#
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
253238 |
|
11-Jul-2013 |
hrs |
MFC 251584:
Add :ifname modifier to specify interface-specific routes into {,ipv6_}static_routes and rc.d/routing. For example:
static_routes="foo bar:em0" route_foo="-net 10.0.0.0/24 -gateway 192.168.2.1" route_bar="-net 192.168.1.0/24 -gateway 192.168.0.2"
At boot time, all of the static routes are installed as before. The differences are:
- "/etc/rc.d/netif start/stop <if>" now configures static routes with :<if> if any. - "/etc/rc.d/routing start/stop <af> <if>" works as well. <af> cannot be omitted when <if> is specified, but a keyword "any" or "all" can be used for <af> and <if>.
|
#
253227 |
|
11-Jul-2013 |
hrs |
MFC 230453, 230726, 252015, 252426:
- ipv6_enable + ipv6_gateway_enable should unset ACCEPT_RTADV by default for backward compatibility.
- Configurations in ipv6_prefix_IF should be recognized even if there is no ifconfig_IF_ipv6.
- DAD wait should be performed at once, not on a per-interface basis, if possible. This fixes an issue that a system with a lot of IPv6-capable interfaces takes too long for booting.
- Add CIDR notation support like 192.168.1-2.10-16/24 to $ifconfig_IF_aliasN. This is an extended version of ipv4_addr_IF which supports both IPv4 and IPv6, and multiple range specifications. To avoid to generate too many addresses, the maximum number of the generated addresses is currently limited to 31.
- Add $ifconfig_IF_aliases, which accepts multiple IP aliases in a variable.
- ipv6_prefix_IF now supports !/64 prefix length. In addition to the old 64-bit format (2001:db8:1:1), a full 128-bit format like 2001:db8:1:1::/64 is supported.
- Replace ifconfig command with $IFCONFIG_CMD variable to support a dry-run mode in the future.
- Remove IP aliases before removing all of IPv4 addresses when doing "rc.d/netif down".
- Add a DAD wait to network6_getladdr() because it is possible to fail to configure an EUI64 address when ipv6_prefix_IF is specified.
|
#
250915 |
|
22-May-2013 |
jamie |
MFC r250804:
Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't apply to most jails but do apply to vnet jails. This includes adding a new sysctl "security.jail.vnet" to identify vnet jails.
PR: conf/149050 Submitted by: mdodd
|
#
242153 |
|
26-Oct-2012 |
obrien |
MFC: r240336: Simply things so that "#REQUIRE: FILESYSTEMS" means the file systems are fully "ready to go".
'FILESYSTEMS' states: "This is a dummy dependency, for services which require file systems to be mounted before starting." However, we have 'var' which is was run after 'FILESYSTEMS' and can mount /var if it already isn't mounted. Furthermore, several scripts cannot use /var until 'cleanvar' has done its thing. Thus "FILESYSTEMS" hasn't really meant all critical file systems are fully usable.
|
#
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
#
212579 |
|
13-Sep-2010 |
hrs |
Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces.
The $ip6addrctl_policy is a variable to choose a pre-defined address selection policy set by ip6addrctl(8). The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3, the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484, respectively. When "AUTO" is specified, it attempts to read /etc/ip6addrctl.conf first. If it is found, it reads and installs it as a policy table. If not, either of the two pre-defined policy tables is chosen automatically according to $ipv6_activate_all_interfaces.
When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding $ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.
The default values are ip6addrctl_policy=AUTO and ipv6_activate_all_interfaces=NO.
Discussed with: ume and bz
|
#
212574 |
|
13-Sep-2010 |
hrs |
Revert changes in r206408.
Discussed with: dougb, core.5, and core.6
|
#
206408 |
|
08-Apr-2010 |
dougb |
Improve the handling of IPv6 configuration in rc.d. The ipv6_enable and ipv6_ifconfig_<interface> options have already been deprecated, these changes do not alter that.
With these changes any value set for ipv6_enable will emit a warning. In order to avoid a POLA violation for the deprecation of the option ipv6_enable=NO will still disable configuration for all interfaces other than lo0. ipv6_enable=YES will not have any effect, but will emit an additional warning. Support and warnings for this option will be removed in FreeBSD 10.x.
Consistent with the current code, in order for IPv6 to be configured on an interface (other than lo0) an ifconfig_<interface>_ipv6 option will have to be added to /etc/rc.conf[.local].
1. Clean up and minor optimizations for the following functions: ifconfig_up (the ipv6 elements) ipv6if ipv6_autoconfif get_if_var _ifconfig_getargs The cleanups generally were to move the "easy" tests earlier in the functions, and consolidate duplicate code.
