network: Update rtsol options

- Use "-6" instead of "--noipv4" as it seems more appropriate based on
the dhcpcd(8) manual page.
- Remove "-f /dev/null" as it seems unnecessary with "-6".
- Remove "--persistent" as it is in the default /etc/dhcpcd.conf,
and this way the user can change it, if they would like to (either
through dhcpcd_flags or by editing /etc/dhcpcd.conf).

The "-b" (or "--background") option is needed to avoid a timeout error
message (and a delay in booting), so it is still left in place.

Update "rtsol" keyword: leave IPv6 autoconf on

There is no need to turn off ipv6_autoconf or dhcp6 in dhcpcd to match
the previous behaviour with in-kernel RA processing.

Make "rtsol" functional again.

Rename MOUNTCRITLOCAL to CRITLOCALMOUNTED to avoid a name collision
on case insensitive file systems

Split the local disk availability step into two phases to allow scripts
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:

# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL

This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.

Trailing whitespace

Remove in-kernel handling of Router Advertisements

This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html

Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.

Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.

Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).

Add an "rtsol" keyword to ifconfig.if for enabling IPv6 RS/RA

rc.d/network: improve wording of waiting for DAD to finish

branches: 1.76.2;
only flush routes in stop routine if flushroutes is true, same as
the start up.

Allow rc.conf to setup resolv.conf via resolvconf(8).
This allows all static network config to be in rc.conf rather than
spread across files.

Remove dhclient from the base system.

Discussed here:
https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html

branches: 1.73.4; 1.73.6;

Revert previous - not a typo, even though it looks like one

PR misc/52370

Correct typo.

XXX pullup 8, pullup 7

branches: 1.71.8;
use kat, a version of cat that strips comments

Instead of waiting for a duration based in IPv6 DAD count sysctl,
wait for 15 seconds for tentative flags to clear allowing 5 seconds
for detached flags to clear as well from configured addresses.

This is now protocol independant and allows time for the interfaces to
work out if they have a carrier or not.

fix syntax error

Use checkyesnox to test rtsol as it has been removed including its
default configuration which we should not warn about.

Remove rtsol(8) and rtsold(8) as their functionality is in dhcpcd(8).
Remove rtsol(8) from rc.d/network.
Add -w seconds command to ifconfig to wait for N seconds for until DAD
has finished on all addresses.
Use ifconfig -w in rc.d/network instead of a forced sleep.

As discussed on tech-net@

Indent.

Refactor a little to remove huge indents.

Split huge monolithic functions for readability.

branches: 1.63.6;
don't attempt to create interfaces that exist and don't hide errors.

print something before sleeping so that a user like me can see
what the mysterious pause is.

branches: 1.61.6; 1.61.12;
Collapse <abckslash><newline> sequences in /etc/ifconfig.xxx files read
by /etc/rc.d/network. Fixes PR 41662 by Christoph Badura, which was
also reported independently by Jeremy C. Reed.

backout rev. 1.59. Will be re-done differently.

Do not flush routes if root file system is nfs mounted.
Fixes boot problem when the nfs server is in a different subnet.

Only start dhcpcd per interface if not running the full dhcpcd daemon.
Only stop dhcpcd pre interface if it's running for the interface.

Fixes PR bin/40320

branches: 1.57.2; 1.57.8;
eval arguments one more time so that quoting works.

Move default route configuration after interface alias address
configuration, in case people have default routes over aliased
addresses.

remove an unecessary "eval"

* Allow multiple commands in $ifconfig_xxN variables in rc.conf(5).
This may be done either by embedding newlines in the value,
or by using semicolons to represent line breaks (but not both at once).
* Allow shell quoting insode $ifconfig_xxN variables or /etc/ifconfig.xxN
files. This allows something like ifconfig_wi0="ssid 'my network'; dhcp"

Use absolute path for various /sbin tools.
This is consistent with several other rc.d scripts
and fixes problem with /sbin not in PATH.

(Tested several times for over three weeks, but not all
parts of this code were used by me.)

Allow per-interface DHCP configuration using dhcpcd via
ifconfig_xxN=dhcp or a dhcp line in /etc/ifconfig.xxN.

branches: 1.51.12; 1.51.14; 1.51.16;
Fix typo/mispelling in comment.

RFC 3879 deprecated the IPv6 site-local prefix (fec0::/10):
* remove all references to $ip6sitelocal and output a warning
message if the variable is defined.
* introduce $ip6uniquelocal (defaults to 'NO') that will control the
behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
will not be routed if the variable is ``NO'') as per RFC 4193.

Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.

PR/29317: ifconfig.if does not allow parameters with spaces

OKeyd by christos@

Make ifaliases_lo0 in rc.conf work just like other interfaces (instead of
being ignored). Also, when configuring aliases set as ifaliases_xxN,
print out the interface name and the alias address.

branches: 1.47.2;
Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5)
variables that may be set in /etc/rc.conf.d/CMD instead of /etc/rc.conf.
Fixes PR 20768 from Pavel Cahyna.

Use new style command substitution.

Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr

branches: 1.44.4;
Allow an IPv6 default route to be set from /etc/mygate6 or $defaultroute6.
Approved by itojun@.

revert previous; luke and matt want this as a separate script.

Add /etc/route.conf processing to add static routes. Removes one more
reason for netstart.local.

Revert last change for now. It causes hangs during system shutdown when
NFS filesystems are mounted.

Add keyword "shutdown" so that this script is really executed on system
shutdown to delete clone interfaces.

Automatically create and destroy cloning interfaces and sync IP Filter
immediately afterwards before bringing the interface up. This avoids
a small security gap existing in the previous scheme where IP Filter
was synced after all cloning interfaces were created and brought up.

branches: 1.38.2;
Sync ipf(4) after starting or stopping. This is necesarry to make filter
rules for dynamically created interfaces like pppoe(4) effective.

don't bother warning or supporting obsolete $ip6forwarding;
postinstall now checks for this

clean up warning

Improve information density of output -- add the dozen -reject routes
with "route -q" since they are always the same and convey no useful
information.

While we're here, use sysctl -qw instead of sysctl -w >/dev/null

Correct the "direction" of the barrier dependencies (DAEMON, LOGIN,
NETWORKING, and SERVERS) by specifying that certain things should
come BEFORE a given barrier, rather than having the barrier REQUIRE
a service. This allows scripts to be removed without having to
edit the barrier dependencies.

