Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/etc/rc.d Pull up revisions 1.29-1.30 (via patch, reques...
details: https://anonhg.NetBSD.org/src/rev/b08bc3b74fe7
branches: netbsd-1-5
changeset: 491597:b08bc3b74fe7
user: he <he%NetBSD.org@localhost>
date: Wed May 02 22:52:22 2001 +0000
description:
Pull up revisions 1.29-1.30 (via patch, requested by itojun):
Add support for "!" and "#" syntax in /etc/ifconfig.*.
diffstat:
etc/rc.d/network | 203 ++++++++++++++++++++++++++++--------------------------
1 files changed, 107 insertions(+), 96 deletions(-)
diffs (243 lines):
diff -r df80c3b2ef09 -r b08bc3b74fe7 etc/rc.d/network
--- a/etc/rc.d/network Wed May 02 22:51:58 2001 +0000
+++ b/etc/rc.d/network Wed May 02 22:52:22 2001 +0000
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: network,v 1.11.4.6 2001/03/20 18:19:27 he Exp $
+# $NetBSD: network,v 1.11.4.7 2001/05/02 22:52:22 he Exp $
#
# PROVIDE: network
@@ -65,6 +65,96 @@
#
route add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject
+ # IPv6 routing setups, and host/router mode selection.
+ #
+ if ifconfig lo0 inet6 >/dev/null 2>&1; then
+ # We have IPv6 support in kernel.
+
+ # disallow link-local unicast dest without outgoing scope
+ # identifiers.
+ #
+ route add -inet6 fe80:: -prefixlen 10 ::1 -reject
+
+ # disallow site-local unicast dest without outgoing scope
+ # identifiers.
+ # If you configure site-locals without scope id (it is
+ # permissible config for routers that are not on scope
+ # boundary), you may want to comment the following one out.
+ #
+ route add -inet6 fec0:: -prefixlen 10 ::1 -reject
+
+ # disallow "internal" addresses to appear on the wire.
+ #
+ route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
+
+ # disallow packets to malicious IPv4 compatible prefix
+ #
+ route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject
+ route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject
+ route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject
+ route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject
+
+ # disallow packets to malicious 6to4 prefix
+ #
+ route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
+ route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
+ route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
+ route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
+
+ # Completely disallow packets to IPv4 compatible prefix.
+ # This may conflict with RFC1933 under following circumstances:
+ # (1) An IPv6-only KAME node tries to originate packets to IPv4
+ # comatible destination. The KAME node has no IPv4
+ # compatible support. Under RFC1933, it should transmit
+ # native IPv6 packets toward IPv4 compatible destination,
+ # hoping it would reach a router that forwards the packet
+ # toward auto-tunnel interface.
+ # (2) An IPv6-only node originates a packet to IPv4 compatible
+ # destination. A KAME node is acting as an IPv6 router, and
+ # asked to forward it.
+ # Due to rare use of IPv4 compatible address, and security
+ # issues with it, we disable it by default.
+ #
+ route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
+
+ sysctl -w net.inet6.ip6.forwarding=0 >/dev/null
+ sysctl -w net.inet6.ip6.accept_rtadv=0 >/dev/null
+
+ # backward compatibility
+ #
+ if [ -z "$ip6mode" ] && [ -n "$ip6forwarding" ]; then
+ warn 'Please migrate to newer rc.conf' \
+ '(use ip6mode, not ip6forwarding)'
+ if checkyesno ip6forwarding; then
+ ip6mode=router
+ elif checkyesno rtsol; then
+ ip6mode=autohost
+ else
+ ip6mode=host
+ fi
+ fi
+
+ case $ip6mode in
+ router)
+ echo 'IPv6 mode: router'
+ sysctl -w net.inet6.ip6.forwarding=1 >/dev/null
+ ;;
+
+ autohost)
+ echo 'IPv6 mode: autoconfigured host'
+ sysctl -w net.inet6.ip6.accept_rtadv=1 >/dev/null
+ ;;
+
+ host)
+ echo 'IPv6 mode: host'
+ ;;
+
+ *) echo 'WARNING: invalid value in ip6mode'
+ ;;
+
+ esac
+ fi
+
# Configure all of the network interfaces listed in $net_interfaces;
# if $auto_ifconfig is YES, grab all interfaces from ifconfig.
# In the following, "xxN" stands in for interface names, like "le0".
@@ -88,6 +178,9 @@
# inet 10.1.1.2 netmask 0xffffff00 alias
# inet6 fec0::1 prefixlen 64 alias
#
+ # You can put shell script fragment into /etc/ifconfig.xxN by
+ # starting a line with "!". Refer to ifconfig.if(5) for details.
