| @@ -1,464 +1,464 @@ | | | @@ -1,464 +1,464 @@ |
1 | #!/bin/sh | | 1 | #!/bin/sh |
2 | # | | 2 | # |
3 | # $NetBSD: network,v 1.54 2008/09/20 12:12:38 apb Exp $ | | 3 | # $NetBSD: network,v 1.55 2008/09/20 14:22:57 apb Exp $ |
4 | # | | 4 | # |
5 | | | 5 | |
6 | # PROVIDE: network | | 6 | # PROVIDE: network |
7 | # REQUIRE: ipfilter ipsec mountcritlocal root tty sysctl | | 7 | # REQUIRE: ipfilter ipsec mountcritlocal root tty sysctl |
8 | # BEFORE: NETWORKING | | 8 | # BEFORE: NETWORKING |
9 | | | 9 | |
10 | $_rc_subr_loaded . /etc/rc.subr | | 10 | $_rc_subr_loaded . /etc/rc.subr |
11 | | | 11 | |
12 | name="network" | | 12 | name="network" |
13 | start_cmd="network_start" | | 13 | start_cmd="network_start" |
14 | stop_cmd="network_stop" | | 14 | stop_cmd="network_stop" |
15 | | | 15 | |
16 | nl=' | | 16 | nl=' |
17 | ' # a newline | | 17 | ' # a newline |
18 | | | 18 | |
19 | network_start() | | 19 | network_start() |
20 | { | | 20 | { |
21 | # set hostname, turn on network | | 21 | # set hostname, turn on network |
22 | # | | 22 | # |
23 | echo "Starting network." | | 23 | echo "Starting network." |
24 | | | 24 | |
25 | # If $hostname is set, use it for my Internet name, | | 25 | # If $hostname is set, use it for my Internet name, |
26 | # otherwise use /etc/myname | | 26 | # otherwise use /etc/myname |
27 | # | | 27 | # |
28 | if [ -z "$hostname" ] && [ -f /etc/myname ]; then | | 28 | if [ -z "$hostname" ] && [ -f /etc/myname ]; then |
29 | hostname=$(cat /etc/myname) | | 29 | hostname=$(cat /etc/myname) |
30 | fi | | 30 | fi |
31 | if [ -n "$hostname" ]; then | | 31 | if [ -n "$hostname" ]; then |
32 | echo "Hostname: $hostname" | | 32 | echo "Hostname: $hostname" |
33 | hostname $hostname | | 33 | hostname $hostname |
34 | else | | 34 | else |
35 | # Don't warn about it if we're going to run | | 35 | # Don't warn about it if we're going to run |
36 | # DHCP later, as we will probably get the | | 36 | # DHCP later, as we will probably get the |
37 | # hostname at that time. | | 37 | # hostname at that time. |
38 | # | | 38 | # |
39 | if ! checkyesno dhclient && [ -z "$(hostname)" ]; then | | 39 | if ! checkyesno dhclient && [ -z "$(hostname)" ]; then |
40 | warn "\$hostname not set." | | 40 | warn "\$hostname not set." |
41 | fi | | 41 | fi |
42 | fi | | 42 | fi |
43 | | | 43 | |
44 | # Check $domainname first, then /etc/defaultdomain, | | 44 | # Check $domainname first, then /etc/defaultdomain, |
45 | # for NIS/YP domain name | | 45 | # for NIS/YP domain name |
46 | # | | 46 | # |
47 | if [ -z "$domainname" ] && [ -f /etc/defaultdomain ]; then | | 47 | if [ -z "$domainname" ] && [ -f /etc/defaultdomain ]; then |
48 | domainname=$(cat /etc/defaultdomain) | | 48 | domainname=$(cat /etc/defaultdomain) |
49 | fi | | 49 | fi |
50 | if [ -n "$domainname" ]; then | | 50 | if [ -n "$domainname" ]; then |
51 | echo "NIS domainname: $domainname" | | 51 | echo "NIS domainname: $domainname" |
52 | domainname $domainname | | 52 | domainname $domainname |
53 | fi | | 53 | fi |
54 | | | 54 | |
55 | # Flush all routes just to make sure it is clean | | 55 | # Flush all routes just to make sure it is clean |
56 | if checkyesno flushroutes; then | | 56 | if checkyesno flushroutes; then |
57 | /sbin/route -qn flush | | 57 | /sbin/route -qn flush |
58 | fi | | 58 | fi |
59 | | | 59 | |
60 | # Set the address for the first loopback interface, so that the | | 60 | # Set the address for the first loopback interface, so that the |
61 | # auto-route from a newly configured interface's address to lo0 | | 61 | # auto-route from a newly configured interface's address to lo0 |
62 | # works correctly. | | 62 | # works correctly. |
63 | # | | 63 | # |
64 | # NOTE: obscure networking problems will occur if lo0 isn't configured. | | 64 | # NOTE: obscure networking problems will occur if lo0 isn't configured. |
65 | # | | 65 | # |
66 | /sbin/ifconfig lo0 inet 127.0.0.1 | | 66 | /sbin/ifconfig lo0 inet 127.0.0.1 |
67 | | | 67 | |
