Revert previous as it doesn't create additional lo(4) anymore

Reported by Andreas Bartelt on bugs@

Do not try to create physical interfaces

vifscreate() always creates all virtual interfaces up-front.

To check whether a given interface exists, ifstart() uses ifcreate()
which tries to create nonexistent ones.

Virtual ones are guaranteed to be present and physical ones cannot be
created, so replace the ifcreate() call with a simpler ifconfig test and
clarify the comment.

OK martijn afresh1

zap double space and needless line break

Prioritize lladdr over name/unit in hostname.if processing

When needed, lladdr is more precise and enduring.

Suggested by deraadt@
Many improvments and OK kn@

Add support configuring hostname.if(5) by lladdr

Original implementation by martijn@
Feedback and suggestions from kn@, sthen@, claudio@, florian@, and deraadt@.

ok deraadt

"need root privileges" is an error, print it on stderr"

Print full path in usage; OK jmc

Only load the SOII key if IPv6 is available

Possible now that IP6KERNERL is hoisted.
This also improves readability and zaps double negation logic.

Do not wait for DAD completion in dry-run mode

1. only do so when running without -n
2. move code to own wait_dad() helper like wait_autoconf_default() has it
3. use local _count as usual in both functions rather than the global count

Feedback OK claudio

Hoist only the feature check

Keep adding IPv6 routes after lo0 got an addres like before, meant to be
committed together with r1.223.

Fix comment: IPv6 link local addresses do not use SOII anymore

sys/netinet6/in6_ifattach.c r1.114 limited it to SLAAC addresses in 2019.

Improve shell style wrt. variable naming/boolean convention

The mixed use of upper and lower case variables is neither obvious nor
consistent.

PRINT_ONLY is local to netstart.
ip6kernel is local to netstart.
multicast gets sourced from rc.subr(8).

1. uppercase ip6kernel as is common for global variables in base scripts
2. use the simpler true/false idiom and default with the rest of
netstart-only variables, making it clearer that only `multicast=YES/NO'
comes from the rc environment
3. hoist kernel feature detection such that a later diff can load the SOII
key conditionally
4. zap obvious comment

OK aja

do not wait for autoconf in dry-run

If there is no default route but some interface has AUTOCONF, printing
what would be done still waits for... nothing to happen.

OK tb

Add required sh(1) to synopsis

Contrary to other scripts in base like rc.d(8) or MAKEDEV(8), netstart(8)
itself is not executable and must be passed as file to sh(1):
$ man -h netstart
/etc/netstart [-n] [interface ...]
$ /etc/netstart
ksh: /etc/netstart: cannot execute - Permission denied

Fix usage and synopsis to provide required usage:
$ man -h netsart
sh /etc/netstart [-n] [interface ...]

OK jmc

Fix synopsis, -n does not require an interface; OK jmc

Create virtual interfaces upfront if specified on the command line

In cases like `sh /etc/netstart pair1 pair2', one of hostname.pair{1,2}
will contain a "patch pair{2,1}" command which expects the other interface
to exist.

If none exist, this would fail and netstart had to be run separately or
"patch"ed interface had to be manually created before.

There are other use cases where interfaces depend on each other, so before
(re)configuring an explicit list of interfaces, create all virtual ones
upfront so that a single netstart invocation will configure everything
correctly without having reflect dependencies in multiple ordered netstart
invocations.

Copy isin() from install.sub to help.

Feedback OK halex

Wait for autoconf interfaces to come up in netstart(8) instead of
rc(8). This makes tunnel interfaces work that depend on working
autoconf interfaces.
OK deraadt

add some more tunnels to the list of interfaces that rely on routing.

Do not create loopback interfaces lo1, lo2, ... upfront. They are
automatically set up by the kernel when a routing domain is created.
An existing lo1 in rdomain 0 would prevent to add any interfaces
in rdomain 1.
OK kn@

Improve dubgging in /etc/netstart. Enable print only in ifcreate.
Add debugging output for ipv6 routes. Make localhost and multicast
code aware of the print only switch. Allow netstart -n to work
also if no interface is given.
OK kn@

As tim@ spotted, a use of V4_AUTOCONF crept in when the variable name
was actually V4_DHCPCONF from previous use. Rename all of the V4_DHCPCONF
to V4_AUTOCONF so everything uses the new name. ok and reminder about
the installer from tb@

switch to dhcpleased/resolvd in base
OK deraadt

Don't try to install a default route with route(8) later on if we are
using inet autoconf, like we do with "dhcp" and "inet6 autoconf".
OK kn

Allow the provision of dhclient(8) options on 'dhcp' lines in hostname.if(5)
files.

Usual man page help & ok jmc@

Avoid issuing pointless 'ifconfig <if> up' when processing 'dhcp' in
hostname.if files. dhclient(8) does that itself. Part of the
"further script optimizations" promised in r1.200 of netstart.

Tested & ok gnezdo@

Fix previous: use correct version of netstart and installer bits.

Add support for !command to mygate, so that netstart has a late opportunity
to perform network configuration (for example, "!route source -ifp em0")
Split mygate and myname manual pages (how did anyone ever believe these
are related), and perform hostname configuration much earlier in rc.
discussed with benno, claudio, jmc, etc etc, last version of !command
parser by tb

no more mobileip;
ok claudio deraadt

start wg with the other interfaces that rely on routing being up.

from Matt Dunwoodie and Jason A. Donenfeld

ok deraadt@

Revert the following commit as it breaks hostname.if(5) lines with a
backslash at the end for line continuation

Breaking long lines into multiple ones must still be possible and does
require to treat the backslash as an escape character.

Breakage reported by Mark Patruck <mark at wrapped dot cx >, thanks!

---
distrib/miniroot/install.sub revision 1.1151
etc/netstart revision 1.203
date: 2020/05/21 11:54:41; author: kn; state: Exp; lines: +2 -2;
Do not treat backslashe as an escape character in hostname.if(5) lines

ifstart() should always pass such lines unaltered, especially if they
contain "nwid" or "description" lines with arbitrary strings.

<bsdlisten at gmail dot com> reported SSIDs such as "Mike's" during
installation end as broken; this was because the installer escaped
the single quote using backslashes which ended up being treated as
escape characters much later during hostname.if parsing in netstart(8).

Ok deraadt

Fix stripcom() description wrt. comments not on their own line

Neither netstart's nor install.sub's (subtly different) implementations
remove trailing comments on lines not starting as a comment, e.g.,
lines like "up #not down" go through unaltered and without "#not down"
being removed.

Only lines *beginning* with the comment sign ("#") are stripped.

No functional change, just updating function descriptions.

Do not treat backslashe as an escape character in hostname.if(5) lines

ifstart() should always pass such lines unaltered, especially if they
contain "nwid" or "description" lines with arbitrary strings.

<bsdlisten at gmail dot com> reported SSIDs such as "Mike's" during
installation end as broken; this was because the installer escaped
the single quote using backslashes which ended up being treated as
escape characters much later during hostname.if parsing in netstart(8).

Ok deraadt

Do not redirect already quiet stdout for IPv6 reject routes

"route -q" already silences all standard output; if it still prints
something, that's a bug to fix in route.

OK bluhm

handle aggr(4) in the same way as trunk(4)

from brad@
ok bluhm@ claudio@ deraadt@

Historically /etc/netstart (and the equivalent code in the install
script) did 'ifconfig <if> down' before starting dhclient(8). This was
a way of ensuring old running copies of dhclient were killed before a
new one started. Current dhclient does not need this assist, so change
"ifconfig <if> down" to "ifconfig <if> up" pending further script
optimizations.

Similar to a 2014 attempt by halex@. Prompted by a misc@ report
from Kristjan Komlosi reporting hanging diskless setups.

ok halex@ kn@

netstart is used during system start, but also interactively.
Show proper error message if a regular user executes netstart.
Only do the privilege check if the id binary is available,
which might not be the case during diskless system startup.

ok deraadt, jasper, jca, krw, rpe (who wrote the same diff), sthen

Add a proper usage() function.

