diff --git a/UPDATING b/UPDATING index f4a8fed2aaf4..7a17089717f8 100644 --- a/UPDATING +++ b/UPDATING @@ -22,6 +22,25 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 9.x IS SLOW: machines to maximize performance. (To disable malloc debugging, run ln -s aj /etc/malloc.conf.) +20100913: + The $ipv6_prefer variable in rc.conf(5) has been split into + $ip6addrctl_policy and $ipv6_activate_all_interfaces. + + The $ip6addrctl_policy is a variable to choose a pre-defined + address selection policy set by ip6addrctl(8). A value + "ipv4_prefer", "ipv6_prefer" or "AUTO" can be specified. The + default is "AUTO". + + The $ipv6_activate_all_interfaces specifies whether IFDISABLED + flag (see an entry of 20090926) is set on an interface with no + corresponding $ifconfig_IF_ipv6 line. The default is "NO" for + security reason. If you want IPv6 link-local address on all + interfaces by default, set this to "YES". + + The old ipv6_prefer="YES" is equivalent to + ipv6_activate_all_interfaces="YES" and + ip6addrctl_policy="ipv6_prefer". + 20100913: DTrace has grown support for userland tracing. Due to this, DTrace is now i386 and amd64 only. diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index b041f15f3321..10213fe25199 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -446,6 +446,10 @@ icmp_bmcastecho="NO" # respond to broadcast ping packets ### IPv6 options: ### ipv6_network_interfaces="auto" # List of IPv6 network interfaces # (or "auto" or "none"). +ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no + # corresponding $ifconfig_IF_ipv6 is + # marked as IFDISABLED for security + # reason. ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). #ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) ipv6_static_routes="" # Set to static route list (or leave empty). @@ -506,7 +510,8 @@ ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, # for examples ip6addrctl_enable="YES" # Set to YES to enable default address selection ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages -ipv6_prefer="NO" # Use IPv6 when both IPv4 and IPv6 can be used +ip6addrctl_policy="AUTO" # A pre-defined address selection policy + # (ipv4_prefer, ipv6_prefer, or AUTO) ############################################################## ### System console options ################################# diff --git a/etc/network.subr b/etc/network.subr index 8097463d7358..afd568cbfb56 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -100,7 +100,7 @@ ifconfig_up() _ipv6_opts="-accept_rtadv" fi else - if checkyesno ipv6_prefer; then + if checkyesno ipv6_activate_all_interfaces; then _ipv6_opts="-ifdisabled" else _ipv6_opts="ifdisabled" diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl index d3b185617959..d38018c4cdd7 100755 --- a/etc/rc.d/ip6addrctl +++ b/etc/rc.d/ip6addrctl @@ -19,8 +19,10 @@ extra_commands="status prefer_ipv6 prefer_ipv4" status_cmd="ip6addrctl" prefer_ipv6_cmd="ip6addrctl_prefer_ipv6" prefer_ipv4_cmd="ip6addrctl_prefer_ipv4" +config_file="/etc/ip6addrctl.conf" -set_rcvar_obsolete ipv6_enable ipv6_prefer +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer ip6addrctl_policy ip6addrctl_prefer_ipv6() { @@ -53,17 +55,40 @@ ip6addrctl_start() afexists inet6 || return 0 # install the policy of the address selection algorithm. - if [ -f /etc/ip6addrctl.conf ]; then - ip6addrctl flush >/dev/null 2>&1 - ip6addrctl install /etc/ip6addrctl.conf - checkyesno ip6addrctl_verbose && ip6addrctl - else - if checkyesno ipv6_prefer; then - ip6addrctl_prefer_ipv6 + case "${ip6addrctl_policy}" in + [Aa][Uu][Tt][Oo]) + if [ -r "${config_file}" -a -s "${config_file}" ]; then + ip6addrctl flush >/dev/null 2>&1 + ip6addrctl install "${config_file}" + checkyesno ip6addrctl_verbose && ip6addrctl else - ip6addrctl_prefer_ipv4 + if checkyesno ipv6_activate_all_interfaces; then + ip6addrctl_prefer_ipv6 + else + ip6addrctl_prefer_ipv4 + fi fi - fi + ;; + ipv4_prefer) + ip6addrctl_prefer_ipv4 + ;; + ipv6_prefer) + ip6addrctl_prefer_ipv6 + ;; + [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) + # Backward compatibility when ipv6_prefer=YES + ip6addrctl_prefer_ipv6 + ;; + [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) + # Backward compatibility when ipv6_prefer=NO + ip6addrctl_prefer_ipv4 + ;; + *) + warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \ + " \"ipv4_prefer\" is used instead." + ip6addrctl_prefer_ipv4 + ;; + esac } ip6addrctl_stop() diff --git a/etc/rc.d/netif b/etc/rc.d/netif index f982cfce6474..01da302c5dfe 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -41,7 +41,8 @@ clonedown_cmd="clone_down" extra_commands="cloneup clonedown" cmdifn= -set_rcvar_obsolete ipv6_enable ipv6_prefer +set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces +set_rcvar_obsolete ipv6_prefer network_start() { diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 7ad0cab02023..a884bfff1f49 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -1269,41 +1269,49 @@ If the variable is is added to all of .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 and the -.Va ipv6_prefer +.Va ipv6_activate_all_interfaces is defined as .Dq Li YES . .Pp This variable is deprecated. Use -.Va ipv6_prefer +.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 and -.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 . +.Va ipv6_activate_all_interfaces +if necessary. .It Va ipv6_prefer .Pq Vt bool -This variable does the following: -.Pp If the variable is .Dq Li YES , -the default policy of the source address selection set by +the default address selection policy table set by .Xr ip6addrctl 8 will be IPv6-preferred. .Pp If the variable is .Dq Li NO , -the default policy of the source address selection set by +the default address selection policy table set by .Xr ip6addrctl 8 -will be IPv4-preferred, and all of interfaces which does not have the -corrsponding +will be IPv4-preferred. +.Pp +This variable is deprecated. Use +.Va ip6addtctl_policy +instead. +.It Va ipv6_activate_all_interfaces +If the variable is +.Dq Li NO , +all of interfaces which do not have the corrsponding .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 variable will be marked as -.Dq Li IFDISABLED . -This means only IPv6 functionality on that interface is completely -disabled. For more details of +.Dq Li IFDISABLED +for security reason. This means only IPv6 functionality on that interface +is completely disabled. For more details of .Dq Li IFDISABLED flag and keywords .Dq Li inet6 ifdisabled , see .Xr ifconfig 8 . .Pp +Default is +.Dq Li NO . .It Va ipv6_privacy .Pq Vt bool If the variable is @@ -1316,6 +1324,8 @@ This is the IPv6 equivalent of .Va network_interfaces . Normally manual configuration of this variable is not needed. .Pp +.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 +.Pq Vt str IPv6 functionality on an interface should be configured by .Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 , instead of setting ifconfig parameters in @@ -1354,22 +1364,52 @@ this is the default output interface for scoped addresses. This works only with ipv6_gateway_enable="NO". .It Va ip6addrctl_enable .Pq Vt bool -If set to -.Dq Li YES , -install default address selection policy table +This variable is to enable configuring default address selection policy table .Pq RFC 3484 . -If a file -.Pa /etc/ip6addrctl.conf -is found the +The table can be specified in another variable +.Va ip6addrctl_policy . +For +.Va ip6addrctl_policy +the following keywords can be specified: +.Dq Li ipv4_prefer , +.Dq Li ipv6_prefer , +or +.Dq Li AUTO . +.Pp +If +.Dq Li ipv4_prefer +or +.Dq Li ipv6_prefer +is specified, .Xr ip6addrctl 8 -reads and installs it. -If not, a pre-defined policy table will be installed. -There are two pre-defined ones; IPv4-preferred and IPv6-preferred. -If set -.Va ipv6_prefer -variable to +installs a pre-defined policy table described in Section 2.1 +.Pq IPv6-preferred +or 10.3 +.Pq IPv4-preferred +of RFC 3484. +.Pp +If +.Dq Li AUTO +is specified, it attempts to read a file +.Pa /etc/ip6addrctl.conf +first. If this file is found, +.Xr ip6addrctl 8 +reads and installs it. If not found, a policy is automatically set +according to +.Va ipv6_activate_all_interfaces +variable; if the variable is set to .Dq Li YES -the IPv6-preferred one is used. Default is IPv4-preferred. +the IPv6-preferred one is used. Otherwise IPv4-preferred. +.Pp +The default value of +.Va ip6addrctl_enable +and +.Va ip6addrctl_policy +are +.Dq Li YES +and +.Dq Li AUTO , +respectively. .It Va cloned_interfaces .Pq Vt str Set to the list of clonable network interfaces to create on this host.