svn commit: r206408 - in head: etc etc/defaults etc/rc.d share/man/man5

Fri Apr 9 01:35:09 UTC 2010

Author: dougb
Date: Fri Apr  9 01:35:09 2010
New Revision: 206408
URL: http://svn.freebsd.org/changeset/base/206408

Log:
  Improve the handling of IPv6 configuration in rc.d. The ipv6_enable
  and ipv6_ifconfig_<interface> options have already been deprecated,
  these changes do not alter that.
  
  With these changes any value set for ipv6_enable will emit a
  warning. In order to avoid a POLA violation for the deprecation
  of the option ipv6_enable=NO will still disable configuration
  for all interfaces other than lo0. ipv6_enable=YES will not have
  any effect, but will emit an additional warning. Support and
  warnings for this option will be removed in FreeBSD 10.x.
  
  Consistent with the current code, in order for IPv6 to be configured
  on an interface (other than lo0) an ifconfig_<interface>_ipv6
  option will have to be added to /etc/rc.conf[.local].
  
  1. Clean up and minor optimizations for the following functions:
  ifconfig_up (the ipv6 elements)
  ipv6if
  ipv6_autoconfif
  get_if_var
  _ifconfig_getargs
  The cleanups generally were to move the "easy" tests earlier in the
  functions, and consolidate duplicate code.
  
  2. Stop overloading ipv6_prefer with the ability to disable IPv6
  configuration.
  
  3. Remove noafif() which was only ever called from ipv6_autoconfif.
  Instead, simplify and integrate the tests into that function, and
  convert the test to use is_wired_interface() instead of listing
  wireless interfaces explicitly.
  
  4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
  into _ifconfig_getargs. This dramatically simplifies the code in
  all of the callers, and avoids a lot of other code duplication.
  
  5. In rc.d/netoptions, add code for an ipv6_privacy option to use
  RFC 4193 style pseudo-random addresses (this is what windows does
  by default, FYI).
  
  6. Add support for the [NO]RTADV options in ifconfig_getargs() and
  ipv6_autoconfif(). In the latter, include support for the explicit
  addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
  in the current code.
  
  7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
  the set_rcvar_obsolete for it. Also remove the latter from
  rc.d/ip6addrctl.
  
  8. In /etc/defaults/rc.conf:
  
  Add an example for RTADV configuration.
  
  Set ipv6_network_interfaces to AUTO.
  
  Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
  no effect.
  
  Add a default for ipv6_privacy (NO).
  
  9. Document all of this in rc.conf.5.

Modified:
  head/etc/defaults/rc.conf
  head/etc/network.subr
  head/etc/rc.d/ip6addrctl
  head/etc/rc.d/netif
  head/etc/rc.d/netoptions
  head/share/man/man5/rc.conf.5

Modified: head/etc/defaults/rc.conf
==============================================================================

--- head/etc/defaults/rc.conf	Fri Apr  9 01:33:12 2010	(r206407)
+++ head/etc/defaults/rc.conf	Fri Apr  9 01:35:09 2010	(r206408)
@@ -210,6 +210,7 @@ cloned_interfaces=""		# List of cloned n
 ifconfig_lo0="inet 127.0.0.1"	# default loopback device configuration.
 #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
 #ifconfig_ed0_ipx="ipx 0x00010010"	# Sample IPX address family entry.
+#ifconfig_ed0_ipv6="RTADV" 	# Sample IPv6 entry for RA/rtsol(8)
 #ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry
 #ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias
 #ifconfig_fxp0_name="net0"	# Change interface name from fxp0 to net0.
@@ -439,8 +440,9 @@ rfcomm_pppd_server_two_channel="3"	# Ove
 icmp_bmcastecho="NO"	# respond to broadcast ping packets
 
