network revision 1.5
1#!/bin/sh 2# 3# $NetBSD: network,v 1.5 2000/04/08 23:02:54 tsarna Exp $ 4# 5 6# PROVIDE: network 7# REQUIRE: root mountcritlocal tty sysctl 8 9. /etc/rc.subr 10. /etc/rc.conf 11 12name="network" 13start_cmd="network_start" 14stop_cmd="network_stop" 15 16network_start() 17{ 18 # set hostname, turn on network 19 # 20 echo "Starting network." 21 22 # If $hostname is set, use it for my Internet name, 23 # otherwise use /etc/myname 24 # 25 if [ -z "$hostname" -a -f /etc/myname ]; then 26 hostname=`cat /etc/myname` 27 fi 28 if [ -n "$hostname" ]; then 29 echo "Hostname: $hostname" 30 hostname $hostname 31 else 32 warn "\$hostname not set." 33 fi 34 35 # Check $domainname first, then /etc/defaultdomain, 36 # for NIS/YP domain name 37 # 38 if [ -z "$domainname" -a -f /etc/defaultdomain ]; then 39 domainname=`cat /etc/defaultdomain` 40 fi 41 if [ -n "$domainname" ]; then 42 echo "NIS domainname: $domainname" 43 domainname $domainname 44 fi 45 46 # Flush all routes just to make sure it is clean 47 if checkyesno flushroutes; then 48 route -n flush 49 fi 50 51 # Set the address for the first loopback interface, so that the 52 # auto-route from a newly configured interface's address to lo0 53 # works correctly. 54 # 55 # NOTE: obscure networking problems may occur if lo0 isn't configured... 56 # 57 ifconfig lo0 inet 127.0.0.1 58 59 # Configure all of the network interfaces listed in $net_interfaces; 60 # if $auto_ifconfig is YES, grab all interfaces from ifconfig. 61 # In the following, "xxN" stands in for interface names, like "le0". 62 # For any interfaces that has an $ifconfig_xxN variable associated, 63 # we do "ifconfig xxN $ifconfig_xxN". 64 # If there is no such variable, we take the contents of the file 65 # /etc/ifconfig.xxN, and run "ifconfig xxN" repeatedly, using each 66 # line of the file as the arguments for a seperate "ifconfig" 67 # invocation. 68 # 69 # In order to configure an interface reasonably, you at the very least 70 # need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"), 71 # and probably a netmask (as in "netmask 0xffffffe0"). You will 72 # frequently need to specify a media type, as in "media UTP", for 73 # interface cards with multiple media connections that do not 74 # autoconfigure. See the ifconfig manual page for details. 75 # 76 # Note that /etc/ifconfig.xxN takes multiple lines. The following 77 # configuration is possible: 78 # inet 10.1.1.1 netmask 0xffffff00 79 # inet 10.1.1.2 netmask 0xffffff00 alias 80 # inet6 fec0::1 prefixlen 64 alias 81 # 82 if [ "$net_interfaces" != NO ]; then 83 if checkyesno auto_ifconfig; then 84 tmp="`ifconfig -l`" 85 else 86 tmp="$net_interfaces" 87 fi 88 echo -n 'Configuring network interfaces:' 89 for int in $tmp; do 90 eval `echo 'args=$ifconfig_'$int` 91 if [ -n "$args" ]; then 92 echo -n " $int" 93 ifconfig $int $args 94 elif [ -f /etc/ifconfig.$int ]; then 95 echo -n " $int" 96 (while read args; do 97 if [ -n "`eval echo '$args'`" ] ; then 98 ifconfig $int $args 99 fi 100 done) < /etc/ifconfig.$int 101 else 102 if ! checkyesno auto_ifconfig; then 103 echo 104 warn \ 105 "/etc/ifconfig.$int missing and ifconfig_$int not set;" 106 warn "interface $int not configured." 107 fi 108 continue 109 fi 110 configured_interfaces="$configured_interfaces $int" 111 done 112 echo "." 113 fi 114 115 # Check $defaultroute, then /etc/mygate, for the name of my gateway 116 # host. That name must be in /etc/hosts. 