1#!/bin/sh - 2# 3# $OpenBSD: netstart,v 1.86 2003/02/16 23:25:40 krw Exp $ 4 5# Returns true if $1 contains only alphanumerics 6isalphanumeric() { 7 local _n 8 _n=$1 9 while [ ${#_n} != 0 ]; do 10 case $_n in 11 [A-Za-z0-9]*) ;; 12 *) return 1;; 13 esac 14 _n=${_n#?} 15 done 16 return 0 17} 18 19# Start the $1 interface 20ifstart() { 21 if=$1 22 # Interface names must be alphanumeric only. We check to avoid 23 # configuring backup or temp files, and to catch the "*" case. 24 if ! isalphanumeric "$if"; then 25 return 26 fi 27 28 ifconfig $if > /dev/null 2>&1 29 if [ "$?" != "0" ]; then 30 return 31 fi 32 33 # Now parse the hostname.* file 34 while :; do 35 if [ "$cmd2" ]; then 36 # We are carrying over from the 'read dt dtaddr' 37 # last time. 38 set -- $cmd2 39 af="$1" name="$2" mask="$3" bcaddr="$4" ext1="$5" cmd2= 40 # Make sure and get any remaining args in ext2, 41 # like the read below 42 i=1 43 while [ i -lt 6 -a -n "$1" ]; do shift; let i=i+1; done 44 ext2="$@" 45 else 46 # Read the next line or exit the while loop. 47 read af name mask bcaddr ext1 ext2 || break 48 fi 49 # $af can be "dhcp", "up", "rtsol", an address family, 50 # commands, or a comment. 51 case "$af" in 52 "#"*|"") # skip comments and empty lines 53 continue 54 ;; 55 "!"*) # parse commands 56 cmd="${af#*!} ${name} ${mask} ${bcaddr} ${ext1} ${ext2}" 57 ;; 58 "bridge") 59 cmd="echo /etc/hostname.$if: bridges now supported via bridgename.* files" 60 ;; 61 "dhcp") 62 [ "$name" = "NONE" ] && name= 63 [ "$mask" = "NONE" ] && mask= 64 [ "$bcaddr" = "NONE" ] && bcaddr= 65 ifconfig $if $name $mask $bcaddr $ext1 $ext2 down 66 cmd="dhclient $if" 67 ;; 68 "rtsol") 69 ifconfig $if $name $mask $bcaddr $ext1 $ext2 up 70 rtsolif="$rtsolif $if" 71 cmd= 72 ;; 73 "up") 74 # The only one of these guaranteed to be set is $if. 75 # The remaining ones exist so that media controls work. 76 cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 up" 77 ;; 78 *) 79 read dt dtaddr 80 if [ "$name" = "alias" ]; then 81 # perform a 'shift' of sorts 82 alias=$name 83 name=$mask 84 mask=$bcaddr 85 bcaddr=$ext1 86 ext1=$ext2 87 ext2= 88 else 89 alias= 90 fi 91 cmd="ifconfig $if $af $alias $name " 92 case "$dt" in 93 dest) 94 cmd="$cmd $dtaddr" 95 ;; 96 [a-z!]*) 97 cmd2="$dt $dtaddr" 98 ;; 99 esac 100 if [ ! -n "$name" ]; then 101 echo "/etc/hostname.$if: invalid network configuration file" 102 return 103 fi 104 case $af in 105 inet) 106 [ "$mask" ] && cmd="$cmd netmask $mask" 107 if [ "$bcaddr" -a "X$bcaddr" != "XNONE" ]; then 108 cmd="$cmd broadcast $bcaddr" 109 fi 110 [ "$alias" ] && rtcmd=";route -n add -host $name 127.0.0.1" 111 ;; 112 inet6) [ "$mask" ] && cmd="$cmd prefixlen $mask" 113 cmd="$cmd $bcaddr" 114 ;; 115 *) 116 cmd="$cmd $mask $bcaddr" 117 ;; 118 esac 119 cmd="$cmd $ext1 $ext2$rtcmd" rtcmd= 120 ;; 121 esac 122 eval "$cmd" 123 done < /etc/hostname.$if 124} 125 126# Start the $1 bridge 127bridgestart() { 128 # Interface names must be alphanumeric only. We check to avoid 129 # configuring backup or temp files, and to catch the "*" case. 130 if ! isalphanumeric "$1"; then 131 return 132 fi 133 brconfig $1 > /dev/null 2>&1 134 if [ "$?" != "0" ]; then 135 return 136 fi 137 138 # Now parse the bridgename.* file 139 # All lines are run as brconfig(8) commands. 140 while read line ; do 141 line=${line%%#*} # strip comments 142 test -z "$line" && continue 143 case "$line" in 144 "!"*) 145 cmd="${line#*!}" 146 ;; 147 *) 148 cmd="brconfig $1 $line" 149 ;; 150 esac 151 eval "$cmd" 152 done < /etc/bridgename.$1 153} 154 155# Re-read /etc/rc.conf 156. /etc/rc.conf 157 158# If we were invoked with a list of interface names, just reconfigure these 159# interfaces (or bridges) and return. 160if [ $1x = autobootx ]; then 161 shift 162fi 163if [ $# -gt 0 ]; then 164 while [ $# -gt 0 ]; do 165 if [ -f /etc/bridgename.$1 ]; then 166 bridgestart $1 167 else 168 ifstart $1 169 fi 170 shift 171 done 172 return 173fi 174 175# Otherwise, process with the complete network initialization. 176 177# /etc/myname contains my symbolic name 178hostname=`cat /etc/myname` 179hostname $hostname 180if [ -f /etc/defaultdomain ]; then 181 domainname `cat /etc/defaultdomain` 182fi 183 184# Set the address for the loopback interface. 185# It will also initialize IPv6 address for lo0 (::1 and others). 186ifconfig lo0 inet localhost 187 188# Use loopback, not the wire. 189route -n add -host $hostname localhost > /dev/null 190route -n add -net 127 127.0.0.1 -reject > /dev/null 191 192if ifconfig lo0 inet6 >/dev/null 2>&1; then 193 # IPv6 configurations. 194 ip6kernel=YES 195 196 # Disallow link-local unicast dest without outgoing scope identifiers. 197 route add -inet6 fe80:: -prefixlen 10 ::1 -reject > /dev/null 198 199 # Disallow site-local unicast dest without outgoing scope identifiers. 