 ### IPv6 options: ###
-ipv6_network_interfaces="none"	# List of IPv6 network interfaces
-				# (or "auto" or "none").
+ipv6_network_interfaces="AUTO"	# List of IPv6 network interfaces
+ipv6_prefer="YES" 		# Use IPv6 when both IPv4 and IPv6 can be used
+ipv6_privacy="NO" 		# Use privacy addresses with RTADV (RFC 4193)
 ipv6_defaultrouter="NO"		# Set to IPv6 default gateway (or NO).
 #ipv6_defaultrouter="2002:c058:6301::"	# Use this for 6to4 (RFC 3068)
 ipv6_static_routes=""		# Set to static route list (or leave empty).
@@ -499,7 +501,6 @@ ipv6_ipfilter_rules="/etc/ipf6.rules"	# 
 					# for examples
 ip6addrctl_enable="YES"	# Set to YES to enable default address selection
 ip6addrctl_verbose="NO"	# Set to YES to enable verbose configuration messages
-ipv6_prefer="NO"	# Use IPv6 when both IPv4 and IPv6 can be used
 
 ##############################################################
 ###  System console options  #################################

Modified: head/etc/network.subr
==============================================================================
--- head/etc/network.subr	Fri Apr  9 01:33:12 2010	(r206407)
+++ head/etc/network.subr	Fri Apr  9 01:35:09 2010	(r206408)
@@ -96,44 +96,32 @@ ifconfig_up()
 	# inet6 specific
 	if afexists inet6; then
 		if ipv6if $1; then
-			if checkyesno ipv6_gateway_enable; then
-				_ipv6_opts="-accept_rtadv"
-			fi
-		else
-			if checkyesno ipv6_prefer; then
-				_ipv6_opts="-ifdisabled"
-			else
-				_ipv6_opts="ifdisabled"
+			# Implicitly handles ipv6_gateway_enable
+			_ipv6_opts='-ifdisabled -accept_rtadv'
+
+			if ipv6_autoconfif $1; then
+				_ipv6_opts='-ifdisabled accept_rtadv'
 			fi
 
-			# backward compatibility: $ipv6_enable
-			case $ipv6_enable in
-			[Yy][Ee][Ss])
-				_ipv6_opts="${_ipv6_opts} accept_rtadv"
-				;;
-			esac
-		fi
+			ifconfig $1 inet6 $_ipv6_opts
 
-		if [ -n "${_ipv6_opts}" ]; then
-			ifconfig $1 inet6 ${_ipv6_opts}
-		fi
+			# ifconfig_IF_ipv6
+			ifconfig_args=`ifconfig_getargs $1 ipv6`
 
-		# ifconfig_IF_ipv6
-		ifconfig_args=`ifconfig_getargs $1 ipv6`
-		if [ -n "${ifconfig_args}" ]; then
-			ifconfig $1 inet6 -ifdisabled
-			ifconfig $1 ${ifconfig_args}
-			_cfg=0
-		fi
+			if [ -n "$ifconfig_args" ]; then
+				ifconfig $1 $ifconfig_args
+				_cfg=0
+			fi
+		else
+		# Remove in FreeBSD 10.x
+		# Explicit test is necessary here to avoid nonexistence error
+			case "$ipv6_enable" in
+			[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+			warn "Interface $1 will NOT be configured for IPv6"
+				;;
+			esac
 
-		# backward compatiblity: $ipv6_ifconfig_IF
-		ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF`
-		if [ -n "${ifconfig_args}" ]; then
-			warn "\$ipv6_ifconfig_$1 is obsolete." \
-			    "  Use ifconfig_$1_ipv6 instead."
-			ifconfig $1 inet6 -ifdisabled
-			ifconfig $1 inet6 ${ifconfig_args}
-			_cfg=0
+			ifconfig $1 inet6 ifdisabled
 		fi
 	fi
 
@@ -194,7 +182,7 @@ ifconfig_down()
 #	$default if given.
 get_if_var()
 {
-	local _if _punct _var _default prefix suffix
+	local _if _punct _punct_c _var _default prefix suffix
 
 	if [ $# -ne 2 -a $# -ne 3 ]; then
 		err 3 'USAGE: get_if_var name var [default]'
@@ -219,7 +207,7 @@ get_if_var()
 #	outside this file.
 _ifconfig_getargs()
 {
-	local _ifn _af
+	local _ifn _af value
 	_ifn=$1
 	_af=${2+_$2}
 
@@ -227,7 +215,18 @@ _ifconfig_getargs()
 		return 1
 	fi
 
-	get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT"
+	value=`get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT"`
+
+	# Remove in FreeBSD 10.x
+	if [ "$_af" = _ipv6 -a -z "$value" ]; then
+		value=`get_if_var $_ifn ipv6_ifconfig_IF "$ifconfig_DEFAULT"`
+		if [ -n "$value" ]; then
+			warn "\$ipv6_ifconfig_$1 is obsolete." \
+			"  Use ifconfig_$1_ipv6 instead."
+		fi
+	fi
+
+	echo $value
 }
 
