Index: UPDATING =================================================================== --- UPDATING (revision 197763) +++ UPDATING (working copy) @@ -15,6 +15,57 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.x IS SLOW debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20091005: + The rc.d/network_ipv6, IPv6 configuration script has been integrated + into rc.d/netif. The changes are the following: + + 1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF + for IPv4. For aliases, $ifconfig_IF_aliasN should be used. + Note that both variables need the "inet6" keyword at the head. + + Do not set $ipv6_network_interfaces manually if you do not + understand what you are doing. It is not needed in most cases. + + $ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but + they are obsolete. + + 2. $ipv6_enable is obsolete. Use $ipv6_prefer and + "inet6 accept_rtadv" keyword in ifconfig(8) instead. + + If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and + all configured interfaces have "inet6 accept_rtadv" in the + $ifconfig_IF_ipv6. These are for backward compatibility. + + 3. A new variable $ipv6_prefer has been added. If NO, IPv6 + functionality of interfaces with no corresponding + $ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag, + and the default address selection policy of ip6addrctl(8) + is the IPv4-preferred one (see rc.d/ip6addrctl for more details). + Note that if you want to configure IPv6 functionality on the + disabled interfaces after boot, first you need to clear the flag by + using ifconfig(8) like: + + ifconfig em0 inet6 -ifdisabled + + If YES, the default address selection policy is set as + IPv6-preferred. + + The default value of $ipv6_prefer is NO. + + 4. If your system need to receive Router Advertisement messages, + define "inet6 accept_rtadv" in $ifconfig_IF_ipv6. The rc(8) + scripts automatically invoke rtsol(8) when the interface becomes + UP. The Router Advertisement messages are used for SLAAC + (State-Less Address AutoConfiguration). + +20091005: + A sysctl variable net.inet6.ip6.accept_rtadv now sets the default value + of a per-interface flag ND6_IFF_ACCEPT_RTADV, not a global knob to + control whether accepting Router Advertisement messages or not. + Also, a per-interface flag ND6_IFF_AUTO_LINKLOCAL has been added and + a sysctl variable net.inet6.ip6.auto_linklocal is its default value. + The ifconfig(8) utility now supports these flags. + 20090929: 802.11s D3.03 support was committed. This is incompatible with the previous code, which was based on D3.0. Property changes on: UPDATING ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/UPDATING:r197526 Property changes on: sys ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sys:r197138,197526,197703 Property changes on: sys/dev/xen/xenpci ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sys/dev/xen/xenpci:r197138,197526,197703 Index: sys/netinet6/in6_ifattach.c =================================================================== --- sys/netinet6/in6_ifattach.c (revision 197763) +++ sys/netinet6/in6_ifattach.c (working copy) @@ -750,14 +750,17 @@ in6_ifattach(struct ifnet *ifp, struct ifnet *alti /* * assign a link-local address, if there's none. */ - if (V_ip6_auto_linklocal && ifp->if_type != IFT_BRIDGE) { + if (ifp->if_type != IFT_BRIDGE && + ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL) { + int error; + ia = in6ifa_ifpforlinklocal(ifp, 0); if (ia == NULL) { - if (in6_ifattach_linklocal(ifp, altifp) == 0) { - /* linklocal address assigned */ - } else { - /* failed to assign linklocal address. bark? */ - } + error = in6_ifattach_linklocal(ifp, altifp); + if (error) + log(LOG_NOTICE, "in6_ifattach_linklocal: " + "failed to add a link-local addr to %s\n", + if_name(ifp)); } else ifa_free(&ia->ia_ifa); } Index: sys/netinet6/in6_proto.c =================================================================== --- sys/netinet6/in6_proto.c (revision 197763) +++ sys/netinet6/in6_proto.c (working copy) @@ -497,7 +497,9 @@ SYSCTL_VNET_STRUCT(_net_inet6_ip6, IPV6CTL_STATS, SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_MAXFRAGPACKETS, maxfragpackets, CTLFLAG_RW, &VNET_NAME(ip6_maxfragpackets), 0, ""); SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_ACCEPT_RTADV, accept_rtadv, - CTLFLAG_RW, &VNET_NAME(ip6_accept_rtadv), 0, ""); + CTLFLAG_RW, &VNET_NAME(ip6_accept_rtadv), 0, + "Default value of per-interface flag for accepting ICMPv6 Router" + "Advertisement messages"); SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_KEEPFAITH, keepfaith, CTLFLAG_RW, &VNET_NAME(ip6_keepfaith), 0, ""); SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_LOG_INTERVAL, log_interval, @@ -527,7 +529,9 @@ SYSCTL_VNET_PROC(_net_inet6_ip6, IPV6CTL_TEMPVLTIM SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_V6ONLY, v6only, CTLFLAG_RW, &VNET_NAME(ip6_v6only), 0, ""); SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_AUTO_LINKLOCAL, auto_linklocal, - CTLFLAG_RW, &VNET_NAME(ip6_auto_linklocal), 0, ""); + CTLFLAG_RW, &VNET_NAME(ip6_auto_linklocal), 0, + "Default value of per-interface flag for automatically adding an IPv6" + " link-local address to interfaces when attached"); SYSCTL_VNET_STRUCT(_net_inet6_ip6, IPV6CTL_RIP6STATS, rip6stats, CTLFLAG_RD, &VNET_NAME(rip6stat), rip6stat, ""); SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_PREFER_TEMPADDR, prefer_tempaddr, Index: sys/netinet6/nd6.c =================================================================== --- sys/netinet6/nd6.c (revision 197763) +++ sys/netinet6/nd6.c (working copy) @@ -70,6 +70,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -212,13 +213,17 @@ nd6_ifattach(struct ifnet *ifp) nd->basereachable = REACHABLE_TIME; nd->reachable = ND_COMPUTE_RTIME(nd->basereachable); nd->retrans = RETRANS_TIMER; - /* - * Note that the default value of ip6_accept_rtadv is 0, which means - * we won't accept RAs by default even if we set ND6_IFF_ACCEPT_RTADV - * here. - */ - nd->flags = (ND6_IFF_PERFORMNUD | ND6_IFF_ACCEPT_RTADV); + nd->flags = ND6_IFF_PERFORMNUD; + + /* A loopback interface always has ND6_IFF_AUTO_LINKLOCAL. */ + if (V_ip6_auto_linklocal || (ifp->if_flags & IFF_LOOPBACK)) + nd->flags |= ND6_IFF_AUTO_LINKLOCAL; + + /* A loopback interface does not need to accept RTADV. */ + if (V_ip6_accept_rtadv && !(ifp->if_flags & IFF_LOOPBACK)) + nd->flags |= ND6_IFF_ACCEPT_RTADV; + /* XXX: we cannot call nd6_setmtu since ifp is not fully initialized */ nd6_setmtu0(ifp, nd); @@ -843,13 +848,9 @@ nd6_purge(struct ifnet *ifp) if (V_nd6_defifindex == ifp->if_index) nd6_setdefaultiface(0); - if (!V_ip6_forwarding && V_ip6_accept_rtadv) { /* XXX: too restrictive? */ - /* refresh default router list - * - * - */ + if (!V_ip6_forwarding && ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { + /* Refresh default router list. */ defrouter_select(); - } /* XXXXX @@ -1296,6 +1297,69 @@ nd6_ioctl(u_long cmd, caddr_t data, struct ifnet * ND_IFINFO(ifp)->chlim = ND.chlim; /* FALLTHROUGH */ case SIOCSIFINFO_FLAGS: + { + struct ifaddr *ifa; + struct in6_ifaddr *ia; + + if ((ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && + !(ND.flags & ND6_IFF_IFDISABLED)) { + /* ifdisabled 1->0 transision */ + + /* + * If the interface is marked as ND6_IFF_IFDISABLED and + * has an link-local address with IN6_IFF_DUPLICATED, + * do not clear ND6_IFF_IFDISABLED. + * See RFC 4862, Section 5.4.5. + */ + int duplicated_linklocal = 0; + + IF_ADDR_LOCK(ifp); + TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { + if (ifa->ifa_addr->sa_family != AF_INET6) + continue; + ia = (struct in6_ifaddr *)ifa; + if ((ia->ia6_flags & IN6_IFF_DUPLICATED) && + IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) { + duplicated_linklocal = 1; + break; + } + } + IF_ADDR_UNLOCK(ifp); + + if (duplicated_linklocal) { + ND.flags |= ND6_IFF_IFDISABLED; + log(LOG_ERR, "Cannot enable an interface" + " with a link-local address marked" + " duplicate.\n"); + } else { + ND_IFINFO(ifp)->flags &= ~ND6_IFF_IFDISABLED; + in6_if_up(ifp); + } + } else if (!(ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) && + (ND.flags & ND6_IFF_IFDISABLED)) { + /* ifdisabled 0->1 transision */ + /* Mark all IPv6 address as tentative. */ + + ND_IFINFO(ifp)->flags |= ND6_IFF_IFDISABLED; + IF_ADDR_LOCK(ifp); + TAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { + if (ifa->ifa_addr->sa_family != AF_INET6) + continue; + ia = (struct in6_ifaddr *)ifa; + ia->ia6_flags |= IN6_IFF_TENTATIVE; + } + IF_ADDR_UNLOCK(ifp); + } + + if (!(ND_IFINFO(ifp)->flags & ND6_IFF_AUTO_LINKLOCAL) && + (ND.flags & ND6_IFF_AUTO_LINKLOCAL)) { + /* auto_linklocal 0->1 transision */ + + /* If no link-local address on ifp, configure */ + ND_IFINFO(ifp)->flags |= ND6_IFF_AUTO_LINKLOCAL; + in6_ifattach(ifp, NULL); + } + } ND_IFINFO(ifp)->flags = ND.flags; break; #undef ND @@ -1633,7 +1697,8 @@ nd6_cache_lladdr(struct ifnet *ifp, struct in6_add * for those are not autoconfigured hosts, we explicitly avoid such * cases for safety. */ - if (do_update && router && !V_ip6_forwarding && V_ip6_accept_rtadv) { + if (do_update && router && !V_ip6_forwarding && + ND_IFINFO(ifp)->flags & ND6_IFF_ACCEPT_RTADV) { /* * guaranteed recursion */ Index: sys/netinet6/nd6_nbr.c =================================================================== --- sys/netinet6/nd6_nbr.c (revision 197763) +++ sys/netinet6/nd6_nbr.c (working copy) @@ -1198,6 +1198,8 @@ nd6_dad_start(struct ifaddr *ifa, int delay) if (!(ifa->ifa_ifp->if_flags & IFF_UP)) { return; } + if (ND_IFINFO(ifa->ifa_ifp)->flags & ND6_IFF_IFDISABLED) + return; if (nd6_dad_find(ifa) != NULL) { /* DAD already in progress */ return; @@ -1402,7 +1404,7 @@ nd6_dad_duplicated(struct ifaddr *ifa) * identifier based on the hardware address which is supposed to be * uniquely assigned (e.g., EUI-64 for an Ethernet interface), IP * operation on the interface SHOULD be disabled. - * [rfc2462bis-03 Section 5.4.5] + * [RFC 4862, Section 5.4.5] */ if (IN6_IS_ADDR_LINKLOCAL(&ia->ia_addr.sin6_addr)) { struct in6_addr in6; Index: sys/netinet6/nd6.h =================================================================== --- sys/netinet6/nd6.h (revision 197763) +++ sys/netinet6/nd6.h (working copy) @@ -84,6 +84,7 @@ struct nd_ifinfo { * DAD failure. (XXX: not ND-specific) */ #define ND6_IFF_DONT_SET_IFROUTE 0x10 +#define ND6_IFF_AUTO_LINKLOCAL 0x20 #define ND6_CREATE LLE_CREATE #define ND6_EXCLUSIVE LLE_EXCLUSIVE Index: sys/netinet6/in6.c =================================================================== --- sys/netinet6/in6.c (revision 197763) +++ sys/netinet6/in6.c (working copy) @@ -918,6 +918,10 @@ in6_update_ifa(struct ifnet *ifp, struct in6_alias if (hostIsNew && in6if_do_dad(ifp)) ia->ia6_flags |= IN6_IFF_TENTATIVE; + /* DAD should be performed after ND6_IFF_IFDISABLED is cleared. */ + if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) + ia->ia6_flags |= IN6_IFF_TENTATIVE; + /* * We are done if we have simply modified an existing address. */ @@ -955,7 +959,7 @@ in6_update_ifa(struct ifnet *ifp, struct in6_alias * being configured. It also means delaying * transmission of the corresponding MLD report to * avoid report collision. - * [draft-ietf-ipv6-rfc2462bis-02.txt] + * [RFC 4861, Section 6.3.7] */ delay = arc4random() % (MAX_RTR_SOLICITATION_DELAY * hz); @@ -2163,6 +2167,9 @@ in6if_do_dad(struct ifnet *ifp) if ((ifp->if_flags & IFF_LOOPBACK) != 0) return (0); + if (ND_IFINFO(ifp)->flags & ND6_IFF_IFDISABLED) + return (0); + switch (ifp->if_type) { #ifdef IFT_DUMMY case IFT_DUMMY: Index: sys/netinet6/ip6_input.c =================================================================== --- sys/netinet6/ip6_input.c (revision 197763) +++ sys/netinet6/ip6_input.c (working copy) @@ -175,7 +175,7 @@ ip6_init(void) #ifdef IP6_AUTO_LINKLOCAL V_ip6_auto_linklocal = IP6_AUTO_LINKLOCAL; #else - V_ip6_auto_linklocal = 1; /* enable by default */ + V_ip6_auto_linklocal = 1; /* enabled by default */ #endif TUNABLE_INT_FETCH("net.inet6.ip6.auto_linklocal", &V_ip6_auto_linklocal); @@ -196,7 +196,7 @@ ip6_init(void) V_ip6_sendredirects = IPV6_SENDREDIRECTS; V_ip6_defhlim = IPV6_DEFHLIM; V_ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS; - V_ip6_accept_rtadv = 0; /* "IPV6FORWARDING ? 