network revision 1.29
1#!/bin/sh 2# 3# $NetBSD: network,v 1.29 2001/01/11 17:56:16 itojun Exp $ 4# 5 6# PROVIDE: network 7# REQUIRE: ipfilter ipsec mountcritlocal root tty sysctl 8 9. /etc/rc.subr 10 11name="network" 12start_cmd="network_start" 13stop_cmd="network_stop" 14 15network_start() 16{ 17 # set hostname, turn on network 18 # 19 echo "Starting network." 20 21 # If $hostname is set, use it for my Internet name, 22 # otherwise use /etc/myname 23 # 24 if [ -z "$hostname" ] && [ -f /etc/myname ]; then 25 hostname=`cat /etc/myname` 26 fi 27 if [ -n "$hostname" ]; then 28 echo "Hostname: $hostname" 29 hostname $hostname 30 else 31 # Don't warn about it if we're going to run 32 # DHCP later, as we will probably get the 33 # hostname at that time. 34 # 35 if ! checkyesno dhclient && [ -z "`hostname`" ]; then 36 warn "\$hostname not set." 37 fi 38 fi 39 40 # Check $domainname first, then /etc/defaultdomain, 41 # for NIS/YP domain name 42 # 43 if [ -z "$domainname" ] && [ -f /etc/defaultdomain ]; then 44 domainname=`cat /etc/defaultdomain` 45 fi 46 if [ -n "$domainname" ]; then 47 echo "NIS domainname: $domainname" 48 domainname $domainname 49 fi 50 51 # Flush all routes just to make sure it is clean 52 if checkyesno flushroutes; then 53 route -n flush 54 fi 55 56 # Set the address for the first loopback interface, so that the 57 # auto-route from a newly configured interface's address to lo0 58 # works correctly. 59 # 60 # NOTE: obscure networking problems may occur if lo0 isn't configured... 61 # 62 ifconfig lo0 inet 127.0.0.1 63 64 # According to RFC1122, 127.0.0.0/8 should not leave the node. 65 # 66 route add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject 67 68 # Configure all of the network interfaces listed in $net_interfaces; 69 # if $auto_ifconfig is YES, grab all interfaces from ifconfig. 70 # In the following, "xxN" stands in for interface names, like "le0". 71 # For any interfaces that has an $ifconfig_xxN variable associated, 72 # we do "ifconfig xxN $ifconfig_xxN". 73 # If there is no such variable, we take the contents of the file 74 # /etc/ifconfig.xxN, and run "ifconfig xxN" repeatedly, using each 75 # line of the file as the arguments for a seperate "ifconfig" 76 # invocation. 77 # 78 # In order to configure an interface reasonably, you at the very least 79 # need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"), 80 # and probably a netmask (as in "netmask 0xffffffe0"). You will 81 # frequently need to specify a media type, as in "media UTP", for 82 # interface cards with multiple media connections that do not 83 # autoconfigure. See the ifconfig manual page for details. 84 # 85 # Note that /etc/ifconfig.xxN takes multiple lines. The following 86 # configuration is possible: 87 # inet 10.1.1.1 netmask 0xffffff00 88 # inet 10.1.1.2 netmask 0xffffff00 alias 89 # inet6 fec0::1 prefixlen 64 alias 90 # 91 # You can put shell script fragment into /etc/ifconfig.xxN by 92 # starting a line with "!". Refer to ifconfig.if(5) for details. 93 # 94 if [ "$net_interfaces" != NO ]; then 95 if checkyesno auto_ifconfig; then 96 tmp=`ifconfig -l` 97 for cloner in `ifconfig -C 2>/dev/null`; do 98 for int in /etc/ifconfig.${cloner}[0-9]*; do 99 [ ! -f $int ] && break 100 tmp="$tmp ${int##*.}" 101 done 102 done 103 else 104 tmp="$net_interfaces" 105 fi 106 echo -n 'Configuring network interfaces:' 107 for int in $tmp; do 108 eval args=\$ifconfig_$int 109 if [ -n "$args" ]; then 110 echo -n " $int" 111 ifconfig $int $args 112 elif [ -f /etc/ifconfig.$int ]; then 113 echo -n " $int" 114 while read args; do 115 [ -z "$args" ] && continue 116 case "$args" in 117 "#"*) 118 ;; 119 "!"*) 120 eval ${args#*!