117 # 118 if [ -z "$defaultroute" -a -f /etc/mygate ]; then 119 defaultroute=`cat /etc/mygate` 120 fi 121 if [ -n "$defaultroute" ]; then 122 route add default $defaultroute 123 fi 124 125 # Check if each configured interface xxN has an $ifaliases_xxN variable 126 # associated, then configure additional IP addresses for that interface. 127 # The variable contains a list of "address netmask" pairs, with 128 # "netmask" set to "-" if the interface default netmask is to be used. 129 # 130 # Note that $ifaliases_xxN works only with certain configurations and 131 # considered not recommended. Use /etc/ifconfig.xxN if possible. 132 # 133 # 134 if [ -n "$configured_interfaces" ]; then 135 echo "Adding interface aliases:" 136 done_aliases_message=yes 137 fi 138 for int in $configured_interfaces; do 139 eval `echo 'args=$ifaliases_'$int` 140 if [ -n "$args" ]; then 141 set -- $args 142 while [ $# -ge 2 ]; do 143 addr=$1 ; net=$2 ; shift 2 144 if [ "$net" = "-" ]; then 145 ifconfig $int inet alias $addr 146 else 147 ifconfig $int inet alias $addr \ 148 netmask $net 149 fi 150 # Use loopback, not the wire 151 route add $addr 127.0.0.1 152 done 153 fi 154 done 155 156 # /etc/ifaliases, if it exists, contains the names of additional IP 157 # addresses for each interface. It is formatted as a series of lines 158 # that contain 159 # address interface netmask 160 # 161 # Note that /etc/ifaliases works only with certain cases only and its 162 # use is not recommended. Use /etc/ifconfig.xxN instead. 163 # 164 # 165 if [ -f /etc/ifaliases ]; then 166 ( 167 if [ "$done_aliases_message" != yes ]; then 168 echo "Adding interface aliases:" 169 fi 170 while read addr int net; do 171 if [ -z "$net" ]; then 172 ifconfig $int inet alias $addr 173 else 174 ifconfig $int inet alias $addr netmask $net 175 fi 176 # use loopback, not the wire 177 route add $addr 127.0.0.1 178 done 179 ) < /etc/ifaliases 180 fi 181 182 # IPv6 183 # Note that manual configuration can be done in the above, using 184 # ifconfig. 185 # 186 if ifconfig lo0 inet6 >/dev/null 2>&1; then 187 # We have IPv6 support in kernel. 188 189 # disallow link-local unicast dest without outgoing scope 190 # identifiers. 191 # 192 route add -inet6 fe80:: -prefixlen 10 ::1 -reject 193 194 # disallow site-local unicast dest without outgoing scope 195 # identifiers. 196 # If you configure site-locals without scope id (it is 197 # permissible config for routers that are not on scope 198 # boundary), you may want to comment the following one out. 199 # 200 route add -inet6 fec0:: -prefixlen 10 ::1 -reject 201 202 # disallow "internal" addresses to appear on the wire. 203 # 204 route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 205 206 # disallow packets to malicious IPv4 compatible prefix 207 # 208 route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject 209 route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject 210 route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject 211 route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject 212 213 # disallow packets to malicious 6to4 prefix 214 # 215 route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject 216 route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject 217 route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject 218 route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject 219 220 # Completely disallow packets to IPv4 compatible prefix. 