2. Stop overloading ipv6_prefer with the ability to disable IPv6 configuration.
3. Remove noafif() which was only ever called from ipv6_autoconfif. Instead, simplify and integrate the tests into that function, and convert the test to use is_wired_interface() instead of listing wireless interfaces explicitly.
4. Integrate backwards compatibility for ipv6_ifconfig_<interface> into _ifconfig_getargs. This dramatically simplifies the code in all of the callers, and avoids a lot of other code duplication.
5. In rc.d/netoptions, add code for an ipv6_privacy option to use RFC 4193 style pseudo-random addresses (this is what windows does by default, FYI).
6. Add support for the [NO]RTADV options in ifconfig_getargs() and ipv6_autoconfif(). In the latter, include support for the explicit addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done in the current code.
7. In rc.d/netif add a warning if $ipv6_enable is set, and remove the set_rcvar_obsolete for it. Also remove the latter from rc.d/ip6addrctl.
8. In /etc/defaults/rc.conf:
Add an example for RTADV configuration.
Set ipv6_network_interfaces to AUTO.
Switch ipv6_prefer to YES. If ipv6_enable is not set this will have no effect.
Add a default for ipv6_privacy (NO).
9. Document all of this in rc.conf.5.
|
#
197947 |
|
10-Oct-2009 |
dougb |
In regards to the "Starting foo:" type messages at boot time, create and employ a more generic solution, and use it in the individual rc.d scripts that also have an $rc_quiet test:
1. Add check_startmsgs() to rc.subr. 2. In the rc.d scripts that use rc_quiet (and rc.subr) substitute variations of [ -z "$rc_quiet" ] with check_startmsgs 3. In savecore add a trailing '.' to the end of the message to make it more consistent with other scripts. 4. In newsyslog remove a : before the terminal '.' since we do not expect there to be anything printed out in between to make it more consistent. 5. In the following scripts change "quotes" to 'quotes' where no variables exist in the message: savecore pf newsyslog 6. In the following scripts substitute if/then/fi for the simpler (and more consistent) check_startmsgs &&: faith stf 7. In the following scripts separate the "Starting foo:" from the terminal '.' to make them more consistent: moused hostname pf 8. In nfsclient move the message to its own line to avoid a style bug 9. In pf rc_quiet does not apply to the _stop method, so remove the test there. 10. In motd add 'quotes' around the terminal '.' for consistency
|
#
197526 |
|
26-Sep-2009 |
hrs |
Fix several logic bugs in the previous IPv6 variable change and re-add $ipv6_enable support for backward compatibility. From UPDATING:
1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF for IPv4. For aliases, $ifconfig_IF_aliasN should be used. Note that both variables need the "inet6" keyword at the head.
Do not set $ipv6_network_interfaces manually if you do not understand what you are doing. It is not needed in most cases.
$ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but they are obsolete.
2. $ipv6_enable is obsolete. Use $ipv6_prefer and/or "inet6 accept_rtadv" keyword in ifconfig(8) instead.
If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and all configured interfaces have "inet6 accept_rtadv" in the $ifconfig_IF_ipv6. These are for backward compatibility.
3. A new variable $ipv6_prefer has been added. If NO, IPv6 functionality of interfaces with no corresponding $ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag, and the default address selection policy of ip6addrctl(8) is the IPv4-preferred one (see rc.d/ip6addrctl for more details). Note that if you want to configure IPv6 functionality on the disabled interfaces after boot, first you need to clear the flag by using ifconfig(8) like:
ifconfig em0 inet6 -ifdisabled
If YES, the default address selection policy is set as IPv6-preferred.
The default value of $ipv6_prefer is NO.
4. If your system need to receive Router Advertisement messages, define "inet6 accept_rtadv" in $ifconfig_IF_ipv6. The rc(8) scripts automatically invoke rtsol(8) when the interface becomes UP. The Router Advertisement messages are used for SLAAC (State-Less Address AutoConfiguration).
|
#
197139 |
|
12-Sep-2009 |
hrs |
Integrate rc.d/network_ipv6 into rc.d/netif:
- Add rc.d/stf and rc.d/faith for stf(4) and faith(4). - Remove rc.d/auto_linklocal and rc.d/network_ipv6. - Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif depends on some sysctl variables.
Reviewed by: brooks MFC after: 3 days
|
#
195026 |
|
25-Jun-2009 |
dougb |
Reverse the effect of r193198 for pf and ipfw which will once again allow them to start after netif. There were too many problems reported with this change in the short period of time that it lived in HEAD, and we are too late in the release cycle to properly shake it out.
IMO the issue of having the firewalls up before the network is still a valid concern, particularly for pf whose default state is wide open. However properly solving this issue is going to take some investment on the part of the people who actually use those tools.
