network revision 1.8
1 1.1 lukem #!/bin/sh 2 1.1 lukem # 3 1.8 thorpej # $NetBSD: network,v 1.8 2000/04/28 00:13:39 thorpej Exp $ 4 1.1 lukem # 5 1.1 lukem 6 1.1 lukem # PROVIDE: network 7 1.5 tsarna # REQUIRE: root mountcritlocal tty sysctl 8 1.1 lukem 9 1.1 lukem . /etc/rc.subr 10 1.1 lukem . /etc/rc.conf 11 1.1 lukem 12 1.1 lukem name="network" 13 1.1 lukem start_cmd="network_start" 14 1.6 lukem stop_cmd=":" 15 1.1 lukem 16 1.1 lukem network_start() 17 1.1 lukem { 18 1.1 lukem # set hostname, turn on network 19 1.1 lukem # 20 1.1 lukem echo "Starting network." 21 1.1 lukem 22 1.1 lukem # If $hostname is set, use it for my Internet name, 23 1.1 lukem # otherwise use /etc/myname 24 1.1 lukem # 25 1.1 lukem if [ -z "$hostname" -a -f /etc/myname ]; then 26 1.1 lukem hostname=`cat /etc/myname` 27 1.1 lukem fi 28 1.1 lukem if [ -n "$hostname" ]; then 29 1.1 lukem echo "Hostname: $hostname" 30 1.1 lukem hostname $hostname 31 1.1 lukem else 32 1.8 thorpej # Don't warn about it if we're going to run 33 1.8 thorpej # DHCP later, as we will probably get the 34 1.8 thorpej # hostname at that time. 35 1.8 thorpej # 36 1.8 thorpej if ! checkyesno dhclient 37 1.8 thorpej warn "\$hostname not set." 38 1.8 thorpej fi 39 1.1 lukem fi 40 1.1 lukem 41 1.1 lukem # Check $domainname first, then /etc/defaultdomain, 42 1.1 lukem # for NIS/YP domain name 43 1.1 lukem # 44 1.1 lukem if [ -z "$domainname" -a -f /etc/defaultdomain ]; then 45 1.1 lukem domainname=`cat /etc/defaultdomain` 46 1.1 lukem fi 47 1.1 lukem if [ -n "$domainname" ]; then 48 1.1 lukem echo "NIS domainname: $domainname" 49 1.1 lukem domainname $domainname 50 1.1 lukem fi 51 1.1 lukem 52 1.1 lukem # Flush all routes just to make sure it is clean 53 1.1 lukem if checkyesno flushroutes; then 54 1.1 lukem route -n flush 55 1.1 lukem fi 56 1.1 lukem 57 1.1 lukem # Set the address for the first loopback interface, so that the 58 1.1 lukem # auto-route from a newly configured interface's address to lo0 59 1.1 lukem # works correctly. 60 1.1 lukem # 61 1.1 lukem # NOTE: obscure networking problems may occur if lo0 isn't configured... 62 1.1 lukem # 63 1.1 lukem ifconfig lo0 inet 127.0.0.1 64 1.1 lukem 65 1.1 lukem # Configure all of the network interfaces listed in $net_interfaces; 66 1.1 lukem # if $auto_ifconfig is YES, grab all interfaces from ifconfig. 67 1.1 lukem # In the following, "xxN" stands in for interface names, like "le0". 68 1.1 lukem # For any interfaces that has an $ifconfig_xxN variable associated, 69 1.1 lukem # we do "ifconfig xxN $ifconfig_xxN". 70 1.1 lukem # If there is no such variable, we take the contents of the file 71 1.1 lukem # /etc/ifconfig.xxN, and run "ifconfig xxN" repeatedly, using each 72 1.1 lukem # line of the file as the arguments for a seperate "ifconfig" 73 1.1 lukem # invocation. 74 1.1 lukem # 75 1.1 lukem # In order to configure an interface reasonably, you at the very least 76 1.1 lukem # need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"), 77 1.1 lukem # and probably a netmask (as in "netmask 0xffffffe0"). You will 78 1.1 lukem # frequently need to specify a media type, as in "media UTP", for 79 1.1 lukem # interface cards with multiple media connections that do not 80 1.1 lukem # autoconfigure. See the ifconfig manual page for details. 