Annotation of src/etc/netstart, Revision 1.83
1.1 deraadt 1: #!/bin/sh -
2: #
1.83 ! miod 3: # $OpenBSD: netstart,v 1.82 2001/07/31 08:27:35 hugh Exp $
1.45 millert 4:
5: # Returns true if $1 contains only alphanumerics
6: isalphanumeric() {
7: local _n
8: _n=$1
9: while [ ${#_n} != 0 ]; do
10: case $_n in
11: [A-Za-z0-9]*) ;;
12: *) return 1;;
13: esac
14: _n=${_n#?}
15: done
16: return 0
17: }
1.81 angelos 18:
1.83 ! miod 19: # Start the $1 interface
! 20: ifstart() {
! 21: # Interface names must be alphanumeric only. We check to avoid
! 22: # configuring backup or temp files, and to catch the "*" case.
! 23: if ! isalphanumeric "$1"; then
! 24: return
! 25: fi
! 26:
! 27: ifconfig $1 > /dev/null 2>&1
! 28: if [ "$?" != "0" ]; then
! 29: return
! 30: fi
! 31:
! 32: # Now parse the hostname.* file
! 33: while :; do
! 34: if [ "$cmd2" ]; then
! 35: # We are carrying over from the 'read dt dtaddr'
! 36: # last time.
! 37: set -- $cmd2
! 38: af="$1" name="$2" mask="$3" bcaddr="$4" ext1="$5" cmd2=
! 39: # Make sure and get any remaining args in ext2,
! 40: # like the read below
! 41: i=1
! 42: while [ i -lt 6 -a -n "$1" ]; do shift; let i=i+1; done
! 43: ext2="$@"
! 44: else
! 45: # Read the next line or exit the while loop.
! 46: read af name mask bcaddr ext1 ext2 || break
! 47: fi
! 48: # $af can be "dhcp", "up", "rtsol", an address family,
! 49: # commands, or a comment.
! 50: case "$af" in
! 51: "#"*|"") # skip comments and empty lines
! 52: continue
! 53: ;;
! 54: "!"*) # parse commands
! 55: cmd="${af#*!} ${name} ${mask} ${bcaddr} ${ext1} ${ext2}"
! 56: ;;
! 57: "bridge")
! 58: cmd="echo /etc/hostname.$1: bridges now supported via bridgename.* files"
! 59: ;;
! 60: "dhcp")
! 61: [ "$name" = "NONE" ] && name=
! 62: [ "$mask" = "NONE" ] && mask=
! 63: [ "$bcaddr" = "NONE" ] && bcaddr=
! 64: ifconfig $1 $name $mask $bcaddr $ext1 $ext2 down
! 65: cmd="dhclient $1"
! 66: ;;
! 67: "rtsol")
! 68: ifconfig $1 $name $mask $bcaddr $ext1 $ext2 up
! 69: rtsolif="$rtsolif $1"
! 70: cmd=
! 71: ;;
! 72: "up")
! 73: # The only one of these guaranteed to be set is $1.
! 74: # The remaining ones exist so that media controls work.
! 75: cmd="ifconfig $1 $name $mask $bcaddr $ext1 $ext2 up"
! 76: ;;
! 77: *)
! 78: read dt dtaddr
! 79: if [ "$name" = "alias" ]; then
! 80: # perform a 'shift' of sorts
! 81: alias=$name
! 82: name=$mask
! 83: mask=$bcaddr
! 84: bcaddr=$ext1
! 85: ext1=$ext2
! 86: ext2=
! 87: else
! 88: alias=
! 89: fi
! 90: cmd="ifconfig $1 $af $alias $name "
! 91: case "$dt" in
! 92: dest)
! 93: cmd="$cmd $dtaddr"
! 94: ;;
! 95: [a-z!]*)
! 96: cmd2="$dt $dtaddr"
! 97: ;;
! 98: esac
! 99: if [ ! -n "$name" ]; then
! 100: echo "/etc/hostname.$1: invalid network configuration file"
! 101: return
! 102: fi
! 103: case $af in
! 104: inet)
! 105: [ "$mask" ] && cmd="$cmd netmask $mask"
! 106: if [ "$bcaddr" -a "X$bcaddr" != "XNONE" ]; then
! 107: cmd="$cmd broadcast $bcaddr"
! 108: fi
! 109: [ "$alias" ] && rtcmd=";route -n add -host $name 127.0.0.1"
! 110: ;;
! 111: inet6) [ "$mask" ] && cmd="$cmd prefixlen $mask"
! 112: cmd="$cmd $bcaddr"
! 113: ;;
! 114: *)
! 115: cmd="$cmd $mask $bcaddr"
! 116: ;;
! 117: esac
! 118: cmd="$cmd $ext1 $ext2$rtcmd" rtcmd=
! 119: ;;
! 120: esac
! 121: eval "$cmd"
! 122: done < /etc/hostname.$1
! 123: }
! 124:
! 125: # Start the $1 bridge
! 126: bridgestart() {
! 127: # Interface names must be alphanumeric only. We check to avoid
! 128: # configuring backup or temp files, and to catch the "*" case.
