| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(r225485). When setting an interface name to it, the following
configurations will be enabled:
1. "no_radr" is set to all IPv6 interfaces automatically.
2. "-no_radr accept_rtadv" will be set only for $ipv6_cpe_wanif. This is
done just before evaluating $ifconfig_IF_ipv6 in the rc.d scripts (this
means you can manually supersede this configuration if necessary).
3. The node will add RA-sending routers to the default router list
even if net.inet6.ip6.forwarding=1.
This mode is added to conform to RFC 6204 (a router which connects
the end-user network to a service provider network). To enable
packet forwarding, you still need to set ipv6_gateway_enable=YES.
Note that accepting router entries into the default router list when
packet forwarding capability and a routing daemon are enabled can
result in messing up the routing table. To minimize such unexpected
behaviors, "no_radr" is set on all interfaces but $ipv6_cpe_wanif.
Approved by: re (bz)
|
| |
|
|
|
|
| |
This is a further clean up after r202988.
SYSCTL_W is still initialized in rc.subr as some ports may still use it.
|
| |
|
|
|
|
| |
will be replaced with a per-IF version later.
Based on: changes in r206408 by dougb
|
| |
|
|
| |
Discussed with: dougb, core.5, and core.6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.
With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.
Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].
1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.
2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.
3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.
4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.
5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).
6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.
7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.
8. In /etc/defaults/rc.conf:
Add an example for RTADV configuration.
Set ipv6_network_interfaces to AUTO.
Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.
Add a default for ipv6_privacy (NO).
9. Document all of this in rc.conf.5.
|
| |
|
|
| |
Spotted by: swell.k
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
- Split netoptions_start() to netoptions_AF() and add afexists() check
for each address family.
- Display a message only if the user sets a non-default value, and set
a sysctl explicitly even if it is the default value.
Spotted by: Pegasus Mc Cleaft[*]
|
| |
|
|
|
|
|
|
| |
an IPv6 support.
Reported by: Alexander Best <alexbestms__at__math.uni-muenster.de>
Confirmed by: Paul B. Mahol <onemda__at__gmail.com>,
Alexander Best <alexbestms__at__math.uni-muenster.de>
|
| |
|
|
| |
MFC after: 3 days
|
| | |
|
| |
|
|
|
| |
causing calls to netoptions_init() to not properly set a global variable,
which ended up being in the parent shell.
|
| | |
|
| |
|
|
|
| |
rc.d/routing and in to rc.d/netoptions. Also instead of saying
"TCP options" say "IP options".
|
| |
|
|
|
|
|
|
| |
dependency was introduced because this script had rc.d/localpkg (which is
*after* rc.d/NETWORKING) in its REQUIRE line.
From an examination of its contents it seems that only the availability of
a local filesystem is necessary for this script to function properly.
|
| |
|
|
|
| |
Requested by: andre@
MFC after: 1 week
|
| |
|
|
|
|
|
| |
makes any sense.
Discussed with: dougb, brooks
MFC after: 3 days
|
| |
|
|
| |
Some suggestions from: rwatson, Ruben de Groot <mail25@bzerk.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The original name was really a mistake since
/usr/local/etc/rc.d scripts can (and usually do) start
more than just daemons. Even the output in the script
uses 'local packages.' Also, the term 'local daemons' is
used by rc.d/local, which was etc/rc.local of rcOG fame.
No repo-copy because there isn't much history to save.
I will remove localdaemons shortly with all the other
files that don't belong in rc.d anymore.
Discussed with: dougb, freebsd-rc@yahoogroups.com
|
| |
|
|
|
|
|
|
| |
o Change the provider names.
o Separate routing into two parts: static routing and routing options. The
start command will run both parts, but they can be run separately using
the static and options command, respectively:
(/etc/rc.d/routing static; /etc/rc.d/routing options)
|
| |
|
|
|
| |
Approved by: markm (mentor)(implicit)
Reviewed by: dougb
|
| |
|
|
|
|
|
|
|
|
| |
* Space -> tabs conversion.
* Removed blanks before semicolon in "if ... ; then".
* Proper indentation of misindented lines.
* Put a full stop after some comments.
* Removed whitespace at end of line.
Approved by: silence from gordon
|
| |
|
|
|
|
|
|
| |
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
|
| |
|
|
| |
already had in my tree but didn't want to commit.
|
| |
|
|
|
| |
create it. Also specify protocol v1/v2 in case people wonder why we
generate two RSA keys.
|
| |
|
|
|
|
|
|
|
| |
was apparently smoking something when I committed the last fix, because as
ume was kindly enough to set me straight on, amd *will* start with no
arguments at all, as long as there is an /etc/amd.conf file for it to
read. What it won't do is start with *just* -p.
In any case, now it's fixed.
|
| | |
|
| |
|
|
|
|
|
|
| |
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.
Submitted by: devet@devet.org (Arjan de Vet)
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)
PR: conf/12432
Submitted by: Me
|
| |
|
|
|
|
|
| |
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).
MFC after: 3 days
|
| | |
|
| |
|
|
| |
Since I cannot answer that question, make it.
|
| |
|
|
|
| |
"filter sync'd" in the middle of the boot output if IPFilter is
enabled, but does not hide any potential errors, which go to stderr.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'
Fix the documentation, rc.conf(5), to reflect this change.
Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.
If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
|
| |
|
|
|
|
|
|
| |
This change was submitted to the freebsd-audit mailing list for review
but received no feedback. Hindsight-enabled reviews are welcome.
PR: conf/31358
Submitted: Thomas Quinot <thomas@cuivre.fr.eu.org>
|
| |
|
|
|
|
|
|
|
|
| |
Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).
PR: bin/32953
Reviewed by: -bugs discussion
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
so swap the order.
Also allow rpc.lockd and rpc.statd to be turned on if nfsclient is
enabled. They are needed to provide client side locking support.
PR: conf/27811
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
kernel TCP timer code: rather than checking for tcp_keepalive being
set to "YES", check for "NO" and turn off keepalives if the variable
is set in that manner.
o Note: eventually, it would make sense to remove this variable from
rc.conf management, and instead rely on sysctl.conf. In fact, this
is probably true of a number of rc.conf variables whose sole aim
is to drive the setting of sysctls at boot time.
|
| |
|
|
|
|
|
|
|
|
| |
expansion in the rc-scripts.
PR: 32552
Submitted by: Gleb Smirnoff <glebius@rinet.ru>
Approved by: ru
Obtained from: ru
MFC after: 1 day
|
| | |
|
| |
|
|
|
|
|
|
|
| |
to get it all right, allowing ipnat to be enabled independantly of ipfilter
in rc.conf (among other things).
PR: multiple
Submitted by: Arjan de Vet <devet@devet.org>
Reviewed by: Giorgos Keramidas <keramida@FreeBSD.org>
|
| |
|
|
| |
expansion instead.
|
| |
|
|
|
|
|
|
| |
continuation lines, extra whitespace, and to use the last matching
line in the file. This syncs the host.conf generation with how
the nsswitch.conf is parsed.
Only print " host.conf" instead of a multi-line message, since this
happens on every boot.
|
| |
|
|
|
|
|
|
| |
- if nsswitch.conf exists, host.conf is auto-generated for compatibility
with legacy applications and libraries.
- if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto-
generated as usual.
|
| |
|
|
|
|
|
| |
matched. Moification on PR to handle ipnat not being dependant on
ipfilter_enable
PR: 22859
|
| |
|
|
|
|
| |
be set to "yes"
PR: 25223
|
| |
|
|
| |
PR: 27070
|
| |
|
|
| |
kldload'ing the appropriate modules before enabling the service.
|