Suggested by and OK jmc.
OK tb

when -n is used, no need to spit out "Missing parameters." before
displaying usage();

ok tb

Lowercase 'usage' and group -n with interface in it.
From jmc@, ok tb@

Tweak comments.

OK tb

Write warning/error messages to stderr and end them with a fullstop.

OK tb

- use specific patterns when looping over /etc/hostname.if files
to skip backup or temp files.
- test if the patterns matched actual files
- warn if ifcreate() fails on an interface and continue with the
subsequent interfaces in the list instead of return'ing

OK dlg sthen tb

- Add descriptions for the new functions ifcreate() and vifscreate()
- In ifcreate() use the exit code of the {} block directly
- In vifscreate(), use the ifconfig -C output directly in the for _vif loop
- Remove superfluous and somewhat confusing comment

OK dlg kn sthen

create virtual interfaces before starting all interface config.

this resolves an ordering problem when adding pseudo interfaces to bridges

tweaks from kn@
ok mpi@ sthen@

Remove some special IPv4 in IPv6 mapped prefixes that are already rejected
by the ::0.0.0.0/96 reject route added to deny all IPv4 mapped addresses.
Makes the inet6 routing table almost fit in one screen.
OK benno@

Load RFC 7217 key material and generate if it does not already exist.

Add soii.key to changelist (pointed out by semarie) and mtree/special
(suggest by Craig Skinner).

OK naddy, sthen, rpe, tb

If -n is given, the netstart script should not (try to) set the default
route(s). Simply print the command(s) to be issued instead.

tweak & ok rpe

Remove HN_DIR variable and expand it in the only place it was used. It
currently serves no purpose.

ok rpe, agreement from deraadt and halex

Finally remove backwards compat code to support the 'rtsol' keyword
in hostname.if(5)

OK mpi@ deraadt@ florian@
OK jmc@ from doc perspective

Align ifstart() in netstart and install.sub.

- in netstart, rename _file to _hn referencing hostname.if files
- in install.sub switch ifstart() to be used with _if instead of
_hn as parameter

ok krw@ tb@

etc/netstart: use colon separator instead of dot with chown

OK jung@, deraadt@, jmc@

Change test from [] to [[]] and simplify pattern.

OK tb@, krw@ (for [[]])
Feedback and OK halex@

Replace hardcoded script name with ${0##*/}

OK tb@ halex@

Revert r1.170 and remove the id==0 check.
The id binary is not available in nfs diskless setups at this point.

reported by Andreas Kusalananda, thanks.
discussed with deraadt@

Remove last remnants of rtsol. IPv6 autoconfiguration of interfaces is now
done in ifstart(). Remove ipv6autoconf() and replace rtsolif with a boolean
variable V6_AUTOCONF. Replace dhcpif with a boolean variable V4_DHCPCONF.
Both are later used in defaultroute() to decide whether or not to configre
defaultroutes from /etc/mygate.

OK krw@

Do not try to delete a default route before adding it.

Now that route are automatically G/C with the address they are attached
to there's no reason to duplicate the kernel's job.

Fix a regression introduced with multipath default routes.

ok deraadt@

Unbreak netstart for multiple inteface configurations like trunk
or carp. Ensure that the noglob option is disabled at the end of
parse_hn_line() and ifstart().

Reported by Christer Solskogen and Stefan Wollny, thanks!

Introduce a new function parse_hn_line() that replaces the existing
hostname.if(5) parsing code in ifstart().
Add a -n option to netstart to only print the interface configuration
commands instead of executing them.
Add a HN_DIR variable, that points to the directory of the hostname.if
files (default /etc) that allows for future regression tests.

- add new parse_hn_line() function
- change ifstart()
- rename $if to $_if
- don't ifconfig or ifconfig create if -n option is used
- replace hostname.if(5) parsing code with new parse_hn_line()
- just print configuration commands if -n option is used
- autoconf now happens in ifstart(), remove ifv6autoconf()
- introduce HN_DIR variable for the hostname.if file location
- add handling of the -n option to only print config commands
- ensure -n is only used if interfaces are specified as parameters

Discussed with and positive feedback from many
'commit' deraadt@
OK sthen@

- localize the if, file and stat variables which also ensures that
variables are not named like commands.
- change test from [] to [[]]

OK tb@ halex@

Minimize differences in ifstart() function between netstart and
install.sub which makes it easier to spot changes in the future.

- comments and formatting
- quotes on assignments are not needed (netstart)
- remove stray space in test (netstart)
- use $file variable with while-loop (netstart)
- although valid, instead of i use $i in arithmetic test (install.sub)

OK krw@, tb@
Looks good deraadt@

Align comments of ifstart() function in netstart and install.sub.

Align comments of stripcom() function in netstart and install.sub.

Do not lose the default route when netstart(8) is run a second time on
the interface pointed to by the default route.

Since the kernel no longer keep routes with dangling address pointer,
netstart(8) has to re-add the default route when the corresponding ifa
has been deleted and re-created.

deraadt@ points out that even if the previous semantic was not necessarily
better, a script like netstart(8) cannot totally fix the default route
problem.

Regression reported by and fix tested by Hrvoje Popovski.

ksh foo checked by halex@

Delay switch(4) interface start up so it can attach virtual interfaces
like vether(4).

nits from and ok benno@, phessler@

print a clear error message when not ran as root instead of just falling
through and try whatever it can do with the invoking user's perms

feedback/ok aja@ rpe@

Do not consider tap(4) a special interface and start if before other
pseudo-interfaces.

This unbreak vlan(4) on top of tap(4) since the refactoring to turn it
MP-safe.

ok claudio@, deraadt@

Don't delete the 224/4 route in netstart, unless it's being done to ensure that
a -reject route can be added. Restores the ability to set an interface route
before daemons are started, lost during the previous simplification.
ok millert mpi

Remove backslash, not necessary after '&&'

OK halex@

Replace last remaining `` with $()

OK halex@

Drop the now useless multicast setup comment.

prodded by tim@, ok mpi@

Simplify multicast option handling (10 less lines) by matching /etc/rc behavior
towards other YES|NO options and drop the error warning.


with and ok tim@, ok rpe@ on an earlier diff

It does not make sense to insert a specific route for 224/4 when the
default one is good enough.

So merge rc.conf(8)'s 'multicast_router' and 'multicast_host' into a
single 'multicast'. If set to YES the reject route for 224/4 is not
inserted by netstart(8).

Manual bits from jmc@

ok henning@, ajacoutot@

Changes to ifautostart():
- Rename function to ifv6autoconf() to make IPv6 relation clearer
- Localize and rename variables

OK krw@

Changes to ifmstart():
- Change comments to make it clearer that ifmstart() takes two lists
of interface driver names (of which the second is optional) and not
the actual interface instances.
- Use localized variables and use slightly more verbose names.
- Use continue 2 to skip to the next hostname.if file.
- Use shell pattern @() instead of testing _sif individually.

OK krw@

Changes to stripcom():
- Align comments with /etc/rc version
- Use localized variables
- Use safer "print -r --" instead of plain echo

Changes to ifstart():
- Tweak comment
- Add usage

OK krw@

Start the rework of the /etc/netstart shell script.

General changes:
- apply a similar 'style' as used in the installer scripts
- improve comments to be more to the point, remove where code is obvious
- document usage of functions if they have arguments
- rename variables where it improves readability
- replace really old-school shell code with more contemporary idioms

Other changes:
- No need to care about "autoboot" because netstart doesn't inherit the
positional parameters from /etc/rc anymore. /etc/rc executes netstart
instead of sourcing it since r1.439.
- Use simpler for-loop to process list of interfaces with ifstart.

OK halex@

The hostname variable is not used since r1.99. Remove it and use
stripcom() output directly with the hostname command.

