network revision 1.25
11.1Slukem#!/bin/sh 21.1Slukem# 31.25Swiz# $NetBSD: network,v 1.25 2000/11/21 16:12:48 wiz Exp $ 41.1Slukem# 51.1Slukem 61.1Slukem# PROVIDE: network 71.19Slukem# REQUIRE: ipfilter ipsec mountcritlocal root tty sysctl 81.1Slukem 91.1Slukem. /etc/rc.subr 101.1Slukem 111.1Slukemname="network" 121.1Slukemstart_cmd="network_start" 131.14Slukemstop_cmd="network_stop" 141.1Slukem 151.1Slukemnetwork_start() 161.1Slukem{ 171.1Slukem # set hostname, turn on network 181.1Slukem # 191.1Slukem echo "Starting network." 201.1Slukem 211.1Slukem # If $hostname is set, use it for my Internet name, 221.1Slukem # otherwise use /etc/myname 231.1Slukem # 241.20Snisimura if [ -z "$hostname" ] && [ -f /etc/myname ]; then 251.1Slukem hostname=`cat /etc/myname` 261.1Slukem fi 271.1Slukem if [ -n "$hostname" ]; then 281.1Slukem echo "Hostname: $hostname" 291.1Slukem hostname $hostname 301.1Slukem else 311.8Sthorpej # Don't warn about it if we're going to run 321.8Sthorpej # DHCP later, as we will probably get the 331.8Sthorpej # hostname at that time. 341.8Sthorpej # 351.22Snisimura if ! checkyesno dhclient && [ -z `hostname` ]; then 361.8Sthorpej warn "\$hostname not set." 371.8Sthorpej fi 381.1Slukem fi 391.1Slukem 401.1Slukem # Check $domainname first, then /etc/defaultdomain, 411.1Slukem # for NIS/YP domain name 421.1Slukem # 431.20Snisimura if [ -z "$domainname" ] && [ -f /etc/defaultdomain ]; then 441.1Slukem domainname=`cat /etc/defaultdomain` 451.1Slukem fi 461.1Slukem if [ -n "$domainname" ]; then 471.1Slukem echo "NIS domainname: $domainname" 481.1Slukem domainname $domainname 491.1Slukem fi 501.1Slukem 511.1Slukem # Flush all routes just to make sure it is clean 521.1Slukem if checkyesno flushroutes; then 531.1Slukem route -n flush 541.1Slukem fi 551.1Slukem 561.1Slukem # Set the address for the first loopback interface, so that the 571.1Slukem # auto-route from a newly configured interface's address to lo0 581.1Slukem # works correctly. 591.1Slukem # 601.1Slukem # NOTE: obscure networking problems may occur if lo0 isn't configured... 611.1Slukem # 621.1Slukem ifconfig lo0 inet 127.0.0.1 631.10Sitojun 641.10Sitojun # According to RFC1122, 127.0.0.0/8 should not leave the node. 651.10Sitojun # 661.10Sitojun route add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject 671.1Slukem 681.1Slukem # Configure all of the network interfaces listed in $net_interfaces; 691.1Slukem # if $auto_ifconfig is YES, grab all interfaces from ifconfig. 701.1Slukem # In the following, "xxN" stands in for interface names, like "le0". 711.1Slukem # For any interfaces that has an $ifconfig_xxN variable associated, 721.1Slukem # we do "ifconfig xxN $ifconfig_xxN". 731.1Slukem # If there is no such variable, we take the contents of the file 741.1Slukem # /etc/ifconfig.xxN, and run "ifconfig xxN" repeatedly, using each 751.1Slukem # line of the file as the arguments for a seperate "ifconfig" 761.1Slukem # invocation. 771.1Slukem # 781.1Slukem # In order to configure an interface reasonably, you at the very least 791.1Slukem # need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"), 801.1Slukem # and probably a netmask (as in "netmask 0xffffffe0"). You will 811.1Slukem # frequently need to specify a media type, as in "media UTP", for 821.1Slukem # interface cards with multiple media connections that do not 831.1Slukem # autoconfigure. See the ifconfig manual page for details. 