xref: /openbsd/etc/netstart (revision fc6da205)

#!/bin/sh -
#
#	$OpenBSD: netstart,v 1.62 2000/01/02 06:50:09 deraadt Exp $

# Returns true if $1 contains only alphanumerics
isalphanumeric() {
	local _n
	_n=$1
	while [ ${#_n} != 0 ]; do
		case $_n in
			[A-Za-z0-9]*)	;;
			*)		return 1;;
		esac
		_n=${_n#?}
	done
	return 0
}

# /etc/myname contains my symbolic name
#
hostname=`cat /etc/myname`
hostname $hostname
if [ -f /etc/defaultdomain ]; then
	domainname `cat /etc/defaultdomain`
fi

# pick up option configuration
. /etc/rc.conf

# Configure the IP filter before configuring network interfaces
if [ X"${ipfilter}" = X"YES" -a -f "${ipfilter_rules}" ]; then
	echo 'configuring IP filter'
	ipf -Fa -f ${ipfilter_rules} -E
else
	ipfilter=NO
fi

# set the address for the loopback interface
# it will also initialize IPv6 address for lo0 (::1 and others).
ifconfig lo0 inet localhost

# use loopback, not the wire
route -n add -host $hostname localhost
route -n add -net 127 127.0.0.1 -reject

if ifconfig lo0 inet6 >/dev/null 2>&1; then
	# IPv6 configurations.
	ip6kernel=YES

	# disallow scoped unicast dest without outgoing scope identifiers.
	route add -inet6 fe80:: -prefixlen 10 ::1 -reject
	route add -inet6 fc80:: -prefixlen 10 ::1 -reject
	# disallow "internal" addresses to appear on the wire.
	route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
	route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject

	rtsolif=""
else
	ip6kernel=NO
fi

# configure all of the non-loopback interfaces which we know about.
# refer to hostname.if(5) and bridgename.if(5)
for hn in /etc/hostname.*; do
    # Strip off /etc/hostname. prefix
    if=${hn#/etc/hostname.}

    # Interface names must be alphanumeric only.  We check to avoid
    # configuring backup or temp files, and to catch the "*" case.
    if ! isalphanumeric "$if"; then
	continue
    fi
    ifconfig $if > /dev/null 2>&1
    if [ "$?" != "0" ]; then
	continue
    fi

    # Now parse the hostname.* file
    while :; do
	if [ "$cmd2" ]; then
	    # we are carrying over from the 'read dt dtaddr' last time
	    set -- $cmd2
	    af="$1" name="$2" mask="$3" bcaddr="$4" ext1="$5" ext2="$6"
	    cmd2=
	else
	    # read the next line or exit the while loop
	    read af name mask bcaddr ext1 ext2 || break
	fi
	# skip comments
	[ "${af#*#}" = "${af}" ] || continue
	# $af can be either "dhcp", "up" or an address family.
	case "$af" in
	"bridge")
	    cmd="echo ${hn}: bridges now supported via bridgename.* files"
	    ;;
	"dhcp")
	    ifconfig $if $name $mask $bcaddr $ext1 $ext2 down
	    cmd="dhclient $if"
	    ;;
	"rtsol")
	    ifconfig $if $name $mask $bcaddr $ext1 $ext2 up
	    rtsolif="$rtsolif $if"
	    cmd=
	    ;;
	"up")
	    # The only one of these guaranteed to be set is $if
	    # the remaining ones exist so that media controls work
	    cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 up"
	    ;;
	*)
	    read dt dtaddr
	    if [ "$name"  = "alias" ]; then
		# perform a 'shift' of sorts
		alias=$name
		name=$mask
		mask=$bcaddr
		bcaddr=$ext1
		ext1=$ext2
		ext2=
	    fi
	    cmd="ifconfig $if $af $alias $name "
	    case $dt in
	    dest)
		cmd="$cmd $dtaddr"
		;;
	    [a-z]*)
		cmd2="$dt $dtaddr"
		;;
	    esac
	    if [ ! -n "$name" ]; then
		    echo "/etc/hostname.$if: invalid network configuration file"
		return
	    fi
	    case $af in
	    inet)
		[ "$mask" ] && cmd="$cmd netmask $mask"
		if [ "$bcaddr" -a "X$bcaddr" != "XNONE" ]; then
		    cmd="$cmd broadcast $bcaddr"
		fi
		[ "$alias" ] && rtcmd="; route -n add -host $name 127.0.0.1"
		;;
	    inet6) [ "$mask" ] && cmd="$cmd prefixlen $mask"
		cmd="$cmd $bcaddr"
		;;
	    *) cmd="$cmd $mask $bcaddr"
	    esac
	    cmd="$cmd $ext1 $ext2$rtcmd" rtcmd=
	    ;;
	esac
	eval "$cmd"
    done < /etc/hostname.$if
done

if [ "$ip6kernel" = "YES" -a "x$rtsolif" != "x" ]; then
	fw=`sysctl -n net.inet6.ip6.forwarding`
	ra=`sysctl -n net.inet6.ip6.accept_rtadv`
	if [ "x$fw" = "x0" -a "x$ra" = "x1" ]; then
		echo "IPv6 autoconf:$rtsolif"
		rtsol $rtsolif
	else
		echo "WARNING: inconsistent config - check /etc/sysctl.conf for IPv6 autoconf"
	fi
fi
if [ "$ip6kernel" = "YES" ]; then
	# this is to make sure DAD is completed before going further.
	sleep `sysctl -n net.inet6.ip6.dad_count`
	sleep 1
fi

for bn in /etc/bridgename.*; do
    # Strip off /etc/bridgename. prefix
    if=${bn#/etc/bridgename.}

    # Interface names must be alphanumeric only.  We check to avoid
    # configuring backup or temp files, and to catch the "*" case.
    if ! isalphanumeric "$if"; then
        continue
    fi
    brconfig $if > /dev/null 2>&1
    if [ "$?" != "0" ]; then
	continue
    fi

    # Now parse the bridgename.* file
    {
	# All lines are run as brconfig(8) commands.
	while read line ; do
	    line=${line%%#*}		# strip comments
	    test -z "$line" && continue
	    brconfig $if $line
	done
    } < /etc/bridgename.$if
done

# /etc/mygate, if it exists, contains the name of my gateway host
# that name must be in /etc/hosts.
if [ -f /etc/mygate ]; then
	route -n add -host default `cat /etc/mygate`
fi

# Multicast routing.
#
# The routing to the 224.0.0.0/4 net is setup according to these rules:
# multicast_host	multicast_router	route		comment
# NO			NO			-reject		no multicast
# NO			YES			none installed	daemon will run
# YES/interface		NO			-interface	YES=def. iface
#	   Any other combination		-reject		config error
case "$multicast_host:$multicast_router" in
NO:NO)
	route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject;;
NO:YES)
	;;
*:NO)
	set `if [ $multicast_host = YES ]; then
		ed -s '!route -n show' <<EOF
/^default/p
EOF
	else
		ed -s "!ifconfig $multicast_host" <<EOF
/^	inet /p
EOF
	fi`
	route -n add -net 224.0.0.0/4 -interface $2;;
*:*)
	echo 'config error, multicasting disabled until rc.conf is fixed'
	route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject;;
esac

# Configure NAT after configuring network interfaces
if [ "${ipnat}" = "YES" -a "${ipfilter}" = "YES" -a -f "${ipnat_rules}" ]; then
	echo 'configuring NAT'
	ipnat -CF -f ${ipnat_rules}
else
	ipnat=NO
fi