OK deraadt@ krw@

netstart bits for tap(4)

Don't print output when setting autoconf on interfaces. Suggested by deraadt,
ok florian@ rpe@

only print the "IPv6 autoconf" line if there are interfaces to configure
feedback/ok rpe

Set "inet6 autoconf" individually on interfaces that have rtsol set in
hostname.if, previously netstart tried to configure them all at once
("ifconfig if0 if1 if2 inet6 autoconf"). From Delan Azabani, ok phessler@

Disable Strict Bourne shell mode for /etc/rc and /etc/netstart to be
able to use ksh syntax within these scripts. This way init doesn't
need to be changed, which starts /etc/rc using /bin/sh and people
can still use "sh /etc/netstart ifname".

Idea from and OK halex@
OK deraadt@ krw@ guenther@

Bring up pflow last as it might send with a source address that is on
any of the other interfaces.
OK deraadt, phessler, benno

Always source rc.subr to be able to use the rc.conf parsing routine
to get the network related vars from rc.conf. This is even necessary
if netstart is run from within /etc/rc. Remove test of $INRC which
unintentionally evaluated always to true.

problem with previous change found by nigel@
OK sthen@ aja@ halex@

Revert 1.148 for now until I can talk to rpe@
It introduced a regression reported by nigel@

Replace test command with [].

OK halex@ krw@

Ensure, that we source rc.subr and parse rc.conf ONLY if we are not
inside /etc/rc.

With help from and OK halex@, ajacoutot@

- remove trailing blanks introduced in previous commit
- no space in redirections like </foo or >$bar
- few other minor whitespaces

OK krw@

Improve comments
- Add comments for functions
- Start comments with capital letters
- End comments with a full stop
- Allow comments to extend up to column 80

OK krw@

Allow rtsol keyword in hostname.if(5) with net.inet6.ip6.forwarding=1.
"inet6 autoconf" was working before and rtsol should behave the same.
OK phessler

The kernel handles rtsol(8) functionality since some time now.
Treat rtsol in hostname.if as a keyword like dhcp and call ifconfig
inet6 autoconf.
"reads good" todd@
OK krw@ (who is *not* an IPv6 person), but I recruited him in his
capacity as an installer person.

Revert 1.142. Without the down netstart will just print the ifconfig
output because it may end up just calling 'ifconfig $if'. This needs
to be done better and properly tested.

remove explicit 'down' of an interface before starting a dhcp request, thereby
avoiding annoying delays for some switch configurations

ok claudio@ deraadt@

i would add ok phessler@, but it was not valid without an ok krw@

Fix netstart after autoconf6 change so 'rtsol' lines in hostname.if work again.
found by pelikan@; ok pelikan@ henning@

Make rc.conf a parsed configuration file and stop sourcing it as a shell
script.
From now on rc.conf has a fixed syntax (key=val) and it is not allowed
to add anything to it besides the supported syntax, it all going to be
ignored.

discussed with and help from deraadt@ and halex@

Like for dhclient, do no create a route to alias addresses via 127.0.0.1.
Our stack is able to tell if the address is local or not.

ok todd@, krw@

fix lies in netstart; replacement wording from halex@
pointed out by Ryan Kavannagh rak at debian dot org

remove "Invalid interface name" message
requested by krw@

ok halex@

use the more compact version of the check for ifconfig'able interfaces
from install.sub

with feedback from and ok halex

- remove isalphanumeric() and replace it with a shell pattern, that
tries a bit harder to identify invalid interface names and in
this case emit an error message.
- use [[ $1 == autoboot ]] to avoid a shell error message due to
possible spaces in first argument
- no change in functionality

discussed with krw and halex
ok ("I like this") krw

The new ypbind changes requires that the domainname be set before
rc.conf is run. There's no real downside.
ok aja

Eliminate some $? tests by rolling the command into the condition

ok halex@

Add svlan(4) startup bits.
From markus@. OK naddy, claudio, reyk.

fix an unbalanced parenthesis in a comment; while here, split the comment
in a better place to make it more readable.

ok jmc@ and miod@

permit e.g. -inet6 syntax by slurping all lines not just some
noticed by rhsv6 at hushmail dot com, ok sthen@

when setting up lo0 use 127.0.0.1/8 instead of 127.0.0.1 for clarity and
correctness. it's not 1992 any more, kids. ok mcbride dlg krw

o stop reordering ifconfig arguments (e.g. after 'up ..')
o only stop processing if inet or inet6 lines are malformed
o everything not a specially handled bit is passed to ifconfig unmangled
noticed by several after the move from bridgename.bridge0 -> hostname.bridge0
prodded by deraadt@, tested by and feedback from several
man page bits 'look fine' jmc@

Stop supporting bridgename.bridge* files, and move to hostname.bridge*
files. To cope with this change, read about the mv command.
ok claudio todd

change variable i to $i in an expression of ifstart() for consistency
with the rest of the file. no functional change.

feedback from sthen@, ok krw@

Delay creation of tun(4) interfaces until the underlying interface and
routes are available. This fixes usage for some OpenVPN users that start
it from hostname.tun*.

Tested by Johan Huldtgren. ok sthen@, johan@.

delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed.
ok fries, hshoexer, claudio

Tools from /usr may not be used in netstart since it may be NFS-mounted
and not available at that time. Rewrite the hostname.if permission check
to use only /bin/ls and the shell. Requested by deraadt.

ok todd, "Twisted." deraadt

Prevent warning about insecure hostnames where no /etc/hostname.*
exists. From wcmaier@.

Check target of symbolic links to avoid noise at boot and in
seucrity output where you have several interfaces symlinked to one
config file.

"If you think this is the right thing to do" deraadt@

warn once not 3 times in case of a non existent file, discussed with deraadt
originally pointed out by Johan Torin

Ensure that hostname.* files are also re-chowned to root.wheel at each
boot as discussed with claudio while eating tasty donairs. ok todd

before using them, force hostname.* files to be unreadable by world
first version from todd, ok millert

Execute rtsol after turning up trunk(4) and vlan(4) interfaces so they're
taken into consideration for rtsol.

ok reyk@ dlg@

Do not bring up pfsync(4) before the working ruleset
has been loaded. Otherwise, states that are received during the
initial bulk update mismatch the correct pf-checksum and
do not attach to the rules.
Problem identified by david@. Fix done in collaboration.
OK henning@

move the delay for IPv6 DAD to after all interfaces have started
fixes problems with daemons being unable to bind to all addreses at boot
ok itojun@ hshoexer@

reject multicast packet without scope identifier specified.

do not add an extra space; nwid and description come out wrong
fix as proposed by maja@, thanks!

nuke extra whitespace

multicast_host=YES only works if a valid default gateway is available.
validate this condition and reject multicast traffic on failure.

ok todd@ naddy@

fix inspired by pr#4590
ok krw@

better logic from krw@:
- do not process mygate for v4 if dhcp
- do not process mygate for v6 if rtsol
this also makes the mygate processing logic more readable
ok krw@

add v6 support for /etc/mygate
ok deraadt@ mickey@ krw@
same functionality tested/ok'ed by by mickey, brad, matthieu, and me
with this one may now put a v6 IP in /etc/mygate on a separate line from
the v4 default gateway and netstart will do the right thing

shrink stripcom(), sync with install.sub
ok krw@

trunk must be started after physical ethernet devices, but before vlan.
populate ifmstart lines accordingly.
prodded/tested by brad@
ok reyk@

use eval consistently, fixes description quotes on rtsol and dhcp
fix inspired by and closes pr 4495
ok krw@

Introduce 'ifmstart' to deal with starting multiple interfaces minus a list
of interfaces.

