Commit Graph

19 Commits

Author SHA1 Message Date
Kristof Provost
2ca5f390c4 Allow more services to run in vnet jails
After some tests, here are the services that run into a vnet jail:
  - defaultroute
  - dhclient
  - ip6addrctl
  - natd
  - pf
  - pfsync
  - pflog (deamon runs, pflog0 interface usable, but /var/log/pflog not filled)
  - rarpd
  - route6d (do nothing anyway because obsolete)
  - routed (do nothing anyway because obsolete)
  - rtsold
  - static_arp
  - static_ndp

PR:		220530
Submitted by:	olivier@freebsd.org
2017-07-08 09:28:31 +00:00
Lars Engels
6c1a5e837d - Add descriptions to most of the rc scripts. Those are mostly taken from their
daemon's manpage and probably improved.
- Consistently use "filesystem" not "file system".

Approved by:	bapt, brueffer
Differential Revision:	D452
2016-04-23 16:10:54 +00:00
Hiroki Sato
cec7c03d34 Use ipv6_prefer when at least one ifconfig_IF_ipv6 is configured.
Discussed on:	-net@
2014-08-30 07:08:10 +00:00
Hiroki Sato
6886522d85 - Fix exit status when ip6addrctl_verbose=yes [*]
- Use the absolute pathname for ip6addrctl.
- Use "install" instead of "add" to reduce the number of invocations.

Reported by:	Tatsuki Makino [*]
PR:		conf/175006 [*]
MFC after:	1 week
2013-05-04 15:42:55 +00:00
Hajimu UMEMOTO
e695500d3c Use the default policy table of RFC 6724.
MFC after:	1 weeks
2013-02-02 18:08:09 +00:00
Maksim Yevmenkin
78cf63fc10 Allow to specify no source-address-selection policy
MFC after:	1 week
2012-07-19 15:36:36 +00:00
Doug Barton
801c438304 Prepare for the removal of set_rcvar() by changing the rcvar=
assignments to the literal values it would have returned.

The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.

During the discussion on freebsd-rc@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
2012-01-14 02:18:41 +00:00
Hiroki Sato
d3a8a8b9fa Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces.
The $ip6addrctl_policy is a variable to choose a pre-defined address
selection policy set by ip6addrctl(8).
The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3,
the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484,
respectively.  When "AUTO" is specified, it attempts to read
/etc/ip6addrctl.conf first.  If it is found, it reads and installs it as
a policy table.  If not, either of the two pre-defined policy tables is
chosen automatically according to $ipv6_activate_all_interfaces.

When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding
$ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.

The default values are ip6addrctl_policy=AUTO and
ipv6_activate_all_interfaces=NO.

Discussed with:	ume and bz
2010-09-13 19:55:40 +00:00
Hiroki Sato
c5ad71aff5 Revert changes in r206408.
Discussed with:	dougb, core.5, and core.6
2010-09-13 19:51:15 +00:00
Doug Barton
8aa4c57946 Improve the handling of IPv6 configuration in rc.d. The ipv6_enable
and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.

With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.

Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].

1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.

2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.

3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.

4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.

5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).

6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.

7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.

8. In /etc/defaults/rc.conf:

Add an example for RTADV configuration.

Set ipv6_network_interfaces to AUTO.

Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.

Add a default for ipv6_privacy (NO).

9. Document all of this in rc.conf.5.
2010-04-09 01:35:09 +00:00
Hiroki Sato
b558571de6 - Add AF_IPX and AF_NATM to afexists().
- Add afexists() check to address family specific rc.d scripts.  A
  script for an AF will be silently ignored if the kernel has no
  support for the AF.
2009-10-02 02:24:25 +00:00
Hiroki Sato
2e77c5abfb Fix several logic bugs in the previous IPv6 variable change and
re-add $ipv6_enable support for backward compatibility.  From
UPDATING:

 1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF
    for IPv4.  For aliases, $ifconfig_IF_aliasN should be used.
    Note that both variables need the "inet6" keyword at the head.