 # ifconfig_getargs if [af]
@@ -249,6 +248,8 @@ ifconfig_getargs()
 		[Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;;
 		[Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;;
 		[Ww][Pp][Aa]) ;;
+		[Rr][Tt][Aa][Dd][Vv]) ;;
+		[Nn][Oo][Rr][Tt][Aa][Dd][Vv]) ;;
 		*)
 			_args="$_args $_arg"
 			;;
@@ -372,77 +373,45 @@ afexists()
 	esac
 }
 
-# noafif if
-#	Returns 0 if the interface has no af configuration and 1 otherwise.
-noafif()
-{
-	local _if
-	_if=$1
-
-	case $_if in
-	pflog[0-9]*|\
-	pfsync[0-9]*|\
-	an[0-9]*|\
-	ath[0-9]*|\
-	ipw[0-9]*|\
-	iwi[0-9]*|\
-	iwn[0-9]*|\
-	ral[0-9]*|\
-	wi[0-9]*|\
-	wl[0-9]*|\
-	wpi[0-9]*)
-		return 0
-		;;
-	esac
-
-	return 1
-}
-
 # ipv6if if
 #	Returns 0 if the interface should be configured for IPv6 and
 #	1 otherwise.
 ipv6if()
 {
-	local _if _tmpargs i
-	_if=$1
-
 	if ! afexists inet6; then
 		return 1
 	fi
 
 	# lo0 is always IPv6-enabled
-	case $_if in
+	case $1 in
 	lo0)
 		return 0
 		;;
 	esac
 
-	# True if $ifconfig_IF_ipv6 is defined.
-	_tmpargs=`_ifconfig_getargs $_if ipv6`
-	if [ -n "${_tmpargs}" ]; then
-		return 0
-	fi
-
-	# backward compatibility: True if $ipv6_ifconfig_IF is defined.
-	_tmpargs=`get_if_var $_if ipv6_ifconfig_IF`
-	if [ -n "${_tmpargs}" ]; then
-		return 0
-	fi
+	local _if _tmpargs i
+	_if=$1
 
-	case "${ipv6_network_interfaces}" in
-	[Aa][Uu][Tt][Oo])
-		return 0
-		;;
+	case "$ipv6_network_interfaces" in
 	''|[Nn][Oo][Nn][Ee])
 		return 1
 		;;
+	$_if|"$_if "*|*" $_if"|*" $_if "*|[Aa][Uu][Tt][Oo])
+		# True if $ifconfig_IF_ipv6 is defined.
+		_tmpargs=`_ifconfig_getargs $_if ipv6`
+		;;
 	esac
 
-	for i in ${ipv6_network_interfaces}; do
-		if [ "$i" = "$_if" ]; then
-			return 0
-		fi
-	done
+	if [ -n "$_tmpargs" ]; then
+		# Remove in FreeBSD 10.x
+		# Explicit test is necessary here to avoid nonexistence error
+		case "$ipv6_enable" in
+		[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
+			;;
+		*)	return 0
+			;;
+		esac
+	fi
 
 	return 1
 }
@@ -452,15 +421,24 @@ ipv6if()
 #	Stateless Address Configuration, 1 otherwise.
 ipv6_autoconfif()
 {
+	case $1 in
+	lo0|\
+	stf[0-9]*|\
+	faith[0-9]*|\
+	lp[0-9]*|\
+	sl[0-9]*|\
+	pflog[0-9]*|\
+	pfsync[0-9]*)
+		return 1
+		;;
+	esac
+
 	local _if _tmpargs _arg
 	_if=$1
 
 	if ! ipv6if $_if; then
 		return 1
 	fi
-	if noafif $_if; then
-		return 1
-	fi
 	if checkyesno ipv6_gateway_enable; then
 		return 1
 	fi
@@ -468,45 +446,24 @@ ipv6_autoconfif()
 	if [ -n "${_tmpargs}" ]; then
 		return 1
 	fi
+	if ! is_wired_interface $_if; then
+		case $_if in
+		wlan[0-9]*)	;;	# Allow test to continue
+		*)	return 1
+			;;
+		esac
+	fi
 
