diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 21007d6600b9..0fa90047e63a 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -1,713 +1,713 @@ #!/bin/sh # This is rc.conf - a file full of useful variables that you can set # to change the default startup behavior of your system. You should # not edit this file! Put any overrides into one of the ${rc_conf_files} # instead and you will be able to update these defaults later without # spamming your local configuration information. # # The ${rc_conf_files} files should only contain values which override # values set in this file. This eases the upgrade path when defaults # are changed and new features are added. # # All arguments must be in double or single quotes. # # For a more detailed explanation of all the rc.conf variables, please # refer to the rc.conf(5) manual page. # # $FreeBSD$ ############################################################## ### Important initial Boot-time options #################### ############################################################## rc_debug="NO" # Set to YES to enable debugging output from rc.d rc_info="NO" # Enables display of informational messages at boot. rc_startmsgs="YES" # Show "Starting foo:" messages at boot rcshutdown_timeout="30" # Seconds to wait before terminating rc.shutdown early_late_divider="FILESYSTEMS" # Script that separates early/late # stages of the boot process. Make sure you know # the ramifications if you change this. # See rc.conf(5) for more details. swapfile="NO" # Set to name of swapfile if aux swapfile desired. apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO). apmd_enable="NO" # Run apmd to handle APM event from userland. apmd_flags="" # Flags to apmd (if enabled). ddb_enable="NO" # Set to YES to load ddb scripts at boot. ddb_config="/etc/ddb.conf" # ddb(8) config file. devd_enable="YES" # Run devd, to trigger programs on device tree changes. devd_flags="" # Additional flags for devd(8). kldxref_enable="NO" # Build linker.hints files with kldxref(8). kldxref_clobber="NO" # Overwrite old linker.hints at boot. kldxref_module_path="" # Override kern.module_path. A ';'-delimited list. powerd_enable="NO" # Run powerd to lower our power usage. powerd_flags="" # Flags to powerd (if enabled). tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never tmpsize="20m" # Size of mfs /tmp if created tmpmfs_flags="-S" # Extra mdmfs options for the mfs /tmp varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never varsize="32m" # Size of mfs /var if created varmfs_flags="-S" # Extra mount options for the mfs /var populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never cleanvar_enable="YES" # Clean the /var directory local_startup="/usr/local/etc/rc.d" # startup script dirs. script_name_sep=" " # Change if your startup scripts' names contain spaces rc_conf_files="/etc/rc.conf /etc/rc.conf.local" # ZFS support zfs_enable="NO" # Set to YES to automatically mount ZFS file systems gptboot_enable="YES" # GPT boot success/failure reporting. # Experimental - test before enabling gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab gbde_devices="NO" # Devices to automatically attach (list, or AUTO) gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices gbde_lockdir="/etc" # Where to look for gbde lockfiles # GELI disk encryption configuration. geli_devices="" # List of devices to automatically attach in addition to # GELI devices listed in /etc/fstab. geli_tries="" # Number of times to attempt attaching geli device. # If empty, kern.geom.eli.tries will be used. geli_default_flags="" # Default flags for geli(8). geli_autodetach="YES" # Automatically detach on last close. # Providers are marked as such when all file systems are # mounted. # Example use. #geli_devices="da1 mirror/home" #geli_da1_flags="-p -k /etc/geli/da1.keys" #geli_da1_autodetach="NO" #geli_mirror_home_flags="-k /etc/geli/home.keys" geli_swap_flags="-e aes -l 256 -s 4096 -d" # Options for GELI-encrypted # swap partitions. root_rw_mount="YES" # Set to NO to inhibit remounting root read-write. fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails. fsck_y_flags="" # Additional flags for fsck -y background_fsck="YES" # Attempt to run fsck in the background where possible. background_fsck_delay="60" # Time to wait (seconds) before starting the fsck. netfs_types="nfs:NFS newnfs:NEWNFS smbfs:SMB portalfs:PORTAL nwfs:NWFS" # Net filesystems. extra_netfs_types="NO" # List of network extra filesystem types for delayed # mount at startup (or NO). ############################################################## ### Network configuration sub-section ###################### ############################################################## ### Basic