    Do not set $ipv6_network_interfaces manually if you do not
    understand what you are doing.  It is not needed in most cases.

    $ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but
    they are obsolete.

 2. $ipv6_enable is obsolete.  Use $ipv6_prefer and/or
    "inet6 accept_rtadv" keyword in ifconfig(8) instead.

    If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and
    all configured interfaces have "inet6 accept_rtadv" in the
    $ifconfig_IF_ipv6.  These are for backward compatibility.

 3. A new variable $ipv6_prefer has been added.  If NO, IPv6
    functionality of interfaces with no corresponding
    $ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag,
    and the default address selection policy of ip6addrctl(8)
    is the IPv4-preferred one (see rc.d/ip6addrctl for more details).
    Note that if you want to configure IPv6 functionality on the
    disabled interfaces after boot, first you need to clear the flag by
    using ifconfig(8) like:

         ifconfig em0 inet6 -ifdisabled

    If YES, the default address selection policy is set as
    IPv6-preferred.

    The default value of $ipv6_prefer is NO.

 4. If your system need to receive Router Advertisement messages,
    define "inet6 accept_rtadv" in $ifconfig_IF_ipv6.  The rc(8)
    scripts automatically invoke rtsol(8) when the interface becomes
    UP.  The Router Advertisement messages are used for SLAAC
    (State-Less Address AutoConfiguration).
2009-09-26 18:59:00 +00:00
Hiroki Sato
5d595cb88e Integrate rc.d/network_ipv6 into rc.d/netif:
- Add rc.d/stf and rc.d/faith for stf(4) and faith(4).
- Remove rc.d/auto_linklocal and rc.d/network_ipv6.
- Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif
  depends on some sysctl variables.

Reviewed by:	brooks
MFC after:	3 days
2009-09-12 22:13:41 +00:00
Doug Barton
2b9851690c As previously discussed, add the svn:executable property to all scripts 2008-07-16 19:22:48 +00:00
Dag-Erling Smørgrav
7bd5b79de4 Add a dummy script, FILESYSTEMS, which depends on root and mountcritlocal
and takes over mountcritlocal's role as the early / late divider.  This
makes it far easier to add rc scripts which need to run early, such as a
startup script for zfs, which is right around the corner.

This change should be a no-op; I have verified that the only change in
rcorder's output is the insertion of FILESYSTEMS immediately after
mountcritlocal.

MFC after:	3 weeks
2007-04-02 22:53:07 +00:00
Mike Makonnen
337338ee00 Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
2004-10-07 13:55:26 +00:00
Hajimu UMEMOTO
b351b78a10 Add ip6addrctl_enable and ip6_addrctl_verbose option. If
ip6addrctl_enable is set to YES, address selection policy is installed
into kernel.
If there is /etc/ip6addrctl.conf, it is used for address selection
policy.  Even if there is no /etc/ip6addrctl.conf, we install default
policy.  In this case, if ipv6_enable is set to YES, we use address
selection policy described in RFC 3484 as default.  Otherwise, we
install priority policy for IPv4 address.
The default of ip6addrctl_enable is NO for now.  However, it may
better to enable it by default.
2004-06-02 09:39:49 +00:00
Pawel Jakub Dawidek
bd57d5b0f5 Mark scripts as not usable inside a jail by adding keyword 'nojail'.
Some suggestions from:	rwatson, Ruben de Groot <mail25@bzerk.org>
2004-03-08 12:25:05 +00:00
Hajimu UMEMOTO
2fa02b748e install address selection policy into kernel when there is
/etc/ip6addrctl.conf.
following sample of ip6addrctl.conf is a good default:

#Prefix       Precedence Label
::1/128               50     0
::/0                  40     1
2002::/16             30     2
::/96                 20     3
::ffff:0:0/96         10     4
2003-10-30 17:55:52 +00:00