etc/rc.d/network

   1 #!/bin/sh
   2 #
   3 # $NetBSD: network,v 1.29 2001/01/11 17:56:16 itojun Exp $
   4 # $FreeBSD: src/etc/rc.d/network,v 1.3 2002/08/12 10:04:32 schweikh Exp $
   5 # $DragonFly: src/etc/rc.d/Attic/network,v 1.1 2003/07/24 06:35:37 dillon Exp $
   6
   7 # PROVIDE: network
   8 # REQUIRE: ipfilter ipsec mountcritlocal root tty sysctl
   9
  10 . /etc/rc.subr
  11
  12 name="network"
  13 start_cmd="network_start"
  14 stop_cmd="network_stop"
  15
  16 network_start()
  17 {
  18         # set hostname, turn on network
  19         #
  20         echo "Starting network."
  21
  22         # If $hostname is set, use it for my Internet name,
  23         # otherwise use /etc/myname
  24         #
  25         if [ -z "$hostname" ] && [ -f /etc/myname ]; then
  26                 hostname=`cat /etc/myname`
  27         fi
  28         if [ -n "$hostname" ]; then
  29                 echo "Hostname: $hostname"
  30                 hostname $hostname
  31         else
  32                 # Don't warn about it if we're going to run
  33                 # DHCP later, as we will probably get the
  34                 # hostname at that time.
  35                 #
  36                 if ! checkyesno dhclient && [ -z "`hostname`" ]; then
  37                         warn "\$hostname not set."
  38                 fi
  39         fi
  40
  41         # Check $domainname first, then /etc/defaultdomain,
  42         # for NIS/YP domain name
  43         #
  44         if [ -z "$domainname" ] && [ -f /etc/defaultdomain ]; then
  45                 domainname=`cat /etc/defaultdomain`
  46         fi
  47         if [ -n "$domainname" ]; then
  48                 echo "NIS domainname: $domainname"
  49                 domainname $domainname
  50         fi
  51
  52         # Flush all routes just to make sure it is clean
  53         if checkyesno flushroutes; then
  54                 route -n flush
  55         fi
  56
  57         # Set the address for the first loopback interface, so that the
  58         # auto-route from a newly configured interface's address to lo0
  59         # works correctly.
  60         #
  61         # NOTE: obscure networking problems may occur if lo0 isn't configured...
  62         #
  63         ifconfig lo0 inet 127.0.0.1
  64
  65         # According to RFC1122, 127.0.0.0/8 should not leave the node.
  66         #
  67         route add -inet 127.0.0.0 -netmask 0xff000000 127.0.0.1 -reject
  68
  69         # IPv6 routing setups, and host/router mode selection.
  70         #
  71         if ifconfig lo0 inet6 >/dev/null 2>&1; then
  72                 # We have IPv6 support in kernel.
  73
  74                 # disallow link-local unicast dest without outgoing scope
  75                 # identifiers.
  76                 #
  77                 route add -inet6 fe80:: -prefixlen 10 ::1 -reject
  78
  79                 # disallow site-local unicast dest without outgoing scope
  80                 # identifiers.
  81                 # If you configure site-locals without scope id (it is
  82                 # permissible config for routers that are not on scope
  83                 # boundary), you may want to comment the following one out.
  84                 #
  85                 if ! checkyesno ip6sitelocal; then
  86                         route add -inet6 fec0:: -prefixlen 10 ::1 -reject
  87                 fi
  88
  89                 # disallow "internal" addresses to appear on the wire.
  90                 #
  91                 route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
  92
  93                 # disallow packets to malicious IPv4 compatible prefix
  94                 #
  95                 route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject
  96                 route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject
  97                 route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject
  98                 route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject
  99
 100                 # disallow packets to malicious 6to4 prefix
 101                 #
 102                 route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
 103                 route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
 104                 route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
 105                 route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
 106
 107                 # Completely disallow packets to IPv4 compatible prefix.
 108                 # This may conflict with RFC1933 under following circumstances:
 109                 # (1) An IPv6-only KAME node tries to originate packets to IPv4
 110                 #     compatible destination.  The KAME node has no IPv4
 111                 #     compatible support.  Under RFC1933, it should transmit
 112                 #     native IPv6 packets toward IPv4 compatible destination,
 113                 #     hoping it would reach a router that forwards the packet
 114                 #     toward auto-tunnel interface.
 115                 # (2) An IPv6-only node originates a packet to IPv4 compatible
 116                 #     destination.  A KAME node is acting as an IPv6 router, and
 117                 #     asked to forward it.
 118                 # Due to rare use of IPv4 compatible address, and security
 119                 # issues with it, we disable it by default.
