network revision 1.53
1 1.1 lukem #!/bin/sh 2 1.1 lukem # 3 1.53 reed # $NetBSD: network,v 1.53 2008/07/24 19:48:19 reed Exp $ 4 1.1 lukem # 5 1.1 lukem 6 1.1 lukem # PROVIDE: network 7 1.19 lukem # REQUIRE: ipfilter ipsec mountcritlocal root tty sysctl 8 1.34 thorpej # BEFORE: NETWORKING 9 1.1 lukem 10 1.45 mycroft $_rc_subr_loaded . /etc/rc.subr 11 1.1 lukem 12 1.1 lukem name="network" 13 1.1 lukem start_cmd="network_start" 14 1.14 lukem stop_cmd="network_stop" 15 1.1 lukem 16 1.1 lukem network_start() 17 1.1 lukem { 18 1.1 lukem # set hostname, turn on network 19 1.1 lukem # 20 1.1 lukem echo "Starting network." 21 1.1 lukem 22 1.1 lukem # If $hostname is set, use it for my Internet name, 23 1.1 lukem # otherwise use /etc/myname 24 1.1 lukem # 25 1.20 nisimura if [ -z "$hostname" ] && [ -f /etc/myname ]; then 26 1.46 christos hostname=$(cat /etc/myname) 27 1.1 lukem fi 28 1.1 lukem if [ -n "$hostname" ]; then 29 1.1 lukem echo "Hostname: $hostname" 30 1.1 lukem hostname $hostname 31 1.1 lukem else 32 1.8 thorpej # Don't warn about it if we're going to run 33 1.8 thorpej # DHCP later, as we will probably get the 34 1.8 thorpej # hostname at that time. 35 1.8 thorpej # 36 1.46 christos if ! checkyesno dhclient && [ -z "$(hostname)" ]; then 37 1.8 thorpej warn "\$hostname not set." 38 1.8 thorpej fi 39 1.1 lukem fi 40 1.1 lukem 41 1.1 lukem # Check $domainname first, then /etc/defaultdomain, 42 1.1 lukem # for NIS/YP domain name 43 1.1 lukem # 44 1.20 nisimura if [ -z "$domainname" ] && [ -f /etc/defaultdomain ]; then 45 1.46 christos domainname=$(cat /etc/defaultdomain) 46 1.1 lukem fi 47 1.1 lukem if [ -n "$domainname" ]; then 48 1.1 lukem echo "NIS domainname: $domainname" 49 1.1 lukem domainname $domainname 50 1.1 lukem fi 51 1.1 lukem 52 1.1 lukem # Flush all routes just to make sure it is clean 53 1.1 lukem if checkyesno flushroutes; then 54 1.53 reed /sbin/route -qn flush 55 1.1 lukem fi 56 1.1 lukem 57 1.1 lukem # Set the address for the first loopback interface, so that the 58 1.1 lukem # auto-route from a newly configured interface's address to lo0 59 1.1 lukem # works correctly. 60 1.1 lukem # 61 1.32 lukem # NOTE: obscure networking problems will occur if lo0 isn't configured. 62 1.1 lukem # 63 1.53 reed /sbin/ifconfig lo0 inet 127.0.0.1 64 1.10 itojun 65 1.31 itojun # According to RFC1122, 127.0.0.0/8 must not leave the node. 66 1.10 itojun # 67 1.53 reed /sbin/route -q add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject 68 1.1 lukem 69 1.30 itojun # IPv6 routing setups, and host/router mode selection. 70 1.30 itojun # 71 1.53 reed if /sbin/ifconfig lo0 inet6 >/dev/null 2>&1; then 72 1.30 itojun # We have IPv6 support in kernel. 73 1.30 itojun 74 1.30 itojun # disallow link-local unicast dest without outgoing scope 75 1.30 itojun # identifiers. 76 1.30 itojun # 77 1.53 reed /sbin/route -q add -inet6 fe80:: -prefixlen 10 ::1 -reject 78 1.30 itojun 79 1.50 rpaulo # disallow the use of the RFC3849 documentation address 80 1.50 rpaulo # 81 1.53 reed /sbin/route -q add -inet6 2001:db8:: -prefixlen 32 ::1 -reject 82 1.50 rpaulo 83 1.50 rpaulo # IPv6 site-local scoped address prefix (fec0::/10) 84 1.50 rpaulo # has been deprecated by RFC3879. 