Author: hrs
Date: Mon Sep 13 19:55:40 2010
New Revision: 212579
URL: http://svn.freebsd.org/changeset/base/212579
Log:
Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces.
The $ip6addrctl_policy is a variable to choose a pre-defined address
selection policy set by ip6addrctl(8).
The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3,
the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484,
respectively. When "AUTO" is specified, it attempts to read
/etc/ip6addrctl.conf first. If it is found, it reads and installs it as
a policy table. If not, either of the two pre-defined policy tables is
chosen automatically according to $ipv6_activate_all_interfaces.
When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding
$ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.
The default values are ip6addrctl_policy=AUTO and
ipv6_activate_all_interfaces=NO.
Discussed with: ume and bz
Modified:
head/UPDATING
head/etc/defaults/rc.conf
head/etc/network.subr
head/etc/rc.d/ip6addrctl
head/etc/rc.d/netif
head/share/man/man5/rc.conf.5
Modified: head/UPDATING
==============================================================================
--- head/UPDATING Mon Sep 13 19:53:54 2010 (r212578)
+++ head/UPDATING Mon Sep 13 19:55:40 2010 (r212579)
@@ -23,6 +23,25 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 9.
ln -s aj /etc/malloc.conf.)
20100913:
+ The $ipv6_prefer variable in rc.conf(5) has been split into
+ $ip6addrctl_policy and $ipv6_activate_all_interfaces.
+
+ The $ip6addrctl_policy is a variable to choose a pre-defined
+ address selection policy set by ip6addrctl(8). A value
+ "ipv4_prefer", "ipv6_prefer" or "AUTO" can be specified. The
+ default is "AUTO".
+
+ The $ipv6_activate_all_interfaces specifies whether IFDISABLED
+ flag (see an entry of 20090926) is set on an interface with no
+ corresponding $ifconfig_IF_ipv6 line. The default is "NO" for
+ security reason. If you want IPv6 link-local address on all
+ interfaces by default, set this to "YES".
+
+ The old ipv6_prefer="YES" is equivalent to
+ ipv6_activate_all_interfaces="YES" and
+ ip6addrctl_policy="ipv6_prefer".
+
+20100913:
DTrace has grown support for userland tracing. Due to this, DTrace is
now i386 and amd64 only.
dtruss(1) is now installed by default on those systems and a new
Modified: head/etc/defaults/rc.conf
==============================================================================
--- head/etc/defaults/rc.conf Mon Sep 13 19:53:54 2010 (r212578)
+++ head/etc/defaults/rc.conf Mon Sep 13 19:55:40 2010 (r212579)
@@ -446,6 +446,10 @@ icmp_bmcastecho="NO" # respond to broadc
### IPv6 options: ###
ipv6_network_interfaces="auto" # List of IPv6 network interfaces
# (or "auto" or "none").
+ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no
+ # corresponding $ifconfig_IF_ipv6 is
+ # marked as IFDISABLED for security
+ # reason.
ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO).
#ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068)
ipv6_static_routes="" # Set to static route list (or leave empty).
@@ -506,7 +510,8 @@ ipv6_ipfilter_rules="/etc/ipf6.rules" #
# for examples
ip6addrctl_enable="YES" # Set to YES to enable default address selection
ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration
messages
-ipv6_prefer="NO" # Use IPv6 when both IPv4 and IPv6 can be used
+ip6addrctl_policy="AUTO" # A pre-defined address selection policy
+ # (ipv4_prefer, ipv6_prefer, or AUTO)
##############################################################
### System console options #################################
Modified: head/etc/network.subr
==============================================================================
--- head/etc/network.subr Mon Sep 13 19:53:54 2010 (r212578)
+++ head/etc/network.subr Mon Sep 13 19:55:40 2010 (r212579)
@@ -100,7 +100,7 @@ ifconfig_up()
_ipv6_opts="-accept_rtadv"
fi
else
- if checkyesno ipv6_prefer; then
+ if checkyesno ipv6_activate_all_interfaces; then
_ipv6_opts="-ifdisabled"
else
_ipv6_opts="ifdisabled"
Modified: head/etc/rc.d/ip6addrctl
==============================================================================
--- head/etc/rc.d/ip6addrctl Mon Sep 13 19:53:54 2010 (r212578)
+++ head/etc/rc.d/ip6addrctl Mon Sep 13 19:55:40 2010 (r212579)
@@ -19,8 +19,10 @@ extra_commands="status prefer_ipv6 prefe
status_cmd="ip6addrctl"
prefer_ipv6_cmd="ip6addrctl_prefer_ipv6"
prefer_ipv4_cmd="ip6addrctl_prefer_ipv4"
+config_file="/etc/ip6addrctl.conf"
-set_rcvar_obsolete ipv6_enable ipv6_prefer
+set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces
+set_rcvar_obsolete ipv6_prefer ip6addrctl_policy
ip6addrctl_prefer_ipv6()
{
@@ -53,17 +55,40 @@ ip6addrctl_start()
afexists inet6 || return 0
# install the policy of the address selection algorithm.
- if [ -f /etc/ip6addrctl.conf ]; then
- ip6addrctl flush >/dev/null 2>&1
- ip6addrctl install /etc/ip6addrctl.conf
- checkyesno ip6addrctl_verbose && ip6addrctl
- else
- if checkyesno ipv6_prefer; then
- ip6addrctl_prefer_ipv6
+ case "${ip6addrctl_policy}" in
+ [Aa][Uu][Tt][Oo])
+ if [ -r "${config_file}" -a -s "${config_file}" ]; then
+ ip6addrctl flush >/dev/null 2>&1
+ ip6addrctl install "${config_file}"
+ checkyesno ip6addrctl_verbose && ip6addrctl
else
- ip6addrctl_prefer_ipv4
+ if checkyesno ipv6_activate_all_interfaces; then
+ ip6addrctl_prefer_ipv6
+ else
+ ip6addrctl_prefer_ipv4
+ fi
fi
- fi
+ ;;
+ ipv4_prefer)
+ ip6addrctl_prefer_ipv4
+ ;;
+ ipv6_prefer)
+ ip6addrctl_prefer_ipv6
+ ;;
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+ # Backward compatibility when ipv6_prefer=YES
+ ip6addrctl_prefer_ipv6
+ ;;
+ [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
+ # Backward compatibility when ipv6_prefer=NO
+ ip6addrctl_prefer_ipv4
+ ;;
+ *)
+ warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \
+ " \"ipv4_prefer\" is used instead."
