3 # Copyright (c) 2000 The KAME Project
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions
9 # 1. Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
11 # 2. Redistributions in binary form must reproduce the above copyright
12 # notice, this list of conditions and the following disclaimer in the
13 # documentation and/or other materials provided with the distribution.
15 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 # $FreeBSD: src/etc/rc.network6,v 1.5.2.23 2002/07/24 18:25:42 ume Exp $
28 # $DragonFly: src/etc/Attic/rc.network6,v 1.2 2003/06/17 04:24:45 dillon Exp $
31 # Note that almost all of the user-configurable behavior is not in this
32 # file, but rather in /etc/defaults/rc.conf. Please check that file
33 # first before contemplating any changes here. If you do need to change
34 # this file for some reason, we would like to know about it.
39 echo -n 'Doing IPv6 network setup:'
41 # Initialize IP filtering using ip6fw
43 if /sbin/ip6fw -q flush > /dev/null 2>&1; then
44 ipv6_firewall_in_kernel=1
46 ipv6_firewall_in_kernel=0
49 case ${ipv6_firewall_enable} in
51 if [ "${ipv6_firewall_in_kernel}" -eq 0 ] && kldload ip6fw; then
52 ipv6_firewall_in_kernel=1
53 echo "Kernel IPv6 firewall module loaded."
54 elif [ "${ipv6_firewall_in_kernel}" -eq 0 ]; then
55 echo "Warning: IPv6 firewall kernel module failed to load."
60 # Load the filters if required
62 case ${ipv6_firewall_in_kernel} in
64 if [ -z "${ipv6_firewall_script}" ]; then
65 ipv6_firewall_script=/etc/rc.firewall6
68 case ${ipv6_firewall_enable} in
70 if [ -r "${ipv6_firewall_script}" ]; then
71 . "${ipv6_firewall_script}"
72 echo -n 'IPv6 Firewall rules loaded.'
73 elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then
74 echo -n "Warning: kernel has IPv6 firewall functionality, "
75 echo "but IPv6 firewall rules are not enabled."
76 echo " All ipv6 services are disabled."
79 case ${ipv6_firewall_logging} in
81 echo 'IPv6 Firewall logging=YES'
82 sysctl net.inet6.ip6.fw.verbose=1 >/dev/null
93 case ${ipv6_network_interfaces} in
96 # list of interfaces, and prefix for interfaces
98 ipv6_network_interfaces="`ifconfig -l`"
101 ipv6_network_interfaces=''
108 # disallow "internal" addresses to appear on the wire
109 route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
110 route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
112 case ${ipv6_gateway_enable} in
115 sysctl net.inet6.ip6.forwarding=1
116 sysctl net.inet6.ip6.accept_rtadv=0
119 for i in $ipv6_network_interfaces; do
122 sleep `sysctl -n net.inet6.ip6.dad_count`
126 # act as endhost - start with manual configuration
127 # Setup of net.inet6.ip6.accept_rtadv is done later by
128 # network6_interface_setup.
129 sysctl net.inet6.ip6.forwarding=0
133 if [ -n "${ipv6_network_interfaces}" ]; then
134 # setting up interfaces
135 network6_interface_setup $ipv6_network_interfaces
137 # wait for DAD's completion (for global addrs)
138 sleep `sysctl -n net.inet6.ip6.dad_count`
142 case ${ipv6_gateway_enable} in
144 # Filter out interfaces on which IPv6 addr init failed.
145 ipv6_working_interfaces=""
146 for i in ${ipv6_network_interfaces}; do
147 laddr=`network6_getladdr $i exclude_tentative`
152 ipv6_working_interfaces="$i \
153 ${ipv6_working_interfaces}"
157 ipv6_network_interfaces=${ipv6_working_interfaces}
164 # install the "default interface" to kernel, which will be used
165 # as the default route when there's no router.
166 network6_default_interface_setup
168 # setup static routes
169 network6_static_routes_setup
175 case ${ipv6_router_enable} in
177 if [ -x ${ipv6_router} ]; then
178 echo -n " ${ipv6_router}"
179 ${ipv6_router} ${ipv6_router_flags}
185 case ${ipv6_gateway_enable} in
188 # This should enabled with a great care.
189 # You may want to fine-tune /etc/rtadvd.conf.
191 # And if you wish your rtadvd to receive and process
192 # router renumbering messages, specify your Router Renumbering
193 # security policy by -R option.
195 # See `man 3 ipsec_set_policy` for IPsec policy specification
197 # (CAUTION: This enables your routers prefix renumbering
198 # from another machine, so if you enable this, do it with
201 case ${rtadvd_enable} in
204 case ${rtadvd_interfaces} in
206 for i in ${ipv6_network_interfaces}; do
208 lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*)
212 rtadvd_interfaces="${rtadvd_interfaces} ${i}"
218 rtadvd ${rtadvd_interfaces}
220 # Enable Router Renumbering, unicast case
221 # (use correct src/dst addr)
222 # rtadvd -R "in ipsec ah/transport/fec0:0:0:1::1-fec0:0:0:10::1/require" \
223 # ${ipv6_network_interfaces}
224 # Enable Router Renumbering, multicast case
225 # (use correct src addr)
226 # rtadvd -R "in ipsec ah/transport/ff05::2-fec0:0:0:10::1/require" \
227 # ${ipv6_network_interfaces}
232 case ${mroute6d_enable} in
234 if [ -x ${mroute6d_program} ]; then
235 echo -n " ${mroute6d_program}"
236 ${mroute6d_program} ${mroute6d_flags}
243 case ${ipv6_ipv4mapping} in
245 echo -n ' IPv4 mapped IPv6 address support=YES'
246 sysctl net.inet6.ip6.v6only=0 >/dev/null
249 echo -n ' IPv4 mapped IPv6 address support=NO'
250 sysctl net.inet6.ip6.v6only=1 >/dev/null
256 # Let future generations know we made it.
