requires that the kernel has been compiled with -.Cd "options INET6" . .It Va nisdomainname .Pq Vt str The NIS domain name of this host, or @@ -1251,28 +1246,45 @@ Instead of setting the ifconfig variables as .Va ifconfig_ Ns Aq Ar interface they should be set as -.Va ipv6_ifconfig_ Ns Aq Ar interface . +.Va ifconfig_ipv6_ Ns Aq Ar interface . Aliases should be set as -.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . +.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . .Va ipv6_prefix_ Ns Aq Ar interface does something. -Interfaces that do not have a -.Va ipv6_ifconfig_ Ns Aq Ar interface -setting will be auto configured by +Interfaces that have a +.Fl accept_rtadv +flag in +.Va ifconfig_ipv6_ Ns Aq Ar interface +setting will be automatically configured by .Xr rtsol 8 if the .Va ipv6_gateway_enable is set to .Dq Li NO . -Note that the IPv6 networking code does not support the -.Pa /etc/start_if. Ns Aq Ar interface -files. .It Va ipv6_default_interface .Pq Vt str If not set to .Dq Li NO , this is the default output interface for scoped addresses. Now this works only for IPv6 link local multicast addresses. +.It Va ip6addrctl_enable +.Pq Vt bool +If set to +.Dq Li YES , +install default address selection policy table +.Pq RFC 3484 . +If a file +.Pa /etc/ip6addrctl.conf +is found the +.Xr ip6addrctl 8 +reads and installs it. +If not, a pre-defined policy table will be installed. +There are two pre-defined ones; IPv4-preferred and IPv6-preferred. +If set +.Va ipv6_prefer +variable to +.Dq Li YES +the IPv6-preferred one is used. Default is IPv4-preferred. .It Va cloned_interfaces .Pq Vt str Set to the list of clonable network interfaces to create on this host. @@ -2284,48 +2296,48 @@ .Pq Vt bool The IPv6 equivalent of .Va gateway_enable . -.It Va router_enable +.It Va routed_enable .Pq Vt bool If set to .Dq Li YES , run a routing daemon of some sort, based on the settings of -.Va router +.Va routed_program and -.Va router_flags . -.It Va ipv6_router_enable +.Va routed_flags . +.It Va route6d_enable .Pq Vt bool The IPv6 equivalent of -.Va router_enable . +.Va routed_enable . If set to .Dq Li YES , run a routing daemon of some sort, based on the settings of -.Va ipv6_router +.Va route6d_program and -.Va ipv6_router_flags . -.It Va router +.Va route6d_flags . +.It Va routed_program .Pq Vt str If -.Va router_enable +.Va routed_enable is set to .Dq Li YES , this is the name of the routing daemon to use. -.It Va ipv6_router +.It Va route6d_program .Pq Vt str The IPv6 equivalent of -.Va router . -.It Va router_flags +.Va routed_program . +.It Va routed_flags .Pq Vt str If -.Va router_enable +.Va routed_enable is set to .Dq Li YES , these are the flags to pass to the routing daemon. -.It Va ipv6_router_flags +.It Va route6d_flags .Pq Vt str The IPv6 equivalent of -.Va router_flags . +.Va routed_flags . .It Va mrouted_enable .Pq Vt bool If set to ----Next_Part(Sun_Jun_28_19_43_42_2009_953)---- ----Security_Multipart0(Sun_Jun_28_19_43_42_2009_102)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEABECAAYFAkpHSV4ACgkQTyzT2CeTzy1XsgCfSdCbvhmEkulrDh6AXBmjb/LJ c7cAnjVmmljClEQwgA5S5LMlGHQ+y7zA =q3rG -----END PGP SIGNATURE----- ----Security_Multipart0(Sun_Jun_28_19_43_42_2009_102)---- From owner-freebsd-rc@FreeBSD.ORG Mon Jun 29 11:07:06 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B62FE106564A for ; Mon, 29 Jun 2009 11:07:06 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 994478FC24 for ; Mon, 29 Jun 2009 11:07:06 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5TB761J046476 for ; Mon, 29 Jun 2009 11:07:06 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5TB76Td046472 for freebsd-rc@FreeBSD.org; Mon, 29 Jun 2009 11:07:06 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 29 Jun 2009 11:07:06 GMT Message-Id: <200906291107.n5TB76Td046472@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-rc@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Jun 2009 11:07:07 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/134918 rc rc.subr fails to detect perl daemons o conf/134660 rc [patch] rc-script for initializing ng_netflow+ng_ipfw o conf/134333 rc PPP configuration problem in the rc.d scripts in combi o conf/134006 rc [patch] Unload console screensaver kernel modules if s o conf/133987 rc [rc.d] defaultroute broken with DHCP in some cases o conf/133890 rc [patch] sshd(8): add multiple profiles to the rc.d scr o conf/132766 rc wait_for_pids() in /etc/rc.subr is dull. o conf/132483 rc rc.subr(8) [patch] setfib(1) support for rc.subr o conf/132476 rc [rc.d] [patch] add support setfib(1) in rc.d/routing o conf/130414 rc [patch] rc services started with onestart are not stop o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/127917 rc [patch] dumpon rejects on start with physmem>swap even o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when o conf/126392 rc [patch] rc.conf ifconfig_xx keywords cannot be escaped o bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [jail] [patch] add support for nice value for rc.d/jai o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc.d] /etc/rc.d/netif tries to remove alias a o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/108589 rc rtsol(8) fails due to default ipfw rules o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 57 problems total. From owner-freebsd-rc@FreeBSD.ORG Wed Jul 1 10:40:30 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5BAAD1065672; Wed, 1 Jul 2009 10:40:30 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (relay02.stack.nl [131.155.140.104]) by mx1.freebsd.org (Postfix) with ESMTP id D56158FC13; Wed, 1 Jul 2009 10:40:29 +0000 (UTC) (envelope-from jilles@stack.nl) Received: by mx1.stack.nl (Postfix, from userid 65534) id 5299C358C2E; Wed, 1 Jul 2009 12:17:51 +0200 (CEST) X-Spam-DCC: : X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on hammer.stack.nl X-Spam-Level: * X-Spam-Status: No, score=1.5 required=5.0 tests=BAYES_00,DATE_IN_PAST_06_12, J_CHICKENPOX_12,J_CHICKENPOX_21,J_CHICKENPOX_24,J_CHICKENPOX_32, J_CHICKENPOX_34,NO_RELAYS autolearn=no version=3.2.5 X-Spam-Relay-Country: Received: from toad.stack.nl (toad.stack.nl [IPv6:2001:610:1108:5010::135]) by mx1.stack.nl (Postfix) with ESMTP id F270A35BD9E; Wed, 1 Jul 2009 09:06:37 +0200 (CEST) Received: by toad.stack.nl (Postfix, from userid 1677) id 4E7F574CAD; Wed, 1 Jul 2009 00:41:10 +0200 (CEST) Date: Wed, 1 Jul 2009 00:41:10 +0200 From: Jilles Tjoelker To: Hiroki Sato Message-ID: <20090630224110.GA33900@stack.nl> References: <20090628.194342.254155418.hrs@allbsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090628.194342.254155418.hrs@allbsd.org> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-rc@FreeBSD.org Subject: Re: RFC: integrate network_ipv6 to netif and tidy up several rc.d scripts X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2009 10:40:30 -0000 On Sun, Jun 28, 2009 at 07:43:42PM +0900, Hiroki Sato wrote: > I would like your review on the attached patch. Changes are the > following: > > 1. Integrate IPv6 interface configuration to rc.d/netif. Also, IPv6 > routing and options are handled rc.d/routing and rc.d/netoptions > now. If no INET6, IPv6 configuration is safely ignored. > > 2. rc.conf variable change. > > ipv6_enable -> (removed) > ipv6_ifconfig_IF -> ifconfig_ipv6_IF > ipv6_ifconfig_IF_aliasN -> ifconfig_IF_aliasN (same as IPv4) > > The old variables still valid, but display a warning. > > 3. rc.d/routed and rc.d/route6d now accept standard rc.d variables > like $routed_enable. The old $router_enable, $ipv6_router_enable > and so on are still valid, but display a warning. > > 4. Clean up rc.d/netoptions to adjust it to the rc.d framework. No > functional change but IPv6 specific options are added. > > 5. Remove rc.d/auto_linklocal and rc.d/network_ipv6. No longer > needed. > > 6. Fix rc.d/defaultroute to suppress an extra blank line. > > 7. rc.conf(5) update. The default value of $ipv6_network_interfaces > is changed from "auto" to "none". > > Basically these changes should be backward compatible except for > $ipv6_enable and $ipv6_network_interfaces. Note that a part of these > changes depend on another patch I posted on -net@ recently (ifconfig > ND6 flags and so on), so simply applying the diff to the current > system does not work. > Any comments (or objections) are welcome. Some comments about the shell scripting, inline. > Index: etc/network.subr > =================================================================== > --- etc/network.subr (revision 195123) > +++ etc/network.subr (working copy) > [...] > + # inet6 specific > + if afexists ipv6; then > + if ipv6if $1; then > + if checkyesno ipv6_gateway_enable ]; then What's this ']'? > [...] > -# _ifconfig_getargs if > +# _ifconfig_getargs if [af] > # Echos the arguments for the supplied interface to stdout. > # returns 1 if empty. In general, ifconfig_getargs should be used > # outside this file. > _ifconfig_getargs() > { > _ifn=$1 > + case $2 in > + "") _af= ;; > + *) _af=_$2 ;; > + esac > + This can be done more simply: _af=${2:+_$2} > if [ -z "$_ifn" ]; then > return 1 > fi > > - get_if_var $_ifn ifconfig_IF "$ifconfig_DEFAULT" > + get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" > } > [...] > +# afexists af > +# Returns 0 if the address family is enabled in the kernel > +# 1 otherwise. > +afexists() > +{ > + _af=$1 > + > + case ${_af} in > + inet|ipv4|ip|ip4) > + if ${SYSCTL_N} net.inet > /dev/null; then > + return 0 > + else > + return 1 > + fi > + ;; > + inet6|ipv6|ip6) > + if ${SYSCTL_N} net.inet6 > /dev/null; then > + return 0 > + else > + return 1 > + fi > + ;; > + esac > +} Here and elsewhere, consider using 'local' (even though it's not POSIX, it is already used and rather useful) or not copying the parameter into a variable at all. Otherwise strange bugs may occur due to variables being corrupted by seemingly innocuous function calls. The redirection should be > /dev/null 2>&1 to avoid an error message if the address family is not enabled. There should be a default case which possibly prints an error message and returns 1. > # ipv6if if > # Returns 0 if the interface should be configured for IPv6 and > # 1 otherwise. > ipv6if() > { > - if ! checkyesno ipv6_enable; then > + _if=$1 > + > + if ! afexists ipv6; then > return 1 > fi > + > + # lo0 is always IPv6-enabled > + case $_if in > + lo[0-9]*) > + return 0 > + ;; > + esac > + > case "${ipv6_network_interfaces}" in > [Aa][Uu][Tt][Oo]) > return 0 > @@ -292,14 +367,61 @@ > return 1 > ;; > esac > - for v6if in ${ipv6_network_interfaces}; do > - if [ "${v6if}" = "${1}" ]; then > + for i in ${ipv6_network_interfaces}; do > + if [ "$i" = "$_if" ]; then Unnecessary change which might cause trouble because i is not local. > return 0 > fi > done > return 1 > } > [...] > + > +# ifalias_ipv4_up