68 | # According to RFC1122, 127.0.0.0/8 must not leave the node. | | 68 | # According to RFC1122, 127.0.0.0/8 must not leave the node. |
69 | # | | 69 | # |
70 | /sbin/route -q add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject | | 70 | /sbin/route -q add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject |
71 | | | 71 | |
72 | # IPv6 routing setups, and host/router mode selection. | | 72 | # IPv6 routing setups, and host/router mode selection. |
73 | # | | 73 | # |
74 | if /sbin/ifconfig lo0 inet6 >/dev/null 2>&1; then | | 74 | if /sbin/ifconfig lo0 inet6 >/dev/null 2>&1; then |
75 | # We have IPv6 support in kernel. | | 75 | # We have IPv6 support in kernel. |
76 | | | 76 | |
77 | # disallow link-local unicast dest without outgoing scope | | 77 | # disallow link-local unicast dest without outgoing scope |
78 | # identifiers. | | 78 | # identifiers. |
79 | # | | 79 | # |
80 | /sbin/route -q add -inet6 fe80:: -prefixlen 10 ::1 -reject | | 80 | /sbin/route -q add -inet6 fe80:: -prefixlen 10 ::1 -reject |
81 | | | 81 | |
82 | # disallow the use of the RFC3849 documentation address | | 82 | # disallow the use of the RFC3849 documentation address |
83 | # | | 83 | # |
84 | /sbin/route -q add -inet6 2001:db8:: -prefixlen 32 ::1 -reject | | 84 | /sbin/route -q add -inet6 2001:db8:: -prefixlen 32 ::1 -reject |
85 | | | 85 | |
86 | # IPv6 site-local scoped address prefix (fec0::/10) | | 86 | # IPv6 site-local scoped address prefix (fec0::/10) |
87 | # has been deprecated by RFC3879. | | 87 | # has been deprecated by RFC3879. |
88 | # | | 88 | # |
89 | if [ -n "$ip6sitelocal" ]; then | | 89 | if [ -n "$ip6sitelocal" ]; then |
90 | warn "\$ip6sitelocal is no longer valid" | | 90 | warn "\$ip6sitelocal is no longer valid" |
91 | fi | | 91 | fi |
92 | | | 92 | |
93 | # disallow "internal" addresses to appear on the wire. | | 93 | # disallow "internal" addresses to appear on the wire. |
94 | # | | 94 | # |
95 | /sbin/route -q add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject | | 95 | /sbin/route -q add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject |
96 | | | 96 | |
97 | # disallow packets to malicious IPv4 compatible prefix | | 97 | # disallow packets to malicious IPv4 compatible prefix |
98 | # | | 98 | # |
99 | /sbin/route -q add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject | | 99 | /sbin/route -q add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject |
100 | /sbin/route -q add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject | | 100 | /sbin/route -q add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject |
101 | /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject | | 101 | /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject |
102 | /sbin/route -q add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject | | 102 | /sbin/route -q add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject |
103 | | | 103 | |
104 | # disallow packets to malicious 6to4 prefix | | 104 | # disallow packets to malicious 6to4 prefix |
105 | # | | 105 | # |
106 | /sbin/route -q add -inet6 2002:e000:: -prefixlen 20 ::1 -reject | | 106 | /sbin/route -q add -inet6 2002:e000:: -prefixlen 20 ::1 -reject |
107 | /sbin/route -q add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject | | 107 | /sbin/route -q add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject |
108 | /sbin/route -q add -inet6 2002:0000:: -prefixlen 24 ::1 -reject | | 108 | /sbin/route -q add -inet6 2002:0000:: -prefixlen 24 ::1 -reject |
109 | /sbin/route -q add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject | | 109 | /sbin/route -q add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject |
110 | | | 110 | |
111 | # Completely disallow packets to IPv4 compatible prefix. | | 111 | # Completely disallow packets to IPv4 compatible prefix. |
112 | # This may conflict with RFC1933 under following circumstances: | | 112 | # This may conflict with RFC1933 under following circumstances: |