} 121 ;; 122 *) 123 ifconfig $int $args 124 ;; 125 esac 126 done < /etc/ifconfig.$int 127 else 128 if ! checkyesno auto_ifconfig; then 129 echo 130 warn \ 131 "/etc/ifconfig.$int missing and ifconfig_$int not set;" 132 warn "interface $int not configured." 133 fi 134 continue 135 fi 136 configured_interfaces="$configured_interfaces $int" 137 done 138 echo "." 139 fi 140 141 # Check $defaultroute, then /etc/mygate, for the name of my gateway 142 # host. That name must be in /etc/hosts. 143 # 144 if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then 145 defaultroute=`cat /etc/mygate` 146 fi 147 if [ -n "$defaultroute" ]; then 148 route add default $defaultroute 149 fi 150 151 # Check if each configured interface xxN has an $ifaliases_xxN variable 152 # associated, then configure additional IP addresses for that interface. 153 # The variable contains a list of "address netmask" pairs, with 154 # "netmask" set to "-" if the interface default netmask is to be used. 155 # 156 # Note that $ifaliases_xxN works only with certain configurations and 157 # considered not recommended. Use /etc/ifconfig.xxN if possible. 158 # 159 # 160 if [ -n "$configured_interfaces" ]; then 161 echo "Adding interface aliases:" 162 done_aliases_message=yes 163 fi 164 for int in $configured_interfaces; do 165 eval args=\$ifaliases_$int 166 if [ -n "$args" ]; then 167 set -- $args 168 while [ $# -ge 2 ]; do 169 addr=$1 ; net=$2 ; shift 2 170 if [ "$net" = "-" ]; then 171 # for compatibility only, obsolete 172 ifconfig $int inet alias $addr 173 else 174 ifconfig $int inet alias $addr \ 175 netmask $net 176 fi 177 # Use loopback, not the wire 178 route add $addr 127.0.0.1 179 done 180 fi 181 done 182 183 # /etc/ifaliases, if it exists, contains the names of additional IP 184 # addresses for each interface. It is formatted as a series of lines 185 # that contain 186 # address interface netmask 187 # 188 # Note that /etc/ifaliases works only with certain cases only and its 189 # use is not recommended. Use /etc/ifconfig.xxN instead. 190 # 191 # 192 if [ -f /etc/ifaliases ]; then 193 if [ "$done_aliases_message" != yes ]; then 194 echo "Adding interface aliases:" 195 fi 196 while read addr int net; do 197 if [ -z "$net" ]; then 198 # for compatibility only, obsolete 199 ifconfig $int inet alias $addr 200 else 201 ifconfig $int inet alias $addr netmask $net 202 fi 203 # use loopback, not the wire 204 route add $addr 127.0.0.1 205 done < /etc/ifaliases 206 fi 207 208 # IPv6 209 # Note that manual configuration can be done in the above, using 210 # ifconfig. 211 # 212 if ifconfig lo0 inet6 >/dev/null 2>&1; then 213 # We have IPv6 support in kernel. 214 215 # disallow link-local unicast dest without outgoing scope 216 # identifiers. 217 # 218 route add -inet6 fe80:: -prefixlen 10 ::1 -reject 219 220 # disallow site-local unicast dest without outgoing scope 221 # identifiers. 222 # If you configure site-locals without scope id (it is 223 # permissible config for routers that are not on scope 224 # boundary), you may want to comment the following one out. 225 # 226 if ! checkyesno ip6sitelocal; then 227 route add -inet6 fec0:: -prefixlen 10 ::1 -reject 228 fi 229 230 # disallow "internal" addresses to appear on the wire. 231 # 232 route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 233 234 # disallow packets to malicious IPv4 compatible prefix 235 # 236 route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject 237 route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject 238 route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject 239 route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject 240 241 # disallow packets to malicious 6to4 prefix 242 # 243 route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject 244 route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject 245 route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject 246 route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject 247 248 # Completely disallow packets to IPv4 compatible prefix. 