This reduces the netstart script by 174 chars, 13 words, and 19 lines, but
more importantly, makes it more simple and less cluttered should more special
case/orderings be needed.

ok brad@ and pr 4197 submitter, inspired by and closes pr 4197

unbreak; ok pval@

if dhcp is used to get an address on any interface, ignore /etc/mygate
ok krw
(this lets us do something rather cool with the zaurus in particular)

Bring up the carp(4) interface before default route.

ok pascoe@ mpf@

Add a copy of stripcom so /etc/netstart can be run standalone again.
OK deraadt@

Allow comments in /etc/{myname,mygate,defaultdomain}; OK deraadt@

remove "route $hostname 127.0.0.1" line. deraadt ok
*** please update /etc/netstart and test if it works ok for you ***

make all route commands use -qn; ok mcbride henning

one last route command lacking -qn

Make sure pfsync is brought up before carp.

ok deraadt@

Delay pfsync(4) configuration, as the syncif has to be configured in
advance. From Thorsten Lockert.

ok, it took quite a bit of prodding but itojun finally explained why the
extra sleep 1 is in here, and we came to the conclusion it is safe to
delete it. whee.

repair v6 lo0 documentation

add loopback routes late

create all routes with -q; markus ok

Need to do "ifconfig create" for bridge interfaces too.

add support for ifconfig clone; from netbsd; ok deraadt, henning

delay carp initialization until after physical interfaces are configured
ok mcbride@ henning@ deraadt@ todd@

only try to set hostname to what /etc/myname says if that file actually exists,
otherwise preserve `hostname`
netbooted machines can live perfectly fine without it; they get their hostname
earlier.

ok krw@ cedric@

Fix up some DNS verbiage to make it consistant.

Fix up default route selection by

a) Forcing user to explicitly chose 'dhcp' as a mechanism for
specifying a default route, rather than guessing based on one or more
interfaces being configured by dhcp.

b) If the user specified default route does not work, re-present the
existing default route rather than losing it.

c) Move default route selection to after nameserver activation so the
user can specify a hostname as the default route.

Change /etc/netstart so that /etc/mygate wins if a default route was
already specified (i.e. by dhcp).

ok deraadt@.

ignore non-existent cases where '$if' evaluates to '*'.
From Andr� Lucas <andre@ae-35.com>, fixes pr # 2658.
'Looks good' from miod@, millert@, and krw@.

re-add support for $if expansion; hamajima@nagoya.ydc.co.jp

Change the network components initialization order.
Change from:
o all interfaces
o all bridges
o routes
to:
o physical interfaces
o routes
o gif and gre interfaces
o bridges

Fixeski PR #2400.
Manual page updates coming soon.
Ok angelos@ chris@ deraadt@

a space before a redirect

Also, source /etc/rc.conf so we can pull in the
multicast_host/multicast_router settings; this is useful if one
flushes the routing table and re-initializes.

We really need a netconfig tool of sorts.

Use "route -n show -inet" to determine the default multicast iface.

pull in rc.conf early so that pf(1) startup is right; tested by jasoni, comments from millert

Remove ipf. Darren Reed has interpreted his (old, new, whichever)
licence in a way that makes ipf not free according to the rules we
established over 5 years ago, at www.openbsd.org/goals.html (and those
same basic rules govern the other *BSD projects too). Specifically,
Darren says that modified versions are not permitted. But software
which OpenBSD uses and redistributes must be free to all (be they
people or companies), for any purpose they wish to use it, including
modification, use, peeing on, or even integration into baby mulching
machines or atomic bombs to be dropped on Australia. Furthermore, we
know of a number of companies using ipf with modification like us, who
are now in the same situation, and we hope that some of them will work
with us to fill this gap that now exists in OpenBSD (temporarily, we
hope).

spelling; maurice@maurice.wan.nl

ignore blank lines in addition to comments
fixes pr#1660 from wilfried@telia.com .. Thanks!

support !command in bridgename.if files, too

Use -n to test if a variable is non-zero. Otherwise, if the variable's
contents start with a '-' test becomes unhappy (since it interprets it
as another option).

This fixes pr 1481, we now handle args > 6 in /etc/hostname.if in the
cases where we did not previously handle them.
Thanks to Scott Atwood <atwood@cs.stanford.edu> for reminding us of this.

subtle bug .. global variables in a while loop need reset 'just incase'
With:
hostname.fxp0 having a last line of:
inet6 alias 3ffe:...
and hostname.gif0 having a first two lines of:
giftunnel 1.2.3.4
dest 1.2.4.3
We end up with the command:
ifconfig gif0 giftunnel alias 1.2.3.4 1.2.4.3
.. which is clearly wrong and fixed by this change

rc.conf now parses ${local_rcconf} internally; closes pr 1259

fix dhcp 'NONE' ness from install to allow media parsing to work
.. ok deraadt@, millert@

rc.conf.local support, inspired by chuck yerkes

Remove the -E flag from ipf as it is implicitly enabled and using
the -E flag here causes the kernel to printf 'IP Filter: already
initialized'.

silence all extra route addition printouts

correct reject route installations for IPv6. improve comments.

disallow packets to malicious 6to4 prefix, based on
http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt

fix non behavior
with this `!' lines in /etc/hostname.* run even without certain lines
(like a comment) preceeding it.

allow arbitrary commands in /etc/hostname.* files if the line starts with '!'

rtsol case can configure the interface up, since it would be nice to finish
DAD before the actual rtsol(8) run happens later. and since it will rtsol,
it is going to be up in any case.

one more indentation fix.

indentation fix (todd's part)

fix rtsold case, reset cmd for each iteration!

allow options after "rtsol".
XXX both "dhcp" and "rtsol" has keyword *down* at the end. is it okay?

echo "IPv6 autoconf: interfaces" before invoking rtsol.
sleep for net.inet6.ip6.dad_count seconds to ensure that IPv6 DAD is completed.
TODO: rtsold (rc.conf line), manpage

ipv6 autoconf on hosts (non-routers).

to do this,
1. in sysctl.conf, add these lines:
net.inet6.ip6.forwarding=0
net.inet6.ip6.accept_rtadv=1
2. in hostname.foo, add
rtsol

specifying two or more interfaces with "rtsol" may result in strange
behavior - ipv6 spec does not permit multi-interface node to be autoconfig'ed.

add to hostname.* parsing:
- multiple entries support (read: aliases)
- inet6 support
- support for comments (#)
(look for hostname.if(5) commit for syntax details)

install IPv6 reject routes only if kernel is capable of IPv6.

avoid transmitting invalid IPv6 packets out to the wire.

do not perform IPv6 initialization for loopback interface.
MUST make lo0 up before any IPv6 operations.
it will be considered a pilot error if you don't.
(I prefer to have lo0 initialized automatically)

support # characters in bridgename.* files; millert

cleanup parsing of hostname.* files, and seperate bridge control into
bridgename.* files; all documented in new hostname.if(5) and
bridgename.if(5) man pages

Only parse/setup the hostname.foo file if interface foo exists (this
is useful for laptops with different ethernet cards etc.)

New multicast route setup style

Add bridge interface handling

Add support in /etc/hostname.xxx for files of the format:
up [options]
Any of the following may or may not be set:
$name $mask $bcaddr $extras

Kill the awful hack used to match and split /etc/hostname.* We now use
a function, isalphanumeric, to determine whether an interface name is
likely to be valid. This means that things like /etc/hostname.le0.bak,
/etc/hostname.le0#, /etc/hostname.le0~, etc. will be ignored as they
should. There is no longer an implicate assumption that /etc/hostname.*
only contains a single '.'.

move ipnat to end of netstart, to support dhcp+ipnat

apply media directives on dhcp interfaces

better way of handling dhcp client; Jason Ish <jbi130@mail.usask.ca>

dhcp client stuff. "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

You can't use -interface default when there's no default gateway
set (yet). Use -interface $hostname if mygate doesn't exist so that
this actually works on routers.

put 224 route on default, to avoid a hostname lookup

use route -n, what the heck

s/^nat/ipnat/

remove trailing blank line

ipforward is in sysctl.conf now

ugh

ipforwarding option in rc.conf

NAT requires IPF

kill spaces at ends of lines; m4

set hostname/domainname before running rc.conf; m4@umn.edu

fork netstart; new child is rc.conf

Explicately pass -host flag to route(8) to avoid confusion with networks.