As discussed on tech-userlevel, and approved by Luke.

seperate -> separate

After itojun's recent RTF_CLONED and other changes, it's not necessary to
add a route from an alias address to 127.0.0.1, so remove that code.
It's still necessary to configure lo0 -> 127.0.0.1 though, so emphasize that.

comment correction: 127/8 must not leave the node (RFC1122)

move IPv6 mode/route configuration upwards, so that !rtsol in
/etc/ifconfig.* is meaningful.

extend /etc/ifconfig.xxN, for comment lines (#) and shell script
fragment (!). inspired by openbsd /etc/hostname.xxN.

add $ip6sitelocal, to control installation of reject route for fec0::/10.

More cautious about undefined hostname check in terms of what hostname(1)
returns.

I believe in that the facy nested quotes was intended to skip blank
lines, but am not sure it is allowed as a standard practice of the
/etc/ifconfig.xxN file.

un-break.

minor typo in previous

Shell programming police for sophistication; take #2. Handle the
case when the filename expansion results in no match more gracefully.
Far less costy than invoking a new process.

Shell programming police for sophistication. It's not necessary
to enclose `prog` backquote command substitution with double quotes
as it produces a quoted string. Other changes are pending this time.

- replace `IFS='.'; set -- $int; echo $2` with ${int##*.}
- can't use $configured_interfaces in network_stop(), so use `ifconfig -lu`
instead

- avoid -a or -o logical operator of test command as possible. They would
introduce syntaxical ambiguousity, and having concatenation with && or
|| costs nothing because our sh(1) has test(1) builtin.
- use elif construct to avoid dungling else-ifs.
- while-read construct does not need enclosed by a sub-shell.
- variable detection could be done in eval args=\$ifconfig_$int
- smart variable substitution occationally saves lines and extra command
invocations.

REQUIRE ipfilter and ipsec

fix comment on DAD wait

we need to sleep for IPv6 DAD period, before and after rtsol.
(they are for stability in boot-time configuration)
comment from perry.

the format without netmask is supported for compatibility only and not
specifying it is discouradged, actually
also add comments about this fact to etc/rc.d/network, for people who
don't read manpages :)

Build a list of cloning network interfaces to configure, as well
as normal interfaces.

reenable stop_cmd now that network doesn't get run at shutdown

remove ip6defaultif configuration. because:
- ndp is in /usr/sbin, chokes on NFS-mounted /usr installation
- the option is just for IPv6 specification geek, not for normal users

Don't warn that $hostname isn't set if the hostname is already set.

branches: 1.11.4;
Use load_rc_config() (from rc.subr) instead of sourcing /etc/rc.conf.
This allows us or a user to change the configuration file method in
one place - rc.subr - without having to edit all of the rc.d/* files.

do not let 127.0.0.0/8 leave the node. based on RFC1122.

Fix the last change so it doesn't fail due too a missing '; then'.

Don't warn about $hostname not being set if $dhclient == YES; it's quite
likely that we'll be getting the hostname via DHCP when it runs.

rtsol is not a daemon. rtsol.d should have been killed by rc.d/rtsold.
(correct me if i'm wrong)

make `stop' a no-op, so that the network doesn't disappear at an
inconvenient time during boot.

this may be fixed a different way in the long term... (not that the old
rc.shutdown supported stopping the network, or could i really see a
practical use for allowing it at this stage, but in the future someone
might want the functionality i've just disabled).

The file /etc/sysctl.conf is now run with sysctl -f at boot time.
This replaces the previous /etc/rc.d/sysctl. Also, the variables are now
set earlier, between ipf/ipnat and the network coming up.

The rc.conf defcorename and securelevel variables are no more. You can
set them directly in sysctl.conf now.

correct reject route installations for IPv6. improve comments.

disallow packets to malicious 6to4 prefix, based on
http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt

Fix the network_stop function so it doesn't fails due to missing ]['s.

branches: 1.1.1;
Initial revision

Make "rtsol" functional again.

Rename MOUNTCRITLOCAL to CRITLOCALMOUNTED to avoid a name collision
on case insensitive file systems

Split the local disk availability step into two phases to allow scripts
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:

# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL

This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.

Trailing whitespace

Remove in-kernel handling of Router Advertisements

This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html

Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.

Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.

Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).

Add an "rtsol" keyword to ifconfig.if for enabling IPv6 RS/RA

rc.d/network: improve wording of waiting for DAD to finish

branches: 1.76.2;
only flush routes in stop routine if flushroutes is true, same as
the start up.

Allow rc.conf to setup resolv.conf via resolvconf(8).
This allows all static network config to be in rc.conf rather than
spread across files.

Remove dhclient from the base system.

Discussed here:
https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html

branches: 1.73.4; 1.73.6;

Revert previous - not a typo, even though it looks like one

PR misc/52370

Correct typo.

XXX pullup 8, pullup 7

branches: 1.71.8;
use kat, a version of cat that strips comments

Instead of waiting for a duration based in IPv6 DAD count sysctl,
wait for 15 seconds for tentative flags to clear allowing 5 seconds
for detached flags to clear as well from configured addresses.

This is now protocol independant and allows time for the interfaces to
work out if they have a carrier or not.

fix syntax error

Use checkyesnox to test rtsol as it has been removed including its
default configuration which we should not warn about.

Remove rtsol(8) and rtsold(8) as their functionality is in dhcpcd(8).
Remove rtsol(8) from rc.d/network.
Add -w seconds command to ifconfig to wait for N seconds for until DAD
has finished on all addresses.
Use ifconfig -w in rc.d/network instead of a forced sleep.

As discussed on tech-net@

Indent.

Refactor a little to remove huge indents.

Split huge monolithic functions for readability.

branches: 1.63.6;
don't attempt to create interfaces that exist and don't hide errors.

print something before sleeping so that a user like me can see
what the mysterious pause is.

branches: 1.61.6; 1.61.12;
Collapse <abckslash><newline> sequences in /etc/ifconfig.xxx files read
by /etc/rc.d/network. Fixes PR 41662 by Christoph Badura, which was
also reported independently by Jeremy C. Reed.

backout rev. 1.59. Will be re-done differently.

Do not flush routes if root file system is nfs mounted.
Fixes boot problem when the nfs server is in a different subnet.

Only start dhcpcd per interface if not running the full dhcpcd daemon.
Only stop dhcpcd pre interface if it's running for the interface.

Fixes PR bin/40320

branches: 1.57.2; 1.57.8;
eval arguments one more time so that quoting works.

