network revision 1.40
1#!/bin/sh 2# 3# $NetBSD: network,v 1.40 2003/01/06 10:11:14 tron Exp $ 4# 5 6# PROVIDE: network 7# REQUIRE: ipfilter ipsec mountcritlocal root tty sysctl 8# BEFORE: NETWORKING 9# KEYWORD: shutdown 10 11. /etc/rc.subr 12 13name="network" 14start_cmd="network_start" 15stop_cmd="network_stop" 16 17network_start() 18{ 19 # set hostname, turn on network 20 # 21 echo "Starting network." 22 23 # If $hostname is set, use it for my Internet name, 24 # otherwise use /etc/myname 25 # 26 if [ -z "$hostname" ] && [ -f /etc/myname ]; then 27 hostname=`cat /etc/myname` 28 fi 29 if [ -n "$hostname" ]; then 30 echo "Hostname: $hostname" 31 hostname $hostname 32 else 33 # Don't warn about it if we're going to run 34 # DHCP later, as we will probably get the 35 # hostname at that time. 36 # 37 if ! checkyesno dhclient && [ -z "`hostname`" ]; then 38 warn "\$hostname not set." 39 fi 40 fi 41 42 # Check $domainname first, then /etc/defaultdomain, 43 # for NIS/YP domain name 44 # 45 if [ -z "$domainname" ] && [ -f /etc/defaultdomain ]; then 46 domainname=`cat /etc/defaultdomain` 47 fi 48 if [ -n "$domainname" ]; then 49 echo "NIS domainname: $domainname" 50 domainname $domainname 51 fi 52 53 # Flush all routes just to make sure it is clean 54 if checkyesno flushroutes; then 55 route -n flush 56 fi 57 58 # Set the address for the first loopback interface, so that the 59 # auto-route from a newly configured interface's address to lo0 60 # works correctly. 61 # 62 # NOTE: obscure networking problems will occur if lo0 isn't configured. 63 # 64 ifconfig lo0 inet 127.0.0.1 65 66 # According to RFC1122, 127.0.0.0/8 must not leave the node. 67 # 68 route -q add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject 69 70 # IPv6 routing setups, and host/router mode selection. 71 # 72 if ifconfig lo0 inet6 >/dev/null 2>&1; then 73 # We have IPv6 support in kernel. 74 75 # disallow link-local unicast dest without outgoing scope 76 # identifiers. 77 # 78 route -q add -inet6 fe80:: -prefixlen 10 ::1 -reject 79 80 # disallow site-local unicast dest without outgoing scope 81 # identifiers. 82 # If you configure site-locals without scope id (it is 83 # permissible config for routers that are not on scope 84 # boundary), you may want to comment the following one out. 85 # 86 if ! checkyesno ip6sitelocal; then 87 route -q add -inet6 fec0:: -prefixlen 10 ::1 -reject 88 fi 89 90 # disallow "internal" addresses to appear on the wire. 91 # 92 route -q add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 93 94 # disallow packets to malicious IPv4 compatible prefix 95 # 96 route -q add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject 97 route -q add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject 98 route -q add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject 99 route -q add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject 100 101 # disallow packets to malicious 6to4 prefix 102 # 103 route -q add -inet6 2002:e000:: -prefixlen 20 ::1 -reject 104 route -q add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject 105 route -q add -inet6 2002:0000:: -prefixlen 24 ::1 -reject 106 route -q add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject 107 108 # Completely disallow packets to IPv4 compatible prefix. 109 # This may conflict with RFC1933 under following circumstances: 110 # (1) An IPv6-only KAME node tries to originate packets to IPv4 111 # comatible destination. The KAME node has no IPv4 112 # compatible support. Under RFC1933, it should transmit 113 # native IPv6 packets toward IPv4 compatible destination, 114 # hoping it would reach a router that forwards the packet 115 # toward auto-tunnel interface. 