81 1.1 lukem # 82 1.1 lukem # Note that /etc/ifconfig.xxN takes multiple lines. The following 83 1.1 lukem # configuration is possible: 84 1.1 lukem # inet 10.1.1.1 netmask 0xffffff00 85 1.1 lukem # inet 10.1.1.2 netmask 0xffffff00 alias 86 1.1 lukem # inet6 fec0::1 prefixlen 64 alias 87 1.1 lukem # 88 1.1 lukem if [ "$net_interfaces" != NO ]; then 89 1.1 lukem if checkyesno auto_ifconfig; then 90 1.1 lukem tmp="`ifconfig -l`" 91 1.1 lukem else 92 1.1 lukem tmp="$net_interfaces" 93 1.1 lukem fi 94 1.1 lukem echo -n 'Configuring network interfaces:' 95 1.1 lukem for int in $tmp; do 96 1.1 lukem eval `echo 'args=$ifconfig_'$int` 97 1.1 lukem if [ -n "$args" ]; then 98 1.1 lukem echo -n " $int" 99 1.1 lukem ifconfig $int $args 100 1.1 lukem elif [ -f /etc/ifconfig.$int ]; then 101 1.1 lukem echo -n " $int" 102 1.1 lukem (while read args; do 103 1.1 lukem if [ -n "`eval echo '$args'`" ] ; then 104 1.1 lukem ifconfig $int $args 105 1.1 lukem fi 106 1.1 lukem done) < /etc/ifconfig.$int 107 1.1 lukem else 108 1.1 lukem if ! checkyesno auto_ifconfig; then 109 1.1 lukem echo 110 1.1 lukem warn \ 111 1.1 lukem "/etc/ifconfig.$int missing and ifconfig_$int not set;" 112 1.1 lukem warn "interface $int not configured." 113 1.1 lukem fi 114 1.1 lukem continue 115 1.1 lukem fi 116 1.1 lukem configured_interfaces="$configured_interfaces $int" 117 1.1 lukem done 118 1.1 lukem echo "." 119 1.1 lukem fi 120 1.1 lukem 121 1.1 lukem # Check $defaultroute, then /etc/mygate, for the name of my gateway 122 1.1 lukem # host. That name must be in /etc/hosts. 123 1.1 lukem # 124 1.1 lukem if [ -z "$defaultroute" -a -f /etc/mygate ]; then 125 1.1 lukem defaultroute=`cat /etc/mygate` 126 1.1 lukem fi 127 1.1 lukem if [ -n "$defaultroute" ]; then 128 1.1 lukem route add default $defaultroute 129 1.1 lukem fi 130 1.1 lukem 131 1.1 lukem # Check if each configured interface xxN has an $ifaliases_xxN variable 132 1.1 lukem # associated, then configure additional IP addresses for that interface. 133 1.1 lukem # The variable contains a list of "address netmask" pairs, with 134 1.1 lukem # "netmask" set to "-" if the interface default netmask is to be used. 135 1.1 lukem # 136 1.1 lukem # Note that $ifaliases_xxN works only with certain configurations and 137 1.1 lukem # considered not recommended. Use /etc/ifconfig.xxN if possible. 138 1.1 lukem # 139 1.1 lukem # 140 1.1 lukem if [ -n "$configured_interfaces" ]; then 141 1.1 lukem echo "Adding interface aliases:" 142 1.1 lukem done_aliases_message=yes 143 1.1 lukem fi 144 1.1 lukem for int in $configured_interfaces; do 145 1.1 lukem eval `echo 'args=$ifaliases_'$int` 146 1.1 lukem if [ -n "$args" ]; then 147 1.1 lukem set -- $args 148 1.1 lukem while [ $# -ge 2 ]; do 149 1.1 lukem addr=$1 ; net=$2 ; shift 2 150 1.1 lukem if [ "$net" = "-" ]; then 151 1.1 lukem ifconfig $int inet alias $addr 152 1.1 lukem else 153 1.1 lukem ifconfig $int inet alias $addr \ 154 1.1 lukem netmask $net 155 1.1 lukem fi 156 1.1 lukem # Use loopback, not the wire 157 1.1 lukem route add $addr 127.0.0.1 158 1.1 lukem done 159 1.1 lukem fi 160 1.1 lukem done 161 1.1 lukem 162 1.1 lukem # /etc/ifaliases, if it exists, contains the names of additional IP 163 1.1 lukem # addresses for each interface. It is formatted as a series of lines 164 1.1 lukem # that contain 165 1.1 lukem # address interface netmask 166 1.1 lukem # 167 1.1 lukem # Note that /etc/ifaliases works only with certain cases only and its 168 1.1 lukem # use is not recommended. Use /etc/ifconfig.xxN instead. 