Add hook for rpc.lockd, make nfsd flags settable in netstart

Make quotas optional; wedged into netstart for the time being.
/etc/rc.conf, anyone?

do not run routed by default

Move configuration of loopback interface to before all other interfaces.
Allows the use of local caching-only nameserver with no "nameserver"
entry in /etc/resolv.conf to configure a route between the hostname
and loopback.

earlier start of keymanagement

make amd use /tmp_mnt by default

start the photuris daemon per default. hilfe.

Put in hooks to start ypserv with flags

Put in hooks to start rpc.yppasswdd with flags

kill route flush until .. hmm kernel routing socket bug or something

add NAT startup

flush all old routes before adding new interfaces or routes.
ref: netbsd pr3228/misc, Matthias Scheler

fix typo

add default route before fiddling with loopback route to avoid DNS problems; m4@umn.edu, #97

do ifaliases after /usr/bin exists in nfs diskless env; pr#77, matthieu@laas.fr

timed off by default

rfc1323 variable

control portmap, inetd, and lpd from netstart; idea from tqbf@enteract.com

224.0.0.0 not 0.0.0.224; from peter@demon.net

move std stuff from rc.local to rc

install sample commented /etc/ifaliases file; which can now contain #
comments and blank lines. new format is "interface address netmask"
(yes, i changed the order of the entries). inspired by netbsd pr#2474;
gillhaa@ghost.whirlpool.com

Install a multicast route by default

sync & label

added IP filter to netstat/rc and put examples in /usr/share/ipf

from netbsd: start mrouted like routed

/etc/ifaliases support by randy@zyzzyva.com

branches: 1.1.1;
Initial revision

Revert previous as it doesn't create additional lo(4) anymore

Reported by Andreas Bartelt on bugs@

Do not try to create physical interfaces

vifscreate() always creates all virtual interfaces up-front.

To check whether a given interface exists, ifstart() uses ifcreate()
which tries to create nonexistent ones.

Virtual ones are guaranteed to be present and physical ones cannot be
created, so replace the ifcreate() call with a simpler ifconfig test and
clarify the comment.

OK martijn afresh1

zap double space and needless line break

Prioritize lladdr over name/unit in hostname.if processing

When needed, lladdr is more precise and enduring.

Suggested by deraadt@
Many improvments and OK kn@

Add support configuring hostname.if(5) by lladdr

Original implementation by martijn@
Feedback and suggestions from kn@, sthen@, claudio@, florian@, and deraadt@.

ok deraadt

"need root privileges" is an error, print it on stderr"

Print full path in usage; OK jmc

Only load the SOII key if IPv6 is available

Possible now that IP6KERNERL is hoisted.
This also improves readability and zaps double negation logic.

Do not wait for DAD completion in dry-run mode

1. only do so when running without -n
2. move code to own wait_dad() helper like wait_autoconf_default() has it
3. use local _count as usual in both functions rather than the global count

Feedback OK claudio

Hoist only the feature check

Keep adding IPv6 routes after lo0 got an addres like before, meant to be
committed together with r1.223.

Fix comment: IPv6 link local addresses do not use SOII anymore

sys/netinet6/in6_ifattach.c r1.114 limited it to SLAAC addresses in 2019.

Improve shell style wrt. variable naming/boolean convention

The mixed use of upper and lower case variables is neither obvious nor
consistent.

PRINT_ONLY is local to netstart.
ip6kernel is local to netstart.
multicast gets sourced from rc.subr(8).

1. uppercase ip6kernel as is common for global variables in base scripts
2. use the simpler true/false idiom and default with the rest of
netstart-only variables, making it clearer that only `multicast=YES/NO'
comes from the rc environment
3. hoist kernel feature detection such that a later diff can load the SOII
key conditionally
4. zap obvious comment

OK aja

do not wait for autoconf in dry-run

If there is no default route but some interface has AUTOCONF, printing
what would be done still waits for... nothing to happen.

OK tb

Add required sh(1) to synopsis

Contrary to other scripts in base like rc.d(8) or MAKEDEV(8), netstart(8)
itself is not executable and must be passed as file to sh(1):
$ man -h netstart
/etc/netstart [-n] [interface ...]
$ /etc/netstart
ksh: /etc/netstart: cannot execute - Permission denied

Fix usage and synopsis to provide required usage:
$ man -h netsart
sh /etc/netstart [-n] [interface ...]

OK jmc

Fix synopsis, -n does not require an interface; OK jmc

Create virtual interfaces upfront if specified on the command line

In cases like `sh /etc/netstart pair1 pair2', one of hostname.pair{1,2}
will contain a "patch pair{2,1}" command which expects the other interface
to exist.

If none exist, this would fail and netstart had to be run separately or
"patch"ed interface had to be manually created before.

There are other use cases where interfaces depend on each other, so before
(re)configuring an explicit list of interfaces, create all virtual ones
upfront so that a single netstart invocation will configure everything
correctly without having reflect dependencies in multiple ordered netstart
invocations.

Copy isin() from install.sub to help.

Feedback OK halex

Wait for autoconf interfaces to come up in netstart(8) instead of
rc(8). This makes tunnel interfaces work that depend on working
autoconf interfaces.
OK deraadt

add some more tunnels to the list of interfaces that rely on routing.

Do not create loopback interfaces lo1, lo2, ... upfront. They are
automatically set up by the kernel when a routing domain is created.
An existing lo1 in rdomain 0 would prevent to add any interfaces
in rdomain 1.
OK kn@

Improve dubgging in /etc/netstart. Enable print only in ifcreate.
Add debugging output for ipv6 routes. Make localhost and multicast
code aware of the print only switch. Allow netstart -n to work
also if no interface is given.
OK kn@

As tim@ spotted, a use of V4_AUTOCONF crept in when the variable name
was actually V4_DHCPCONF from previous use. Rename all of the V4_DHCPCONF
to V4_AUTOCONF so everything uses the new name. ok and reminder about
the installer from tb@

switch to dhcpleased/resolvd in base
OK deraadt

Don't try to install a default route with route(8) later on if we are
using inet autoconf, like we do with "dhcp" and "inet6 autoconf".
OK kn

Allow the provision of dhclient(8) options on 'dhcp' lines in hostname.if(5)
files.

Usual man page help & ok jmc@

Avoid issuing pointless 'ifconfig <if> up' when processing 'dhcp' in
hostname.if files. dhclient(8) does that itself. Part of the
"further script optimizations" promised in r1.200 of netstart.

Tested & ok gnezdo@

Fix previous: use correct version of netstart and installer bits.

Add support for !command to mygate, so that netstart has a late opportunity
to perform network configuration (for example, "!route source -ifp em0")
Split mygate and myname manual pages (how did anyone ever believe these
are related), and perform hostname configuration much earlier in rc.
discussed with benno, claudio, jmc, etc etc, last version of !command
parser by tb

no more mobileip;
ok claudio deraadt

start wg with the other interfaces that rely on routing being up.

from Matt Dunwoodie and Jason A. Donenfeld

ok deraadt@

Revert the following commit as it breaks hostname.if(5) lines with a
backslash at the end for line continuation

Breaking long lines into multiple ones must still be possible and does
require to treat the backslash as an escape character.

Breakage reported by Mark Patruck <mark at wrapped dot cx >, thanks!

---
distrib/miniroot/install.sub revision 1.1151
etc/netstart revision 1.203
date: 2020/05/21 11:54:41; author: kn; state: Exp; lines: +2 -2;
Do not treat backslashe as an escape character in hostname.if(5) lines

ifstart() should always pass such lines unaltered, especially if they
contain "nwid" or "description" lines with arbitrary strings.

<bsdlisten at gmail dot com> reported SSIDs such as "Mike's" during
installation end as broken; this was because the installer escaped
the single quote using backslashes which ended up being treated as
escape characters much later during hostname.if parsing in netstart(8).