Move default route configuration after interface alias address
configuration, in case people have default routes over aliased
addresses.

remove an unecessary "eval"

* Allow multiple commands in $ifconfig_xxN variables in rc.conf(5).
This may be done either by embedding newlines in the value,
or by using semicolons to represent line breaks (but not both at once).
* Allow shell quoting insode $ifconfig_xxN variables or /etc/ifconfig.xxN
files. This allows something like ifconfig_wi0="ssid 'my network'; dhcp"

Use absolute path for various /sbin tools.
This is consistent with several other rc.d scripts
and fixes problem with /sbin not in PATH.

(Tested several times for over three weeks, but not all
parts of this code were used by me.)

Allow per-interface DHCP configuration using dhcpcd via
ifconfig_xxN=dhcp or a dhcp line in /etc/ifconfig.xxN.

branches: 1.51.12; 1.51.14; 1.51.16;
Fix typo/mispelling in comment.

RFC 3879 deprecated the IPv6 site-local prefix (fec0::/10):
* remove all references to $ip6sitelocal and output a warning
message if the variable is defined.
* introduce $ip6uniquelocal (defaults to 'NO') that will control the
behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
will not be routed if the variable is ``NO'') as per RFC 4193.

Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.

PR/29317: ifconfig.if does not allow parameters with spaces

OKeyd by christos@

Make ifaliases_lo0 in rc.conf work just like other interfaces (instead of
being ignored). Also, when configuring aliases set as ifaliases_xxN,
print out the interface name and the alias address.

branches: 1.47.2;
Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5)
variables that may be set in /etc/rc.conf.d/CMD instead of /etc/rc.conf.
Fixes PR 20768 from Pavel Cahyna.

Use new style command substitution.

Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr

branches: 1.44.4;
Allow an IPv6 default route to be set from /etc/mygate6 or $defaultroute6.
Approved by itojun@.

revert previous; luke and matt want this as a separate script.

Add /etc/route.conf processing to add static routes. Removes one more
reason for netstart.local.

Revert last change for now. It causes hangs during system shutdown when
NFS filesystems are mounted.

Add keyword "shutdown" so that this script is really executed on system
shutdown to delete clone interfaces.

Automatically create and destroy cloning interfaces and sync IP Filter
immediately afterwards before bringing the interface up. This avoids
a small security gap existing in the previous scheme where IP Filter
was synced after all cloning interfaces were created and brought up.

branches: 1.38.2;
Sync ipf(4) after starting or stopping. This is necesarry to make filter
rules for dynamically created interfaces like pppoe(4) effective.

don't bother warning or supporting obsolete $ip6forwarding;
postinstall now checks for this

clean up warning

Improve information density of output -- add the dozen -reject routes
with "route -q" since they are always the same and convey no useful
information.

While we're here, use sysctl -qw instead of sysctl -w >/dev/null

Correct the "direction" of the barrier dependencies (DAEMON, LOGIN,
NETWORKING, and SERVERS) by specifying that certain things should
come BEFORE a given barrier, rather than having the barrier REQUIRE
a service. This allows scripts to be removed without having to
edit the barrier dependencies.

As discussed on tech-userlevel, and approved by Luke.

seperate -> separate

After itojun's recent RTF_CLONED and other changes, it's not necessary to
add a route from an alias address to 127.0.0.1, so remove that code.
It's still necessary to configure lo0 -> 127.0.0.1 though, so emphasize that.

comment correction: 127/8 must not leave the node (RFC1122)

move IPv6 mode/route configuration upwards, so that !rtsol in
/etc/ifconfig.* is meaningful.

extend /etc/ifconfig.xxN, for comment lines (#) and shell script
fragment (!). inspired by openbsd /etc/hostname.xxN.

add $ip6sitelocal, to control installation of reject route for fec0::/10.

More cautious about undefined hostname check in terms of what hostname(1)
returns.

I believe in that the facy nested quotes was intended to skip blank
lines, but am not sure it is allowed as a standard practice of the
/etc/ifconfig.xxN file.

un-break.

minor typo in previous

Shell programming police for sophistication; take #2. Handle the
case when the filename expansion results in no match more gracefully.
Far less costy than invoking a new process.

Shell programming police for sophistication. It's not necessary
to enclose `prog` backquote command substitution with double quotes
as it produces a quoted string. Other changes are pending this time.

- replace `IFS='.'; set -- $int; echo $2` with ${int##*.}
- can't use $configured_interfaces in network_stop(), so use `ifconfig -lu`
instead

- avoid -a or -o logical operator of test command as possible. They would
introduce syntaxical ambiguousity, and having concatenation with && or
|| costs nothing because our sh(1) has test(1) builtin.
- use elif construct to avoid dungling else-ifs.
- while-read construct does not need enclosed by a sub-shell.
- variable detection could be done in eval args=\$ifconfig_$int
- smart variable substitution occationally saves lines and extra command
invocations.

REQUIRE ipfilter and ipsec

fix comment on DAD wait

we need to sleep for IPv6 DAD period, before and after rtsol.
(they are for stability in boot-time configuration)
comment from perry.

the format without netmask is supported for compatibility only and not
specifying it is discouradged, actually
also add comments about this fact to etc/rc.d/network, for people who
don't read manpages :)

Build a list of cloning network interfaces to configure, as well
as normal interfaces.

reenable stop_cmd now that network doesn't get run at shutdown

remove ip6defaultif configuration. because:
- ndp is in /usr/sbin, chokes on NFS-mounted /usr installation
- the option is just for IPv6 specification geek, not for normal users

Don't warn that $hostname isn't set if the hostname is already set.

branches: 1.11.4;
Use load_rc_config() (from rc.subr) instead of sourcing /etc/rc.conf.
This allows us or a user to change the configuration file method in
one place - rc.subr - without having to edit all of the rc.d/* files.

do not let 127.0.0.0/8 leave the node. based on RFC1122.

Fix the last change so it doesn't fail due too a missing '; then'.

Don't warn about $hostname not being set if $dhclient == YES; it's quite
likely that we'll be getting the hostname via DHCP when it runs.

rtsol is not a daemon. rtsol.d should have been killed by rc.d/rtsold.
(correct me if i'm wrong)

make `stop' a no-op, so that the network doesn't disappear at an
inconvenient time during boot.

this may be fixed a different way in the long term... (not that the old
rc.shutdown supported stopping the network, or could i really see a
practical use for allowing it at this stage, but in the future someone
might want the functionality i've just disabled).