169 1.1 lukem # 170 1.1 lukem # 171 1.1 lukem if [ -f /etc/ifaliases ]; then 172 1.1 lukem ( 173 1.1 lukem if [ "$done_aliases_message" != yes ]; then 174 1.1 lukem echo "Adding interface aliases:" 175 1.1 lukem fi 176 1.1 lukem while read addr int net; do 177 1.1 lukem if [ -z "$net" ]; then 178 1.1 lukem ifconfig $int inet alias $addr 179 1.1 lukem else 180 1.1 lukem ifconfig $int inet alias $addr netmask $net 181 1.1 lukem fi 182 1.1 lukem # use loopback, not the wire 183 1.1 lukem route add $addr 127.0.0.1 184 1.1 lukem done 185 1.1 lukem ) < /etc/ifaliases 186 1.1 lukem fi 187 1.1 lukem 188 1.1 lukem # IPv6 189 1.1 lukem # Note that manual configuration can be done in the above, using 190 1.1 lukem # ifconfig. 191 1.1 lukem # 192 1.1 lukem if ifconfig lo0 inet6 >/dev/null 2>&1; then 193 1.1 lukem # We have IPv6 support in kernel. 194 1.1 lukem 195 1.4 itojun # disallow link-local unicast dest without outgoing scope 196 1.1 lukem # identifiers. 197 1.1 lukem # 198 1.1 lukem route add -inet6 fe80:: -prefixlen 10 ::1 -reject 199 1.4 itojun 200 1.4 itojun # disallow site-local unicast dest without outgoing scope 201 1.4 itojun # identifiers. 202 1.4 itojun # If you configure site-locals without scope id (it is 203 1.4 itojun # permissible config for routers that are not on scope 204 1.4 itojun # boundary), you may want to comment the following one out. 205 1.4 itojun # 206 1.4 itojun route add -inet6 fec0:: -prefixlen 10 ::1 -reject 207 1.1 lukem 208 1.1 lukem # disallow "internal" addresses to appear on the wire. 209 1.1 lukem # 210 1.1 lukem route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 211 1.4 itojun 212 1.4 itojun # disallow packets to malicious IPv4 compatible prefix 213 1.4 itojun # 214 1.4 itojun route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject 215 1.4 itojun route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject 216 1.4 itojun route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject 217 1.4 itojun route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject 218 1.3 itojun 219 1.3 itojun # disallow packets to malicious 6to4 prefix 220 1.3 itojun # 221 1.3 itojun route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject 222 1.3 itojun route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject 223 1.4 itojun route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject 224 1.4 itojun route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject 225 1.4 itojun 226 1.4 itojun # Completely disallow packets to IPv4 compatible prefix. 227 1.4 itojun # This may conflict with RFC1933 under following circumstances: 228 1.4 itojun # (1) An IPv6-only KAME node tries to originate packets to IPv4 229 1.4 itojun # comatible destination. The KAME node has no IPv4 230 1.4 itojun # compatible support. Under RFC1933, it should transmit 231 1.4 itojun # native IPv6 packets toward IPv4 compatible destination, 232 1.4 itojun # hoping it would reach a router that forwards the packet 233 1.4 itojun # toward auto-tunnel interface. 234 1.4 itojun # (2) An IPv6-only node originates a packet to IPv4 compatible 235 1.4 itojun # destination. A KAME node is acting as an IPv6 router, and 236 1.4 itojun # asked to forward it. 237 1.4 itojun # Due to rare use of IPv4 compatible address, and security 238 1.4 itojun # issues with it, we disable it by default. 