258 network6_pass1_done=YES
261 network6_interface_setup() {
264 case ${ipv6_gateway_enable} in
272 for i in $interfaces; do
274 eval prefix=\$ipv6_prefix_$i
275 if [ -n "${prefix}" ]; then
278 laddr=`network6_getladdr $i`
279 hostid=`expr "${laddr}" : 'fe80::\(.*\)%\(.*\)'`
280 for j in ${prefix}; do
281 address=$j\:${hostid}
282 ifconfig $i inet6 ${address} prefixlen 64 alias
284 case ${ipv6_gateway_enable} in
286 # subnet-router anycast address
288 ifconfig $i inet6 $j:: prefixlen 64 \
294 eval ipv6_ifconfig=\$ipv6_ifconfig_$i
295 if [ -n "${ipv6_ifconfig}" ]; then
298 ifconfig $i inet6 ${ipv6_ifconfig} alias
301 if [ ${rtsol_available} = yes -a ${rtsol_interface} = yes ]
304 lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*)
307 rtsol_interfaces="${rtsol_interfaces} ${i}"
315 if [ ${rtsol_available} = yes -a -n "${rtsol_interfaces}" ]; then
316 # Act as endhost - automatically configured.
317 # You can configure only single interface, as
318 # specification assumes that autoconfigured host has
319 # single interface only.
320 sysctl net.inet6.ip6.accept_rtadv=1
321 set ${rtsol_interfaces}
326 for i in $interfaces; do
329 eval ipv6_ifconfig=\$ipv6_ifconfig_${i}_alias${alias}
330 if [ -z "${ipv6_ifconfig}" ]; then
333 ifconfig $i inet6 ${ipv6_ifconfig} alias
334 alias=$((${alias} + 1))
339 network6_stf_setup() {
340 case ${stf_interface_ipv4addr} in
344 # assign IPv6 addr and interface route for 6to4 interface
345 stf_prefixlen=$((16+${stf_interface_ipv4plen:-0}))
348 set ${stf_interface_ipv4addr}
350 ipv4_in_hexformat=`printf "%x:%x\n" \
351 $(($1*256 + $2)) $(($3*256 + $4))`
352 case ${stf_interface_ipv6_ifid} in
353 [Aa][Uu][Tt][Oo] | '')
354 for i in ${ipv6_network_interfaces}; do
355 laddr=`network6_getladdr ${i}`
364 stf_interface_ipv6_ifid=`expr "${laddr}" : \
365 'fe80::\(.*\)%\(.*\)'`
366 case ${stf_interface_ipv6_ifid} in
368 stf_interface_ipv6_ifid=0:0:0:1
373 ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \
374 prefixlen ${stf_prefixlen}
375 # disallow packets to malicious 6to4 prefix
376 route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
377 route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
378 route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
379 route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
384 network6_static_routes_setup() {
385 # Set up any static routes.
386 case ${ipv6_defaultrouter} in
390 ipv6_static_routes="default ${ipv6_static_routes}"
391 ipv6_route_default="default ${ipv6_defaultrouter}"
394 case ${ipv6_static_routes} in
398 for i in ${ipv6_static_routes}; do
399 eval ipv6_route_args=\$ipv6_route_${i}
400 route add -inet6 ${ipv6_route_args}
406 network6_faith_setup() {
407 case ${ipv6_faith_prefix} in
411 sysctl net.inet6.ip6.keepfaith=1
412 ifconfig faith0 create >/dev/null 2>&1
414 for prefix in ${ipv6_faith_prefix}; do
415 prefixlen=`expr "${prefix}" : ".*/\(.*\)"`
421 prefix=`expr "${prefix}" : \
422 "\(.*\)/${prefixlen}"`
425 route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1
426 route change -inet6 ${prefix} -prefixlen ${prefixlen} \
433 network6_default_interface_setup() {
434 # Choose IPv6 default interface if it is not clearly specified.
435 case ${ipv6_default_interface} in
437 for i in ${ipv6_network_interfaces}; do
443 laddr=`network6_getladdr $i exclude_tentative`
448 ipv6_default_interface=$i
456 # Disallow unicast packets without outgoing scope identifiers,
457 # or route such packets to a "default" interface, if it is specified.
458 route add -inet6 fe80:: -prefixlen 10 ::1 -reject
459 case ${ipv6_default_interface} in
461 route add -inet6 ff02:: -prefixlen 16 ::1 -reject
464 laddr=`network6_getladdr ${ipv6_default_interface}`
465 route add -inet6 ff02:: ${laddr} -prefixlen 16 -interface \
468 # Disable installing the default interface with the
469 # case net.inet6.ip6.forwarding=0 and
470 # net.inet6.ip6.accept_rtadv=0, due to avoid conflict
471 # between the default router list and the manual
472 # configured default route.
473 case ${ipv6_gateway_enable} in
477 if [ `sysctl -n net.inet6.ip6.accept_rtadv` -eq 1 ]
479 ndp -I ${ipv6_default_interface}
487 network6_getladdr() {
488 ifconfig $1 2>/dev/null | while read proto addr rest; do
lentferj's projects / dragonfly.git / blob