221 # This may conflict with RFC1933 under following circumstances: 222 # (1) An IPv6-only KAME node tries to originate packets to IPv4 223 # comatible destination. The KAME node has no IPv4 224 # compatible support. Under RFC1933, it should transmit 225 # native IPv6 packets toward IPv4 compatible destination, 226 # hoping it would reach a router that forwards the packet 227 # toward auto-tunnel interface. 228 # (2) An IPv6-only node originates a packet to IPv4 compatible 229 # destination. A KAME node is acting as an IPv6 router, and 230 # asked to forward it. 231 # Due to rare use of IPv4 compatible address, and security 232 # issues with it, we disable it by default. 233 # 234 route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 235 236 sysctl -w net.inet6.ip6.forwarding=0 >/dev/null 237 sysctl -w net.inet6.ip6.accept_rtadv=0 >/dev/null 238 239 # backward compatibility 240 # 241 if [ -z "$ip6mode" -a -n "$ip6forwarding" ]; then 242 warn 'Please migrate to newer rc.conf' \ 243 '(use ip6mode, not ip6forwarding)' 244 if checkyesno ip6forwarding; then 245 ip6mode=router 246 else 247 if checkyesno rtsol; then 248 ip6mode=autohost 249 else 250 ip6mode=host 251 fi 252 fi 253 fi 254 255 case $ip6mode in 256 router) 257 echo 'IPv6 mode: router' 258 sysctl -w net.inet6.ip6.forwarding=1 >/dev/null 259 ;; 260 261 autohost) 262 echo 'IPv6 mode: autoconfigured host' 263 sysctl -w net.inet6.ip6.accept_rtadv=1 >/dev/null 264 if [ -n "$ip6defaultif" ]; then 265 ndp -I $ip6defaultif 266 fi 267 ;; 268 269 host) 270 echo 'IPv6 mode: host' 271 if [ -n "$ip6defaultif" ]; then 272 ndp -I $ip6defaultif 273 fi 274 ;; 275 276 *) echo 'WARNING: invalid value in ip6mode' 277 ;; 278 279 esac 280 281 if checkyesno rtsol; then 282 if [ "$ip6mode" = "autohost" ]; then 283 echo 'Sending router solicitation...' 284 rtsol $rtsol_flags 285 else 286 echo 287 warn \ 288 "ip6mode must be set to 'autohost' to use rtsol." 289 fi 290 fi 291 292 # wait till DAD is completed. always invoke it in case if are 293 # configured manually by ifconfig 294 # 295 dadcount=`sysctl -n net.inet6.ip6.dad_count 2>/dev/null` 296 sleep $dadcount 297 sleep 1 298 fi 299 300 # XXX this must die 301 if [ -s /etc/netstart.local ]; then 302 sh /etc/netstart.local start 303 fi 304} 305 306network_stop() 307{ 308 echo "Stopping network." 309 310 # XXX this must die 311 if [ -s /etc/netstart.local ]; then 312 sh /etc/netstart.local stop 313 fi 314 315 rtsolpid=`check_process rtsol` 316 if [ -n "$rtsolpid" ]; then 317 echo "Stopping rtsol (IPv6 router solicitation daemon)." 318 kill -TERM $rtsolpid 319 fi 320 321 echo "Deleting aliases." 322 if [ -f /etc/ifaliases ]; then 323 ( 324 while read addr int net; do 325 ifconfig $int inet delete $addr 326 done 327 ) < /etc/ifaliases 328 fi 329 330 for int in $configured_interfaces; do 331 eval `echo 'args=$ifaliases_'$int` 332 if [ -n "$args" ]; then 333 set -- $args 334 while [ $# -ge 2 ]; do 335 addr=$1 ; net=$2 ; shift 2 336 ifconfig $int inet delete $addr 337 done 338 fi 339 done 340 341 # down interfaces 342 # 343 echo -n 'Downing network interfaces:' 344 if [ "$net_interfaces" != NO ]; then 345 if checkyesno auto_ifconfig; then 346 tmp="`ifconfig -l`" 347 else 348 tmp="$net_interfaces" 349 fi 350 for int in $tmp; do 351 eval `echo 'args=$ifconfig_'$int` 352 if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then 353 echo -n " $int" 354 ifconfig $int down 355 fi 356 done 357 echo "." 358 fi 359 360 # flush routes 361 # 362 route -n flush 363 364} 365 366run_rc_command "$1" 367