diff options
-rw-r--r-- | etc/defaults/rc.conf | 7 | ||||
-rw-r--r-- | etc/network.subr | 199 | ||||
-rwxr-xr-x | etc/rc.d/ip6addrctl | 2 | ||||
-rwxr-xr-x | etc/rc.d/netif | 9 | ||||
-rwxr-xr-x | etc/rc.d/netoptions | 7 | ||||
-rw-r--r-- | share/man/man5/rc.conf.5 | 129 |
6 files changed, 171 insertions, 182 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index dfdf08f..9151da4 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -210,6 +210,7 @@ cloned_interfaces="" # List of cloned network interfaces to create. ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. #ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. +#ifconfig_ed0_ipv6="RTADV" # Sample IPv6 entry for RA/rtsol(8) #ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry #ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias #ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. @@ -439,8 +440,9 @@ rfcomm_pppd_server_two_channel="3" # Override local channel for 'two' icmp_bmcastecho="NO" # respond to broadcast ping packets ### IPv6 options: ### -ipv6_network_interfaces="none" # List of IPv6 network interfaces - # (or "auto" or "none"). +ipv6_network_interfaces="AUTO" # List of IPv6 network interfaces +ipv6_prefer="YES" # Use IPv6 when both IPv4 and IPv6 can be used +ipv6_privacy="NO" # Use privacy addresses with RTADV (RFC 4193) ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). #ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) ipv6_static_routes="" # Set to static route list (or leave empty). @@ -499,7 +501,6 @@ ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, # for examples ip6addrctl_enable="YES" # Set to YES to enable default address selection ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages -ipv6_prefer="NO" # Use IPv6 when both IPv4 and IPv6 can be used ############################################################## ### System console options ################################# diff --git a/etc/network.subr b/etc/network.subr index fbf3ff9..52c99db 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -96,44 +96,32 @@ ifconfig_up() # inet6 specific if afexists inet6; then if ipv6if $1; then - if checkyesno ipv6_gateway_enable; then - _ipv6_opts="-accept_rtadv" - fi - else - if checkyesno ipv6_prefer; then - _ipv6_opts="-ifdisabled" - else - _ipv6_opts="ifdisabled" + # Implicitly handles ipv6_gateway_enable + _ipv6_opts='-ifdisabled -accept_rtadv' + + if ipv6_autoconfif $1; then + _ipv6_opts='-ifdisabled accept_rtadv' fi - # backward compatibility: $ipv6_enable - case $ipv6_enable in - [Yy][Ee][Ss]) - _ipv6_opts="${_ipv6_opts} accept_rtadv" - ;; - esac - fi + ifconfig $1 inet6 $_ipv6_opts - if [ -n "${_ipv6_opts}" ]; then - ifconfig $1 inet6 ${_ipv6_opts} - fi + # ifconfig_IF_ipv6 + ifconfig_args=`ifconfig_getargs $1 ipv6` - # ifconfig_IF_ipv6 - ifconfig_args=`ifconfig_getargs $1 ipv6` - if [ -n "${ifconfig_args}" ]; then - ifconfig $1 inet6 -ifdisabled - ifconfig $1 ${ifconfig_args} - _cfg=0 - fi + if [ -n "$ifconfig_args" ]; then + ifconfig $1 $ifconfig_args + _cfg=0 + fi + else + # Remove in FreeBSD 10.x + # Explicit test is necessary here to avoid nonexistence error + case "$ipv6_enable" in + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + warn "Interface $1 will NOT be configured for IPv6" + ;; + esac - # backward compatiblity: $ipv6_ifconfig_IF - ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` - if [ -n "${ifconfig_args}" ]; then - warn "\$ipv6_ifconfig_$1 is obsolete." \ - " Use ifconfig_$1_ipv6 instead." - ifconfig $1 inet6 -ifdisabled - ifconfig $1 inet6 ${ifconfig_args} - _cfg=0 + ifconfig $1 inet6 ifdisabled fi fi @@ -194,7 +182,7 @@ ifconfig_down() # $default if given. get_if_var() { - local _if _punct _var _default prefix suffix + local _if _punct _punct_c _var _default prefix suffix if [ $# -ne 2 -a $# -ne 3 ]; then err 3 'USAGE: get_if_var name var [default]' @@ -219,7 +207,7 @@ get_if_var() # outside this file. _ifconfig_getargs() { - local _ifn _af + local _ifn _af value _ifn=$1 _af=${2+_$2} @@ -227,7 +215,18 @@ _ifconfig_getargs() return 1 fi - get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" + value=`get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT"` + + # Remove in FreeBSD 10.x + if [ "$_af" = _ipv6 -a -z "$value" ]; then + value=`get_if_var $_ifn ipv6_ifconfig_IF "$ifconfig_DEFAULT"` + if [ -n "$value" ]; then + warn "\$ipv6_ifconfig_$1 is obsolete." \ + " Use ifconfig_$1_ipv6 instead." + fi + fi + + echo $value } # ifconfig_getargs if [af] @@ -249,6 +248,8 @@ ifconfig_getargs() [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ww][Pp][Aa]) ;; + [Rr][Tt][Aa][Dd][Vv]) ;; + [Nn][Oo][Rr][Tt][Aa][Dd][Vv]) ;; *) _args="$_args $_arg" ;; @@ -372,77 +373,45 @@ afexists() esac } -# noafif if -# Returns 0 if the interface has no af configuration and 1 otherwise. -noafif() -{ - local _if - _if=$1 - - case $_if in - pflog[0-9]*|\ - pfsync[0-9]*|\ - an[0-9]*|\ - ath[0-9]*|\ - ipw[0-9]*|\ - iwi[0-9]*|\ - iwn[0-9]*|\ - ral[0-9]*|\ - wi[0-9]*|\ - wl[0-9]*|\ - wpi[0-9]*) - return 0 - ;; - esac - - return 1 -} - # ipv6if if # Returns 0 if the interface should be configured for IPv6 and # 1 otherwise. ipv6if() { - local _if _tmpargs i - _if=$1 - if ! afexists inet6; then return 1 fi # lo0 is always IPv6-enabled - case $_if in + case $1 in lo0) return 0 ;; esac - # True if $ifconfig_IF_ipv6 is defined. - _tmpargs=`_ifconfig_getargs $_if ipv6` - if [ -n "${_tmpargs}" ]; then - return 0 - fi - - # backward compatibility: True if $ipv6_ifconfig_IF is defined. - _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` - if [ -n "${_tmpargs}" ]; then - return 0 - fi + local _if _tmpargs i + _if=$1 - case "${ipv6_network_interfaces}" in - [Aa][Uu][Tt][Oo]) - return 0 - ;; + case "$ipv6_network_interfaces" in ''|[Nn][Oo][Nn][Ee]) return 1 ;; + $_if|"$_if "*|*" $_if"|*" $_if "*|[Aa][Uu][Tt][Oo]) + # True if $ifconfig_IF_ipv6 is defined. + _tmpargs=`_ifconfig_getargs $_if ipv6` + ;; esac - for i in ${ipv6_network_interfaces}; do - if [ "$i" = "$_if" ]; then - return 0 - fi - done + if [ -n "$_tmpargs" ]; then + # Remove in FreeBSD 10.x + # Explicit test is necessary here to avoid nonexistence error + case "$ipv6_enable" in + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + ;; + *) return 0 + ;; + esac + fi return 1 } @@ -452,15 +421,24 @@ ipv6if() # Stateless Address Configuration, 1 otherwise. ipv6_autoconfif() { + case $1 in + lo0|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*|\ + pflog[0-9]*|\ + pfsync[0-9]*) + return 1 + ;; + esac + local _if _tmpargs _arg _if=$1 if ! ipv6if $_if; then return 1 fi - if noafif $_if; then - return 1 - fi if checkyesno ipv6_gateway_enable; then return 1 fi @@ -468,45 +446,24 @@ ipv6_autoconfif() if [ -n "${_tmpargs}" ]; then return 1 fi + if ! is_wired_interface $_if; then + case $_if in + wlan[0-9]*) ;; # Allow test to continue + *) return 1 + ;; + esac + fi - case $_if in - lo0|\ - stf[0-9]*|\ - faith[0-9]*|\ - lp[0-9]*|\ - sl[0-9]*|\ - pflog[0-9]*|\ - pfsync[0-9]*) + _tmpargs=`_ifconfig_getargs $_if ipv6` + case "$_tmpargs" in + *inet6\ *|*[Nn][Oo][Rr][Tt][Aa][Dd][Vv]*|*-accept_rtadv*) return 1 ;; - esac - - # backward compatibility: $ipv6_enable - case $ipv6_enable in - [Yy][Ee][Ss]) + *[Rr][Tt][Aa][Dd][Vv]*|*accept_rtadv*) return 0 ;; esac - _tmpargs=`_ifconfig_getargs $_if ipv6` - for _arg in $_tmpargs; do - case $_arg in - accept_rtadv) - return 0 - ;; - esac - done - - # backward compatibility: $ipv6_ifconfig_IF - _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` - for _arg in $_tmpargs; do - case $_arg in - accept_rtadv) - return 0 - ;; - esac - done - return 1 } diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl index d3b1856..3963b07 100755 --- a/etc/rc.d/ip6addrctl +++ b/etc/rc.d/ip6addrctl @@ -20,8 +20,6 @@ status_cmd="ip6addrctl" prefer_ipv6_cmd="ip6addrctl_prefer_ipv6" prefer_ipv4_cmd="ip6addrctl_prefer_ipv4" -set_rcvar_obsolete ipv6_enable ipv6_prefer - ip6addrctl_prefer_ipv6() { afexists inet6 || return 0 diff --git a/etc/rc.d/netif b/etc/rc.d/netif index f982cfc..06b8e76 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -34,6 +34,7 @@ . /etc/network.subr name="network" +start_precmd="network_prestart" start_cmd="network_start" stop_cmd="network_stop" cloneup_cmd="clone_up" @@ -41,7 +42,13 @@ clonedown_cmd="clone_down" extra_commands="cloneup clonedown" cmdifn= -set_rcvar_obsolete ipv6_enable ipv6_prefer +network_prestart() +{ + if [ -n "$ipv6_enable" ]; then + warn 'The ipv6_enable option is deprecated.' + warn 'See rc.conf(5) for information on disabling IPv6.' + fi +} network_start() { diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index 4631304..433ce82 100755 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -99,6 +99,13 @@ netoptions_inet6() else ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null fi + + if checkyesno ipv6_privacy; then + netoptions_init + echo -n " IPv6 Privacy Addresses" + ${SYSCTL_W} net.inet6.ip6.use_tempaddr=1 >/dev/null + ${SYSCTL_W} net.inet6.ip6.prefer_tempaddr=1 >/dev/null + fi } load_rc_config $name diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index ec3f292..59e338b 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 05, 2010 +.Dd April 8, 2010 .Dt RC.CONF 5 .Os .Sh NAME @@ -1292,79 +1292,98 @@ It is also possible to rename an interface by doing: ifconfig_ed0_name="net0" ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00" .Ed +.