The file /etc/sysctl.conf is now run with sysctl -f at boot time.
This replaces the previous /etc/rc.d/sysctl. Also, the variables are now
set earlier, between ipf/ipnat and the network coming up.

The rc.conf defcorename and securelevel variables are no more. You can
set them directly in sysctl.conf now.

correct reject route installations for IPv6. improve comments.

disallow packets to malicious 6to4 prefix, based on
http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt

Fix the network_stop function so it doesn't fails due to missing ]['s.

branches: 1.1.1;
Initial revision

Rename MOUNTCRITLOCAL to CRITLOCALMOUNTED to avoid a name collision
on case insensitive file systems

Split the local disk availability step into two phases to allow scripts
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:

# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL

This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.

Trailing whitespace

Remove in-kernel handling of Router Advertisements

This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html

Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.

Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.

Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).

Add an "rtsol" keyword to ifconfig.if for enabling IPv6 RS/RA

rc.d/network: improve wording of waiting for DAD to finish

branches: 1.76.2;
only flush routes in stop routine if flushroutes is true, same as
the start up.

Allow rc.conf to setup resolv.conf via resolvconf(8).
This allows all static network config to be in rc.conf rather than
spread across files.

Remove dhclient from the base system.

Discussed here:
https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html

branches: 1.73.4; 1.73.6;

Revert previous - not a typo, even though it looks like one

PR misc/52370

Correct typo.

XXX pullup 8, pullup 7

branches: 1.71.8;
use kat, a version of cat that strips comments

Instead of waiting for a duration based in IPv6 DAD count sysctl,
wait for 15 seconds for tentative flags to clear allowing 5 seconds
for detached flags to clear as well from configured addresses.

This is now protocol independant and allows time for the interfaces to
work out if they have a carrier or not.

fix syntax error

Use checkyesnox to test rtsol as it has been removed including its
default configuration which we should not warn about.

Remove rtsol(8) and rtsold(8) as their functionality is in dhcpcd(8).
Remove rtsol(8) from rc.d/network.
Add -w seconds command to ifconfig to wait for N seconds for until DAD
has finished on all addresses.
Use ifconfig -w in rc.d/network instead of a forced sleep.

As discussed on tech-net@

Indent.

Refactor a little to remove huge indents.

Split huge monolithic functions for readability.

branches: 1.63.6;
don't attempt to create interfaces that exist and don't hide errors.

print something before sleeping so that a user like me can see
what the mysterious pause is.

branches: 1.61.6; 1.61.12;
Collapse <abckslash><newline> sequences in /etc/ifconfig.xxx files read
by /etc/rc.d/network. Fixes PR 41662 by Christoph Badura, which was
also reported independently by Jeremy C. Reed.

backout rev. 1.59. Will be re-done differently.

Do not flush routes if root file system is nfs mounted.
Fixes boot problem when the nfs server is in a different subnet.

Only start dhcpcd per interface if not running the full dhcpcd daemon.
Only stop dhcpcd pre interface if it's running for the interface.

Fixes PR bin/40320

branches: 1.57.2; 1.57.8;
eval arguments one more time so that quoting works.

Move default route configuration after interface alias address
configuration, in case people have default routes over aliased
addresses.

remove an unecessary "eval"

* Allow multiple commands in $ifconfig_xxN variables in rc.conf(5).
This may be done either by embedding newlines in the value,
or by using semicolons to represent line breaks (but not both at once).
* Allow shell quoting insode $ifconfig_xxN variables or /etc/ifconfig.xxN
files. This allows something like ifconfig_wi0="ssid 'my network'; dhcp"

Use absolute path for various /sbin tools.
This is consistent with several other rc.d scripts
and fixes problem with /sbin not in PATH.

(Tested several times for over three weeks, but not all
parts of this code were used by me.)

Allow per-interface DHCP configuration using dhcpcd via
ifconfig_xxN=dhcp or a dhcp line in /etc/ifconfig.xxN.

branches: 1.51.12; 1.51.14; 1.51.16;
Fix typo/mispelling in comment.

RFC 3879 deprecated the IPv6 site-local prefix (fec0::/10):
* remove all references to $ip6sitelocal and output a warning
message if the variable is defined.
* introduce $ip6uniquelocal (defaults to 'NO') that will control the
behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
will not be routed if the variable is ``NO'') as per RFC 4193.

Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.

PR/29317: ifconfig.if does not allow parameters with spaces

OKeyd by christos@

Make ifaliases_lo0 in rc.conf work just like other interfaces (instead of
being ignored). Also, when configuring aliases set as ifaliases_xxN,
print out the interface name and the alias address.

branches: 1.47.2;
Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5)
variables that may be set in /etc/rc.conf.d/CMD instead of /etc/rc.conf.
Fixes PR 20768 from Pavel Cahyna.

Use new style command substitution.

Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr

branches: 1.44.4;
Allow an IPv6 default route to be set from /etc/mygate6 or $defaultroute6.
Approved by itojun@.

revert previous; luke and matt want this as a separate script.

Add /etc/route.conf processing to add static routes. Removes one more
reason for netstart.local.

Revert last change for now. It causes hangs during system shutdown when
NFS filesystems are mounted.

Add keyword "shutdown" so that this script is really executed on system
shutdown to delete clone interfaces.

Automatically create and destroy cloning interfaces and sync IP Filter
immediately afterwards before bringing the interface up. This avoids
a small security gap existing in the previous scheme where IP Filter
was synced after all cloning interfaces were created and brought up.

branches: 1.38.2;
Sync ipf(4) after starting or stopping. This is necesarry to make filter
rules for dynamically created interfaces like pppoe(4) effective.

don't bother warning or supporting obsolete $ip6forwarding;
postinstall now checks for this

clean up warning

Improve information density of output -- add the dozen -reject routes
with "route -q" since they are always the same and convey no useful
information.

While we're here, use sysctl -qw instead of sysctl -w >/dev/null

Correct the "direction" of the barrier dependencies (DAEMON, LOGIN,
NETWORKING, and SERVERS) by specifying that certain things should
come BEFORE a given barrier, rather than having the barrier REQUIRE
a service. This allows scripts to be removed without having to
edit the barrier dependencies.

