1df930be7Sderaadt#!/bin/sh - 2df930be7Sderaadt# 3*705fcffdSreyk# $OpenBSD: netstart,v 1.112 2005/12/06 17:24:18 reyk Exp $ 48fc5e153Smillert 58fc5e153Smillert# Strip comments (and leading/trailing whitespace if IFS is set) 68fc5e153Smillert# from a file and spew to stdout 78fc5e153Smillertstripcom() { 8371a327cStodd local _l 97c4030c5Stodd [[ -f $1 ]] || return 10371a327cStodd while read _l; do 11371a327cStodd [[ -n ${_l%%#*} ]] && echo $_l 12371a327cStodd done<$1 138fc5e153Smillert} 1404e0ac27Smillert 1504e0ac27Smillert# Returns true if $1 contains only alphanumerics 1604e0ac27Smillertisalphanumeric() { 1704e0ac27Smillert local _n 1804e0ac27Smillert _n=$1 1904e0ac27Smillert while [ ${#_n} != 0 ]; do 2004e0ac27Smillert case $_n in 2104e0ac27Smillert [A-Za-z0-9]*) ;; 2204e0ac27Smillert *) return 1;; 2304e0ac27Smillert esac 2404e0ac27Smillert _n=${_n#?} 2504e0ac27Smillert done 2604e0ac27Smillert return 0 2704e0ac27Smillert} 28df930be7Sderaadt 29dfc209d0Smiod# Start the $1 interface 30dfc209d0Smiodifstart() { 31f5319bdcSderaadt if=$1 32dfc209d0Smiod # Interface names must be alphanumeric only. We check to avoid 33dfc209d0Smiod # configuring backup or temp files, and to catch the "*" case. 34f5319bdcSderaadt if ! isalphanumeric "$if"; then 35dfc209d0Smiod return 36dfc209d0Smiod fi 37dfc209d0Smiod 38f5319bdcSderaadt ifconfig $if > /dev/null 2>&1 39dfc209d0Smiod if [ "$?" != "0" ]; then 40e087dc57Smarkus # Try to create interface if it does not exist 41e087dc57Smarkus ifconfig $if create > /dev/null 2>&1 42e087dc57Smarkus if [ "$?" != "0" ]; then 43dfc209d0Smiod return 44dfc209d0Smiod fi 45e087dc57Smarkus fi 46dfc209d0Smiod 47dfc209d0Smiod # Now parse the hostname.* file 48dfc209d0Smiod while :; do 49dfc209d0Smiod if [ "$cmd2" ]; then 50dfc209d0Smiod # We are carrying over from the 'read dt dtaddr' 51dfc209d0Smiod # last time. 52dfc209d0Smiod set -- $cmd2 53dfc209d0Smiod af="$1" name="$2" mask="$3" bcaddr="$4" ext1="$5" cmd2= 54dfc209d0Smiod # Make sure and get any remaining args in ext2, 55dfc209d0Smiod # like the read below 56dfc209d0Smiod i=1 57dfc209d0Smiod while [ i -lt 6 -a -n "$1" ]; do shift; let i=i+1; done 58dfc209d0Smiod ext2="$@" 59dfc209d0Smiod else 60dfc209d0Smiod # Read the next line or exit the while loop. 61dfc209d0Smiod read af name mask bcaddr ext1 ext2 || break 62dfc209d0Smiod fi 63dfc209d0Smiod # $af can be "dhcp", "up", "rtsol", an address family, 64dfc209d0Smiod # commands, or a comment. 65dfc209d0Smiod case "$af" in 66dfc209d0Smiod "#"*|"") # skip comments and empty lines 67dfc209d0Smiod continue 68dfc209d0Smiod ;; 69dfc209d0Smiod "!"*) # parse commands 70dfc209d0Smiod cmd="${af#*!} ${name} ${mask} ${bcaddr} ${ext1} ${ext2}" 71dfc209d0Smiod ;; 72dfc209d0Smiod "bridge") 73f5319bdcSderaadt cmd="echo /etc/hostname.$if: bridges now supported via bridgename.