85 1.30 itojun # 86 1.50 rpaulo if [ -n "$ip6sitelocal" ]; then 87 1.50 rpaulo warn "\$ip6sitelocal is no longer valid" 88 1.30 itojun fi 89 1.30 itojun 90 1.30 itojun # disallow "internal" addresses to appear on the wire. 91 1.30 itojun # 92 1.53 reed /sbin/route -q add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 93 1.30 itojun 94 1.30 itojun # disallow packets to malicious IPv4 compatible prefix 95 1.30 itojun # 96 1.53 reed /sbin/route -q add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject 97 1.53 reed /sbin/route -q add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject 98 1.53 reed /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject 99 1.53 reed /sbin/route -q add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject 100 1.30 itojun 101 1.30 itojun # disallow packets to malicious 6to4 prefix 102 1.30 itojun # 103 1.53 reed /sbin/route -q add -inet6 2002:e000:: -prefixlen 20 ::1 -reject 104 1.53 reed /sbin/route -q add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject 105 1.53 reed /sbin/route -q add -inet6 2002:0000:: -prefixlen 24 ::1 -reject 106 1.53 reed /sbin/route -q add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject 107 1.30 itojun 108 1.30 itojun # Completely disallow packets to IPv4 compatible prefix. 109 1.30 itojun # This may conflict with RFC1933 under following circumstances: 110 1.30 itojun # (1) An IPv6-only KAME node tries to originate packets to IPv4 111 1.51 reed # compatible destination. The KAME node has no IPv4 112 1.30 itojun # compatible support. Under RFC1933, it should transmit 113 1.30 itojun # native IPv6 packets toward IPv4 compatible destination, 114 1.30 itojun # hoping it would reach a router that forwards the packet 115 1.30 itojun # toward auto-tunnel interface. 116 1.30 itojun # (2) An IPv6-only node originates a packet to IPv4 compatible 117 1.30 itojun # destination. A KAME node is acting as an IPv6 router, and 118 1.30 itojun # asked to forward it. 119 1.30 itojun # Due to rare use of IPv4 compatible address, and security 120 1.30 itojun # issues with it, we disable it by default. 121 1.30 itojun # 122 1.53 reed /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 123 1.30 itojun 124 1.53 reed /sbin/sysctl -qw net.inet6.ip6.forwarding=0 125 1.53 reed /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=0 126 1.30 itojun 127 1.30 itojun case $ip6mode in 128 1.30 itojun router) 129 1.30 itojun echo 'IPv6 mode: router' 130 1.53 reed /sbin/sysctl -qw net.inet6.ip6.forwarding=1 131 1.50 rpaulo 132 1.50 rpaulo # disallow unique-local unicast forwarding without 133 1.50 rpaulo # explicit configuration. 134 1.50 rpaulo if ! checkyesno ip6uniquelocal; then 135 1.53 reed /sbin/route -q add -inet6 fc00:: -prefixlen 7 \ 136 1.50 rpaulo ::1 -reject 137 1.50 rpaulo fi 138 1.30 itojun ;; 139 1.30 itojun 140 1.30 itojun autohost) 141 1.30 itojun echo 'IPv6 mode: autoconfigured host' 142 1.53 reed /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=1 143 1.30 itojun ;; 144 1.30 itojun 145 1.30 itojun host) 146 1.30 itojun echo 'IPv6 mode: host' 147 1.30 itojun ;; 148 1.30 itojun 149 1.36 lukem *) warn "invalid \$ip6mode value "\"$ip6mode\" 150 1.30 itojun ;; 151 1.30 itojun 152 1.30 itojun esac 153 1.30 itojun fi 154 1.30 itojun 155 1.1 lukem # Configure all of the network interfaces listed in $net_interfaces; 156 1.1 lukem # if $auto_ifconfig is YES, grab all interfaces from ifconfig. 157 1.1 lukem # In the following, "xxN" stands in for interface names, like "le0". 