Ok deraadt

Fix stripcom() description wrt. comments not on their own line

Neither netstart's nor install.sub's (subtly different) implementations
remove trailing comments on lines not starting as a comment, e.g.,
lines like "up #not down" go through unaltered and without "#not down"
being removed.

Only lines *beginning* with the comment sign ("#") are stripped.

No functional change, just updating function descriptions.

Do not treat backslashe as an escape character in hostname.if(5) lines

ifstart() should always pass such lines unaltered, especially if they
contain "nwid" or "description" lines with arbitrary strings.

<bsdlisten at gmail dot com> reported SSIDs such as "Mike's" during
installation end as broken; this was because the installer escaped
the single quote using backslashes which ended up being treated as
escape characters much later during hostname.if parsing in netstart(8).

Ok deraadt

Do not redirect already quiet stdout for IPv6 reject routes

"route -q" already silences all standard output; if it still prints
something, that's a bug to fix in route.

OK bluhm

handle aggr(4) in the same way as trunk(4)

from brad@
ok bluhm@ claudio@ deraadt@

Historically /etc/netstart (and the equivalent code in the install
script) did 'ifconfig <if> down' before starting dhclient(8). This was
a way of ensuring old running copies of dhclient were killed before a
new one started. Current dhclient does not need this assist, so change
"ifconfig <if> down" to "ifconfig <if> up" pending further script
optimizations.

Similar to a 2014 attempt by halex@. Prompted by a misc@ report
from Kristjan Komlosi reporting hanging diskless setups.

ok halex@ kn@

netstart is used during system start, but also interactively.
Show proper error message if a regular user executes netstart.
Only do the privilege check if the id binary is available,
which might not be the case during diskless system startup.

ok deraadt, jasper, jca, krw, rpe (who wrote the same diff), sthen

Add a proper usage() function.

Suggested by and OK jmc.
OK tb

when -n is used, no need to spit out "Missing parameters." before
displaying usage();

ok tb

Lowercase 'usage' and group -n with interface in it.
From jmc@, ok tb@

Tweak comments.

OK tb

Write warning/error messages to stderr and end them with a fullstop.

OK tb

- use specific patterns when looping over /etc/hostname.if files
to skip backup or temp files.
- test if the patterns matched actual files
- warn if ifcreate() fails on an interface and continue with the
subsequent interfaces in the list instead of return'ing

OK dlg sthen tb

- Add descriptions for the new functions ifcreate() and vifscreate()
- In ifcreate() use the exit code of the {} block directly
- In vifscreate(), use the ifconfig -C output directly in the for _vif loop
- Remove superfluous and somewhat confusing comment

OK dlg kn sthen

create virtual interfaces before starting all interface config.

this resolves an ordering problem when adding pseudo interfaces to bridges

tweaks from kn@
ok mpi@ sthen@

Remove some special IPv4 in IPv6 mapped prefixes that are already rejected
by the ::0.0.0.0/96 reject route added to deny all IPv4 mapped addresses.
Makes the inet6 routing table almost fit in one screen.
OK benno@

Load RFC 7217 key material and generate if it does not already exist.

Add soii.key to changelist (pointed out by semarie) and mtree/special
(suggest by Craig Skinner).

OK naddy, sthen, rpe, tb

If -n is given, the netstart script should not (try to) set the default
route(s). Simply print the command(s) to be issued instead.

tweak & ok rpe

Remove HN_DIR variable and expand it in the only place it was used. It
currently serves no purpose.

ok rpe, agreement from deraadt and halex

Finally remove backwards compat code to support the 'rtsol' keyword
in hostname.if(5)

OK mpi@ deraadt@ florian@
OK jmc@ from doc perspective

Align ifstart() in netstart and install.sub.

- in netstart, rename _file to _hn referencing hostname.if files
- in install.sub switch ifstart() to be used with _if instead of
_hn as parameter

ok krw@ tb@

etc/netstart: use colon separator instead of dot with chown

OK jung@, deraadt@, jmc@

Change test from [] to [[]] and simplify pattern.

OK tb@, krw@ (for [[]])
Feedback and OK halex@

Replace hardcoded script name with ${0##*/}

OK tb@ halex@

Revert r1.170 and remove the id==0 check.
The id binary is not available in nfs diskless setups at this point.

reported by Andreas Kusalananda, thanks.
discussed with deraadt@

Remove last remnants of rtsol. IPv6 autoconfiguration of interfaces is now
done in ifstart(). Remove ipv6autoconf() and replace rtsolif with a boolean
variable V6_AUTOCONF. Replace dhcpif with a boolean variable V4_DHCPCONF.
Both are later used in defaultroute() to decide whether or not to configre
defaultroutes from /etc/mygate.

OK krw@

Do not try to delete a default route before adding it.

Now that route are automatically G/C with the address they are attached
to there's no reason to duplicate the kernel's job.

Fix a regression introduced with multipath default routes.

ok deraadt@

Unbreak netstart for multiple inteface configurations like trunk
or carp. Ensure that the noglob option is disabled at the end of
parse_hn_line() and ifstart().

Reported by Christer Solskogen and Stefan Wollny, thanks!

Introduce a new function parse_hn_line() that replaces the existing
hostname.if(5) parsing code in ifstart().
Add a -n option to netstart to only print the interface configuration
commands instead of executing them.
Add a HN_DIR variable, that points to the directory of the hostname.if
files (default /etc) that allows for future regression tests.

- add new parse_hn_line() function
- change ifstart()
- rename $if to $_if
- don't ifconfig or ifconfig create if -n option is used
- replace hostname.if(5) parsing code with new parse_hn_line()
- just print configuration commands if -n option is used
- autoconf now happens in ifstart(), remove ifv6autoconf()
- introduce HN_DIR variable for the hostname.if file location
- add handling of the -n option to only print config commands
- ensure -n is only used if interfaces are specified as parameters

Discussed with and positive feedback from many
'commit' deraadt@
OK sthen@

- localize the if, file and stat variables which also ensures that
variables are not named like commands.
- change test from [] to [[]]

OK tb@ halex@

Minimize differences in ifstart() function between netstart and
install.sub which makes it easier to spot changes in the future.

- comments and formatting
- quotes on assignments are not needed (netstart)
- remove stray space in test (netstart)
- use $file variable with while-loop (netstart)
- although valid, instead of i use $i in arithmetic test (install.sub)

OK krw@, tb@
Looks good deraadt@

Align comments of ifstart() function in netstart and install.sub.

Align comments of stripcom() function in netstart and install.sub.

Do not lose the default route when netstart(8) is run a second time on
the interface pointed to by the default route.

Since the kernel no longer keep routes with dangling address pointer,
netstart(8) has to re-add the default route when the corresponding ifa
has been deleted and re-created.

deraadt@ points out that even if the previous semantic was not necessarily
better, a script like netstart(8) cannot totally fix the default route
problem.

Regression reported by and fix tested by Hrvoje Popovski.

ksh foo checked by halex@

Delay switch(4) interface start up so it can attach virtual interfaces
like vether(4).

nits from and ok benno@, phessler@

print a clear error message when not ran as root instead of just falling
through and try whatever it can do with the invoking user's perms

feedback/ok aja@ rpe@

Do not consider tap(4) a special interface and start if before other
pseudo-interfaces.

This unbreak vlan(4) on top of tap(4) since the refactoring to turn it
MP-safe.

ok claudio@, deraadt@

Don't delete the 224/4 route in netstart, unless it's being done to ensure that
a -reject route can be added. Restores the ability to set an interface route
before daemons are started, lost during the previous simplification.
ok millert mpi

Remove backslash, not necessary after '&&'

OK halex@

Replace last remaining `` with $()

OK halex@

Drop the now useless multicast setup comment.

prodded by tim@, ok mpi@

Simplify multicast option handling (10 less lines) by matching /etc/rc behavior
towards other YES|NO options and drop the error warning.


with and ok tim@, ok rpe@ on an earlier diff

It does not make sense to insert a specific route for 224/4 when the
default one is good enough.