239 1.4 itojun # 240 1.4 itojun route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 241 1.1 lukem 242 1.1 lukem sysctl -w net.inet6.ip6.forwarding=0 >/dev/null 243 1.1 lukem sysctl -w net.inet6.ip6.accept_rtadv=0 >/dev/null 244 1.1 lukem 245 1.1 lukem # backward compatibility 246 1.1 lukem # 247 1.1 lukem if [ -z "$ip6mode" -a -n "$ip6forwarding" ]; then 248 1.1 lukem warn 'Please migrate to newer rc.conf' \ 249 1.1 lukem '(use ip6mode, not ip6forwarding)' 250 1.1 lukem if checkyesno ip6forwarding; then 251 1.1 lukem ip6mode=router 252 1.1 lukem else 253 1.1 lukem if checkyesno rtsol; then 254 1.1 lukem ip6mode=autohost 255 1.1 lukem else 256 1.1 lukem ip6mode=host 257 1.1 lukem fi 258 1.1 lukem fi 259 1.1 lukem fi 260 1.1 lukem 261 1.1 lukem case $ip6mode in 262 1.1 lukem router) 263 1.1 lukem echo 'IPv6 mode: router' 264 1.1 lukem sysctl -w net.inet6.ip6.forwarding=1 >/dev/null 265 1.1 lukem ;; 266 1.1 lukem 267 1.1 lukem autohost) 268 1.1 lukem echo 'IPv6 mode: autoconfigured host' 269 1.1 lukem sysctl -w net.inet6.ip6.accept_rtadv=1 >/dev/null 270 1.1 lukem if [ -n "$ip6defaultif" ]; then 271 1.1 lukem ndp -I $ip6defaultif 272 1.1 lukem fi 273 1.1 lukem ;; 274 1.1 lukem 275 1.1 lukem host) 276 1.1 lukem echo 'IPv6 mode: host' 277 1.1 lukem if [ -n "$ip6defaultif" ]; then 278 1.1 lukem ndp -I $ip6defaultif 279 1.1 lukem fi 280 1.1 lukem ;; 281 1.1 lukem 282 1.1 lukem *) echo 'WARNING: invalid value in ip6mode' 283 1.1 lukem ;; 284 1.1 lukem 285 1.1 lukem esac 286 1.1 lukem 287 1.1 lukem if checkyesno rtsol; then 288 1.1 lukem if [ "$ip6mode" = "autohost" ]; then 289 1.1 lukem echo 'Sending router solicitation...' 290 1.1 lukem rtsol $rtsol_flags 291 1.1 lukem else 292 1.1 lukem echo 293 1.1 lukem warn \ 294 1.1 lukem "ip6mode must be set to 'autohost' to use rtsol." 295 1.1 lukem fi 296 1.1 lukem fi 297 1.1 lukem 298 1.1 lukem # wait till DAD is completed. always invoke it in case if are 299 1.1 lukem # configured manually by ifconfig 300 1.1 lukem # 301 1.1 lukem dadcount=`sysctl -n net.inet6.ip6.dad_count 2>/dev/null` 302 1.1 lukem sleep $dadcount 303 1.1 lukem sleep 1 304 1.1 lukem fi 305 1.1 lukem 306 1.1 lukem # XXX this must die 307 1.1 lukem if [ -s /etc/netstart.local ]; then 308 1.1 lukem sh /etc/netstart.local start 309 1.1 lukem fi 310 1.1 lukem } 311 1.1 lukem 312 1.1 lukem network_stop() 313 1.1 lukem { 314 1.1 lukem echo "Stopping network." 315 1.1 lukem 316 1.1 lukem # XXX this must die 317 1.1 lukem if [ -s /etc/netstart.local ]; then 318 1.1 lukem sh /etc/netstart.local stop 319 1.1 lukem fi 320 1.1 lukem 321 1.1 lukem echo "Deleting aliases." 322 1.1 lukem if [ -f /etc/ifaliases ]; then 323 1.1 lukem ( 324 1.1 lukem while read addr int net; do 325 1.1 lukem ifconfig $int inet delete $addr 326 1.1 lukem done 327 1.1 lukem ) < /etc/ifaliases 328 1.1 lukem fi 329 1.1 lukem 330 1.1 lukem for int in $configured_interfaces; do 331 1.1 lukem eval `echo 'args=$ifaliases_'$int` 332 1.1 lukem if [ -n "$args" ]; then 333 1.1 lukem set -- $args 334 1.1 lukem while [ $# -ge 2 ]; do 335 1.1 lukem addr=$1 ; net=$2 ; shift 2 336 1.1 lukem ifconfig $int inet delete $addr 337 1.1 lukem done 338 1.1 lukem fi 339 1.1 lukem done 340 1.1 lukem 341 1.1 lukem # down interfaces 342 1.1 lukem # 343 1.1 lukem echo -n 'Downing network interfaces:' 344 1.1 lukem if [ "$net_interfaces" != NO ]; then 345 1.1 lukem if checkyesno auto_ifconfig; then 346 1.1 lukem tmp="`ifconfig -l`" 347 1.1 lukem else 348 1.1 lukem tmp="$net_interfaces" 349 1.1 lukem fi 350 1.1 lukem for int in $tmp; do 351 1.1 lukem eval `echo 'args=$ifconfig_'$int` 352 1.2 veego if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then 353 1.1 lukem echo -n " $int" 354 1.1 lukem ifconfig $int down 355 1.1 lukem fi 356 1.1 lukem done 357 1.1 lukem echo "." 358 1.1 lukem fi 359 1.1 lukem 360 1.1 lukem # flush routes 361 1.1 lukem # 362 1.1 lukem route -n flush 363 1.1 lukem 364 1.1 lukem } 365 1.1 lukem 366 1.1 lukem run_rc_command "$1" 367
Indexes created Tue Oct 07 21:09:53 GMT 2025