0 : 1" is dangerous */ + V_ip6_accept_rtadv = 0; V_ip6_log_interval = 5; V_ip6_hdrnestlimit = 15; /* How many header options will we process? */ V_ip6_dad_count = 1; /* DupAddrDetectionTransmits */ Index: sys/netinet6/nd6_rtr.c =================================================================== --- sys/netinet6/nd6_rtr.c (revision 197763) +++ sys/netinet6/nd6_rtr.c (working copy) @@ -126,7 +126,7 @@ nd6_rs_input(struct mbuf *m, int off, int icmp6len char ip6bufs[INET6_ADDRSTRLEN], ip6bufd[INET6_ADDRSTRLEN]; /* If I'm not a router, ignore it. */ - if (V_ip6_accept_rtadv != 0 || V_ip6_forwarding != 1) + if (!V_ip6_forwarding) goto freeit; /* Sanity checks */ @@ -212,13 +212,11 @@ nd6_ra_input(struct mbuf *m, int off, int icmp6len /* * We only accept RAs only when - * the system-wide variable allows the acceptance, and + * the node is not a router and * per-interface variable allows RAs on the receiving interface. */ - if (V_ip6_accept_rtadv == 0) + if (V_ip6_forwarding || !(ndi->flags & ND6_IFF_ACCEPT_RTADV)) goto freeit; - if (!(ndi->flags & ND6_IFF_ACCEPT_RTADV)) - goto freeit; if (ip6->ip6_hlim != 255) { nd6log((LOG_ERR, @@ -557,7 +555,7 @@ defrtrlist_del(struct nd_defrouter *dr) * Flush all the routing table entries that use the router * as a next hop. */ - if (!V_ip6_forwarding && V_ip6_accept_rtadv) /* XXX: better condition? */ + if (!V_ip6_forwarding) rt6_flush(&dr->rtaddr, dr->ifp); if (dr->installed) { @@ -621,10 +619,10 @@ defrouter_select(void) * if the node is not an autoconfigured host, we explicitly exclude * such cases here for safety. */ - if (V_ip6_forwarding || !V_ip6_accept_rtadv) { + if (V_ip6_forwarding) { nd6log((LOG_WARNING, - "defrouter_select: called unexpectedly (forwarding=%d, " - "accept_rtadv=%d)\n", V_ip6_forwarding, V_ip6_accept_rtadv)); + "defrouter_select: called unexpectedly (forwarding=%d)\n", + V_ip6_forwarding)); splx(s); return; } Property changes on: sys/contrib/pf ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sys/contrib/pf:r197138,197526,197703 Property changes on: sys/contrib/dev/acpica ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sys/contrib/dev/acpica:r197138,197526,197703 Property changes on: sys/cddl/contrib/opensolaris ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sys/cddl/contrib/opensolaris:r197138,197526,197703 Property changes on: sys/amd64/include/xen ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sys/amd64/include/xen:r197138,197526,197703 Property changes on: etc ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/etc:r197139-197140,197143-197144,197146-197147,197526-197528,197697-197699,197701-197702,197719 Index: etc/network.subr =================================================================== --- etc/network.subr (revision 197763) +++ etc/network.subr (working copy) @@ -31,8 +31,8 @@ # # ifn_start ifn -# Bring up and configure an interface. If some configuration is applied -# print the interface configuration. +# Bring up and configure an interface. If some configuration is +# applied print the interface configuration. # ifn_start() { @@ -45,15 +45,16 @@ ifn_start() ifscript_up ${ifn} && cfg=0 ifconfig_up ${ifn} && cfg=0 ipv4_up ${ifn} && cfg=0 + ipv6_up ${ifn} && cfg=0 ipx_up ${ifn} && cfg=0 - childif_create ${ifn} + childif_create ${ifn} && cfg=0 return $cfg } -# ifn_start ifn -# Shutdown and de-configure an interface. If action is taken print the -# interface name. +# ifn_stop ifn +# Shutdown and de-configure an interface. If action is taken +# print the interface name. # ifn_stop() { @@ -61,13 +62,14 @@ ifn_stop() ifn="$1" cfg=1 - [ -z "$ifn" ] && return 1 + [ -z "$ifn" ] && err 1 "ifn_stop called without an interface" ipx_down ${ifn} && cfg=0 + ipv6_down ${ifn} && cfg=0 ipv4_down ${ifn} && cfg=0 ifconfig_down ${ifn} && cfg=0 ifscript_down ${ifn} && cfg=0 - childif_destroy ${ifn} + childif_destroy ${ifn} && cfg=0 return $cfg } @@ -81,15 +83,64 @@ ifn_stop() # ifconfig_up() { + local _cfg _ipv6_opts ifconfig_args _cfg=1 + # ifconfig_IF ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then ifconfig $1 ${ifconfig_args} - ifconfig $1 up _cfg=0 fi + # inet6 specific + if afexists inet6; then + if ipv6if $1; then + if checkyesno ipv6_gateway_enable; then + _ipv6_opts="-accept_rtadv" + fi + else + if checkyesno ipv6_prefer; then + _ipv6_opts="-ifdisabled" + else + _ipv6_opts="ifdisabled" + fi + + # backward compatibility: $ipv6_enable + case $ipv6_enable in + [Yy][Ee][Ss]) + _ipv6_opts="${_ipv6_opts} accept_rtadv" + ;; + esac + fi + + if [ -n "${_ipv6_opts}" ]; then + ifconfig $1 inet6 ${_ipv6_opts} + fi + + # ifconfig_IF_ipv6 + ifconfig_args=`ifconfig_getargs $1 ipv6` + if [ -n "${ifconfig_args}" ]; then + ifconfig $1 inet6 -ifdisabled + ifconfig $1 ${ifconfig_args} + _cfg=0 + fi + + # backward compatiblity: $ipv6_ifconfig_IF + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` + if [ -n "${ifconfig_args}" ]; then + warn "\$ipv6_ifconfig_$1 is obsolete." \ + " Use ifconfig_$1_ipv6 instead." + ifconfig $1 inet6 -ifdisabled + ifconfig $1 inet6 ${ifconfig_args} + _cfg=0 + fi + fi + + if [ ${_cfg} -eq 0 ]; then + ifconfig $1 up + fi + if wpaif $1; then /etc/rc.d/wpa_supplicant start $1 _cfg=0 # XXX: not sure this should count @@ -114,7 +165,7 @@ ifconfig_up() # ifconfig_down() { - [ -z "$1" ] && return 1 + local _cfg _cfg=1 if wpaif $1; then @@ -136,13 +187,15 @@ ifconfig_down() } # get_if_var if var [default] -# Return the value of the pseudo-hash corresponding to $if where -# $var is a string containg the sub-string "IF" which will be -# replaced with $if after the characters defined in _punct are -# replaced with '_'. If the variable is unset, replace it with -# $default if given. +# Return the value of the pseudo-hash corresponding to $if where +# $var is a string containg the sub-string "IF" which will be +# replaced with $if after the characters defined in _punct are +# replaced with '_'. If the variable is unset, replace it with +# $default if given. get_if_var() { + local _if _punct _var _default prefix suffix + if [ $# -ne 2 -a $# -ne 3 ]; then err 3 'USAGE: get_if_var name var [default]' fi @@ -160,26 +213,30 @@ get_if_var() eval echo \${${prefix}${_if}${suffix}-${_default}} } -# _ifconfig_getargs if +# _ifconfig_getargs if [af] # Echos the arguments for the supplied interface to stdout. # returns 1 if empty. In general, ifconfig_getargs should be used # outside this file. _ifconfig_getargs() { + local _ifn _af _ifn=$1 + _af=${2+_$2} + if [ -z "$_ifn" ]; then return 1 fi - get_if_var $_ifn ifconfig_IF "$ifconfig_DEFAULT" + get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" } -# ifconfig_getargs if +# ifconfig_getargs if [af] # Takes the result from _ifconfig_getargs and removes pseudo # args such as DHCP and WPA. ifconfig_getargs() { - _tmpargs=`_ifconfig_getargs $1` + local _tmpargs _arg _args + _tmpargs=`_ifconfig_getargs $1 $2` if [ $? -eq 1 ]; then return 1 fi @@ -206,7 +263,9 @@ ifconfig_getargs() # boot time and 1 otherwise. autoif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Aa][Uu][Tt][Oo]) @@ -214,6 +273,7 @@ autoif() ;; esac done + return 0 } @@ -221,7 +281,9 @@ autoif() # Returns 0 if the interface is a DHCP interface and 1 otherwise. dhcpif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Dd][Hh][Cc][Pp]) @@ -235,6 +297,7 @@ dhcpif() ;; esac done + return 1 } @@ -243,7 +306,9 @@ dhcpif() # 1 otherwise. syncdhcpif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) @@ -254,18 +319,17 @@ syncdhcpif() ;; esac done - if checkyesno synchronous_dhclient; then - return 0 - else - return 1 - fi + + checkyesno synchronous_dhclient } # wpaif if # Returns 0 if the interface is a WPA interface and 1 otherwise. wpaif() { + local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + for _arg in $_tmpargs; do case $_arg in [Ww][Pp][Aa]) @@ -273,17 +337,98 @@ wpaif() ;; esac done + return 1 } +# afexists af +# Returns 0 if the address family is enabled in the kernel +# 1 otherwise. +afexists() +{ + local _af + _af=$1 + + case ${_af} in + inet) + ${SYSCTL_N} net.inet > /dev/null 2>&1 + ;; + inet6) + ${SYSCTL_N} net.inet6 > /dev/null 2>&1 + ;; + ipx) + ${SYSCTL_N} net.ipx > /dev/null 2>&1 + ;; + atm) + if [ -x /sbin/atmconfig ]; then + /sbin/atmconfig diag list > /dev/null 2>&1 + else + return 1 + fi + ;; + *) + err 1 "afexists(): Unsupported address family: $_af" + ;; + esac +} + +# noafif if +# Returns 0 if the interface has no af configuration and 1 otherwise. +noafif() +{ + local _if + _if=$1 + + case $_if in + pflog[0-9]*|\ + pfsync[0-9]*|\ + an[0-9]*|\ + ath[0-9]*|\ + ipw[0-9]*|\ + iwi[0-9]*|\ + iwn[0-9]*|\ + ral[0-9]*|\ + wi[0-9]*|\ + wl[0-9]*|\ + wpi[0-9]*) + return 0 + ;; + esac + + return 1 +} + # ipv6if if # Returns 0 if the interface should be configured for IPv6 and # 1 otherwise. ipv6if() { - if ! checkyesno ipv6_enable; then + local _if _tmpargs i + _if=$1 + + if ! afexists inet6; then return 1 fi + + # lo0 is always IPv6-enabled + case $_if in + lo0) + return 0 + ;; + esac + + # True if $ifconfig_IF_ipv6 is defined. + _tmpargs=`_ifconfig_getargs $_if ipv6` + if [ -n "${_tmpargs}" ]; then + return 0 + fi + + # backward compatibility: True if $ipv6_ifconfig_IF is defined. + _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` + if [ -n "${_tmpargs}" ]; then + return 0 + fi + case "${ipv6_network_interfaces}" in [Aa][Uu][Tt][Oo]) return 0 @@ -292,40 +437,133 @@ ipv6if() return 1 ;; esac - for v6if in ${ipv6_network_interfaces}; do - if [ "${v6if}" = "${1}" ]; then + + for i in ${ipv6_network_interfaces}; do + if [ "$i" = "$_if" ]; then return 0 fi done + return 1 } +# ipv6_autoconfif if +# Returns 0 if the interface should be configured for IPv6 with +# Stateless Address Configuration, 1 otherwise. +ipv6_autoconfif() +{ + local _if _tmpargs _arg + _if=$1 + + if ! ipv6if $_if; then + return 1 + fi + if noafif $_if; then + return 1 + fi + if checkyesno ipv6_gateway_enable; then + return 1 + fi + _tmpargs=`get_if_var $_if ipv6_prefix_IF` + if [ -n "${_tmpargs}" ]; then + return 1 + fi + + case $_if in + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*|\ + pflog[0-9]*|\ + pfsync[0-9]*) + return 1 + ;; + esac + + # backward compatibility: $ipv6_enable + case $ipv6_enable in + [Yy][Ee][Ss]) + return 0 + ;; + esac + + _tmpargs=`_ifconfig_getargs $_if ipv6` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + + # backward compatibility: $ipv6_ifconfig_IF + _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` + for _arg in $_tmpargs; do + case $_arg in + accept_rtadv) + return 0 + ;; + esac + done + + return 1 +} + # ifexists if # Returns 0 if the interface exists and 1 otherwise. ifexists() { + [ -z "$1" ] && return 1 ifconfig -n $1 > /dev/null 2>&1 } # ipv4_up if -# add IPv4 addresses to the interface $if +# add IPv4 addresses to the interface $if ipv4_up() { + local _if _ret _if=$1 - ifalias_up ${_if} - ipv4_addrs_common ${_if} alias + _ret=1 + + ifalias_up ${_if} inet && _ret=0 + ipv4_addrs_common ${_if} alias && _ret=0 + + return $_ret } +# ipv6_up if +# add IPv6 addresses to the interface $if +ipv6_up() +{ + local _if _ret + _if=$1 + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ifalias_up ${_if} inet6 && _ret=0 + ipv6_prefix_hostid_addr_up ${_if} && _ret=0 + ipv6_accept_rtadv_up ${_if} && _ret=0 + + # wait for DAD + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + sleep 1 + + return $_ret +} + # ipv4_down if -# remove IPv4 addresses from the interface $if +# remove IPv4 addresses from the interface $if ipv4_down() { + local _if _ifs _ret inetList oldifs _inet _if=$1 _ifs="^" _ret=1 - ifexists ${_if} || return 1 - inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" oldifs="$IFS" @@ -343,17 +581,55 @@ ipv4_down() done IFS="$oldifs" - ifalias_down ${_if} && _ret=0 + ifalias_down ${_if} inet && _ret=0 ipv4_addrs_common ${_if} -alias && _ret=0 return $_ret } +# ipv6_down if +# remove IPv6 addresses from the interface $if +ipv6_down() +{ + local _if _ifs _ret inetList oldifs _inet6 + _if=$1 + _ifs="^" + _ret=1 + + if ! ipv6if $_if; then + return 0 + fi + + ipv6_accept_rtadv_down ${_if} && _ret=0 + ifalias_down ${_if} inet6 && _ret=0 + + inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" + + oldifs="$IFS" + IFS="$_ifs" + for _inet6 in $inetList ; do + # get rid of extraneous line + [ -z "$_inet6" ] && break + + _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` + + IFS="$oldifs" + ifconfig ${_if} ${_inet6} -alias + IFS="$_ifs" + _ret=0 + done + IFS="$oldifs" + + return $_ret +} + # ipv4_addrs_common if action -# Evaluate the ifconfig_if_ipv4 arguments for interface $if -# and use $action to add or remove IPv4 addresses from $if. +# Evaluate the ifconfig_if_ipv4 arguments for interface $if and +# use $action to add or remove IPv4 addresses from $if. ipv4_addrs_common() -{ +{ + local _ret _if _action _cidr _cidr_addr + local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount _ret=1 _if=$1 _action=$2 @@ -386,53 +662,239 @@ ipv4_addrs_common() fi done done + return $_ret } -# ifalias_up if +# ifalias_up if af # Configure aliases for network interface $if. # It returns 0 if at least one alias was configured or # 1 if there were none. # ifalias_up() { + local _ret _ret=1 + + case "$2" in + inet) + _ret=`ifalias_ipv4_up "$1"` + ;; + inet6) + _ret=`ifalias_ipv6_up "$1"` + ;; + esac + + return $_ret +} + +# ifalias_ipv4_up if +# Helper function for ifalias_up(). Handles IPv4. +# +ifalias_ipv4_up() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then - ifconfig $1 ${ifconfig_args} alias - alias=$((${alias} + 1)) - _ret=0 - else + case "${ifconfig_args}" in + inet\ *) + ifconfig $1 ${ifconfig_args} alias && _ret=0 + ;; + "") break - fi + ;; + esac + alias=$((${alias} + 1)) done + return $_ret } -#ifalias_down if +# ifalias_ipv6_up if +# Helper function for ifalias_up(). Handles IPv6. +# +ifalias_ipv6_up() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet6" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0 + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ + " Use ifconfig_$1_aliasN instead." + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +# ifalias_down if af # Remove aliases for network interface $if. # It returns 0 if at least one alias was removed or # 1 if there were none. # ifalias_down() { + local _ret _ret=1 + + case "$2" in + inet) + _ret=`ifalias_ipv4_down "$1"` + ;; + inet6) + _ret=`ifalias_ipv6_down "$1"` + ;; + esac + + return $_ret +} + +# ifalias_ipv4_down if +# Helper function for ifalias_down(). Handles IPv4. +# +ifalias_ipv4_down() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - if [ -n "${ifconfig_args}" ]; then - ifconfig $1 ${ifconfig_args} -alias - alias=$((${alias} + 1)) - _ret=0 - else + case "${ifconfig_args}" in + inet\ *) + ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ;; + "") break - fi + ;; + esac + alias=$((${alias} + 1)) done + return $_ret } +# ifalias_ipv6_down if +# Helper function for ifalias_down(). Handles IPv6. +# +ifalias_ipv6_down() +{ + local _ret alias ifconfig_args + _ret=1 + + # ifconfig_IF_aliasN which starts with "inet6" + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + inet6\ *) + ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ;; + "") + break + ;; + esac + alias=$((${alias} + 1)) + done + + # backward compatibility: ipv6_ifconfig_IF_aliasN. + alias=0 + while : ; do + ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` + case "${ifconfig_args}" in + "") + break + ;; + *) + ifconfig $1 inet6 ${ifconfig_args} -alias && _ret=0 + warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ + " Use ifconfig_$1_aliasN instead." + ;; + esac + alias=$((${alias} + 1)) + done + + return $_ret +} + +# ipv6_prefix_hostid_addr_up if +# add IPv6 prefix + hostid addr to the interface $if +ipv6_prefix_hostid_addr_up() +{ + local _if prefix laddr hostid j address + _if=$1 + prefix=`get_if_var ${_if} ipv6_prefix_IF` + + if [ -n "${prefix}" ]; then + laddr=`network6_getladdr ${_if}` + hostid=${laddr#fe80::} + hostid=${hostid%\%*} + + for j in ${prefix}; do + address=$j\:${hostid} + ifconfig ${_if} inet6 ${address} prefixlen 64 alias + + # if I am a router, add subnet router + # anycast address (RFC 2373). + if checkyesno ipv6_gateway_enable; then + ifconfig ${_if} inet6 $j:: prefixlen 64 \ + alias anycast + fi + done + fi +} + +# ipv6_accept_rtadv_up if +# Enable accepting Router Advertisement and send Router +# Solicitation message +ipv6_accept_rtadv_up() +{ + if ipv6_autoconfif $1; then + ifconfig $1 inet6 accept_rtadv up + rtsol ${rtsol_flags} $1 + fi +} + +# ipv6_accept_rtadv_down if +# Disable accepting Router Advertisement +ipv6_accept_rtadv_down() +{ + if ipv6_autoconfif $1; then + ifconfig $1 inet6 -accept_rtadv + fi +} + # ifscript_up if # Evaluate a startup script for the $if interface. # It returns 0 if a script was found and processed or @@ -443,8 +905,9 @@ ifscript_up() if [ -r /etc/start_if.$1 ]; then . /etc/start_if.$1 return 0 + else + return 1 fi - return 1 } # ifscript_down if @@ -457,16 +920,21 @@ ifscript_down() if [ -r /etc/stop_if.$1 ]; then . /etc/stop_if.$1 return 0 + else + return 1 fi - return 1 } -# Create cloneable interfaces. +# clone_up +# Create cloneable interfaces. # clone_up() { + local _prefix _list ifn _prefix= _list= + + # create_args_IF for ifn in ${cloned_interfaces}; do ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF` if [ $? -eq 0 ]; then @@ -477,13 +945,16 @@ clone_up() debug "Cloned: ${_list}" } -# Destroy cloned interfaces. Destroyed interfaces are echoed -# to standard output. +# clone_down +# Destroy cloned interfaces. Destroyed interfaces are echoed to +# standard output. # clone_down() { + local _prefix _list ifn _prefix= _list= + for ifn in ${cloned_interfaces}; do ifconfig ${ifn} destroy if [ $? -eq 0 ]; then @@ -494,14 +965,14 @@ clone_down() debug "Destroyed clones: ${_list}" } -# Create and configure child interfaces. -# Return 0 if child interfaces are created. +# childif_create +# Create and configure child interfaces. Return 0 if child +# interfaces are created. # childif_create() { local cfg child child_wlans create_args debug_flags ifn i cfg=1 - ifn=$1 # Create wireless interfaces @@ -531,28 +1002,40 @@ childif_create() return ${cfg} } -# Destroy child interfaces. +# childif_destroy +# Destroy child interfaces. # childif_destroy() { local cfg child child_wlans ifn + cfg=1 child_wlans="`get_if_var $ifn wlans_IF` `get_if_var $ifn vaps_IF`" for child in ${child_wlans}; do ifconfig $child destroy && cfg=0 done + + return ${cfg} } -# Create netgraph nodes. +# ng_mkpeer +# Create netgraph nodes. # -ng_mkpeer() { +ng_mkpeer() +{ ngctl -f - 2> /dev/null </dev/null`; do case $line in *interface:*) defif=${line##*: } @@ -790,6 +1301,8 @@ get_default_if() echo $defif } +# hexdigit arg +# Echo decimal number $arg (single digit) in hexadecimal format. hexdigit() { if [ $1 -lt 10 ]; then @@ -806,14 +1319,17 @@ hexdigit() fi } +# hexprint arg +# Echo decimal number $arg (multiple digits) in hexadecimal format. hexprint() { + local val str dig val=$1 str='' - dig=`hexdigit $((${val} & 15))` str=${dig}${str} val=$((${val} >> 4)) + while [ ${val} -gt 0 ]; do dig=`hexdigit $((${val} & 15))` str=${dig}${str} @@ -834,255 +1350,12 @@ is_wired_interface() test "$media" = "Ethernet" } -# Setup the interfaces for IPv6 -network6_interface_setup() -{ - interfaces=$* - rtsol_interfaces='' - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - rtsol_available=no - ;; - *) - rtsol_available=yes - ;; - esac - for i in $interfaces; do - rtsol_interface=yes - prefix=`get_if_var $i ipv6_prefix_IF` - if [ -n "${prefix}" ]; then - rtsol_available=no - rtsol_interface=no - laddr=`network6_getladdr $i` - hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'` - for j in ${prefix}; do - address=$j\:${hostid} - ifconfig $i inet6 ${address} prefixlen 64 alias - - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - # subnet-router anycast address - # (rfc2373) - ifconfig $i inet6 $j:: prefixlen 64 \ - alias anycast - ;; - esac - done - fi - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF` - if [ -n "${ipv6_ifconfig}" ]; then - rtsol_available=no - rtsol_interface=no - ifconfig $i inet6 ${ipv6_ifconfig} alias - fi - - # Wireless NIC cards are virtualized through the wlan interface - if ! is_wired_interface ${i}; then - case "${i}" in - wlan*) rtsol_interface=yes ;; - *) rtsol_interface=no ;; - esac - fi - - if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ] - then - case ${i} in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*|pflog[0-9]*|pfsync[0-9]*) - ;; - *) - rtsol_interfaces="${rtsol_interfaces} ${i}" - ;; - esac - else - ifconfig $i inet6 - fi - done - - if [ ${rtsol_available} = yes -a -n "${rtsol_interfaces}" ]; then - # Act as endhost - automatically configured. - # You can configure only single interface, as - # specification assumes that autoconfigured host has - # single interface only. - sysctl net.inet6.ip6.accept_rtadv=1 - set ${rtsol_interfaces} - ifconfig $1 up - rtsol ${rtsol_flags} $1 - fi - - for i in $interfaces; do - alias=0 - while : ; do - ipv6_ifconfig=`get_if_var $i ipv6_ifconfig_IF_alias${alias}` - if [ -z "${ipv6_ifconfig}" ]; then - break; - fi - ifconfig $i inet6 ${ipv6_ifconfig} alias - alias=$((${alias} + 1)) - done - done -} - -# Setup IPv6 to IPv4 mapping -network6_stf_setup() -{ - case ${stf_interface_ipv4addr} in - [Nn][Oo] | '') - ;; - *) - # assign IPv6 addr and interface route for 6to4 interface - stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) - OIFS="$IFS" - IFS=".