2ae521fa83
and ipv6_ifconfig_<interface> options have already been deprecated, these changes do not alter that. With these changes any value set for ipv6_enable will emit a warning. In order to avoid a POLA violation for the deprecation of the option ipv6_enable=NO will still disable configuration for all interfaces other than lo0. ipv6_enable=YES will not have any effect, but will emit an additional warning. Support and warnings for this option will be removed in FreeBSD 10.x. Consistent with the current code, in order for IPv6 to be configured on an interface (other than lo0) an ifconfig_<interface>_ipv6 option will have to be added to /etc/rc.conf[.local]. 1. Clean up and minor optimizations for the following functions: ifconfig_up (the ipv6 elements) ipv6if ipv6_autoconfif get_if_var _ifconfig_getargs The cleanups generally were to move the "easy" tests earlier in the functions, and consolidate duplicate code. 2. Stop overloading ipv6_prefer with the ability to disable IPv6 configuration. 3. Remove noafif() which was only ever called from ipv6_autoconfif. Instead, simplify and integrate the tests into that function, and convert the test to use is_wired_interface() instead of listing wireless interfaces explicitly. 4. Integrate backwards compatibility for ipv6_ifconfig_<interface> into _ifconfig_getargs. This dramatically simplifies the code in all of the callers, and avoids a lot of other code duplication. 5. In rc.d/netoptions, add code for an ipv6_privacy option to use RFC 4193 style pseudo-random addresses (this is what windows does by default, FYI). 6. Add support for the [NO]RTADV options in ifconfig_getargs() and ipv6_autoconfif(). In the latter, include support for the explicit addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done in the current code. 7. In rc.d/netif add a warning if $ipv6_enable is set, and remove the set_rcvar_obsolete for it. Also remove the latter from rc.d/ip6addrctl. 8. In /etc/defaults/rc.conf: Add an example for RTADV configuration. Set ipv6_network_interfaces to AUTO. Switch ipv6_prefer to YES. If ipv6_enable is not set this will have no effect. Add a default for ipv6_privacy (NO). 9. Document all of this in rc.conf.5.
113 lines
2.3 KiB
Bash
Executable File
113 lines
2.3 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: netoptions
|
|
# REQUIRE: FILESYSTEMS
|
|
# BEFORE: netif
|
|
# KEYWORD: nojail
|
|
|
|
. /etc/rc.subr
|
|
. /etc/network.subr
|
|
|
|
name="netoptions"
|
|
start_cmd="netoptions_start"
|
|
stop_cmd=:
|
|
|
|
_netoptions_initdone=
|
|
netoptions_init()
|
|
{
|
|
if [ -z "${_netoptions_initdone}" ]; then
|
|
echo -n 'Additional TCP/IP options:'
|
|
_netoptions_initdone=yes
|
|
fi
|
|
}
|
|
|
|
netoptions_start()
|
|
{
|
|
local _af
|
|
|
|
for _af in inet inet6; do
|
|
afexists ${_af} && eval netoptions_${_af}
|
|
done
|
|
[ -n "${_netoptions_initdone}" ] && echo '.'
|
|
}
|
|
|
|
netoptions_inet()
|
|
{
|
|
case ${log_in_vain} in
|
|
[12])
|
|
netoptions_init
|
|
echo -n " log_in_vain=${log_in_vain}"
|
|
${SYSCTL_W} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null
|
|
${SYSCTL_W} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null
|
|
;;
|
|
*)
|
|
${SYSCTL_W} net.inet.tcp.log_in_vain=0 >/dev/null
|
|
${SYSCTL_W} net.inet.udp.log_in_vain=0 >/dev/null
|
|
;;
|
|
esac
|
|
|
|
if checkyesno tcp_extensions; then
|
|
${SYSCTL_W} net.inet.tcp.rfc1323=1 >/dev/null
|
|
else
|
|
netoptions_init
|
|
echo -n " rfc1323 extensions=${tcp_extensions}"
|
|
${SYSCTL_W} net.inet.tcp.rfc1323=0 >/dev/null
|
|
fi
|
|
|
|
if checkyesno tcp_keepalive; then
|
|
${SYSCTL_W} net.inet.tcp.always_keepalive=1 >/dev/null
|
|
else
|
|
netoptions_init
|
|
echo -n " TCP keepalive=${tcp_keepalive}"
|
|
${SYSCTL_W} net.inet.tcp.always_keepalive=0 >/dev/null
|
|
fi
|
|
|
|
if checkyesno tcp_drop_synfin; then
|
|
netoptions_init
|
|
echo -n " drop SYN+FIN packets=${tcp_drop_synfin}"
|
|
${SYSCTL_W} net.inet.tcp.drop_synfin=1 >/dev/null
|
|
else
|
|
${SYSCTL_W} net.inet.tcp.drop_synfin=0 >/dev/null
|
|
fi
|
|
|
|
case ${ip_portrange_first} in
|
|
[0-9]*)
|
|
netoptions_init
|
|
echo -n " ip_portrange_first=$ip_portrange_first"
|
|
${SYSCTL_W} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
|
|
;;
|
|
esac
|
|
|
|
case ${ip_portrange_last} in
|
|
[0-9]*)
|
|
netoptions_init
|
|
echo -n " ip_portrange_last=$ip_portrange_last"
|
|
${SYSCTL_W} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
|
|
;;
|
|
esac
|
|
}
|
|
|
|
netoptions_inet6()
|
|
{
|
|
if checkyesno ipv6_ipv4mapping; then
|
|
netoptions_init
|
|
echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}"
|
|
${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null
|
|
else
|
|
${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null
|
|
fi
|
|
|
|
if checkyesno ipv6_privacy; then
|
|
netoptions_init
|
|
echo -n " IPv6 Privacy Addresses"
|
|
${SYSCTL_W} net.inet6.ip6.use_tempaddr=1 >/dev/null
|
|
${SYSCTL_W} net.inet6.ip6.prefer_tempaddr=1 >/dev/null
|
|
fi
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command $1
|