Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 13 Sep 2010 19:55:40 +0000 (UTC)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r212579 - in head: . etc etc/defaults etc/rc.d share/man/man5
Message-ID:  <201009131955.o8DJteMC028747@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: hrs
Date: Mon Sep 13 19:55:40 2010
New Revision: 212579
URL: http://svn.freebsd.org/changeset/base/212579

Log:
  Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces.
  
  The $ip6addrctl_policy is a variable to choose a pre-defined address
  selection policy set by ip6addrctl(8).
  The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3,
  the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484,
  respectively.  When "AUTO" is specified, it attempts to read
  /etc/ip6addrctl.conf first.  If it is found, it reads and installs it as
  a policy table.  If not, either of the two pre-defined policy tables is
  chosen automatically according to $ipv6_activate_all_interfaces.
  
  When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding
  $ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.
  
  The default values are ip6addrctl_policy=AUTO and
  ipv6_activate_all_interfaces=NO.
  
  Discussed with:	ume and bz

Modified:
  head/UPDATING
  head/etc/defaults/rc.conf
  head/etc/network.subr
  head/etc/rc.d/ip6addrctl
  head/etc/rc.d/netif
  head/share/man/man5/rc.conf.5

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Mon Sep 13 19:53:54 2010	(r212578)
+++ head/UPDATING	Mon Sep 13 19:55:40 2010	(r212579)
@@ -23,6 +23,25 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 9.
 	ln -s aj /etc/malloc.conf.)
 
 20100913:
+	The $ipv6_prefer variable in rc.conf(5) has been split into
+	$ip6addrctl_policy and $ipv6_activate_all_interfaces.
+
+	The $ip6addrctl_policy is a variable to choose a pre-defined
+	address selection policy set by ip6addrctl(8).  A value
+	"ipv4_prefer", "ipv6_prefer" or "AUTO" can be specified.  The
+	default is "AUTO".
+
+	The $ipv6_activate_all_interfaces specifies whether IFDISABLED
+	flag (see an entry of 20090926) is set on an interface with no
+	corresponding $ifconfig_IF_ipv6 line.  The default is "NO" for
+	security reason.  If you want IPv6 link-local address on all
+	interfaces by default, set this to "YES".
+
+	The old ipv6_prefer="YES" is equivalent to
+	ipv6_activate_all_interfaces="YES" and
+	ip6addrctl_policy="ipv6_prefer".
+
+20100913:
 	DTrace has grown support for userland tracing. Due to this, DTrace is
 	now i386 and amd64 only.
 	dtruss(1) is now installed by default on those systems and a new

Modified: head/etc/defaults/rc.conf
==============================================================================
--- head/etc/defaults/rc.conf	Mon Sep 13 19:53:54 2010	(r212578)
+++ head/etc/defaults/rc.conf	Mon Sep 13 19:55:40 2010	(r212579)
@@ -446,6 +446,10 @@ icmp_bmcastecho="NO"	# respond to broadc
 ### IPv6 options: ###
 ipv6_network_interfaces="auto"	# List of IPv6 network interfaces
 				# (or "auto" or "none").
+ipv6_activate_all_interfaces="NO"	# If NO, interfaces which have no
+					# corresponding $ifconfig_IF_ipv6 is
+					# marked as IFDISABLED for security
+					# reason.
 ipv6_defaultrouter="NO"		# Set to IPv6 default gateway (or NO).
 #ipv6_defaultrouter="2002:c058:6301::"	# Use this for 6to4 (RFC 3068)
 ipv6_static_routes=""		# Set to static route list (or leave empty).
@@ -506,7 +510,8 @@ ipv6_ipfilter_rules="/etc/ipf6.rules"	# 
 					# for examples
 ip6addrctl_enable="YES"	# Set to YES to enable default address selection
 ip6addrctl_verbose="NO"	# Set to YES to enable verbose configuration messages
-ipv6_prefer="NO"	# Use IPv6 when both IPv4 and IPv6 can be used
+ip6addrctl_policy="AUTO"	# A pre-defined address selection policy
+				# (ipv4_prefer, ipv6_prefer, or AUTO)
 