 120                 #
 121                 route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
 122
 123                 sysctl net.inet6.ip6.forwarding=0 >/dev/null
 124                 sysctl net.inet6.ip6.accept_rtadv=0 >/dev/null
 125
 126                 # backward compatibility
 127                 #
 128                 if [ -z "$ip6mode" ] && [ -n "$ip6forwarding" ]; then
 129                         warn 'Please migrate to newer rc.conf' \
 130                             '(use ip6mode, not ip6forwarding)'
 131                         if checkyesno ip6forwarding; then
 132                                 ip6mode=router
 133                         elif checkyesno rtsol; then
 134                                 ip6mode=autohost
 135                         else
 136                                 ip6mode=host
 137                         fi
 138                 fi
 139
 140                 case $ip6mode in
 141                 router)
 142                         echo 'IPv6 mode: router'
 143                         sysctl net.inet6.ip6.forwarding=1 >/dev/null
 144                         ;;
 145
 146                 autohost)
 147                         echo 'IPv6 mode: autoconfigured host'
 148                         sysctl net.inet6.ip6.accept_rtadv=1 >/dev/null
 149                         ;;
 150
 151                 host)
 152                         echo 'IPv6 mode: host'
 153                         ;;
 154
 155                 *)      echo 'WARNING: invalid value in ip6mode'
 156                         ;;
 157
 158                 esac
 159         fi
 160
 161         # Configure all of the network interfaces listed in $net_interfaces;
 162         # if $auto_ifconfig is YES, grab all interfaces from ifconfig.
 163         # In the following, "xxN" stands in for interface names, like "le0".
 164         # For any interfaces that has an $ifconfig_xxN variable associated,
 165         # we do "ifconfig xxN $ifconfig_xxN".
 166         # If there is no such variable, we take the contents of the file
 167         # /etc/ifconfig.xxN, and run "ifconfig xxN" repeatedly, using each
 168         # line of the file as the arguments for a separate "ifconfig"
 169         # invocation.
 170         #
 171         # In order to configure an interface reasonably, you at the very least
 172         # need to specify "[addr_family] [hostname]" (e.g "inet my.domain.org"),
 173         # and probably a netmask (as in "netmask 0xffffffe0"). You will
 174         # frequently need to specify a media type, as in "media UTP", for
 175         # interface cards with multiple media connections that do not
 176         # autoconfigure. See the ifconfig manual page for details.
 177         #
 178         # Note that /etc/ifconfig.xxN takes multiple lines.  The following
 179         # configuration is possible:
 180         #       inet 10.1.1.1 netmask 0xffffff00
 181         #       inet 10.1.1.2 netmask 0xffffff00 alias
 182         #       inet6 fec0::1 prefixlen 64 alias
 183         #
 184         # You can put shell script fragment into /etc/ifconfig.xxN by
 185         # starting a line with "!".  Refer to ifconfig.if(5) for details.
 186         #
 187         if [ "$net_interfaces" != NO ]; then
 188                 if checkyesno auto_ifconfig; then
 189                         tmp=`ifconfig -l`
 190                         for cloner in `ifconfig -C 2>/dev/null`; do
 191                                 for int in /etc/ifconfig.${cloner}[0-9]*; do
 192                                         [ ! -f $int ] && break
 193                                         tmp="$tmp ${int##*.}"
 194                                 done
 195                         done
 196                 else
 197                         tmp="$net_interfaces"
 198                 fi
 199                 echo -n 'Configuring network interfaces:'
 200                 for int in $tmp; do
 201                         eval args=\$ifconfig_$int
 202                         if [ -n "$args" ]; then
 203                                 echo -n " $int"
 204                                 ifconfig $int $args
 205                         elif [ -f /etc/ifconfig.$int ]; then
 206                                 echo -n " $int"
 207                                 while read args; do
 208                                         [ -z "$args" ] && continue
 209                                         case "$args" in
 210                                         "#"*)
 211                                                 ;;
 212                                         "!"*)
 213                                                 eval ${args#*!}
 214                                                 ;;
 215                                         *)
 216                                                 ifconfig $int $args
 217                                                 ;;
 218                                         esac
 219                                 done < /etc/ifconfig.$int
 220                         else
 221                                 if ! checkyesno auto_ifconfig; then
 222                                         echo
 223                                         warn \
 224                         "/etc/ifconfig.$int missing and ifconfig_$int not set;"
 225                                         warn "interface $int not configured."
 226                                 fi
 227                                 continue
 228                         fi
 229                         configured_interfaces="$configured_interfaces $int"
 230                 done
 231                 echo "."
 232         fi
 233
 234         # Check $defaultroute, then /etc/mygate, for the name of my gateway
 235         # host. That name must be in /etc/hosts.
 236         #
 237         if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then
 238                 defaultroute=`cat /etc/mygate`
 239         fi
 240         if [ -n "$defaultroute" ]; then
 241                 route add default $defaultroute
 242         fi
 243
 244         # Check if each configured interface xxN has an $ifaliases_xxN variable
 245         # associated, then configure additional IP addresses for that interface.