116 # (2) An IPv6-only node originates a packet to IPv4 compatible 117 # destination. A KAME node is acting as an IPv6 router, and 118 # asked to forward it. 119 # Due to rare use of IPv4 compatible address, and security 120 # issues with it, we disable it by default. 121 # 122 route -q add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 123 124 sysctl -qw net.inet6.ip6.forwarding=0 125 sysctl -qw net.inet6.ip6.accept_rtadv=0 126 127 case $ip6mode in 128 router) 129 echo 'IPv6 mode: router' 130 sysctl -qw net.inet6.ip6.forwarding=1 131 ;; 132 133 autohost) 134 echo 'IPv6 mode: autoconfigured host' 135 sysctl -qw net.inet6.ip6.accept_rtadv=1 136 ;; 137 138 host) 139 echo 'IPv6 mode: host' 140 ;; 141 142 *) warn "invalid \$ip6mode value "\"$ip6mode\" 143 ;; 144 145 esac 146 fi 147 148 # Configure all of the network interfaces listed in $net_interfaces; 149 # if $auto_ifconfig is YES, grab all interfaces from ifconfig. 150 # In the following, "xxN" stands in for interface names, like "le0". 151 # For any interfaces that has an $ifconfig_xxN variable associated, 152 # we do "ifconfig xxN $ifconfig_xxN". 153 # If there is no such variable, we take the contents of the file 154 # /etc/ifconfig.xxN, and run "ifconfig xxN" repeatedly, using each 155 # line of the file as the arguments for a separate "ifconfig" 156 # invocation. 157 # 158 # In order to configure an interface reasonably, you at the very least 159 # need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"), 160 # and probably a netmask (as in "netmask 0xffffffe0"). You will 161 # frequently need to specify a media type, as in "media UTP", for 162 # interface cards with multiple media connections that do not 163 # autoconfigure. See the ifconfig manual page for details. 164 # 165 # Note that /etc/ifconfig.xxN takes multiple lines. The following 166 # configuration is possible: 167 # inet 10.1.1.1 netmask 0xffffff00 168 # inet 10.1.1.2 netmask 0xffffff00 alias 169 # inet6 fec0::1 prefixlen 64 alias 170 # 171 # You can put shell script fragment into /etc/ifconfig.xxN by 172 # starting a line with "!". Refer to ifconfig.if(5) for details. 173 # 174 if [ "$net_interfaces" != NO ]; then 175 if checkyesno auto_ifconfig; then 176 tmp=`ifconfig -l` 177 for cloner in `ifconfig -C 2>/dev/null`; do 178 for int in /etc/ifconfig.${cloner}[0-9]*; do 179 [ ! -f $int ] && break 180 tmp="$tmp ${int##*.}" 181 done 182 done 183 else 184 tmp="$net_interfaces" 185 fi 186 echo -n 'Configuring network interfaces:' 187 for int in $tmp; do 188 eval args=\$ifconfig_$int 189 if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then 190 if ifconfig $int create 2>/dev/null && \ 191 checkyesno ipfilter; then 192 # resync ipf(4) 193 ipf -y >/dev/null 194 fi 195 fi 196 if [ -n "$args" ]; then 197 echo -n " $int" 198 ifconfig $int $args 199 elif [ -f /etc/ifconfig.$int ]; then 200 echo -n " $int" 201 while read args; do 202 [ -z "$args" ] && continue 203 case "$args" in 204 "#"*|create) 205 ;; 206 "!"*) 207 eval ${args#*!} 208 ;; 209 *) 210 ifconfig $int $args 211 ;; 212 esac 213 done < /etc/ifconfig.$int 214 else 215 if ! checkyesno auto_ifconfig; then 216 echo 217 warn \ 218 "/etc/ifconfig.$int missing and ifconfig_$int not set;" 219 warn "interface $int not configured." 220 fi 221 continue 222 fi 223 configured_interfaces="$configured_interfaces $int" 224 done 225 echo "." 226 fi 227 228 # Check $defaultroute, then /etc/mygate, for the name of my gateway 229 # host. That name must be in /etc/hosts. 230 # 231 if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then 232 defaultroute=`cat /etc/mygate` 233 fi 234 if [ -n "$defaultroute" ]; then 235 route add default $defaultroute 236 fi 237 238 # Check if each configured interface xxN has an $ifaliases_xxN variable 239 # associated, then configure additional IP addresses for that interface. 