158 1.1 lukem # For any interfaces that has an $ifconfig_xxN variable associated, 159 1.1 lukem # we do "ifconfig xxN $ifconfig_xxN". 160 1.1 lukem # If there is no such variable, we take the contents of the file 161 1.1 lukem # /etc/ifconfig.xxN, and run "ifconfig xxN" repeatedly, using each 162 1.33 wiz # line of the file as the arguments for a separate "ifconfig" 163 1.1 lukem # invocation. 164 1.1 lukem # 165 1.1 lukem # In order to configure an interface reasonably, you at the very least 166 1.1 lukem # need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"), 167 1.1 lukem # and probably a netmask (as in "netmask 0xffffffe0"). You will 168 1.1 lukem # frequently need to specify a media type, as in "media UTP", for 169 1.1 lukem # interface cards with multiple media connections that do not 170 1.1 lukem # autoconfigure. See the ifconfig manual page for details. 171 1.1 lukem # 172 1.1 lukem # Note that /etc/ifconfig.xxN takes multiple lines. The following 173 1.1 lukem # configuration is possible: 174 1.1 lukem # inet 10.1.1.1 netmask 0xffffff00 175 1.1 lukem # inet 10.1.1.2 netmask 0xffffff00 alias 176 1.50 rpaulo # inet6 2001:db8::1 prefixlen 64 alias 177 1.1 lukem # 178 1.29 itojun # You can put shell script fragment into /etc/ifconfig.xxN by 179 1.29 itojun # starting a line with "!". Refer to ifconfig.if(5) for details. 180 1.29 itojun # 181 1.1 lukem if [ "$net_interfaces" != NO ]; then 182 1.1 lukem if checkyesno auto_ifconfig; then 183 1.53 reed tmp=$(/sbin/ifconfig -l) 184 1.53 reed for cloner in $(/sbin/ifconfig -C 2>/dev/null); do 185 1.25 wiz for int in /etc/ifconfig.${cloner}[0-9]*; do 186 1.23 nisimura [ ! -f $int ] && break 187 1.21 lukem tmp="$tmp ${int##*.}" 188 1.15 thorpej done 189 1.15 thorpej done 190 1.1 lukem else 191 1.1 lukem tmp="$net_interfaces" 192 1.1 lukem fi 193 1.1 lukem echo -n 'Configuring network interfaces:' 194 1.1 lukem for int in $tmp; do 195 1.20 nisimura eval args=\$ifconfig_$int 196 1.39 tron if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then 197 1.53 reed if /sbin/ifconfig $int create 2>/dev/null && \ 198 1.39 tron checkyesno ipfilter; then 199 1.39 tron # resync ipf(4) 200 1.53 reed /sbin/ipf -y >/dev/null 201 1.39 tron fi 202 1.39 tron fi 203 1.52 joerg if [ "$args" = "dhcp" ]; then 204 1.52 joerg echo -n " $int" 205 1.53 reed /sbin/dhcpcd -n ${dhcpcd_flags} $int 206 1.52 joerg elif [ -n "$args" ]; then 207 1.1 lukem echo -n " $int" 208 1.53 reed /sbin/ifconfig $int $args 209 1.1 lukem elif [ -f /etc/ifconfig.$int ]; then 210 1.1 lukem echo -n " $int" 211 1.20 nisimura while read args; do 212 1.26 nisimura [ -z "$args" ] && continue 213 1.29 itojun case "$args" in 214 1.39 tron "#"*|create) 215 1.29 itojun ;; 216 1.29 itojun "!"*) 217 1.29 itojun eval ${args#*!} 218 1.29 itojun ;; 219 1.52 joerg dhcp) 220 1.53 reed /sbin/dhcpcd -n ${dhcpcd_flags} \ 221 1.52 joerg $int 222 1.52 joerg ;; 223 1.29 itojun *) 224 1.53 reed eval /sbin/ifconfig $int $args 225 1.29 itojun ;; 226 1.29 itojun esac 227 1.20 nisimura done < /etc/ifconfig.$int 228 1.1 lukem else 229 1.1 lukem if ! checkyesno auto_ifconfig; then 230 1.1 lukem echo 231 1.1 lukem warn \ 232 1.1 lukem "/etc/ifconfig.$int missing and ifconfig_$int not set;" 233 1.1 lukem warn "interface $int not configured." 