$IFS" - set ${stf_interface_ipv4addr} - IFS="$OIFS" - hexfrag1=`hexprint $(($1*256 + $2))` - hexfrag2=`hexprint $(($3*256 + $4))` - ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" - case ${stf_interface_ipv6_ifid} in - [Aa][Uu][Tt][Oo] | '') - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr ${i}` - case ${laddr} in - '') - ;; - *) - break - ;; - esac - done - stf_interface_ipv6_ifid=`expr "${laddr}" : \ - 'fe80::\(.*\)%\(.*\)'` - case ${stf_interface_ipv6_ifid} in - '') - stf_interface_ipv6_ifid=0:0:0:1 - ;; - esac - ;; - esac - ifconfig stf0 create >/dev/null 2>&1 - ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ - prefixlen ${stf_prefixlen} - # disallow packets to malicious 6to4 prefix - route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject - route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject - route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject - route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject - ;; - esac -} - -# Setup static routes -network6_static_routes_setup() -{ - # Set up any static routes. - case ${ipv6_defaultrouter} in - [Nn][Oo] | '') - ;; - *) - ipv6_static_routes="default ${ipv6_static_routes}" - ipv6_route_default="default ${ipv6_defaultrouter}" - ;; - esac - case ${ipv6_static_routes} in - [Nn][Oo] | '') - ;; - *) - for i in ${ipv6_static_routes}; do - ipv6_route_args=`get_if_var $i ipv6_route_IF` - route add -inet6 ${ipv6_route_args} - done - ;; - esac -} - -# Setup faith -network6_faith_setup() -{ - case ${ipv6_faith_prefix} in - [Nn][Oo] | '') - ;; - *) - sysctl net.inet6.ip6.keepfaith=1 - ifconfig faith0 create >/dev/null 2>&1 - ifconfig faith0 up - for prefix in ${ipv6_faith_prefix}; do - prefixlen=`expr "${prefix}" : ".*/\(.*\)"` - case ${prefixlen} in - '') - prefixlen=96 - ;; - *) - prefix=`expr "${prefix}" : \ - "\(.*\)/${prefixlen}"` - ;; - esac - route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 - route change -inet6 ${prefix} -prefixlen ${prefixlen} \ - -ifp faith0 - done - ;; - esac -} - -# Install the "default interface" to kernel, which will be used -# as the default route when there's no router. -network6_default_interface_setup() -{ - # Choose IPv6 default interface if it is not clearly specified. - case ${ipv6_default_interface} in - '') - for i in ${ipv6_network_interfaces}; do - case $i in - lo0|faith[0-9]*) - continue - ;; - esac - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_default_interface=$i - break - ;; - esac - done - ;; - esac - - # Disallow unicast packets without outgoing scope identifiers, - # or route such packets to a "default" interface, if it is specified. - route add -inet6 fe80:: -prefixlen 10 ::1 -reject - case ${ipv6_default_interface} in - [Nn][Oo] | '') - route add -inet6 ff02:: -prefixlen 16 ::1 -reject - ;; - *) - laddr=`network6_getladdr ${ipv6_default_interface}` - route add -inet6 ff02:: ${laddr} -prefixlen 16 -interface \ - -cloning - - # Disable installing the default interface with the - # case net.inet6.ip6.forwarding=0 and - # net.inet6.ip6.accept_rtadv=0, due to avoid conflict - # between the default router list and the manual - # configured default route. - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - ;; - *) - if [ `sysctl -n net.inet6.ip6.accept_rtadv` -eq 1 ] - then - ndp -I ${ipv6_default_interface} - fi - ;; - esac - ;; - esac -} - +# network6_getladdr if [flag] +# Echo link-local address from $if if any. +# If flag is defined, tentative ones will be excluded. network6_getladdr() { + local proto addr rest ifconfig $1 2>/dev/null | while read proto addr rest; do case ${proto} in inet6) Index: etc/rc.d/NETWORKING =================================================================== --- etc/rc.d/NETWORKING (revision 197763) +++ etc/rc.d/NETWORKING (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: NETWORKING NETWORK -# REQUIRE: netif netoptions routing network_ipv6 ppp ipfw +# REQUIRE: netif netoptions routing ppp ipfw stf faith # REQUIRE: defaultroute routed mrouted route6d mroute6d resolv # This is a dummy dependency, for services which require networking Index: etc/rc.d/network_ipv6 =================================================================== --- etc/rc.d/network_ipv6 (revision 197763) +++ etc/rc.d/network_ipv6 (working copy) @@ -1,126 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2000 The KAME Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# From: src/etc/rc.network6,v 1.29 2002/04/06 15:15:43 -# - -# PROVIDE: network_ipv6 -# REQUIRE: routing ip6fw -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="network_ipv6" -rcvar=`set_rcvar ipv6` -start_cmd="network_ipv6_start" - -network_ipv6_start() -{ - # disallow "internal" addresses to appear on the wire - route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject - route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject - - case ${ipv6_network_interfaces} in - [Aa][Uu][Tt][Oo]) - # Get a list of network interfaces - ipv6_network_interfaces="`ifconfig -l`" - ;; - [Nn][Oo][Nn][Ee]) - ipv6_network_interfaces='' - ;; - esac - - if checkyesno ipv6_gateway_enable; then - # act as a router - ${SYSCTL_W} net.inet6.ip6.forwarding=1 - ${SYSCTL_W} net.inet6.ip6.accept_rtadv=0 - - # wait for DAD - for i in $ipv6_network_interfaces; do - ifconfig $i up - done - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - else - # act as endhost - start with manual configuration - # Setup of net.inet6.ip6.accept_rtadv is done later by - # network6_interface_setup. - ${SYSCTL_W} net.inet6.ip6.forwarding=0 - fi - - if [ -n "${ipv6_network_interfaces}" ]; then - # Setup the interfaces - network6_interface_setup $ipv6_network_interfaces - - # wait for DAD's completion (for global addrs) - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - fi - - # Filter out interfaces on which IPv6 initialization failed. - if checkyesno ipv6_gateway_enable; then - ipv6_working_interfaces="" - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_working_interfaces="$i \ - ${ipv6_working_interfaces}" - ;; - esac - done - ipv6_network_interfaces=${ipv6_working_interfaces} - fi - - # Setup IPv6 to IPv4 mapping - network6_stf_setup - - # Install the "default interface" to kernel, which will be used - # as the default route when there's no router. - network6_default_interface_setup - - # Setup static routes - network6_static_routes_setup - - # Setup faith - network6_faith_setup - - # Support for IPv4 address tacked onto an IPv6 address - if checkyesno ipv6_ipv4mapping; then - echo 'IPv4 mapped IPv6 address support=YES' - ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null - else - echo 'IPv4 mapped IPv6 address support=NO' - ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null - fi -} - -load_rc_config $name -run_rc_command "$1" Index: etc/rc.d/netif =================================================================== --- etc/rc.d/netif (revision 197763) +++ etc/rc.d/netif (working copy) @@ -41,6 +41,8 @@ clonedown_cmd="clone_down" extra_commands="cloneup clonedown" cmdifn= +set_rcvar_obsolete ipv6_enable ipv6_prefer + network_start() { # Set the list of interfaces to work on. Index: etc/rc.d/devd =================================================================== --- etc/rc.d/devd (revision 197763) +++ etc/rc.d/devd (working copy) @@ -4,7 +4,7 @@ # # PROVIDE: devd -# REQUIRE: netif network_ipv6 +# REQUIRE: netif # BEFORE: NETWORKING mountcritremote # KEYWORD: nojail shutdown Index: etc/rc.d/addswap =================================================================== --- etc/rc.d/addswap (revision 197763) +++ etc/rc.d/addswap (working copy) @@ -7,7 +7,6 @@ # PROVIDE: addswap # REQUIRE: FILESYSTEMS -# BEFORE: sysctl # KEYWORD: nojail . /etc/rc.subr Index: etc/rc.d/sysctl =================================================================== --- etc/rc.d/sysctl (revision 197763) +++ etc/rc.d/sysctl (working copy) @@ -5,7 +5,7 @@ # PROVIDE: sysctl # REQUIRE: root -# BEFORE: DAEMON +# BEFORE: FILESYSTEMS . /etc/rc.subr Index: etc/rc.d/mroute6d =================================================================== --- etc/rc.d/mroute6d (revision 197763) +++ etc/rc.d/mroute6d (working copy) @@ -4,7 +4,8 @@ # # PROVIDE: mroute6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing +# BEFORE: NETWORKING # KEYWORD: nojail . /etc/rc.subr Index: etc/rc.d/ip6addrctl =================================================================== --- etc/rc.d/ip6addrctl (revision 197763) +++ etc/rc.d/ip6addrctl (working copy) @@ -4,11 +4,12 @@ # # PROVIDE: ip6addrctl -# REQUIRE: FILESYSTEMS netif -# BEFORE: network_ipv6 +# REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr +. /etc/network.subr name="ip6addrctl" rcvar=`set_rcvar` @@ -19,8 +20,12 @@ status_cmd="ip6addrctl" prefer_ipv6_cmd="ip6addrctl_prefer_ipv6" prefer_ipv4_cmd="ip6addrctl_prefer_ipv4" +set_rcvar_obsolete ipv6_enable ipv6_prefer + ip6addrctl_prefer_ipv6() { + afexists inet6 || return 0 + ip6addrctl flush >/dev/null 2>&1 ip6addrctl add ::1/128 50 0 ip6addrctl add ::/0 40 1 @@ -32,6 +37,8 @@ ip6addrctl_prefer_ipv6() ip6addrctl_prefer_ipv4() { + afexists inet6 || return 0 + ip6addrctl flush >/dev/null 2>&1 ip6addrctl add ::ffff:0:0/96 50 0 ip6addrctl add ::1/128 40 1 @@ -43,30 +50,27 @@ ip6addrctl_prefer_ipv4() ip6addrctl_start() { - if ifconfig lo0 inet6 >/dev/null 2>&1; then - # We have IPv6 support in kernel. + afexists inet6 || return 0 - # install the policy of the address selection algorithm. - if [ -f /etc/ip6addrctl.conf ]; then - ip6addrctl flush >/dev/null 2>&1 - ip6addrctl install /etc/ip6addrctl.conf - checkyesno ip6addrctl_verbose && ip6addrctl + # install the policy of the address selection algorithm. + if [ -f /etc/ip6addrctl.conf ]; then + ip6addrctl flush >/dev/null 2>&1 + ip6addrctl install /etc/ip6addrctl.conf + checkyesno ip6addrctl_verbose && ip6addrctl + else + if checkyesno ipv6_prefer; then + ip6addrctl_prefer_ipv6 else - if checkyesno ipv6_enable; then - ip6addrctl_prefer_ipv6 - else - ip6addrctl_prefer_ipv4 - fi + ip6addrctl_prefer_ipv4 fi fi } ip6addrctl_stop() { - if ifconfig lo0 inet6 >/dev/null 2>&1; then - # We have IPv6 support in kernel. - ip6addrctl flush >/dev/null 2>&1 - fi + afexists inet6 || return 0 + + ip6addrctl flush >/dev/null 2>&1 } load_rc_config $name Index: etc/rc.d/Makefile =================================================================== --- etc/rc.d/Makefile (revision 197763) +++ etc/rc.d/Makefile (working copy) @@ -4,13 +4,13 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ abi accounting addswap adjkerntz amd \ - apm apmd archdep atm1 atm2 atm3 auditd auto_linklocal \ + apm apmd archdep atm1 atm2 atm3 auditd \ bgfsck bluetooth bootparams bridge bsnmpd bthidd \ ccd cleanvar cleartmp cron \ ddb defaultroute devd devfs dhclient \ dmesg dumpon \ encswap \ - fsck ftp-proxy ftpd \ + faith fsck ftp-proxy ftpd \ gbde geli geli2 gssd \ hcsecd \ hostapd hostid hostid_save hostname \ @@ -23,7 +23,7 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS mixer motd mountcritlocal mountcritremote mountlate \ mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \ named natd netif netoptions \ - network_ipv6 newsyslog nfsclient nfscbd nfsd \ + newsyslog nfsclient nfscbd nfsd \ nfsserver nfsuserd nisdomain nsswitch ntpd ntpdate \ othermta \ pf pflog pfsync \ @@ -32,7 +32,7 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS random rarpd resolv rfcomm_pppd_server root \ route6d routed routing rpcbind rtadvd rwho \ savecore sdpd securelevel sendmail \ - serial sppp statd swap1 \ + serial sppp statd stf swap1 \ syscons sysctl syslogd \ timed tmp \ ugidfw \ Index: etc/rc.d/route6d =================================================================== --- etc/rc.d/route6d (revision 197763) +++ etc/rc.d/route6d (working copy) @@ -4,22 +4,17 @@ # # PROVIDE: route6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing # KEYWORD: nojail . /etc/rc.subr name="route6d" +rcvar=`set_rcvar` -# XXX - Executable may be in a different location. The $name variable -# is different from the variable in rc.conf(5) so the -# subroutines in rc.subr won't catch it. In this case, it -# is also needed by the eval statement in the FreeBSD conditional. -# -load_rc_config $name +set_rcvar_obsolete ipv6_router_enable route6d_enable +set_rcvar_obsolete ipv6_router route6d_program +set_rcvar_obsolete ipv6_router_flags route6d_flags -rcvar="ipv6_router_enable" -command="${ipv6_router:-/usr/sbin/${name}}" -eval ${name}_flags=\"${ipv6_router_flags}\" - +load_rc_config $name run_rc_command "$1" Index: etc/rc.d/netoptions =================================================================== --- etc/rc.d/netoptions (revision 197763) +++ etc/rc.d/netoptions (working copy) @@ -5,10 +5,16 @@ # PROVIDE: netoptions # REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr +. /etc/network.subr +name="netoptions" +start_cmd="netoptions_start" +stop_cmd=: + _netoptions_initdone= netoptions_init() { @@ -18,75 +24,82 @@ netoptions_init() fi } -load_rc_config 'XXX' +netoptions_start() +{ + local _af -case ${log_in_vain} in -[Nn][Oo] | '') - log_in_vain=0 - ;; -[Yy][Ee][Ss]) - log_in_vain=1 - ;; -[0-9]*) - ;; -*) - netoptions_init - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; -esac + for _af in inet inet6; do + afexists ${_af} && eval netoptions_${_af} + done + [ -n "${_netoptions_initdone}" ] && echo '.' +} -if [ "${log_in_vain}" -ne 0 ]; then - netoptions_init - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null -fi +netoptions_inet() +{ + case ${log_in_vain} in + [12]) + netoptions_init + echo -n " log_in_vain=${log_in_vain}" + ${SYSCTL_W} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null + ${SYSCTL_W} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null + ;; + *) + ${SYSCTL_W} net.inet.tcp.log_in_vain=0 >/dev/null + ${SYSCTL_W} net.inet.udp.log_in_vain=0 >/dev/null + ;; + esac -case ${tcp_extensions} in -[Yy][Ee][Ss] | '') - ;; -*) - netoptions_init - echo -n ' tcp extensions=NO' - sysctl net.inet.tcp.rfc1323=0 >/dev/null - ;; -esac + if checkyesno tcp_extensions; then + ${SYSCTL_W} net.inet.tcp.rfc1323=1 >/dev/null + else + netoptions_init + echo -n ' rfc1323 extensions=${tcp_extensions}' + ${SYSCTL_W} net.inet.tcp.rfc1323=0 >/dev/null + fi -case ${tcp_keepalive} in -[Nn][Oo]) - netoptions_init - echo -n ' TCP keepalive=NO' - sysctl net.inet.tcp.always_keepalive=0 >/dev/null - ;; -esac + if checkyesno tcp_keepalive; then + ${SYSCTL_W} net.inet.tcp.always_keepalive=1 >/dev/null + else + netoptions_init + echo -n ' TCP keepalive=${tcp_keepalive}' + ${SYSCTL_W} net.inet.tcp.always_keepalive=0 >/dev/null + fi -case ${tcp_drop_synfin} in -[Yy][Ee][Ss]) - netoptions_init - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null - ;; -esac + if checkyesno tcp_drop_synfin; then + netoptions_init + echo -n ' drop SYN+FIN packets=${tcp_drop_synfin}' + ${SYSCTL_W} net.inet.tcp.drop_synfin=1 >/dev/null + else + ${SYSCTL_W} net.inet.tcp.drop_synfin=0 >/dev/null + fi -case ${ip_portrange_first} in -[Nn][Oo] | '') - ;; -*) - netoptions_init - echo -n " ip_portrange_first=$ip_portrange_first" - sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null - ;; -esac + case ${ip_portrange_first} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_first=$ip_portrange_first" + ${SYSCTL_W} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null + ;; + esac -case ${ip_portrange_last} in -[Nn][Oo] | '') - ;; -*) - netoptions_init - echo -n " ip_portrange_last=$ip_portrange_last" - sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null - ;; -esac + case ${ip_portrange_last} in + [0-9]*) + netoptions_init + echo -n " ip_portrange_last=$ip_portrange_last" + ${SYSCTL_W} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null + ;; + esac +} -[ -n "${_netoptions_initdone}" ] && echo '.' +netoptions_inet6() +{ + if checkyesno ipv6_ipv4mapping; then + netoptions_init + echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}" + ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null + else + ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null + fi +} + +load_rc_config $name +run_rc_command $1 Index: etc/rc.d/auto_linklocal =================================================================== --- etc/rc.d/auto_linklocal (revision 197763) +++ etc/rc.d/auto_linklocal (working copy) @@ -1,33 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: auto_linklocal -# REQUIRE: root -# BEFORE: sysctl -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="auto_linklocal" -start_cmd="auto_linklocal_start" -stop_cmd=":" - -auto_linklocal_start() -{ - if ! checkyesno ipv6_enable && ${SYSCTL} net.inet6 > /dev/null 2>&1; then - if ! ${SYSCTL_W} net.inet6.ip6.auto_linklocal=0 >/dev/null 2>&1; then - warn "failed to set sysctl(8)" - return 1 - fi - laddr=`network6_getladdr lo0` - if [ -z "${laddr}" ]; then - ifconfig lo0 inet6 fe80::1 prefixlen 64 - fi - fi -} - -load_rc_config $name -run_rc_command "$1" Index: etc/rc.d/routed =================================================================== --- etc/rc.d/routed (revision 197763) +++ etc/rc.d/routed (working copy) @@ -10,13 +10,12 @@ . /etc/rc.subr name="routed" +desc="network RIP and router discovery routing daemon" +rcvar=`set_rcvar` -# XXX - Executable may be in a different location. The $name variable -# is different from the variable in rc.conf(5) so the -# subroutines in rc.subr won't catch it. -# +set_rcvar_obsolete router_enable routed_enable +set_rcvar_obsolete router routed_program +set_rcvar_obsolete router_flags routed_flags + load_rc_config $name -rcvar="router_enable" -command="${router:-/sbin/${name}}" -eval ${name}_flags=\"${router_flags}\" run_rc_command "$1" Index: etc/rc.d/defaultroute =================================================================== --- etc/rc.d/defaultroute (revision 197763) +++ etc/rc.d/defaultroute (working copy) @@ -6,7 +6,7 @@ # # PROVIDE: defaultroute -# REQUIRE: devd netif network_ipv6 +# REQUIRE: devd faith netif stf # KEYWORD: nojail . /etc/rc.subr @@ -18,8 +18,10 @@ stop_cmd=":" defaultroute_start() { - local output carrier nocarrier + local output carrier nocarrier nl + afexists inet || return 0 + # Return without waiting if we don't have dhcp interfaces or # if none of the dhcp interfaces is plugged in. dhcp_interfaces=`list_net_interfaces dhcp` @@ -41,6 +43,7 @@ defaultroute_start() if [ -n "${defif}" ]; then if [ ${delay} -ne ${defaultroute_delay} ]; then echo -n "($defif)" + nl=1 fi break fi @@ -49,11 +52,12 @@ defaultroute_start() else echo -n . fi + nl=1 sleep 1 - delay=`expr $delay - 1` + delay=$(($delay - 1)) done - echo + [ -n "$nl" ] && echo } load_rc_config $name Index: etc/rc.d/rtadvd =================================================================== --- etc/rc.d/rtadvd (revision 197763) +++ etc/rc.d/rtadvd (working copy) @@ -9,6 +9,7 @@ # KEYWORD: nojail shutdown . /etc/rc.subr +. /etc/network.subr name="rtadvd" rcvar=`set_rcvar` @@ -40,16 +41,14 @@ rtadvd_precmd() # get a list of interfaces and enable it on them # case ${rtadvd_interfaces} in - '') + [Aa][Uu][Tt][Oo]|'') for i in `ifconfig -l` ; do case $i in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) - continue - ;; - *) - rtadvd_interfaces="${rtadvd_interfaces} ${i}" - ;; + lo0) continue ;; esac + if ipv6if $i; then + rtadvd_interfaces="${rtadvd_interfaces} ${i}" + fi done ;; esac Index: etc/rc.d/routing =================================================================== --- etc/rc.d/routing (revision 197763) +++ etc/rc.d/routing (working copy) @@ -6,32 +6,119 @@ # # PROVIDE: routing -# REQUIRE: netif ppp +# REQUIRE: faith netif ppp stf # KEYWORD: nojail . /etc/rc.subr . /etc/network.subr name="routing" -start_cmd="routing_start" +start_cmd="routing_start doall" stop_cmd="routing_stop" extra_commands="options static" -static_cmd="static_start" -options_cmd="options_start" +static_cmd="routing_start static" +options_cmd="routing_start options" +afcheck() +{ + case $_af in + ""|inet|inet6|ipx|atm) + ;; + *) + err 1 "Unsupported address family: $_af." + ;; + esac +} + routing_start() { - static_start - options_start + local _cmd _af _a + _cmd=$1 + _af=$2 + + afcheck + + case $_af in + inet|inet6|ipx|atm) + setroutes $_cmd $_af + ;; + "") + for _a in inet inet6 ipx atm; do + afexists $_a && setroutes $_cmd $_a + done + ;; + esac + [ -n "${_ropts_initdone}" ] && echo '.' } routing_stop() { - route -n flush + local _af _a + _af=$1 + + afcheck + + case $_af in + inet|inet6|ipx|atm) + eval static_${_af} delete + eval routing_stop_${_af} + ;; + "") + for _a in inet inet6 ipx atm; do + afexists $_a || continue + eval static_${_a} delete + eval routing_stop_${_a} + done + ;; + esac } -static_start() +setroutes() { + case $1 in + static) + static_$2 add + ;; + options) + options_$2 + ;; + doall) + static_$2 add + options_$2 + ;; + esac +} + +routing_stop_inet() +{ + route -n flush -inet +} + +routing_stop_inet6() +{ + local i + + route -n flush -inet6 + for i in ${ipv6_network_interfaces}; do + ifconfig $i inet6 -defaultif + done +} + +routing_stop_atm() +{ + return 0 +} + +routing_stop_ipx() +{ + return 0 +} + +static_inet() +{ + local _action + _action=$1 + case ${defaultrouter} in [Nn][Oo] | '') ;; @@ -41,24 +128,138 @@ routing_stop() ;; esac - # Setup static routes. This should be done before router discovery. - # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} + route_args=`get_if_var $i route_IF` + route ${_action} ${route_args} done fi - # Now ATM static routes - # +} + +static_inet6() +{ + local _action i + _action=$1 + + # disallow "internal" addresses to appear on the wire + route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="default ${ipv6_static_routes}" + ipv6_route_default="default ${ipv6_defaultrouter}" + ;; + esac + + if [ -n "${ipv6_static_routes}" ]; then + for i in ${ipv6_static_routes}; do + ipv6_route_args=`get_if_var $i ipv6_route_IF` + route ${_action} -inet6 ${route_args} + done + fi + + # Fixup $ipv6_network_interfaces + case ${ipv6_network_interfaces} in + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; + esac + + if checkyesno ipv6_gateway_enable; then + for i in ${ipv6_network_interfaces}; do + + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_working_interfaces="$i \ + ${ipv6_working_interfaces}" + ;; + esac + done + ipv6_network_interfaces=${ipv6_working_interfaces} + fi + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + case "${ipv6_default_interface}" in + [Nn][Oo] | [Nn][Oo][Nn][Ee]) + ipv6_default_interface="" + ;; + [Aa][Uu][Tt][Oo] | "") + for i in ${ipv6_network_interfaces}; do + case $i in + lo0|faith[0-9]*) + continue + ;; + esac + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_default_interface=$i + break + ;; + esac + done + ;; + esac + + # Disallow unicast packets without outgoing scope identifiers, + # or route such packets to a "default" interface, if it is specified. + route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject + + case ${ipv6_default_interface} in + '') + route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject + ;; + *) + laddr=`network6_getladdr ${ipv6_default_interface}` + route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface + + # Disable installing the default interface with the + # case net.inet6.ip6.forwarding=0 and + # the interface with no ND6_IFF_ACCEPT_RTADV + # to avoid conflict between the default router list and + # the manual configured default route. + if ! checkyesno ipv6_gateway_enable; then + ifconfig ${ipv6_default_interface} nd6 | \ + while read proto options + do + case "${proto}:${options}" in + nd6:*ACCEPT_RTADV*) + ifconfig ${ipv6_default_interface} inet6 defaultif + break + ;; + esac + done + fi + ;; + esac +} + +static_atm() +{ + local _action i route_args + _action=$1 + if [ -n "${natm_static_routes}" ]; then for i in ${natm_static_routes}; do - eval route_args=\$route_${i} - atmconfig natm add ${route_args} + route_args=`get_if_var $i route_IF` + atmconfig natm ${_action} ${route_args} done fi } +static_ipx() +{ +} + _ropts_initdone= ropts_init() { @@ -68,74 +269,90 @@ ropts_init() fi } -options_start() +options_inet() { - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) + if checkyesno icmp_bmcastecho; then ropts_init echo -n ' broadcast ping responses=YES' - sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac + ${SYSCTL_W} net.inet.icmp.bmcastecho=1 > /dev/null + else + ${SYSCTL_W} net.inet.icmp.bmcastecho=0 > /dev/null + fi - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_drop_redirect; then ropts_init echo -n ' ignore ICMP redirect=YES' - sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac + ${SYSCTL_W} net.inet.icmp.drop_redirect=1 > /dev/null + else + ${SYSCTL_W} net.inet.icmp.drop_redirect=0 > /dev/null + fi - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_log_redirect; then ropts_init echo -n ' log ICMP redirect=YES' - sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac + ${SYSCTL_W} net.inet.icmp.log_redirect=1 > /dev/null + else + ${SYSCTL_W} net.inet.icmp.log_redirect=0 > /dev/null + fi - case ${gateway_enable} in - [Yy][Ee][Ss]) + if checkyesno gateway_enable; then ropts_init - echo -n ' IP gateway=YES' - sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac + echo -n ' IPv4 gateway=YES' + ${SYSCTL_W} net.inet.ip.forwarding=1 > /dev/null + else + ${SYSCTL_W} net.inet.ip.forwarding=0 > /dev/null + fi - case ${forward_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno forward_sourceroute; then ropts_init echo -n ' do source routing=YES' - sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac + ${SYSCTL_W} net.inet.ip.sourceroute=1 > /dev/null + else + ${SYSCTL_W} net.inet.ip.sourceroute=0 > /dev/null + fi - case ${accept_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno accept_sourceroute; then ropts_init echo -n ' accept source routing=YES' - sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac + ${SYSCTL_W} net.inet.ip.accept_sourceroute=1 > /dev/null + else + ${SYSCTL_W} net.inet.ip.accept_sourceroute=0 > /dev/null + fi - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) + if checkyesno arpproxy_all; then ropts_init - echo -n ' IPX gateway=YES' - sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac + echo -n ' ARP proxyall=YES' + ${SYSCTL_W} net.link.ether.inet.proxyall=1 > /dev/null + else + ${SYSCTL_W} net.link.ether.inet.proxyall=0 > /dev/null + fi +} - case ${arpproxy_all} in - [Yy][Ee][Ss]) +options_inet6() +{ + if checkyesno ipv6_gateway_enable; then ropts_init - echo -n ' ARP proxyall=YES' - sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac + echo -n ' IPv6 gateway=YES' + ${SYSCTL_W} net.inet6.ip6.forwarding=1 > /dev/null + else + ${SYSCTL_W} net.inet6.ip6.forwarding=0 > /dev/null + fi +} - [ -n "${_ropts_initdone}" ] && echo '.' +options_atm() +{ } +options_ipx() +{ + if checkyesno ipxgateway_enable; then + ropts_init + echo -n ' IPX gateway=YES' + ${SYSCTL_W} net.ipx.ipx.ipxforwarding=1 > /dev/null + else + ${SYSCTL_W} net.ipx.ipx.ipxforwarding=0 > /dev/null + fi +} + load_rc_config $name -run_rc_command "$1" +run_rc_command "$@" Index: etc/rc.subr =================================================================== --- etc/rc.subr (revision 197763) +++ etc/rc.subr (working copy) @@ -72,38 +72,64 @@ esac # functions # --------- +# set_rcvar [var] [defval] [desc] # -# set_rcvar base_var -# Set the variable name enabling a specific service. -# FreeBSD uses ${service}_enable, while NetBSD uses -# just the name of the service. For example: -# FreeBSD: sendmail_enable="YES" -# NetBSD : sendmail="YES" -# $1 - if $name is not the base to work of off, specify -# a different one +# Echo or define a rc.conf(5) variable name. Global variable +# $rcvars is used. # +# If no argument is specified, echo "${name}_enable". +# +# If only a var is specified, echo "${var}_enable". +# +# If var and defval are specified, the ${var} is defined as +# rc.conf(5) variable and the default value is ${defvar}. An +# optional argument $desc can also be specified to add a +# description for that. +# set_rcvar() { - if [ -z "$1" ]; then - base_var=${name} - else - base_var="$1" - fi - - case ${OSTYPE} in - FreeBSD) - echo ${base_var}_enable + case $# in + 0) + echo ${name}_enable ;; - NetBSD) - echo ${base_var} + 1) + echo ${1}_enable ;; *) - echo 'XXX' + debug "rcvar_define: \$$1=$2 is added" \ + " as a rc.conf(5) variable." + + local _var + _var=$1 + rcvars="${rcvars# } $_var" + eval ${_var}_defval=\"$2\" + shift 2 + # encode multiple lines of _desc + for l in "$@"; do + eval ${_var}_desc=\"\${${_var}_desc#^^}^^$l\" + done + eval ${_var}_desc=\"\${${_var}_desc#^^}\" ;; esac } +# set_rcvar_obsolete oldvar [newvar] [msg] +# Define obsolete variable. +# Global variable $rcvars_obsolete is used. # +set_rcvar_obsolete() +{ + local _var + _var=$1 + debug "rcvar_obsolete: \$$1(old) -> \$$2(new) is defined" + + rcvars_obsolete="${rcvars_obsolete# } $1" + eval ${1}_newvar=\"$2\" + shift 2 + eval ${_var}_obsolete_msg=\"$*\" +} + +# # force_depend script # Force a service to start. Intended for use by services # to resolve dependency issues. It is assumed the caller @@ -401,6 +427,8 @@ wait_for_pids() # command_interpreter n If not empty, command is interpreted, so # call check_{pidfile,process}() appropriately. # +# desc n Description of script. +# # extra_commands n List of extra commands supported. # # pidfile n If set, use check_pidfile $pidfile $command, @@ -574,7 +602,7 @@ run_rc_command() esac eval _override_command=\$${name}_program - command=${command:+${_override_command:-$command}} + command=${command:-${_override_command}} _keywords="start stop restart rcvar $extra_commands" rc_pid= @@ -784,14 +812,49 @@ $command $rc_flags $command_args" ;; rcvar) - echo "# $name" - if [ -n "$rcvar" ]; then - if checkyesno ${rcvar}; then - echo "${rcvar}=YES" - else - echo "${rcvar}=NO" + echo -n "# $name" + if [ -n "$desc" ]; then + echo " : $desc" + else + echo "" + fi + echo "#" + # Get unique vars in $rcvar $rcvars + for _v in $rcvar $rcvars; do + case $v in + $_v\ *|\ *$_v|*\ $_v\ *) ;; + *) v="${v# } $_v" ;; + esac + done + + # Display variables. + for _v in $v; do + if [ -z "$_v" ]; then + continue fi - fi + + eval _desc=\$${_v}_desc + eval _defval=\$${_v}_defval + _h="-" + + eval echo \"$_v=\\\"\$$_v\\\"\" + # decode multiple lines of _desc + while [ -n "$_desc" ]; do + case $_desc in + *^^*) + echo "# $_h ${_desc%%^^*}" + _desc=${_desc#*^^} + _h=" " + ;; + *) + echo "# $_h ${_desc}" + break + ;; + esac + done + echo "# (default: \"$_defval\")" + done + echo "" ;; *) @@ -902,7 +965,8 @@ run_rc_script() unset name command command_args command_interpreter \ extra_commands pidfile procname \ - rcvar required_dirs required_files required_vars + rcvar rcvars rcvars_obsolete required_dirs required_files \ + required_vars eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd case "$_file" in @@ -933,6 +997,7 @@ run_rc_script() # load_rc_config() { + local _name _var _defval _v _msg _new _name=$1 if [ -z "$_name" ]; then err 3 'USAGE: load_rc_config name' @@ -959,6 +1024,36 @@ load_rc_config() # Old variable names support # [ -n "$enable_quotas" ] && quota_enable="$enable_quotas" + + # Set defaults if defined. + for _var in $rcvar $rcvars; do + _defval=`eval echo "\\\$${_var}_defval"` + if [ -n "$_defval" ]; then + eval : \${$_var:=\$${_var}_defval} + fi + done + + # check obsolete rc.conf variables + for _var in $rcvars_obsolete; do + _v=`eval echo \\$$_var` + _msg=`eval echo \\$${_var}_obsolete_msg` + _new=`eval echo \\$${_var}_newvar` + case $_v in + "") + ;; + *) + if [ -z "$_new" ]; then + _msg="Ignored." + else + eval $_new=\"\$$_var\" + if [ -z "$_msg" ]; then + _msg="Use \$$_new instead." + fi + fi + warn "\$$_var is obsolete. $_msg" + ;; + esac + done } # @@ -1601,4 +1696,23 @@ check_required_after() fi +# _echoonce var msg mode +# mode=0: Echo $msg if ${$var} is empty. +# After doing echo, a string is set to ${$var}. +# +# mode=1: Echo $msg if ${$var} is a string with non-zero length. +# +_echoonce() +{ + local _var _msg _mode + _var=`eval echo \\$$1` + _msg=$2 + _mode=$3 + + case $_mode in + 1) [ -n "$_var" ] && echo "$_msg" ;; + *) [ -z "$_var" ] && echo -n "$_msg" && eval "$1=finished" ;; + esac +} + _rc_subr_loaded=: Property changes on: usr.sbin ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin:r197526 Property changes on: usr.sbin/wpa ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/wpa:r197526 Property changes on: usr.sbin/makefs/getid.c ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/makefs/getid.c:r197526 Property changes on: usr.sbin/makefs/ffs/ufs_bswap.h ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/makefs/ffs/ufs_bswap.h:r197526 Property changes on: usr.sbin/makefs/ffs/ffs_subr.c ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/makefs/ffs/ffs_subr.c:r197526 Property changes on: usr.sbin/makefs/ffs/ffs_bswap.c ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/makefs/ffs/ffs_bswap.c:r197526 Property changes on: usr.sbin/rtsold ___________________________________________________________________ Added: svn:mergeinfo Merged /head/usr.sbin/rtsold:r196200,196211-196212,196280-196283,197141,197526 Merged /vendor/resolver/dist/usr.sbin/rtsold:r1540-186085 Index: usr.sbin/rtsold/if.c =================================================================== --- usr.sbin/rtsold/if.c (revision 197763) +++ usr.sbin/rtsold/if.c (working copy) @@ -48,6 +48,7 @@ #include #include +#include #include #include @@ -78,9 +79,15 @@ int interface_up(char *name) { struct ifreq ifr; + struct in6_ndireq nd; int llflag; + int s; + int error; + memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name)); + memset(&nd, 0, sizeof(nd)); + strlcpy(nd.ifname, name, sizeof(nd.ifname)); if (ioctl(ifsock, SIOCGIFFLAGS, (caddr_t)&ifr) < 0) { warnmsg(LOG_WARNING, __func__, "ioctl(SIOCGIFFLAGS): %s", @@ -94,9 +101,56 @@ interface_up(char *name) "ioctl(SIOCSIFFLAGS): %s", strerror(errno)); return(-1); } + if ((s = socket(AF_INET6, SOCK_DGRAM, 0)) < 0) { + warnmsg(LOG_WARNING, __func__, "socket(AF_INET6, SOCK_DGRAM): %s", + strerror(errno)); + return(-1); + } + if (ioctl(s, SIOCGIFINFO_IN6, (caddr_t)&nd) < 0) { + warnmsg(LOG_WARNING, __func__, "ioctl(SIOCGIFINFO_IN6): %s", + strerror(errno)); + close(s); + return(-1); + } warnmsg(LOG_DEBUG, __func__, "checking if %s is ready...", name); + if (nd.ndi.flags & ND6_IFF_IFDISABLED) { + if (Fflag) { + nd.ndi.flags &= ~ND6_IFF_IFDISABLED; + if (ioctl(s, SIOCSIFINFO_IN6, (caddr_t)&nd)) { + warnmsg(LOG_WARNING, __func__, + "ioctl(SIOCSIFINFO_IN6): %s", + strerror(errno)); + close(s); + return(-1); + } + } else { + warnmsg(LOG_WARNING, __func__, + "%s is disabled.", name); + close(s); + return(-1); + } + } + if (!