 ##############################################################
 ###  System console options  #################################

Modified: head/etc/network.subr
==============================================================================
--- head/etc/network.subr	Mon Sep 13 19:53:54 2010	(r212578)
+++ head/etc/network.subr	Mon Sep 13 19:55:40 2010	(r212579)
@@ -100,7 +100,7 @@ ifconfig_up()
 				_ipv6_opts="-accept_rtadv"
 			fi
 		else
-			if checkyesno ipv6_prefer; then
+			if checkyesno ipv6_activate_all_interfaces; then
 				_ipv6_opts="-ifdisabled"
 			else
 				_ipv6_opts="ifdisabled"

Modified: head/etc/rc.d/ip6addrctl
==============================================================================
--- head/etc/rc.d/ip6addrctl	Mon Sep 13 19:53:54 2010	(r212578)
+++ head/etc/rc.d/ip6addrctl	Mon Sep 13 19:55:40 2010	(r212579)
@@ -19,8 +19,10 @@ extra_commands="status prefer_ipv6 prefe
 status_cmd="ip6addrctl"
 prefer_ipv6_cmd="ip6addrctl_prefer_ipv6"
 prefer_ipv4_cmd="ip6addrctl_prefer_ipv4"
+config_file="/etc/ip6addrctl.conf"
 
-set_rcvar_obsolete ipv6_enable ipv6_prefer
+set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces
+set_rcvar_obsolete ipv6_prefer ip6addrctl_policy
 
 ip6addrctl_prefer_ipv6()
 {
@@ -53,17 +55,40 @@ ip6addrctl_start()
 	afexists inet6 || return 0
 
 	# install the policy of the address selection algorithm.
-	if [ -f /etc/ip6addrctl.conf ]; then
-		ip6addrctl flush >/dev/null 2>&1
-		ip6addrctl install /etc/ip6addrctl.conf
-		checkyesno ip6addrctl_verbose && ip6addrctl
-	else
-		if checkyesno ipv6_prefer; then
-			ip6addrctl_prefer_ipv6
+	case "${ip6addrctl_policy}" in
+	[Aa][Uu][Tt][Oo])
+		if [ -r "${config_file}" -a -s "${config_file}" ]; then
+			ip6addrctl flush >/dev/null 2>&1
+			ip6addrctl install "${config_file}"
+			checkyesno ip6addrctl_verbose && ip6addrctl
 		else
-			ip6addrctl_prefer_ipv4
+			if checkyesno ipv6_activate_all_interfaces; then
+				ip6addrctl_prefer_ipv6
+			else
+				ip6addrctl_prefer_ipv4
+			fi
 		fi
-	fi
+	;;
+	ipv4_prefer)
+		ip6addrctl_prefer_ipv4
+	;;
+	ipv6_prefer)
+		ip6addrctl_prefer_ipv6
+	;;
+	[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+		# Backward compatibility when ipv6_prefer=YES
+		ip6addrctl_prefer_ipv6
+	;;
+	[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
+		# Backward compatibility when ipv6_prefer=NO
+		ip6addrctl_prefer_ipv4
+	;;
+	*)
+		warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \
+		    " \"ipv4_prefer\" is used instead."
+		ip6addrctl_prefer_ipv4
+	;;
+	esac
 }
 
 ip6addrctl_stop()

Modified: head/etc/rc.d/netif
==============================================================================
--- head/etc/rc.d/netif	Mon Sep 13 19:53:54 2010	(r212578)
+++ head/etc/rc.d/netif	Mon Sep 13 19:55:40 2010	(r212579)
@@ -41,7 +41,8 @@ clonedown_cmd="clone_down"
 extra_commands="cloneup clonedown"
 cmdifn=
 
