Annotation of src/etc/netstart, Revision 1.108
1.1 deraadt 1: #!/bin/sh -
2: #
1.108 ! todd 3: # $OpenBSD: netstart,v 1.107 2005/10/04 12:50:15 todd Exp $
1.101 millert 4:
5: # Strip comments (and leading/trailing whitespace if IFS is set)
6: # from a file and spew to stdout
7: stripcom() {
1.108 ! todd 8: local _l
! 9: while read _l; do
! 10: [[ -n ${_l%%#*} ]] && echo $_l
! 11: done<$1
1.101 millert 12: }
1.45 millert 13:
14: # Returns true if $1 contains only alphanumerics
15: isalphanumeric() {
16: local _n
17: _n=$1
18: while [ ${#_n} != 0 ]; do
19: case $_n in
20: [A-Za-z0-9]*) ;;
21: *) return 1;;
22: esac
23: _n=${_n#?}
24: done
25: return 0
26: }
1.81 angelos 27:
1.83 miod 28: # Start the $1 interface
29: ifstart() {
1.84 deraadt 30: if=$1
1.83 miod 31: # Interface names must be alphanumeric only. We check to avoid
32: # configuring backup or temp files, and to catch the "*" case.
1.84 deraadt 33: if ! isalphanumeric "$if"; then
1.83 miod 34: return
35: fi
36:
1.84 deraadt 37: ifconfig $if > /dev/null 2>&1
1.83 miod 38: if [ "$?" != "0" ]; then
1.89 markus 39: # Try to create interface if it does not exist
40: ifconfig $if create > /dev/null 2>&1
41: if [ "$?" != "0" ]; then
42: return
43: fi
1.83 miod 44: fi
45:
46: # Now parse the hostname.* file
47: while :; do
48: if [ "$cmd2" ]; then
49: # We are carrying over from the 'read dt dtaddr'
50: # last time.
51: set -- $cmd2
52: af="$1" name="$2" mask="$3" bcaddr="$4" ext1="$5" cmd2=
53: # Make sure and get any remaining args in ext2,
54: # like the read below
55: i=1
56: while [ i -lt 6 -a -n "$1" ]; do shift; let i=i+1; done
57: ext2="$@"
58: else
59: # Read the next line or exit the while loop.
60: read af name mask bcaddr ext1 ext2 || break
61: fi
62: # $af can be "dhcp", "up", "rtsol", an address family,
63: # commands, or a comment.
64: case "$af" in
65: "#"*|"") # skip comments and empty lines
66: continue
67: ;;
68: "!"*) # parse commands
69: cmd="${af#*!} ${name} ${mask} ${bcaddr} ${ext1} ${ext2}"
70: ;;
71: "bridge")
1.84 deraadt 72: cmd="echo /etc/hostname.$if: bridges now supported via bridgename.* files"
1.83 miod 73: ;;
74: "dhcp")
75: [ "$name" = "NONE" ] && name=
76: [ "$mask" = "NONE" ] && mask=
77: [ "$bcaddr" = "NONE" ] && bcaddr=
1.106 todd 78: cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 down"
79: cmd="$cmd;dhclient $if"
1.103 deraadt 80: setgateway=N
1.83 miod 81: ;;
82: "rtsol")
1.84 deraadt 83: rtsolif="$rtsolif $if"
1.106 todd 84: cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 up"
1.83 miod 85: ;;
86: "up")
1.84 deraadt 87: # The only one of these guaranteed to be set is $if.
1.83 miod 88: # The remaining ones exist so that media controls work.
1.84 deraadt 89: cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 up"
1.83 miod 90: ;;
91: *)
92: read dt dtaddr
93: if [ "$name" = "alias" ]; then
94: # perform a 'shift' of sorts
95: alias=$name
96: name=$mask
97: mask=$bcaddr
98: bcaddr=$ext1
99: ext1=$ext2
100: ext2=
101: else
102: alias=
103: fi
1.84 deraadt 104: cmd="ifconfig $if $af $alias $name "
1.83 miod 105: case "$dt" in
106: dest)
107: cmd="$cmd $dtaddr"
108: ;;
109: [a-z!]*)
110: cmd2="$dt $dtaddr"
111: ;;
112: esac
113: if [ ! -n "$name" ]; then
1.84 deraadt 114: echo "/etc/hostname.$if: invalid network configuration file"
1.83 miod 115: return
116: fi
117: case $af in
118: inet)
119: [ "$mask" ] && cmd="$cmd netmask $mask"
120: if [ "$bcaddr" -a "X$bcaddr" != "XNONE" ]; then
121: cmd="$cmd broadcast $bcaddr"
122: fi
1.91 deraadt 123: [ "$alias" ] && rtcmd=";route -qn add -host $name 127.0.0.1"
1.83 miod 124: ;;
125: inet6) [ "$mask" ] && cmd="$cmd prefixlen $mask"
126: cmd="$cmd $bcaddr"
127: ;;
128: *)
129: cmd="$cmd $mask $bcaddr"
130: ;;
131: esac
132: cmd="$cmd $ext1 $ext2$rtcmd" rtcmd=
133: ;;
134: esac
135: eval "$cmd"
1.84 deraadt 136: done < /etc/hostname.$if
1.83 miod 137: }
138:
1.105 todd 139: # Start multiple:
140: # start "$1" interfaces in order or all interfaces if empty
141: # don't start "$2" interfaces
142: ifmstart() {
143: for sif in ${1:-ALL}; do
144: for hn in /etc/hostname.*; do
145: # Strip off /etc/hostname. prefix
146: if=${hn#/etc/hostname.}
147: test "$if" = "*" && continue
148:
149: # Skip unwanted ifs
150: s=""
151: for xf in $2; do
152: test "$xf" = "${if%%[0-9]*}" && s="1" && break
153: done
154: test "$s" = "1" && continue
155:
156: # Start wanted ifs
157: test "$sif" = "ALL" -o \
158: "$sif" = "${if%%[0-9]*}" \
159: && ifstart $if
160: done
161: done
162: }
163:
1.83 miod 164: # Start the $1 bridge
165: bridgestart() {
166: # Interface names must be alphanumeric only. We check to avoid
167: # configuring backup or temp files, and to catch the "*" case.