113 | # (1) An IPv6-only KAME node tries to originate packets to IPv4 | | 113 | # (1) An IPv6-only KAME node tries to originate packets to IPv4 |
114 | # compatible destination. The KAME node has no IPv4 | | 114 | # compatible destination. The KAME node has no IPv4 |
115 | # compatible support. Under RFC1933, it should transmit | | 115 | # compatible support. Under RFC1933, it should transmit |
116 | # native IPv6 packets toward IPv4 compatible destination, | | 116 | # native IPv6 packets toward IPv4 compatible destination, |
117 | # hoping it would reach a router that forwards the packet | | 117 | # hoping it would reach a router that forwards the packet |
118 | # toward auto-tunnel interface. | | 118 | # toward auto-tunnel interface. |
119 | # (2) An IPv6-only node originates a packet to IPv4 compatible | | 119 | # (2) An IPv6-only node originates a packet to IPv4 compatible |
120 | # destination. A KAME node is acting as an IPv6 router, and | | 120 | # destination. A KAME node is acting as an IPv6 router, and |
121 | # asked to forward it. | | 121 | # asked to forward it. |
122 | # Due to rare use of IPv4 compatible address, and security | | 122 | # Due to rare use of IPv4 compatible address, and security |
123 | # issues with it, we disable it by default. | | 123 | # issues with it, we disable it by default. |
124 | # | | 124 | # |
125 | /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject | | 125 | /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject |
126 | | | 126 | |
127 | /sbin/sysctl -qw net.inet6.ip6.forwarding=0 | | 127 | /sbin/sysctl -qw net.inet6.ip6.forwarding=0 |
128 | /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=0 | | 128 | /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=0 |
129 | | | 129 | |
130 | case $ip6mode in | | 130 | case $ip6mode in |
131 | router) | | 131 | router) |
132 | echo 'IPv6 mode: router' | | 132 | echo 'IPv6 mode: router' |
133 | /sbin/sysctl -qw net.inet6.ip6.forwarding=1 | | 133 | /sbin/sysctl -qw net.inet6.ip6.forwarding=1 |
134 | | | 134 | |
135 | # disallow unique-local unicast forwarding without | | 135 | # disallow unique-local unicast forwarding without |
136 | # explicit configuration. | | 136 | # explicit configuration. |
137 | if ! checkyesno ip6uniquelocal; then | | 137 | if ! checkyesno ip6uniquelocal; then |
138 | /sbin/route -q add -inet6 fc00:: -prefixlen 7 \ | | 138 | /sbin/route -q add -inet6 fc00:: -prefixlen 7 \ |
139 | ::1 -reject | | 139 | ::1 -reject |
140 | fi | | 140 | fi |
141 | ;; | | 141 | ;; |
142 | | | 142 | |
143 | autohost) | | 143 | autohost) |
144 | echo 'IPv6 mode: autoconfigured host' | | 144 | echo 'IPv6 mode: autoconfigured host' |
145 | /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=1 | | 145 | /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=1 |
146 | ;; | | 146 | ;; |
147 | | | 147 | |
148 | host) | | 148 | host) |
149 | echo 'IPv6 mode: host' | | 149 | echo 'IPv6 mode: host' |
150 | ;; | | 150 | ;; |
151 | | | 151 | |
152 | *) warn "invalid \$ip6mode value "\"$ip6mode\" | | 152 | *) warn "invalid \$ip6mode value "\"$ip6mode\" |
153 | ;; | | 153 | ;; |
154 | | | 154 | |
155 | esac | | 155 | esac |
156 | fi | | 156 | fi |
157 | | | 157 | |
158 | # Configure all of the network interfaces listed in $net_interfaces; | | 158 | # Configure all of the network interfaces listed in $net_interfaces; |
159 | # if $auto_ifconfig is YES, grab all interfaces from ifconfig. | | 159 | # if $auto_ifconfig is YES, grab all interfaces from ifconfig. |
160 | # In the following, "xxN" stands in for interface names, like "le0". | | 160 | # In the following, "xxN" stands in for interface names, like "le0". |
161 | # | | 161 | # |
162 | # For any interfaces that has an $ifconfig_xxN variable | | 162 | # For any interfaces that has an $ifconfig_xxN variable |
163 | # associated, we break it into lines using ';' as a separator, | | 163 | # associated, we break it into lines using ';' as a separator, |