As discussed on tech-userlevel, and approved by Luke.

seperate -> separate

After itojun's recent RTF_CLONED and other changes, it's not necessary to
add a route from an alias address to 127.0.0.1, so remove that code.
It's still necessary to configure lo0 -> 127.0.0.1 though, so emphasize that.

comment correction: 127/8 must not leave the node (RFC1122)

move IPv6 mode/route configuration upwards, so that !rtsol in
/etc/ifconfig.* is meaningful.

extend /etc/ifconfig.xxN, for comment lines (#) and shell script
fragment (!). inspired by openbsd /etc/hostname.xxN.

add $ip6sitelocal, to control installation of reject route for fec0::/10.

More cautious about undefined hostname check in terms of what hostname(1)
returns.

I believe in that the facy nested quotes was intended to skip blank
lines, but am not sure it is allowed as a standard practice of the
/etc/ifconfig.xxN file.

un-break.

minor typo in previous

Shell programming police for sophistication; take #2. Handle the
case when the filename expansion results in no match more gracefully.
Far less costy than invoking a new process.

Shell programming police for sophistication. It's not necessary
to enclose `prog` backquote command substitution with double quotes
as it produces a quoted string. Other changes are pending this time.

- replace `IFS='.'; set -- $int; echo $2` with ${int##*.}
- can't use $configured_interfaces in network_stop(), so use `ifconfig -lu`
instead

- avoid -a or -o logical operator of test command as possible. They would
introduce syntaxical ambiguousity, and having concatenation with && or
|| costs nothing because our sh(1) has test(1) builtin.
- use elif construct to avoid dungling else-ifs.
- while-read construct does not need enclosed by a sub-shell.
- variable detection could be done in eval args=\$ifconfig_$int
- smart variable substitution occationally saves lines and extra command
invocations.

REQUIRE ipfilter and ipsec

fix comment on DAD wait

we need to sleep for IPv6 DAD period, before and after rtsol.
(they are for stability in boot-time configuration)
comment from perry.

the format without netmask is supported for compatibility only and not
specifying it is discouradged, actually
also add comments about this fact to etc/rc.d/network, for people who
don't read manpages :)

Build a list of cloning network interfaces to configure, as well
as normal interfaces.

reenable stop_cmd now that network doesn't get run at shutdown

remove ip6defaultif configuration. because:
- ndp is in /usr/sbin, chokes on NFS-mounted /usr installation
- the option is just for IPv6 specification geek, not for normal users

Don't warn that $hostname isn't set if the hostname is already set.

branches: 1.11.4;
Use load_rc_config() (from rc.subr) instead of sourcing /etc/rc.conf.
This allows us or a user to change the configuration file method in
one place - rc.subr - without having to edit all of the rc.d/* files.

do not let 127.0.0.0/8 leave the node. based on RFC1122.

Fix the last change so it doesn't fail due too a missing '; then'.

Don't warn about $hostname not being set if $dhclient == YES; it's quite
likely that we'll be getting the hostname via DHCP when it runs.

rtsol is not a daemon. rtsol.d should have been killed by rc.d/rtsold.
(correct me if i'm wrong)

make `stop' a no-op, so that the network doesn't disappear at an
inconvenient time during boot.

this may be fixed a different way in the long term... (not that the old
rc.shutdown supported stopping the network, or could i really see a
practical use for allowing it at this stage, but in the future someone
might want the functionality i've just disabled).

The file /etc/sysctl.conf is now run with sysctl -f at boot time.
This replaces the previous /etc/rc.d/sysctl. Also, the variables are now
set earlier, between ipf/ipnat and the network coming up.

The rc.conf defcorename and securelevel variables are no more. You can
set them directly in sysctl.conf now.

correct reject route installations for IPv6. improve comments.

disallow packets to malicious 6to4 prefix, based on
http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt

Fix the network_stop function so it doesn't fails due to missing ]['s.

branches: 1.1.1;
Initial revision

Split the local disk availability step into two phases to allow scripts
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:

# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL

This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.

Trailing whitespace

Remove in-kernel handling of Router Advertisements

This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html

Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.

Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.

Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).

Add an "rtsol" keyword to ifconfig.if for enabling IPv6 RS/RA

rc.d/network: improve wording of waiting for DAD to finish

branches: 1.76.2;
only flush routes in stop routine if flushroutes is true, same as
the start up.

Allow rc.conf to setup resolv.conf via resolvconf(8).
This allows all static network config to be in rc.conf rather than
spread across files.

Remove dhclient from the base system.

Discussed here:
https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html

branches: 1.73.4; 1.73.6;

Revert previous - not a typo, even though it looks like one

PR misc/52370

Correct typo.

XXX pullup 8, pullup 7

branches: 1.71.8;
use kat, a version of cat that strips comments

Instead of waiting for a duration based in IPv6 DAD count sysctl,
wait for 15 seconds for tentative flags to clear allowing 5 seconds
for detached flags to clear as well from configured addresses.

This is now protocol independant and allows time for the interfaces to
work out if they have a carrier or not.

fix syntax error

Use checkyesnox to test rtsol as it has been removed including its
default configuration which we should not warn about.

Remove rtsol(8) and rtsold(8) as their functionality is in dhcpcd(8).
Remove rtsol(8) from rc.d/network.
Add -w seconds command to ifconfig to wait for N seconds for until DAD
has finished on all addresses.
Use ifconfig -w in rc.d/network instead of a forced sleep.

As discussed on tech-net@

Indent.

Refactor a little to remove huge indents.

Split huge monolithic functions for readability.

branches: 1.63.6;
don't attempt to create interfaces that exist and don't hide errors.

print something before sleeping so that a user like me can see
what the mysterious pause is.

branches: 1.61.6; 1.61.12;
Collapse <abckslash><newline> sequences in /etc/ifconfig.xxx files read
by /etc/rc.d/network. Fixes PR 41662 by Christoph Badura, which was
also reported independently by Jeremy C. Reed.

backout rev. 1.59. Will be re-done differently.

Do not flush routes if root file system is nfs mounted.
Fixes boot problem when the nfs server is in a different subnet.

Only start dhcpcd per interface if not running the full dhcpcd daemon.
Only stop dhcpcd pre interface if it's running for the interface.

Fixes PR bin/40320

branches: 1.57.2; 1.57.8;
eval arguments one more time so that quoting works.

Move default route configuration after interface alias address
configuration, in case people have default routes over aliased
addresses.

remove an unecessary "eval"

* Allow multiple commands in $ifconfig_xxN variables in rc.conf(5).
This may be done either by embedding newlines in the value,
or by using semicolons to represent line breaks (but not both at once).
* Allow shell quoting insode $ifconfig_xxN variables or /etc/ifconfig.xxN
files. This allows something like ifconfig_wi0="ssid 'my network'; dhcp"

Use absolute path for various /sbin tools.
This is consistent with several other rc.d scripts
and fixes problem with /sbin not in PATH.