249 # This may conflict with RFC1933 under following circumstances: 250 # (1) An IPv6-only KAME node tries to originate packets to IPv4 251 # comatible destination. The KAME node has no IPv4 252 # compatible support. Under RFC1933, it should transmit 253 # native IPv6 packets toward IPv4 compatible destination, 254 # hoping it would reach a router that forwards the packet 255 # toward auto-tunnel interface. 256 # (2) An IPv6-only node originates a packet to IPv4 compatible 257 # destination. A KAME node is acting as an IPv6 router, and 258 # asked to forward it. 259 # Due to rare use of IPv4 compatible address, and security 260 # issues with it, we disable it by default. 261 # 262 route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 263 264 sysctl -w net.inet6.ip6.forwarding=0 >/dev/null 265 sysctl -w net.inet6.ip6.accept_rtadv=0 >/dev/null 266 267 # backward compatibility 268 # 269 if [ -z "$ip6mode" ] && [ -n "$ip6forwarding" ]; then 270 warn 'Please migrate to newer rc.conf' \ 271 '(use ip6mode, not ip6forwarding)' 272 if checkyesno ip6forwarding; then 273 ip6mode=router 274 elif checkyesno rtsol; then 275 ip6mode=autohost 276 else 277 ip6mode=host 278 fi 279 fi 280 281 case $ip6mode in 282 router) 283 echo 'IPv6 mode: router' 284 sysctl -w net.inet6.ip6.forwarding=1 >/dev/null 285 ;; 286 287 autohost) 288 echo 'IPv6 mode: autoconfigured host' 289 sysctl -w net.inet6.ip6.accept_rtadv=1 >/dev/null 290 ;; 291 292 host) 293 echo 'IPv6 mode: host' 294 ;; 295 296 *) echo 'WARNING: invalid value in ip6mode' 297 ;; 298 299 esac 300 301 # wait till DAD is completed. always invoke it in case 302 # if are configured manually by ifconfig 303 # 304 dadcount=`sysctl -n net.inet6.ip6.dad_count 2>/dev/null` 305 sleep $dadcount 306 sleep 1 307 308 if checkyesno rtsol; then 309 if [ "$ip6mode" = "autohost" ]; then 310 echo 'Sending router solicitation...' 311 rtsol $rtsol_flags 312 else 313 echo 314 warn \ 315 "ip6mode must be set to 'autohost' to use rtsol." 316 fi 317 318 # wait till DAD is completed, for global addresses 319 # configured by router advert message. 320 # 321 sleep $dadcount 322 sleep 1 323 fi 324 fi 325 326 # XXX this must die 327 if [ -s /etc/netstart.local ]; then 328 sh /etc/netstart.local start 329 fi 330} 331 332network_stop() 333{ 334 echo "Stopping network." 335 336 # XXX this must die 337 if [ -s /etc/netstart.local ]; then 338 sh /etc/netstart.local stop 339 fi 340 341 echo "Deleting aliases." 342 if [ -f /etc/ifaliases ]; then 343 while read addr int net; do 344 ifconfig $int inet delete $addr 345 done < /etc/ifaliases 346 fi 347 348 for int in `ifconfig -lu`; do 349 eval args=\$ifaliases_$int 350 if [ -n "$args" ]; then 351 set -- $args 352 while [ $# -ge 2 ]; do 353 addr=$1 ; net=$2 ; shift 2 354 ifconfig $int inet delete $addr 355 done 356 fi 357 done 358 359 # down interfaces 360 # 361 echo -n 'Downing network interfaces:' 362 if [ "$net_interfaces" != NO ]; then 363 if checkyesno auto_ifconfig; then 364 tmp=`ifconfig -l` 365 else 366 tmp="$net_interfaces" 367 fi 368 for int in $tmp; do 369 eval args=\$ifconfig_$int 370 if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then 371 echo -n " $int" 372 ifconfig $int down 373 fi 374 done 375 echo "." 376 fi 377 378 # flush routes 379 # 380 route -n flush 381 382} 383 384load_rc_config $name 385run_rc_command "$1" 386