240 # The variable contains a list of "address netmask" pairs, with 241 # "netmask" set to "-" if the interface default netmask is to be used. 242 # 243 # Note that $ifaliases_xxN works only with certain configurations and 244 # considered not recommended. Use /etc/ifconfig.xxN if possible. 245 # 246 # 247 if [ -n "$configured_interfaces" ]; then 248 echo "Adding interface aliases:" 249 done_aliases_message=yes 250 fi 251 for int in $configured_interfaces; do 252 eval args=\$ifaliases_$int 253 if [ -n "$args" ]; then 254 set -- $args 255 while [ $# -ge 2 ]; do 256 addr=$1 ; net=$2 ; shift 2 257 if [ "$net" = "-" ]; then 258 # for compatibility only, obsolete 259 ifconfig $int inet alias $addr 260 else 261 ifconfig $int inet alias $addr \ 262 netmask $net 263 fi 264 done 265 fi 266 done 267 268 # /etc/ifaliases, if it exists, contains the names of additional IP 269 # addresses for each interface. It is formatted as a series of lines 270 # that contain 271 # address interface netmask 272 # 273 # Note that /etc/ifaliases works only with certain cases only and its 274 # use is not recommended. Use /etc/ifconfig.xxN instead. 275 # 276 # 277 if [ -f /etc/ifaliases ]; then 278 if [ "$done_aliases_message" != yes ]; then 279 echo "Adding interface aliases:" 280 fi 281 while read addr int net; do 282 if [ -z "$net" ]; then 283 # for compatibility only, obsolete 284 ifconfig $int inet alias $addr 285 else 286 ifconfig $int inet alias $addr netmask $net 287 fi 288 done < /etc/ifaliases 289 fi 290 291 # IPv6 interface autoconfiguration. 292 # 293 if ifconfig lo0 inet6 >/dev/null 2>&1; then 294 # wait till DAD is completed. always invoke it in case 295 # if are configured manually by ifconfig 296 # 297 dadcount=`sysctl -n net.inet6.ip6.dad_count 2>/dev/null` 298 sleep $dadcount 299 sleep 1 300 301 if checkyesno rtsol; then 302 if [ "$ip6mode" = "autohost" ]; then 303 echo 'Sending router solicitation...' 304 rtsol $rtsol_flags 305 else 306 echo 307 warn \ 308 "ip6mode must be set to 'autohost' to use rtsol." 309 fi 310 311 # wait till DAD is completed, for global addresses 312 # configured by router advert message. 313 # 314 sleep $dadcount 315 sleep 1 316 fi 317 fi 318 319 # XXX this must die 320 if [ -s /etc/netstart.local ]; then 321 sh /etc/netstart.local start 322 fi 323} 324 325network_stop() 326{ 327 echo "Stopping network." 328 329 # XXX this must die 330 if [ -s /etc/netstart.local ]; then 331 sh /etc/netstart.local stop 332 fi 333 334 echo "Deleting aliases." 335 if [ -f /etc/ifaliases ]; then 336 while read addr int net; do 337 ifconfig $int inet delete $addr 338 done < /etc/ifaliases 339 fi 340 341 for int in `ifconfig -lu`; do 342 eval args=\$ifaliases_$int 343 if [ -n "$args" ]; then 344 set -- $args 345 while [ $# -ge 2 ]; do 346 addr=$1 ; net=$2 ; shift 2 347 ifconfig $int inet delete $addr 348 done 349 fi 350 done 351 352 # down interfaces 353 # 354 echo -n 'Downing network interfaces:' 355 if [ "$net_interfaces" != NO ]; then 356 if checkyesno auto_ifconfig; then 357 tmp=`ifconfig -l` 358 else 359 tmp="$net_interfaces" 360 fi 361 for int in $tmp; do 362 eval args=\$ifconfig_$int 363 if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then 364 echo -n " $int" 365 ifconfig $int down 366 if ifconfig $int destroy 2>/dev/null && \ 367 checkyesno ipfilter; then 368 # resync ipf(4) 369 ipf -y >/dev/null 370 fi 371 fi 372 done 373 echo "." 374 fi 375 376 # flush routes 377 # 378 route -n flush 379 380} 381 382load_rc_config $name ipfilter 383run_rc_command "$1" 384