if > +# Helper function for ifalias_up(). Handles IPv4. > +# > +ifalias_ipv4_up() > +{ > + _ret=1 > + > alias=0 > while : ; do > ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` > - if [ -n "${ifconfig_args}" ]; then > + case "${ifconfig_args}" in > + inet\ *) > ifconfig $1 ${ifconfig_args} alias > alias=$((${alias} + 1)) > _ret=0 > - else > + ;; > + *) > break > - fi > + ;; > + esac > done > return $_ret > } It looks like this will stop processing the aliases as soon as it finds an inet6 one. ifalias_ipv6_up, ifalias_ipv4_down and ifalias_ipv6_down seem similarly affected. > -#ifalias_down if > +# ifalias_ipv6_up if > +# Helper function for ifalias_up(). Handles IPv6. > +# > +ifalias_ipv6_up() > +{ > + _ret=1 > + > + alias=0 > + while : ; do > + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` > + case "${ifconfig_args}" in > + inet6\ *) > + ifconfig $1 ${ifconfig_args} alias > + alias=$((${alias} + 1)) > + _ret=0 > + ;; > + *) > + break > + ;; > + esac > + done > + > + # backward compatibility: ipv6_ifconfig_IF_aliasN. > + alias=0 > + while : ; do > + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` > + case "${ifconfig_args}" in > + "") > + break > + ;; > + *) > + ifconfig $1 inet6 ${ifconfig_args} alias > + alias=$((${alias} + 1)) > + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." > + " Use ifconfig_$1_alias${alias} instead." > + _ret=0 > + ;; > + esac > + done > + return $_ret > +} The warning message is wrong in the sense that ifconfig_$1_alias${alias} will not work if there are also IPv4 aliases. You could count the number of IPv4 aliases and add that in, but it may be more appropriate to print a single warning message. > [...] > +# ipv6_prefix_hostid_addr_up if > +# add IPv6 prefix + hostid addr to the interface $if > +ipv6_prefix_hostid_addr_up() > +{ > + _if=$1 > + prefix=`get_if_var ${_if} ipv6_prefix_IF` > + > + if [ -n "${prefix}" ]; then > + laddr=`network6_getladdr ${_if}` > + hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` Faster: hostid=${laddr#fe80::} hostid=${hostid%\%*} > + for j in ${prefix}; do > + address=$j\:${hostid} > + ifconfig ${_if} inet6 ${address} prefixlen 64 alias > + > + # if I am a router, add subnet router > + # anycast address (RFC 2373). > + if checkyesno ipv6_gateway_enable; then > + ifconfig ${_if} inet6 $j:: prefixlen 64 \ > + alias anycast > + fi > + done > + fi > +} > [...] > @@ -708,6 +1066,7 @@ > > # Get a list of ALL the interfaces and make lo0 first if it's there. > # > + _tmplist= > case ${network_interfaces} in > [Aa][Uu][Tt][Oo]) > _prefix='' Looks like a possible bugfix. Because _tmplist is overwritten in the * case, it may be more appropriate to put this assignment under the auto case. > @@ -737,26 +1096,49 @@ > > # Separate out dhcp and non-dhcp interfaces > # > - _aprefix= > - _bprefix= > - for _if in ${_tmplist} ; do > - if dhcpif $_if; then > - _dhcplist="${_dhcplist}${_aprefix}${_if}" > - [ -z "$_aprefix" ] && _aprefix=' ' > - elif [ -n "`_ifconfig_getargs $_if`" ]; then > - _nodhcplist="${_nodhcplist}${_bprefix}${_if}" > - [ -z "$_bprefix" ] && _bprefix=' ' > - fi > - done > - > + _list= > + _prefix= > case "$type" in > nodhcp) > - echo $_nodhcplist > + for _if in ${_tmplist} ; do > + if ! dhcpif $_if && \ > + [ -n "`_ifconfig_getargs $_if`" ]; then > + _list="${_list}${_prefix}${_if}" > + [ -z "$_prefix" ] && _prefix=' ' > + fi > + done > + echo $_list The _prefix variable is unnecessary complication. Just _list="${_list} ${_if}" will do. Word splitting in echo $_list will drop the initial space. If word splitting weren't acceptable, echo "${_list# }" would remove it as well; this could simplify the auto case above. > [...] > Index: etc/rc.d/addswap > =================================================================== > --- etc/rc.d/addswap (revision 195133) > +++ etc/rc.d/addswap (working copy) > @@ -7,7 +7,6 @@ > # PROVIDE: addswap > # REQUIRE: FILESYSTEMS > -# BEFORE: sysctl > # KEYWORD: nojail > [...] > Index: etc/rc.d/sysctl > =================================================================== > --- etc/rc.d/sysctl (revision 195133) > +++ etc/rc.d/sysctl (working copy) > @@ -5,7 +5,7 @@ > > # PROVIDE: sysctl > # REQUIRE: root > -# BEFORE: DAEMON > +# BEFORE: FILESYSTEMS > . /etc/rc.subr I think these two changes need separate consideration. > [...] > Index: etc/rc.d/defaultroute > =================================================================== > --- etc/rc.d/defaultroute (revision 195133) > +++ etc/rc.d/defaultroute (working copy) > [...] > delay=`expr $delay - 1` delay=$((delay - 1)) > [...] > Index: etc/rc.d/rtadvd > =================================================================== > --- etc/rc.d/rtadvd (revision 195133) > +++ etc/rc.d/rtadvd (working copy) > @@ -40,10 +40,25 @@ > # get a list of interfaces and enable it on them > # > case ${rtadvd_interfaces} in > - '') > + [Aa][Uu][Tt][Oo]|'') > for i in `ifconfig -l` ; do > case $i in > - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) > + lo0|\ > + stf[0-9]*|\ > + faith[0-9]*|\ > + lp[0-9]*|\ > + sl[0-9]*|\ > + pflog[0-9]*|\ > + pfsync[0-9]*|\ > + an[0-9]*|\ > + ath[0-9]*|\ > + ipw[0-9]*|\ > + iwi[0-9]*|\ > + iwn[0-9]*|\ > + ral[0-9]*|\ > + wi[0-9]*|\ > + wl[0-9]*|\ > + wpi[0-9]*) > continue > ;; > *) Hmm, any reason you're removing gif[0-9]* here? > Index: etc/rc.d/routing > =================================================================== > --- etc/rc.d/routing (revision 195133) > +++ etc/rc.d/routing (working copy) > @@ -21,17 +21,75 @@ > > routing_start() > { > - static_start > - options_start > + static_start $* > + options_start $* > } Nitpick: use "$@" to preserve the parameters exactly. $* performs word splitting and filename generation on each parameter. (This does not really matter because rc.subr currently breaks it and the called functions don't care.) -- Jilles Tjoelker From owner-freebsd-rc@FreeBSD.ORG Wed Jul 1 19:35:16 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1D331065670 for ; Wed, 1 Jul 2009 19:35:16 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.allbsd.org (unknown [IPv6:2001:2f0:104:e002::2]) by mx1.freebsd.org (Postfix) with ESMTP id 07DB78FC18 for ; Wed, 1 Jul 2009 19:35:15 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from delta.allbsd.org (p3185-ipbf514funabasi.chiba.ocn.ne.jp [123.225.96.185]) (authenticated bits=128) by mail.allbsd.org (8.14.3/8.14.3) with ESMTP id n61JZ1fc078579; Thu, 2 Jul 2009 04:35:12 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (alph.allbsd.org [192.168.0.10]) (authenticated bits=0) by delta.allbsd.org (8.13.4/8.13.4) with ESMTP id n61JYqE8016340; Thu, 2 Jul 2009 04:34:55 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Thu, 02 Jul 2009 04:34:47 +0900 (JST) Message-Id: <20090702.043447.219085264.hrs@allbsd.org> To: jilles@stack.nl From: Hiroki Sato In-Reply-To: <20090630224110.GA33900@stack.nl> References: <20090628.194342.254155418.hrs@allbsd.org> <20090630224110.GA33900@stack.nl> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.2.51 on Emacs 22.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart0(Thu_Jul__2_04_34_47_2009_344)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.93.3, clamav-milter version 0.93.3 on gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (mail.allbsd.org [133.31.130.32]); Thu, 02 Jul 2009 04:35:14 +0900 (JST) Cc: freebsd-rc@FreeBSD.org Subject: Re: RFC: integrate network_ipv6 to netif and tidy up several rc.d scripts X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2009 19:35:17 -0000 ----Security_Multipart0(Thu_Jul__2_04_34_47_2009_344)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Thu_Jul__2_04_34_47_2009_516)--" Content-Transfer-Encoding: 7bit ----Next_Part(Thu_Jul__2_04_34_47_2009_516)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, Thank you very much for your review. A revised one is attached. rc_20090701.diff is the complete diff, and the others are diff from the previous patches. Replies to your comments are in-line below. If you noticed other issues, please let me know. Thank you. Jilles Tjoelker wrote in <20090630224110.GA33900@stack.nl>: ji> > + if ipv6if $1; then ji> > + if checkyesno ipv6_gateway_enable ]; then ji> ji> What's this ']'? Just a typo. Removed. ji> > + case $2 in ji> > + "") _af= ;; ji> > + *) _af=_$2 ;; ji> > + esac ji> > + ji> ji> This can be done more simply: _af=${2:+_$2} Fixed, thanks. ji> Here and elsewhere, consider using 'local' (even though it's not POSIX, ji> it is already used and rather useful) or not copying the parameter into ji> a variable at all. Otherwise strange bugs may occur due to variables ji> being corrupted by seemingly innocuous function calls. Added local wherever possible. ji> The redirection should be > /dev/null 2>&1 to avoid an error message if ji> the address family is not enabled. ji> There should be a default case which possibly prints an error message ji> and returns 1. True. Fixed. ji> > - for v6if in ${ipv6_network_interfaces}; do ji> > - if [ "${v6if}" = "${1}" ]; then ji> > + for i in ${ipv6_network_interfaces}; do ji> > + if [ "$i" = "$_if" ]; then ji> ji> Unnecessary change which might cause trouble because i is not local. A local is added here, too. ji> > + esac ji> > done ji> > return $_ret ji> > } ji> ji> It looks like this will stop processing the aliases as soon as it finds ji> an inet6 one. ifalias_ipv6_up, ifalias_ipv4_down and ifalias_ipv6_down ji> seem similarly affected. Yes, this part had a bug. Fixed. ji> > + return $_ret ji> > +} ji> ji> The warning message is wrong in the sense that ifconfig_$1_alias${alias} ji> will not work if there are also IPv4 aliases. You could count the number ji> of IPv4 aliases and add that in, but it may be more appropriate to print ji> a single warning message. Certainly. Fixed. ji> > + hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` ji> ji> Faster: ji> hostid=${laddr#fe80::} ji> hostid=${hostid%\%*} Fixed, thanks for the suggestion. ji> The _prefix variable is unnecessary complication. Just ji> _list="${_list} ${_if}" will do. Word splitting in echo $_list will drop ji> the initial space. If word splitting weren't acceptable, ji> echo "${_list# }" would remove it as well; this could simplify the auto ji> case above. $prefix is removed. ji> > Index: etc/rc.d/sysctl ji> > =================================================================== ji> > --- etc/rc.d/sysctl (revision 195133) ji> > +++ etc/rc.d/sysctl (working copy) ji> > @@ -5,7 +5,7 @@ ji> > ji> > # PROVIDE: sysctl ji> > # REQUIRE: root ji> > -# BEFORE: DAEMON ji> > +# BEFORE: FILESYSTEMS ji> ji> > . /etc/rc.subr ji> ji> I think these two changes need separate consideration. Moving sysctl to earlier stage is necessary because there are a lot of scripts which modify sysctl variables between FILESYSTEMS