841.1Slukem # 851.1Slukem # Note that /etc/ifconfig.xxN takes multiple lines. The following 861.1Slukem # configuration is possible: 871.1Slukem # inet 10.1.1.1 netmask 0xffffff00 881.1Slukem # inet 10.1.1.2 netmask 0xffffff00 alias 891.1Slukem # inet6 fec0::1 prefixlen 64 alias 901.1Slukem # 911.1Slukem if [ "$net_interfaces" != NO ]; then 921.1Slukem if checkyesno auto_ifconfig; then 931.22Snisimura tmp=`ifconfig -l` 941.15Sthorpej for cloner in `ifconfig -C 2>/dev/null`; do 951.25Swiz for int in /etc/ifconfig.${cloner}[0-9]*; do 961.23Snisimura [ ! -f $int ] && break 971.21Slukem tmp="$tmp ${int##*.}" 981.15Sthorpej done 991.15Sthorpej done 1001.1Slukem else 1011.1Slukem tmp="$net_interfaces" 1021.1Slukem fi 1031.1Slukem echo -n 'Configuring network interfaces:' 1041.1Slukem for int in $tmp; do 1051.20Snisimura eval args=\$ifconfig_$int 1061.24Slukem if [ -n "$args" ]; then 1071.1Slukem echo -n " $int" 1081.1Slukem ifconfig $int $args 1091.1Slukem elif [ -f /etc/ifconfig.$int ]; then 1101.1Slukem echo -n " $int" 1111.20Snisimura while read args; do 1121.1Slukem if [ -n "`eval echo '$args'`" ] ; then 1131.1Slukem ifconfig $int $args 1141.1Slukem fi 1151.20Snisimura done < /etc/ifconfig.$int 1161.1Slukem else 1171.1Slukem if ! checkyesno auto_ifconfig; then 1181.1Slukem echo 1191.1Slukem warn \ 1201.1Slukem "/etc/ifconfig.$int missing and ifconfig_$int not set;" 1211.1Slukem warn "interface $int not configured." 1221.1Slukem fi 1231.1Slukem continue 1241.1Slukem fi 1251.1Slukem configured_interfaces="$configured_interfaces $int" 1261.1Slukem done 1271.1Slukem echo "." 1281.1Slukem fi 1291.1Slukem 1301.1Slukem # Check $defaultroute, then /etc/mygate, for the name of my gateway 1311.1Slukem # host. That name must be in /etc/hosts. 1321.1Slukem # 1331.20Snisimura if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then 1341.1Slukem defaultroute=`cat /etc/mygate` 1351.1Slukem fi 1361.1Slukem if [ -n "$defaultroute" ]; then 1371.1Slukem route add default $defaultroute 1381.1Slukem fi 1391.1Slukem 1401.1Slukem # Check if each configured interface xxN has an $ifaliases_xxN variable 1411.1Slukem # associated, then configure additional IP addresses for that interface. 1421.1Slukem # The variable contains a list of "address netmask" pairs, with 1431.1Slukem # "netmask" set to "-" if the interface default netmask is to be used. 1441.1Slukem # 1451.1Slukem # Note that $ifaliases_xxN works only with certain configurations and 1461.1Slukem # considered not recommended. Use /etc/ifconfig.xxN if possible. 1471.1Slukem # 1481.1Slukem # 1491.1Slukem if [ -n "$configured_interfaces" ]; then 1501.1Slukem echo "Adding interface aliases:" 1511.1Slukem done_aliases_message=yes 1521.1Slukem fi 1531.1Slukem for int in $configured_interfaces; do 1541.20Snisimura eval args=\$ifaliases_$int 1551.1Slukem if [ -n "$args" ]; then 1561.1Slukem set -- $args 1571.1Slukem while [ $# -ge 2 ]; do 1581.1Slukem addr=$1 ; net=$2 ; shift 2 1591.1Slukem if [ "$net" = "-" ]; then 1601.16Sjdolecek # for compatibility only, obsolete 1611.1Slukem ifconfig $int inet alias $addr 1621.1Slukem else 1631.1Slukem ifconfig $int inet alias $addr \ 1641.1Slukem netmask $net 1651.1Slukem fi 1661.1Slukem # Use loopback, not the wire 1671.1Slukem route add $addr 127.0.0.1 1681.1Slukem done 1691.1Slukem fi 1701.1Slukem done 1711.1Slukem 1721.1Slukem # /etc/ifaliases, if it exists, contains the names of additional IP 1731.1Slukem # addresses for each interface. It is formatted as a series of lines 1741.1Slukem # that contain 1751.1Slukem # address interface netmask 1761.1Slukem # 1771.1Slukem # Note that /etc/ifaliases works only with certain cases only and its 1781.1Slukem # use is not recommended. Use /etc/ifconfig.xxN instead. 