Module Name: src Committed By: uebayasi Date: Tue Apr 29 09:58:18 UTC 2014
Modified Files: src/etc/rc.d: network Log Message: Indent. To generate a diff of this commit: cvs rdiff -u -r1.65 -r1.66 src/etc/rc.d/network Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/etc/rc.d/network diff -u src/etc/rc.d/network:1.65 src/etc/rc.d/network:1.66 --- src/etc/rc.d/network:1.65 Tue Apr 29 09:56:16 2014 +++ src/etc/rc.d/network Tue Apr 29 09:58:18 2014 @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: network,v 1.65 2014/04/29 09:56:16 uebayasi Exp $ +# $NetBSD: network,v 1.66 2014/04/29 09:58:18 uebayasi Exp $ # # PROVIDE: network @@ -116,87 +116,87 @@ network_start_ipv6_route() { # IPv6 routing setups, and host/router mode selection. # - # We have IPv6 support in kernel. + # We have IPv6 support in kernel. - # disallow link-local unicast dest without outgoing scope - # identifiers. - # - /sbin/route -q add -inet6 fe80:: -prefixlen 10 ::1 -reject + # disallow link-local unicast dest without outgoing scope + # identifiers. + # + /sbin/route -q add -inet6 fe80:: -prefixlen 10 ::1 -reject - # disallow the use of the RFC3849 documentation address - # - /sbin/route -q add -inet6 2001:db8:: -prefixlen 32 ::1 -reject + # disallow the use of the RFC3849 documentation address + # + /sbin/route -q add -inet6 2001:db8:: -prefixlen 32 ::1 -reject - # IPv6 site-local scoped address prefix (fec0::/10) - # has been deprecated by RFC3879. - # - if [ -n "$ip6sitelocal" ]; then - warn "\$ip6sitelocal is no longer valid" - fi + # IPv6 site-local scoped address prefix (fec0::/10) + # has been deprecated by RFC3879. + # + if [ -n "$ip6sitelocal" ]; then + warn "\$ip6sitelocal is no longer valid" + fi - # disallow "internal" addresses to appear on the wire. - # - /sbin/route -q add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + # disallow "internal" addresses to appear on the wire. + # + /sbin/route -q add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject - # disallow packets to malicious IPv4 compatible prefix - # - /sbin/route -q add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject - /sbin/route -q add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject - /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject - /sbin/route -q add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject + # disallow packets to malicious IPv4 compatible prefix + # + /sbin/route -q add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject + /sbin/route -q add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject + /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject + /sbin/route -q add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject - # disallow packets to malicious 6to4 prefix - # - /sbin/route -q add -inet6 2002:e000:: -prefixlen 20 ::1 -reject - /sbin/route -q add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject - /sbin/route -q add -inet6 2002:0000:: -prefixlen 24 ::1 -reject - /sbin/route -q add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject - - # Completely disallow packets to IPv4 compatible prefix. - # This may conflict with RFC1933 under following circumstances: - # (1) An IPv6-only KAME node tries to originate packets to IPv4 - # compatible destination. The KAME node has no IPv4 - # compatible support. Under RFC1933, it should transmit - # native IPv6 packets toward IPv4 compatible destination, - # hoping it would reach a router that forwards the packet - # toward auto-tunnel interface. - # (2) An IPv6-only node originates a packet to IPv4 compatible - # destination. A KAME node is acting as an IPv6 router, and - # asked to forward it. - # Due to rare use of IPv4 compatible address, and security - # issues with it, we disable it by default. - # - /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + # disallow packets to malicious 6to4 prefix + # + /sbin/route -q add -inet6 2002:e000:: -prefixlen 20 ::1 -reject + /sbin/route -q add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject + /sbin/route -q add -inet6 2002:0000:: -prefixlen 24 ::1 -reject + /sbin/route -q add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject - /sbin/sysctl -qw net.inet6.ip6.forwarding=0 - /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=0 + # Completely disallow packets to IPv4 compatible prefix. + # This may conflict with RFC1933 under following circumstances: + # (1) An IPv6-only KAME node tries to originate packets to IPv4 + # compatible destination. The KAME node has no IPv4 + # compatible support. Under RFC1933, it should transmit + # native IPv6 packets toward IPv4 compatible destination, + # hoping it would reach a router that forwards the packet + # toward auto-tunnel interface. + # (2) An IPv6-only node originates a packet to IPv4 compatible + # destination. A KAME node is acting as an IPv6 router, and + # asked to forward it. + # Due to rare use of IPv4 compatible address, and security + # issues with it, we disable it by default. + # + /sbin/route -q add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject - case $ip6mode in - router) - echo 'IPv6 mode: router' - /sbin/sysctl -qw net.inet6.ip6.forwarding=1 - - # disallow unique-local unicast forwarding without - # explicit configuration. - if ! checkyesno ip6uniquelocal; then - /sbin/route -q add -inet6 fc00:: -prefixlen 7 \ - ::1 -reject - fi - ;; + /sbin/sysctl -qw net.inet6.ip6.forwarding=0 + /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=0 - autohost) - echo 'IPv6 mode: autoconfigured host' - /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=1 - ;; + case $ip6mode in + router) + echo 'IPv6 mode: router' + /sbin/sysctl -qw net.inet6.ip6.forwarding=1 - host) - echo 'IPv6 mode: host' - ;; + # disallow unique-local unicast forwarding without + # explicit configuration. + if ! checkyesno ip6uniquelocal; then + /sbin/route -q add -inet6 fc00:: -prefixlen 7 \ + ::1 -reject + fi + ;; - *) warn "invalid \$ip6mode value "\"$ip6mode\" - ;; + autohost) + echo 'IPv6 mode: autoconfigured host' + /sbin/sysctl -qw net.inet6.ip6.accept_rtadv=1 + ;; + + host) + echo 'IPv6 mode: host' + ;; + + *) warn "invalid \$ip6mode value "\"$ip6mode\" + ;; - esac + esac } network_start_interfaces() @@ -233,112 +233,112 @@ network_start_interfaces() # You can put shell script fragment into /etc/ifconfig.xxN by # starting a line with "!". Refer to ifconfig.if(5) for details. # - ifaces="$(/sbin/ifconfig -l)" - if checkyesno auto_ifconfig; then - tmp="$ifaces" - for cloner in $(/sbin/ifconfig -C); do - for int in /etc/ifconfig.${cloner}[0-9]*; do - [ ! -f $int ] && break - tmp="$tmp ${int##*.}" - done + ifaces="$(/sbin/ifconfig -l)" + if checkyesno auto_ifconfig; then + tmp="$ifaces" + for cloner in $(/sbin/ifconfig -C); do + for int in /etc/ifconfig.${cloner}[0-9]*; do + [ ! -f $int ] && break + tmp="$tmp ${int##*.}" done - else - tmp="$net_interfaces" - fi - echo -n 'Configuring network interfaces:' - for int in $tmp; do - eval argslist=\$ifconfig_$int - - # Skip interfaces that do not have explicit - # configuration information. If auto_ifconfig is - # false then also warn about such interfaces. - # - if [ -z "$argslist" ] && ! [ -f /etc/ifconfig.$int ] - then - if ! checkyesno auto_ifconfig; then - echo - warn \ - "/etc/ifconfig.$int missing and ifconfig_$int not set;" - warn "interface $int not configured." - fi - continue + done + else + tmp="$net_interfaces" + fi + echo -n 'Configuring network interfaces:' + for int in $tmp; do + eval argslist=\$ifconfig_$int + + # Skip interfaces that do not have explicit + # configuration information. If auto_ifconfig is + # false then also warn about such interfaces. + # + if [ -z "$argslist" ] && ! [ -f /etc/ifconfig.$int ] + then + if ! checkyesno auto_ifconfig; then + echo + warn \ + "/etc/ifconfig.$int missing and ifconfig_$int not set;" + warn "interface $int not configured." fi + continue + fi - echo -n " $int" + echo -n " $int" - # Create the interface if necessary. - # If the interface did not exist before, - # then also resync ipf(4). - # - if intmissing $int $ifaces; then - if /sbin/ifconfig $int create && \ - checkyesno ipfilter; then - /sbin/ipf -y >/dev/null - fi + # Create the interface if necessary. + # If the interface did not exist before, + # then also resync ipf(4). + # + if intmissing $int $ifaces; then + if /sbin/ifconfig $int create && \ + checkyesno ipfilter; then + /sbin/ipf -y >/dev/null fi + fi - # If $ifconfig_xxN is empty, then use - # /etc/ifconfig.xxN, which we know exists due to - # an earlier test. - # - # If $ifconfig_xxN is non-empty and contains a - # newline, then just use it as is. (This allows - # semicolons through unmolested.) - # - # If $ifconfig_xxN is non-empty and does not - # contain a newline, then convert all semicolons - # to newlines. - # - case "$argslist" in - '') - cat /etc/ifconfig.