From owner-freebsd-rc@FreeBSD.ORG Sun Jun 28 10:44:09 2009 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 46846106566C; Sun, 28 Jun 2009 10:44:09 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.allbsd.org (unknown [IPv6:2001:2f0:104:e002::2]) by mx1.freebsd.org (Postfix) with ESMTP id 48BB58FC14; Sun, 28 Jun 2009 10:44:08 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from delta.allbsd.org (p3185-ipbf514funabasi.chiba.ocn.ne.jp [123.225.96.185]) (authenticated bits=128) by mail.allbsd.org (8.14.3/8.14.3) with ESMTP id n5SAhttS003298; Sun, 28 Jun 2009 19:44:05 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (alph.allbsd.org [192.168.0.10]) (authenticated bits=0) by delta.allbsd.org (8.13.4/8.13.4) with ESMTP id n5SAhkA1009655; Sun, 28 Jun 2009 19:43:48 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Sun, 28 Jun 2009 19:43:42 +0900 (JST) Message-Id: <20090628.194342.254155418.hrs@allbsd.org> To: freebsd-rc@FreeBSD.org From: Hiroki Sato X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.2.51 on Emacs 22.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart0(Sun_Jun_28_19_43_42_2009_102)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.93.3, clamav-milter version 0.93.3 on gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (mail.allbsd.org [133.31.130.32]); Sun, 28 Jun 2009 19:44:06 +0900 (JST) Cc: hrs@FreeBSD.org Subject: RFC: integrate network_ipv6 to netif and tidy up several rc.d scripts X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jun 2009 10:44:09 -0000 ----Security_Multipart0(Sun_Jun_28_19_43_42_2009_102)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Sun_Jun_28_19_43_42_2009_953)--" Content-Transfer-Encoding: 7bit ----Next_Part(Sun_Jun_28_19_43_42_2009_953)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi all, I would like your review on the attached patch. Changes are the following: 1. Integrate IPv6 interface configuration to rc.d/netif. Also, IPv6 routing and options are handled rc.d/routing and rc.d/netoptions now. If no INET6, IPv6 configuration is safely ignored. 2. rc.conf variable change. ipv6_enable -> (removed) ipv6_ifconfig_IF -> ifconfig_ipv6_IF ipv6_ifconfig_IF_aliasN -> ifconfig_IF_aliasN (same as IPv4) The old variables still valid, but display a warning. 3. rc.d/routed and rc.d/route6d now accept standard rc.d variables like $routed_enable. The old $router_enable, $ipv6_router_enable and so on are still valid, but display a warning. 4. Clean up rc.d/netoptions to adjust it to the rc.d framework. No functional change but IPv6 specific options are added. 5. Remove rc.d/auto_linklocal and rc.d/network_ipv6. No longer needed. 6. Fix rc.d/defaultroute to suppress an extra blank line. 7. rc.conf(5) update. The default value of $ipv6_network_interfaces is changed from "auto" to "none". Basically these changes should be backward compatible except for $ipv6_enable and $ipv6_network_interfaces. Note that a part of these changes depend on another patch I posted on -net@ recently (ifconfig ND6 flags and so on), so simply applying the diff to the current system does not work. Any comments (or objections) are welcome. -- Hiroki ----Next_Part(Sun_Jun_28_19_43_42_2009_953)-- Content-Type: Text/X-Patch; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rc_20090628.diff" Index: etc/network.subr =================================================================== --- etc/network.subr (revision 195123) +++ etc/network.subr (working copy) @@ -45,6 +45,7 @@ ifscript_up ${ifn} && cfg=0 ifconfig_up ${ifn} && cfg=0 ipv4_up ${ifn} && cfg=0 + ipv6_up ${ifn} && cfg=0 ipx_up ${ifn} && cfg=0 childif_create ${ifn} @@ -64,6 +65,7 @@ [ -z "$ifn" ] && return 1 ipx_down ${ifn} && cfg=0 + ipv6_down ${ifn} && cfg=0 ipv4_down ${ifn} && cfg=0 ifconfig_down ${ifn} && cfg=0 ifscript_down ${ifn} && cfg=0 @@ -86,10 +88,43 @@ ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then ifconfig $1 ${ifconfig_args} - ifconfig $1 up _cfg=0 fi + # inet6 specific + if afexists ipv6; then + if ipv6if $1; then + if checkyesno ipv6_gateway_enable ]; then + _ipv6_opts="-accept_rtadv auto_linklocal" + else + _ipv6_opts="auto_linklocal" + fi + else + _ipv6_opts="-auto_linklocal" + fi + + ifconfig $1 inet6 ${_ipv6_opts} + + ifconfig_args=`ifconfig_getargs $1 ipv6` + if [ -n "${ifconfig_args}" ]; then + ifconfig $1 ${ifconfig_args} + _cfg=0 + fi + + # backward compatiblity: $ipv6_ifconfig_IF + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` + if [ -n "${ifconfig_args}" ]; then + warn "\$ipv6_ifconfig_$1 is obsolete." \ + " Use ifconfig_$1_ipv6 instead." + ifconfig $1 inet6 ${ifconfig_args} + _cfg=0 + fi + fi + + if [ ${_cfg} = 0 ]; then + ifconfig $1 up + fi + if wpaif $1; then /etc/rc.d/wpa_supplicant start $1 _cfg=0 # XXX: not sure this should count @@ -160,26 +195,31 @@ eval echo \${${prefix}${_if}${suffix}-${_default}} } -# _ifconfig_getargs if +# _ifconfig_getargs if [af] # Echos the arguments for the supplied interface to stdout. # returns 1 if empty. In general, ifconfig_getargs should be used # outside this file. _ifconfig_getargs() { _ifn=$1 + case $2 in + "") _af= ;; + *) _af=_$2 ;; + esac + if [ -z "$_ifn" ]; then return 1 fi - get_if_var $_ifn ifconfig_IF "$ifconfig_DEFAULT" + get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" } -# ifconfig_getargs if +# ifconfig_getargs if [af] # Takes the result from _ifconfig_getargs and removes pseudo # args such as DHCP and WPA. ifconfig_getargs() { - _tmpargs=`_ifconfig_getargs $1` + _tmpargs=`_ifconfig_getargs $1 $2` if [ $? -eq 1 ]; then return 1 fi @@ -276,14 +316,49 @@ return 1 } +# afexists af +# Returns 0 if the address family is enabled in the kernel +# 1 otherwise. +afexists() +{ + _af=$1 + + case ${_af} in + inet|ipv4|ip|ip4) + if ${SYSCTL_N} net.inet > /dev/null; then + return 0 + else + return 1 + fi + ;; + inet6|ipv6|ip6) + if ${SYSCTL_N} net.inet6 > /dev/null; then + return 0 + else + return 1 + fi + ;; + esac +} + # ipv6if if # Returns 0 if the interface should be configured for IPv6 and # 1 otherwise. ipv6if() { - if ! checkyesno ipv6_enable; then + _if=$1 + + if ! afexists ipv6; then return 1 fi + + # lo0 is always IPv6-enabled + case $_if in + lo[0-9]*) + return 0 + ;; + esac + case "${ipv6_network_interfaces}" in [Aa][Uu][Tt][Oo]) return 0 @@ -292,14 +367,61 @@ return 1 ;; esac - for v6if in ${ipv6_network_interfaces}; do - if [ "${v6if}" = "${1}" ]; then + for i in ${ipv6_network_interfaces}; do + if [ "$i" = "$_if" ]; then return 0 fi done return 1 } +# ipv6_autoconfif if +# Returns 0 if the interface should be configured for IPv6 with +# Stateless Address Configuration, 1 otherwise. +ipv6_autoconfif() +{ + _if=$1 + + if ! ipv6if $_if; then + return 1 + fi + if checkyesno ipv6_gateway_enable; then + return 1 + fi + + case $_if in + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*|\ + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) + return 1 + ;; + esac + + _tmpargs=`_ifconfig_getargs $_if ipv6` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + + return 1 +} + # ifexists if # Returns 0 if the interface exists and 1 otherwise. ifexists() @@ -312,10 +434,30 @@ ipv4_up() { _if=$1 - ifalias_up ${_if} + + ifalias_up ${_if} inet ipv4_addrs_common ${_if} alias } +# ipv6_up if +# add IPv6 addresses to the interface $if +ipv6_up() +{ + _if=$1 + + if ! ipv6if $_if; then + return + fi + + ifalias_up ${_if} inet6 + ipv6_prefix_hostid_addr_up ${_if} + ipv6_accept_rtadv_up ${_if} + + # wait for DAD + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + sleep 1 +} + # ipv4_down if # remove IPv4 addresses from the interface $if ipv4_down() @@ -343,12 +485,49 @@ done IFS="$oldifs" - ifalias_down ${_if} && _ret=0 + ifalias_down ${_if} inet && _ret=0 ipv4_addrs_common ${_if} -alias && _ret=0 return $_ret } +# ipv6_down if +# remove IPv6 addresses from the interface $if +ipv6_down() +{ + _if=$1 + _ifs="^" + _ret=1 + + ifexists ${_if} || return 1 + + if ! ipv6if $_if; then + return 0 + fi + + ipv6_accept_rtadv_down ${_if} + ifalias_down ${_if} inet6 && _ret=0 + + inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" + + oldifs="$IFS" + IFS="$_ifs" + for _inet6 in $inetList ; do + # get rid of extraneous line + [ -z "$_inet6" ] && break + + _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` + + IFS="$oldifs" + ifconfig ${_if} ${_inet6} -alias + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + return $_ret +} + # ipv4_addrs_common if action # Evaluate the ifconfig_if_ipv4 arguments for interface $if # and use $action to add or remove IPv4 addresses from $if. @@ -389,7 +568,7 @@ return $_ret } -# ifalias_up if +# ifalias_up if af # Configure aliases for network interface $if. # It returns 0 if at least one alias was configured or # 1 if there were none. @@ -397,21 +576,86 @@ ifalias_up() { _ret=1 + + case "$2" in + inet|ipv4|ip4) + _ret=`ifalias_ipv4_up "$1"` + ;; + inet6|ipv6|ip6) + _ret=`ifalias_ipv6_up "$1"` + ;; + esac + + return $_ret +} + +# ifalias_ipv4_up if +# Helper function for ifalias_up(). Handles IPv4. +# +ifalias_ipv4_up() +{ + _ret=1 + alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then + case "${ifconfig_args}" in + inet\ *) ifconfig $1 ${ifconfig_args} alias alias=$((${alias} + 1)) _ret=0 - else + ;; + *) break - fi + ;; + esac done return $_ret } -#ifalias_down if +# ifalias_ipv6_up if +# Helper function for ifalias_up(). Handles IPv6. +# +ifalias_ipv6_up() +{ + _ret=1 + + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} alias + alias=$((${alias} + 1)) + _ret=0 + ;; + *) + break + ;; + esac + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} alias + alias=$((${alias} + 1)) + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." + " Use ifconfig_$1_alias${alias} instead." + _ret=0 + ;; + esac + done + return $_ret +} + +# ifalias_down if af # Remove aliases for network interface $if. # It returns 0 if at least one alias was removed or # 1 if there were none. @@ -419,20 +663,130 @@ ifalias_down() { _ret=1 + + case "$2" in + inet|ipv4|ip4) + _ret=`ifalias_ipv4_down "$1"` + ;; + inet6|ipv6|ip6) + _ret=`ifalias_ipv6_down "$1"` + ;; + esac + + return $_ret +} + +#ifalias_ipv4_down if +# Helper function for ifalias_down(). Handles IPv4. +# +ifalias_ipv4_down() +{ + _ret=1 + alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then + case "${ifconfig_args}" in + inet\ *) ifconfig $1 ${ifconfig_args} -alias alias=$((${alias} + 1)) _ret=0 - else + ;; + *) break - fi + ;; + esac done return $_ret } +#ifalias_ipv6_down if +# Helper function for ifalias_down(). Handles IPv6. +# +ifalias_ipv6_down() +{ + _ret=1 + + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} -alias + alias=$((${alias} + 1)) + _ret=0 + ;; + *) + break + ;; + esac + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} -alias + alias=$((${alias} + 1)) + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." + " Use ifconfig_$1_alias${alias} instead." + _ret=0 + esac + done + return $_ret +} + +# ipv6_prefix_hostid_addr_up if +# add IPv6 prefix + hostid addr to the interface $if +ipv6_prefix_hostid_addr_up() +{ + _if=$1 + prefix=`get_if_var ${_if} ipv6_prefix_IF` + + if [ -n "${prefix}" ]; then + laddr=`network6_getladdr ${_if}` + hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` + for j in ${prefix}; do + address=$j\:${hostid} + ifconfig ${_if} inet6 ${address} prefixlen 64 alias + + # if I am a router, add subnet router + # anycast address (RFC 2373). + if checkyesno ipv6_gateway_enable; then + ifconfig ${_if} inet6 $j:: prefixlen 64 \ + alias anycast + fi + done + fi +} + +# ipv6_accept_rtadv_up if +# Enable accepting Router Advertisement and send Router Solicitation message +ipv6_accept_rtadv_up() +{ + _if=$1 + + if ipv6_autoconfif $_if; then + ifconfig ${_if} inet6 accept_rtadv up + rtsol ${rtsol_flags} ${_if} + fi +} + +# ipv6_accept_rtadv_down if +# Disabled accepting Router Advertisement +ipv6_accept_rtadv_down() +{ + _if=$1 + + if ipv6_autoconfif $_if; then + ifconfig ${_if} inet6 -accept_rtadv + fi +} + # ifscript_up if # Evaluate a startup script for the $if interface. # It returns 0 if a script was found and processed or @@ -633,7 +987,7 @@ ipx_up() { ifn="$1" - ifconfig_args=`get_if_var $ifn ifconfig_IF_ipx` + ifconfig_args=`_ifconfig_getargs $ifn ipx` if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} return 0 @@ -695,8 +1049,12 @@ # List all network interfaces. The type of interface returned # can be controlled by the type argument. The type # argument can be any of the following: -# nodhcp - all interfaces, excluding