After some tests, here are the services that run into a vnet jail:
- defaultroute
- dhclient
- ip6addrctl
- natd
- pf
- pfsync
- pflog (deamon runs, pflog0 interface usable, but /var/log/pflog not filled)
- rarpd
- route6d (do nothing anyway because obsolete)
- routed (do nothing anyway because obsolete)
- rtsold
- static_arp
- static_ndp
PR: 220530
Submitted by: olivier@freebsd.org
- Use the absolute pathname for ip6addrctl.
- Use "install" instead of "add" to reduce the number of invocations.
Reported by: Tatsuki Makino [*]
PR: conf/175006 [*]
MFC after: 1 week
assignments to the literal values it would have returned.
The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.
During the discussion on freebsd-rc@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
The $ip6addrctl_policy is a variable to choose a pre-defined address
selection policy set by ip6addrctl(8).
The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3,
the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484,
respectively. When "AUTO" is specified, it attempts to read
/etc/ip6addrctl.conf first. If it is found, it reads and installs it as
a policy table. If not, either of the two pre-defined policy tables is
chosen automatically according to $ipv6_activate_all_interfaces.
When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding
$ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.
The default values are ip6addrctl_policy=AUTO and
ipv6_activate_all_interfaces=NO.
Discussed with: ume and bz
and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.
With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.
Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].
1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.
2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.
3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.
4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.
5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).
6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.
7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.
8. In /etc/defaults/rc.conf:
Add an example for RTADV configuration.
Set ipv6_network_interfaces to AUTO.
Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.
Add a default for ipv6_privacy (NO).
9. Document all of this in rc.conf.5.
re-add $ipv6_enable support for backward compatibility. From
UPDATING:
1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF
for IPv4. For aliases, $ifconfig_IF_aliasN should be used.
Note that both variables need the "inet6" keyword at the head.
Do not set $ipv6_network_interfaces manually if you do not
understand what you are doing. It is not needed in most cases.
$ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but
they are obsolete.
2. $ipv6_enable is obsolete. Use $ipv6_prefer and/or
"inet6 accept_rtadv" keyword in ifconfig(8) instead.
If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and
all configured interfaces have "inet6 accept_rtadv" in the
$ifconfig_IF_ipv6. These are for backward compatibility.
3. A new variable $ipv6_prefer has been added. If NO, IPv6
functionality of interfaces with no corresponding
$ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag,
and the default address selection policy of ip6addrctl(8)
is the IPv4-preferred one (see rc.d/ip6addrctl for more details).
Note that if you want to configure IPv6 functionality on the
disabled interfaces after boot, first you need to clear the flag by
using ifconfig(8) like:
ifconfig em0 inet6 -ifdisabled
If YES, the default address selection policy is set as
IPv6-preferred.
The default value of $ipv6_prefer is NO.
4. If your system need to receive Router Advertisement messages,
define "inet6 accept_rtadv" in $ifconfig_IF_ipv6. The rc(8)
scripts automatically invoke rtsol(8) when the interface becomes
UP. The Router Advertisement messages are used for SLAAC
(State-Less Address AutoConfiguration).
- Add rc.d/stf and rc.d/faith for stf(4) and faith(4).
- Remove rc.d/auto_linklocal and rc.d/network_ipv6.
- Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif
depends on some sysctl variables.
Reviewed by: brooks
MFC after: 3 days
and takes over mountcritlocal's role as the early / late divider. This
makes it far easier to add rc scripts which need to run early, such as a
startup script for zfs, which is right around the corner.
This change should be a no-op; I have verified that the only change in
rcorder's output is the insertion of FILESYSTEMS immediately after
mountcritlocal.
MFC after: 3 weeks
ip6addrctl_enable is set to YES, address selection policy is installed
into kernel.
If there is /etc/ip6addrctl.conf, it is used for address selection
policy. Even if there is no /etc/ip6addrctl.conf, we install default
policy. In this case, if ipv6_enable is set to YES, we use address
selection policy described in RFC 3484 as default. Otherwise, we
install priority policy for IPv4 address.
The default of ip6addrctl_enable is NO for now. However, it may
better to enable it by default.