234 1.1 lukem fi 235 1.1 lukem continue 236 1.1 lukem fi 237 1.1 lukem configured_interfaces="$configured_interfaces $int" 238 1.1 lukem done 239 1.1 lukem echo "." 240 1.1 lukem fi 241 1.1 lukem 242 1.44 jdc # Check $defaultroute, then /etc/mygate, for the name or address 243 1.44 jdc # of my IPv4 gateway host. If using a name, that name must be in 244 1.44 jdc # /etc/hosts. 245 1.1 lukem # 246 1.20 nisimura if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then 247 1.46 christos defaultroute=$(cat /etc/mygate) 248 1.1 lukem fi 249 1.1 lukem if [ -n "$defaultroute" ]; then 250 1.53 reed /sbin/route add default $defaultroute 251 1.44 jdc fi 252 1.44 jdc 253 1.44 jdc # Check $defaultroute6, then /etc/mygate6, for the name or address 254 1.44 jdc # of my IPv6 gateway host. If using a name, that name must be in 255 1.44 jdc # /etc/hosts. Note that the gateway host address must be a link-local 256 1.44 jdc # address if it is not using an stf* interface. 257 1.44 jdc # 258 1.44 jdc if [ -z "$defaultroute6" ] && [ -f /etc/mygate6 ]; then 259 1.46 christos defaultroute6=$(cat /etc/mygate6) 260 1.44 jdc fi 261 1.44 jdc if [ -n "$defaultroute6" ]; then 262 1.44 jdc if [ "$ip6mode" = "autohost" ]; then 263 1.44 jdc echo 264 1.44 jdc warn \ 265 1.44 jdc "ip6mode is set to 'autohost' and a v6 default route is also set." 266 1.44 jdc fi 267 1.53 reed /sbin/route add -inet6 default $defaultroute6 268 1.1 lukem fi 269 1.1 lukem 270 1.48 cjs echo -n "Adding interface aliases:" 271 1.48 cjs 272 1.1 lukem # Check if each configured interface xxN has an $ifaliases_xxN variable 273 1.1 lukem # associated, then configure additional IP addresses for that interface. 274 1.1 lukem # The variable contains a list of "address netmask" pairs, with 275 1.1 lukem # "netmask" set to "-" if the interface default netmask is to be used. 276 1.1 lukem # 277 1.1 lukem # Note that $ifaliases_xxN works only with certain configurations and 278 1.1 lukem # considered not recommended. Use /etc/ifconfig.xxN if possible. 279 1.1 lukem # 280 1.1 lukem # 281 1.48 cjs for int in lo0 $configured_interfaces; do 282 1.20 nisimura eval args=\$ifaliases_$int 283 1.1 lukem if [ -n "$args" ]; then 284 1.1 lukem set -- $args 285 1.1 lukem while [ $# -ge 2 ]; do 286 1.1 lukem addr=$1 ; net=$2 ; shift 2 287 1.1 lukem if [ "$net" = "-" ]; then 288 1.16 jdolecek # for compatibility only, obsolete 289 1.53 reed /sbin/ifconfig $int inet alias $addr 290 1.1 lukem else 291 1.53 reed /sbin/ifconfig $int inet alias $addr \ 292 1.1 lukem netmask $net 293 1.1 lukem fi 294 1.48 cjs echo -n " $int:$addr" 295 1.1 lukem done 296 1.1 lukem fi 297 1.1 lukem done 298 1.1 lukem 299 1.1 lukem # /etc/ifaliases, if it exists, contains the names of additional IP 300 1.1 lukem # addresses for each interface. It is formatted as a series of lines 301 1.1 lukem # that contain 302 1.1 lukem # address interface netmask 303 1.1 lukem # 304 1.1 lukem # Note that /etc/ifaliases works only with certain cases only and its 305 1.1 lukem # use is not recommended. Use /etc/ifconfig.xxN instead. 306 1.1 lukem # 307 1.1 lukem # 308 1.1 lukem if [ -f /etc/ifaliases ]; then 309 1.1 lukem while read addr int net; do 310 1.1 lukem if [ -z "$net" ]; then 311 1.16 jdolecek # for compatibility only, obsolete 312 1.53 reed /sbin/ifconfig $int inet alias $addr 313 1.1 lukem else 314 1.53 reed /sbin/ifconfig $int inet alias $addr netmask $net 315 1.1 lukem fi 316 1.20 nisimura done < /etc/ifaliases 317 1.1 lukem fi 318 1.1 lukem 319 1.48 cjs echo 320 1.48 cjs 321 1.30 itojun # IPv6 interface autoconfiguration. 