! 129: if ! isalphanumeric "$1"; then
! 130: return
! 131: fi
! 132: brconfig $1 > /dev/null 2>&1
! 133: if [ "$?" != "0" ]; then
! 134: return
! 135: fi
! 136:
! 137: # Now parse the bridgename.* file
! 138: # All lines are run as brconfig(8) commands.
! 139: while read line ; do
! 140: line=${line%%#*} # strip comments
! 141: test -z "$line" && continue
! 142: case "$line" in
! 143: "!"*)
! 144: cmd="${line#*!}"
! 145: ;;
! 146: *)
! 147: cmd="brconfig $1 $line"
! 148: ;;
! 149: esac
! 150: eval "$cmd"
! 151: done < /etc/bridgename.$1
! 152: }
! 153:
1.81 angelos 154: # Re-read /etc/rc.conf
155: . /etc/rc.conf
1.1 deraadt 156:
1.83 ! miod 157: # If we were invoked with a list of interface names, just reconfigure these
! 158: # interfaces (or bridges) and return.
! 159: if [ $1x = autobootx ]; then
! 160: shift
! 161: fi
! 162: if [ $# -gt 0 ]; then
! 163: while [ $# -gt 0 ]; do
! 164: if [ -f /etc/bridgename.$1 ]; then
! 165: bridgestart $1
! 166: else
! 167: ifstart $1
! 168: fi
! 169: shift
! 170: done
! 171: return
! 172: fi
! 173:
! 174: # Otherwise, process with the complete network initialization.
! 175:
1.1 deraadt 176: # /etc/myname contains my symbolic name
177: hostname=`cat /etc/myname`
178: hostname $hostname
179: if [ -f /etc/defaultdomain ]; then
180: domainname `cat /etc/defaultdomain`
1.4 dm 181: fi
182:
1.83 ! miod 183: # Set the address for the loopback interface.
! 184: # It will also initialize IPv6 address for lo0 (::1 and others).
1.24 kstailey 185: ifconfig lo0 inet localhost
1.1 deraadt 186:
1.83 ! miod 187: # Use loopback, not the wire.
1.67 deraadt 188: route -n add -host $hostname localhost > /dev/null
189: route -n add -net 127 127.0.0.1 -reject > /dev/null
1.24 kstailey 190:
1.54 itojun 191: if ifconfig lo0 inet6 >/dev/null 2>&1; then
192: # IPv6 configurations.
193: ip6kernel=YES
194:
1.83 ! miod 195: # Disallow link-local unicast dest without outgoing scope identifiers.
1.67 deraadt 196: route add -inet6 fe80:: -prefixlen 10 ::1 -reject > /dev/null
1.66 itojun 197:
1.83 ! miod 198: # Disallow site-local unicast dest without outgoing scope identifiers.
1.66 itojun 199: # If you configure site-locals without scope id (it is permissible
200: # config for routers that are not on scope boundary), you may want
201: # to comment the line out.
1.67 deraadt 202: route add -inet6 fec0:: -prefixlen 10 ::1 -reject > /dev/null
1.66 itojun 203:
1.83 ! miod 204: # Disallow "internal" addresses to appear on the wire.
1.67 deraadt 205: route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null
1.66 itojun 206:
1.83 ! miod 207: # Disallow packets to malicious IPv4 compatible prefix.
1.67 deraadt 208: route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject > /dev/null
209: route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
210: route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
211: route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
1.66 itojun 212:
1.83 ! miod 213: # Disallow packets to malicious 6to4 prefix.
1.67 deraadt 214: route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject > /dev/null
215: route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject > /dev/null
216: route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null
217: route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null
1.66 itojun 218:
219: # Completely disallow packets to IPv4 compatible prefix.
220: # This may conflict with RFC1933 under following circumstances:
221: # (1) An IPv6-only KAME node tries to originate packets to IPv4
1.77 deraadt 222: # compatible destination. The KAME node has no IPv4 compatible
1.66 itojun 223: # support. Under RFC1933, it should transmit native IPv6
224: # packets toward IPv4 compatible destination, hoping it would
225: # reach a router that forwards the packet toward auto-tunnel
226: # interface.