+ #
if [ "$net_interfaces" != NO ]; then
if checkyesno auto_ifconfig; then
tmp="`ifconfig -l`"
@@ -109,11 +202,19 @@
ifconfig $int $args
elif [ -f /etc/ifconfig.$int ]; then
echo -n " $int"
- (while read args; do
- if [ -n "`eval echo '$args'`" ] ; then
+ while read args; do
+ [ -z "$args" ] && continue
+ case "$args" in
+ "#"*)
+ ;;
+ "!"*)
+ eval ${args#*!}
+ ;;
+ *)
ifconfig $int $args
- fi
- done) < /etc/ifconfig.$int
+ ;;
+ esac
+ done < /etc/ifconfig.$int
else
if ! checkyesno auto_ifconfig; then
echo
@@ -197,99 +298,9 @@
) < /etc/ifaliases
fi
- # IPv6
- # Note that manual configuration can be done in the above, using
- # ifconfig.
+ # IPv6 interface autoconfiguration.
#
if ifconfig lo0 inet6 >/dev/null 2>&1; then
- # We have IPv6 support in kernel.
-
- # disallow link-local unicast dest without outgoing scope
- # identifiers.
- #
- route add -inet6 fe80:: -prefixlen 10 ::1 -reject
-
- # disallow site-local unicast dest without outgoing scope
- # identifiers.
- # If you configure site-locals without scope id (it is
- # permissible config for routers that are not on scope
- # boundary), you may want to comment the following one out.
- #
- route add -inet6 fec0:: -prefixlen 10 ::1 -reject
-
- # disallow "internal" addresses to appear on the wire.
- #
- route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
-
- # disallow packets to malicious IPv4 compatible prefix
- #
- route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject
- route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject
- route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject
- route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject
-
- # disallow packets to malicious 6to4 prefix
- #
- route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
- route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
- route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
- route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
-
- # Completely disallow packets to IPv4 compatible prefix.
- # This may conflict with RFC1933 under following circumstances:
- # (1) An IPv6-only KAME node tries to originate packets to IPv4
- # comatible destination. The KAME node has no IPv4
- # compatible support. Under RFC1933, it should transmit
- # native IPv6 packets toward IPv4 compatible destination,
- # hoping it would reach a router that forwards the packet
- # toward auto-tunnel interface.
- # (2) An IPv6-only node originates a packet to IPv4 compatible
- # destination. A KAME node is acting as an IPv6 router, and
- # asked to forward it.
- # Due to rare use of IPv4 compatible address, and security
- # issues with it, we disable it by default.
- #
- route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
-
- sysctl -w net.inet6.ip6.forwarding=0 >/dev/null
- sysctl -w net.inet6.ip6.accept_rtadv=0 >/dev/null
-
- # backward compatibility
- #
- if [ -z "$ip6mode" -a -n "$ip6forwarding" ]; then
- warn 'Please migrate to newer rc.conf' \
- '(use ip6mode, not ip6forwarding)'
- if checkyesno ip6forwarding; then
- ip6mode=router
- else
- if checkyesno rtsol; then
- ip6mode=autohost
- else
- ip6mode=host
- fi
- fi
- fi
-
- case $ip6mode in
- router)
- echo 'IPv6 mode: router'
- sysctl -w net.inet6.ip6.forwarding=1 >/dev/null
- ;;
-
- autohost)
- echo 'IPv6 mode: autoconfigured host'
- sysctl -w net.inet6.ip6.accept_rtadv=1 >/dev/null
- ;;
-
- host)
- echo 'IPv6 mode: host'
- ;;
-
- *) echo 'WARNING: invalid value in ip6mode'
- ;;
-
- esac
-
# wait till DAD is completed. always invoke it in case
# if are configured manually by ifconfig
#
Home |
Main Index |
Thread Index |
Old Index