164 | # then process it just like the contents of an /etc/ifconfig.xxN | | 164 | # then process it just like the contents of an /etc/ifconfig.xxN |
165 | # file. | | 165 | # file. |
166 | # | | 166 | # |
167 | # For each line from the $ifconfig_xxN variable or the | | 167 | # For each line from the $ifconfig_xxN variable or the |
168 | # /etc/ifconfig.xxN file, we ignore comments and blank lines, | | 168 | # /etc/ifconfig.xxN file, we ignore comments and blank lines, |
169 | # treat lines beginning with "!" as commands to execute, treat | | 169 | # treat lines beginning with "!" as commands to execute, treat |
170 | # "dhcp" as a special case to invoke dhcpcd, and for any other | | 170 | # "dhcp" as a special case to invoke dhcpcd, and for any other |
171 | # line we run "ifconfig xxN", using each line of the file as the | | 171 | # line we run "ifconfig xxN", using each line of the file as the |
172 | # arguments for a separate "ifconfig" invocation. | | 172 | # arguments for a separate "ifconfig" invocation. |
173 | # | | 173 | # |
174 | # In order to configure an interface reasonably, you at the very least | | 174 | # In order to configure an interface reasonably, you at the very least |
175 | # need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"), | | 175 | # need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"), |
176 | # and probably a netmask (as in "netmask 0xffffffe0"). You will | | 176 | # and probably a netmask (as in "netmask 0xffffffe0"). You will |
177 | # frequently need to specify a media type, as in "media UTP", for | | 177 | # frequently need to specify a media type, as in "media UTP", for |
178 | # interface cards with multiple media connections that do not | | 178 | # interface cards with multiple media connections that do not |
179 | # autoconfigure. See the ifconfig manual page for details. | | 179 | # autoconfigure. See the ifconfig manual page for details. |
180 | # | | 180 | # |
181 | # Note that /etc/ifconfig.xxN takes multiple lines. The following | | 181 | # Note that /etc/ifconfig.xxN takes multiple lines. The following |
182 | # configuration is possible: | | 182 | # configuration is possible: |
183 | # inet 10.1.1.1 netmask 0xffffff00 | | 183 | # inet 10.1.1.1 netmask 0xffffff00 |
184 | # inet 10.1.1.2 netmask 0xffffff00 alias | | 184 | # inet 10.1.1.2 netmask 0xffffff00 alias |
185 | # inet6 2001:db8::1 prefixlen 64 alias | | 185 | # inet6 2001:db8::1 prefixlen 64 alias |
186 | # | | 186 | # |
187 | # You can put shell script fragment into /etc/ifconfig.xxN by | | 187 | # You can put shell script fragment into /etc/ifconfig.xxN by |
188 | # starting a line with "!". Refer to ifconfig.if(5) for details. | | 188 | # starting a line with "!". Refer to ifconfig.if(5) for details. |
189 | # | | 189 | # |
190 | if [ "$net_interfaces" != NO ]; then | | 190 | if [ "$net_interfaces" != NO ]; then |
191 | if checkyesno auto_ifconfig; then | | 191 | if checkyesno auto_ifconfig; then |
192 | tmp=$(/sbin/ifconfig -l) | | 192 | tmp=$(/sbin/ifconfig -l) |
193 | for cloner in $(/sbin/ifconfig -C 2>/dev/null); do | | 193 | for cloner in $(/sbin/ifconfig -C 2>/dev/null); do |
194 | for int in /etc/ifconfig.${cloner}[0-9]*; do | | 194 | for int in /etc/ifconfig.${cloner}[0-9]*; do |
195 | [ ! -f $int ] && break | | 195 | [ ! -f $int ] && break |
196 | tmp="$tmp ${int##*.}" | | 196 | tmp="$tmp ${int##*.}" |
197 | done | | 197 | done |
198 | done | | 198 | done |
199 | else | | 199 | else |
200 | tmp="$net_interfaces" | | 200 | tmp="$net_interfaces" |
201 | fi | | 201 | fi |
202 | echo -n 'Configuring network interfaces:' | | 202 | echo -n 'Configuring network interfaces:' |
203 | for int in $tmp; do | | 203 | for int in $tmp; do |
204 | eval argslist=\$ifconfig_$int | | 204 | eval argslist=\$ifconfig_$int |
205 | | | 205 | |
206 | # Skip interfaces that do not have explicit | | 206 | # Skip interfaces that do not have explicit |