So merge rc.conf(8)'s 'multicast_router' and 'multicast_host' into a
single 'multicast'. If set to YES the reject route for 224/4 is not
inserted by netstart(8).

Manual bits from jmc@

ok henning@, ajacoutot@

Changes to ifautostart():
- Rename function to ifv6autoconf() to make IPv6 relation clearer
- Localize and rename variables

OK krw@

Changes to ifmstart():
- Change comments to make it clearer that ifmstart() takes two lists
of interface driver names (of which the second is optional) and not
the actual interface instances.
- Use localized variables and use slightly more verbose names.
- Use continue 2 to skip to the next hostname.if file.
- Use shell pattern @() instead of testing _sif individually.

OK krw@

Changes to stripcom():
- Align comments with /etc/rc version
- Use localized variables
- Use safer "print -r --" instead of plain echo

Changes to ifstart():
- Tweak comment
- Add usage

OK krw@

Start the rework of the /etc/netstart shell script.

General changes:
- apply a similar 'style' as used in the installer scripts
- improve comments to be more to the point, remove where code is obvious
- document usage of functions if they have arguments
- rename variables where it improves readability
- replace really old-school shell code with more contemporary idioms

Other changes:
- No need to care about "autoboot" because netstart doesn't inherit the
positional parameters from /etc/rc anymore. /etc/rc executes netstart
instead of sourcing it since r1.439.
- Use simpler for-loop to process list of interfaces with ifstart.

OK halex@

The hostname variable is not used since r1.99. Remove it and use
stripcom() output directly with the hostname command.

OK deraadt@ krw@

netstart bits for tap(4)

Don't print output when setting autoconf on interfaces. Suggested by deraadt,
ok florian@ rpe@

only print the "IPv6 autoconf" line if there are interfaces to configure
feedback/ok rpe

Set "inet6 autoconf" individually on interfaces that have rtsol set in
hostname.if, previously netstart tried to configure them all at once
("ifconfig if0 if1 if2 inet6 autoconf"). From Delan Azabani, ok phessler@

Disable Strict Bourne shell mode for /etc/rc and /etc/netstart to be
able to use ksh syntax within these scripts. This way init doesn't
need to be changed, which starts /etc/rc using /bin/sh and people
can still use "sh /etc/netstart ifname".

Idea from and OK halex@
OK deraadt@ krw@ guenther@

Bring up pflow last as it might send with a source address that is on
any of the other interfaces.
OK deraadt, phessler, benno

Always source rc.subr to be able to use the rc.conf parsing routine
to get the network related vars from rc.conf. This is even necessary
if netstart is run from within /etc/rc. Remove test of $INRC which
unintentionally evaluated always to true.

problem with previous change found by nigel@
OK sthen@ aja@ halex@

Revert 1.148 for now until I can talk to rpe@
It introduced a regression reported by nigel@

Replace test command with [].

OK halex@ krw@

Ensure, that we source rc.subr and parse rc.conf ONLY if we are not
inside /etc/rc.

With help from and OK halex@, ajacoutot@

- remove trailing blanks introduced in previous commit
- no space in redirections like </foo or >$bar
- few other minor whitespaces

OK krw@

Improve comments
- Add comments for functions
- Start comments with capital letters
- End comments with a full stop
- Allow comments to extend up to column 80

OK krw@

Allow rtsol keyword in hostname.if(5) with net.inet6.ip6.forwarding=1.
"inet6 autoconf" was working before and rtsol should behave the same.
OK phessler

The kernel handles rtsol(8) functionality since some time now.
Treat rtsol in hostname.if as a keyword like dhcp and call ifconfig
inet6 autoconf.
"reads good" todd@
OK krw@ (who is *not* an IPv6 person), but I recruited him in his
capacity as an installer person.

Revert 1.142. Without the down netstart will just print the ifconfig
output because it may end up just calling 'ifconfig $if'. This needs
to be done better and properly tested.

remove explicit 'down' of an interface before starting a dhcp request, thereby
avoiding annoying delays for some switch configurations

ok claudio@ deraadt@

i would add ok phessler@, but it was not valid without an ok krw@

Fix netstart after autoconf6 change so 'rtsol' lines in hostname.if work again.
found by pelikan@; ok pelikan@ henning@

Make rc.conf a parsed configuration file and stop sourcing it as a shell
script.
From now on rc.conf has a fixed syntax (key=val) and it is not allowed
to add anything to it besides the supported syntax, it all going to be
ignored.

discussed with and help from deraadt@ and halex@

Like for dhclient, do no create a route to alias addresses via 127.0.0.1.
Our stack is able to tell if the address is local or not.

ok todd@, krw@

fix lies in netstart; replacement wording from halex@
pointed out by Ryan Kavannagh rak at debian dot org

remove "Invalid interface name" message
requested by krw@

ok halex@

use the more compact version of the check for ifconfig'able interfaces
from install.sub

with feedback from and ok halex

- remove isalphanumeric() and replace it with a shell pattern, that
tries a bit harder to identify invalid interface names and in
this case emit an error message.
- use [[ $1 == autoboot ]] to avoid a shell error message due to
possible spaces in first argument
- no change in functionality

discussed with krw and halex
ok ("I like this") krw

The new ypbind changes requires that the domainname be set before
rc.conf is run. There's no real downside.
ok aja

Eliminate some $? tests by rolling the command into the condition

ok halex@

Add svlan(4) startup bits.
From markus@. OK naddy, claudio, reyk.

fix an unbalanced parenthesis in a comment; while here, split the comment
in a better place to make it more readable.

ok jmc@ and miod@

permit e.g. -inet6 syntax by slurping all lines not just some
noticed by rhsv6 at hushmail dot com, ok sthen@

when setting up lo0 use 127.0.0.1/8 instead of 127.0.0.1 for clarity and
correctness. it's not 1992 any more, kids. ok mcbride dlg krw

o stop reordering ifconfig arguments (e.g. after 'up ..')
o only stop processing if inet or inet6 lines are malformed
o everything not a specially handled bit is passed to ifconfig unmangled
noticed by several after the move from bridgename.bridge0 -> hostname.bridge0
prodded by deraadt@, tested by and feedback from several
man page bits 'look fine' jmc@

Stop supporting bridgename.bridge* files, and move to hostname.bridge*
files. To cope with this change, read about the mv command.
ok claudio todd

change variable i to $i in an expression of ifstart() for consistency
with the rest of the file. no functional change.

feedback from sthen@, ok krw@

Delay creation of tun(4) interfaces until the underlying interface and
routes are available. This fixes usage for some OpenVPN users that start
it from hostname.tun*.

Tested by Johan Huldtgren. ok sthen@, johan@.

delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed.
ok fries, hshoexer, claudio

Tools from /usr may not be used in netstart since it may be NFS-mounted
and not available at that time. Rewrite the hostname.if permission check
to use only /bin/ls and the shell. Requested by deraadt.

ok todd, "Twisted." deraadt

Prevent warning about insecure hostnames where no /etc/hostname.*
exists. From wcmaier@.

Check target of symbolic links to avoid noise at boot and in
seucrity output where you have several interfaces symlinked to one
config file.