+ ip6addrctl_prefer_ipv4
+ ;;
+ esac
}
ip6addrctl_stop()
Modified: head/etc/rc.d/netif
==============================================================================
--- head/etc/rc.d/netif Mon Sep 13 19:53:54 2010 (r212578)
+++ head/etc/rc.d/netif Mon Sep 13 19:55:40 2010 (r212579)
@@ -41,7 +41,8 @@ clonedown_cmd="clone_down"
extra_commands="cloneup clonedown"
cmdifn=
-set_rcvar_obsolete ipv6_enable ipv6_prefer
+set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces
+set_rcvar_obsolete ipv6_prefer
network_start()
{
Modified: head/share/man/man5/rc.conf.5
==============================================================================
--- head/share/man/man5/rc.conf.5 Mon Sep 13 19:53:54 2010
(r212578)
+++ head/share/man/man5/rc.conf.5 Mon Sep 13 19:55:40 2010
(r212579)
@@ -1269,41 +1269,49 @@ If the variable is
is added to all of
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
and the
-.Va ipv6_prefer
+.Va ipv6_activate_all_interfaces
is defined as
.Dq Li YES .
.Pp
This variable is deprecated. Use
-.Va ipv6_prefer
+.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
and
-.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 .
+.Va ipv6_activate_all_interfaces
+if necessary.
.It Va ipv6_prefer
.Pq Vt bool
-This variable does the following:
-.Pp
If the variable is
.Dq Li YES ,
-the default policy of the source address selection set by
+the default address selection policy table set by
.Xr ip6addrctl 8
will be IPv6-preferred.
.Pp
If the variable is
.Dq Li NO ,
-the default policy of the source address selection set by
+the default address selection policy table set by
.Xr ip6addrctl 8
-will be IPv4-preferred, and all of interfaces which does not have the
-corrsponding
+will be IPv4-preferred.
+.Pp
+This variable is deprecated. Use
+.Va ip6addtctl_policy
+instead.
+.It Va ipv6_activate_all_interfaces
+If the variable is
+.Dq Li NO ,
+all of interfaces which do not have the corrsponding
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
variable will be marked as
-.Dq Li IFDISABLED .
-This means only IPv6 functionality on that interface is completely
-disabled. For more details of
+.Dq Li IFDISABLED
+for security reason. This means only IPv6 functionality on that interface
+is completely disabled. For more details of
.Dq Li IFDISABLED
flag and keywords
.Dq Li inet6 ifdisabled ,
see
.Xr ifconfig 8 .
.Pp
+Default is
+.Dq Li NO .
.It Va ipv6_privacy
.Pq Vt bool
If the variable is
@@ -1316,6 +1324,8 @@ This is the IPv6 equivalent of
.Va network_interfaces .
Normally manual configuration of this variable is not needed.
.Pp
+.It Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6
+.Pq Vt str
IPv6 functionality on an interface should be configured by
.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6 ,
instead of setting ifconfig parameters in
@@ -1354,22 +1364,52 @@ this is the default output interface for
This works only with ipv6_gateway_enable="NO".
.It Va ip6addrctl_enable
.Pq Vt bool
-If set to
-.Dq Li YES ,
-install default address selection policy table
+This variable is to enable configuring default address selection policy table
.Pq RFC 3484 .
-If a file
+The table can be specified in another variable
+.Va ip6addrctl_policy .
+For
+.Va ip6addrctl_policy
+the following keywords can be specified:
+.Dq Li ipv4_prefer ,
+.Dq Li ipv6_prefer ,
+or
+.Dq Li AUTO .
+.Pp
+If
+.Dq Li ipv4_prefer
+or
+.Dq Li ipv6_prefer
+is specified,
+.Xr ip6addrctl 8
+installs a pre-defined policy table described in Section 2.1
+.Pq IPv6-preferred
+or 10.3
+.Pq IPv4-preferred
+of RFC 3484.
+.Pp
+If
+.Dq Li AUTO
+is specified, it attempts to read a file
.Pa /etc/ip6addrctl.conf
-is found the
+first. If this file is found,
.Xr ip6addrctl 8
-reads and installs it.
-If not, a pre-defined policy table will be installed.
-There are two pre-defined ones; IPv4-preferred and IPv6-preferred.
-If set
-.Va ipv6_prefer
-variable to
+reads and installs it. If not found, a policy is automatically set
+according to
+.Va ipv6_activate_all_interfaces
+variable; if the variable is set to
+.Dq Li YES
+the IPv6-preferred one is used. Otherwise IPv4-preferred.
+.Pp
+The default value of
+.Va ip6addrctl_enable
+and
+.Va ip6addrctl_policy
+are
.Dq Li YES
-the IPv6-preferred one is used. Default is IPv4-preferred.
+and
+.Dq Li AUTO ,
+respectively.
.It Va cloned_interfaces
.Pq Vt str
Set to the list of clonable network interfaces to create on this host.
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
