Fincer
/
openntpd-openbsd
mirror of https://github.com/Fincer/openntpd-openbsd

#!/bin/sh -##	$OpenBSD: netstart,v 1.102 2005/01/04 15:40:53 mcbride Exp $
# Strip comments (and leading/trailing whitespace if IFS is set)# from a file and spew to stdoutstripcom() {	local _file="$1"	local _line
	{		while read _line ; do			_line=${_line%%#*}		# strip comments			test -z "$_line" && continue			echo $_line		done	} < $_file}
# Returns true if $1 contains only alphanumericsisalphanumeric() {	local _n	_n=$1	while [ ${#_n} != 0 ]; do		case $_n in			[A-Za-z0-9]*)	;;			*)		return 1;;		esac		_n=${_n#?}	done	return 0}
# Start the $1 interfaceifstart() {	if=$1	# Interface names must be alphanumeric only.  We check to avoid	# configuring backup or temp files, and to catch the "*" case.	if ! isalphanumeric "$if"; then		return	fi
	ifconfig $if > /dev/null 2>&1	if [ "$?" != "0" ]; then		# Try to create interface if it does not exist		ifconfig $if create > /dev/null 2>&1		if [ "$?" != "0" ]; then			return		fi	fi
	# Now parse the hostname.* file	while :; do		if [ "$cmd2" ]; then			# We are carrying over from the 'read dt dtaddr'			# last time.			set -- $cmd2			af="$1" name="$2" mask="$3" bcaddr="$4" ext1="$5" cmd2=			# Make sure and get any remaining args in ext2,			# like the read below			i=1			while [ i -lt 6 -a -n "$1" ]; do shift; let i=i+1; done			ext2="$@"		else			# Read the next line or exit the while loop.			read af name mask bcaddr ext1 ext2 || break		fi		# $af can be "dhcp", "up", "rtsol", an address family,		# commands, or a comment.		case "$af" in		"#"*|"") # skip comments and empty lines			continue			;;		"!"*) # parse commands			cmd="${af#*!} ${name} ${mask} ${bcaddr} ${ext1} ${ext2}"			;;		"bridge")			cmd="echo /etc/hostname.$if: bridges now supported via bridgename.* files"			;;		"dhcp")			[ "$name" = "NONE" ] && name=			[ "$mask" = "NONE" ] && mask=			[ "$bcaddr" = "NONE" ] && bcaddr=			ifconfig $if $name $mask $bcaddr $ext1 $ext2 down			cmd="dhclient $if"			;;		"rtsol")			ifconfig $if $name $mask $bcaddr $ext1 $ext2 up			rtsolif="$rtsolif $if"			cmd=			;;		"up")			# The only one of these guaranteed to be set is $if.			# The remaining ones exist so that media controls work.			cmd="ifconfig $if $name $mask $bcaddr $ext1 $ext2 up"			;;		*)			read dt dtaddr			if [ "$name"  = "alias" ]; then				# perform a 'shift' of sorts				alias=$name				name=$mask				mask=$bcaddr				bcaddr=$ext1				ext1=$ext2				ext2=			else				alias=			fi			cmd="ifconfig $if $af $alias $name "			case "$dt" in			dest)				cmd="$cmd $dtaddr"				;;			[a-z!]*)				cmd2="$dt $dtaddr"				;;			esac			if [ ! -n "$name" ]; then				echo "/etc/hostname.$if: invalid network configuration file"				return			fi			case $af in			inet)				[ "$mask" ] && cmd="$cmd netmask $mask"				if [ "$bcaddr" -a "X$bcaddr" != "XNONE" ]; then					cmd="$cmd broadcast $bcaddr"				fi				[ "$alias" ] && rtcmd=";route -qn add -host $name 127.0.0.1"				;;			inet6) [ "$mask" ] && cmd="$cmd prefixlen $mask"				cmd="$cmd $bcaddr"				;;			*)				cmd="$cmd $mask $bcaddr"				;;			esac			cmd="$cmd $ext1 $ext2$rtcmd" rtcmd=			;;		esac		eval "$cmd"	done < /etc/hostname.$if}
# Start the $1 bridgebridgestart() {	# Interface names must be alphanumeric only.  We check to avoid	# configuring backup or temp files, and to catch the "*" case.	if ! isalphanumeric "$1"; then		return	fi	brconfig $1 > /dev/null 2>&1	if [ "$?" != "0" ]; then		# Try to create interface if it does not exist		ifconfig $if create > /dev/null 2>&1		if [ "$?" != "0" ]; then			return		fi	fi
	# Now parse the bridgename.* file	# All lines are run as brconfig(8) commands.	while read line ; do		line=${line%%#*}		# strip comments		test -z "$line" && continue		case "$line" in		"!"*)			cmd="${line#*!}"			;;		*)			cmd="brconfig $1 $line"			;;		esac		eval "$cmd"	done < /etc/bridgename.$1}
# Re-read /etc/rc.conf. /etc/rc.conf
# If we were invoked with a list of interface names, just reconfigure these# interfaces (or bridges) and return.if [ $1x = autobootx ]; then	shiftfiif [ $# -gt 0 ]; then	while [ $# -gt 0 ]; do		if [ -f /etc/bridgename.$1 ]; then			bridgestart $1		else			ifstart $1		fi		shift	done	returnfi