* files" 74dfc209d0Smiod ;; 75dfc209d0Smiod "dhcp") 76dfc209d0Smiod [ "$name" = "NONE" ] && name= 77dfc209d0Smiod [ "$mask" = "NONE" ] && mask= 78dfc209d0Smiod [ "$bcaddr" = "NONE" ] && bcaddr= 7919d144d8Stodd cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 down" 8019d144d8Stodd cmd="$cmd;dhclient $if" 817c4030c5Stodd dhcpif="$dhcpif $if" 82dfc209d0Smiod ;; 83dfc209d0Smiod "rtsol") 84f5319bdcSderaadt rtsolif="$rtsolif $if" 8519d144d8Stodd cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 up" 86dfc209d0Smiod ;; 87dfc209d0Smiod "up") 88f5319bdcSderaadt # The only one of these guaranteed to be set is $if. 89dfc209d0Smiod # The remaining ones exist so that media controls work. 90f5319bdcSderaadt cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 up" 91dfc209d0Smiod ;; 92dfc209d0Smiod *) 93dfc209d0Smiod read dt dtaddr 94dfc209d0Smiod if [ "$name" = "alias" ]; then 95dfc209d0Smiod # perform a 'shift' of sorts 96dfc209d0Smiod alias=$name 97dfc209d0Smiod name=$mask 98dfc209d0Smiod mask=$bcaddr 99dfc209d0Smiod bcaddr=$ext1 100dfc209d0Smiod ext1=$ext2 101dfc209d0Smiod ext2= 102dfc209d0Smiod else 103dfc209d0Smiod alias= 104dfc209d0Smiod fi 105f5319bdcSderaadt cmd="ifconfig $if $af $alias $name " 106dfc209d0Smiod case "$dt" in 107dfc209d0Smiod dest) 108dfc209d0Smiod cmd="$cmd $dtaddr" 109dfc209d0Smiod ;; 110dfc209d0Smiod [a-z!]*) 111dfc209d0Smiod cmd2="$dt $dtaddr" 112dfc209d0Smiod ;; 113dfc209d0Smiod esac 114dfc209d0Smiod if [ ! -n "$name" ]; then 115f5319bdcSderaadt echo "/etc/hostname.$if: invalid network configuration file" 116dfc209d0Smiod return 117dfc209d0Smiod fi 118dfc209d0Smiod case $af in 119dfc209d0Smiod inet) 120dfc209d0Smiod [ "$mask" ] && cmd="$cmd netmask $mask" 121dfc209d0Smiod if [ "$bcaddr" -a "X$bcaddr" != "XNONE" ]; then 122dfc209d0Smiod cmd="$cmd broadcast $bcaddr" 123dfc209d0Smiod fi 124f4b4b73bSderaadt [ "$alias" ] && rtcmd=";route -qn add -host $name 127.0.0.1" 125dfc209d0Smiod ;; 126dfc209d0Smiod inet6) [ "$mask" ] && cmd="$cmd prefixlen $mask" 127dfc209d0Smiod cmd="$cmd $bcaddr" 128dfc209d0Smiod ;; 129dfc209d0Smiod *) 130dfc209d0Smiod cmd="$cmd $mask $bcaddr" 131dfc209d0Smiod ;; 132dfc209d0Smiod esac 133dfc209d0Smiod cmd="$cmd $ext1 $ext2$rtcmd" rtcmd= 134dfc209d0Smiod ;; 135dfc209d0Smiod esac 136dfc209d0Smiod eval "$cmd" 137f5319bdcSderaadt done < /etc/hostname.$if 138dfc209d0Smiod} 139dfc209d0Smiod 1409ac6b043Stodd# Start multiple: 1419ac6b043Stodd# start "$1" interfaces in order or all interfaces if empty 1429ac6b043Stodd# don't start "$2" interfaces 1439ac6b043Stoddifmstart() { 1449ac6b043Stodd for sif in ${1:-ALL}; do 1459ac6b043Stodd for hn in /etc/hostname.*; do 1469ac6b043Stodd # Strip off /etc/hostname. prefix 1479ac6b043Stodd if=${hn#/etc/hostname.} 1489ac6b043Stodd test "$if" = "*" && continue 1499ac6b043Stodd 1509ac6b043Stodd # Skip unwanted ifs 1519ac6b043Stodd s="" 1529ac6b043Stodd for xf in $2; do 1539ac6b043Stodd test "$xf" = "${if%%[0-9]*}" && s="1" && break 1549ac6b043Stodd done 1559ac6b043Stodd test "$s" = "1" && continue 1569ac6b043Stodd 1579ac6b043Stodd # Start wanted ifs 1589ac6b043Stodd test "$sif" = "ALL" -o \ 1599ac6b043Stodd "$sif" = "${if%%[0-9]*}" \ 1609ac6b043Stodd && ifstart $if 1619ac6b043Stodd done 1629ac6b043Stodd done 1639ac6b043Stodd} 1649ac6b043Stodd 165dfc209d0Smiod# Start the $1 bridge 166dfc209d0Smiodbridgestart() { 167dfc209d0Smiod # Interface names must be alphanumeric only. We check to avoid 168dfc209d0Smiod # configuring backup or temp files, and to catch the "*" case. 169dfc209d0Smiod if ! isalphanumeric "$1"; then 170dfc209d0Smiod return 171dfc209d0Smiod fi 172dfc209d0Smiod brconfig $1 > /dev/null 2>&1 173dfc209d0Smiod if [ "$?" != "0" ]; then 174e5eec468Smillert # Try to create interface if it does not exist 175437a24f3Stodd ifconfig $1 create > /dev/null 2>&1 176e5eec468Smillert if [ "$?" != "0" ]; then 177dfc209d0Smiod return 178dfc209d0Smiod fi 179e5eec468Smillert fi 180dfc209d0Smiod 181dfc209d0Smiod # Now parse the bridgename.