and NETWORKING and making sure it runs before them. I think there is no bad side-effect by this. ji> > [...] ji> > delay=`expr $delay - 1` ji> ji> delay=$((delay - 1)) Fixed. ji> Hmm, any reason you're removing gif[0-9]* here? I do not think disabling accept_rtadv of gifN is reasonable. RA may be useless for point-to-point interface but can be sent via tunnel interface. Anyway, ND6_IFF_ACCEPT_RTADV is now disabled by default, so it should be safe. ji> > + static_start $* ji> > + options_start $* ji> > } ji> ji> Nitpick: use "$@" to preserve the parameters exactly. $* performs word ji> splitting and filename generation on each parameter. (This does not ji> really matter because rc.subr currently breaks it and the called ji> functions don't care.) Okay, fixed. -- Hiroki ----Next_Part(Thu_Jul__2_04_34_47_2009_516)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rc_20090701.diff" Index: network.subr =================================================================== --- network.subr (revision 195252) +++ network.subr (working copy) @@ -31,8 +31,8 @@ # # ifn_start ifn -# Bring up and configure an interface. If some configuration is applied -# print the interface configuration. +# Bring up and configure an interface. If some configuration is +# applied print the interface configuration. # ifn_start() { @@ -40,20 +40,21 @@ ifn="$1" cfg=1 - [ -z "$ifn" ] && err 1 "ifn_start called without an interface" + ifexists "$ifn" || err 1 "ifn_start called without an interface" ifscript_up ${ifn} && cfg=0 ifconfig_up ${ifn} && cfg=0 ipv4_up ${ifn} && cfg=0 + ipv6_up ${ifn} && cfg=0 ipx_up ${ifn} && cfg=0 - childif_create ${ifn} + childif_create ${ifn} && cfg=0 return $cfg } -# ifn_start ifn -# Shutdown and de-configure an interface. If action is taken print the -# interface name. +# ifn_stop ifn +# Shutdown and de-configure an interface. If action is taken +# print the interface name. # ifn_stop() { @@ -61,13 +62,14 @@ ifn="$1" cfg=1 - [ -z "$ifn" ] && return 1 + ifexists "$ifn" || err 1 "ifn_stop called without an interface" ipx_down ${ifn} && cfg=0 + ipv6_down ${ifn} && cfg=0 ipv4_down ${ifn} && cfg=0 ifconfig_down ${ifn} && cfg=0 ifscript_down ${ifn} && cfg=0 - childif_destroy ${ifn} + childif_destroy ${ifn} && cfg=0 return $cfg } @@ -81,15 +83,51 @@ # ifconfig_up() { + local _cfg _ipv6_opts ifconfig_args _cfg=1 + # ifconfig_IF ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then ifconfig $1 ${ifconfig_args} - ifconfig $1 up _cfg=0 fi + # inet6 specific + if afexists ipv6; then + if ipv6if $1; then + if checkyesno ipv6_gateway_enable; then + _ipv6_opts="-accept_rtadv auto_linklocal" + else + _ipv6_opts="auto_linklocal" + fi + else + _ipv6_opts="-auto_linklocal" + fi + + ifconfig $1 inet6 ${_ipv6_opts} + + # ifconfig_ipv6_IF + ifconfig_args=`ifconfig_getargs $1 ipv6` + if [ -n "${ifconfig_args}" ]; then + ifconfig $1 ${ifconfig_args} + _cfg=0 + fi + + # backward compatiblity: $ipv6_ifconfig_IF + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` + if [ -n "${ifconfig_args}" ]; then + warn "\$ipv6_ifconfig_$1 is obsolete." \ + " Use ifconfig_$1_ipv6 instead." + ifconfig $1 inet6 ${ifconfig_args} + _cfg=0 + fi + fi + + if [ ${_cfg} -eq 0 ]; then + ifconfig $1 up + fi + if wpaif $1; then /etc/rc.d/wpa_supplicant start $1 _cfg=0 # XXX: not sure this should count @@ -114,7 +152,7 @@ # ifconfig_down() { - [ -z "$1" ] && return 1 + local _cfg _cfg=1 if wpaif $1; then @@ -136,13 +174,15 @@ } # get_if_var if var [default] -# Return the value of the pseudo-hash corresponding to $if where -# $var is a string containg the sub-string "IF" which will be -# replaced with $if after the characters defined in _punct are -# replaced with '_'. If the variable is unset, replace it with -# $default if given. +# Return the value of the pseudo-hash corresponding to $if where +# $var is a string containg the sub-string "IF" which will be +# replaced with $if after the characters defined in _punct are +# replaced with '_'. If the variable is unset, replace it with +# $default if given. get_if_var() { + local _if _punct _var _default prefix suffix + if [ $# -ne 2 -a $# -ne 3 ]; then err 3 'USAGE: get_if_var name var [default]' fi @@ -160,26 +200,30 @@ eval echo \${${prefix}${_if}${suffix}-${_default}} } -# _ifconfig_getargs if +# _ifconfig_getargs if [af] # Echos the arguments for the supplied interface to stdout. # returns 1 if empty. In general, ifconfig_getargs should be used # outside this file. _ifconfig_getargs() { + local _ifn _af _ifn=$1 + _af=${2+_$2} + if [ -z "$_ifn" ]; then return 1 fi - get_if_var $_ifn ifconfig_IF "$ifconfig_DEFAULT" + get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" } -# ifconfig_getargs if +# ifconfig_getargs if [af] # Takes the result from _ifconfig_getargs and removes pseudo # args such as DHCP and WPA. ifconfig_getargs() { - _tmpargs=`_ifconfig_getargs $1` + local _tmpargs _arg _args + _tmpargs=`_ifconfig_getargs $1 $2` if [ $? -eq 1 ]; then return 1 fi @@ -206,7 +250,9 @@ # boot time and 1 otherwise. autoif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Aa][Uu][Tt][Oo]) @@ -214,6 +260,7 @@ ;; esac done + return 0 } @@ -221,7 +268,9 @@ # Returns 0 if the interface is a DHCP interface and 1 otherwise. dhcpif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Dd][Hh][Cc][Pp]) @@ -235,6 +284,7 @@ ;; esac done + return 1 } @@ -243,7 +293,9 @@ # 1 otherwise. syncdhcpif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) @@ -254,18 +306,18 @@ ;; esac done - if checkyesno synchronous_dhclient; then - return 0 - else - return 1 - fi + + # if no NOSYNCDHCP and SYNCDHCP + checkyesno synchronous_dhclient } # wpaif if # Returns 0 if the interface is a WPA interface and 1 otherwise. wpaif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Ww][Pp][Aa]) @@ -273,17 +325,77 @@ ;; esac done + return 1 } +# afexists af +# Returns 0 if the address family is enabled in the kernel +# 1 otherwise. +afexists() +{ + local _af + _af=$1 + + case ${_af} in + inet|ipv4|ip|ip4) + ${SYSCTL_N} net.inet > /dev/null 2>&1 + ;; + inet6|ipv6|ip6) + ${SYSCTL_N} net.inet6 > /dev/null 2>&1 + ;; + *) + warn "afexists(): Unsupported address family: $_af" + return 1 + ;; + esac +} + +# noafif if +# Returns 0 if the interface has no af configuration and 1 otherwise. +noafif() +{ + local _if + _if=$1 + + case $_if in + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) + return 0 + ;; + esac + + return 1 +} + # ipv6if if # Returns 0 if the interface should be configured for IPv6 and # 1 otherwise. ipv6if() { - if ! checkyesno ipv6_enable; then + local _if i + _if=$1 + + if ! afexists ipv6; then return 1 fi + + # lo0 is always IPv6-enabled + case $_if in + lo[0-9]*) + return 0 + ;; + esac + case "${ipv6_network_interfaces}" in [Aa][Uu][Tt][Oo]) return 0 @@ -292,40 +404,110 @@ return 1 ;; esac - for v6if in ${ipv6_network_interfaces}; do - if [ "${v6if}" = "${1}" ]; then + + for i in ${ipv6_network_interfaces}; do + if [ "$i" = "$_if" ]; then return 0 fi done + return 1 } +# ipv6_autoconfif if +# Returns 0 if the interface should be configured for IPv6 with +# Stateless Address Configuration, 1 otherwise. +ipv6_autoconfif() +{ + local _if _tmpargs _arg + _if=$1 + + if ! ipv6if $_if; then + return 1 + fi + if noafif $_if; then + return 1 + fi + if checkyesno ipv6_gateway_enable; then + return 1 + fi + + case $_if in + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*) + return 1 + ;; + esac + + _tmpargs=`_ifconfig_getargs $_if ipv6` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + + return 1 +} + # ifexists if # Returns 0 if the interface exists and 1 otherwise. ifexists() { + [ -z "$1" ] && return 1 ifconfig -n $1 > /dev/null 2>&1 } # ipv4_up if -# add IPv4 addresses to the interface $if +# add IPv4 addresses to the interface $if ipv4_up() { + local _if _ret _if=$1 - ifalias_up ${_if} - ipv4_addrs_common ${_if} alias + _ret=1 + + ifalias_up ${_if} inet && _ret=0 + ipv4_addrs_common ${_if} alias && _ret=0 + + return $_ret } +# ipv6_up if +# add IPv6 addresses to the interface $if +ipv6_up() +{ + local _if _ret + _if=$1 + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ifalias_up ${_if} inet6 && _ret=0 + ipv6_prefix_hostid_addr_up ${_if} && _ret=0 + ipv6_accept_rtadv_up ${_if} && _ret=0 + + # wait for DAD + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + sleep 1 + + return $_ret +} + # ipv4_down if -# remove IPv4 addresses from the interface $if +# remove IPv4 addresses from the interface $if ipv4_down() { + local _if _ifs _ret inetList oldifs _inet _if=$1 _ifs="^" _ret=1 - ifexists ${_if} || return 1 - inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" oldifs="$IFS" @@ -343,17 +525,55 @@ done IFS="$oldifs" - ifalias_down ${_if} && _ret=0 + ifalias_down ${_if} inet && _ret=0 ipv4_addrs_common ${_if} -alias && _ret=0 return $_ret } +# ipv6_down if +# remove IPv6 addresses from the interface $if +ipv6_down() +{ + local _if _ifs _ret inetList oldifs _inet6 + _if=$1 + _ifs="^" + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ipv6_accept_rtadv_down ${_if} && _ret=0 + ifalias_down ${_if} inet6 && _ret=0 + + inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" + + oldifs="$IFS" + IFS="$_ifs" + for _inet6 in $inetList ; do + # get rid of extraneous line + [ -z "$_inet6" ] && break + + _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` + + IFS="$oldifs" + ifconfig ${_if} ${_inet6} -alias + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + return $_ret +} + # ipv4_addrs_common if action -# Evaluate the ifconfig_if_ipv4 arguments for interface $if -# and use $action to add or remove IPv4 addresses from $if. +# Evaluate the ifconfig_if_ipv4 arguments for interface $if and +# use $action to add or remove IPv4 addresses from $if. ipv4_addrs_common() -{ +{ + local _ret _if _action _cidr _cidr_addr + local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount _ret=1 _if=$1 _action=$2 @@ -386,53 +606,239 @@ fi done done + return $_ret } -# ifalias_up if +# ifalias_up if af # Configure aliases for network interface $if. # It returns 0 if at least one alias was configured or # 1 if there were none. # ifalias_up() { + local _ret _ret=1 + + case "$2" in + inet|ipv4|ip4) + _ret=`ifalias_ipv4_up "$1"` + ;; + inet6|ipv6|ip6) + _ret=`ifalias_ipv6_up "$1"` + ;; + esac + + return $_ret +} + +# ifalias_ipv4_up if +# Helper function for ifalias_up(). Handles IPv4. +# +ifalias_ipv4_up() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then - ifconfig $1 ${ifconfig_args} alias - alias=$((${alias} + 1)) - _ret=0 - else + case "${ifconfig_args}" in + inet\ *) + ifconfig $1 ${ifconfig_args} alias && _ret=0 + ;; + "") break - fi + ;; + esac + alias=$((${alias} + 1)) done + return $_ret } -#ifalias_down if +# ifalias_ipv6_up if +# Helper function for ifalias_up(). Handles