207 | # configuration information. If auto_ifconfig is | | 207 | # configuration information. If auto_ifconfig is |
208 | # false then also warn about such interfaces. | | 208 | # false then also warn about such interfaces. |
209 | # | | 209 | # |
210 | if [ -z "$argslist" ] && ! [ -f /etc/ifconfig.$int ] | | 210 | if [ -z "$argslist" ] && ! [ -f /etc/ifconfig.$int ] |
211 | then | | 211 | then |
212 | if ! checkyesno auto_ifconfig; then | | 212 | if ! checkyesno auto_ifconfig; then |
213 | echo | | 213 | echo |
214 | warn \ | | 214 | warn \ |
215 | "/etc/ifconfig.$int missing and ifconfig_$int not set;" | | 215 | "/etc/ifconfig.$int missing and ifconfig_$int not set;" |
216 | warn "interface $int not configured." | | 216 | warn "interface $int not configured." |
217 | fi | | 217 | fi |
218 | continue | | 218 | continue |
219 | fi | | 219 | fi |
220 | | | 220 | |
221 | echo -n " $int" | | 221 | echo -n " $int" |
222 | | | 222 | |
223 | # Create the interface if necessary. | | 223 | # Create the interface if necessary. |
224 | # If the interface did not exist before, | | 224 | # If the interface did not exist before, |
225 | # then also resync ipf(4). | | 225 | # then also resync ipf(4). |
226 | # | | 226 | # |
227 | if /sbin/ifconfig $int create 2>/dev/null && \ | | 227 | if /sbin/ifconfig $int create 2>/dev/null && \ |
228 | checkyesno ipfilter; then | | 228 | checkyesno ipfilter; then |
229 | /sbin/ipf -y >/dev/null | | 229 | /sbin/ipf -y >/dev/null |
230 | fi | | 230 | fi |
231 | | | 231 | |
232 | # If $ifconfig_xxN is empty, then use | | 232 | # If $ifconfig_xxN is empty, then use |
233 | # /etc/ifconfig.xxN, which we know exists due to | | 233 | # /etc/ifconfig.xxN, which we know exists due to |
234 | # an earlier test. | | 234 | # an earlier test. |
235 | # | | 235 | # |
236 | # If $ifconfig_xxN is non-empty and contains a | | 236 | # If $ifconfig_xxN is non-empty and contains a |
237 | # newline, then just use it as is. (This allows | | 237 | # newline, then just use it as is. (This allows |
238 | # semicolons through unmolested.) | | 238 | # semicolons through unmolested.) |
239 | # | | 239 | # |
240 | # If $ifconfig_xxN is non-empty and does not | | 240 | # If $ifconfig_xxN is non-empty and does not |
241 | # contain a newline, then convert all semicolons | | 241 | # contain a newline, then convert all semicolons |
242 | # to newlines. | | 242 | # to newlines. |
243 | # | | 243 | # |
244 | case "$argslist" in | | 244 | case "$argslist" in |
245 | '') | | 245 | '') |
246 | cat /etc/ifconfig.$int | | 246 | cat /etc/ifconfig.$int |
247 | ;; | | 247 | ;; |
248 | *"${nl}"*) | | 248 | *"${nl}"*) |
249 | echo "$argslist" | | 249 | echo "$argslist" |
250 | ;; | | 250 | ;; |
251 | *) | | 251 | *) |
252 | ( | | 252 | ( |
253 | set -o noglob | | 253 | set -o noglob |
254 | IFS=';'; set -- $argslist | | 254 | IFS=';'; set -- $argslist |
255 | #echo >&2 "[$#] [$1] [$2] [$3] [$4]" | | 255 | #echo >&2 "[$#] [$1] [$2] [$3] [$4]" |
256 | IFS="$nl"; echo "$*" | | 256 | IFS="$nl"; echo "$*" |
257 | ) | | 257 | ) |
258 | ;; | | 258 | ;; |
259 | esac | | | 259 | esac | |
260 | while read -r args; do | | 260 | while read -r args; do |
261 | case "$args" in | | 261 | case "$args" in |
262 | ''|"#"*|create) | | 262 | ''|"#"*|create) |
263 | ;; | | 263 | ;; |
264 | "!"*) | | 264 | "!"*) |
265 | # Run arbitrary command in a subshell. | | 265 | # Run arbitrary command in a subshell. |
266 | ( eval "${args#*!}" ) | | 266 | ( eval "${args#*!}" ) |
267 | ;; | | 267 | ;; |
268 | dhcp) | | 268 | dhcp) |
269 | /sbin/dhcpcd -n ${dhcpcd_flags} $int | | 269 | /sbin/dhcpcd -n ${dhcpcd_flags} $int |
270 | ;; | | 270 | ;; |
271 | *) | | 271 | *) |
272 | # Pass args to ifconfig. Note | | 272 | # Pass args to ifconfig. Note |
273 | # that args may contain embedded | | 273 | # that args may contain embedded |
274 | # shell metacharacters, such as | | 274 | # shell metacharacters, such as |
275 | # "ssid 'foo;*>bar'". | | 275 | # "ssid 'foo;*>bar'". |
276 | ( | | 276 | ( |