1791.1Slukem # 1801.1Slukem # 1811.1Slukem if [ -f /etc/ifaliases ]; then 1821.1Slukem if [ "$done_aliases_message" != yes ]; then 1831.1Slukem echo "Adding interface aliases:" 1841.1Slukem fi 1851.1Slukem while read addr int net; do 1861.1Slukem if [ -z "$net" ]; then 1871.16Sjdolecek # for compatibility only, obsolete 1881.1Slukem ifconfig $int inet alias $addr 1891.1Slukem else 1901.1Slukem ifconfig $int inet alias $addr netmask $net 1911.1Slukem fi 1921.1Slukem # use loopback, not the wire 1931.1Slukem route add $addr 127.0.0.1 1941.20Snisimura done < /etc/ifaliases 1951.1Slukem fi 1961.1Slukem 1971.1Slukem # IPv6 1981.1Slukem # Note that manual configuration can be done in the above, using 1991.1Slukem # ifconfig. 2001.1Slukem # 2011.1Slukem if ifconfig lo0 inet6 >/dev/null 2>&1; then 2021.1Slukem # We have IPv6 support in kernel. 2031.1Slukem 2041.4Sitojun # disallow link-local unicast dest without outgoing scope 2051.1Slukem # identifiers. 2061.1Slukem # 2071.1Slukem route add -inet6 fe80:: -prefixlen 10 ::1 -reject 2081.4Sitojun 2091.4Sitojun # disallow site-local unicast dest without outgoing scope 2101.4Sitojun # identifiers. 2111.4Sitojun # If you configure site-locals without scope id (it is 2121.4Sitojun # permissible config for routers that are not on scope 2131.4Sitojun # boundary), you may want to comment the following one out. 2141.4Sitojun # 2151.4Sitojun route add -inet6 fec0:: -prefixlen 10 ::1 -reject 2161.1Slukem 2171.1Slukem # disallow "internal" addresses to appear on the wire. 2181.1Slukem # 2191.1Slukem route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 2201.4Sitojun 2211.4Sitojun # disallow packets to malicious IPv4 compatible prefix 2221.4Sitojun # 2231.4Sitojun route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject 2241.4Sitojun route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject 2251.4Sitojun route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject 2261.4Sitojun route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject 2271.3Sitojun 2281.3Sitojun # disallow packets to malicious 6to4 prefix 2291.3Sitojun # 2301.3Sitojun route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject 2311.3Sitojun route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject 2321.4Sitojun route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject 2331.4Sitojun route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject 2341.4Sitojun 2351.4Sitojun # Completely disallow packets to IPv4 compatible prefix. 2361.4Sitojun # This may conflict with RFC1933 under following circumstances: 2371.4Sitojun # (1) An IPv6-only KAME node tries to originate packets to IPv4 2381.4Sitojun # comatible destination. The KAME node has no IPv4 2391.4Sitojun # compatible support. Under RFC1933, it should transmit 2401.4Sitojun # native IPv6 packets toward IPv4 compatible destination, 2411.4Sitojun # hoping it would reach a router that forwards the packet 2421.4Sitojun # toward auto-tunnel interface. 2431.4Sitojun # (2) An IPv6-only node originates a packet to IPv4 compatible 2441.4Sitojun # destination. A KAME node is acting as an IPv6 router, and 2451.4Sitojun # asked to forward it. 2461.4Sitojun # Due to rare use of IPv4 compatible address, and security 2471.4Sitojun # issues with it, we disable it by default. 