1.77 deraadt 227: # (2) An IPv6-only node originates a packet to an IPv4 compatible
1.66 itojun 228: # destination. A KAME node is acting as an IPv6 router, and
229: # asked to forward it.
1.77 deraadt 230: # Due to rare use of IPv4 compatible addresses, and security issues
1.66 itojun 231: # with it, we disable it by default.
1.67 deraadt 232: route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null
1.56 itojun 233:
234: rtsolif=""
1.54 itojun 235: else
236: ip6kernel=NO
237: fi
238:
1.83 ! miod 239: # Configure all the non-loopback interfaces which we know about.
! 240: # Refer to hostname.if(5) and bridgename.if(5)
1.47 niklas 241: for hn in /etc/hostname.*; do
1.83 ! miod 242: # Strip off /etc/hostname. prefix
! 243: if=${hn#/etc/hostname.}
1.47 niklas 244:
1.83 ! miod 245: case $if in
! 246: "gif"*|"gre"*)
! 247: # GIF and GRE interfaces need the routes to be setup before
! 248: # they are configured.
! 249: continue
! 250: ;;
1.55 todd 251: *)
1.83 ! miod 252: ifstart $if
1.55 todd 253: ;;
1.47 niklas 254: esac
1.50 deraadt 255: done
1.56 itojun 256:
257: if [ "$ip6kernel" = "YES" -a "x$rtsolif" != "x" ]; then
258: fw=`sysctl -n net.inet6.ip6.forwarding`
259: ra=`sysctl -n net.inet6.ip6.accept_rtadv`
260: if [ "x$fw" = "x0" -a "x$ra" = "x1" ]; then
1.57 itojun 261: echo "IPv6 autoconf:$rtsolif"
1.56 itojun 262: rtsol $rtsolif
263: else
264: echo "WARNING: inconsistent config - check /etc/sysctl.conf for IPv6 autoconf"
265: fi
1.57 itojun 266: fi
267: if [ "$ip6kernel" = "YES" ]; then
268: # this is to make sure DAD is completed before going further.
269: sleep `sysctl -n net.inet6.ip6.dad_count`
270: sleep 1
1.56 itojun 271: fi
272:
1.14 deraadt 273: # /etc/mygate, if it exists, contains the name of my gateway host
274: # that name must be in /etc/hosts.
1.42 marc 275: if [ -f /etc/mygate ]; then
1.38 deraadt 276: route -n add -host default `cat /etc/mygate`
1.14 deraadt 277: fi
1.44 deraadt 278:
1.48 niklas 279: # Multicast routing.
280: #
281: # The routing to the 224.0.0.0/4 net is setup according to these rules:
282: # multicast_host multicast_router route comment
283: # NO NO -reject no multicast
284: # NO YES none installed daemon will run
285: # YES/interface NO -interface YES=def. iface
286: # Any other combination -reject config error
287: case "$multicast_host:$multicast_router" in
288: NO:NO)
1.82 hugh 289: route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null
1.67 deraadt 290: ;;
1.48 niklas 291: NO:YES)
292: ;;
293: *:NO)
294: set `if [ $multicast_host = YES ]; then
1.80 angelos 295: ed -s '!route -n show -inet' <<EOF
1.48 niklas 296: /^default/p
297: EOF
298: else
299: ed -s "!ifconfig $multicast_host" <<EOF
300: /^ inet /p
301: EOF
302: fi`
1.67 deraadt 303: route -n add -net 224.0.0.0/4 -interface $2 > /dev/null
304: ;;
1.48 niklas 305: *:*)
306: echo 'config error, multicasting disabled until rc.conf is fixed'
1.67 deraadt 307: route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null
308: ;;
1.48 niklas 309: esac
1.83 ! miod 310:
! 311: # Configure all the gif and gre interfaces which we know about.
! 312: # They were delayed because they require the routes to be set.
! 313: for hn in /etc/hostname.*; do
! 314: # Strip off /etc/hostname. prefix
! 315: if=${hn#/etc/hostname.}
! 316:
! 317: case $if in
! 318: "gif"*|"gre"*)
! 319: ifstart $if
! 320: ;;
! 321: *)
! 322: # Regular interfaces have already been configured.
! 323: continue
! 324: ;;
! 325: esac
! 326: done
! 327:
! 328: # Configure all the bridges.
! 329: for bn in /etc/bridgename.*; do
! 330: # Strip off /etc/bridgename. prefix
! 331: if=${bn#/etc/bridgename.}
! 332:
! 333: bridgestart $if
! 334: done