277 | set -o noglob | | 277 | set -o noglob |
278 | eval set -- "$args" | | 278 | set -- $args |
279 | #echo >&2 "[$#] [$1] [$2] [$3]" | | 279 | #echo >&2 "[$#] [$1] [$2] [$3]" |
280 | /sbin/ifconfig $int "$@" | | 280 | /sbin/ifconfig $int "$@" |
281 | ) | | 281 | ) |
282 | ;; | | 282 | ;; |
283 | esac | | 283 | esac |
284 | done | | 284 | done |
285 | configured_interfaces="$configured_interfaces $int" | | 285 | configured_interfaces="$configured_interfaces $int" |
286 | done | | 286 | done |
287 | echo "." | | 287 | echo "." |
288 | fi | | 288 | fi |
289 | | | 289 | |
290 | # Check $defaultroute, then /etc/mygate, for the name or address | | 290 | # Check $defaultroute, then /etc/mygate, for the name or address |
291 | # of my IPv4 gateway host. If using a name, that name must be in | | 291 | # of my IPv4 gateway host. If using a name, that name must be in |
292 | # /etc/hosts. | | 292 | # /etc/hosts. |
293 | # | | 293 | # |
294 | if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then | | 294 | if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then |
295 | defaultroute=$(cat /etc/mygate) | | 295 | defaultroute=$(cat /etc/mygate) |
296 | fi | | 296 | fi |
297 | if [ -n "$defaultroute" ]; then | | 297 | if [ -n "$defaultroute" ]; then |
298 | /sbin/route add default $defaultroute | | 298 | /sbin/route add default $defaultroute |
299 | fi | | 299 | fi |
300 | | | 300 | |
301 | # Check $defaultroute6, then /etc/mygate6, for the name or address | | 301 | # Check $defaultroute6, then /etc/mygate6, for the name or address |
302 | # of my IPv6 gateway host. If using a name, that name must be in | | 302 | # of my IPv6 gateway host. If using a name, that name must be in |
303 | # /etc/hosts. Note that the gateway host address must be a link-local | | 303 | # /etc/hosts. Note that the gateway host address must be a link-local |
304 | # address if it is not using an stf* interface. | | 304 | # address if it is not using an stf* interface. |
305 | # | | 305 | # |
306 | if [ -z "$defaultroute6" ] && [ -f /etc/mygate6 ]; then | | 306 | if [ -z "$defaultroute6" ] && [ -f /etc/mygate6 ]; then |
307 | defaultroute6=$(cat /etc/mygate6) | | 307 | defaultroute6=$(cat /etc/mygate6) |
308 | fi | | 308 | fi |
309 | if [ -n "$defaultroute6" ]; then | | 309 | if [ -n "$defaultroute6" ]; then |
310 | if [ "$ip6mode" = "autohost" ]; then | | 310 | if [ "$ip6mode" = "autohost" ]; then |
311 | echo | | 311 | echo |
312 | warn \ | | 312 | warn \ |
313 | "ip6mode is set to 'autohost' and a v6 default route is also set." | | 313 | "ip6mode is set to 'autohost' and a v6 default route is also set." |
314 | fi | | 314 | fi |
315 | /sbin/route add -inet6 default $defaultroute6 | | 315 | /sbin/route add -inet6 default $defaultroute6 |
316 | fi | | 316 | fi |
317 | | | 317 | |
318 | echo -n "Adding interface aliases:" | | 318 | echo -n "Adding interface aliases:" |
319 | | | 319 | |
320 | # Check if each configured interface xxN has an $ifaliases_xxN variable | | 320 | # Check if each configured interface xxN has an $ifaliases_xxN variable |
321 | # associated, then configure additional IP addresses for that interface. | | 321 | # associated, then configure additional IP addresses for that interface. |
322 | # The variable contains a list of "address netmask" pairs, with | | 322 | # The variable contains a list of "address netmask" pairs, with |
323 | # "netmask" set to "-" if the interface default netmask is to be used. | | 323 | # "netmask" set to "-" if the interface default netmask is to be used. |
324 | # | | 324 | # |
325 | # Note that $ifaliases_xxN works only in certain cases and its | | 325 | # Note that $ifaliases_xxN works only in certain cases and its |
326 | # use is not recommended. Use /etc/ifconfig.xxN or multiple | | 326 | # use is not recommended. Use /etc/ifconfig.xxN or multiple |
327 | # commands in $ifconfig_xxN instead. | | 327 | # commands in $ifconfig_xxN instead. |
328 | # | | 328 | # |