"If you think this is the right thing to do" deraadt@

warn once not 3 times in case of a non existent file, discussed with deraadt
originally pointed out by Johan Torin

Ensure that hostname.* files are also re-chowned to root.wheel at each
boot as discussed with claudio while eating tasty donairs. ok todd

before using them, force hostname.* files to be unreadable by world
first version from todd, ok millert

Execute rtsol after turning up trunk(4) and vlan(4) interfaces so they're
taken into consideration for rtsol.

ok reyk@ dlg@

Do not bring up pfsync(4) before the working ruleset
has been loaded. Otherwise, states that are received during the
initial bulk update mismatch the correct pf-checksum and
do not attach to the rules.
Problem identified by david@. Fix done in collaboration.
OK henning@

move the delay for IPv6 DAD to after all interfaces have started
fixes problems with daemons being unable to bind to all addreses at boot
ok itojun@ hshoexer@

reject multicast packet without scope identifier specified.

do not add an extra space; nwid and description come out wrong
fix as proposed by maja@, thanks!

nuke extra whitespace

multicast_host=YES only works if a valid default gateway is available.
validate this condition and reject multicast traffic on failure.

ok todd@ naddy@

fix inspired by pr#4590
ok krw@

better logic from krw@:
- do not process mygate for v4 if dhcp
- do not process mygate for v6 if rtsol
this also makes the mygate processing logic more readable
ok krw@

add v6 support for /etc/mygate
ok deraadt@ mickey@ krw@
same functionality tested/ok'ed by by mickey, brad, matthieu, and me
with this one may now put a v6 IP in /etc/mygate on a separate line from
the v4 default gateway and netstart will do the right thing

shrink stripcom(), sync with install.sub
ok krw@

trunk must be started after physical ethernet devices, but before vlan.
populate ifmstart lines accordingly.
prodded/tested by brad@
ok reyk@

use eval consistently, fixes description quotes on rtsol and dhcp
fix inspired by and closes pr 4495
ok krw@

Introduce 'ifmstart' to deal with starting multiple interfaces minus a list
of interfaces.

This reduces the netstart script by 174 chars, 13 words, and 19 lines, but
more importantly, makes it more simple and less cluttered should more special
case/orderings be needed.

ok brad@ and pr 4197 submitter, inspired by and closes pr 4197

unbreak; ok pval@

if dhcp is used to get an address on any interface, ignore /etc/mygate
ok krw
(this lets us do something rather cool with the zaurus in particular)

Bring up the carp(4) interface before default route.

ok pascoe@ mpf@

Add a copy of stripcom so /etc/netstart can be run standalone again.
OK deraadt@

Allow comments in /etc/{myname,mygate,defaultdomain}; OK deraadt@

remove "route $hostname 127.0.0.1" line. deraadt ok
*** please update /etc/netstart and test if it works ok for you ***

make all route commands use -qn; ok mcbride henning

one last route command lacking -qn

Make sure pfsync is brought up before carp.

ok deraadt@

Delay pfsync(4) configuration, as the syncif has to be configured in
advance. From Thorsten Lockert.

ok, it took quite a bit of prodding but itojun finally explained why the
extra sleep 1 is in here, and we came to the conclusion it is safe to
delete it. whee.

repair v6 lo0 documentation

add loopback routes late

create all routes with -q; markus ok

Need to do "ifconfig create" for bridge interfaces too.

add support for ifconfig clone; from netbsd; ok deraadt, henning

delay carp initialization until after physical interfaces are configured
ok mcbride@ henning@ deraadt@ todd@

only try to set hostname to what /etc/myname says if that file actually exists,
otherwise preserve `hostname`
netbooted machines can live perfectly fine without it; they get their hostname
earlier.

ok krw@ cedric@

Fix up some DNS verbiage to make it consistant.

Fix up default route selection by

a) Forcing user to explicitly chose 'dhcp' as a mechanism for
specifying a default route, rather than guessing based on one or more
interfaces being configured by dhcp.

b) If the user specified default route does not work, re-present the
existing default route rather than losing it.

c) Move default route selection to after nameserver activation so the
user can specify a hostname as the default route.

Change /etc/netstart so that /etc/mygate wins if a default route was
already specified (i.e. by dhcp).

ok deraadt@.

ignore non-existent cases where '$if' evaluates to '*'.
From Andr� Lucas <andre@ae-35.com>, fixes pr # 2658.
'Looks good' from miod@, millert@, and krw@.

re-add support for $if expansion; hamajima@nagoya.ydc.co.jp

Change the network components initialization order.
Change from:
o all interfaces
o all bridges
o routes
to:
o physical interfaces
o routes
o gif and gre interfaces
o bridges

Fixeski PR #2400.
Manual page updates coming soon.
Ok angelos@ chris@ deraadt@

a space before a redirect

Also, source /etc/rc.conf so we can pull in the
multicast_host/multicast_router settings; this is useful if one
flushes the routing table and re-initializes.

We really need a netconfig tool of sorts.

Use "route -n show -inet" to determine the default multicast iface.

pull in rc.conf early so that pf(1) startup is right; tested by jasoni, comments from millert

Remove ipf. Darren Reed has interpreted his (old, new, whichever)
licence in a way that makes ipf not free according to the rules we
established over 5 years ago, at www.openbsd.org/goals.html (and those
same basic rules govern the other *BSD projects too). Specifically,
Darren says that modified versions are not permitted. But software
which OpenBSD uses and redistributes must be free to all (be they
people or companies), for any purpose they wish to use it, including
modification, use, peeing on, or even integration into baby mulching
machines or atomic bombs to be dropped on Australia. Furthermore, we
know of a number of companies using ipf with modification like us, who
are now in the same situation, and we hope that some of them will work
with us to fill this gap that now exists in OpenBSD (temporarily, we
hope).

spelling; maurice@maurice.wan.nl

ignore blank lines in addition to comments
fixes pr#1660 from wilfried@telia.com .. Thanks!

support !command in bridgename.if files, too

Use -n to test if a variable is non-zero. Otherwise, if the variable's
contents start with a '-' test becomes unhappy (since it interprets it
as another option).

This fixes pr 1481, we now handle args > 6 in /etc/hostname.if in the
cases where we did not previously handle them.
Thanks to Scott Atwood <atwood@cs.stanford.edu> for reminding us of this.

subtle bug .. global variables in a while loop need reset 'just incase'
With:
hostname.fxp0 having a last line of:
inet6 alias 3ffe:...
and hostname.gif0 having a first two lines of:
giftunnel 1.2.3.4
dest 1.2.4.3
We end up with the command:
ifconfig gif0 giftunnel alias 1.2.3.4 1.2.4.3
.. which is clearly wrong and fixed by this change

rc.conf now parses ${local_rcconf} internally; closes pr 1259

fix dhcp 'NONE' ness from install to allow media parsing to work
.. ok deraadt@, millert@

rc.conf.local support, inspired by chuck yerkes

Remove the -E flag from ipf as it is implicitly enabled and using
the -E flag here causes the kernel to printf 'IP Filter: already
initialized'.

silence all extra route addition printouts

correct reject route installations for IPv6. improve comments.

disallow packets to malicious 6to4 prefix, based on
http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt

fix non behavior
with this `!' lines in /etc/hostname.* run even without certain lines
(like a comment) preceeding it.

allow arbitrary commands in /etc/hostname.* files if the line starts with '!'

rtsol case can configure the interface up, since it would be nice to finish
DAD before the actual rtsol(8) run happens later. and since it will rtsol,
it is going to be up in any case.

one more indentation fix.

indentation fix (todd's part)

fix rtsold case, reset cmd for each iteration!

allow options after "rtsol".
XXX both "dhcp" and "rtsol" has keyword *down* at the end. is it okay?

echo "IPv6 autoconf: interfaces" before invoking rtsol.
sleep for net.inet6.ip6.dad_count seconds to ensure that IPv6 DAD is completed.
TODO: rtsold (rc.conf line), manpage

ipv6 autoconf on hosts (non-routers).

to do this,
1. in sysctl.conf, add these lines:
net.inet6.ip6.forwarding=0
net.inet6.ip6.accept_rtadv=1
2. in hostname.foo, add
rtsol

specifying two or more interfaces with "rtsol" may result in strange
behavior - ipv6 spec does not permit multi-interface node to be autoconfig'ed.

add to hostname.* parsing:
- multiple entries support (read: aliases)
- inet6 support
- support for comments (#)
(look for hostname.if(5) commit for syntax details)

install IPv6 reject routes only if kernel is capable of IPv6.

avoid transmitting invalid IPv6 packets out to the wire.

do not perform IPv6 initialization for loopback interface.
MUST make lo0 up before any IPv6 operations.
it will be considered a pilot error if you don't.
(I prefer to have lo0 initialized automatically)

support # characters in bridgename.* files; millert