DHCP configured interfaces -# dhcp - list only DHCP configured interfaces +# nodhcp - all interfaces, excluding DHCP configured interfaces +# dhcp - list only DHCP configured interfaces +# noautoconf - all interfaces, excluding IPv6 Stateless +# Address Autoconf configured interfaces +# autoconf - list only IPv6 Stateless Address Autoconf +# configured interfaces # If no argument is specified all network interfaces are output. # Note that the list will include cloned interfaces if applicable. # Cloned interfaces must already exist to have a chance to appear @@ -708,6 +1066,7 @@ # Get a list of ALL the interfaces and make lo0 first if it's there. # + _tmplist= case ${network_interfaces} in [Aa][Uu][Tt][Oo]) _prefix='' @@ -737,26 +1096,49 @@ # Separate out dhcp and non-dhcp interfaces # - _aprefix= - _bprefix= - for _if in ${_tmplist} ; do - if dhcpif $_if; then - _dhcplist="${_dhcplist}${_aprefix}${_if}" - [ -z "$_aprefix" ] && _aprefix=' ' - elif [ -n "`_ifconfig_getargs $_if`" ]; then - _nodhcplist="${_nodhcplist}${_bprefix}${_if}" - [ -z "$_bprefix" ] && _bprefix=' ' - fi - done - + _list= + _prefix= case "$type" in nodhcp) - echo $_nodhcplist + for _if in ${_tmplist} ; do + if ! dhcpif $_if && \ + [ -n "`_ifconfig_getargs $_if`" ]; then + _list="${_list}${_prefix}${_if}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + echo $_list ;; dhcp) - echo $_dhcplist + for _if in ${_tmplist} ; do + if dhcpif $_if; then + _list="${_list}${_prefix}${_if}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + echo $_list ;; + noautoconf) + for _if in ${_tmplist} ; do + if ! ipv6_autoconfif $_if && \ + [ -n "`_ifconfig_getargs $_if ipv6`" ]; then + _list="${_list}${_prefix}${_if}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + echo $_list + ;; + autoconf) + for _if in ${_tmplist} ; do + if ipv6_autoconfif $_if; then + _list="${_list}${_prefix}${_if}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + echo $_list + ;; esac + return 0 } @@ -816,248 +1198,6 @@ echo ${str} } -# Setup the interfaces for IPv6 -network6_interface_setup() -{ - interfaces=$* - rtsol_interfaces='' - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - rtsol_available=no - ;; - *) - rtsol_available=yes - ;; - esac - for i in $interfaces; do - rtsol_interface=yes - prefix=`get_if_var $i ipv6_prefix_IF` - if [ -n "${prefix}" ]; then - rtsol_available=no - rtsol_interface=no - laddr=`network6_getladdr $i` - hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` - for j in ${prefix}; do - address=$j\:${hostid} - ifconfig $i inet6 ${address} prefixlen 64 alias - - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - # subnet-router anycast address - # (rfc2373) - ifconfig $i inet6 $j:: prefixlen 64 \ - alias anycast - ;; - esac - done - fi - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF` - if [ -n "${ipv6_ifconfig}" ]; then - rtsol_available=no - rtsol_interface=no - ifconfig $i inet6 ${ipv6_ifconfig} alias - fi - - if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ] - then - case ${i} in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*|pflog[0-9]*|pfsync[0-9]*) - ;; - # Wireless NIC cards are virtualized through the wlan interface - an[0-9]*|ath[0-9]*|ipw[0-9]*|iwi[0-9]*|iwn[0-9]*|ral[0-9]*|wi[0-9]*|wl[0-9]*|wpi[0-9]*) - ;; - *) - rtsol_interfaces="${rtsol_interfaces} ${i}" - ;; - esac - else - ifconfig $i inet6 - fi - done - - if [ ${rtsol_available} = yes -a -n "${rtsol_interfaces}" ]; then - # Act as endhost - automatically configured. - # You can configure only single interface, as - # specification assumes that autoconfigured host has - # single interface only. - sysctl net.inet6.ip6.accept_rtadv=1 - set ${rtsol_interfaces} - ifconfig $1 up - rtsol ${rtsol_flags} $1 - fi - - for i in $interfaces; do - alias=0 - while : ; do - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF_alias${alias}` - if [ -z "${ipv6_ifconfig}" ]; then - break; - fi - ifconfig $i inet6 ${ipv6_ifconfig} alias - alias=$((${alias} + 1)) - done - done -} - -# Setup IPv6 to IPv4 mapping -network6_stf_setup() -{ - case ${stf_interface_ipv4addr} in - [Nn][Oo] | '') - ;; - *) - # assign IPv6 addr and interface route for 6to4 interface - stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) - OIFS="$IFS" - IFS=".$IFS" - set ${stf_interface_ipv4addr} - IFS="$OIFS" - hexfrag1=`hexprint $(($1*256 + $2))` - hexfrag2=`hexprint $(($3*256 + $4))` - ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" - case ${stf_interface_ipv6_ifid} in - [Aa][Uu][Tt][Oo] | '') - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr ${i}` - case ${laddr} in - '') - ;; - *) - break - ;; - esac - done - stf_interface_ipv6_ifid=`expr "${laddr}" : \ - 'fe80::\(.*\)%\(.*\)'` - case ${stf_interface_ipv6_ifid} in - '') - stf_interface_ipv6_ifid=0:0:0:1 - ;; - esac - ;; - esac - ifconfig stf0 create >/dev/null 2>&1 - ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ - prefixlen ${stf_prefixlen} - # disallow packets to malicious 6to4 prefix - route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject - route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject - route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject - route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject - ;; - esac -} - -# Setup static routes -network6_static_routes_setup() -{ - # Set up any static routes. - case ${ipv6_defaultrouter} in - [Nn][Oo] | '') - ;; - *) - ipv6_static_routes="default ${ipv6_static_routes}" - ipv6_route_default="default ${ipv6_defaultrouter}" - ;; - esac - case ${ipv6_static_routes} in - [Nn][Oo] | '') - ;; - *) - for i in ${ipv6_static_routes}; do - ipv6_route_args=`get_if_var $i ipv6_route_IF` - route add -inet6 ${ipv6_route_args} - done - ;; - esac -} - -# Setup faith -network6_faith_setup() -{ - case ${ipv6_faith_prefix} in - [Nn][Oo] | '') - ;; - *) - sysctl net.inet6.ip6.keepfaith=1 - ifconfig faith0 create >/dev/null 2>&1 - ifconfig faith0 up - for prefix in ${ipv6_faith_prefix}; do - prefixlen=`expr "${prefix}" : ".*/\(.*\)"` - case ${prefixlen} in - '') - prefixlen=96 - ;; - *) - prefix=`expr "${prefix}" : \ - "\(.