(nd.ndi.flags & ND6_IFF_ACCEPT_RTADV)) { + if (Fflag) { + nd.ndi.flags |= ND6_IFF_ACCEPT_RTADV; + if (ioctl(s, SIOCSIFINFO_IN6, (caddr_t)&nd)) { + warnmsg(LOG_WARNING, __func__, + "ioctl(SIOCSIFINFO_IN6): %s", + strerror(errno)); + close(s); + return(-1); + } + } else { + warnmsg(LOG_WARNING, __func__, + "%s does not accept Router Advertisement.", name); + close(s); + return(-1); + } + } + close(s); + llflag = get_llflag(name); if (llflag < 0) { warnmsg(LOG_WARNING, __func__, Index: usr.sbin/rtsold/rtsold.c =================================================================== --- usr.sbin/rtsold/rtsold.c (revision 197763) +++ usr.sbin/rtsold/rtsold.c (working copy) @@ -62,8 +62,8 @@ struct ifinfo *iflist; struct timeval tm_max = {0x7fffffff, 0x7fffffff}; static int log_upto = 999; static int fflag = 0; -static int Fflag = 0; /* force setting sysctl parameters */ +int Fflag = 0; /* force setting sysctl parameters */ int aflag = 0; int dflag = 0; @@ -197,12 +197,8 @@ main(int argc, char **argv) #endif if (Fflag) { - setinet6sysctl(IPV6CTL_ACCEPT_RTADV, 1); setinet6sysctl(IPV6CTL_FORWARDING, 0); } else { - /* warn if accept_rtadv is down */ - if (!getinet6sysctl(IPV6CTL_ACCEPT_RTADV)) - warnx("kernel is configured not to accept RAs"); /* warn if forwarding is up */ if (getinet6sysctl(IPV6CTL_FORWARDING)) warnx("kernel is configured as a router, not a host"); Index: usr.sbin/rtsold/rtsold.8 =================================================================== --- usr.sbin/rtsold/rtsold.8 (revision 197763) +++ usr.sbin/rtsold/rtsold.8 (working copy) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 17, 1998 +.Dd September 2, 2009 .Dt RTSOLD 8 .Os .\" @@ -186,7 +186,9 @@ if they are incompatible with proper operation, warning messages will be generated, but Router Solicitations will still be sent. The settings may be changed manually with -.Xr sysctl 8 . +.Xr sysctl 8 +and +.Xr ifconfig 8 . .It Fl m Enable mobility support. If this option is specified, Index: usr.sbin/rtsold/rtsold.h =================================================================== --- usr.sbin/rtsold/rtsold.h (revision 197763) +++ usr.sbin/rtsold/rtsold.h (working copy) @@ -67,6 +67,7 @@ struct ifinfo { extern struct timeval tm_max; extern int dflag; extern int aflag; +extern int Fflag; extern char *otherconf_script; extern int ifconfig(char *); extern void iflist_init(void); Property changes on: usr.sbin/ndp ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/ndp:r197138,197526 Index: usr.sbin/ndp/ndp.c =================================================================== --- usr.sbin/ndp/ndp.c (revision 197763) +++ usr.sbin/ndp/ndp.c (working copy) @@ -1004,6 +1004,9 @@ ifinfo(ifname, argc, argv) #ifdef ND6_IFF_ACCEPT_RTADV SETFLAG("accept_rtadv", ND6_IFF_ACCEPT_RTADV); #endif +#ifdef ND6_IFF_AUTO_LINKLOCAL + SETFLAG("auto_linklocal", ND6_IFF_AUTO_LINKLOCAL); +#endif #ifdef ND6_IFF_PREFER_SOURCE SETFLAG("prefer_source", ND6_IFF_PREFER_SOURCE); #endif @@ -1076,6 +1079,10 @@ ifinfo(ifname, argc, argv) if ((ND.flags & ND6_IFF_ACCEPT_RTADV)) printf("accept_rtadv "); #endif +#ifdef ND6_IFF_AUTO_LINKLOCAL + if ((ND.flags & ND6_IFF_AUTO_LINKLOCAL)) + printf("auto_linklocal "); +#endif #ifdef ND6_IFF_PREFER_SOURCE if ((ND.flags & ND6_IFF_PREFER_SOURCE)) printf("prefer_source "); Index: usr.sbin/ndp/ndp.8 =================================================================== --- usr.sbin/ndp/ndp.8 (revision 197763) +++ usr.sbin/ndp/ndp.8 (working copy) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 17, 1998 +.Dd September 2, 2009 .Dt NDP 8 .Os .\" @@ -182,11 +182,16 @@ NUD is usually turned on by default. Specify whether or not to accept Router Advertisement messages received on the .Ar interface . -Note that the kernel does not accept Router Advertisement messages -unless the -.Li net.inet6.ip6.accept_rtadv -variable is non-0, even if the flag is on. -This flag is set to 1 by default. +This flag is set by +.Va net.inet6.ip6.accept_rtadv +sysctl variable. +.It Ic auto_linklocal +Specify whether or not to perform automatic link-local address configuration +on +.Ar interface . +This flag is set by +.Va net.inet6.ip6.auto_linklocal +sysctl variable. .It Ic prefer_source Prefer addresses on the .Ar interface @@ -204,9 +209,8 @@ In the sending case, an error of ENETDOWN will be application. This flag is typically set automatically in the kernel as a result of a certain failure of Duplicate Address Detection. -While the flag can be set or cleared by hand with the -.Nm -command, it is not generally advisable to modify this flag manually. +If the auto_linklocal per-interface flag is set, automatic link-local +address configuration is performed again when this flag is cleared. .It Ic basereachable Ns Li = Ns Pq Ar number Specify the BaseReachbleTimer on the interface in millisecond. .It Ic retrans Ns Li = Ns Pq Ar number @@ -253,6 +257,10 @@ Most useful when used with The .Nm utility first appeared in the WIDE Hydrangea IPv6 protocol stack kit. +The +.Fl I Ar auto_linklocal +flag first appeared in +.Fx 8.0 . .\" .\" .Sh BUGS .\" (to be written) Property changes on: usr.sbin/jls ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/jls:r197526 Property changes on: usr.sbin/freebsd-update ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/freebsd-update:r197526 Property changes on: usr.sbin/ppp ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/ppp:r197526 Property changes on: usr.sbin/ntp ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/ntp:r197526 Property changes on: usr.sbin/traceroute6 ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/traceroute6:r197526 Property changes on: usr.sbin/pstat ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/pstat:r197526 Property changes on: usr.sbin/dumpcis/cis.h ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/dumpcis/cis.h:r197526 Property changes on: usr.sbin/dumpcis/cardinfo.h ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/dumpcis/cardinfo.h:r197526 Property changes on: usr.sbin/sysinstall ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/sysinstall:r197526 Property changes on: usr.sbin/arp ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/arp:r197526 Property changes on: usr.sbin/zic ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/zic:r197526 Property changes on: usr.sbin/iostat ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/iostat:r197526 Property changes on: usr.sbin/mfiutil/mfiutil.8 ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/mfiutil/mfiutil.8:r197526 Property changes on: usr.sbin/mfiutil/mfiutil.1 ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/mfiutil/mfiutil.1:r197526 Property changes on: usr.sbin/mfiutil/README ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/usr.sbin/mfiutil/README:r197526 Property changes on: share/zoneinfo ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/share/zoneinfo:r197526 Property changes on: share/man/man4 ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/share/man/man4:r197138,197526 Index: share/man/man4/inet6.4 =================================================================== --- share/man/man4/inet6.4 (revision 197763) +++ share/man/man4/inet6.4 (working copy) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 29, 1999 +.Dd September 2, 2009 .Dt INET6 4 .Os .Sh NAME @@ -307,7 +307,8 @@ Integer: default maximum number of fragmented pack The flag is provided basically for avoiding possible DoS attacks. .It Dv IPV6CTL_ACCEPT_RTADV .Pq ip6.accept_rtadv -Boolean: enable/disable receiving of +Boolean: the default value of a per-interface flag to +enable/disable receiving of .Tn ICMPv6 router advertisement packets, and autoconfiguration of address prefixes and default routers. @@ -315,6 +316,11 @@ The node must be a host (not a router) for the option to be meaningful. Defaults to off. +.It Dv IPV6CTL_AUTO_LINKLOCAL +.Pq ip6.auto_linklocal +Boolean: the default value of a per-interface flag to +enable/disable performing automatic link-local address configuration. +Defaults to on. .It Dv IPV6CTL_KEEPFAITH .Pq ip6.keepfaith Boolean: enable/disable Property changes on: share/man/man5 ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/share/man/man5:r197145,197526 Index: share/man/man5/rc.conf.5 =================================================================== --- share/man/man5/rc.conf.5 (revision 197763) +++ share/man/man5/rc.conf.5 (working copy) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 17, 2009 +.Dd September 23, 2009 .Dt RC.CONF 5 .Os .Sh NAME @@ -351,11 +351,6 @@ If .Xr dhclient 8 is used to set the hostname via DHCP, this variable should be set to an empty string. -.It Va ipv6_enable -.Pq Vt bool -Enable support for IPv6 networking. -Note that this requires that the kernel has been compiled with -.Cd "options INET6" . .It Va nisdomainname .Pq Vt str The NIS domain name of this host, or @@ -1251,35 +1246,109 @@ It is also possible to rename interface by doing: ifconfig_ed0_name="net0" ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" .Ed +.It Va ipv6_enable +.Pq Vt bool +If the variable is +.Dq Li YES , +.Dq Li inet6 accept_rtadv +is added to all of +.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 +and the +.Va ipv6_prefer +is defined as +.Dq Li YES . +.Pp +This variable is deprecated. Use +.Va ipv6_prefer +and +.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 . +.It Va ipv6_prefer +.Pq Vt bool +This variable does the following: +.Pp +If the variable is +.Dq Li YES , +the default policy of the source address selection set by +.Xr ip6addrctl 8 +will be IPv6-preferred. +.Pp +If the variable is +.Dq Li NO , +the default policy of the source address selection set by +.Xr ip6addrctl 8 +will be IPv4-preferred, and all of interfaces which does not have the +corrsponding +.