* file 182dfc209d0Smiod # All lines are run as brconfig(8) commands. 183dfc209d0Smiod while read line ; do 184dfc209d0Smiod line=${line%%#*} # strip comments 185dfc209d0Smiod test -z "$line" && continue 186dfc209d0Smiod case "$line" in 187dfc209d0Smiod "!"*) 188dfc209d0Smiod cmd="${line#*!}" 189dfc209d0Smiod ;; 190dfc209d0Smiod *) 191dfc209d0Smiod cmd="brconfig $1 $line" 192dfc209d0Smiod ;; 193dfc209d0Smiod esac 194dfc209d0Smiod eval "$cmd" 195dfc209d0Smiod done < /etc/bridgename.$1 196dfc209d0Smiod} 197dfc209d0Smiod 1980dc37902Sangelos# Re-read /etc/rc.conf 1990dc37902Sangelos. /etc/rc.conf 2000dc37902Sangelos 201dfc209d0Smiod# If we were invoked with a list of interface names, just reconfigure these 202dfc209d0Smiod# interfaces (or bridges) and return. 203dfc209d0Smiodif [ $1x = autobootx ]; then 204dfc209d0Smiod shift 205dfc209d0Smiodfi 206dfc209d0Smiodif [ $# -gt 0 ]; then 207dfc209d0Smiod while [ $# -gt 0 ]; do 208dfc209d0Smiod if [ -f /etc/bridgename.$1 ]; then 209dfc209d0Smiod bridgestart $1 210dfc209d0Smiod else 211dfc209d0Smiod ifstart $1 212dfc209d0Smiod fi 213dfc209d0Smiod shift 214dfc209d0Smiod done 215dfc209d0Smiod return 216dfc209d0Smiodfi 217dfc209d0Smiod 218dfc209d0Smiod# Otherwise, process with the complete network initialization. 219dfc209d0Smiod 220df930be7Sderaadt# /etc/myname contains my symbolic name 22137bbdc83Shenningif [ -f /etc/myname ]; then 2223de81825Smillert hostname=`stripcom /etc/myname` 223df930be7Sderaadt hostname $hostname 22437bbdc83Shenningelse 22537bbdc83Shenning hostname=`hostname` 22637bbdc83Shenningfi 22737bbdc83Shenning 228df930be7Sderaadtif [ -f /etc/defaultdomain ]; then 2293de81825Smillert domainname `stripcom /etc/defaultdomain` 230df930be7Sderaadtfi 231df930be7Sderaadt 232bb101bd8Sderaadt# Set the address for the loopback interface. Bringing the 233bb101bd8Sderaadt# interface up, automatically invokes the IPv6 address ::1) 2348f8fdbefSderaadtifconfig lo0 inet 127.0.0.1 23598c28033Skstailey 2363d8fed7cSitojunif ifconfig lo0 inet6 >/dev/null 2>&1; then 2373d8fed7cSitojun # IPv6 configurations. 2383d8fed7cSitojun ip6kernel=YES 2393d8fed7cSitojun 240dfc209d0Smiod # Disallow link-local unicast dest without outgoing scope identifiers. 24103056e2eSderaadt route -qn add -inet6 fe80:: -prefixlen 10 ::1 -reject > /dev/null 24292aceabbSitojun 243dfc209d0Smiod # Disallow site-local unicast dest without outgoing scope identifiers. 24492aceabbSitojun # If you configure site-locals without scope id (it is permissible 24592aceabbSitojun # config for routers that are not on scope boundary), you may want 24692aceabbSitojun # to comment the line out. 24703056e2eSderaadt route -qn add -inet6 fec0:: -prefixlen 10 ::1 -reject > /dev/null 24892aceabbSitojun 249dfc209d0Smiod # Disallow "internal" addresses to appear on the wire. 25003056e2eSderaadt route -qn add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null 25192aceabbSitojun 252dfc209d0Smiod # Disallow packets to malicious IPv4 compatible prefix. 