IPv6. +# +ifalias_ipv6_up() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet6" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0 + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." + " Use ifconfig_$1_aliasN instead." + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +# ifalias_down if af # Remove aliases for network interface $if. # It returns 0 if at least one alias was removed or # 1 if there were none. # ifalias_down() { + local _ret _ret=1 + + case "$2" in + inet|ipv4|ip4) + _ret=`ifalias_ipv4_down "$1"` + ;; + inet6|ipv6|ip6) + _ret=`ifalias_ipv6_down "$1"` + ;; + esac + + return $_ret +} + +#ifalias_ipv4_down if +# Helper function for ifalias_down(). Handles IPv4. +# +ifalias_ipv4_down() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then - ifconfig $1 ${ifconfig_args} -alias + case "${ifconfig_args}" in + inet\ *) + ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +#ifalias_ipv6_down if +# Helper function for ifalias_down(). Handles IPv6. +# +ifalias_ipv6_down() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet6" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} -alias alias=$((${alias} + 1)) + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." + " Use ifconfig_$1_aliasN instead." _ret=0 - else - break - fi + ;; + esac done + return $_ret } +# ipv6_prefix_hostid_addr_up if +# add IPv6 prefix + hostid addr to the interface $if +ipv6_prefix_hostid_addr_up() +{ + local _if prefix laddr hostid j address + _if=$1 + prefix=`get_if_var ${_if} ipv6_prefix_IF` + + if [ -n "${prefix}" ]; then + laddr=`network6_getladdr ${_if}` + hostid=${laddr#fe80::} + hostid=${hostid%\%*} + + for j in ${prefix}; do + address=$j\:${hostid} + ifconfig ${_if} inet6 ${address} prefixlen 64 alias + + # if I am a router, add subnet router + # anycast address (RFC 2373). + if checkyesno ipv6_gateway_enable; then + ifconfig ${_if} inet6 $j:: prefixlen 64 \ + alias anycast + fi + done + fi +} + +# ipv6_accept_rtadv_up if +# Enable accepting Router Advertisement and send Router +# Solicitation message +ipv6_accept_rtadv_up() +{ + if ipv6_autoconfif $1; then + ifconfig $1 inet6 accept_rtadv up + rtsol ${rtsol_flags} $1 + fi +} + +# ipv6_accept_rtadv_down if +# Disable accepting Router Advertisement +ipv6_accept_rtadv_down() +{ + if ipv6_autoconfif $1; then + ifconfig $1 inet6 -accept_rtadv + fi +} + # ifscript_up if # Evaluate a startup script for the $if interface. # It returns 0 if a script was found and processed or @@ -443,8 +849,9 @@ if [ -r /etc/start_if.$1 ]; then . /etc/start_if.$1 return 0 + else + return 1 fi - return 1 } # ifscript_down if @@ -457,16 +864,21 @@ if [ -r /etc/stop_if.$1 ]; then . /etc/stop_if.$1 return 0 + else + return 1 fi - return 1 } -# Create cloneable interfaces. +# clone_up +# Create cloneable interfaces. # clone_up() { + local _prefix _list ifn _prefix= _list= + + # create_args_IF for ifn in ${cloned_interfaces}; do ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF` if [ $? -eq 0 ]; then @@ -477,13 +889,16 @@ debug "Cloned: ${_list}" } -# Destroy cloned interfaces. Destroyed interfaces are echoed -# to standard output. +# clone_down +# Destroy cloned interfaces. Destroyed interfaces are echoed to +# standard output. # clone_down() { + local _prefix _list ifn _prefix= _list= + for ifn in ${cloned_interfaces}; do ifconfig ${ifn} destroy if [ $? -eq 0 ]; then @@ -494,14 +909,14 @@ debug "Destroyed clones: ${_list}" } -# Create and configure child interfaces. -# Return 0 if child interfaces are created. +# childif_create +# Create and configure child interfaces. Return 0 if child +# interfaces are created. # childif_create() { local cfg child child_wlans create_args debug_flags ifn i cfg=1 - ifn=$1 # Create wireless interfaces @@ -531,28 +946,40 @@ return ${cfg} } -# Destroy child interfaces. +# childif_destroy +# Destroy child interfaces. # childif_destroy() { local cfg child child_wlans ifn + cfg=1 child_wlans="`get_if_var $ifn wlans_IF` `get_if_var $ifn vaps_IF`" for child in ${child_wlans}; do ifconfig $child destroy && cfg=0 done + + return ${cfg} } -# Create netgraph nodes. +# ng_mkpeer +# Create netgraph nodes. # -ng_mkpeer() { +ng_mkpeer() +{ ngctl -f - 2> /dev/null </dev/null`; do case $line in *interface:*) defif=${line##*: } @@ -783,6 +1238,8 @@ echo $defif } +# hexdigit arg +# Echo decimal number $arg (single digit) in hexadecimal format. hexdigit() { if [ $1 -lt 10 ]; then @@ -799,14 +1256,17 @@ fi } +# hexprint arg +# Echo decimal number $arg (multiple digits) in hexadecimal format. hexprint() { + local val str dig val=$1 str='' - dig=`hexdigit $((${val} & 15))` str=${dig}${str} val=$((${val} >> 4)) + while [ ${val} -gt 0 ]; do dig=`hexdigit $((${val} & 15))` str=${dig}${str} @@ -816,250 +1276,13 @@ echo ${str} } -# Setup the interfaces for IPv6 -network6_interface_setup() +# network6_getladdr if [flag] +# Echo link-local address from $if if any. +# If flag is defined, tentative ones will be excluded. +network6_getladdr() { - interfaces=$* - rtsol_interfaces='' - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - rtsol_available=no - ;; - *) - rtsol_available=yes - ;; - esac - for i in $interfaces; do - rtsol_interface=yes - prefix=`get_if_var $i ipv6_prefix_IF` - if [ -n "${prefix}" ]; then - rtsol_available=no - rtsol_interface=no - laddr=`network6_getladdr $i` - hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` - for j in ${prefix}; do - address=$j\:${hostid} - ifconfig $i inet6 ${address} prefixlen 64 alias + local proto addr rest - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - # subnet-router anycast address - # (rfc2373) - ifconfig $i inet6 $j:: prefixlen 64 \ - alias anycast - ;; - esac - done - fi - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF` - if [ -n "${ipv6_ifconfig}" ]; then - rtsol_available=no - rtsol_interface=no - ifconfig $i inet6 ${ipv6_ifconfig} alias - fi - - if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ] - then - case ${i} in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*|pflog[0-9]*|pfsync[0-9]*) - ;; - # Wireless NIC cards are virtualized through the wlan interface - an[0-9]*|ath[0-9]*|ipw[0-9]*|iwi[0-9]*|iwn[0-9]*|ral[0-9]*|wi[0-9]*|wl[0-9]*|wpi[0-9]*) - ;; - *) - rtsol_interfaces="${rtsol_interfaces} ${i}" - ;; - esac - else - ifconfig $i inet6 - fi - done - - if [ ${rtsol_available} = yes -a -n "${rtsol_interfaces}" ]; then - # Act as endhost - automatically configured. - # You can configure only single interface, as - # specification assumes that autoconfigured host has - # single interface only. - sysctl net.inet6.ip6.accept_rtadv=1 - set ${rtsol_interfaces} - ifconfig $1 up - rtsol ${rtsol_flags} $1 - fi - - for i in $interfaces; do - alias=0 - while : ; do - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF_alias${alias}` - if [ -z "${ipv6_ifconfig}" ]; then - break; - fi - ifconfig $i inet6 ${ipv6_ifconfig} alias - alias=$((${alias} + 1)) - done - done -} - -# Setup IPv6 to IPv4 mapping -network6_stf_setup() -{ - case ${stf_interface_ipv4addr} in - [Nn][Oo] | '') - ;; - *) - # assign IPv6 addr and interface route for 6to4 interface - stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) - OIFS="$IFS" - IFS=".$IFS" - set ${stf_interface_ipv4addr} - IFS="$OIFS" - hexfrag1=`hexprint $(($1*256 + $2))` - hexfrag2=`hexprint $(($3*256 + $4))` - ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" - case ${stf_interface_ipv6_ifid} in - [Aa][Uu][Tt][Oo] | '') - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr ${i}` - case ${laddr} in - '') - ;; - *) - break - ;; - esac - done - stf_interface_ipv6_ifid=`expr "${laddr}" : \ - 'fe80::\(.*\)%\(.*\)'` - case ${stf_interface_ipv6_ifid} in - '') - stf_interface_ipv6_ifid=0:0:0:1 - ;; - esac - ;; - esac - ifconfig stf0 create >/dev/null 2>&1 - ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ - prefixlen ${stf_prefixlen} - # disallow packets to malicious 6to4 prefix - route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject - route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject - route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject - route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject - ;; - esac -} - -# Setup static routes -network6_static_routes_setup() -{ - # Set up any static routes. - case ${ipv6_defaultrouter} in - [Nn][Oo] | '') - ;; - *) - ipv6_static_routes="default ${ipv6_static_routes}" - ipv6_route_default="default ${ipv6_defaultrouter}" - ;; - esac - case ${ipv6_static_routes} in - [Nn][Oo] | '') - ;; - *) - for i in ${ipv6_static_routes}; do - ipv6_route_args=`get_if_var $i ipv6_route_IF` - route add -inet6 ${ipv6_route_args} - done - ;; - esac -} - -# Setup faith -network6_faith_setup() -{ - case ${ipv6_faith_prefix} in - [Nn][Oo] | '') - ;; - *) - sysctl net.inet6.ip6.keepfaith=1 - ifconfig faith0 create >/dev/null 2>&1 - ifconfig faith0 up - for prefix in ${ipv6_faith_prefix}; do - prefixlen=`expr "${prefix}" : ".*/\(.*\)"` - case ${prefixlen} in - '') - prefixlen=96 - ;; - *) - prefix=`expr "${prefix}" : \ - "\(.*\)/${prefixlen}"` - ;; - esac - route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 - route change -inet6 ${prefix} -prefixlen ${prefixlen} \ - -ifp faith0 - done - ;; - esac -} - -# Install the "default interface" to kernel, which will be used -# as the default route when there's no router. -network6_default_interface_setup() -{ - # Choose IPv6 default interface if it is not clearly specified. - case ${ipv6_default_interface} in - '') - for i in ${ipv6_network_interfaces}; do - case $i in - lo0|faith[0-9]*) - continue - ;; - esac - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_default_interface=$i - break - ;; - esac - done - ;; - esac - - # Disallow unicast packets without outgoing scope identifiers, - # or route such packets to a "default" interface, if it is specified. - route add -inet6 fe80:: -prefixlen 10 ::1 -reject - case ${ipv6_default_interface} in - [Nn][Oo] | '') - route add -inet6 ff02:: -prefixlen 16 ::1 -reject - ;; - *) - laddr=`network6_getladdr ${ipv6_default_interface}` - route add -inet6 ff02:: ${laddr} -prefixlen 16 -interface \ - -cloning - - # Disable installing the default interface with the - # case net.inet6.ip6.forwarding=0 and - # net.inet6.ip6.accept_rtadv=0, due to avoid conflict - # between the default router list and the manual - # configured default route. - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - ;; - *) - if [ `sysctl -n net.inet6.ip6.accept_rtadv` -eq 1 ] - then - ndp -I ${ipv6_default_interface} - fi - ;; - esac - ;; - esac -} - -network6_getladdr() -{ ifconfig $1 2>/dev/null | while read proto addr rest; do case ${proto} in inet6) Index: rc.d/NETWORKING =================================================================== --- rc.d/NETWORKING (revision 195153) +++ rc.d/NETWORKING (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: NETWORKING NETWORK -# REQUIRE: netif netoptions routing network_ipv6 ppp ipfw +# REQUIRE: netif netoptions routing ppp ipfw stf faith # REQUIRE: defaultroute routed mrouted route6d mroute6d resolv # This is a dummy dependency, for services which require networking Index: rc.d/network_ipv6 =================================================================== --- rc.d/network_ipv6 (revision 195153) +++ rc.d/network_ipv6 (working copy) @@ -1,126 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2000 The KAME Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# From: src/etc/rc.network6,v 1.29 2002/04/06 15:15:43 -# - -# PROVIDE: network_ipv6 -# REQUIRE: routing ip6fw -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="network_ipv6" -rcvar=`set_rcvar ipv6` -start_cmd="network_ipv6_start" - -network_ipv6_start() -{ - # disallow "internal" addresses to appear on the wire - route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject - route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject - - case ${ipv6_network_interfaces} in - [Aa][Uu][Tt][Oo]) - # Get a list of network interfaces - ipv6_network_interfaces="`ifconfig -l`" - ;; - [Nn][Oo][Nn][Ee]) - ipv6_network_interfaces='' - ;; - esac - - if checkyesno ipv6_gateway_enable; then - # act as a router - ${SYSCTL_W} net.inet6.ip6.forwarding=1 - ${SYSCTL_W} net.inet6.ip6.accept_rtadv=0 - - # wait for DAD - for i in $ipv6_network_interfaces; do - ifconfig $i up - done - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - else - # act as endhost - start with manual configuration - # Setup of net.inet6.ip6.accept_rtadv is done later by - # network6_interface_setup. - ${SYSCTL_W} net.inet6.ip6.forwarding=0 - fi - - if [ -n "${ipv6_network_interfaces}" ]; then - # Setup the interfaces - network6_interface_setup $ipv6_network_interfaces - - # wait for DAD's completion (for global addrs) - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - fi - - # Filter out interfaces on which IPv6 initialization failed. - if checkyesno ipv6_gateway_enable; then - ipv6_working_interfaces="" - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_working_interfaces="$i \ - ${ipv6_working_interfaces}" - ;; - esac - done - ipv6_network_interfaces=${ipv6_working_interfaces} - fi - - # Setup IPv6 to IPv4 mapping - network6_stf_setup - - # Install the "default interface" to kernel, which will be used - # as the default route when there's no router. - network6_default_interface_setup - - # Setup static routes - network6_static_routes_setup - - # Setup faith - network6_faith_setup - - # Support for IPv4 address tacked onto an IPv6 address - if checkyesno ipv6_ipv4mapping; then - echo 'IPv4 mapped IPv6 address support=YES' - ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null - else - echo 'IPv4 mapped IPv6 address support=NO' - ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null - fi -} - -load_rc_config $name -run_rc_command "$1" Index: rc.d/devd =================================================================== --- rc.d/devd (revision 195153) +++ rc.d/devd (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: devd -# REQUIRE: netif network_ipv6 +# REQUIRE: netif # BEFORE: NETWORKING mountcritremote # KEYWORD: nojail shutdown Index: rc.d/addswap =================================================================== --- rc.d/addswap (revision 195153) +++ rc.d/addswap (working copy) @@ -7,7 +7,6 @@ # PROVIDE: addswap # REQUIRE: FILESYSTEMS -# BEFORE: sysctl # KEYWORD: nojail . /etc/rc.subr Index: rc.d/faith =================================================================== --- rc.d/faith (revision 0) +++ rc.d/faith (revision 0) @@ -0,0 +1,77 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: faith +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="faith" +start_cmd="faith_up" +stop_cmd="faith_down" + +faith_up() +{ + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + echo "Configuring IPv6-to-IPv4 TCP relay capturing interface:" \ + " faith0." + ${SYSCTL_W} net.inet6.ip6.keepfaith=1 + ifconfig faith0 create >/dev/null 2>&1 + ifconfig faith0 up + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 + route change -inet6 ${prefix} -prefixlen ${prefixlen} \ + -ifp faith0 + done + if [ -z "${rc_quiet}" ]; then + ifconfig faith0 + fi + ;; + esac +} + +faith_down() +{ + echo "Removing IPv6-to-IPv4 TCP relay capturing interface: faith0." + ifconfig faith0 destroy + ${SYSCTL_W} net.inet6.ip6.keepfaith=0 + + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route delete -inet6 ${prefix} -prefixlen ${prefixlen} + done + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" Property changes on: rc.d/faith ___________________________________________________________________ Added: svn:executable + * Index: rc.d/sysctl =================================================================== --- rc.d/sysctl (revision 195153) +++ rc.d/sysctl (working copy) @@ -5,7 +5,7 @@ # PROVIDE: sysctl # REQUIRE: root -# BEFORE: DAEMON +# BEFORE: FILESYSTEMS . /etc/rc.subr Index: rc.d/mroute6d =================================================================== --- rc.d/mroute6d (revision 195153) +++ rc.d/mroute6d (working copy) @@ -4,7 +4,8 @@ # # PROVIDE: mroute6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing +# BEFORE: NETWORKING # KEYWORD: nojail . /etc/rc.subr Index: rc.d/ip6addrctl =================================================================== --- rc.d/ip6addrctl (revision 195153) +++ rc.d/ip6addrctl (working copy) @@ -4,8 +4,8 @@ # # PROVIDE: ip6addrctl -# REQUIRE: FILESYSTEMS netif -# BEFORE: network_ipv6 +# REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr @@ -52,7 +52,7 @@ ip6addrctl install /etc/ip6addrctl.conf checkyesno ip6addrctl_verbose && ip6addrctl else - if checkyesno ipv6_enable; then + if checkyesno ipv6_prefer; then ip6addrctl_prefer_ipv6 else ip6addrctl_prefer_ipv4 Index: rc.d/stf =================================================================== --- rc.d/stf (revision 0) +++ rc.d/stf (revision 0) @@ -0,0 +1,79 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: stf +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="stf" +start_cmd="stf_up" +stop_cmd="stf_down" + +stf_up() +{ + case ${stf_interface_ipv4addr} in + [Nn][Oo] | '') + ;; + *) + # assign IPv6 addr and interface route for 6to4 interface + stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) + OIFS="$IFS" + IFS=".$IFS" + set ${stf_interface_ipv4addr} + IFS="$OIFS" + hexfrag1=`hexprint $(($1*256 + $2))` + hexfrag2=`hexprint $(($3*256 + $4))` + ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" + case ${stf_interface_ipv6_ifid} in + [Aa][Uu][Tt][Oo] | '') + for i in ${ipv6_network_interfaces}; do + laddr=`network6_getladdr ${i}` + case ${laddr} in + '') + ;; + *) + break + ;; + esac + done + stf_interface_ipv6_ifid=`expr "${laddr}" : \ + 'fe80::\(.*\)%\(.*\)'` + case ${stf_interface_ipv6_ifid} in + '') + stf_interface_ipv6_ifid=0:0:0:1 + ;; + esac + ;; + esac + echo "Configuring 6to4 tunnel interface: stf0." + ifconfig stf0 create >/dev/null 2>&1 + ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ + prefixlen ${stf_prefixlen} + if [ -z "${rc_quiet}" ]; then + /sbin/ifconfig stf0 + fi + # disallow packets to malicious 6to4 prefix + route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject + route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject + route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject + route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject + ;; + esac +} + +stf_down() +{ + echo "Removing 6to4 tunnel interface: stf0." + ifconfig stf0 destroy + route delete -inet6 2002:e000:: -prefixlen 20 ::1 + route delete -inet6 2002:7f00:: -prefixlen 24 ::1 + route delete -inet6 2002:0000:: -prefixlen 24 ::1 + route delete -inet6 2002:ff00:: -prefixlen 24 ::1 +} + +load_rc_config $name +run_rc_command "$1" Property changes on: rc.d/stf ___________________________________________________________________ Added: svn:executable + * Index: rc.d/Makefile =================================================================== --- rc.d/Makefile (revision 195153) +++ rc.d/Makefile (working copy) @@ -4,13 +4,13 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ abi accounting addswap adjkerntz amd \ - apm apmd archdep atm1 atm2 atm3 auditd auto_linklocal \ + apm apmd archdep atm1 atm2 atm3 auditd \ bgfsck bluetooth bootparams bridge bsnmpd bthidd \ ccd cleanvar cleartmp cron \ ddb defaultroute devd devfs dhclient \ dmesg dumpon \ encswap \ - fsck ftp-proxy ftpd \ + faith fsck ftp-proxy ftpd \ gbde geli geli2 gssd \ hcsecd \ hostapd hostid hostname \ @@ -23,7 +23,7 @@ mixer motd mountcritlocal mountcritremote mountlate \ mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \ named natd netif netoptions \ - network_ipv6 newsyslog nfsclient nfscbd nfsd \ + newsyslog nfsclient nfscbd nfsd \ nfsserver nfsuserd nisdomain nsswitch ntpd ntpdate \ othermta \ pf pflog pfsync \ @@ -32,7 +32,7 @@ random rarpd resolv rfcomm_pppd_server root \ route6d routed routing rpcbind rtadvd rwho \ savecore sdpd securelevel sendmail \ - serial sppp statd swap1 \ + serial sppp statd stf swap1 \ syscons sysctl syslogd \ timed tmp \ ugidfw \ Index: rc.d/route6d =================================================================== --- rc.d/route6d (revision 195153) +++ rc.d/route6d (working copy) @@ -4,22 +4,35 @@ # # PROVIDE: route6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing # KEYWORD: nojail . /etc/rc.subr name="route6d" - -# XXX - Executable may be in a different location. The $name variable -# is different from the variable in rc.conf(5) so the -# subroutines in rc.subr won't catch it. In this case, it -# is also needed by the eval statement in the FreeBSD conditional. -# +rcvar=`set_rcvar` load_rc_config $name -rcvar="ipv6_router_enable" -command="${ipv6_router:-/usr/sbin/${name}}" -eval ${name}_flags=\"${ipv6_router_flags}\" +case ${ipv6_router_enable} in +"") ;; +*) + warn "\$ipv6_router_enable is obsolete. Use \$route6d_enable instead." + route6d_enable=$ipv6_router_enable + ;; +esac +case ${ipv6_router} in +"") ;; +*) + warn "\$ipv6_router is obsolete. Use \$route6d_program instead." + route6d_program=$ipv6_router + ;; +esac +case ${router_flags} in +"") ;; +*) + warn "\$ipv6_router_flags is obsolete. Use \$route6d_flags instead." + route6d_flags=$ipv6_router_flags + ;; +esac run_rc_command "$1" Index: rc.d/netoptions =================================================================== --- rc.d/netoptions (revision 195153) +++ rc.d/netoptions (working copy) @@ -5,10 +5,15 @@ # PROVIDE: netoptions # REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr +name="netoptions" +start_cmd="netoptions_start" +stop_cmd=: + _netoptions_initdone= netoptions_init() { @@ -18,75 +23,58 @@ fi } -load_rc_config 