(Tested several times for over three weeks, but not all
parts of this code were used by me.)

Allow per-interface DHCP configuration using dhcpcd via
ifconfig_xxN=dhcp or a dhcp line in /etc/ifconfig.xxN.

branches: 1.51.12; 1.51.14; 1.51.16;
Fix typo/mispelling in comment.

RFC 3879 deprecated the IPv6 site-local prefix (fec0::/10):
* remove all references to $ip6sitelocal and output a warning
message if the variable is defined.
* introduce $ip6uniquelocal (defaults to 'NO') that will control the
behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
will not be routed if the variable is ``NO'') as per RFC 4193.

Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.

PR/29317: ifconfig.if does not allow parameters with spaces

OKeyd by christos@

Make ifaliases_lo0 in rc.conf work just like other interfaces (instead of
being ignored). Also, when configuring aliases set as ifaliases_xxN,
print out the interface name and the alias address.

branches: 1.47.2;
Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5)
variables that may be set in /etc/rc.conf.d/CMD instead of /etc/rc.conf.
Fixes PR 20768 from Pavel Cahyna.

Use new style command substitution.

Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr

branches: 1.44.4;
Allow an IPv6 default route to be set from /etc/mygate6 or $defaultroute6.
Approved by itojun@.

revert previous; luke and matt want this as a separate script.

Add /etc/route.conf processing to add static routes. Removes one more
reason for netstart.local.

Revert last change for now. It causes hangs during system shutdown when
NFS filesystems are mounted.

Add keyword "shutdown" so that this script is really executed on system
shutdown to delete clone interfaces.

Automatically create and destroy cloning interfaces and sync IP Filter
immediately afterwards before bringing the interface up. This avoids
a small security gap existing in the previous scheme where IP Filter
was synced after all cloning interfaces were created and brought up.

branches: 1.38.2;
Sync ipf(4) after starting or stopping. This is necesarry to make filter
rules for dynamically created interfaces like pppoe(4) effective.

don't bother warning or supporting obsolete $ip6forwarding;
postinstall now checks for this

clean up warning

Improve information density of output -- add the dozen -reject routes
with "route -q" since they are always the same and convey no useful
information.

While we're here, use sysctl -qw instead of sysctl -w >/dev/null

Correct the "direction" of the barrier dependencies (DAEMON, LOGIN,
NETWORKING, and SERVERS) by specifying that certain things should
come BEFORE a given barrier, rather than having the barrier REQUIRE
a service. This allows scripts to be removed without having to
edit the barrier dependencies.

As discussed on tech-userlevel, and approved by Luke.

seperate -> separate

After itojun's recent RTF_CLONED and other changes, it's not necessary to
add a route from an alias address to 127.0.0.1, so remove that code.
It's still necessary to configure lo0 -> 127.0.0.1 though, so emphasize that.

comment correction: 127/8 must not leave the node (RFC1122)

move IPv6 mode/route configuration upwards, so that !rtsol in
/etc/ifconfig.* is meaningful.

extend /etc/ifconfig.xxN, for comment lines (#) and shell script
fragment (!). inspired by openbsd /etc/hostname.xxN.

add $ip6sitelocal, to control installation of reject route for fec0::/10.

More cautious about undefined hostname check in terms of what hostname(1)
returns.

I believe in that the facy nested quotes was intended to skip blank
lines, but am not sure it is allowed as a standard practice of the
/etc/ifconfig.xxN file.

un-break.

minor typo in previous

Shell programming police for sophistication; take #2. Handle the
case when the filename expansion results in no match more gracefully.
Far less costy than invoking a new process.

Shell programming police for sophistication. It's not necessary
to enclose `prog` backquote command substitution with double quotes
as it produces a quoted string. Other changes are pending this time.

- replace `IFS='.'; set -- $int; echo $2` with ${int##*.}
- can't use $configured_interfaces in network_stop(), so use `ifconfig -lu`
instead

- avoid -a or -o logical operator of test command as possible. They would
introduce syntaxical ambiguousity, and having concatenation with && or
|| costs nothing because our sh(1) has test(1) builtin.
- use elif construct to avoid dungling else-ifs.
- while-read construct does not need enclosed by a sub-shell.
- variable detection could be done in eval args=\$ifconfig_$int
- smart variable substitution occationally saves lines and extra command
invocations.

REQUIRE ipfilter and ipsec

fix comment on DAD wait

we need to sleep for IPv6 DAD period, before and after rtsol.
(they are for stability in boot-time configuration)
comment from perry.

the format without netmask is supported for compatibility only and not
specifying it is discouradged, actually
also add comments about this fact to etc/rc.d/network, for people who
don't read manpages :)

Build a list of cloning network interfaces to configure, as well
as normal interfaces.

reenable stop_cmd now that network doesn't get run at shutdown

remove ip6defaultif configuration. because:
- ndp is in /usr/sbin, chokes on NFS-mounted /usr installation
- the option is just for IPv6 specification geek, not for normal users

Don't warn that $hostname isn't set if the hostname is already set.

branches: 1.11.4;
Use load_rc_config() (from rc.subr) instead of sourcing /etc/rc.conf.
This allows us or a user to change the configuration file method in
one place - rc.subr - without having to edit all of the rc.d/* files.

do not let 127.0.0.0/8 leave the node. based on RFC1122.

Fix the last change so it doesn't fail due too a missing '; then'.

Don't warn about $hostname not being set if $dhclient == YES; it's quite
likely that we'll be getting the hostname via DHCP when it runs.

rtsol is not a daemon. rtsol.d should have been killed by rc.d/rtsold.
(correct me if i'm wrong)

make `stop' a no-op, so that the network doesn't disappear at an
inconvenient time during boot.

this may be fixed a different way in the long term... (not that the old
rc.shutdown supported stopping the network, or could i really see a
practical use for allowing it at this stage, but in the future someone
might want the functionality i've just disabled).

The file /etc/sysctl.conf is now run with sysctl -f at boot time.
This replaces the previous /etc/rc.d/sysctl. Also, the variables are now
set earlier, between ipf/ipnat and the network coming up.