25303056e2eSderaadt route -qn add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject > /dev/null 25403056e2eSderaadt route -qn add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject > /dev/null 25503056e2eSderaadt route -qn add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject > /dev/null 25603056e2eSderaadt route -qn add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject > /dev/null 25792aceabbSitojun 258dfc209d0Smiod # Disallow packets to malicious 6to4 prefix. 25903056e2eSderaadt route -qn add -inet6 2002:e000:: -prefixlen 20 ::1 -reject > /dev/null 26003056e2eSderaadt route -qn add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject > /dev/null 26103056e2eSderaadt route -qn add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null 26203056e2eSderaadt route -qn add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null 26392aceabbSitojun 26492aceabbSitojun # Completely disallow packets to IPv4 compatible prefix. 26592aceabbSitojun # This may conflict with RFC1933 under following circumstances: 26692aceabbSitojun # (1) An IPv6-only KAME node tries to originate packets to IPv4 2675e268fadSderaadt # compatible destination. The KAME node has no IPv4 compatible 26892aceabbSitojun # support. Under RFC1933, it should transmit native IPv6 26992aceabbSitojun # packets toward IPv4 compatible destination, hoping it would 27092aceabbSitojun # reach a router that forwards the packet toward auto-tunnel 27192aceabbSitojun # interface. 2725e268fadSderaadt # (2) An IPv6-only node originates a packet to an IPv4 compatible 27392aceabbSitojun # destination. A KAME node is acting as an IPv6 router, and 27492aceabbSitojun # asked to forward it. 2755e268fadSderaadt # Due to rare use of IPv4 compatible addresses, and security issues 27692aceabbSitojun # with it, we disable it by default. 27703056e2eSderaadt route -qn add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null 27882c17b75Sitojun 27982c17b75Sitojun rtsolif="" 2803d8fed7cSitojunelse 2813d8fed7cSitojun ip6kernel=NO 2823d8fed7cSitojunfi 2833d8fed7cSitojun 284df930be7Sderaadt 2859ac6b043Stodd# Configure all the non-loopback interfaces which we know about, but 2869ac6b043Stodd# do not start interfaces which must be delayed. 2879ac6b043Stodd# Refer to hostname.if(5) and bridgename.if(5) 28880b80c6eStoddifmstart "" "trunk vlan carp gif gre pfsync pppoe" 28982c17b75Sitojun 29082c17b75Sitojunif [ "$ip6kernel" = "YES" -a "x$rtsolif" != "x" ]; then 29182c17b75Sitojun fw=`sysctl -n net.inet6.ip6.forwarding` 29282c17b75Sitojun ra=`sysctl -n net.inet6.ip6.accept_rtadv` 29382c17b75Sitojun if [ "x$fw" = "x0" -a "x$ra" = "x1" ]; then 294d56849f2Sitojun echo "IPv6 autoconf:$rtsolif" 29582c17b75Sitojun rtsol $rtsolif 29682c17b75Sitojun else 29782c17b75Sitojun echo "WARNING: inconsistent config - check /etc/sysctl.conf for IPv6 autoconf" 29882c17b75Sitojun fi 29982c17b75Sitojunfi 300d56849f2Sitojunif [ "$ip6kernel" = "YES" ]; then 301d56849f2Sitojun # this is to make sure DAD is completed before going further. 302d56849f2Sitojun sleep `sysctl -n net.inet6.ip6.dad_count` 303d56849f2Sitojunfi 30482c17b75Sitojun 30580b80c6eStodd# The trunk interfaces need to come up first in this list. 30680b80c6eStodd# The vlan interfaces need to come up after trunk. 30780b80c6eStodd# The pfsync interfaces need to come up before carp. 30872aeac0bSmcbride# Configure all the carp interfaces which we know about. 