'XXX' +netoptions_start() +{ + if checkyesno log_in_vain; then + netoptions_init + echo -n " log_in_vain=${log_in_vain}" + ${SYSCTL_W} net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null + ${SYSCTL_W} net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null + fi -case ${log_in_vain} in -[Nn][Oo] | '') - log_in_vain=0 - ;; -[Yy][Ee][Ss]) - log_in_vain=1 - ;; -[0-9]*) - ;; -*) - netoptions_init - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; -esac + if checkyesno tcp_extensions; then + netoptions_init + echo -n ' rfc1323 extensions=NO' + ${SYSCTL_W} net.inet.tcp.rfc1323=0 >/dev/null + fi -if [ "${log_in_vain}" -ne 0 ]; then - netoptions_init - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null -fi + if ! checkyesno tcp_keepalive; then + netoptions_init + echo -n ' TCP keepalive=NO' + ${SYSCTL_W} net.inet.tcp.always_keepalive=0 >/dev/null + fi -case ${tcp_extensions} in -[Yy][Ee][Ss] | '') - ;; -*) - netoptions_init - echo -n ' tcp extensions=NO' - sysctl net.inet.tcp.rfc1323=0 >/dev/null - ;; -esac + if checkyesno tcp_drop_synfin; then + netoptions_init + echo -n ' drop SYN+FIN packets=YES' + ${SYSCTL_W} net.inet.tcp.drop_synfin=1 >/dev/null + fi -case ${tcp_keepalive} in -[Nn][Oo]) - netoptions_init - echo -n ' TCP keepalive=NO' - sysctl net.inet.tcp.always_keepalive=0 >/dev/null - ;; -esac + case ${ip_portrange_first} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_first=$ip_portrange_first" + ${SYSCTL_W} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null + ;; + esac -case ${tcp_drop_synfin} in -[Yy][Ee][Ss]) - netoptions_init - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null - ;; -esac + case ${ip_portrange_last} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_last=$ip_portrange_last" + ${SYSCTL_W} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null + ;; + esac -case ${ip_portrange_first} in -[Nn][Oo] | '') - ;; -*) - netoptions_init - echo -n " ip_portrange_first=$ip_portrange_first" - sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null - ;; -esac + if checkyesno ipv6_ipv4mapping; then + ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null + else + echo -n " no-ipv4-mapped-ipv6" + ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null + fi -case ${ip_portrange_last} in -[Nn][Oo] | '') - ;; -*) - netoptions_init - echo -n " ip_portrange_last=$ip_portrange_last" - sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null - ;; -esac + [ -n "${_netoptions_initdone}" ] && echo '.' +} -[ -n "${_netoptions_initdone}" ] && echo '.' +load_rc_config $name +run_rc_command $1 Index: rc.d/auto_linklocal =================================================================== --- rc.d/auto_linklocal (revision 195153) +++ rc.d/auto_linklocal (working copy) @@ -1,33 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: auto_linklocal -# REQUIRE: root -# BEFORE: sysctl -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="auto_linklocal" -start_cmd="auto_linklocal_start" -stop_cmd=":" - -auto_linklocal_start() -{ - if ! checkyesno ipv6_enable && ${SYSCTL} net.inet6 > /dev/null 2>&1; then - if ! ${SYSCTL_W} net.inet6.ip6.auto_linklocal=0 >/dev/null 2>&1; then - warn "failed to set sysctl(8)" - return 1 - fi - laddr=`network6_getladdr lo0` - if [ -z "${laddr}" ]; then - ifconfig lo0 inet6 fe80::1 prefixlen 64 - fi - fi -} - -load_rc_config $name -run_rc_command "$1" Index: rc.d/routed =================================================================== --- rc.d/routed (revision 195153) +++ rc.d/routed (working copy) @@ -10,13 +10,29 @@ . /etc/rc.subr name="routed" +rcvar=`set_rcvar` +load_rc_config $name -# XXX - Executable may be in a different location. The $name variable -# is different from the variable in rc.conf(5) so the -# subroutines in rc.subr won't catch it. -# -load_rc_config $name -rcvar="router_enable" -command="${router:-/sbin/${name}}" -eval ${name}_flags=\"${router_flags}\" +case ${router_enable} in +"") ;; +*) + warn "\$router_enable is obsolete. Use \$routed_enable instead." + routed_enable=$router_enable + ;; +esac +case ${router} in +"") ;; +*) + warn "\$router is obsolete. Use \$routed_program instead." + routed_program=$router + ;; +esac +case ${router_flags} in +"") ;; +*) + warn "\$router_flags is obsolete. Use \$routed_flags instead." + routed_flags=$router_flags + ;; +esac + run_rc_command "$1" Index: rc.d/defaultroute =================================================================== --- rc.d/defaultroute (revision 195153) +++ rc.d/defaultroute (working copy) @@ -6,7 +6,7 @@ # # PROVIDE: defaultroute -# REQUIRE: devd netif network_ipv6 +# REQUIRE: devd netif # KEYWORD: nojail . /etc/rc.subr @@ -18,7 +18,7 @@ defaultroute_start() { - local output carrier nocarrier + local output carrier nocarrier nl # Return without waiting if we don't have dhcp interfaces or # if none of the dhcp interfaces is plugged in. @@ -41,6 +41,7 @@ if [ -n "${defif}" ]; then if [ ${delay} -ne ${defaultroute_delay} ]; then echo -n "($defif)" + nl=1 fi break fi @@ -49,11 +50,12 @@ else echo -n . fi + nl=1 sleep 1 - delay=`expr $delay - 1` + delay=$(($delay - 1)) done - echo + [ -n "$nl" ] && echo } load_rc_config $name Index: rc.d/rtadvd =================================================================== --- rc.d/rtadvd (revision 195153) +++ rc.d/rtadvd (working copy) @@ -40,10 +40,25 @@ # get a list of interfaces and enable it on them # case ${rtadvd_interfaces} in - '') + [Aa][Uu][Tt][Oo]|'') for i in `ifconfig -l` ; do case $i in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*|\ + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) continue ;; *) Index: rc.d/routing =================================================================== --- rc.d/routing (revision 195153) +++ rc.d/routing (working copy) @@ -21,17 +21,79 @@ routing_start() { - static_start - options_start + static_start "$@" + options_start "$@" } routing_stop() { + static_stop "$@" route -n flush + for i in ${ipv6_network_interfaces}; do + ifconfig $i inet6 -defaultif + done } static_start() { + local _af + _af=$1 + + case ${_af} in + inet | ipv4 | ip4) + do_static ipv4 add + ;; + inet6 | ipv6 | ip6) + do_static ipv6 add + ;; + atm) + do_static atm add + ;; + *) + do_static ipv4 add + do_static ipv6 add + do_static atm add + ;; + esac +} + +static_stop() +{ + local _af + _af=$1 + + case ${_af} in + inet | ipv4 | ip4) + do_static ipv4 delete + ;; + inet6 | ipv6 | ip6) + do_static ipv6 delete + ;; + atm) + do_static atm delete + ;; + *) + do_static ipv4 delete + do_static ipv6 delete + do_static atm delete + ;; + esac +} + +do_static() +{ + local _af _action + _af=$1 + _action=$2 + + eval $1_static $2 +} + +ipv4_static() +{ + local _action + _action=$1 + case ${defaultrouter} in [Nn][Oo] | '') ;; @@ -41,20 +103,130 @@ ;; esac - # Setup static routes. This should be done before router discovery. - # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} + route_args=`get_if_var $i route_IF` + route ${_action} ${route_args} done fi - # Now ATM static routes - # +} + +ipv6_static() +{ + local _action i + _action=$1 + + # disallow "internal" addresses to appear on the wire + route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="default ${ipv6_static_routes}" + ipv6_route_default="default ${ipv6_defaultrouter}" + ;; + esac + + if [ -n "${ipv6_static_routes}" ]; then + for i in ${ipv6_static_routes}; do + ipv6_route_args=`get_if_var $i ipv6_route_IF` + route ${_action} -inet6 ${route_args} + done + fi + + # Fixup $ipv6_network_interfaces + case ${ipv6_network_interfaces} in + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; + esac + + if checkyesno ipv6_gateway_enable; then + for i in ${ipv6_network_interfaces}; do + + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_working_interfaces="$i \ + ${ipv6_working_interfaces}" + ;; + esac + done + ipv6_network_interfaces=${ipv6_working_interfaces} + fi + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + case "${ipv6_default_interface}" in + [Nn][Oo] | [Nn][Oo][Nn][Ee]) + ipv6_default_interface="" + ;; + [Aa][Uu][Tt][Oo] | "") + for i in ${ipv6_network_interfaces}; do + case $i in + lo0|faith[0-9]*) + continue + ;; + esac + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_default_interface=$i + break + ;; + esac + done + ;; + esac + + # Disallow unicast packets without outgoing scope identifiers, + # or route such packets to a "default" interface, if it is specified. + route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject + + case ${ipv6_default_interface} in + '') + route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject + ;; + *) + laddr=`network6_getladdr ${ipv6_default_interface}` + route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface + + # Disable installing the default interface with the + # case net.inet6.ip6.forwarding=0 and + # the interface with no ND6_IFF_ACCEPT_RTADV + # to avoid conflict between the default router list and + # the manual configured default route. + if ! checkyesno ipv6_gateway_enable; then + ifconfig ${ipv6_default_interface} nd6 | \ + while read proto options + do + case "${proto}:${options}" in + nd6:*ACCEPT_RTADV*) + ifconfig ${ipv6_default_interface} inet6 defaultif + break + ;; + esac + done + fi + ;; + esac +} + +atm_static() +{ + local _action i + _action=$1 + if [ -n "${natm_static_routes}" ]; then for i in ${natm_static_routes}; do - eval route_args=\$route_${i} - atmconfig natm add ${route_args} + route_args=`get_if_var $i route_IF` + atmconfig natm ${_action} ${route_args} done fi } @@ -70,72 +242,62 @@ options_start() { - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) + if checkyesno icmp_bmcastecho; then ropts_init echo -n ' broadcast ping responses=YES' sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac + fi - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_drop_redirect; then ropts_init echo -n ' ignore ICMP redirect=YES' sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac + fi - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_log_redirect; then ropts_init echo -n ' log ICMP redirect=YES' sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac + fi - case ${gateway_enable} in - [Yy][Ee][Ss]) + if checkyesno gateway_enable; then ropts_init - echo -n ' IP gateway=YES' + echo -n ' IPv4 gateway=YES' sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac + fi - case ${forward_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno ipv6_gateway_enable; then ropts_init + echo -n ' IPv6 gateway=YES' + sysctl net.inet6.ip6.forwarding=1 >/dev/null + fi + + if checkyesno forward_sourceroute; then + ropts_init echo -n ' do source routing=YES' sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac + fi - case ${accept_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno accept_sourceroute; then ropts_init echo -n ' accept source