-set_rcvar_obsolete ipv6_enable ipv6_prefer
+set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces
+set_rcvar_obsolete ipv6_prefer
 
 network_start()
 {

Modified: head/share/man/man5/rc.conf.5
==============================================================================
--- head/share/man/man5/rc.conf.5	Mon Sep 13 19:53:54 2010	(r212578)
+++ head/share/man/man5/rc.conf.5	Mon Sep 13 19:55:40 2010	(r212579)
@@ -1269,41 +1269,49 @@ If the variable is
 is added to all of
 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
 and the
-.Va ipv6_prefer
+.Va ipv6_activate_all_interfaces
 is defined as
 .Dq Li YES .
 .Pp
 This variable is deprecated.  Use
-.Va ipv6_prefer
+.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
 and
-.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 .
+.Va ipv6_activate_all_interfaces
+if necessary.
 .It Va ipv6_prefer
 .Pq Vt bool
-This variable does the following:
-.Pp
 If the variable is
 .Dq Li YES ,
-the default policy of the source address selection set by
+the default address selection policy table set by
 .Xr ip6addrctl 8
 will be IPv6-preferred.
 .Pp
 If the variable is
 .Dq Li NO ,
-the default policy of the source address selection set by
+the default address selection policy table set by
 .Xr ip6addrctl 8
-will be IPv4-preferred, and all of interfaces which does not have the
-corrsponding
+will be IPv4-preferred.
+.Pp
+This variable is deprecated.  Use
+.Va ip6addtctl_policy
+instead.
+.It Va ipv6_activate_all_interfaces
+If the variable is
+.Dq Li NO ,
+all of interfaces which do not have the corrsponding
 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
 variable will be marked as
-.Dq Li IFDISABLED .
-This means only IPv6 functionality on that interface is completely
-disabled.  For more details of
+.Dq Li IFDISABLED
+for security reason.  This means only IPv6 functionality on that interface
+is completely disabled.  For more details of
 .Dq Li IFDISABLED
 flag and keywords
 .Dq Li inet6 ifdisabled ,
 see
 .Xr ifconfig 8 .
 .Pp
+Default is
+.Dq Li NO .
 .It Va ipv6_privacy
 .Pq Vt bool
 If the variable is
@@ -1316,6 +1324,8 @@ This is the IPv6 equivalent of
 .Va network_interfaces .
 Normally manual configuration of this variable is not needed.
 .Pp
+.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
+.Pq Vt str
 IPv6 functionality on an interface should be configured by
 .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
 instead of setting ifconfig parameters in
@@ -1354,22 +1364,52 @@ this is the default output interface for
 This works only with ipv6_gateway_enable="NO".
 .It Va ip6addrctl_enable
 .Pq Vt bool
-If set to
-.Dq Li YES ,
-install default address selection policy table
+This variable is to enable configuring default address selection policy table
 .Pq RFC 3484 .
-If a file
+The table can be specified in another variable
+.Va ip6addrctl_policy .
+For
+.Va ip6addrctl_policy
+the following keywords can be specified:
+.Dq Li ipv4_prefer ,
+.Dq Li ipv6_prefer ,
+or
+.Dq Li AUTO .
+.Pp
+If
+.Dq Li ipv4_prefer
+or
+.Dq Li ipv6_prefer
+is specified,
+.Xr ip6addrctl 8
+installs a pre-defined policy table described in Section 2.1
+.Pq IPv6-preferred
+or 10.3
+.Pq IPv4-preferred
+of RFC 3484.
+.Pp
+If
+.Dq Li AUTO
+is specified, it attempts to read a file
 .Pa /etc/ip6addrctl.conf
-is found the
+first.  If this file is found,
 .Xr ip6addrctl 8
-reads and installs it.
-If not, a pre-defined policy table will be installed.
-There are two pre-defined ones; IPv4-preferred and IPv6-preferred.
-If set
-.Va ipv6_prefer
-variable to
+reads and installs it.  If not found, a policy is automatically set
+according to
+.Va ipv6_activate_all_interfaces
+variable; if the variable is set to
+.Dq Li YES
+the IPv6-preferred one is used.  Otherwise IPv4-preferred.
+.Pp
+The default value of
+.Va ip6addrctl_enable
+and
+.Va ip6addrctl_policy
+are
 .Dq Li YES
-the IPv6-preferred one is used. Default is IPv4-preferred.
+and
+.Dq Li AUTO ,
+respectively.
 .It Va cloned_interfaces
 .Pq Vt str
 Set to the list of clonable network interfaces to create on this host.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009131955.o8DJteMC028747>