200 # If you configure site-locals without scope id (it is permissible 201 # config for routers that are not on scope boundary), you may want 202 # to comment the line out. 203 route add -inet6 fec0:: -prefixlen 10 ::1 -reject > /dev/null 204 205 # Disallow "internal" addresses to appear on the wire. 206 route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null 207 208 # Disallow packets to malicious IPv4 compatible prefix. 209 route add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject > /dev/null 210 route add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject > /dev/null 211 route add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject > /dev/null 212 route add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject > /dev/null 213 214 # Disallow packets to malicious 6to4 prefix. 215 route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject > /dev/null 216 route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject > /dev/null 217 route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null 218 route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null 219 220 # Completely disallow packets to IPv4 compatible prefix. 221 # This may conflict with RFC1933 under following circumstances: 222 # (1) An IPv6-only KAME node tries to originate packets to IPv4 223 # compatible destination. The KAME node has no IPv4 compatible 224 # support. Under RFC1933, it should transmit native IPv6 225 # packets toward IPv4 compatible destination, hoping it would 226 # reach a router that forwards the packet toward auto-tunnel 227 # interface. 228 # (2) An IPv6-only node originates a packet to an IPv4 compatible 229 # destination. A KAME node is acting as an IPv6 router, and 230 # asked to forward it. 231 # Due to rare use of IPv4 compatible addresses, and security issues 232 # with it, we disable it by default. 233 route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null 234 235 rtsolif="" 236else 237 ip6kernel=NO 238fi 239 240# Configure all the non-loopback interfaces which we know about. 241# Refer to hostname.if(5) and bridgename.if(5) 242for hn in /etc/hostname.*; do 243 # Strip off /etc/hostname. prefix 244 if=${hn#/etc/hostname.} 245 test "$if" = "*" && continue 246 247 case $if in 248 "gif"*|"gre"*) 249 # GIF and GRE interfaces need the routes to be setup before 250 # they are configured. 251 continue 252 ;; 253 *) 254 ifstart $if 255 ;; 256 esac 257done 258 259if [ "$ip6kernel" = "YES" -a "x$rtsolif" != "x" ]; then 260 fw=`sysctl -n net.inet6.ip6.forwarding` 261 ra=`sysctl -n net.inet6.ip6.accept_rtadv` 262 if [ "x$fw" = "x0" -a "x$ra" = "x1" ]; then 263 echo "IPv6 autoconf:$rtsolif" 264 rtsol $rtsolif 265 else 266 echo "WARNING: inconsistent config - check /etc/sysctl.conf for IPv6 autoconf" 267 fi 268fi 269if [ "$ip6kernel" = "YES" ]; then 270 # this is to make sure DAD is completed before going further. 271 sleep `sysctl -n net.inet6.ip6.dad_count` 272 sleep 1 273fi 274 275# /etc/mygate, if it exists, contains the name of my gateway host 276# that name must be in /etc/hosts. 277if [ -f /etc/mygate ]; then 278 route delete default > /dev/null 2>&1 279 route -n add -host default `cat /etc/mygate` 280fi 281 282# Multicast routing. 283# 284# The routing to the 224.0.0.0/4 net is setup according to these rules: 285# multicast_host multicast_router route comment 286# NO NO -reject no multicast 287# NO YES none installed daemon will run 288# YES/interface NO -interface YES=def. iface 289# Any other combination -reject config error 290case "$multicast_host:$multicast_router" in 291NO:NO) 292 route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null 293 ;; 294NO:YES) 295 ;; 296*:NO) 297 set `if [ $multicast_host = YES ]; then 298 ed -s '!route -n show -inet' <<EOF 299/^default/p 300EOF 301 else 302 ed -s "!ifconfig $multicast_host" <<EOF 303/^ inet /p 304EOF 305 fi` 306 route -n add -net 224.0.0.0/4 -interface $2 > /dev/null 307 ;; 308*:*) 309 echo 'config error, multicasting disabled until rc.conf is fixed' 310 route -n add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null 311 ;; 312esac 313 314# Configure all the gif and gre interfaces which we know about. 315# They were delayed because they require the routes to be set. 316for hn in /etc/hostname.*; do 317 # Strip off /etc/hostname. prefix 318 if=${hn#/etc/hostname.} 319 test "$if" = "*" && continue 320 321 case $if in 322 "gif"*|"gre"*) 323 ifstart $if 324 ;; 325 *) 326 # Regular interfaces have already been configured. 327 continue 328 ;; 329 esac 330done 331 332# Configure all the bridges. 333for bn in /etc/bridgename.*; do 334 # Strip off /etc/bridgename. prefix 335 if=${bn#/etc/bridgename.} 336 test "$if" = "*" && continue 337 338 bridgestart $if 339done 340