-	case $_if in
-	lo0|\
-	stf[0-9]*|\
-	faith[0-9]*|\
-	lp[0-9]*|\
-	sl[0-9]*|\
-	pflog[0-9]*|\
-	pfsync[0-9]*)
+	_tmpargs=`_ifconfig_getargs $_if ipv6`
+	case "$_tmpargs" in
+	*inet6\ *|*[Nn][Oo][Rr][Tt][Aa][Dd][Vv]*|*-accept_rtadv*)
 		return 1
 		;;
-	esac
-
-	# backward compatibility: $ipv6_enable
-	case $ipv6_enable in
-	[Yy][Ee][Ss])
+	*[Rr][Tt][Aa][Dd][Vv]*|*accept_rtadv*)
 		return 0
 		;;
 	esac
 
-	_tmpargs=`_ifconfig_getargs $_if ipv6`
-	for _arg in $_tmpargs; do
-		case $_arg in
-		accept_rtadv)
-			return 0
-			;;
-		esac
-	done
-
-	# backward compatibility: $ipv6_ifconfig_IF
-	_tmpargs=`get_if_var $_if ipv6_ifconfig_IF`
-	for _arg in $_tmpargs; do
-		case $_arg in
-		accept_rtadv)
-			return 0
-			;;
-		esac
-	done
-
 	return 1
 }
 

Modified: head/etc/rc.d/ip6addrctl
==============================================================================
--- head/etc/rc.d/ip6addrctl	Fri Apr  9 01:33:12 2010	(r206407)
+++ head/etc/rc.d/ip6addrctl	Fri Apr  9 01:35:09 2010	(r206408)
@@ -20,8 +20,6 @@ status_cmd="ip6addrctl"
 prefer_ipv6_cmd="ip6addrctl_prefer_ipv6"
 prefer_ipv4_cmd="ip6addrctl_prefer_ipv4"
 
-set_rcvar_obsolete ipv6_enable ipv6_prefer
-
 ip6addrctl_prefer_ipv6()
 {
 	afexists inet6 || return 0

Modified: head/etc/rc.d/netif
==============================================================================
--- head/etc/rc.d/netif	Fri Apr  9 01:33:12 2010	(r206407)
+++ head/etc/rc.d/netif	Fri Apr  9 01:35:09 2010	(r206408)
@@ -34,6 +34,7 @@
 . /etc/network.subr
 
 name="network"
+start_precmd="network_prestart"
 start_cmd="network_start"
 stop_cmd="network_stop"
 cloneup_cmd="clone_up"
@@ -41,7 +42,13 @@ clonedown_cmd="clone_down"
 extra_commands="cloneup clonedown"
 cmdifn=
 
-set_rcvar_obsolete ipv6_enable ipv6_prefer
+network_prestart()
+{
+	if [ -n "$ipv6_enable" ]; then
+		warn 'The ipv6_enable option is deprecated.'
+		warn 'See rc.conf(5) for information on disabling IPv6.'
+	fi
+}
 
 network_start()
 {

Modified: head/etc/rc.d/netoptions
==============================================================================
--- head/etc/rc.d/netoptions	Fri Apr  9 01:33:12 2010	(r206407)
+++ head/etc/rc.d/netoptions	Fri Apr  9 01:35:09 2010	(r206408)
@@ -99,6 +99,13 @@ netoptions_inet6()
 	else
 		${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null
 	fi
+
+	if checkyesno ipv6_privacy; then
+		netoptions_init
+		echo -n " IPv6 Privacy Addresses"
+		${SYSCTL_W} net.inet6.ip6.use_tempaddr=1 >/dev/null
+		${SYSCTL_W} net.inet6.ip6.prefer_tempaddr=1 >/dev/null
+	fi
 }
 