$int + # If $ifconfig_xxN is empty, then use + # /etc/ifconfig.xxN, which we know exists due to + # an earlier test. + # + # If $ifconfig_xxN is non-empty and contains a + # newline, then just use it as is. (This allows + # semicolons through unmolested.) + # + # If $ifconfig_xxN is non-empty and does not + # contain a newline, then convert all semicolons + # to newlines. + # + case "$argslist" in + '') + cat /etc/ifconfig.$int + ;; + *"${nl}"*) + echo "$argslist" + ;; + *) + ( + set -o noglob + IFS=';'; set -- $argslist + #echo >&2 "[$#] [$1] [$2] [$3] [$4]" + IFS="$nl"; echo "$*" + ) + ;; + esac | + collapse_backslash_newline | + while read -r args; do + case "$args" in + ''|"#"*|create) ;; - *"${nl}"*) - echo "$argslist" + "!"*) + # Run arbitrary command in a subshell. + ( eval "${args#*!}" ) + ;; + dhcp) + if ! checkyesno dhcpcd; then + /sbin/dhcpcd -n \ + ${dhcpcd_flags} $int + fi ;; *) + # Pass args to ifconfig. Note + # that args may contain embedded + # shell metacharacters, such as + # "ssid 'foo;*>bar'". We eval + # one more time so that things + # like ssid "Columbia University" work. ( set -o noglob - IFS=';'; set -- $argslist - #echo >&2 "[$#] [$1] [$2] [$3] [$4]" - IFS="$nl"; echo "$*" + eval set -- $args + #echo >&2 "[$#] [$1] [$2] [$3]" + /sbin/ifconfig $int "$@" ) ;; - esac | - collapse_backslash_newline | - while read -r args; do - case "$args" in - ''|"#"*|create) - ;; - "!"*) - # Run arbitrary command in a subshell. - ( eval "${args#*!}" ) - ;; - dhcp) - if ! checkyesno dhcpcd; then - /sbin/dhcpcd -n \ - ${dhcpcd_flags} $int - fi - ;; - *) - # Pass args to ifconfig. Note - # that args may contain embedded - # shell metacharacters, such as - # "ssid 'foo;*>bar'". We eval - # one more time so that things - # like ssid "Columbia University" work. - ( - set -o noglob - eval set -- $args - #echo >&2 "[$#] [$1] [$2] [$3]" - /sbin/ifconfig $int "$@" - ) - ;; - esac - done - configured_interfaces="$configured_interfaces $int" + esac done - echo "." + configured_interfaces="$configured_interfaces $int" + done + echo "." } network_start_aliases() @@ -433,33 +433,33 @@ network_start_ipv6_autoconf() { # IPv6 interface autoconfiguration. # - # wait till DAD is completed. always invoke it in case - # if are configured manually by ifconfig + # wait till DAD is completed. always invoke it in case + # if are configured manually by ifconfig + # + echo 'Waiting for DAD completion for' \ + 'statically configured addresses...' + dadcount=$(/sbin/sysctl -n net.inet6.ip6.dad_count 2>/dev/null) + sleep $dadcount + sleep 1 + + if checkyesno rtsol; then + if [ "$ip6mode" = "autohost" ]; then + echo 'Sending router solicitation...' + /sbin/rtsol $rtsol_flags + else + echo + warn \ + "ip6mode must be set to 'autohost' to use rtsol." + fi + + # wait till DAD is completed, for global addresses + # configured by router advert message. # echo 'Waiting for DAD completion for' \ - 'statically configured addresses...' - dadcount=$(/sbin/sysctl -n net.inet6.ip6.dad_count 2>/dev/null) + 'addresses configured by router advert message...' sleep $dadcount sleep 1 - - if checkyesno rtsol; then - if [ "$ip6mode" = "autohost" ]; then - echo 'Sending router solicitation...' - /sbin/rtsol $rtsol_flags - else - echo - warn \ - "ip6mode must be set to 'autohost' to use rtsol." - fi - - # wait till DAD is completed, for global addresses - # configured by router advert message. - # - echo 'Waiting for DAD completion for' \ - 'addresses configured by router advert message...' - sleep $dadcount - sleep 1 - fi + fi } network_start_local() @@ -515,27 +515,27 @@ network_stop_interfaces() # down interfaces # echo -n 'Downing network interfaces:' - if checkyesno auto_ifconfig; then - tmp=$(/sbin/ifconfig -l) - else - tmp="$net_interfaces" - fi - for int in $tmp; do - eval args=\$ifconfig_$int - if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then - echo -n " $int" - if [ -f /var/run/dhcpcd-$int.pid ]; then - /sbin/dhcpcd -k $int 2> /dev/null - fi - /sbin/ifconfig $int down - if /sbin/ifconfig $int destroy 2>/dev/null && \ - checkyesno ipfilter; then - # resync ipf(4) - /sbin/ipf -y >/dev/null - fi + if checkyesno auto_ifconfig; then + tmp=$(/sbin/ifconfig -l) + else + tmp="$net_interfaces" + fi + for int in $tmp; do + eval args=\$ifconfig_$int + if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then + echo -n " $int" + if [ -f /var/run/dhcpcd-$int.pid ]; then + /sbin/dhcpcd -k $int 2> /dev/null fi - done - echo "." + /sbin/ifconfig $int down + if /sbin/ifconfig $int destroy 2>/dev/null && \ + checkyesno ipfilter; then + # resync ipf(4) + /sbin/ipf -y >/dev/null + fi + fi + done + echo "." } network_stop_route()