# Otherwise, process with the complete network initialization.
# /etc/myname contains my symbolic nameif [ -f /etc/myname ]; then	hostname=`stripcom /etc/myname`	hostname $hostnameelse	hostname=`hostname`fi
if [ -f /etc/defaultdomain ]; then	domainname `stripcom /etc/defaultdomain`fi
# Set the address for the loopback interface.  Bringing the# interface up, automatically invokes the IPv6 address ::1)ifconfig lo0 inet 127.0.0.1
if ifconfig lo0 inet6 >/dev/null 2>&1; then	# IPv6 configurations.	ip6kernel=YES
	# Disallow link-local unicast dest without outgoing scope identifiers.	route -qn add -inet6 fe80:: -prefixlen 10 ::1 -reject > /dev/null
	# Disallow site-local unicast dest without outgoing scope identifiers.	# If you configure site-locals without scope id (it is permissible	# config for routers that are not on scope boundary), you may want	# to comment the line out.	route -qn add -inet6 fec0:: -prefixlen 10 ::1 -reject > /dev/null
	# Disallow "internal" addresses to appear on the wire.	route -qn add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null
	# Disallow packets to malicious IPv4 compatible prefix.	route -qn add -inet6 ::224.0.0.0 -prefixlen 100 ::1 -reject > /dev/null	route -qn add -inet6 ::127.0.0.0 -prefixlen 104 ::1 -reject > /dev/null	route -qn add -inet6 ::0.0.0.0 -prefixlen 104 ::1 -reject > /dev/null	route -qn add -inet6 ::255.0.0.0 -prefixlen 104 ::1 -reject > /dev/null
	# Disallow packets to malicious 6to4 prefix.	route -qn add -inet6 2002:e000:: -prefixlen 20 ::1 -reject > /dev/null	route -qn add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject > /dev/null	route -qn add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null	route -qn add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null
	# Completely disallow packets to IPv4 compatible prefix.	# This may conflict with RFC1933 under following circumstances:	# (1) An IPv6-only KAME node tries to originate packets to IPv4	#     compatible destination.  The KAME node has no IPv4 compatible	#     support.  Under RFC1933, it should transmit native IPv6	#     packets toward IPv4 compatible destination, hoping it would	#     reach a router that forwards the packet toward auto-tunnel	#     interface.	# (2) An IPv6-only node originates a packet to an IPv4 compatible	#     destination.  A KAME node is acting as an IPv6 router, and	#     asked to forward it.	# Due to rare use of IPv4 compatible addresses, and security issues	# with it, we disable it by default.	route -qn add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject > /dev/null
	rtsolif=""else	ip6kernel=NOfi
# Configure all the non-loopback interfaces which we know about.# Refer to hostname.if(5) and bridgename.if(5)for hn in /etc/hostname.*; do	# Strip off /etc/hostname. prefix	if=${hn#/etc/hostname.}	test "$if" = "*" && continue
	case $if in	"carp"*|"gif"*|"gre"*|"pfsync"*)		# CARP, GIF, GRE and PFSYNC interfaces need the routes to be setup		# before they are configured.		continue		;;	*)		ifstart $if		;;	esacdone
if [ "$ip6kernel" = "YES" -a "x$rtsolif" != "x" ]; then	fw=`sysctl -n net.inet6.ip6.forwarding`	ra=`sysctl -n net.inet6.ip6.accept_rtadv`	if [ "x$fw" = "x0" -a "x$ra" = "x1" ]; then		echo "IPv6 autoconf:$rtsolif"		rtsol $rtsolif	else		echo "WARNING: inconsistent config - check /etc/sysctl.conf for IPv6 autoconf"	fifiif [ "$ip6kernel" = "YES" ]; then	# this is to make sure DAD is completed before going further.	sleep `sysctl -n net.inet6.ip6.dad_count`fi
# The pfsync interface needs to come up before carp.if [ -f /etc/hostname.pfsync0 ]; then	ifstart pfsync0fi
# Configure all the carp interfaces which we know about.# They must come up after pfsync but before default route.for hn in /etc/hostname.*; do	# Strip off /etc/hostname. prefix	if=${hn#/etc/hostname.}	test "$if" = "*" && continue
	case $if in	"carp"*)		ifstart $if		;;	*)		# Regular interfaces have already been configured.		continue		;;	esacdone
# /etc/mygate, if it exists, contains the name of my gateway host# that name must be in /etc/hosts.if [ -f /etc/mygate ]; then	route -qn delete default > /dev/null 2>&1	route -qn add -host default `stripcom /etc/mygate`fi
# Multicast routing.## The routing to the 224.0.0.0/4 net is setup according to these rules:# multicast_host	multicast_router	route		comment# NO			NO			-reject		no multicast# NO			YES			none installed	daemon will run# YES/interface		NO			-interface	YES=def. iface#	   Any other combination		-reject		config errorcase "$multicast_host:$multicast_router" inNO:NO)	route -qn add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null	;;NO:YES)	;;*:NO)	set `if [ $multicast_host = YES ]; then		ed -s '!route -qn show -inet' <<EOF/^default/pEOF	else		ed -s "!ifconfig $multicast_host" <<EOF/^	inet /pEOF	fi`	route -qn add -net 224.0.0.0/4 -interface $2 > /dev/null	;;*:*)	echo 'config error, multicasting disabled until rc.conf is fixed'	route -qn add -net 224.0.0.0/4 -interface 127.0.0.1 -reject > /dev/null	;;esac
# Configure all the gif and gre interfaces which we know about.# They were delayed because they require the routes to be set.for hn in /etc/hostname.*; do	# Strip off /etc/hostname. prefix	if=${hn#/etc/hostname.}	test "$if" = "*" && continue
	case $if in	"gif"*|"gre"*)		ifstart $if		;;	*)		# Regular interfaces have already been configured.		continue		;;	esacdone
# reject 127/8 other than 127.0.0.1route -qn add -net 127 127.0.0.1 -reject > /dev/null
# Configure all the bridges.for bn in /etc/bridgename.*; do	# Strip off /etc/bridgename. prefix	if=${bn#/etc/bridgename.}	test "$if" = "*" && continue
	bridgestart $ifdone