 246         # The variable contains a list of "address netmask" pairs, with
 247         # "netmask" set to "-" if the interface default netmask is to be used.
 248         #
 249         # Note that $ifaliases_xxN works only with certain configurations and
 250         # considered not recommended.  Use /etc/ifconfig.xxN if possible.
 251         #
 252         #
 253         if [ -n "$configured_interfaces" ]; then
 254                 echo "Adding interface aliases:"
 255                 done_aliases_message=yes
 256         fi
 257         for int in $configured_interfaces; do
 258                 eval args=\$ifaliases_$int
 259                 if [ -n "$args" ]; then
 260                         set -- $args
 261                         while [ $# -ge 2 ]; do
 262                                 addr=$1 ; net=$2 ; shift 2
 263                                 if [ "$net" = "-" ]; then
 264                                         # for compatibility only, obsolete
 265                                         ifconfig $int inet alias $addr
 266                                 else
 267                                         ifconfig $int inet alias $addr \
 268                                             netmask $net
 269                                 fi
 270                                 # Use loopback, not the wire
 271                                 route add $addr 127.0.0.1
 272                         done
 273                 fi
 274         done
 275
 276         # /etc/ifaliases, if it exists, contains the names of additional IP
 277         # addresses for each interface. It is formatted as a series of lines
 278         # that contain
 279         #       address interface netmask
 280         #
 281         # Note that /etc/ifaliases works only with certain cases only and its
 282         # use is not recommended.  Use /etc/ifconfig.xxN instead.
 283         #
 284         #
 285         if [ -f /etc/ifaliases ]; then
 286                 if [ "$done_aliases_message" != yes ]; then
 287                         echo "Adding interface aliases:"
 288                 fi
 289                 while read addr int net; do
 290                         if [ -z "$net" ]; then
 291                                 # for compatibility only, obsolete
 292                                 ifconfig $int inet alias $addr
 293                         else
 294                                 ifconfig $int inet alias $addr netmask $net
 295                         fi
 296                         # use loopback, not the wire
 297                         route add $addr 127.0.0.1
 298                 done < /etc/ifaliases
 299         fi
 300
 301         # IPv6 interface autoconfiguration.
 302         #
 303         if ifconfig lo0 inet6 >/dev/null 2>&1; then
 304                 # wait till DAD is completed. always invoke it in case
 305                 # if are configured manually by ifconfig
 306                 #
 307                 dadcount=`sysctl -n net.inet6.ip6.dad_count 2>/dev/null`
 308                 sleep $dadcount
 309                 sleep 1
 310
 311                 if checkyesno rtsol; then
 312                         if [ "$ip6mode" = "autohost" ]; then
 313                                 echo 'Sending router solicitation...'
 314                                 rtsol $rtsol_flags
 315                         else
 316                                 echo
 317                                 warn \
 318                             "ip6mode must be set to 'autohost' to use rtsol."
 319                         fi
 320
 321                         # wait till DAD is completed, for global addresses
 322                         # configured by router advert message.
 323                         #
 324                         sleep $dadcount
 325                         sleep 1
 326                 fi
 327         fi
 328
 329         # XXX this must die
 330         if [ -s /etc/netstart.local ]; then
 331                 sh /etc/netstart.local start
 332         fi
 333 }
 334
 335 network_stop()
 336 {
 337         echo "Stopping network."
 338
 339         # XXX this must die
 340         if [ -s /etc/netstart.local ]; then
 341                 sh /etc/netstart.local stop
 342         fi
 343
 344         echo "Deleting aliases."
 345         if [ -f /etc/ifaliases ]; then
 346                 while read addr int net; do
 347                         ifconfig $int inet delete $addr
 348                 done < /etc/ifaliases
 349         fi
 350
 351         for int in `ifconfig -lu`; do
 352                 eval args=\$ifaliases_$int
 353                 if [ -n "$args" ]; then
 354                         set -- $args
 355                         while [ $# -ge 2 ]; do
 356                                 addr=$1 ; net=$2 ; shift 2
 357                                 ifconfig $int inet delete $addr
 358                         done
 359                 fi
 360         done
 361
 362         # down interfaces
 363         #
 364         echo -n 'Downing network interfaces:'
 365         if [ "$net_interfaces" != NO ]; then
 366                 if checkyesno auto_ifconfig; then
 367                         tmp=`ifconfig -l`
 368                 else
 369                         tmp="$net_interfaces"
 370                 fi
 371                 for int in $tmp; do
 372                         eval args=\$ifconfig_$int
 373                         if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then
 374                                 echo -n " $int"
 375                                 ifconfig $int down
 376                         fi
 377                 done
 378                 echo "."
 379         fi
 380
 381         # flush routes
 382         #
 383         route -n flush
 384
 385 }
 386
 387 load_rc_config $name
 388 run_rc_command "$1"