30972aeac0bSmcbride# They must come up after pfsync but before default route. 31080b80c6eStoddifmstart "trunk vlan pfsync carp" 31172aeac0bSmcbride 312d747464dSderaadt# /etc/mygate, if it exists, contains the name of my gateway host 313d747464dSderaadt# that name must be in /etc/hosts. 3147c4030c5Stodd[[ -z $dhcpif ]] && stripcom /etc/mygate | while read gw; do 3157c4030c5Stodd [[ $gw == @(*:*) ]] && continue 3162fcef345Sderaadt route -qn delete default > /dev/null 2>&1 3177c4030c5Stodd route -qn add -host default $gw && break 3180408d58aStodddone 3197c4030c5Stodd[[ -z $rtsolif ]] && stripcom /etc/mygate | while read gw; do 3207c4030c5Stodd [[ $gw == !(*:*) ]] && continue 3217c4030c5Stodd route -qn delete -inet6 default > /dev/null 2>&1 3227c4030c5Stodd route -qn add -host -inet6 default $gw && break 3237c4030c5Stodddone 324cf3860a5Sderaadt 325745634aaSniklas# Multicast routing. 326745634aaSniklas# 327745634aaSniklas# The routing to the 224.0.0.0/4 net is setup according to these rules: 328745634aaSniklas# multicast_host multicast_router route comment 329745634aaSniklas# NO NO -reject no multicast 330745634aaSniklas# NO YES none installed daemon will run 331745634aaSniklas# YES/interface NO -interface YES=def. iface 332745634aaSniklas# Any other combination -reject config error 333*705fcffdSreykroute -qn delete 224.0.0.0/4 > /dev/null 2>&1 334745634aaSniklascase "$multicast_host:$multicast_router" in 335745634aaSniklasNO:NO) 336f4b4b73bSderaadt route -qn add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null 337fe32e9eaSderaadt ;; 338745634aaSniklasNO:YES) 339745634aaSniklas ;; 340745634aaSniklas*:NO) 341*705fcffdSreyk maddr=`if [ "$multicast_host" = "YES" ]; then 342f4b4b73bSderaadt ed -s '!route -qn show -inet' <<EOF 343745634aaSniklas/^default/p 344745634aaSniklasEOF 345745634aaSniklas else 346745634aaSniklas ed -s "!ifconfig $multicast_host" <<EOF 347745634aaSniklas/^ inet /p 348745634aaSniklasEOF 349*705fcffdSreyk fi 2> /dev/null` 350*705fcffdSreyk if [ "X${maddr}" != "X" ]; then 351*705fcffdSreyk set $maddr 352f4b4b73bSderaadt route -qn add -net 224.0.0.0/4 -interface $2 > /dev/null 353*705fcffdSreyk else 354*705fcffdSreyk route -qn add -net 224.0.0.0/4 -interface \ 355*705fcffdSreyk 127.0.0.1 -reject > /dev/null 356*705fcffdSreyk fi 357fe32e9eaSderaadt ;; 358745634aaSniklas*:*) 359745634aaSniklas echo 'config error, multicasting disabled until rc.conf is fixed' 360f4b4b73bSderaadt route -qn add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null 361fe32e9eaSderaadt ;; 362745634aaSniklasesac 363dfc209d0Smiod 364dfc209d0Smiod 3659ac6b043Stodd# Configure PPPoE, GIF, GRE interfaces, delayed because they require routes 3669ac6b043Stodd# to be set. PPPoE must be first, as GIF and GRE may depend on it. 3679ac6b043Stoddifmstart "pppoe gif gre" 368dfc209d0Smiod 36925d2fb80Sitojun# reject 127/8 other than 127.0.0.1 3708f8fdbefSderaadtroute -qn add -net 127 127.0.0.1 -reject > /dev/null 3718f8fdbefSderaadt 372dfc209d0Smiod# Configure all the bridges. 373dfc209d0Smiodfor bn in /etc/bridgename.*; do 374dfc209d0Smiod # Strip off /etc/bridgename. prefix 375dfc209d0Smiod if=${bn#/etc/bridgename.} 3767fd32e5eStodd test "$if" = "*" && continue 377dfc209d0Smiod 378dfc209d0Smiod bridgestart $if 379dfc209d0Smioddone 380