322 1.1 lukem # 323 1.53 reed if /sbin/ifconfig lo0 inet6 >/dev/null 2>&1; then 324 1.17 itojun # wait till DAD is completed. always invoke it in case 325 1.17 itojun # if are configured manually by ifconfig 326 1.17 itojun # 327 1.53 reed dadcount=$(/sbin/sysctl -n net.inet6.ip6.dad_count 2>/dev/null) 328 1.17 itojun sleep $dadcount 329 1.17 itojun sleep 1 330 1.17 itojun 331 1.1 lukem if checkyesno rtsol; then 332 1.1 lukem if [ "$ip6mode" = "autohost" ]; then 333 1.1 lukem echo 'Sending router solicitation...' 334 1.53 reed /sbin/rtsol $rtsol_flags 335 1.1 lukem else 336 1.1 lukem echo 337 1.1 lukem warn \ 338 1.1 lukem "ip6mode must be set to 'autohost' to use rtsol." 339 1.1 lukem fi 340 1.17 itojun 341 1.18 itojun # wait till DAD is completed, for global addresses 342 1.18 itojun # configured by router advert message. 343 1.17 itojun # 344 1.17 itojun sleep $dadcount 345 1.17 itojun sleep 1 346 1.1 lukem fi 347 1.42 christos fi 348 1.42 christos 349 1.1 lukem # XXX this must die 350 1.1 lukem if [ -s /etc/netstart.local ]; then 351 1.1 lukem sh /etc/netstart.local start 352 1.1 lukem fi 353 1.1 lukem } 354 1.1 lukem 355 1.1 lukem network_stop() 356 1.1 lukem { 357 1.1 lukem echo "Stopping network." 358 1.1 lukem 359 1.1 lukem # XXX this must die 360 1.1 lukem if [ -s /etc/netstart.local ]; then 361 1.1 lukem sh /etc/netstart.local stop 362 1.1 lukem fi 363 1.1 lukem 364 1.1 lukem echo "Deleting aliases." 365 1.1 lukem if [ -f /etc/ifaliases ]; then 366 1.1 lukem while read addr int net; do 367 1.53 reed /sbin/ifconfig $int inet delete $addr 368 1.20 nisimura done < /etc/ifaliases 369 1.1 lukem fi 370 1.1 lukem 371 1.53 reed for int in $(/sbin/ifconfig -lu); do 372 1.20 nisimura eval args=\$ifaliases_$int 373 1.1 lukem if [ -n "$args" ]; then 374 1.1 lukem set -- $args 375 1.1 lukem while [ $# -ge 2 ]; do 376 1.1 lukem addr=$1 ; net=$2 ; shift 2 377 1.53 reed /sbin/ifconfig $int inet delete $addr 378 1.1 lukem done 379 1.1 lukem fi 380 1.1 lukem done 381 1.1 lukem 382 1.1 lukem # down interfaces 383 1.1 lukem # 384 1.1 lukem echo -n 'Downing network interfaces:' 385 1.1 lukem if [ "$net_interfaces" != NO ]; then 386 1.1 lukem if checkyesno auto_ifconfig; then 387 1.53 reed tmp=$(/sbin/ifconfig -l) 388 1.1 lukem else 389 1.1 lukem tmp="$net_interfaces" 390 1.1 lukem fi 391 1.1 lukem for int in $tmp; do 392 1.20 nisimura eval args=\$ifconfig_$int 393 1.2 veego if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then 394 1.1 lukem echo -n " $int" 395 1.53 reed /sbin/dhcpcd -k $int 2> /dev/null 396 1.53 reed /sbin/ifconfig $int down 397 1.53 reed if /sbin/ifconfig $int destroy 2>/dev/null && \ 398 1.39 tron checkyesno ipfilter; then 399 1.39 tron # resync ipf(4) 400 1.53 reed /sbin/ipf -y >/dev/null 401 1.39 tron fi 402 1.1 lukem fi 403 1.1 lukem done 404 1.1 lukem echo "." 405 1.1 lukem fi 406 1.1 lukem 407 1.1 lukem # flush routes 408 1.1 lukem # 409 1.53 reed /sbin/route -qn flush 410 1.38 tron 411 1.1 lukem } 412 1.1 lukem 413 1.47 lukem load_rc_config $name 414 1.47 lukem load_rc_config_var dhclient dhclient 415 1.47 lukem load_rc_config_var ipfilter ipfilter 416 1.1 lukem run_rc_command "$1" 417
Indexes created Tue Oct 07 21:09:53 GMT 2025