Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/etc/rc.d move IPv6 mode/route configuration upwards, so that...
details: https://anonhg.NetBSD.org/src/rev/e9647c511b66
branches: trunk
changeset: 502191:e9647c511b66
user: itojun <itojun%NetBSD.org@localhost>
date: Sat Jan 13 13:26:36 2001 +0000
description:
move IPv6 mode/route configuration upwards, so that !rtsol in
/etc/ifconfig.* is meaningful.
diffstat:
etc/rc.d/network | 186 +++++++++++++++++++++++++++---------------------------
1 files changed, 94 insertions(+), 92 deletions(-)
diffs (211 lines):
diff -r 4a4731614196 -r e9647c511b66 etc/rc.d/network
--- a/etc/rc.d/network Sat Jan 13 11:51:12 2001 +0000
+++ b/etc/rc.d/network Sat Jan 13 13:26:36 2001 +0000
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: network,v 1.29 2001/01/11 17:56:16 itojun Exp $
+# $NetBSD: network,v 1.30 2001/01/13 13:26:36 itojun Exp $
#
# PROVIDE: network
@@ -65,6 +65,98 @@
#
route add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject
+ # IPv6 routing setups, and host/router mode selection.
+ #
+ if ifconfig lo0 inet6 >/dev/null 2>&1; then
+ # We have IPv6 support in kernel.
+
+ # disallow link-local unicast dest without outgoing scope
+ # identifiers.
+ #
+ route add -inet6 fe80:: -prefixlen 10 ::1 -reject
+
+ # disallow site-local unicast dest without outgoing scope
+ # identifiers.
+ # If you configure site-locals without scope id (it is
+ # permissible config for routers that are not on scope
+ # boundary), you may want to comment the following one out.
+ #
+ if ! checkyesno ip6sitelocal; then
+ route add -inet6 fec0:: -prefixlen 10 ::1 -reject
+ fi
+
+ # disallow "internal" addresses to appear on the wire.
+ #
+ route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
+
+ # disallow packets to malicious IPv4 compatible prefix
+ #
+ route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject
+ route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject
+ route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject
+ route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject
+
+ # disallow packets to malicious 6to4 prefix
+ #
+ route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
+ route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
+ route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
+ route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
+
+ # Completely disallow packets to IPv4 compatible prefix.
+ # This may conflict with RFC1933 under following circumstances:
+ # (1) An IPv6-only KAME node tries to originate packets to IPv4
+ # comatible destination. The KAME node has no IPv4
+ # compatible support. Under RFC1933, it should transmit
+ # native IPv6 packets toward IPv4 compatible destination,
+ # hoping it would reach a router that forwards the packet
+ # toward auto-tunnel interface.
+ # (2) An IPv6-only node originates a packet to IPv4 compatible
+ # destination. A KAME node is acting as an IPv6 router, and
+ # asked to forward it.
+ # Due to rare use of IPv4 compatible address, and security
+ # issues with it, we disable it by default.
+ #
+ route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
+
+ sysctl -w net.inet6.ip6.forwarding=0 >/dev/null
+ sysctl -w net.inet6.ip6.accept_rtadv=0 >/dev/null
+
+ # backward compatibility
+ #
+ if [ -z "$ip6mode" ] && [ -n "$ip6forwarding" ]; then
+ warn 'Please migrate to newer rc.conf' \
+ '(use ip6mode, not ip6forwarding)'
+ if checkyesno ip6forwarding; then
+ ip6mode=router
+ elif checkyesno rtsol; then
+ ip6mode=autohost
+ else
+ ip6mode=host
+ fi
+ fi
+
+ case $ip6mode in
+ router)
+ echo 'IPv6 mode: router'
+ sysctl -w net.inet6.ip6.forwarding=1 >/dev/null
+ ;;
+
+ autohost)
+ echo 'IPv6 mode: autoconfigured host'
+ sysctl -w net.inet6.ip6.accept_rtadv=1 >/dev/null
+ ;;
+
+ host)
+ echo 'IPv6 mode: host'
+ ;;
+
+ *) echo 'WARNING: invalid value in ip6mode'
+ ;;
+
+ esac
+ fi
+
# Configure all of the network interfaces listed in $net_interfaces;
# if $auto_ifconfig is YES, grab all interfaces from ifconfig.
# In the following, "xxN" stands in for interface names, like "le0".
@@ -205,99 +297,9 @@
done < /etc/ifaliases
fi
- # IPv6
- # Note that manual configuration can be done in the above, using
- # ifconfig.
+ # IPv6 interface autoconfiguration.
#
if ifconfig lo0 inet6 >/dev/null 2>&1; then
- # We have IPv6 support in kernel.
-
- # disallow link-local unicast dest without outgoing scope
- # identifiers.
- #
- route add -inet6 fe80:: -prefixlen 10 ::1 -reject
-
- # disallow site-local unicast dest without outgoing scope
- # identifiers.
- # If you configure site-locals without scope id (it is
- # permissible config for routers that are not on scope
- # boundary), you may want to comment the following one out.
- #
- if ! checkyesno ip6sitelocal; then
- route add -inet6 fec0:: -prefixlen 10 ::1 -reject
- fi
-
- # disallow "internal" addresses to appear on the wire.
- #
- route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
-
- # disallow packets to malicious IPv4 compatible prefix
- #
- route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject
- route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject
- route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject
- route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject
-
- # disallow packets to malicious 6to4 prefix
- #
- route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
- route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
- route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
- route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
-
- # Completely disallow packets to IPv4 compatible prefix.
- # This may conflict with RFC1933 under following circumstances:
- # (1) An IPv6-only KAME node tries to originate packets to IPv4
- # comatible destination. The KAME node has no IPv4
- # compatible support. Under RFC1933, it should transmit
- # native IPv6 packets toward IPv4 compatible destination,
- # hoping it would reach a router that forwards the packet
- # toward auto-tunnel interface.
- # (2) An IPv6-only node originates a packet to IPv4 compatible
- # destination. A KAME node is acting as an IPv6 router, and
- # asked to forward it.
- # Due to rare use of IPv4 compatible address, and security
- # issues with it, we disable it by default.
- #
- route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
-
- sysctl -w net.inet6.ip6.forwarding=0 >/dev/null
- sysctl -w net.inet6.ip6.accept_rtadv=0 >/dev/null
-
- # backward compatibility
- #
- if [ -z "$ip6mode" ] && [ -n "$ip6forwarding" ]; then
- warn 'Please migrate to newer rc.conf' \
- '(use ip6mode, not ip6forwarding)'
- if checkyesno ip6forwarding; then
- ip6mode=router
- elif checkyesno rtsol; then
- ip6mode=autohost
- else
- ip6mode=host
- fi
- fi
-
- case $ip6mode in
- router)
- echo 'IPv6 mode: router'
- sysctl -w net.inet6.ip6.forwarding=1 >/dev/null
- ;;
-
- autohost)
- echo 'IPv6 mode: autoconfigured host'
- sysctl -w net.inet6.ip6.accept_rtadv=1 >/dev/null
- ;;
-
- host)
- echo 'IPv6 mode: host'
- ;;
-
- *) echo 'WARNING: invalid value in ip6mode'
- ;;
-
- esac
-
# wait till DAD is completed. always invoke it in case
# if are configured manually by ifconfig
#
Home |
Main Index |
Thread Index |
Old Index