1197139Shrs#!/bin/sh 2197139Shrs# $FreeBSD$ 3197139Shrs# 4197139Shrs 5197139Shrs# PROVIDE: stf 6198190Sdougb# REQUIRE: netif 7197139Shrs# KEYWORD: nojail 8197139Shrs 9197139Shrs. /etc/rc.subr 10197139Shrs. /etc/network.subr 11197139Shrs 12197139Shrsname="stf" 13197139Shrsstart_cmd="stf_up" 14197139Shrsstop_cmd="stf_down" 15197139Shrs 16197139Shrsstf_up() 17197139Shrs{ 18197139Shrs case ${stf_interface_ipv4addr} in 19197139Shrs [Nn][Oo] | '') 20197139Shrs ;; 21197139Shrs *) 22197139Shrs # assign IPv6 addr and interface route for 6to4 interface 23197139Shrs stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) 24197139Shrs OIFS="$IFS" 25197139Shrs IFS=".$IFS" 26197139Shrs set ${stf_interface_ipv4addr} 27197139Shrs IFS="$OIFS" 28197139Shrs hexfrag1=`hexprint $(($1*256 + $2))` 29197139Shrs hexfrag2=`hexprint $(($3*256 + $4))` 30197139Shrs ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" 31197139Shrs case ${stf_interface_ipv6_ifid} in 32197139Shrs [Aa][Uu][Tt][Oo] | '') 33197139Shrs for i in ${ipv6_network_interfaces}; do 34197139Shrs laddr=`network6_getladdr ${i}` 35197139Shrs case ${laddr} in 36197139Shrs '') 37197139Shrs ;; 38197139Shrs *) 39197139Shrs break 40197139Shrs ;; 41197139Shrs esac 42197139Shrs done 43197139Shrs stf_interface_ipv6_ifid=`expr "${laddr}" : \ 44197139Shrs 'fe80::\(.*\)%\(.*\)'` 45197139Shrs case ${stf_interface_ipv6_ifid} in 46197139Shrs '') 47197139Shrs stf_interface_ipv6_ifid=0:0:0:1 48197139Shrs ;; 49197139Shrs esac 50197139Shrs ;; 51197139Shrs esac 52208060Sdougb echo "Configuring 6to4 tunnel interface: stf0." 53197139Shrs ifconfig stf0 create >/dev/null 2>&1 54197139Shrs ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ 55197139Shrs prefixlen ${stf_prefixlen} 56197947Sdougb check_startmsgs && /sbin/ifconfig stf0 57197947Sdougb 58197139Shrs # disallow packets to malicious 6to4 prefix 59197139Shrs route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject 60197139Shrs route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject 61197139Shrs route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject 62197139Shrs route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject 63197139Shrs ;; 64197139Shrs esac 65197139Shrs} 66197139Shrs 67197139Shrsstf_down() 68197139Shrs{ 69208060Sdougb echo "Removing 6to4 tunnel interface: stf0." 70197139Shrs ifconfig stf0 destroy 71197139Shrs route delete -inet6 2002:e000:: -prefixlen 20 ::1 72197139Shrs route delete -inet6 2002:7f00:: -prefixlen 24 ::1 73197139Shrs route delete -inet6 2002:0000:: -prefixlen 24 ::1 74197139Shrs route delete -inet6 2002:ff00:: -prefixlen 24 ::1 75197139Shrs} 76197139Shrs 77197139Shrsload_rc_config $name 78197139Shrsrun_rc_command "$1" 79