\" Remove in FreeBSD 10.x .It Va ipv6_enable .Pq Vt bool -If the variable is -.Dq Li YES , -.Dq Li inet6 accept_rtadv -is added to all of -.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 -and the -.Va ipv6_prefer -is defined as -.Dq Li YES . .Pp -This variable is deprecated. Use -.Va ipv6_prefer -and -.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 . -.It Va ipv6_prefer -.Pq Vt bool -This variable does the following: +This option is deprecated. .Pp If the variable is -.Dq Li YES , -the default policy of the source address selection set by -.Xr ip6addrctl 8 -will be IPv6-preferred. +.Dq Li YES +it has no effect. +To configure IPv6 for an interface see +.Va ipv6_network_interfaces +below. .Pp If the variable is -.Dq Li NO , -the default policy of the source address selection set by -.Xr ip6addrctl 8 -will be IPv4-preferred, and all of interfaces which does not have the -corrsponding -.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 -variable will be marked as -.Dq Li IFDISABLED . -This means only IPv6 functionality on that interface is completely -disabled. For more details of -.Dq Li IFDISABLED -flag and keywords -.Dq Li inet6 ifdisabled , -see -.Xr ifconfig 8 . -.Pp +.Dq Li NO +then other than +.Dq Li lo0 +IPv6 will be disabled for each interface, +however the same effect can be achieved by +not configuring the interface. .It Va ipv6_network_interfaces .Pq Vt str This is the IPv6 equivalent of .Va network_interfaces . -Normally manual configuration of this variable is not needed. +Normally configuration of this variable is not needed, +the value should be left as +.Dq Li AUTO . +.Pp +If +.Dq Li INET6 +is configured in the kernel configuration for the +.Dq Li lo0 +interface will always be performed. +It is not necessary to list it in +.Va ipv6_network_interfaces . +.Pp +Example configuration to accept Router Advertisements (RA) for the +.Dq Li ed0 +interface: +.Bd -literal +ifconfig_ed0_ipv6="RTADV" +.Ed +.Pp +To disable RA the +.Dq Li NORTADV +option is available, although not required if manual +configuration is performed as described below. +.Pp +An IPv6 interface can be configured manually with +.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 . +For example: +.Bd -literal +ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" +.Ed +.Pp +Manual configuration of an IPv6 address will also +require configuration of the +.Va ipv6_defaultrouter +option. .Pp -IPv6 functionality on an interface should be configured by -.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , -instead of setting ifconfig parameters in -.Va ifconfig_ Ns Aq Ar interface . Aliases should be set by .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n -with +with the .Dq Li inet6 -keyword. For example: +keyword. +For example: +.Pp .Bd -literal -ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" .Ed .Pp -Interfaces that have an -.Dq Li inet6 accept_rtadv -keyword in -.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 -setting will be automatically configured by -.Xr rtsol 8 . -Note that this automatic configuration is disabled if the -.Va ipv6_gateway_enable -is set to -.Dq Li YES . +.It Va ipv6_prefer +.Pq Vt bool +If the variable is +.Dq Li YES , +the default policy of the source address selection set by +.Xr ip6addrctl 8 +will be IPv6-preferred. +.Pp +If the variable is +.Dq Li NO , +the default policy of the source address selection set by +.Xr ip6addrctl 8 +will be IPv4-preferred. +.Pp +.It Va ipv6_privacy +.Pq Vt bool +If the variable is +.Dq Li YES +privacy addresses will be generated for each IPv6 +interface as described in RFC 4193. +.Pp .It Va ipv6_prefix_ Ns Aq Ar interface .Pq Vt str If one or more prefixes are defined in |