The rc.conf defcorename and securelevel variables are no more. You can
set them directly in sysctl.conf now.

correct reject route installations for IPv6. improve comments.

disallow packets to malicious 6to4 prefix, based on
http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt

Fix the network_stop function so it doesn't fails due to missing ]['s.

branches: 1.1.1;
Initial revision

Trailing whitespace

Remove in-kernel handling of Router Advertisements

This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html

Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.

Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.

Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).

Add an "rtsol" keyword to ifconfig.if for enabling IPv6 RS/RA

rc.d/network: improve wording of waiting for DAD to finish

branches: 1.76.2;
only flush routes in stop routine if flushroutes is true, same as
the start up.

Allow rc.conf to setup resolv.conf via resolvconf(8).
This allows all static network config to be in rc.conf rather than
spread across files.

Remove dhclient from the base system.

Discussed here:
https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html

branches: 1.73.4; 1.73.6;

Revert previous - not a typo, even though it looks like one

PR misc/52370

Correct typo.

XXX pullup 8, pullup 7

branches: 1.71.8;
use kat, a version of cat that strips comments

Instead of waiting for a duration based in IPv6 DAD count sysctl,
wait for 15 seconds for tentative flags to clear allowing 5 seconds
for detached flags to clear as well from configured addresses.

This is now protocol independant and allows time for the interfaces to
work out if they have a carrier or not.

fix syntax error

Use checkyesnox to test rtsol as it has been removed including its
default configuration which we should not warn about.

Remove rtsol(8) and rtsold(8) as their functionality is in dhcpcd(8).
Remove rtsol(8) from rc.d/network.
Add -w seconds command to ifconfig to wait for N seconds for until DAD
has finished on all addresses.
Use ifconfig -w in rc.d/network instead of a forced sleep.

As discussed on tech-net@

Indent.

Refactor a little to remove huge indents.

Split huge monolithic functions for readability.

branches: 1.63.6;
don't attempt to create interfaces that exist and don't hide errors.

print something before sleeping so that a user like me can see
what the mysterious pause is.

branches: 1.61.6; 1.61.12;
Collapse <abckslash><newline> sequences in /etc/ifconfig.xxx files read
by /etc/rc.d/network. Fixes PR 41662 by Christoph Badura, which was
also reported independently by Jeremy C. Reed.

backout rev. 1.59. Will be re-done differently.

Do not flush routes if root file system is nfs mounted.
Fixes boot problem when the nfs server is in a different subnet.

Only start dhcpcd per interface if not running the full dhcpcd daemon.
Only stop dhcpcd pre interface if it's running for the interface.

Fixes PR bin/40320

branches: 1.57.2; 1.57.8;
eval arguments one more time so that quoting works.

Move default route configuration after interface alias address
configuration, in case people have default routes over aliased
addresses.

remove an unecessary "eval"

* Allow multiple commands in $ifconfig_xxN variables in rc.conf(5).
This may be done either by embedding newlines in the value,
or by using semicolons to represent line breaks (but not both at once).
* Allow shell quoting insode $ifconfig_xxN variables or /etc/ifconfig.xxN
files. This allows something like ifconfig_wi0="ssid 'my network'; dhcp"

Use absolute path for various /sbin tools.
This is consistent with several other rc.d scripts
and fixes problem with /sbin not in PATH.

(Tested several times for over three weeks, but not all
parts of this code were used by me.)

Allow per-interface DHCP configuration using dhcpcd via
ifconfig_xxN=dhcp or a dhcp line in /etc/ifconfig.xxN.

branches: 1.51.12; 1.51.14; 1.51.16;
Fix typo/mispelling in comment.

RFC 3879 deprecated the IPv6 site-local prefix (fec0::/10):
* remove all references to $ip6sitelocal and output a warning
message if the variable is defined.
* introduce $ip6uniquelocal (defaults to 'NO') that will control the
behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
will not be routed if the variable is ``NO'') as per RFC 4193.

Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.

PR/29317: ifconfig.if does not allow parameters with spaces

OKeyd by christos@

Make ifaliases_lo0 in rc.conf work just like other interfaces (instead of
being ignored). Also, when configuring aliases set as ifaliases_xxN,
print out the interface name and the alias address.

branches: 1.47.2;
Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5)
variables that may be set in /etc/rc.conf.d/CMD instead of /etc/rc.conf.
Fixes PR 20768 from Pavel Cahyna.

Use new style command substitution.

Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr

branches: 1.44.4;
Allow an IPv6 default route to be set from /etc/mygate6 or $defaultroute6.
Approved by itojun@.

revert previous; luke and matt want this as a separate script.

Add /etc/route.conf processing to add static routes. Removes one more
reason for netstart.local.

Revert last change for now. It causes hangs during system shutdown when
NFS filesystems are mounted.

Add keyword "shutdown" so that this script is really executed on system
shutdown to delete clone interfaces.

Automatically create and destroy cloning interfaces and sync IP Filter
immediately afterwards before bringing the interface up. This avoids
a small security gap existing in the previous scheme where IP Filter
was synced after all cloning interfaces were created and brought up.

branches: 1.38.2;
Sync ipf(4) after starting or stopping. This is necesarry to make filter
rules for dynamically created interfaces like pppoe(4) effective.

don't bother warning or supporting obsolete $ip6forwarding;
postinstall now checks for this

clean up warning

Improve information density of output -- add the dozen -reject routes
with "route -q" since they are always the same and convey no useful
information.

While we're here, use sysctl -qw instead of sysctl -w >/dev/null

Correct the "direction" of the barrier dependencies (DAEMON, LOGIN,
NETWORKING, and SERVERS) by specifying that certain things should
come BEFORE a given barrier, rather than having the barrier REQUIRE
a service. This allows scripts to be removed without having to
edit the barrier dependencies.

As discussed on tech-userlevel, and approved by Luke.

seperate -> separate

After itojun's recent RTF_CLONED and other changes, it's not necessary to
add a route from an alias address to 127.0.0.1, so remove that code.
It's still necessary to configure lo0 -> 127.0.0.1 though, so emphasize that.

comment correction: 127/8 must not leave the node (RFC1122)

move IPv6 mode/route configuration upwards, so that !rtsol in
/etc/ifconfig.* is meaningful.

extend /etc/ifconfig.xxN, for comment lines (#) and shell script
fragment (!). inspired by openbsd /etc/hostname.xxN.

add $ip6sitelocal, to control installation of reject route for fec0::/10.

More cautious about undefined hostname check in terms of what hostname(1)
returns.