routing=YES' sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac + fi - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) + if checkyesno ipxgateway_enable; then ropts_init echo -n ' IPX gateway=YES' sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac + fi - case ${arpproxy_all} in - [Yy][Ee][Ss]) + if checkyesno arpproxy_all; then ropts_init echo -n ' ARP proxyall=YES' sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac + fi [ -n "${_ropts_initdone}" ] && echo '.' } load_rc_config $name -run_rc_command "$1" +run_rc_command "$@" Index: defaults/rc.conf =================================================================== --- defaults/rc.conf (revision 195153) +++ defaults/rc.conf (working copy) @@ -196,6 +196,8 @@ ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. #ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. +#ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry +#ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias #ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. #wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device #wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlanddebug(8) @@ -360,9 +362,12 @@ static_routes="" # Set to static route list (or leave empty). natm_static_routes="" # Set to static route list for NATM (or leave empty). gateway_enable="NO" # Set to YES if this host will be a gateway. -router_enable="NO" # Set to YES to enable a routing daemon. -router="/sbin/routed" # Name of routing daemon to use if enabled. -router_flags="-q" # Flags for routing daemon. +routed_enable="NO" # Set to YES to enable a routing daemon. +#router_enable="NO" # (works but obsolete) +routed_program="/sbin/routed" # Name of routing daemon to use if enabled. +#router="/sbin/routed" # (works but obsolete) +routed_flags="-q" # Flags for routing daemon. +#router_flags="-q" # (works but obsolete) mrouted_enable="NO" # Do IPv4 multicast routing. mrouted_program="/usr/local/sbin/mrouted" # Name of IPv4 multicast # routing daemon. You need to @@ -417,8 +422,8 @@ icmp_bmcastecho="NO" # respond to broadcast ping packets ### IPv6 options: ### -ipv6_enable="NO" # Set to YES to set up for IPv6. -ipv6_network_interfaces="auto" # List of network interfaces (or "auto"). +ipv6_network_interfaces="none" # List of IPv6 network interfaces + # (or "auto" or "none"). ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). #ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) ipv6_static_routes="" # Set to static route list (or leave empty). @@ -426,20 +431,22 @@ # route toward loopback interface. #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway. -ipv6_router_enable="NO" # Set to YES to enable an IPv6 routing daemon. -ipv6_router="/usr/sbin/route6d" # Name of IPv6 routing daemon. -ipv6_router_flags="" # Flags to IPv6 routing daemon. -#ipv6_router_flags="-l" # Example for route6d with only IPv6 site local + +route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon. +#ipv6_router_enable="NO" # (works but obsolete) +route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon. +#ipv6_router="/usr/sbin/route6d" # (works but obsolete) +route6d_flags="" # Flags to IPv6 routing daemon. +#ipv6_router_flags="" # (works but obsolete) +#route6d_flags="-l" # Example for route6d with only IPv6 site local # addrs. -#ipv6_router_flags="-q" # If you want to run a routing daemon on an end +#route6d_flags="-q" # If you want to run a routing daemon on an end # node, you should stop advertisement. #ipv6_network_interfaces="ed0 ep0" # Examples for router # or static configuration for end node. # Choose correct prefix value. #ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr. #ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr. -#ipv6_ifconfig_ed0="fec0:0:0:5::1 prefixlen 64" # Sample manual assign entry -#ipv6_ifconfig_ed0_alias0="fec0:0:0:5::2 prefixlen 64" # Sample alias entry. ipv6_default_interface="NO" # Default output interface for scoped addrs. # Now this works only for IPv6 link local # multicast addrs. @@ -481,6 +488,7 @@ # for examples ip6addrctl_enable="YES" # Set to YES to enable default address selection ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages +ipv6_prefer="NO" # Use IPv6 when both IPv4 and IPv6 can be used ############################################################## ### System console options ################################# ----Next_Part(Thu_Jul__2_04_34_47_2009_516)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="network.subr.diff" --- tmp/network.subr 2009-07-02 04:03:34.000000000 +0000 +++ network.subr 2009-07-02 04:04:55.000000000 +0000 @@ -31,8 +31,8 @@ # # ifn_start ifn -# Bring up and configure an interface. If some configuration is applied -# print the interface configuration. +# Bring up and configure an interface. If some configuration is +# applied print the interface configuration. # ifn_start() { @@ -40,21 +40,21 @@ ifn="$1" cfg=1 - [ -z "$ifn" ] && err 1 "ifn_start called without an interface" + ifexists "$ifn" || err 1 "ifn_start called without an interface" ifscript_up ${ifn} && cfg=0 ifconfig_up ${ifn} && cfg=0 ipv4_up ${ifn} && cfg=0 ipv6_up ${ifn} && cfg=0 ipx_up ${ifn} && cfg=0 - childif_create ${ifn} + childif_create ${ifn} && cfg=0 return $cfg } -# ifn_start ifn -# Shutdown and de-configure an interface. If action is taken print the -# interface name. +# ifn_stop ifn +# Shutdown and de-configure an interface. If action is taken +# print the interface name. # ifn_stop() { @@ -62,14 +62,14 @@ ifn="$1" cfg=1 - [ -z "$ifn" ] && return 1 + ifexists "$ifn" || err 1 "ifn_stop called without an interface" ipx_down ${ifn} && cfg=0 ipv6_down ${ifn} && cfg=0 ipv4_down ${ifn} && cfg=0 ifconfig_down ${ifn} && cfg=0 ifscript_down ${ifn} && cfg=0 - childif_destroy ${ifn} + childif_destroy ${ifn} && cfg=0 return $cfg } @@ -83,8 +83,10 @@ # ifconfig_up() { + local _cfg _ipv6_opts ifconfig_args _cfg=1 + # ifconfig_IF ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then ifconfig $1 ${ifconfig_args} @@ -94,7 +96,7 @@ # inet6 specific if afexists ipv6; then if ipv6if $1; then - if checkyesno ipv6_gateway_enable ]; then + if checkyesno ipv6_gateway_enable; then _ipv6_opts="-accept_rtadv auto_linklocal" else _ipv6_opts="auto_linklocal" @@ -105,6 +107,7 @@ ifconfig $1 inet6 ${_ipv6_opts} + # ifconfig_ipv6_IF ifconfig_args=`ifconfig_getargs $1 ipv6` if [ -n "${ifconfig_args}" ]; then ifconfig $1 ${ifconfig_args} @@ -121,7 +124,7 @@ fi fi - if [ ${_cfg} = 0 ]; then + if [ ${_cfg} -eq 0 ]; then ifconfig $1 up fi @@ -149,7 +152,7 @@ # ifconfig_down() { - [ -z "$1" ] && return 1 + local _cfg _cfg=1 if wpaif $1; then @@ -171,13 +174,15 @@ } # get_if_var if var [default] -# Return the value of the pseudo-hash corresponding to $if where -# $var is a string containg the sub-string "IF" which will be -# replaced with $if after the characters defined in _punct are -# replaced with '_'. If the variable is unset, replace it with -# $default if given. +# Return the value of the pseudo-hash corresponding to $if where +# $var is a string containg the sub-string "IF" which will be +# replaced with $if after the characters defined in _punct are +# replaced with '_'. If the variable is unset, replace it with +# $default if given. get_if_var() { + local _if _punct _var _default prefix suffix + if [ $# -ne 2 -a $# -ne 3 ]; then err 3 'USAGE: get_if_var name var [default]' fi @@ -201,11 +206,9 @@ # outside this file. _ifconfig_getargs() { + local _ifn _af _ifn=$1 - case $2 in - "") _af= ;; - *) _af=_$2 ;; - esac + _af=${2+_$2} if [ -z "$_ifn" ]; then return 1 @@ -219,6 +222,7 @@ # args such as DHCP and WPA. ifconfig_getargs() { + local _tmpargs _arg _args _tmpargs=`_ifconfig_getargs $1 $2` if [ $? -eq 1 ]; then return 1 @@ -246,7 +250,9 @@ # boot time and 1 otherwise. autoif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Aa][Uu][Tt][Oo]) @@ -254,6 +260,7 @@ ;; esac done + return 0 } @@ -261,7 +268,9 @@ # Returns 0 if the interface is a DHCP interface and 1 otherwise. dhcpif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Dd][Hh][Cc][Pp]) @@ -275,6 +284,7 @@ ;; esac done + return 1 } @@ -283,7 +293,9 @@ # 1 otherwise. syncdhcpif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) @@ -294,18 +306,18 @@ ;; esac done - if checkyesno synchronous_dhclient; then - return 0 - else - return 1 - fi + + # if no NOSYNCDHCP and SYNCDHCP + checkyesno synchronous_dhclient } # wpaif if # Returns 0 if the interface is a WPA interface and 1 otherwise. wpaif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Ww][Pp][Aa]) @@ -313,6 +325,7 @@ ;; esac done + return 1 } @@ -321,24 +334,47 @@ # 1 otherwise. afexists() { + local _af _af=$1 case ${_af} in inet|ipv4|ip|ip4) - if ${SYSCTL_N} net.inet > /dev/null; then - return 0 - else - return 1 - fi + ${SYSCTL_N} net.inet > /dev/null 2>&1 ;; inet6|ipv6|ip6) - if ${SYSCTL_N} net.inet6 > /dev/null; then - return 0 - else - return 1 - fi + ${SYSCTL_N} net.inet6 > /dev/null 2>&1 + ;; + *) + warn "afexists(): Unsupported address family: $_af" + return 1 + ;; + esac +} + +# noafif if +# Returns 0 if the interface has no af configuration and 1 otherwise. +noafif() +{ + local _if + _if=$1 + + case $_if in + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) + return 0 ;; esac + + return 1 } # ipv6if if @@ -346,6 +382,7 @@ # 1 otherwise. ipv6if() { + local _if i _if=$1 if ! afexists ipv6; then @@ -367,11 +404,13 @@ return 1 ;; esac + for i in ${ipv6_network_interfaces}; do if [ "$i" = "$_if" ]; then return 0 fi done + return 1 } @@ -380,11 +419,15 @@ # Stateless Address Configuration, 1 otherwise. ipv6_autoconfif() { + local _if _tmpargs _arg _if=$1 if ! ipv6if $_if; then return 1 fi + if noafif $_if; then + return 1 + fi if checkyesno ipv6_gateway_enable; then return 1 fi @@ -394,18 +437,7 @@ stf[0-9]*|\ faith[0-9]*|\ lp[0-9]*|\ - sl[0-9]*|\ - pflog[0-9]*|\ - pfsync[0-9]*|\ - an[0-9]*|\ - ath[0-9]*|\ - ipw[0-9]*|\ - iwi[0-9]*|\ - iwn[0-9]*|\ - ral[0-9]*|\ - wi[0-9]*|\ - wl[0-9]*|\ - wpi[0-9]*) + sl[0-9]*) return 1 ;; esac @@ -426,48 +458,56 @@ # Returns 0 if the interface exists and 1 otherwise. ifexists() { + [ -z "$1" ] && return 1 ifconfig -n $1 > /dev/null 2>&1 } # ipv4_up if -# add IPv4 addresses to the interface $if +# add IPv4 addresses to the interface $if ipv4_up() { + local _if _ret _if=$1 + _ret=1 - ifalias_up ${_if} inet - ipv4_addrs_common ${_if} alias + ifalias_up ${_if} inet && _ret=0 + ipv4_addrs_common ${_if} alias && _ret=0 + + return $_ret } # ipv6_up if -# add IPv6 addresses to the interface $if +# add IPv6 addresses to the interface $if ipv6_up() { + local _if _ret _if=$1 + _ret=1 if ! ipv6if $_if; then - return + return 0 fi - ifalias_up ${_if} inet6 - ipv6_prefix_hostid_addr_up ${_if} - ipv6_accept_rtadv_up ${_if} + ifalias_up ${_if} inet6 && _ret=0 + ipv6_prefix_hostid_addr_up ${_if} && _ret=0 + ipv6_accept_rtadv_up ${_if} && _ret=0 # wait for DAD sleep `${SYSCTL_N} net.inet6.ip6.dad_count` sleep 1 + + return $_ret } # ipv4_down if -# remove IPv4 addresses from the interface $if +# remove IPv4 addresses from the interface $if ipv4_down() { + local _if _ifs _ret inetList oldifs _inet _if=$1 _ifs="^" _ret=1 - ifexists ${_if} || return 1 - inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" oldifs="$IFS" @@ -492,20 +532,19 @@ } # ipv6_down if -# remove IPv6 addresses from the interface $if +# remove IPv6 addresses from the interface $if ipv6_down() { + local _if _ifs _ret inetList oldifs _inet6 _if=$1 _ifs="^" _ret=1 - ifexists ${_if} || return 1 - if ! ipv6if $_if; then return 0 fi - ipv6_accept_rtadv_down ${_if} + ipv6_accept_rtadv_down ${_if} && _ret=0 ifalias_down ${_if} inet6 && _ret=0 inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" @@ -529,10 +568,12 @@ } # ipv4_addrs_common if action -# Evaluate the ifconfig_if_ipv4 arguments for interface $if -# and use $action to add or remove IPv4 addresses from $if. +# Evaluate the ifconfig_if_ipv4 arguments for interface $if and +# use $action to add or remove IPv4 addresses from $if. ipv4_addrs_common() -{ +{ + local _ret _if _action _cidr _cidr_addr + local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount _ret=1 _if=$1 _action=$2 @@ -565,6 +606,7 @@ fi done done + return $_ret } @@ -575,6 +617,7 @@ # ifalias_up() { + local _ret _ret=1 case "$2" in @@ -594,22 +637,24 @@ # ifalias_ipv4_up() { + local _ret alias ifconfig_args _ret=1 + # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet\ *) - ifconfig $1 ${ifconfig_args} alias - alias=$((${alias} + 1)) - _ret=0 + ifconfig $1 ${ifconfig_args} alias && _ret=0 ;; - *) + "") break ;; esac + alias=$((${alias} + 1)) done + return $_ret } @@ -618,21 +663,22 @@ # ifalias_ipv6_up() { + local _ret alias ifconfig_args _ret=1 + # ifconfig_IF_aliasN which starts with "inet6" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet6\ *) - ifconfig $1 ${ifconfig_args} alias - alias=$((${alias} + 1)) - _ret=0 + ifconfig $1 ${ifconfig_args} alias && _ret=0 ;; - *) + "") break ;; esac + alias=$((${alias} + 1)) done # backward compatibility: ipv6_ifconfig_IF_aliasN. @@ -644,14 +690,14 @@ break ;; *) - ifconfig $1 inet6 ${ifconfig_args} alias - alias=$((${alias} + 1)) + ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0 warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." - " Use ifconfig_$1_alias${alias} instead." - _ret=0 + " Use ifconfig_$1_aliasN instead." ;; esac + alias=$((${alias} + 1)) done + return $_ret } @@ -662,6 +708,7 @@ # ifalias_down() { + local _ret _ret=1 case "$2" in @@ -681,22 +728,24 @@ # ifalias_ipv4_down() { + local _ret alias ifconfig_args _ret=1 + # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet\ *) - ifconfig $1 ${ifconfig_args} -alias - alias=$((${alias} + 1)) - _ret=0 + ifconfig $1 ${ifconfig_args} -alias && _ret=0 ;; - *) + "") break ;; esac + alias=$((${alias} + 1)) done + return $_ret } @@ -705,21 +754,22 @@ # ifalias_ipv6_down() { + local _ret alias ifconfig_args _ret=1 + # ifconfig_IF_aliasN which starts with "inet6" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet6\ *) - ifconfig $1 ${ifconfig_args} -alias - alias=$((${alias} + 1)) - _ret=0 + ifconfig $1 ${ifconfig_args} -alias && _ret=0 ;; - *) + "") break ;; esac + alias=$((${alias} + 1)) done # backward compatibility: ipv6_ifconfig_IF_aliasN. @@ -728,28 +778,33 @@ case "${ifconfig_args}" in "") break - ;; + ;; *) ifconfig $1 inet6 ${ifconfig_args} -alias alias=$((${alias} + 1)) warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." - " Use ifconfig_$1_alias${alias} instead." + " Use ifconfig_$1_aliasN instead." _ret=0 + ;; esac done + return $_ret } # ipv6_prefix_hostid_addr_up if -# add IPv6 prefix + hostid addr to the interface $if +# add IPv6 prefix + hostid addr to the interface $if ipv6_prefix_hostid_addr_up() { + local _if prefix laddr hostid j address _if=$1 prefix=`get_if_var ${_if} ipv6_prefix_IF` if [ -n "${prefix}" ]; then laddr=`network6_getladdr ${_if}` - hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` + hostid=${laddr#fe80::} + hostid=${hostid%\%*} + for j in ${prefix}; do address=$j\:${hostid} ifconfig ${_if} inet6 ${address} prefixlen 64 alias @@ -765,25 +820,22 @@ } # ipv6_accept_rtadv_up if -# Enable accepting Router Advertisement and send Router Solicitation message +# Enable accepting Router Advertisement and send Router +# Solicitation message ipv6_accept_rtadv_up() { - _if=$1 - - if ipv6_autoconfif $_if; then - ifconfig ${_if} inet6 accept_rtadv up - rtsol ${rtsol_flags} ${_if} + if ipv6_autoconfif $1; then + ifconfig $1 inet6 accept_rtadv up + rtsol ${rtsol_flags} $1 fi } # ipv6_accept_rtadv_down if -# Disabled accepting Router Advertisement +# Disable accepting Router Advertisement ipv6_accept_rtadv_down() { - _if=$1 - - if ipv6_autoconfif $_if; then - ifconfig ${_if} inet6 -accept_rtadv + if ipv6_autoconfif $1; then + ifconfig $1 inet6 -accept_rtadv fi } @@ -797,8 +849,9 @@ if [ -r /etc/start_if.$1 ]; then . /etc/start_if.$1 return 0 + else + return 1 fi - return 1 } # ifscript_down if @@ -811,16 +864,21 @@ if [ -r /etc/stop_if.$1 ]; then . /etc/stop_if.$1 return 0 + else + return 1 fi - return 1 } -# Create cloneable interfaces. +# clone_up +# Create cloneable interfaces. # clone_up() { + local _prefix _list ifn _prefix= _list= + + # create_args_IF for ifn in ${cloned_interfaces}; do ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF` if [ $? -eq 0 ]; then @@ -831,13 +889,16 @@ debug "Cloned: ${_list}" } -# Destroy cloned interfaces. Destroyed interfaces are echoed -# to standard output. +# clone_down +# Destroy cloned interfaces. Destroyed interfaces are echoed to +# standard output. # clone_down() { + local _prefix _list ifn _prefix= _list= + for ifn in ${cloned_interfaces}; do ifconfig ${ifn} destroy if [ $? -eq 0 ]; then @@ -848,14 +909,14 @@ debug "Destroyed clones: ${_list}" } -# Create and configure child interfaces. -# Return 0 if child interfaces are created. +# childif_create +# Create and configure child interfaces. Return 0 if child +# interfaces are created. # childif_create() { local cfg child child_wlans create_args debug_flags ifn i cfg=1 - ifn=$1 # Create wireless interfaces @@ -885,28 +946,40 @@ return ${cfg} } -# Destroy child interfaces. +# childif_destroy +# Destroy child interfaces. # childif_destroy() { local cfg child child_wlans ifn + cfg=1 child_wlans="`get_if_var $ifn wlans_IF` `get_if_var $ifn vaps_IF`" for child in ${child_wlans}; do ifconfig $child destroy && cfg=0 done + + return ${cfg} } -# Create netgraph nodes. +# ng_mkpeer +# Create netgraph nodes. # -ng_mkpeer() { +ng_mkpeer() +{ ngctl -f - 2> /dev/null </dev/null`; do case $line in *interface:*) defif=${line##*: } @@ -1165,6 +1238,8 @@ echo $defif } +# hexdigit arg +# Echo decimal number $arg (single digit) in hexadecimal format. hexdigit() { if [ $1 -lt 10 ]; then @@ -1181,14 +1256,17 @@ fi } +# hexprint arg +# Echo decimal number $arg (multiple digits) in hexadecimal format. hexprint() { + local val str dig val=$1 str='' - dig=`hexdigit $((${val} & 15))` str=${dig}${str} val=$((${val} >> 4)) + while [ ${val} -gt 0 ]; do dig=`hexdigit $((${val} & 15))` str=${dig}${str} @@ -1198,8 +1276,13 @@ echo ${str} } +# network6_getladdr if [flag] +# Echo link-local address from $if if any. +# If flag is defined, tentative ones will be excluded. network6_getladdr() { + local proto addr rest + ifconfig $1 2>/dev/null | while read proto addr rest; do case ${proto} in inet6) ----Next_Part(Thu_Jul__2_04_34_47_2009_516)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="defaultroute.diff" --- /etc/rc.d/defaultroute 2009-06-28 05:03:37.000000000 +0000 +++ rc.d/defaultroute 2009-07-02 03:27:36.000000000 +0000 @@ -52,7 +52,7 @@ fi nl=1 sleep 1 - delay=`expr $delay - 1` + delay=$(($delay - 1)) done [ -n "$nl" ] && echo ----Next_Part(Thu_Jul__2_04_34_47_2009_516)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="routing.diff" --- /etc/rc.d/routing 2009-06-28 18:10:43.000000000 +0000 +++ rc.d/routing 2009-07-02 03:33:53.000000000 +0000 @@ -21,13 +21,13 @@ routing_start() { - static_start $* - options_start $* + static_start "$@" + options_start "$@" } routing_stop() { - static_stop $* + static_stop "$@" route -n flush for i in ${ipv6_network_interfaces}; do ifconfig $i inet6 -defaultif @@ -36,6 +36,7 @@ static_start() { + local _af _af=$1 case ${_af} in @@ -58,6 +59,7 @@ static_stop() { + local _af _af=$1 case ${_af} in @@ -80,6 +82,7 @@ do_static() { + local _af _action _af=$1 _action=$2 @@ -88,6 +91,7 @@ ipv4_static() { + local _action _action=$1 case ${defaultrouter} in @@ -109,6 +113,7 @@ ipv6_static() { + local _action i _action=$1 # disallow "internal" addresses to appear on the wire @@ -215,6 +220,7 @@ atm_static() { + local _action i _action=$1 if [ -n "${natm_static_routes}" ]; then @@ -294,4 +300,4 @@ } load_rc_config $name -run_rc_command $* +run_rc_command "$@" ----Next_Part(Thu_Jul__2_04_34_47_2009_516)---- ----Security_Multipart0(Thu_Jul__2_04_34_47_2009_344)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEABECAAYFAkpLulcACgkQTyzT2CeTzy0xQACfQtaqnlGOhX2G5ZTC8peIkGI4 iW0An23/aMA+HS/nA/8C4xUgP2EUIbKO =eX2F -----END PGP SIGNATURE----- ----Security_Multipart0(Thu_Jul__2_04_34_47_2009_344)---- From owner-freebsd-rc@FreeBSD.ORG Fri Jul 3 08:00:11 2009 Return-Path: Delivered-To: freebsd-rc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 453AC106564A for ; Fri, 3 Jul 2009 08:00:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E7B4B8FC12 for ; Fri, 3 Jul 2009 08:00:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n6380A3M098920 for ; Fri, 3 Jul 2009 08:00:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n6380A1i098919; Fri, 3 Jul 2009 08:00:10 GMT (envelope-from gnats) Date: Fri, 3 Jul 2009 08:00:10 GMT Message-Id: <200907030800.n6380A1i098919@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org From: Dominic Fandrey Cc: Subject: Re: conf/130414: [patch] rc services started with onestart are not stopped upon shutdown X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dominic Fandrey List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jul 2009 08:00:11 -0000 The following reply was made to PR conf/130414; it has been noted by GNATS. From: Dominic Fandrey To: bug-followup@FreeBSD.org, kamikaze@bsdforen.de Cc: Subject: Re: conf/130414: [patch] rc services started with onestart are not stopped upon shutdown Date: Fri, 03 Jul 2009 09:28:25 +0200 ping Please commit or close. I've been using this patch for 6 months now. Consider it very well tested. It stops postgres, apache and my vpnc connections upon shutdown. Especially that is useful, because if they are not shutdown properly I'm not allowed to log back in for 30 minutes.