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 +variable will be marked as +.Dq Li IFDISABLED . +This means only IPv6 functionality on that interface is completely +disabled. For more details of +.Dq Li IFDISABLED +flag and keywords +.Dq Li inet6 ifdisabled , +see +.Xr ifconfig 8 . +.Pp .It Va ipv6_network_interfaces .Pq Vt str This is the IPv6 equivalent of .Va network_interfaces . -Instead of setting the ifconfig variables as -.Va ifconfig_ Ns Aq Ar interface -they should be set as -.Va ipv6_ifconfig_ Ns Aq Ar interface . -Aliases should be set as -.Va ipv6_ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n . -.Va ipv6_prefix_ Ns Aq Ar interface -does something. -Interfaces that do not have a -.Va ipv6_ifconfig_ Ns Aq Ar interface -setting will be auto configured by -.Xr rtsol 8 -if the +Normally manual configuration of this variable is not needed. +.Pp +IPv6 functionality on an interface should be configured by +.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , +instead of setting ifconfig parameters in +.Va ifconfig_ Ns Aq Ar interface . +Aliases should be set by +.Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n +with +.Dq Li inet6 +keyword. For example: +.Bd -literal +ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" +ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" +.Ed +.Pp +Interfaces that have an +.Dq Li inet6 accept_rtadv +keyword in +.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 +setting will be automatically configured by +.Xr rtsol 8 . +Note that this automatic configuration is disabled if the .Va ipv6_gateway_enable is set to -.Dq Li NO . -Note that the IPv6 networking code does not support the -.Pa /etc/start_if. Ns Aq Ar interface -files. +.Dq Li YES . +.It Va ipv6_prefix_ Ns Aq Ar interface +.Pq Vt str +If one or more prefixes are defined in +.Va ipv6_prefix_ Ns Aq Ar interface +addresses based on each prefix and the EUI-64 interface index will be +configured on that interface. .It Va ipv6_default_interface .Pq Vt str If not set to .Dq Li NO , this is the default output interface for scoped addresses. Now this works only for IPv6 link local multicast addresses. +.It Va ip6addrctl_enable +.Pq Vt bool +If set to +.Dq Li YES , +install default address selection policy table +.Pq RFC 3484 . +If a file +.Pa /etc/ip6addrctl.conf +is found the +.Xr ip6addrctl 8 +reads and installs it. +If not, a pre-defined policy table will be installed. +There are two pre-defined ones; IPv4-preferred and IPv6-preferred. +If set +.Va ipv6_prefer +variable to +.Dq Li YES +the IPv6-preferred one is used. Default is IPv4-preferred. .It Va cloned_interfaces .Pq Vt str Set to the list of clonable network interfaces to create on this host. @@ -2291,48 +2360,48 @@ between interfaces. .Pq Vt bool The IPv6 equivalent of .Va gateway_enable . -.It Va router_enable +.It Va routed_enable .Pq Vt bool If set to .Dq Li YES , run a routing daemon of some sort, based on the settings of -.Va router +.Va routed_program and -.Va router_flags . -.It Va ipv6_router_enable +.Va routed_flags . +.It Va route6d_enable .Pq Vt bool The IPv6 equivalent of -.Va router_enable . +.Va routed_enable . If set to .Dq Li YES , run a routing daemon of some sort, based on the settings of -.Va ipv6_router +.Va route6d_program and -.Va ipv6_router_flags . -.It Va router +.Va route6d_flags . +.It Va routed_program .Pq Vt str If -.Va router_enable +.Va routed_enable is set to .Dq Li YES , this is the name of the routing daemon to use. -.It Va ipv6_router +.It Va route6d_program .Pq Vt str The IPv6 equivalent of -.Va router . -.It Va router_flags +.Va routed_program . +.It Va routed_flags .Pq Vt str If -.Va router_enable +.Va routed_enable is set to .Dq Li YES , these are the flags to pass to the routing daemon. -.It Va ipv6_router_flags +.It Va route6d_flags .Pq Vt str The IPv6 equivalent of -.Va router_flags . +.Va routed_flags . .It Va mrouted_enable .Pq Vt bool If set to Property changes on: share/man/man7 ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/share/man/man7:r197526 Property changes on: share/man/man9 ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/share/man/man9:r197526 Property changes on: share/timedef ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/share/timedef:r197526 Property changes on: sbin ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sbin:r197526 Property changes on: sbin/bsdlabel ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sbin/bsdlabel:r197526 Property changes on: sbin/mount ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sbin/mount:r197526 Property changes on: sbin/ipfw ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sbin/ipfw:r197526 Property changes on: sbin/ifconfig ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sbin/ifconfig:r197138,197142,197526 Index: sbin/ifconfig/ifconfig.8 =================================================================== --- sbin/ifconfig/ifconfig.8 (revision 197763) +++ sbin/ifconfig/ifconfig.8 (working copy) @@ -28,7 +28,7 @@ .\" From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94 .\" $FreeBSD$ .\" -.Dd July 8, 2009 +.Dd September 23, 2009 .Dt IFCONFIG 8 .Os .Sh NAME @@ -598,6 +598,54 @@ If the interface was reset when previously marked the hardware will be re-initialized. .El .Pp +The following parameters are for ICMPv6 Neightbor Discovery Protocol. +Note that the address family keyword +.Dq Li inet6 +is needed for them: +.Bl -tag -width indent +.It Cm accept_rtadv +Set a flag to enable accepting ICMPv6 Router Advertisement messages. +.It Cm -accept_rtadv +Clear a flag +.Cm accept_rtadv . +.It Cm auto_linklocal +Set a flag to perform automatic link-local address configuration when +the interface becomes avalilable. +.It Cm -auto_linklocal +Clear a flag +.Cm auto_linklocal . +.It Cm defaultif +Set the specified interface as the default route when there is no +default router. +.It Cm -defaultif +Clear a flag +.Cm defaultif . +.It Cm ifdisabled +Set a flag to disable all of IPv6 network communications on the +specified interface. Note that if there are already configured IPv6 +addresses on that interface, all of them are marked as +.Dq tentative +and DAD will be performed when this flag is cleared. +.It Cm -ifdisabled +Clear a flag +.Cm ifdisabled . +When this flag is cleared and +.Cm auto_linklocal +flag is enabled, automatic configuration of a link-local address is +performed. +.It Cm nud +Set a flag to enable Neighbor Unreachability Detection. +.It Cm -nud +Clear a flag +.Cm nud . +.It Cm prefer_source +Set a flag to prefer addesses on the interface as candidates of the +source address for outgoing packets. +.It Cm -prefer_source +Clear a flag +.Cm prefer_source . +.El +.Pp The following parameters are specific to cloning IEEE 802.11 wireless interfaces with the .Cm create @@ -2197,6 +2245,24 @@ interfaces previously configured with Another name for the .Fl tunnel parameter. +.It Cm accept_rev_ethip_ver +Set a flag to acccept both correct EtherIP packets and ones +with reversed version field. Enabled by default. +This is for backward compatibility with +.Fx 6.1 , +6.2, 6.3, 7.0, and 7.1. +.It Cm -accept_rev_ethip_ver +Clear a flag +.Cm accept_rev_ethip_ver . +.It Cm send_rev_ethip_ver +Set a flag to send EtherIP packets with reversed version +field intentionally. Disabled by default. +This is for backward compatibility with +.Fx 6.1 , +6.2, 6.3, 7.0, and 7.1. +.It Cm -send_rev_ethip_ver +Clear a flag +.Cm send_rev_ethip_ver . .El .Pp The following parameters are specific to GRE tunnel interfaces, @@ -2421,6 +2487,9 @@ from the interface .Li ed0 : .Dl # ifconfig ed0 inet 192.0.2.45 -alias .Pp +Enable IPv6 functionality of the interface: +.Dl # ifconfig em0 inet6 -ifdisabled +.Pp Add the IPv6 address .Li 2001:DB8:DBDB::123/48 to the interface @@ -2457,6 +2526,7 @@ tried to alter an interface's configuration. .Sh SEE ALSO .Xr netstat 1 , .Xr carp 4 , +.Xr gif 4 , .Xr netintro 4 , .Xr pfsync 4 , .Xr polling 4 , @@ -2475,12 +2545,13 @@ utility appeared in Basic IPv6 node operation requires a link-local address on each interface configured for IPv6. Normally, such an address is automatically configured by the -kernel on each interface added to the system; this behaviour may -be disabled by setting the sysctl MIB variable -.Va net.inet6.ip6.auto_linklocal -to 0. +kernel on each interface added to the system or enabled; this behavior may +be disabled by setting per-interface flag +.Cm -auto_linklocal . +The default value of this flag is 1 and can be disabled by using the sysctl +MIB variable +.Va net.inet6.ip6.auto_linklocal . .Pp -If you delete such an address using -.Nm , -the kernel may act very odd. -Do this at your own risk. +Do not configure IPv6 addresses with no link-local address by using +.Nm . +It can result in unexpected behaviors of the kernel. Index: sbin/ifconfig/af_inet6.c =================================================================== --- sbin/ifconfig/af_inet6.c (revision 197763) +++ sbin/ifconfig/af_inet6.c (working copy) @@ -67,6 +67,9 @@ static int prefix(void *, int); static char *sec2str(time_t); static int explicit_prefix = 0; +extern void setnd6flags(const char *, int, int, const struct afswtch *); +extern void setnd6defif(const char *, int, int, const struct afswtch *); + static char addr_buf[MAXHOSTNAMELEN *2 + 1]; /*for getnameinfo()*/ static void @@ -493,6 +496,18 @@ static struct cmd inet6_cmds[] = { DEF_CMD("-deprecated", -IN6_IFF_DEPRECATED, setip6flags), DEF_CMD("autoconf", IN6_IFF_AUTOCONF, setip6flags), DEF_CMD("-autoconf", -IN6_IFF_AUTOCONF, setip6flags), + DEF_CMD("accept_rtadv", ND6_IFF_ACCEPT_RTADV, setnd6flags), + DEF_CMD("-accept_rtadv",-ND6_IFF_ACCEPT_RTADV, setnd6flags), + DEF_CMD("defaultif", 1, setnd6defif), + DEF_CMD("-defaultif", -1, setnd6defif), + DEF_CMD("ifdisabled", ND6_IFF_IFDISABLED, setnd6flags), + DEF_CMD("-ifdisabled", -ND6_IFF_IFDISABLED, setnd6flags), + DEF_CMD("nud", ND6_IFF_PERFORMNUD, setnd6flags), + DEF_CMD("-nud", -ND6_IFF_PERFORMNUD, setnd6flags), + DEF_CMD("prefer_source",ND6_IFF_PREFER_SOURCE, setnd6flags), + DEF_CMD("-prefer_source",-ND6_IFF_PREFER_SOURCE,setnd6flags), + DEF_CMD("auto_linklocal",ND6_IFF_AUTO_LINKLOCAL,setnd6flags), + DEF_CMD("-auto_linklocal",-ND6_IFF_AUTO_LINKLOCAL,setnd6flags), DEF_CMD_ARG("pltime", setip6pltime), DEF_CMD_ARG("vltime", setip6vltime), DEF_CMD("eui64", 0, setip6eui64), Index: sbin/ifconfig/Makefile =================================================================== --- sbin/ifconfig/Makefile (revision 197763) +++ sbin/ifconfig/Makefile (working copy) @@ -18,6 +18,7 @@ SRCS+= af_link.c # LLC support SRCS+= af_inet.c # IPv4 support SRCS+= af_inet6.c # IPv6 support SRCS+= af_atalk.c # AppleTalk support +SRCS+= af_nd6.c # ND6 support SRCS+= ifclone.c # clone device support SRCS+= ifmac.c # MAC support Property changes on: sbin/geom ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sbin/geom:r197526 Property changes on: sbin/umount ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sbin/umount:r197526 Property changes on: sbin/camcontrol ___________________________________________________________________ Modified: svn:mergeinfo Merged /head/sbin/camcontrol:r197526