168: if ! isalphanumeric "$1"; then
169: return
170: fi
171: brconfig $1 > /dev/null 2>&1
172: if [ "$?" != "0" ]; then
1.90 millert 173: # Try to create interface if it does not exist
174: ifconfig $if create > /dev/null 2>&1
175: if [ "$?" != "0" ]; then
176: return
177: fi
1.83 miod 178: fi
179:
180: # Now parse the bridgename.* file
181: # All lines are run as brconfig(8) commands.
182: while read line ; do
183: line=${line%%#*} # strip comments
184: test -z "$line" && continue
185: case "$line" in
186: "!"*)
187: cmd="${line#*!}"
188: ;;
189: *)
190: cmd="brconfig $1 $line"
191: ;;
192: esac
193: eval "$cmd"
194: done < /etc/bridgename.$1
195: }
196:
1.81 angelos 197: # Re-read /etc/rc.conf
198: . /etc/rc.conf
1.1 deraadt 199:
1.83 miod 200: # If we were invoked with a list of interface names, just reconfigure these
201: # interfaces (or bridges) and return.
202: if [ $1x = autobootx ]; then
203: shift
204: fi
205: if [ $# -gt 0 ]; then
206: while [ $# -gt 0 ]; do
207: if [ -f /etc/bridgename.$1 ]; then
208: bridgestart $1
209: else
210: ifstart $1
211: fi
212: shift
213: done
214: return
215: fi
216:
217: # Otherwise, process with the complete network initialization.
218:
1.1 deraadt 219: # /etc/myname contains my symbolic name
1.87 henning 220: if [ -f /etc/myname ]; then
1.100 millert 221: hostname=`stripcom /etc/myname`
1.87 henning 222: hostname $hostname
223: else
224: hostname=`hostname`
225: fi
226:
1.1 deraadt 227: if [ -f /etc/defaultdomain ]; then
1.100 millert 228: domainname `stripcom /etc/defaultdomain`
1.4 dm 229: fi
230:
1.93 deraadt 231: # Set the address for the loopback interface. Bringing the
232: # interface up, automatically invokes the IPv6 address ::1)
1.92 deraadt 233: ifconfig lo0 inet 127.0.0.1
1.24 kstailey 234:
1.54 itojun 235: if ifconfig lo0 inet6 >/dev/null 2>&1; then
236: # IPv6 configurations.
237: ip6kernel=YES
238:
1.83 miod 239: # Disallow link-local unicast dest without outgoing scope identifiers.
1.98 deraadt 240: route -qn add -inet6 fe80:: -prefixlen 10 ::1 -reject > /dev/null
1.66 itojun 241:
1.83 miod 242: # Disallow site-local unicast dest without outgoing scope identifiers.
1.66 itojun 243: # If you configure site-locals without scope id (it is permissible
244: # config for routers that are not on scope boundary), you may want
245: # to comment the line out.
1.98 deraadt 246: route -qn add -inet6 fec0:: -prefixlen 10 ::1 -reject > /dev/null
1.66 itojun 247:
1.83 miod 248: # Disallow "internal" addresses to appear on the wire.
1.98 deraadt 249: route -qn add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null
1.66 itojun 250:
1.83 miod 251: # Disallow packets to malicious IPv4 compatible prefix.
1.98 deraadt 252: route -qn add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject > /dev/null
253: route -qn add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
254: route -qn add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
255: route -qn add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
1.66 itojun 256:
1.83 miod 257: # Disallow packets to malicious 6to4 prefix.
1.98 deraadt 258: route -qn add -inet6 2002:e000:: -prefixlen 20 ::1 -reject > /dev/null
259: route -qn add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject > /dev/null
260: route -qn add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null
261: route -qn add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null
1.66 itojun 262:
263: # Completely disallow packets to IPv4 compatible prefix.