*\)/${prefixlen}"` - ;; - esac - route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 - route change -inet6 ${prefix} -prefixlen ${prefixlen} \ - -ifp faith0 - done - ;; - esac -} - -# Install the "default interface" to kernel, which will be used -# as the default route when there's no router. -network6_default_interface_setup() -{ - # Choose IPv6 default interface if it is not clearly specified. - case ${ipv6_default_interface} in - '') - for i in ${ipv6_network_interfaces}; do - case $i in - lo0|faith[0-9]*) - continue - ;; - esac - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_default_interface=$i - break - ;; - esac - done - ;; - esac - - # Disallow unicast packets without outgoing scope identifiers, - # or route such packets to a "default" interface, if it is specified. - route add -inet6 fe80:: -prefixlen 10 ::1 -reject - case ${ipv6_default_interface} in - [Nn][Oo] | '') - route add -inet6 ff02:: -prefixlen 16 ::1 -reject - ;; - *) - laddr=`network6_getladdr ${ipv6_default_interface}` - route add -inet6 ff02:: ${laddr} -prefixlen 16 -interface \ - -cloning - - # Disable installing the default interface with the - # case net.inet6.ip6.forwarding=0 and - # net.inet6.ip6.accept_rtadv=0, due to avoid conflict - # between the default router list and the manual - # configured default route. - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - ;; - *) - if [ `sysctl -n net.inet6.ip6.accept_rtadv` -eq 1 ] - then - ndp -I ${ipv6_default_interface} - fi - ;; - esac - ;; - esac -} - network6_getladdr() { ifconfig $1 2>/dev/null | while read proto addr rest; do Index: etc/rc.d/NETWORKING =================================================================== --- etc/rc.d/NETWORKING (revision 195133) +++ etc/rc.d/NETWORKING (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: NETWORKING NETWORK -# REQUIRE: netif netoptions routing network_ipv6 ppp ipfw +# REQUIRE: netif netoptions routing ppp ipfw stf faith # REQUIRE: defaultroute routed mrouted route6d mroute6d resolv # This is a dummy dependency, for services which require networking Index: etc/rc.d/network_ipv6 =================================================================== --- etc/rc.d/network_ipv6 (revision 195123) +++ etc/rc.d/network_ipv6 (working copy) @@ -1,126 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2000 The KAME Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# From: src/etc/rc.network6,v 1.29 2002/04/06 15:15:43 -# - -# PROVIDE: network_ipv6 -# REQUIRE: routing ip6fw -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="network_ipv6" -rcvar=`set_rcvar ipv6` -start_cmd="network_ipv6_start" - -network_ipv6_start() -{ - # disallow "internal" addresses to appear on the wire - route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject - route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject - - case ${ipv6_network_interfaces} in - [Aa][Uu][Tt][Oo]) - # Get a list of network interfaces - ipv6_network_interfaces="`ifconfig -l`" - ;; - [Nn][Oo][Nn][Ee]) - ipv6_network_interfaces='' - ;; - esac - - if checkyesno ipv6_gateway_enable; then - # act as a router - ${SYSCTL_W} net.inet6.ip6.forwarding=1 - ${SYSCTL_W} net.inet6.ip6.accept_rtadv=0 - - # wait for DAD - for i in $ipv6_network_interfaces; do - ifconfig $i up - done - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - else - # act as endhost - start with manual configuration - # Setup of net.inet6.ip6.accept_rtadv is done later by - # network6_interface_setup. - ${SYSCTL_W} net.inet6.ip6.forwarding=0 - fi - - if [ -n "${ipv6_network_interfaces}" ]; then - # Setup the interfaces - network6_interface_setup $ipv6_network_interfaces - - # wait for DAD's completion (for global addrs) - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - fi - - # Filter out interfaces on which IPv6 initialization failed. - if checkyesno ipv6_gateway_enable; then - ipv6_working_interfaces="" - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_working_interfaces="$i \ - ${ipv6_working_interfaces}" - ;; - esac - done - ipv6_network_interfaces=${ipv6_working_interfaces} - fi - - # Setup IPv6 to IPv4 mapping - network6_stf_setup - - # Install the "default interface" to kernel, which will be used - # as the default route when there's no router. - network6_default_interface_setup - - # Setup static routes - network6_static_routes_setup - - # Setup faith - network6_faith_setup - - # Support for IPv4 address tacked onto an IPv6 address - if checkyesno ipv6_ipv4mapping; then - echo 'IPv4 mapped IPv6 address support=YES' - ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null - else - echo 'IPv4 mapped IPv6 address support=NO' - ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null - fi -} - -load_rc_config $name -run_rc_command "$1" Index: etc/rc.d/devd =================================================================== --- etc/rc.d/devd (revision 195133) +++ etc/rc.d/devd (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: devd -# REQUIRE: netif network_ipv6 +# REQUIRE: netif # BEFORE: NETWORKING mountcritremote # KEYWORD: nojail shutdown Index: etc/rc.d/addswap =================================================================== --- etc/rc.d/addswap (revision 195133) +++ etc/rc.d/addswap (working copy) @@ -7,7 +7,6 @@ # PROVIDE: addswap # REQUIRE: FILESYSTEMS -# BEFORE: sysctl # KEYWORD: nojail . /etc/rc.subr Index: etc/rc.d/faith =================================================================== --- etc/rc.d/faith (revision 0) +++ etc/rc.d/faith (revision 0) @@ -0,0 +1,74 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: faith +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="faith" +start_cmd="faith_up" +stop_cmd="faith_down" + +faith_up() +{ + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + echo "Configuring faith0 interface: " + ${SYSCTL_W} net.inet6.ip6.keepfaith=1 + ifconfig faith0 create >/dev/null 2>&1 + ifconfig faith0 up + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 + route change -inet6 ${prefix} -prefixlen ${prefixlen} \ + -ifp faith0 + done + ifconfig faith0 + ;; + esac +} + +faith_down() +{ + echo "Removing faith0 interface." + ifconfig faith0 destroy + ${SYSCTL_W} net.inet6.ip6.keepfaith=0 + + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route delete -inet6 ${prefix} -prefixlen ${prefixlen} + done + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" Property changes on: etc/rc.d/faith ___________________________________________________________________ Added: svn:executable + * Index: etc/rc.d/sysctl =================================================================== --- etc/rc.d/sysctl (revision 195133) +++ etc/rc.d/sysctl (working copy) @@ -5,7 +5,7 @@ # PROVIDE: sysctl # REQUIRE: root -# BEFORE: DAEMON +# BEFORE: FILESYSTEMS . /etc/rc.subr Index: etc/rc.d/mroute6d =================================================================== --- etc/rc.d/mroute6d (revision 195133) +++ etc/rc.d/mroute6d (working copy) @@ -4,7 +4,8 @@ # # PROVIDE: mroute6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing +# BEFORE: NETWORKING # KEYWORD: nojail . /etc/rc.subr Index: etc/rc.d/stf =================================================================== --- etc/rc.d/stf (revision 0) +++ etc/rc.d/stf (revision 0) @@ -0,0 +1,77 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: stf +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="stf" +start_cmd="stf_up" +stop_cmd="stf_down" + +stf_up() +{ + case ${stf_interface_ipv4addr} in + [Nn][Oo] | '') + ;; + *) + # assign IPv6 addr and interface route for 6to4 interface + stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) + OIFS="$IFS" + IFS=".$IFS" + set ${stf_interface_ipv4addr} + IFS="$OIFS" + hexfrag1=`hexprint $(($1*256 + $2))` + hexfrag2=`hexprint $(($3*256 + $4))` + ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" + case ${stf_interface_ipv6_ifid} in + [Aa][Uu][Tt][Oo] | '') + for i in ${ipv6_network_interfaces}; do + laddr=`network6_getladdr ${i}` + case ${laddr} in + '') + ;; + *) + break + ;; + esac + done + stf_interface_ipv6_ifid=`expr "${laddr}" : \ + 'fe80::\(.*\)%\(.*\)'` + case ${stf_interface_ipv6_ifid} in + '') + stf_interface_ipv6_ifid=0:0:0:1 + ;; + esac + ;; + esac + echo "Configuring stf0 interface: " + ifconfig stf0 create >/dev/null 2>&1 + ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ + prefixlen ${stf_prefixlen} + ifconfig stf0 + # disallow packets to malicious 6to4 prefix + route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject + route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject + route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject + route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject + ;; + esac +} + +stf_down() +{ + echo "Removing stf0 interface." + ifconfig stf0 destroy + route delete -inet6 2002:e000:: -prefixlen 20 ::1 + route delete -inet6 2002:7f00:: -prefixlen 24 ::1 + route delete -inet6 2002:0000:: -prefixlen 24 ::1 + route delete -inet6 2002:ff00:: -prefixlen 24 ::1 +} + +load_rc_config $name +run_rc_command "$1" Property changes on: etc/rc.d/stf ___________________________________________________________________ Added: svn:executable + * Index: etc/rc.d/ip6addrctl =================================================================== --- etc/rc.d/ip6addrctl (revision 195133) +++ etc/rc.d/ip6addrctl (working copy) @@ -4,8 +4,8 @@ # # PROVIDE: ip6addrctl -# REQUIRE: FILESYSTEMS netif -# BEFORE: network_ipv6 +# REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr @@ -52,7 +52,7 @@ ip6addrctl install /etc/ip6addrctl.conf checkyesno ip6addrctl_verbose && ip6addrctl else - if checkyesno ipv6_enable; then + if checkyesno ipv6_prefer; then ip6addrctl_prefer_ipv6 else ip6addrctl_prefer_ipv4 Index: etc/rc.d/Makefile =================================================================== --- etc/rc.d/Makefile (revision 195133) +++ etc/rc.d/Makefile (working copy) @@ -4,13 +4,13 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ abi accounting addswap adjkerntz amd \ - apm apmd archdep atm1 atm2 atm3 auditd auto_linklocal \ + apm apmd archdep atm1 atm2 atm3 auditd \ bgfsck bluetooth bootparams bridge bsnmpd bthidd \ ccd cleanvar cleartmp cron \ ddb defaultroute devd devfs dhclient \ dmesg dumpon \ encswap \ - fsck ftp-proxy ftpd \ + faith fsck ftp-proxy ftpd \ gbde geli geli2 gssd \ hcsecd \ hostapd hostid hostname \ @@ -23,7 +23,7 @@ mixer motd mountcritlocal mountcritremote mountlate \ mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \ named natd netif netoptions \ - network_ipv6 newsyslog nfsclient nfscbd nfsd \ + newsyslog nfsclient nfscbd nfsd \ nfsserver nfsuserd nisdomain nsswitch ntpd ntpdate \ othermta \ pf pflog pfsync \ @@ -32,7 +32,7 @@ random rarpd resolv rfcomm_pppd_server root \ route6d routed routing rpcbind rtadvd rwho \ savecore sdpd securelevel sendmail \ - serial sppp statd swap1 \ + serial sppp statd stf swap1 \ syscons sysctl syslogd \ timed tmp \ ugidfw \ Index: etc/rc.d/route6d =================================================================== --- etc/rc.d/route6d (revision 195133) +++ etc/rc.d/route6d (working copy) @@ -4,22 +4,35 @@ # # PROVIDE: route6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing # KEYWORD: nojail . /etc/rc.subr name="route6d" - -# XXX - Executable may be in a different location. The $name variable -# is different from the variable in rc.conf(5) so the -# subroutines in rc.subr won't catch it. In this case, it -# is also needed by the eval statement in the FreeBSD conditional. -# +rcvar=`set_rcvar` load_rc_config $name -rcvar="ipv6_router_enable" -command="${ipv6_router:-/usr/sbin/${name}}" -eval ${name}_flags=\"${ipv6_router_flags}\" +case ${ipv6_router_enable} in +"") ;; +*) + warn "\$ipv6_router_enable is obsolete. Use \$route6d_enable instead." + route6d_enable=$ipv6_router_enable + ;; +esac +case ${ipv6_router} in +"") ;; +*) + warn "\$ipv6_router is obsolete. Use \$route6d_program instead." + route6d_program=$ipv6_router + ;; +esac +case ${router_flags} in +"") ;; +*) + warn "\$ipv6_router_flags is obsolete. Use \$route6d_flags instead." + route6d_flags=$ipv6_router_flags + ;; +esac run_rc_command "$1" Index: etc/rc.d/netoptions =================================================================== --- etc/rc.d/netoptions (revision 195133) +++ etc/rc.d/netoptions (working copy) @@ -5,10 +5,15 @@ # PROVIDE: netoptions # REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr +name="netoptions" +start_cmd="netoptions_start" +stop_cmd=: + _netoptions_initdone= netoptions_init() { @@ -18,75 +23,58 @@ fi } -load_rc_config 'XXX' +netoptions_start() +{ + if checkyesno log_in_vain; then + netoptions_init + echo -n " log_in_vain=${log_in_vain}" + ${SYSCTL_W} net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null + ${SYSCTL_W} net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null + fi -case ${log_in_vain} in -[Nn][Oo] | '') - log_in_vain=0 - ;; -[Yy][Ee][Ss]) - log_in_vain=1 - ;; -[0-9]*) - ;; -*) - netoptions_init - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; -esac + if checkyesno tcp_extensions; then + netoptions_init + echo -n ' rfc1323 extensions=NO' + ${SYSCTL_W} net.inet.tcp.rfc1323=0 >/dev/null + fi -if [ "${log_in_vain}" -ne 0 ]; then - netoptions_init - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null -fi + if ! checkyesno tcp_keepalive; then + netoptions_init + echo -n ' TCP keepalive=NO' + ${SYSCTL_W} net.inet.tcp.always_keepalive=0 >/dev/null + fi -case ${tcp_extensions} in -[Yy][Ee][Ss] | '') - ;; -*) - netoptions_init - echo -n ' tcp extensions=NO' - sysctl net.inet.tcp.rfc1323=0 >/dev/null - ;; -esac + if checkyesno tcp_drop_synfin; then + netoptions_init + echo -n ' drop SYN+FIN packets=YES' + ${SYSCTL_W} net.inet.tcp.drop_synfin=1 >/dev/null + fi -case ${tcp_keepalive} in -[Nn][Oo]) - netoptions_init - echo -n ' TCP keepalive=NO' - sysctl net.inet.tcp.always_keepalive=0 >/dev/null - ;; -esac + case ${ip_portrange_first} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_first=$ip_portrange_first" + ${SYSCTL_W} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null + ;; + esac -case ${tcp_drop_synfin} in -[Yy][Ee][Ss]) - netoptions_init - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null - ;; -esac + case ${ip_portrange_last} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_last=$ip_portrange_last" + ${SYSCTL_W} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null + ;; + esac -case ${ip_portrange_first} in -[Nn][Oo] | '') - ;; -*) - netoptions_init - echo -n " ip_portrange_first=$ip_portrange_first" - sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null - ;; -esac + if checkyesno ipv6_ipv4mapping; then + ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null + else + echo -n " no-ipv4-mapped-ipv6" + ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null + fi -case ${ip_portrange_last} in -[Nn][Oo] | '') - ;; -*) - netoptions_init - echo -n " ip_portrange_last=$ip_portrange_last" - sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null - ;; -esac + [ -n "${_netoptions_initdone}" ] && echo '.' +} -[ -n "${_netoptions_initdone}" ] && echo '.' +load_rc_config $name +run_rc_command $1 Index: etc/rc.d/auto_linklocal =================================================================== --- etc/rc.d/auto_linklocal (revision 195123) +++ etc/rc.d/auto_linklocal (working copy) @@ -1,33 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: auto_linklocal -# REQUIRE: root -# BEFORE: sysctl -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="auto_linklocal" -start_cmd="auto_linklocal_start" -stop_cmd=":" - -auto_linklocal_start() -{ - if ! checkyesno ipv6_enable && ${SYSCTL} net.inet6 > /dev/null 2>&1; then - if ! ${SYSCTL_W} net.inet6.ip6.auto_linklocal=0 >/dev/null 2>&1; then - warn "failed to set sysctl(8)" - return 1 - fi - laddr=`network6_getladdr lo0` - if [ -z "${laddr}" ]; then - ifconfig lo0 inet6 fe80::1 prefixlen 64 - fi - fi -} - -load_rc_config $name -run_rc_command "$1" Index: etc/rc.d/routed =================================================================== --- etc/rc.d/routed (revision 195133) +++ etc/rc.d/routed (working copy) @@ -10,13 +10,29 @@ . /etc/rc.subr name="routed" +rcvar=`set_rcvar` +load_rc_config $name -# XXX - Executable may be in a different location. The $name variable -# is different from the variable in rc.conf(5) so the -# subroutines in rc.subr won't catch it. -# -load_rc_config $name -rcvar="router_enable" -command="${router:-/sbin/${name}}" -eval ${name}_flags=\"${router_flags}\" +case ${router_enable} in +"") ;; +*) + warn "\$router_enable is obsolete. Use \$routed_enable instead." + routed_enable=$router_enable + ;; +esac +case ${router} in +"") ;; +*) + warn "\$router is obsolete. Use \$routed_program instead." + routed_program=$router + ;; +esac +case ${router_flags} in +"") ;; +*) + warn "\$router_flags is obsolete. Use \$routed_flags instead." + routed_flags=$router_flags + ;; +esac + run_rc_command "$1" Index: etc/rc.d/defaultroute =================================================================== --- etc/rc.d/defaultroute (revision 195133) +++ etc/rc.d/defaultroute (working copy) @@ -6,7 +6,7 @@ # # PROVIDE: defaultroute -# REQUIRE: devd netif network_ipv6 +# REQUIRE: devd netif # KEYWORD: nojail . /etc/rc.subr @@ -18,7 +18,7 @@ defaultroute_start() { - local output carrier nocarrier + local output carrier nocarrier nl # Return without waiting if we don't have dhcp interfaces or # if none of the dhcp interfaces is plugged in. @@ -41,6 +41,7 @@ if [ -n "${defif}" ]; then if [ ${delay} -ne ${defaultroute_delay} ]; then echo -n "($defif)" + nl=1 fi break fi @@ -49,11 +50,12 @@ else echo -n . fi + nl=1 sleep 1 delay=`expr $delay - 1` done - echo + [ -n "$nl" ] && echo } load_rc_config $name Index: etc/rc.d/rtadvd =================================================================== --- etc/rc.d/rtadvd (revision 195133) +++ etc/rc.d/rtadvd (working copy) @@ -40,10 +40,25 @@ # get a list of interfaces and enable it on them # case ${rtadvd_interfaces} in - '') + [Aa][Uu][Tt][Oo]|'') for i in `ifconfig -l` ; do case $i in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*|\ + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) continue ;; *) Index: etc/rc.d/routing =================================================================== --- etc/rc.d/routing (revision 195133) +++ etc/rc.d/routing (working copy) @@ -21,17 +21,75 @@ routing_start() { - static_start - options_start + static_start $* + options_start $* } routing_stop() { + static_stop $* route -n flush + for i in ${ipv6_network_interfaces}; do + ifconfig $i inet6 -defaultif + done } static_start() { + _af=$1 + + case ${_af} in + inet | ipv4 | ip4) + do_static ipv4 add + ;; + inet6 | ipv6 | ip6) + do_static ipv6 add + ;; + atm) + do_static atm add + ;; + *) + do_static ipv4 add + do_static ipv6 add + do_static atm add + ;; + esac +} + +static_stop() +{ + _af=$1 + + case ${_af} in + inet | ipv4 | ip4) + do_static ipv4 delete + ;; + inet6 | ipv6 | ip6) + do_static ipv6 delete + ;; + atm) + do_static atm delete + ;; + *) + do_static ipv4 delete + do_static ipv6 delete + do_static atm delete + ;; + esac +} + +do_static() +{ + _af=$1 + _action=$2 + + eval $1_static $2 +} + +ipv4_static() +{ + _action=$1 + case ${defaultrouter} in [Nn][Oo] | '') ;; @@ -41,20 +99,128 @@ ;; esac - # Setup static routes. This should be done before router discovery. - # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} + route_args=`get_if_var $i route_IF` + route ${_action} ${route_args} done fi - # Now ATM static routes - # +} + +ipv6_static() +{ + _action=$1 + + # disallow "internal" addresses to appear on the wire + route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="default ${ipv6_static_routes}" + ipv6_route_default="default ${ipv6_defaultrouter}" + ;; + esac + + if [ -n "${ipv6_static_routes}" ]; then + for i in ${ipv6_static_routes}; do + ipv6_route_args=`get_if_var $i ipv6_route_IF` + route ${_action} -inet6 ${route_args} + done + fi + + # Fixup $ipv6_network_interfaces + case ${ipv6_network_interfaces} in + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; + esac + + if checkyesno ipv6_gateway_enable; then + for i in ${ipv6_network_interfaces}; do + + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_working_interfaces="$i \ + ${ipv6_working_interfaces}" + ;; + esac + done + ipv6_network_interfaces=${ipv6_working_interfaces} + fi + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + case "${ipv6_default_interface}" in + [Nn][Oo] | [Nn][Oo][Nn][Ee]) + ipv6_default_interface="" + ;; + [Aa][Uu][Tt][Oo] | "") + for i in ${ipv6_network_interfaces}; do + case $i in + lo0|faith[0-9]*) + continue + ;; + esac + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_default_interface=$i + break + ;; + esac + done + ;; + esac + + # Disallow unicast packets without outgoing scope identifiers, + # or route such packets to a "default" interface, if it is specified. + route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject + + case ${ipv6_default_interface} in + '') + route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject + ;; + *) + laddr=`network6_getladdr ${ipv6_default_interface}` + route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface + + # Disable installing the default interface with the + # case net.inet6.ip6.forwarding=0 and + # the interface with no ND6_IFF_ACCEPT_RTADV + # to avoid conflict between the default router list and + # the manual configured default route. + if ! checkyesno ipv6_gateway_enable; then + ifconfig ${ipv6_default_interface} nd6 | \ + while read proto options + do + case "${proto}:${options}" in + nd6:*ACCEPT_RTADV*) + ifconfig ${ipv6_default_interface} inet6 defaultif + break + ;; + esac + done + fi + ;; + esac +} + +atm_static() +{ + _action=$1 + if [ -n "${natm_static_routes}" ]; then for i in ${natm_static_routes}; do - eval route_args=\$route_${i} - atmconfig natm add ${route_args} + route_args=`get_if_var $i route_IF` + atmconfig natm ${_action} ${route_args} done fi } @@ -70,72 +236,62 @@ options_start() { - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) + if checkyesno icmp_bmcastecho; then ropts_init echo -n ' broadcast ping responses=YES' sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac + fi - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_drop_redirect; then ropts_init echo -n ' ignore ICMP redirect=YES' sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac + fi - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_log_redirect; then ropts_init echo -n ' log ICMP redirect=YES' sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac + fi - case ${gateway_enable} in - [Yy][Ee][Ss]) + if checkyesno gateway_enable; then ropts_init - echo -n ' IP gateway=YES' + echo -n ' IPv4 gateway=YES' sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac + fi - case ${forward_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno ipv6_gateway_enable; then ropts_init + echo -n ' IPv6 gateway=YES' + sysctl net.inet6.ip6.forwarding=1 >/dev/null + fi + + if checkyesno forward_sourceroute; then + ropts_init echo -n ' do source routing=YES' sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac + fi - case ${accept_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno accept_sourceroute; then ropts_init echo -n ' accept source routing=YES' sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac + fi - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) + if checkyesno ipxgateway_enable; then ropts_init echo -n ' IPX gateway=YES' sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac + fi - case ${arpproxy_all} in - [Yy][Ee][Ss]) + if checkyesno arpproxy_all; then ropts_init echo -n ' ARP proxyall=YES' sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac + fi [ -n "${_ropts_initdone}" ] && echo '.' } load_rc_config $name -run_rc_command "$1" +run_rc_command $* Index: etc/defaults/rc.conf =================================================================== --- etc/defaults/rc.conf (revision 195123) +++ etc/defaults/rc.conf (working copy) @@ -196,6 +196,8 @@ ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. #ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. +#ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry +#ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias #ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. #wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device #wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlanddebug(8) @@ -360,9 +362,12 @@ static_routes="" # Set to static route list (or leave empty). natm_static_routes="" # Set to static route list for NATM (or leave empty). gateway_enable="NO" # Set to YES if this host will be a gateway. -router_enable="NO" # Set to YES to enable a routing daemon. -router="/sbin/routed" # Name of routing daemon to use if enabled. -router_flags="-q" # Flags for routing daemon. +routed_enable="NO" # Set to YES to enable a routing daemon. +#router_enable="NO" # (works but obsolete) +routed_program="/sbin/routed" # Name of routing daemon to use if enabled. +#router="/sbin/routed" # (works but obsolete) +routed_flags="-q" # Flags for routing daemon. +#router_flags="-q" # (works but obsolete) mrouted_enable="NO" # Do IPv4 multicast routing. mrouted_program="/usr/local/sbin/mrouted" # Name of IPv4 multicast # routing daemon. You need to @@ -417,8 +422,8 @@ icmp_bmcastecho="NO" # respond to broadcast ping packets ### IPv6 options: ### -ipv6_enable="NO" # Set to YES to set up for IPv6. -ipv6_network_interfaces="auto" # List of network interfaces (or "auto"). +ipv6_network_interfaces="none" # List of IPv6 network interfaces + # (or "auto" or "none"). ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). #ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) ipv6_static_routes="" # Set to static route list (or leave empty). @@ -426,20 +431,22 @@ # route toward loopback interface. #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway. -ipv6_router_enable="NO" # Set to YES to enable an IPv6 routing daemon. -ipv6_router="/usr/sbin/route6d" # Name of IPv6 routing daemon. -ipv6_router_flags="" # Flags to IPv6 routing daemon. -#ipv6_router_flags="-l" # Example for route6d with only IPv6 site local + +route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon. +#ipv6_router_enable="NO" # (works but obsolete) +route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon. +#ipv6_router="/usr/sbin/route6d" # (works but obsolete) +route6d_flags="" # Flags to IPv6 routing daemon. +#ipv6_router_flags="" # (works but obsolete) +#route6d_flags="-l" # Example for route6d with only IPv6 site local # addrs. -#ipv6_router_flags="-q" # If you want to run a routing daemon on an end +#route6d_flags="-q" # If you want to run a routing daemon on an end # node, you should stop advertisement. #ipv6_network_interfaces="ed0 ep0" # Examples for router # or static configuration for end node. # Choose correct prefix value. #ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr. #ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr. -#ipv6_ifconfig_ed0="fec0:0:0:5::1 prefixlen 64" # Sample manual assign entry -#ipv6_ifconfig_ed0_alias0="fec0:0:0:5::2 prefixlen 64" # Sample alias entry. ipv6_default_interface="NO" # Default output interface for scoped addrs. # Now this works only for IPv6 link local # multicast addrs. @@ -481,6 +488,7 @@ # for examples ip6addrctl_enable="YES" # Set to YES to enable default address selection ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages +ipv6_prefer="NO" # Use IPv6 when both IPv4 and IPv6 can be used ############################################################## ### System console options ################################# Index: share/man/man5/rc.conf.5 =================================================================== --- share/man/man5/rc.conf.5 (revision 195123) +++ share/man/man5/rc.conf.5 (working copy) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 10, 2009 +.Dd June 28, 2009 .Dt RC.CONF 5 .Os .Sh NAME @@ -344,11 +344,6 @@ .Xr dhclient 8 is used to set the hostname via DHCP, this variable should be set to an empty string. -.It Va ipv6_enable -.Pq Vt bool -Enable support for IPv6 networking. -Note that this requires that the kernel has been compiled with -.Cd "options INET6" . .It Va nisdomainname .Pq Vt str The NIS domain name of this host, or @@ -1251,28 +1246,45 @@ Instead of setting the ifconfig variables as .Va ifconfig_ Ns Aq Ar interface they should be set as -.Va ipv6_ifconfig_ Ns Aq Ar interface . +.Va ifconfig_ipv6_ Ns Aq Ar interface . Aliases should be set as -.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . +.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . .Va ipv6_prefix_ Ns Aq Ar interface does something. -Interfaces that do not have a -.Va ipv6_ifconfig_ Ns Aq Ar interface -setting will be auto configured by +Interfaces that have a +.Fl accept_rtadv +flag in +.Va ifconfig_ipv6_ Ns Aq Ar interface +setting will be automatically configured by .Xr rtsol 8 if the .Va ipv6_gateway_enable is set to .Dq Li NO . -Note that the IPv6 networking code does not support the -.Pa /etc/start_if. Ns Aq Ar interface -files. .It Va ipv6_default_interface .Pq Vt str If not set to .Dq Li NO , this is the default output interface for scoped addresses. Now this works only for IPv6 link local multicast addresses. +.It Va ip6addrctl_enable +.Pq Vt bool +If set to +.Dq Li YES , +install default address selection policy table +.Pq RFC 3484 . +If a file +.Pa /etc/ip6addrctl.conf +is found the +.Xr ip6addrctl 8 +reads and installs it. +If not, a pre-defined policy table will be installed. +There are two pre-defined ones; IPv4-preferred and IPv6-preferred. +If set +.Va ipv6_prefer +variable to +.Dq Li YES +the IPv6-preferred one is used. Default is IPv4-preferred. .It Va cloned_interfaces .Pq Vt str Set to the list of clonable network interfaces to create on this host. @@ -2284,48 +2296,48 @@ .Pq Vt bool The IPv6 equivalent of .Va gateway_enable . -.It Va router_enable +.It Va routed_enable .Pq Vt bool If set to .Dq Li YES , run a routing daemon of some sort, based on the settings of -.Va router +.Va routed_program and -.Va router_flags . -.It Va ipv6_router_enable +.Va routed_flags . +.It Va route6d_enable .Pq Vt bool The IPv6 equivalent of -.Va router_enable . +.Va routed_enable . If set to .Dq Li YES , run a routing daemon of some sort, based on the settings of -.Va ipv6_router +.Va route6d_program and -.Va ipv6_router_flags . -.It Va router +.Va route6d_flags . +.It Va routed_program .Pq Vt str If -.Va router_enable +.Va routed_enable is set to .Dq Li YES , this is the name of the routing daemon to use. -.It Va ipv6_router +.It Va route6d_program .Pq Vt str The IPv6 equivalent of -.Va router . -.It Va router_flags +.Va routed_program . +.It Va routed_flags .Pq Vt str If -.Va router_enable +.Va routed_enable is set to .Dq Li YES , these are the flags to pass to the routing daemon. -.It Va ipv6_router_flags +.It Va route6d_flags .Pq Vt str The IPv6 equivalent of -.Va router_flags . +.Va routed_flags . .It Va mrouted_enable .Pq Vt bool If set to ----Next_Part(Sun_Jun_28_19_43_42_2009_953)---- ----Security_Multipart0(Sun_Jun_28_19_43_42_2009_102)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEABECAAYFAkpHSV4ACgkQTyzT2CeTzy1XsgCfSdCbvhmEkulrDh6AXBmjb/LJ c7cAnjVmmljClEQwgA5S5LMlGHQ+y7zA =q3rG -----END PGP SIGNATURE----- ----Security_Multipart0(Sun_Jun_28_19_43_42_2009_102)----