This is not a strict reversion of all the changes for r193198 since it also included some simplification of the BEFORE/REQUIRE logic which is still valid for ipfilter and ip6fw.
|
#
193198 |
|
01-Jun-2009 |
dougb |
Make the pf and ipfw firewalls start before netif, just like ipfilter already does. This eliminates a logical inconsistency, and a small window where the system is open after the network comes up.
|
#
184485 |
|
30-Oct-2008 |
pjd |
ifconfig(8) can take only one interface at a time.
|
#
180563 |
|
16-Jul-2008 |
dougb |
As previously discussed, add the svn:executable property to all scripts
|
#
179961 |
|
23-Jun-2008 |
mtm |
Implement a "quiet" mode for rc.d/netif, which only outputs the interface name of interfaces that were configured.
This change has the added benefit that ifn_start() and ifn_stop() in network.subr no longer write to standard output. Whether to output and what to output is now handled entirely in rc.d/netif.
|
#
179079 |
|
18-May-2008 |
brooks |
Move the wait for a default route to rc.d/routing. Once we test for non-dhcp interfaces to negotiate/associate this will make more sense.
This also correctly gets run after both devd and netif are run so it has a chance of working.
|
#
179003 |
|
14-May-2008 |
brooks |
Change the default value of synchronous_dhclient to NO.
To preserve the existing behavior of etc/rc.d/netif, add code to wait up to if_up_delay seconds (30 seconds by default) for a default route to be configured if there are any dhcp interfaces. This should be extended to test that the interface is actually up.
X-MFC after:
|
#
178356 |
|
20-Apr-2008 |
sam |
rc support for vaps
|
#
175676 |
|
26-Jan-2008 |
mtm |
Re-implement: do not silently fail when a command is not carried out because the rc.conf(5) variable was not enabled. Display a message that the command wasn't run and offer suggestions on what the user can do.
Implement a quiet prefix, which will disable some diagnostics. The fast prefix also implies quiet. During boot we use either fast or quiet. For shutdown we already use 'faststop'. So, this informational message should only appear during interactive use.
An additional benefit of having a quiet prefix is that we can start putting some of our diagnostic messages behind this knob and start "de-cluttering" the console during boot and shutdown.
|
#
171590 |
|
25-Jul-2007 |
jhb |
Require 'cleanvar' so that files and sockets created in /var/run by wpa_supplicant and other programs started by 'netif' don't get erased by a subsequent 'cleanvar'.
Approved by: re (bmah) Reviewed by: dougb MFC after: 1 week
|
#
168283 |
|
02-Apr-2007 |
des |
Add a dummy script, FILESYSTEMS, which depends on root and mountcritlocal and takes over mountcritlocal's role as the early / late divider. This makes it far easier to add rc scripts which need to run early, such as a startup script for zfs, which is right around the corner.
This change should be a no-op; I have verified that the only change in rcorder's output is the insertion of FILESYSTEMS immediately after mountcritlocal.
MFC after: 3 weeks
|
#
166583 |
|
09-Feb-2007 |
flz |
Add support for EtherChannel configuration to rc startup scripts.
Note: This also deprecates "NO" as a way to specify an empty list of interfaces for gif_interfaces.
PR: conf/104884 Submitted by: nork Harassed by: brd Discussed with: brooks, dougb
|
#
165664 |
|
30-Dec-2006 |
yar |
Eliminate global symbols starting with an underscore from rc.d scripts, except for mdconfig* and jail. Such symbols are reserved for the rc.subr internals. Most scripts can be fixed by just declaring _foo symbols as local: few scripts actually need them to be global.
Discussed with: dougb in freebsd-rc
|
#
159138 |
|
01-Jun-2006 |
thompsa |
Add rc.d/bridge which is invoked when a new interface arrives and can automaticly add it to an Ethernet bridge. This is intended for applications such as qemu, vmware, openvpn, ... which open tap interfaces and need them bridged with the hosts network adapter, the user can set up a glob for interfaces to be automatically added (eg tap*).
|
#
155610 |
|
13-Feb-2006 |
imp |
Since OLDCARD is gone from the kernel, catchup here and remove support from here as well.
|
#
152441 |
|
14-Nov-2005 |
brooks |
Add a new configuration variable, ipv4_addrs_<ifn>, which adds one or more IPv4 address from a ranged list in CIRD notation:
ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
In the process move alias processing into new ipv4_up/down functions to more toward a less IPv4 centric world.
Submitted by: Philipp Wuensche <cryx dash freebsd at h3q dot com>
|
#
149789 |
|
04-Sep-2005 |
keramida |
Remove duplicate "at" from comment.
|
#
149730 |
|
02-Sep-2005 |
brooks |
Actually block Ctrl-C (SIGINT=2).