264: # This may conflict with RFC1933 under following circumstances:
265: # (1) An IPv6-only KAME node tries to originate packets to IPv4
1.77 deraadt 266: # compatible destination. The KAME node has no IPv4 compatible
1.66 itojun 267: # support. Under RFC1933, it should transmit native IPv6
268: # packets toward IPv4 compatible destination, hoping it would
269: # reach a router that forwards the packet toward auto-tunnel
270: # interface.
1.77 deraadt 271: # (2) An IPv6-only node originates a packet to an IPv4 compatible
1.66 itojun 272: # destination. A KAME node is acting as an IPv6 router, and
273: # asked to forward it.
1.77 deraadt 274: # Due to rare use of IPv4 compatible addresses, and security issues
1.66 itojun 275: # with it, we disable it by default.
1.98 deraadt 276: route -qn add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null
1.56 itojun 277:
278: rtsolif=""
1.54 itojun 279: else
280: ip6kernel=NO
281: fi
282:
1.105 todd 283:
284: # Configure all the non-loopback interfaces which we know about, but
285: # do not start interfaces which must be delayed.
1.83 miod 286: # Refer to hostname.if(5) and bridgename.if(5)
1.107 todd 287: ifmstart "" "trunk vlan carp gif gre pfsync pppoe"
1.56 itojun 288:
289: if [ "$ip6kernel" = "YES" -a "x$rtsolif" != "x" ]; then
290: fw=`sysctl -n net.inet6.ip6.forwarding`
291: ra=`sysctl -n net.inet6.ip6.accept_rtadv`
292: if [ "x$fw" = "x0" -a "x$ra" = "x1" ]; then
1.57 itojun 293: echo "IPv6 autoconf:$rtsolif"
1.56 itojun 294: rtsol $rtsolif
295: else
296: echo "WARNING: inconsistent config - check /etc/sysctl.conf for IPv6 autoconf"
297: fi
1.57 itojun 298: fi
299: if [ "$ip6kernel" = "YES" ]; then
300: # this is to make sure DAD is completed before going further.
301: sleep `sysctl -n net.inet6.ip6.dad_count`
1.56 itojun 302: fi
303:
1.107 todd 304: # The trunk interfaces need to come up first in this list.
305: # The vlan interfaces need to come up after trunk.
306: # The pfsync interfaces need to come up before carp.
1.102 mcbride 307: # Configure all the carp interfaces which we know about.
308: # They must come up after pfsync but before default route.
1.107 todd 309: ifmstart "trunk vlan pfsync carp"
1.102 mcbride 310:
1.14 deraadt 311: # /etc/mygate, if it exists, contains the name of my gateway host
312: # that name must be in /etc/hosts.
1.104 djm 313: if [ "X${setgateway}" != X"N" -a -f /etc/mygate ]; then
1.97 deraadt 314: route -qn delete default > /dev/null 2>&1
1.100 millert 315: route -qn add -host default `stripcom /etc/mygate`
1.14 deraadt 316: fi
1.44 deraadt 317:
1.48 niklas 318: # Multicast routing.
319: #
320: # The routing to the 224.0.0.0/4 net is setup according to these rules:
321: # multicast_host multicast_router route comment
322: # NO NO -reject no multicast
323: # NO YES none installed daemon will run
324: # YES/interface NO -interface YES=def. iface
325: # Any other combination -reject config error
326: case "$multicast_host:$multicast_router" in
327: NO:NO)
1.91 deraadt 328: route -qn add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null
1.67 deraadt 329: ;;
1.48 niklas 330: NO:YES)
331: ;;
332: *:NO)
333: set `if [ $multicast_host = YES ]; then
1.91 deraadt 334: ed -s '!route -qn show -inet' <<EOF
1.48 niklas 335: /^default/p
336: EOF
337: else
338: ed -s "!ifconfig $multicast_host" <<EOF
339: /^ inet /p
340: EOF
341: fi`
1.91 deraadt 342: route -qn add -net 224.0.0.0/4 -interface $2 > /dev/null
1.67 deraadt 343: ;;
1.48 niklas 344: *:*)
345: echo 'config error, multicasting disabled until rc.conf is fixed'
1.91 deraadt 346: route -qn add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null
1.67 deraadt 347: ;;
1.48 niklas 348: esac
1.83 miod 349:
1.105 todd 350:
351: # Configure PPPoE, GIF, GRE interfaces, delayed because they require routes
352: # to be set. PPPoE must be first, as GIF and GRE may depend on it.
353: ifmstart "pppoe gif gre"
1.92 deraadt 354:
1.99 itojun 355: # reject 127/8 other than 127.0.0.1
1.92 deraadt 356: route -qn add -net 127 127.0.0.1 -reject > /dev/null
1.83 miod 357:
358: # Configure all the bridges.
359: for bn in /etc/bridgename.*; do
360: # Strip off /etc/bridgename. prefix
361: if=${bn#/etc/bridgename.}
1.85 todd 362: test "$if" = "*" && continue
1.83 miod 363:
364: bridgestart $if
365: done
![[BACK]](/icons/back.gif){kind=icon}
Return to netstart CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / etc