diff options
author | hrs <hrs@FreeBSD.org> | 2009-09-12 22:13:41 +0000 |
---|---|---|
committer | hrs <hrs@FreeBSD.org> | 2009-09-12 22:13:41 +0000 |
commit | 7c88a6d4ae7fe6cf1d242c9a458a3a3460936fed (patch) | |
tree | 24c1384fabefec07ce6741f83b3711da2a7f62a8 /etc/rc.d | |
parent | 2eb62239d7432351eb544690c4ea2fc648ae2abc (diff) | |
download | FreeBSD-src-7c88a6d4ae7fe6cf1d242c9a458a3a3460936fed.zip FreeBSD-src-7c88a6d4ae7fe6cf1d242c9a458a3a3460936fed.tar.gz |
Integrate rc.d/network_ipv6 into rc.d/netif:
- Add rc.d/stf and rc.d/faith for stf(4) and faith(4).
- Remove rc.d/auto_linklocal and rc.d/network_ipv6.
- Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif
depends on some sysctl variables.
Reviewed by: brooks
MFC after: 3 days
Diffstat (limited to 'etc/rc.d')
-rwxr-xr-x | etc/rc.d/Makefile | 8 | ||||
-rwxr-xr-x | etc/rc.d/NETWORKING | 2 | ||||
-rwxr-xr-x | etc/rc.d/addswap | 1 | ||||
-rwxr-xr-x | etc/rc.d/auto_linklocal | 33 | ||||
-rwxr-xr-x | etc/rc.d/defaultroute | 10 | ||||
-rwxr-xr-x | etc/rc.d/devd | 2 | ||||
-rwxr-xr-x | etc/rc.d/faith | 77 | ||||
-rwxr-xr-x | etc/rc.d/ip6addrctl | 6 | ||||
-rwxr-xr-x | etc/rc.d/mroute6d | 3 | ||||
-rwxr-xr-x | etc/rc.d/netif | 2 | ||||
-rwxr-xr-x | etc/rc.d/network_ipv6 | 126 | ||||
-rwxr-xr-x | etc/rc.d/routing | 250 | ||||
-rwxr-xr-x | etc/rc.d/stf | 79 | ||||
-rwxr-xr-x | etc/rc.d/sysctl | 2 |
14 files changed, 382 insertions, 219 deletions
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index 110f3d7..fbfac8a 100755 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -4,13 +4,13 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ abi accounting addswap adjkerntz amd \ - apm apmd archdep atm1 atm2 atm3 auditd auto_linklocal \ + apm apmd archdep atm1 atm2 atm3 auditd \ bgfsck bluetooth bootparams bridge bsnmpd bthidd \ ccd cleanvar cleartmp cron \ ddb defaultroute devd devfs dhclient \ dmesg dumpon \ encswap \ - fsck ftp-proxy ftpd \ + faith fsck ftp-proxy ftpd \ gbde geli geli2 gssd \ hcsecd \ hostapd hostid hostid_save hostname \ @@ -23,7 +23,7 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ mixer motd mountcritlocal mountcritremote mountlate \ mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \ named natd netif netoptions \ - network_ipv6 newsyslog nfsclient nfscbd nfsd \ + newsyslog nfsclient nfscbd nfsd \ nfsserver nfsuserd nisdomain nsswitch ntpd ntpdate \ othermta \ pf pflog pfsync \ @@ -32,7 +32,7 @@ FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \ random rarpd resolv rfcomm_pppd_server root \ route6d routed routing rpcbind rtadvd rwho \ savecore sdpd securelevel sendmail \ - serial sppp statd static_arp swap1 \ + serial sppp statd static_arp stf swap1 \ syscons sysctl syslogd \ timed tmp \ ugidfw \ diff --git a/etc/rc.d/NETWORKING b/etc/rc.d/NETWORKING index c72fe0c..8da2498 100755 --- a/etc/rc.d/NETWORKING +++ b/etc/rc.d/NETWORKING @@ -4,7 +4,7 @@ # # PROVIDE: NETWORKING NETWORK -# REQUIRE: netif netoptions routing network_ipv6 ppp ipfw +# REQUIRE: netif netoptions routing ppp ipfw stf faith # REQUIRE: defaultroute routed mrouted route6d mroute6d resolv # This is a dummy dependency, for services which require networking diff --git a/etc/rc.d/addswap b/etc/rc.d/addswap index 8ca3cf8..79bf1f1 100755 --- a/etc/rc.d/addswap +++ b/etc/rc.d/addswap @@ -7,7 +7,6 @@ # PROVIDE: addswap # REQUIRE: FILESYSTEMS -# BEFORE: sysctl # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/auto_linklocal b/etc/rc.d/auto_linklocal deleted file mode 100755 index 28d03c0..0000000 --- a/etc/rc.d/auto_linklocal +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: auto_linklocal -# REQUIRE: root -# BEFORE: sysctl -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="auto_linklocal" -start_cmd="auto_linklocal_start" -stop_cmd=":" - -auto_linklocal_start() -{ - if ! checkyesno ipv6_enable && ${SYSCTL} net.inet6 > /dev/null 2>&1; then - if ! ${SYSCTL_W} net.inet6.ip6.auto_linklocal=0 >/dev/null 2>&1; then - warn "failed to set sysctl(8)" - return 1 - fi - laddr=`network6_getladdr lo0` - if [ -z "${laddr}" ]; then - ifconfig lo0 inet6 fe80::1 prefixlen 64 - fi - fi -} - -load_rc_config $name -run_rc_command "$1" diff --git a/etc/rc.d/defaultroute b/etc/rc.d/defaultroute index 35b1c88..20e9025 100755 --- a/etc/rc.d/defaultroute +++ b/etc/rc.d/defaultroute @@ -6,7 +6,7 @@ # # PROVIDE: defaultroute -# REQUIRE: devd netif network_ipv6 +# REQUIRE: devd netif # KEYWORD: nojail . /etc/rc.subr @@ -18,7 +18,7 @@ stop_cmd=":" defaultroute_start() { - local output carrier nocarrier + local output carrier nocarrier nl # Return without waiting if we don't have dhcp interfaces or # if none of the dhcp interfaces is plugged in. @@ -41,6 +41,7 @@ defaultroute_start() if [ -n "${defif}" ]; then if [ ${delay} -ne ${defaultroute_delay} ]; then echo -n "($defif)" + nl=1 fi break fi @@ -49,11 +50,12 @@ defaultroute_start() else echo -n . fi + nl=1 sleep 1 - delay=`expr $delay - 1` + delay=$(($delay - 1)) done - echo + [ -n "$nl" ] && echo } load_rc_config $name diff --git a/etc/rc.d/devd b/etc/rc.d/devd index 8ce575a..1674a72 100755 --- a/etc/rc.d/devd +++ b/etc/rc.d/devd @@ -4,7 +4,7 @@ # # PROVIDE: devd -# REQUIRE: netif network_ipv6 +# REQUIRE: netif # BEFORE: NETWORKING mountcritremote # KEYWORD: nojail shutdown diff --git a/etc/rc.d/faith b/etc/rc.d/faith new file mode 100755 index 0000000..020b947 --- /dev/null +++ b/etc/rc.d/faith @@ -0,0 +1,77 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: faith +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="faith" +start_cmd="faith_up" +stop_cmd="faith_down" + +faith_up() +{ + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + echo "Configuring IPv6-to-IPv4 TCP relay capturing interface:" \ + " faith0." + ${SYSCTL_W} net.inet6.ip6.keepfaith=1 + ifconfig faith0 create >/dev/null 2>&1 + ifconfig faith0 up + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1 + route change -inet6 ${prefix} -prefixlen ${prefixlen} \ + -ifp faith0 + done + if [ -z "${rc_quiet}" ]; then + ifconfig faith0 + fi + ;; + esac +} + +faith_down() +{ + echo "Removing IPv6-to-IPv4 TCP relay capturing interface: faith0." + ifconfig faith0 destroy + ${SYSCTL_W} net.inet6.ip6.keepfaith=0 + + case ${ipv6_faith_prefix} in + [Nn][Oo] | '') + ;; + *) + for prefix in ${ipv6_faith_prefix}; do + prefixlen=`expr "${prefix}" : ".*/\(.*\)"` + case ${prefixlen} in + '') + prefixlen=96 + ;; + *) + prefix=`expr "${prefix}" : \ + "\(.*\)/${prefixlen}"` + ;; + esac + route delete -inet6 ${prefix} -prefixlen ${prefixlen} + done + ;; + esac +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl index 88e1f99..518ac25 100755 --- a/etc/rc.d/ip6addrctl +++ b/etc/rc.d/ip6addrctl @@ -4,8 +4,8 @@ # # PROVIDE: ip6addrctl -# REQUIRE: FILESYSTEMS netif -# BEFORE: network_ipv6 +# REQUIRE: FILESYSTEMS +# BEFORE: netif # KEYWORD: nojail . /etc/rc.subr @@ -52,7 +52,7 @@ ip6addrctl_start() ip6addrctl install /etc/ip6addrctl.conf checkyesno ip6addrctl_verbose && ip6addrctl else - if checkyesno ipv6_enable; then + if checkyesno ipv6_prefer; then ip6addrctl_prefer_ipv6 else ip6addrctl_prefer_ipv4 diff --git a/etc/rc.d/mroute6d b/etc/rc.d/mroute6d index d733092..047f241 100755 --- a/etc/rc.d/mroute6d +++ b/etc/rc.d/mroute6d @@ -4,7 +4,8 @@ # # PROVIDE: mroute6d -# REQUIRE: network_ipv6 +# REQUIRE: netif routing +# BEFORE: NETWORKING # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/netif b/etc/rc.d/netif index 7d79745..ac2cc58 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -41,6 +41,8 @@ clonedown_cmd="clone_down" extra_commands="cloneup clonedown" cmdifn= +set_rcvar_obsolete ipv6_enable + network_start() { # Set the list of interfaces to work on. diff --git a/etc/rc.d/network_ipv6 b/etc/rc.d/network_ipv6 deleted file mode 100755 index 381ced0..0000000 --- a/etc/rc.d/network_ipv6 +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2000 The KAME Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# From: src/etc/rc.network6,v 1.29 2002/04/06 15:15:43 -# - -# PROVIDE: network_ipv6 -# REQUIRE: routing ip6fw -# KEYWORD: nojail - -. /etc/rc.subr -. /etc/network.subr - -name="network_ipv6" -rcvar=`set_rcvar ipv6` -start_cmd="network_ipv6_start" - -network_ipv6_start() -{ - # disallow "internal" addresses to appear on the wire - route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject - route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject - - case ${ipv6_network_interfaces} in - [Aa][Uu][Tt][Oo]) - # Get a list of network interfaces - ipv6_network_interfaces="`ifconfig -l`" - ;; - [Nn][Oo][Nn][Ee]) - ipv6_network_interfaces='' - ;; - esac - - if checkyesno ipv6_gateway_enable; then - # act as a router - ${SYSCTL_W} net.inet6.ip6.forwarding=1 - ${SYSCTL_W} net.inet6.ip6.accept_rtadv=0 - - # wait for DAD - for i in $ipv6_network_interfaces; do - ifconfig $i up - done - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - else - # act as endhost - start with manual configuration - # Setup of net.inet6.ip6.accept_rtadv is done later by - # network6_interface_setup. - ${SYSCTL_W} net.inet6.ip6.forwarding=0 - fi - - if [ -n "${ipv6_network_interfaces}" ]; then - # Setup the interfaces - network6_interface_setup $ipv6_network_interfaces - - # wait for DAD's completion (for global addrs) - sleep `${SYSCTL_N} net.inet6.ip6.dad_count` - sleep 1 - fi - - # Filter out interfaces on which IPv6 initialization failed. - if checkyesno ipv6_gateway_enable; then - ipv6_working_interfaces="" - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_working_interfaces="$i \ - ${ipv6_working_interfaces}" - ;; - esac - done - ipv6_network_interfaces=${ipv6_working_interfaces} - fi - - # Setup IPv6 to IPv4 mapping - network6_stf_setup - - # Install the "default interface" to kernel, which will be used - # as the default route when there's no router. - network6_default_interface_setup - - # Setup static routes - network6_static_routes_setup - - # Setup faith - network6_faith_setup - - # Support for IPv4 address tacked onto an IPv6 address - if checkyesno ipv6_ipv4mapping; then - echo 'IPv4 mapped IPv6 address support=YES' - ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null - else - echo 'IPv4 mapped IPv6 address support=NO' - ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null - fi -} - -load_rc_config $name -run_rc_command "$1" diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 563826d..f75965c 100755 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -21,17 +21,79 @@ options_cmd="options_start" routing_start() { - static_start - options_start + static_start "$@" + options_start "$@" } routing_stop() { + static_stop "$@" route -n flush + for i in ${ipv6_network_interfaces}; do + ifconfig $i inet6 -defaultif + done } static_start() { + local _af + _af=$1 + + case ${_af} in + inet) + do_static inet add + ;; + inet6) + do_static inet6 add + ;; + atm) + do_static atm add + ;; + *) + do_static inet add + do_static inet6 add + do_static atm add + ;; + esac +} + +static_stop() +{ + local _af + _af=$1 + + case ${_af} in + inet) + do_static inet delete + ;; + inet6) + do_static inet6 delete + ;; + atm) + do_static atm delete + ;; + *) + do_static inet delete + do_static inet6 delete + do_static atm delete + ;; + esac +} + +do_static() +{ + local _af _action + _af=$1 + _action=$2 + + eval $1_static $2 +} + +inet_static() +{ + local _action + _action=$1 + case ${defaultrouter} in [Nn][Oo] | '') ;; @@ -41,20 +103,130 @@ static_start() ;; esac - # Setup static routes. This should be done before router discovery. - # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} + route_args=`get_if_var $i route_IF` + route ${_action} ${route_args} + done + fi +} + +inet6_static() +{ + local _action i + _action=$1 + + # disallow "internal" addresses to appear on the wire + route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + + case ${ipv6_defaultrouter} in + [Nn][Oo] | '') + ;; + *) + ipv6_static_routes="default ${ipv6_static_routes}" + ipv6_route_default="default ${ipv6_defaultrouter}" + ;; + esac + + if [ -n "${ipv6_static_routes}" ]; then + for i in ${ipv6_static_routes}; do + ipv6_route_args=`get_if_var $i ipv6_route_IF` + route ${_action} -inet6 ${route_args} + done + fi + + # Fixup $ipv6_network_interfaces + case ${ipv6_network_interfaces} in + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; + esac + + if checkyesno ipv6_gateway_enable; then + for i in ${ipv6_network_interfaces}; do + + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_working_interfaces="$i \ + ${ipv6_working_interfaces}" + ;; + esac done + ipv6_network_interfaces=${ipv6_working_interfaces} fi - # Now ATM static routes - # + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + case "${ipv6_default_interface}" in + [Nn][Oo] | [Nn][Oo][Nn][Ee]) + ipv6_default_interface="" + ;; + [Aa][Uu][Tt][Oo] | "") + for i in ${ipv6_network_interfaces}; do + case $i in + lo0|faith[0-9]*) + continue + ;; + esac + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_default_interface=$i + break + ;; + esac + done + ;; + esac + + # Disallow unicast packets without outgoing scope identifiers, + # or route such packets to a "default" interface, if it is specified. + route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject + + case ${ipv6_default_interface} in + '') + route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject + ;; + *) + laddr=`network6_getladdr ${ipv6_default_interface}` + route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface + + # Disable installing the default interface with the + # case net.inet6.ip6.forwarding=0 and + # the interface with no ND6_IFF_ACCEPT_RTADV + # to avoid conflict between the default router list and + # the manual configured default route. + if ! checkyesno ipv6_gateway_enable; then + ifconfig ${ipv6_default_interface} nd6 | \ + while read proto options + do + case "${proto}:${options}" in + nd6:*ACCEPT_RTADV*) + ifconfig ${ipv6_default_interface} inet6 defaultif + break + ;; + esac + done + fi + ;; + esac +} + +atm_static() +{ + local _action i + _action=$1 + if [ -n "${natm_static_routes}" ]; then for i in ${natm_static_routes}; do - eval route_args=\$route_${i} - atmconfig natm add ${route_args} + route_args=`get_if_var $i route_IF` + atmconfig natm ${_action} ${route_args} done fi } @@ -70,72 +242,62 @@ ropts_init() options_start() { - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) + if checkyesno icmp_bmcastecho; then ropts_init echo -n ' broadcast ping responses=YES' sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac + fi - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_drop_redirect; then ropts_init echo -n ' ignore ICMP redirect=YES' sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac + fi - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) + if checkyesno icmp_log_redirect; then ropts_init echo -n ' log ICMP redirect=YES' sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac + fi - case ${gateway_enable} in - [Yy][Ee][Ss]) + if checkyesno gateway_enable; then ropts_init - echo -n ' IP gateway=YES' + echo -n ' IPv4 gateway=YES' sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac + fi - case ${forward_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno ipv6_gateway_enable; then + ropts_init + echo -n ' IPv6 gateway=YES' + sysctl net.inet6.ip6.forwarding=1 >/dev/null + fi + + if checkyesno forward_sourceroute; then ropts_init echo -n ' do source routing=YES' sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac + fi - case ${accept_sourceroute} in - [Yy][Ee][Ss]) + if checkyesno accept_sourceroute; then ropts_init echo -n ' accept source routing=YES' sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac + fi - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) + if checkyesno ipxgateway_enable; then ropts_init echo -n ' IPX gateway=YES' sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac + fi - case ${arpproxy_all} in - [Yy][Ee][Ss]) + if checkyesno arpproxy_all; then ropts_init echo -n ' ARP proxyall=YES' sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac + fi [ -n "${_ropts_initdone}" ] && echo '.' } load_rc_config $name -run_rc_command "$1" +run_rc_command "$@" diff --git a/etc/rc.d/stf b/etc/rc.d/stf new file mode 100755 index 0000000..40b182a --- /dev/null +++ b/etc/rc.d/stf @@ -0,0 +1,79 @@ +#!/bin/sh +# $FreeBSD$ +# + +# PROVIDE: stf +# REQUIRE: netif routing +# KEYWORD: nojail + +. /etc/rc.subr +. /etc/network.subr + +name="stf" +start_cmd="stf_up" +stop_cmd="stf_down" + +stf_up() +{ + case ${stf_interface_ipv4addr} in + [Nn][Oo] | '') + ;; + *) + # assign IPv6 addr and interface route for 6to4 interface + stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) + OIFS="$IFS" + IFS=".$IFS" + set ${stf_interface_ipv4addr} + IFS="$OIFS" + hexfrag1=`hexprint $(($1*256 + $2))` + hexfrag2=`hexprint $(($3*256 + $4))` + ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" + case ${stf_interface_ipv6_ifid} in + [Aa][Uu][Tt][Oo] | '') + for i in ${ipv6_network_interfaces}; do + laddr=`network6_getladdr ${i}` + case ${laddr} in + '') + ;; + *) + break + ;; + esac + done + stf_interface_ipv6_ifid=`expr "${laddr}" : \ + 'fe80::\(.*\)%\(.*\)'` + case ${stf_interface_ipv6_ifid} in + '') + stf_interface_ipv6_ifid=0:0:0:1 + ;; + esac + ;; + esac + echo "Configuring 6to4 tunnel interface: stf0." + ifconfig stf0 create >/dev/null 2>&1 + ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ + prefixlen ${stf_prefixlen} + if [ -z "${rc_quiet}" ]; then + /sbin/ifconfig stf0 + fi + # disallow packets to malicious 6to4 prefix + route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject + route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject + route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject + route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject + ;; + esac +} + +stf_down() +{ + echo "Removing 6to4 tunnel interface: stf0." + ifconfig stf0 destroy + route delete -inet6 2002:e000:: -prefixlen 20 ::1 + route delete -inet6 2002:7f00:: -prefixlen 24 ::1 + route delete -inet6 2002:0000:: -prefixlen 24 ::1 + route delete -inet6 2002:ff00:: -prefixlen 24 ::1 +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/sysctl b/etc/rc.d/sysctl index d1a42d1..1bc92ae 100755 --- a/etc/rc.d/sysctl +++ b/etc/rc.d/sysctl @@ -5,7 +5,7 @@ # PROVIDE: sysctl # REQUIRE: root -# BEFORE: DAEMON +# BEFORE: FILESYSTEMS . /etc/rc.subr |