Reported by: sam Pointy hat to: brooks
|
#
149725 |
|
02-Sep-2005 |
brooks |
Block SIGQUIT (Ctrl-C) while running in startup mode. This should allow dhclient's to be killed without stopping all boot progress.
Minor cleanup of the interface list generation code.
|
#
147681 |
|
30-Jun-2005 |
brooks |
When interfaces are given on the command line, don't attempt to filter them. Just try to run the given command on them. We need to be able to run stop functions on interfaces that have been deleted to stop wpa_supplicant.
Approved by: re (interface startup blanket)
|
#
147088 |
|
07-Jun-2005 |
brooks |
Support code for the OpenBSD dhclient. This significantly changes the way interfaces are configured. Some key points:
- At startup, all interfaces are configured through /etc/rc.d/netif. - ifconfig_<if> variables my now mix real ifconfig commands the with DHCP and WPA directives. For example, this allows media configuration prior to running dhclient. - /etc/rc.d/dhclient is not run at startup except by netif to start dhclient on specific interfaces. - /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of it's work. - /etc/pccard_ether no longer takes additional arguments to pass to ifconfig. Instead, ifconfig_<if> variables are now honored in favor of pccard_ifconfig when available. - /etc/pccard_ether will only run on interfaces specified in removable_interfaces, even if pccard_ifconfig is set.
|
#
137070 |
|
30-Oct-2004 |
pjd |
Allow to change interfaces name on boot time. Now, one should be able to put something like this into /etc/rc.conf:
ifconfig_fxp0_name="net0" ifconfig_net0="inet 10.0.0.1/16"
Reviewed by: green
|
#
136224 |
|
07-Oct-2004 |
mtm |
Remove the requirement for the FreeBSD keyword as it no longer makes any sense.
Discussed with: dougb, brooks MFC after: 3 days
|
#
132892 |
|
30-Jul-2004 |
mtm |
Finish cleanup of rc.d/netif. It's now possible to start/stop more than one interface from the command line: # /etc/rc.d/netif start bfe0 xl0 It's also possible to restart an interface(s): # /etc/rc.d/netif restart bfe0
This required some changes to rc.subr(8) so that if the start/stop commands are overidden the rest of the command line (after the start/stop/etc... cmd) is passed through to the subroutines.
|
#
129497 |
|
20-May-2004 |
mtm |
Really remove the return statement this time. Thanks to ru for noticing.
|
#
129492 |
|
20-May-2004 |
mtm |
The err routine requires two arguments: an exit value and a string. Additionaly, it will exit the script so an return statements after calling it are superflous.
|
#
128714 |
|
28-Apr-2004 |
phk |
Protect som cross-script invocations by checks to see that the target script exists. This allows pruning of rc.d scripts without getting too many ugly boottime error message
|
#
126744 |
|
08-Mar-2004 |
pjd |
Mark scripts as not usable inside a jail by adding keyword 'nojail'.
Some suggestions from: rwatson, Ruben de Groot <mail25@bzerk.org>
|
#
126392 |
|
28-Feb-2004 |
green |
Further shuffle runcom ordering so that netif does not start before ipfw, but ipfw and ipfilter do start before dhclient.
|
#
126333 |
|
27-Feb-2004 |
green |
What depends on ipfilter should probably also start ipfw at the same time.
|
#
118219 |
|
30-Jul-2003 |
mtm |
tty whacking should occur early, but not so early that the required commands are not on a mounted file system.
Noticed by: bde
|
#
117021 |
|
29-Jun-2003 |
mtm |
Implement individual operations on static and dhcp interfaces. Previously network interfaces could only be turned on and off as a group (all static interfaces or all dhcp interfaces).
When used to start the interface a 'long form' ifconfig output is used to show the status of the interface, but when stopping an interface the script will simply output the name of the interface. This is simply my personal preference. Hopefully as this functionality matures we can stabilize on a prefered form of output for these scripts.
A stop command to the dhclient script now explicitly releases the dhcp lease. Behaviour at system shutdown; however, is unchanged since dhclient is not, by default, run at that time. The client will not release its lease at shutdown.
|
#
113674 |
|
18-Apr-2003 |
mtm |
Break out and rewrite the network setup scripts. o /etc/network.subr contains common subroutines used for seting up network interfaces o rc.d/hostname sets the hostname if not already set o rc.d/nisdomain sets the nis domain *after* rpcbind but before the yp* daemons. This fixes issues with temporary hangs when looking up informaion in nis before it's ready. o rc.d/netif brings network interfaces (minus dhcp) up. o rc.d/network1 has been disabled and will be retired before RELENG_5. It will be replaced by rc.d/netif
Approved by: markm (mentor)
|