2481.4Sitojun # 2491.4Sitojun route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 2501.1Slukem 2511.1Slukem sysctl -w net.inet6.ip6.forwarding=0 >/dev/null 2521.1Slukem sysctl -w net.inet6.ip6.accept_rtadv=0 >/dev/null 2531.1Slukem 2541.1Slukem # backward compatibility 2551.1Slukem # 2561.20Snisimura if [ -z "$ip6mode" ] && [ -n "$ip6forwarding" ]; then 2571.1Slukem warn 'Please migrate to newer rc.conf' \ 2581.1Slukem '(use ip6mode, not ip6forwarding)' 2591.1Slukem if checkyesno ip6forwarding; then 2601.1Slukem ip6mode=router 2611.20Snisimura elif checkyesno rtsol; then 2621.20Snisimura ip6mode=autohost 2631.1Slukem else 2641.20Snisimura ip6mode=host 2651.1Slukem fi 2661.1Slukem fi 2671.1Slukem 2681.1Slukem case $ip6mode in 2691.1Slukem router) 2701.1Slukem echo 'IPv6 mode: router' 2711.1Slukem sysctl -w net.inet6.ip6.forwarding=1 >/dev/null 2721.1Slukem ;; 2731.1Slukem 2741.1Slukem autohost) 2751.1Slukem echo 'IPv6 mode: autoconfigured host' 2761.1Slukem sysctl -w net.inet6.ip6.accept_rtadv=1 >/dev/null 2771.1Slukem ;; 2781.1Slukem 2791.1Slukem host) 2801.1Slukem echo 'IPv6 mode: host' 2811.1Slukem ;; 2821.1Slukem 2831.1Slukem *) echo 'WARNING: invalid value in ip6mode' 2841.1Slukem ;; 2851.1Slukem 2861.1Slukem esac 2871.1Slukem 2881.17Sitojun # wait till DAD is completed. always invoke it in case 2891.17Sitojun # if are configured manually by ifconfig 2901.17Sitojun # 2911.17Sitojun dadcount=`sysctl -n net.inet6.ip6.dad_count 2>/dev/null` 2921.17Sitojun sleep $dadcount 2931.17Sitojun sleep 1 2941.17Sitojun 2951.1Slukem if checkyesno rtsol; then 2961.1Slukem if [ "$ip6mode" = "autohost" ]; then 2971.1Slukem echo 'Sending router solicitation...' 2981.1Slukem rtsol $rtsol_flags 2991.1Slukem else 3001.1Slukem echo 3011.1Slukem warn \ 3021.1Slukem "ip6mode must be set to 'autohost' to use rtsol." 3031.1Slukem fi 3041.17Sitojun 3051.18Sitojun # wait till DAD is completed, for global addresses 3061.18Sitojun # configured by router advert message. 3071.17Sitojun # 3081.17Sitojun sleep $dadcount 3091.17Sitojun sleep 1 3101.1Slukem fi 3111.1Slukem fi 3121.1Slukem 3131.1Slukem # XXX this must die 3141.1Slukem if [ -s /etc/netstart.local ]; then 3151.1Slukem sh /etc/netstart.local start 3161.1Slukem fi 3171.1Slukem} 3181.1Slukem 3191.1Slukemnetwork_stop() 3201.1Slukem{ 3211.1Slukem echo "Stopping network." 3221.1Slukem 3231.1Slukem # XXX this must die 3241.1Slukem if [ -s /etc/netstart.local ]; then 3251.1Slukem sh /etc/netstart.local stop 3261.1Slukem fi 3271.1Slukem 3281.1Slukem echo "Deleting aliases." 3291.1Slukem if [ -f /etc/ifaliases ]; then 3301.1Slukem while read addr int net; do 3311.1Slukem ifconfig $int inet delete $addr 3321.20Snisimura done < /etc/ifaliases 3331.1Slukem fi 3341.1Slukem 3351.21Slukem for int in `ifconfig -lu`; do 3361.20Snisimura eval args=\$ifaliases_$int 3371.1Slukem if [ -n "$args" ]; then 3381.1Slukem set -- $args 3391.1Slukem while [ $# -ge 2 ]; do 3401.1Slukem addr=$1 ; net=$2 ; shift 2 3411.1Slukem ifconfig $int inet delete $addr 3421.1Slukem done 3431.1Slukem fi 3441.1Slukem done 3451.1Slukem 3461.1Slukem # down interfaces 3471.1Slukem # 3481.1Slukem echo -n 'Downing network interfaces:' 3491.1Slukem if [ "$net_interfaces" != NO ]; then 3501.1Slukem if checkyesno auto_ifconfig; then 3511.22Snisimura tmp=`ifconfig -l` 3521.1Slukem else 3531.1Slukem tmp="$net_interfaces" 3541.1Slukem fi 3551.1Slukem for int in $tmp; do 3561.20Snisimura eval args=\$ifconfig_$int 3571.2Sveego if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then 3581.1Slukem echo -n " $int" 3591.1Slukem ifconfig $int down 3601.1Slukem fi 3611.1Slukem done 3621.1Slukem echo "." 3631.1Slukem fi 3641.1Slukem 3651.1Slukem # flush routes 3661.1Slukem # 3671.1Slukem route -n flush 3681.1Slukem 3691.1Slukem} 3701.1Slukem 3711.11Slukemload_rc_config $name 3721.1Slukemrun_rc_command "$1" 373