 load_rc_config $name

Modified: head/share/man/man5/rc.conf.5
==============================================================================
--- head/share/man/man5/rc.conf.5	Fri Apr  9 01:33:12 2010	(r206407)
+++ head/share/man/man5/rc.conf.5	Fri Apr  9 01:35:09 2010	(r206408)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 05, 2010
+.Dd April 8, 2010
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -1292,79 +1292,98 @@ It is also possible to rename an interfa
 ifconfig_ed0_name="net0"
 ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"
 .Ed
+.\" Remove in FreeBSD 10.x
 .It Va ipv6_enable
 .Pq Vt bool
-If the variable is
-.Dq Li YES ,
-.Dq Li inet6 accept_rtadv
-is added to all of
-.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
-and the
-.Va ipv6_prefer
-is defined as
-.Dq Li YES .
 .Pp
-This variable is deprecated.  Use
-.Va ipv6_prefer
-and
-.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 .
-.It Va ipv6_prefer
-.Pq Vt bool
-This variable does the following:
+This option is deprecated.
 .Pp
 If the variable is
-.Dq Li YES ,
-the default policy of the source address selection set by
-.Xr ip6addrctl 8
-will be IPv6-preferred.
+.Dq Li YES
+it has no effect.
+To configure IPv6 for an interface see
+.Va ipv6_network_interfaces
+below.
 .Pp
 If the variable is
-.Dq Li NO ,
-the default policy of the source address selection set by
-.Xr ip6addrctl 8
-will be IPv4-preferred, and all of interfaces which does not have the
-corrsponding
-.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
-variable will be marked as
-.Dq Li IFDISABLED .
-This means only IPv6 functionality on that interface is completely
-disabled.  For more details of
-.Dq Li IFDISABLED
-flag and keywords
-.Dq Li inet6 ifdisabled ,
-see
-.Xr ifconfig 8 .
-.Pp
+.Dq Li NO
+then other than
+.Dq Li lo0
+IPv6 will be disabled for each interface,
+however the same effect can be achieved by
+not configuring the interface.
 .It Va ipv6_network_interfaces
 .Pq Vt str
 This is the IPv6 equivalent of
 .Va network_interfaces .
-Normally manual configuration of this variable is not needed.
+Normally configuration of this variable is not needed,
+the value should be left as
+.Dq Li AUTO .
+.Pp
+If
+.Dq Li INET6
+is configured in the kernel configuration for the
+.Dq Li lo0
+interface will always be performed.
+It is not necessary to list it in
+.Va ipv6_network_interfaces .
+.Pp
+Example configuration to accept Router Advertisements (RA) for the
+.Dq Li ed0
+interface:
+.Bd -literal
+ifconfig_ed0_ipv6="RTADV"
+.Ed
+.Pp
+To disable RA the
+.Dq Li NORTADV
+option is available, although not required if manual
+configuration is performed as described below.
+.Pp
+An IPv6 interface can be configured manually with
+.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 .
+For example:
+.Bd -literal
+ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
+.Ed
+.Pp
+Manual configuration of an IPv6 address will also
+require configuration of the
+.Va ipv6_defaultrouter
+option.
 .Pp
-IPv6 functionality on an interface should be configured by
-.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
-instead of setting ifconfig parameters in
-.Va ifconfig_ Ns Aq Ar interface .
 Aliases should be set by
 .Va ifconfig_ Ns Ao Ar interface Ac Ns Va _alias Ns Aq Ar n
-with
+with the
 .Dq Li inet6
-keyword.  For example:
+keyword.
+For example:
+.Pp
 .Bd -literal
-ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
 ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
 .Ed
 .Pp
-Interfaces that have an
-.Dq Li inet6 accept_rtadv
-keyword in
-.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
-setting will be automatically configured by
-.Xr rtsol 8 .
-Note that this automatic configuration is disabled if the
-.Va ipv6_gateway_enable
-is set to
-.Dq Li YES .
+.It Va ipv6_prefer
+.Pq Vt bool
+If the variable is
+.Dq Li YES ,
+the default policy of the source address selection set by
+.Xr ip6addrctl 8
+will be IPv6-preferred.
+.Pp
+If the variable is
+.Dq Li NO ,
+the default policy of the source address selection set by
+.Xr ip6addrctl 8
+will be IPv4-preferred.
+.Pp
+.It Va ipv6_privacy
+.Pq Vt bool
+If the variable is
+.Dq Li YES
+privacy addresses will be generated for each IPv6
+interface as described in RFC 4193.
+.Pp
 .It Va ipv6_prefix_ Ns Aq Ar interface
 .Pq Vt str
 If one or more prefixes are defined in