329 | for int in lo0 $configured_interfaces; do | | 329 | for int in lo0 $configured_interfaces; do |
330 | eval args=\$ifaliases_$int | | 330 | eval args=\$ifaliases_$int |
331 | if [ -n "$args" ]; then | | 331 | if [ -n "$args" ]; then |
332 | set -- $args | | 332 | set -- $args |
333 | while [ $# -ge 2 ]; do | | 333 | while [ $# -ge 2 ]; do |
334 | addr=$1 ; net=$2 ; shift 2 | | 334 | addr=$1 ; net=$2 ; shift 2 |
335 | if [ "$net" = "-" ]; then | | 335 | if [ "$net" = "-" ]; then |
336 | # for compatibility only, obsolete | | 336 | # for compatibility only, obsolete |
337 | /sbin/ifconfig $int inet alias $addr | | 337 | /sbin/ifconfig $int inet alias $addr |
338 | else | | 338 | else |
339 | /sbin/ifconfig $int inet alias $addr \ | | 339 | /sbin/ifconfig $int inet alias $addr \ |
340 | netmask $net | | 340 | netmask $net |
341 | fi | | 341 | fi |
342 | echo -n " $int:$addr" | | 342 | echo -n " $int:$addr" |
343 | done | | 343 | done |
344 | fi | | 344 | fi |
345 | done | | 345 | done |
346 | | | 346 | |
347 | # /etc/ifaliases, if it exists, contains the names of additional IP | | 347 | # /etc/ifaliases, if it exists, contains the names of additional IP |
348 | # addresses for each interface. It is formatted as a series of lines | | 348 | # addresses for each interface. It is formatted as a series of lines |
349 | # that contain | | 349 | # that contain |
350 | # address interface netmask | | 350 | # address interface netmask |
351 | # | | 351 | # |
352 | # Note that /etc/ifaliases works only in certain cases and its | | 352 | # Note that /etc/ifaliases works only in certain cases and its |
353 | # use is not recommended. Use /etc/ifconfig.xxN or multiple | | 353 | # use is not recommended. Use /etc/ifconfig.xxN or multiple |
354 | # commands in $ifconfig_xxN instead. | | 354 | # commands in $ifconfig_xxN instead. |
355 | # | | 355 | # |
356 | if [ -f /etc/ifaliases ]; then | | 356 | if [ -f /etc/ifaliases ]; then |
357 | while read addr int net; do | | 357 | while read addr int net; do |
358 | if [ -z "$net" ]; then | | 358 | if [ -z "$net" ]; then |
359 | # for compatibility only, obsolete | | 359 | # for compatibility only, obsolete |
360 | /sbin/ifconfig $int inet alias $addr | | 360 | /sbin/ifconfig $int inet alias $addr |
361 | else | | 361 | else |
362 | /sbin/ifconfig $int inet alias $addr netmask $net | | 362 | /sbin/ifconfig $int inet alias $addr netmask $net |
363 | fi | | 363 | fi |
364 | done < /etc/ifaliases | | 364 | done < /etc/ifaliases |
365 | fi | | 365 | fi |
366 | | | 366 | |
367 | echo | | 367 | echo |
368 | | | 368 | |
369 | # IPv6 interface autoconfiguration. | | 369 | # IPv6 interface autoconfiguration. |
370 | # | | 370 | # |
371 | if /sbin/ifconfig lo0 inet6 >/dev/null 2>&1; then | | 371 | if /sbin/ifconfig lo0 inet6 >/dev/null 2>&1; then |
372 | # wait till DAD is completed. always invoke it in case | | 372 | # wait till DAD is completed. always invoke it in case |
373 | # if are configured manually by ifconfig | | 373 | # if are configured manually by ifconfig |
374 | # | | 374 | # |
375 | dadcount=$(/sbin/sysctl -n net.inet6.ip6.dad_count 2>/dev/null) | | 375 | dadcount=$(/sbin/sysctl -n net.inet6.ip6.dad_count 2>/dev/null) |
376 | sleep $dadcount | | 376 | sleep $dadcount |
377 | sleep 1 | | 377 | sleep 1 |
378 | | | 378 | |
379 | if checkyesno rtsol; then | | 379 | if checkyesno rtsol; then |
380 | if [ "$ip6mode" = "autohost" ]; then | | 380 | if [ "$ip6mode" = "autohost" ]; then |
381 | echo 'Sending router solicitation...' | | 381 | echo 'Sending router solicitation...' |
382 | /sbin/rtsol $rtsol_flags | | 382 | /sbin/rtsol $rtsol_flags |
383 | else | | 383 | else |
384 | echo | | 384 | echo |
385 | warn \ | | 385 | warn \ |
386 | "ip6mode must be set to 'autohost' to use rtsol." | | 386 | "ip6mode must be set to 'autohost' to use rtsol." |
387 | fi | | 387 | fi |
388 | | | 388 | |
389 | # wait till DAD is completed, for global addresses | | 389 | # wait till DAD is completed, for global addresses |