I believe in that the facy nested quotes was intended to skip blank
lines, but am not sure it is allowed as a standard practice of the
/etc/ifconfig.xxN file.

un-break.

minor typo in previous

Shell programming police for sophistication; take #2. Handle the
case when the filename expansion results in no match more gracefully.
Far less costy than invoking a new process.

Shell programming police for sophistication. It's not necessary
to enclose `prog` backquote command substitution with double quotes
as it produces a quoted string. Other changes are pending this time.

- replace `IFS='.'; set -- $int; echo $2` with ${int##*.}
- can't use $configured_interfaces in network_stop(), so use `ifconfig -lu`
instead

- avoid -a or -o logical operator of test command as possible. They would
introduce syntaxical ambiguousity, and having concatenation with && or
|| costs nothing because our sh(1) has test(1) builtin.
- use elif construct to avoid dungling else-ifs.
- while-read construct does not need enclosed by a sub-shell.
- variable detection could be done in eval args=\$ifconfig_$int
- smart variable substitution occationally saves lines and extra command
invocations.

REQUIRE ipfilter and ipsec

fix comment on DAD wait

we need to sleep for IPv6 DAD period, before and after rtsol.
(they are for stability in boot-time configuration)
comment from perry.

the format without netmask is supported for compatibility only and not
specifying it is discouradged, actually
also add comments about this fact to etc/rc.d/network, for people who
don't read manpages :)

Build a list of cloning network interfaces to configure, as well
as normal interfaces.

reenable stop_cmd now that network doesn't get run at shutdown

remove ip6defaultif configuration. because:
- ndp is in /usr/sbin, chokes on NFS-mounted /usr installation
- the option is just for IPv6 specification geek, not for normal users

Don't warn that $hostname isn't set if the hostname is already set.

branches: 1.11.4;
Use load_rc_config() (from rc.subr) instead of sourcing /etc/rc.conf.
This allows us or a user to change the configuration file method in
one place - rc.subr - without having to edit all of the rc.d/* files.

do not let 127.0.0.0/8 leave the node. based on RFC1122.

Fix the last change so it doesn't fail due too a missing '; then'.

Don't warn about $hostname not being set if $dhclient == YES; it's quite
likely that we'll be getting the hostname via DHCP when it runs.

rtsol is not a daemon. rtsol.d should have been killed by rc.d/rtsold.
(correct me if i'm wrong)

make `stop' a no-op, so that the network doesn't disappear at an
inconvenient time during boot.

this may be fixed a different way in the long term... (not that the old
rc.shutdown supported stopping the network, or could i really see a
practical use for allowing it at this stage, but in the future someone
might want the functionality i've just disabled).

The file /etc/sysctl.conf is now run with sysctl -f at boot time.
This replaces the previous /etc/rc.d/sysctl. Also, the variables are now
set earlier, between ipf/ipnat and the network coming up.

The rc.conf defcorename and securelevel variables are no more. You can
set them directly in sysctl.conf now.

correct reject route installations for IPv6. improve comments.

disallow packets to malicious 6to4 prefix, based on
http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt

Fix the network_stop function so it doesn't fails due to missing ]['s.

branches: 1.1.1;
Initial revision

Remove in-kernel handling of Router Advertisements

This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html

Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.

Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.

Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).

Add an "rtsol" keyword to ifconfig.if for enabling IPv6 RS/RA

rc.d/network: improve wording of waiting for DAD to finish

branches: 1.76.2;
only flush routes in stop routine if flushroutes is true, same as
the start up.

Allow rc.conf to setup resolv.conf via resolvconf(8).
This allows all static network config to be in rc.conf rather than
spread across files.

Remove dhclient from the base system.

Discussed here:
https://mail-index.netbsd.org/tech-userlevel/2018/06/21/msg011233.html

branches: 1.73.4; 1.73.6;

Revert previous - not a typo, even though it looks like one

PR misc/52370

Correct typo.

XXX pullup 8, pullup 7

branches: 1.71.8;
use kat, a version of cat that strips comments

Instead of waiting for a duration based in IPv6 DAD count sysctl,
wait for 15 seconds for tentative flags to clear allowing 5 seconds
for detached flags to clear as well from configured addresses.

This is now protocol independant and allows time for the interfaces to
work out if they have a carrier or not.

fix syntax error

Use checkyesnox to test rtsol as it has been removed including its
default configuration which we should not warn about.

Remove rtsol(8) and rtsold(8) as their functionality is in dhcpcd(8).
Remove rtsol(8) from rc.d/network.
Add -w seconds command to ifconfig to wait for N seconds for until DAD
has finished on all addresses.
Use ifconfig -w in rc.d/network instead of a forced sleep.

As discussed on tech-net@

Indent.

Refactor a little to remove huge indents.

Split huge monolithic functions for readability.

branches: 1.63.6;
don't attempt to create interfaces that exist and don't hide errors.

print something before sleeping so that a user like me can see
what the mysterious pause is.

branches: 1.61.6; 1.61.12;
Collapse <abckslash><newline> sequences in /etc/ifconfig.xxx files read
by /etc/rc.d/network. Fixes PR 41662 by Christoph Badura, which was
also reported independently by Jeremy C. Reed.

backout rev. 1.59. Will be re-done differently.

Do not flush routes if root file system is nfs mounted.
Fixes boot problem when the nfs server is in a different subnet.

Only start dhcpcd per interface if not running the full dhcpcd daemon.
Only stop dhcpcd pre interface if it's running for the interface.

Fixes PR bin/40320

branches: 1.57.2; 1.57.8;
eval arguments one more time so that quoting works.

Move default route configuration after interface alias address
configuration, in case people have default routes over aliased
addresses.

remove an unecessary "eval"

* Allow multiple commands in $ifconfig_xxN variables in rc.conf(5).
This may be done either by embedding newlines in the value,
or by using semicolons to represent line breaks (but not both at once).
* Allow shell quoting insode $ifconfig_xxN variables or /etc/ifconfig.xxN
files. This allows something like ifconfig_wi0="ssid 'my network'; dhcp"

Use absolute path for various /sbin tools.
This is consistent with several other rc.d scripts
and fixes problem with /sbin not in PATH.

(Tested several times for over three weeks, but not all
parts of this code were used by me.)

Allow per-interface DHCP configuration using dhcpcd via
ifconfig_xxN=dhcp or a dhcp line in /etc/ifconfig.xxN.

branches: 1.51.12; 1.51.14; 1.51.16;
Fix typo/mispelling in comment.