390 | # configured by router advert message. | | 390 | # configured by router advert message. |
391 | # | | 391 | # |
392 | sleep $dadcount | | 392 | sleep $dadcount |
393 | sleep 1 | | 393 | sleep 1 |
394 | fi | | 394 | fi |
395 | fi | | 395 | fi |
396 | | | 396 | |
397 | # XXX this must die | | 397 | # XXX this must die |
398 | if [ -s /etc/netstart.local ]; then | | 398 | if [ -s /etc/netstart.local ]; then |
399 | sh /etc/netstart.local start | | 399 | sh /etc/netstart.local start |
400 | fi | | 400 | fi |
401 | } | | 401 | } |
402 | | | 402 | |
403 | network_stop() | | 403 | network_stop() |
404 | { | | 404 | { |
405 | echo "Stopping network." | | 405 | echo "Stopping network." |
406 | | | 406 | |
407 | # XXX this must die | | 407 | # XXX this must die |
408 | if [ -s /etc/netstart.local ]; then | | 408 | if [ -s /etc/netstart.local ]; then |
409 | sh /etc/netstart.local stop | | 409 | sh /etc/netstart.local stop |
410 | fi | | 410 | fi |
411 | | | 411 | |
412 | echo "Deleting aliases." | | 412 | echo "Deleting aliases." |
413 | if [ -f /etc/ifaliases ]; then | | 413 | if [ -f /etc/ifaliases ]; then |
414 | while read addr int net; do | | 414 | while read addr int net; do |
415 | /sbin/ifconfig $int inet delete $addr | | 415 | /sbin/ifconfig $int inet delete $addr |
416 | done < /etc/ifaliases | | 416 | done < /etc/ifaliases |
417 | fi | | 417 | fi |
418 | | | 418 | |
419 | for int in $(/sbin/ifconfig -lu); do | | 419 | for int in $(/sbin/ifconfig -lu); do |
420 | eval args=\$ifaliases_$int | | 420 | eval args=\$ifaliases_$int |
421 | if [ -n "$args" ]; then | | 421 | if [ -n "$args" ]; then |
422 | set -- $args | | 422 | set -- $args |
423 | while [ $# -ge 2 ]; do | | 423 | while [ $# -ge 2 ]; do |
424 | addr=$1 ; net=$2 ; shift 2 | | 424 | addr=$1 ; net=$2 ; shift 2 |
425 | /sbin/ifconfig $int inet delete $addr | | 425 | /sbin/ifconfig $int inet delete $addr |
426 | done | | 426 | done |
427 | fi | | 427 | fi |
428 | done | | 428 | done |
429 | | | 429 | |
430 | # down interfaces | | 430 | # down interfaces |
431 | # | | 431 | # |
432 | echo -n 'Downing network interfaces:' | | 432 | echo -n 'Downing network interfaces:' |
433 | if [ "$net_interfaces" != NO ]; then | | 433 | if [ "$net_interfaces" != NO ]; then |
434 | if checkyesno auto_ifconfig; then | | 434 | if checkyesno auto_ifconfig; then |
435 | tmp=$(/sbin/ifconfig -l) | | 435 | tmp=$(/sbin/ifconfig -l) |
436 | else | | 436 | else |
437 | tmp="$net_interfaces" | | 437 | tmp="$net_interfaces" |
438 | fi | | 438 | fi |
439 | for int in $tmp; do | | 439 | for int in $tmp; do |
440 | eval args=\$ifconfig_$int | | 440 | eval args=\$ifconfig_$int |
441 | if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then | | 441 | if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then |
442 | echo -n " $int" | | 442 | echo -n " $int" |
443 | /sbin/dhcpcd -k $int 2> /dev/null | | 443 | /sbin/dhcpcd -k $int 2> /dev/null |
444 | /sbin/ifconfig $int down | | 444 | /sbin/ifconfig $int down |
445 | if /sbin/ifconfig $int destroy 2>/dev/null && \ | | 445 | if /sbin/ifconfig $int destroy 2>/dev/null && \ |
446 | checkyesno ipfilter; then | | 446 | checkyesno ipfilter; then |
447 | # resync ipf(4) | | 447 | # resync ipf(4) |
448 | /sbin/ipf -y >/dev/null | | 448 | /sbin/ipf -y >/dev/null |
449 | fi | | 449 | fi |
450 | fi | | 450 | fi |
451 | done | | 451 | done |
452 | echo "." | | 452 | echo "." |
453 | fi | | 453 | fi |
454 | | | 454 | |
455 | # flush routes | | 455 | # flush routes |
456 | # | | 456 | # |
457 | /sbin/route -qn flush | | 457 | /sbin/route -qn flush |
458 | | | 458 | |
459 | } | | 459 | } |
460 | | | 460 | |
461 | load_rc_config $name | | 461 | load_rc_config $name |
462 | load_rc_config_var dhclient dhclient | | 462 | load_rc_config_var dhclient dhclient |
463 | load_rc_config_var ipfilter ipfilter | | 463 | load_rc_config_var ipfilter ipfilter |
464 | run_rc_command "$1" | | 464 | run_rc_command "$1" |