network and firewall/security options: ### hostname="" # Set this! hostid_enable="YES" # Set host UUID. hostid_file="/etc/hostid" # File with hostuuid. nisdomainname="NO" # Set to NIS domain if using NIS (or NO). dhclient_program="/sbin/dhclient" # Path to dhcp client program. dhclient_flags="" # Extra flags to pass to dhcp client. #dhclient_flags_fxp0="" # Extra dhclient flags for fxp0 only background_dhclient="NO" # Start dhcp client in the background. #background_dhclient_fxp0="YES" # Start dhcp client on fxp0 in the background. synchronous_dhclient="NO" # Start dhclient directly on configured # interfaces during startup. defaultroute_delay="30" # Time to wait for a default route on a DHCP interface. defaultroute_carrier_delay="5" # Time to wait for carrier while waiting for a default route. wpa_supplicant_program="/usr/sbin/wpa_supplicant" wpa_supplicant_flags="-s" # Extra flags to pass to wpa_supplicant wpa_supplicant_conf_file="/etc/wpa_supplicant.conf" # firewall_enable="NO" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file firewall_coscripts="" # List of executables/scripts to run after # firewall starts/stops firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client" # firewall. #firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for # "client" firewall. firewall_simple_iif="ed1" # Inside network interface for "simple" # firewall. firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple" # firewall. firewall_simple_oif="ed0" # Outside network interface for "simple" # firewall. firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple" # firewall. #firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple" # firewall. #firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix # for "simple" firewall. #firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple" # firewall. #firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix # for "simple" firewall. firewall_myservices="" # List of TCP ports on which this host # offers services for "workstation" firewall. firewall_allowservices="" # List of IPs which have access to # $firewall_myservices for "workstation" # firewall. firewall_trusted="" # List of IPs which have full access to this # host for "workstation" firewall. firewall_logdeny="NO" # Set to YES to log default denied incoming # packets for "workstation" firewall. firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports # for which denied incoming packets are not # logged for "workstation" firewall. firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES) firewall_nat_interface="" # Public interface or IPaddress to use firewall_nat_flags="" # Additional configuration parameters dummynet_enable="NO" # Load the dummynet(4) module ip_portrange_first="NO" # Set first dynamically allocated port ip_portrange_last="NO" # Set last dynamically allocated port ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd) ike_program="/usr/local/sbin/isakmpd" # Path to IKE daemon ike_flags="" # Additional flags for IKE daemon ipsec_enable="NO" # Set to YES to run setkey on ipsec_file ipsec_file="/etc/ipsec.conf" # Name of config file for setkey natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="" # Public interface or IPaddress to use. natd_flags="" # Additional flags for natd. ipfilter_enable="NO" # Set to YES to enable ipfilter functionality ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples ipfilter_flags="" # additional flags for ipfilter ipnat_enable="NO" # Set to YES to enable ipnat functionality ipnat_program="/sbin/ipnat" # where the ipnat program lives ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ipnat_flags="" # additional flags for ipnat ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" ipfs_enable="NO" # Set to YES to enable saving and restoring # of state tables at shutdown and boot ipfs_program="/sbin/ipfs" # where the ipfs program lives ipfs_flags="" # additional flags for ipfs pf_enable="NO" # Set to YES to enable packet filter (pf) pf_rules="/etc/pf.conf" # rules definition file for pf pf_program="/sbin/pfctl" # where the pfctl program lives pf_flags="" # additional flags for pfctl pflog_enable="NO" # Set to YES to enable packet filter logging pflog_logfile="/var/log/pflog" # where pflogd should store the logfile pflog_program="/sbin/pflogd" # where the pflogd program lives pflog_flags="" # additional flags for pflogd ftpproxy_enable="NO" # Set to YES to enable ftp-proxy(8) for pf ftpproxy_flags="" # additional flags for ftp-proxy(8) pfsync_enable="NO" # Expose pf state to other hosts for syncing pfsync_syncdev="" # Interface for pfsync to work through pfsync_syncpeer="" # IP address of pfsync peer host pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions. log_in_vain="0" # >=1 to log connects to ports w/o listeners. tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN # NOTE: this violates the TCP specification icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets network_interfaces="auto" # List of network interfaces (or "auto"). cloned_interfaces="" # List of cloned network interfaces to create. #cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config. -ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. +#ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. #ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. #ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry #ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias #ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0. #vlans_fxp0="101 vlan0" # vlan(4) interfaces for fxp0 device #create_args_vlan0="vlan 102" # vlan tag for vlan0 device #wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device #wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlanddebug(8) #ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry. # #autobridge_interfaces="bridge0" # List of bridges to check #autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to the bridge # # If you have any sppp(4) interfaces above, you might also want to set # the following parameters. Refer to spppcontrol(8) for their meaning. sppp_interfaces="" # List of sppp interfaces. #sppp_interfaces="...0" # example: sppp over ... #spppconfig_...0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'" gif_interfaces="" # List of GIF tunnels. #gif_interfaces="gif0 gif1" # Examples typically for a router. # Choose correct tunnel addrs. #gifconfig_gif0="10.1.1.1 10.1.2.1" # Examples typically for a router. #gifconfig_gif1="10.1.1.2 10.1.2.2" # Examples typically for a router. fec_interfaces="" # List of Fast EtherChannels. #fec_interfaces="fec0 fec1" #fecconfig_fec0="fxp0 dc0" # Examples typically for two NICs #fecconfig_fec1="em0 em1 bge0 bge1" # Examples typically for four NICs # User ppp configuration. ppp_enable="NO" # Start user-ppp (or NO). ppp_program="/usr/sbin/ppp" # Path to user-ppp program. ppp_mode="auto" # Choice of "auto", "ddial", "direct" or "dedicated". # For details see man page for ppp(8). Default is auto. ppp_nat="YES" # Use PPP's internal network address translation or NO. ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf. ppp_user="root" # Which user to run ppp as # Start multiple instances of ppp at boot time #ppp_profile="profile1 profile2 profile3" # Which profiles to use #ppp_profile1_mode="ddial" # Override ppp mode for profile1 #ppp_profile2_nat="NO" # Override nat mode for profile2 # profile3 uses default ppp_mode and ppp_nat ### Network daemon (miscellaneous) ### hostapd_enable="NO" # Run hostap daemon. syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one. syslogd_flags="-s" # Flags to syslogd (if enabled). inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one. inetd_flags="-wW -C 60" # Optional flags to inetd hastd_enable="NO" # Run the HAST daemon (YES/NO). hastd_program="/sbin/hastd" # path to hastd, if you want a different one. hastd_flags="" # Optional flags to hastd. # # named. It may be possible to run named in a sandbox, man security for # details. # named_enable="NO" # Run named, the DNS server (or NO). named_program="/usr/sbin/named" # Path to named, if you want a different one. named_conf="/etc/namedb/named.conf" # Path to the configuration file #named_flags="" # Use this for flags OTHER than -u and -c named_uid="bind" # User to run named as named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it) named_chroot_autoupdate="YES" # Automatically install/update chrooted # components of named. See /etc/rc.d/named. named_symlink_enable="YES" # Symlink the chrooted pid file named_wait="NO" # Wait for working name service before exiting named_wait_host="localhost" # Hostname to check if named_wait is enabled named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf named_auto_forward_only="NO" # Do "forward only" instead of "forward first" # # kerberos. Do not run the admin daemons on slave servers # kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO). kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server kadmind5_server_enable="NO" # Run kadmind (or NO) kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon kpasswdd_server_enable="NO" # Run kpasswdd (or NO) kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd daemon gssd_enable="NO" # Run the gssd daemon (or NO). gssd_flags="" # Flags for gssd. rwhod_enable="NO" # Run the rwho daemon (or NO). rwhod_flags="" # Flags for rwhod rarpd_enable="NO" # Run rarpd (or NO). rarpd_flags="-a" # Flags to rarpd. bootparamd_enable="NO" # Run bootparamd (or NO). bootparamd_flags="" # Flags to bootparamd pppoed_enable="NO" # Run the PPP over Ethernet daemon. pppoed_provider="*" # Provider and ppp(8) config file entry. pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled). pppoed_interface="fxp0" # The interface that pppoed runs on. sshd_enable="NO" # Enable sshd sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_flags="" # Additional flags for sshd. ftpd_enable="NO" # Enable stand-alone ftpd. ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one. ftpd_flags="" # Additional flags to stand-alone ftpd. ### Network daemon (NFS): All need rpcbind_enable="YES" ### amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_program="/usr/sbin/amd" # path to amd, if you want a different one. amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map" amd_map_program="NO" # Can be set to "ypcat -k amd.master" nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_access_cache="60" # Client cache timeout in seconds nfs_server_enable="NO" # This host is an NFS server (or NO). oldnfs_server_enable="NO" # Run the old NFS server (YES/NO). nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled). mountd_enable="NO" # Run mountd (or NO). mountd_flags="-r" # Flags to mountd (if NFS server enabled). weak_mountd_authentication="NO" # Allow non-root mount requests to be served. nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). nfs_bufpackets="" # bufspace (in packets) for client rpc_lockd_enable="NO" # Run NFS rpc.lockd needed for client/server. rpc_lockd_flags="" # Flags to rpc.lockd (if enabled). rpc_statd_enable="NO" # Run NFS rpc.statd needed for client/server. rpc_statd_flags="" # Flags to rpc.statd (if enabled). rpcbind_enable="NO" # Run the portmapper service (YES/NO). rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one. rpcbind_flags="" # Flags to rpcbind (if enabled). rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO). keyserv_enable="NO" # Run the SecureRPC keyserver (or NO). keyserv_flags="" # Flags to keyserv (if enabled). nfsv4_server_enable="NO" # Enable support for NFSv4 nfscbd_enable="NO" # NFSv4 client side callback daemon nfscbd_flags="" # Flags for nfscbd nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon nfsuserd_flags="" # Flags for nfsuserd ### Network Time Services options: ### timed_enable="NO" # Run the time daemon (or NO). timed_flags="" # Flags to timed (if enabled). ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO). ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one. ntpdate_flags="-b" # Flags to ntpdate (if enabled). ntpdate_config="/etc/ntp.conf" # ntpdate(8) configuration file ntpdate_hosts="" # Whitespace-separated list of ntpdate(8) servers. ntpd_enable="NO" # Run ntpd Network Time Protocol (or NO). ntpd_program="/usr/sbin/ntpd" # path to ntpd, if you want a different one. ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift" # Flags to ntpd (if enabled). # Network Information Services (NIS) options: All need rpcbind_enable="YES" ### nis_client_enable="NO" # We're an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="NO" # We're an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). ### SNMP daemon ### # Be sure to understand the security implications of running SNMP v1/v2 # in your network. bsnmpd_enable="NO" # Run the SNMP daemon (or NO). bsnmpd_flags="" # Flags for bsnmpd. ### Network routing options: ### defaultrouter="NO" # Set to default gateway (or NO). static_arp_pairs="" # Set to static ARP list (or leave empty). static_routes="" # Set to static route list (or leave empty). natm_static_routes="" # Set to static route list for NATM (or leave empty). gateway_enable="NO" # Set to YES if this host will be a gateway. routed_enable="NO" # Set to YES to enable a routing daemon. routed_program="/sbin/routed" # Name of routing daemon to use if enabled. routed_flags="-q" # Flags for routing daemon. mrouted_enable="NO" # Do IPv4 multicast routing. mrouted_program="/usr/local/sbin/mrouted" # Name of IPv4 multicast # routing daemon. You need to # install it from package or # port. mrouted_flags="" # Flags for multicast routing daemon. ipxgateway_enable="NO" # Set to YES to enable IPX routing. ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. ipxrouted_flags="" # Flags for IPX routing daemon. arpproxy_all="NO" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us ### ATM interface options: ### atm_enable="NO" # Configure ATM interfaces (or NO). #atm_netif_hea0="atm 1" # Network interfaces for physical interface. #atm_sigmgr_hea0="uni31" # Signalling manager for physical interface. #atm_prefix_hea0="ILMI" # NSAP prefix (UNI interfaces only) (or ILMI). #atm_macaddr_hea0="NO" # Override physical MAC address (or NO). #atm_arpserver_atm0="0x47.0005.80.999999.9999.9999.9999.999999999999.00" # ATMARP server address (or local). #atm_scsparp_atm0="NO" # Run SCSP/ATMARP on network interface (or NO). atm_pvcs="" # Set to PVC list (or leave empty). atm_arps="" # Set to permanent ARP list (or leave empty). ### Bluetooth ### hcsecd_enable="NO" # Enable hcsecd(8) (or NO) hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration file sdpd_enable="NO" # Enable sdpd(8) (or NO) sdpd_control="/var/run/sdp" # sdpd(8) control socket sdpd_groupname="nobody" # set spdp(8) user/group to run as after sdpd_username="nobody" # it initializes bthidd_enable="NO" # Enable bthidd(8) (or NO) bthidd_config="/etc/bluetooth/bthidd.conf" # bthidd(8) configuration file bthidd_hids="/var/db/bthidd.hids" # bthidd(8) known HID devices file rfcomm_pppd_server_enable="NO" # Enable rfcomm_pppd(8) in server mode (or NO) rfcomm_pppd_server_profile="one two" # Profile to use from /etc/ppp/ppp.conf # #rfcomm_pppd_server_one_bdaddr="" # Override local bdaddr for 'one' rfcomm_pppd_server_one_channel="1" # Override local channel for 'one' #rfcomm_pppd_server_one_register_sp="NO" # Override SP and DUN register #rfcomm_pppd_server_one_register_dun="NO" # for 'one' # #rfcomm_pppd_server_two_bdaddr="" # Override local bdaddr for 'two' rfcomm_pppd_server_two_channel="3" # Override local channel for 'two' #rfcomm_pppd_server_two_register_sp="NO" # Override SP and DUN register #rfcomm_pppd_server_two_register_dun="NO" # for 'two' ubthidhci_enable="NO" # Switch an USB BT controller present on #ubthidhci_busnum="3" # bus 3 and addr 2 from HID mode to HCI mode. #ubthidhci_addr="2" # Check usbconfig list to find the correct # numbers for your system. ### Miscellaneous network options: ### icmp_bmcastecho="NO" # respond to broadcast ping packets ### IPv6 options: ### ipv6_network_interfaces="auto" # List of IPv6 network interfaces # (or "auto" or "none"). ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no # corresponding $ifconfig_IF_ipv6 is # marked as IFDISABLED for security # reason. ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). #ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068) ipv6_static_routes="" # Set to static route list (or leave empty). #ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64 # route toward loopback interface. #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway. ipv6_privacy="NO" # Use privacy address on RA-receiving IFs # (RFC 4193) route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon. route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon. route6d_flags="" # Flags to IPv6 routing daemon. #route6d_flags="-l" # Example for route6d with only IPv6 site local # addrs. #route6d_flags="-q" # If you want to run a routing daemon on an end # node, you should stop advertisement. #ipv6_network_interfaces="ed0 ep0" # Examples for router # or static configuration for end node. # Choose correct prefix value. #ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr. #ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr. ipv6_default_interface="NO" # Default output interface for scoped addrs. # This works only with # ipv6_gateway_enable="NO". rtsol_flags="" # Flags to IPv6 router solicitation. rtsold_enable="NO" # Set to YES to enable an IPv6 router # solicitation daemon. rtsold_flags="-a" # Flags to an IPv6 router solicitation # daemon. rtadvd_enable="NO" # Set to YES to enable an IPv6 router # advertisement daemon. If set to YES, # this router becomes a possible candidate # IPv6 default router for local subnets. rtadvd_interfaces="" # Interfaces rtadvd sends RA packets. mroute6d_enable="NO" # Do IPv6 multicast routing. mroute6d_program="/usr/local/sbin/pim6dd" # Name of IPv6 multicast # routing daemon. You need to # install it from package or # port. mroute6d_flags="" # Flags to IPv6 multicast routing daemon. stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4 # tunneling interface. Specify this entry # to enable 6to4 interface. stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr, # to limit peer addr range. Effective value # is 0-31. stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0. # If you like, you can set "AUTO" for this. stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0 ipv6_faith_prefix="NO" # Set faith prefix to enable a FAITH # IPv6-to-IPv4 TCP translator. You also need # faithd(8) setup. ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr # communication. (like ::ffff:a.b.c.d) ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter, # see /usr/src/contrib/ipfilter/rules # for examples ip6addrctl_enable="YES" # Set to YES to enable default address selection ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages ip6addrctl_policy="AUTO" # A pre-defined address selection policy # (ipv4_prefer, ipv6_prefer, or AUTO) ############################################################## ### System console options ################################# ############################################################## keyboard="" # keyboard device to use (default /dev/kbd0). keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO). keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). keybell="NO" # See kbdcontrol(1) for options. Use "off" to disable. keychange="NO" # function keys default values (or NO). cursor="NO" # cursor type {normal|blink|destructive} (or NO). scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO). font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO). font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO). blanktime="300" # blank time (in seconds) or "NO" to turn it off. saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko moused_nondefault_enable="YES" # Treat non-default mice as enabled unless # specifically overriden in rc.conf(5). moused_enable="NO" # Run the mouse daemon. moused_type="auto" # See man page for rc.conf(5) for available settings. moused_port="/dev/psm0" # Set to your mouse port. moused_flags="" # Any additional flags to moused. mousechar_start="NO" # if 0xd0-0xd3 default range is occupied in your # language code table, specify alternative range # start like mousechar_start=3, see vidcontrol(1) allscreens_flags="" # Set this vidcontrol mode for all virtual screens allscreens_kbdflags="" # Set this kbdcontrol mode for all virtual screens ############################################################## ### Mail Transfer Agent (MTA) options ###################### ############################################################## mta_start_script="/etc/rc.sendmail" # Script to start your chosen MTA, called by /etc/rc. # Settings for /etc/rc.sendmail and /etc/rc.d/sendmail: sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO). sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file sendmail_procname="/usr/sbin/sendmail" # sendmail process name sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server) sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost" # Flags for localhost-only MTA sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO). sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only) sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO). sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m" # Flags for sendmail_msp_queue daemon. sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO). ############################################################## ### Miscellaneous administrative options ################### ############################################################## auditd_enable="NO" # Run the audit daemon. auditd_program="/usr/sbin/auditd" # Path to the audit daemon. auditd_flags="" # Which options to pass to the audit daemon. cron_enable="YES" # Run the periodic job daemon. cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled). cron_dst="YES" # Handle DST transitions intelligently (YES/NO) cron_flags="" # Which options to pass to the cron daemon. lpd_enable="NO" # Run the line printer daemon. lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one. lpd_flags="" # Flags to lpd (if enabled). nscd_enable="NO" # Run the nsswitch caching daemon. chkprintcap_enable="NO" # Run chkprintcap(8) before running lpd. chkprintcap_flags="-d" # Create missing directories by default. dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO). dumpdir="/var/crash" # Directory where crash dumps are to be stored savecore_flags="" # Used if dumpdev is enabled above, and present. crashinfo_enable="YES" # Automatically generate crash dump summary. crashinfo_program="/usr/sbin/crashinfo" # Script to generate crash dump summary. quota_enable="NO" # turn on quotas on startup (or NO). check_quotas="YES" # Check quotas on startup (or NO). quotaon_flags="-a" # Turn quotas on for all file systems (if enabled) quotaoff_flags="-a" # Turn quotas off for all file systems at shutdown quotacheck_flags="-a" # Check all file system quotas (if enabled) accounting_enable="NO" # Turn on process accounting (or NO). ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). ibcs2_loaders="coff" # List of additional Ibcs2 loaders (or NO). # Emulation/compatibility services provided by /etc/rc.d/abi sysvipc_enable="NO" # Load System V IPC primitives at startup (or NO). linux_enable="NO" # Linux binary compatibility loaded at startup (or NO). svr4_enable="NO" # SysVR4 emulation loaded at startup (or NO). clear_tmp_enable="NO" # Clear /tmp at startup. clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg" # shared library search paths ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library search paths ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout" # a.out shared library search paths ldconfig_local_dirs="/usr/local/libdata/ldconfig" # Local directories with ldconfig configuration files. ldconfig_local32_dirs="/usr/local/libdata/ldconfig32" # Local directories with 32-bit compatibility ldconfig # configuration files. kern_securelevel_enable="NO" # kernel security level (see security(7)) kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure # Note that setting securelevel to 0 will result # in the system booting with securelevel set to 1, as # init(8) will raise the level when rc(8) completes. update_motd="YES" # update version info in /etc/motd (or NO) entropy_file="/entropy" # Set to NO to disable caching entropy through reboots. # /var/db/entropy-file is preferred if / is not avail. entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. entropy_save_sz="2048" # Size of the entropy cache files. entropy_save_num="8" # Number of entropy cache files to save. harvest_interrupt="YES" # Entropy device harvests interrupt randomness harvest_ethernet="YES" # Entropy device harvests ethernet randomness harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot watchdogd_enable="NO" # Start the software watchdog daemon watchdogd_flags="" # Flags to watchdogd (if enabled) devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing # devfs(8) rules. devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to # apply (must be mounted already, i.e. fstab(5)) performance_cx_lowest="HIGH" # Online CPU idle state performance_cpu_freq="NONE" # Online CPU frequency economy_cx_lowest="HIGH" # Offline CPU idle state economy_cpu_freq="NONE" # Offline CPU frequency virecover_enable="YES" # Perform housekeeping for the vi(1) editor ugidfw_enable="NO" # Load mac_bsdextended(4) rules on boot bsdextended_script="/etc/rc.bsdextended" # Default mac_bsdextended(4) # ruleset file. newsyslog_enable="YES" # Run newsyslog at startup. newsyslog_flags="-CN" # Newsyslog flags to create marked files mixer_enable="YES" # Run the sound mixer. opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off ############################################################## ### Jail Configuration ####################################### ############################################################## jail_enable="NO" # Set to NO to disable starting of any jails jail_parallel_start="NO" # Start jails in the background jail_list="" # Space separated list of names of jails jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail # # To use rc's built-in jail infrastructure create entries for # each jail, specified in jail_list, with the following variables. # NOTES: # - replace 'example' with the jail's name. # - except rootdir, hostname, ip and the _multi addresses, # all of the following variables may be made global jail variables # if you don't specify a jail name (ie. jail_interface, jail_devfs_ruleset). # #jail_example_rootdir="/usr/jail/default" # Jail's root directory #jail_example_hostname="default.domain.com" # Jail's hostname #jail_example_interface="" # Jail's interface variable to create IP aliases on #jail_example_fib="0" # Routing table for setfib(1) #jail_example_ip="192.0.2.10,2001:db8::17" # Jail's primary IPv4 and IPv6 address #jail_example_ip_multi0="2001:db8::10" # and another IPv6 address #jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting #jail_example_exec_afterstart0="/bin/sh command" # command to execute after the one for # starting the jail. More than one can be # specified using a trailing number #jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping #jail_example_devfs_enable="NO" # mount devfs in the jail #jail_example_devfs_ruleset="ruleset_name" # devfs ruleset to apply to jail - # usually you want "devfsrules_jail". #jail_example_fdescfs_enable="NO" # mount fdescfs in the jail #jail_example_procfs_enable="NO" # mount procfs in jail #jail_example_mount_enable="NO" # mount/umount jail's fs #jail_example_fstab="" # fstab(5) for mount/umount #jail_example_flags="-l -U root" # flags for jail(8) ############################################################## ### Define source_rc_confs, the mechanism used by /etc/rc.* ## ### scripts to source rc_conf_files overrides safely. ## ############################################################## if [ -z "${source_rc_confs_defined}" ]; then source_rc_confs_defined=yes source_rc_confs () { local i sourced_files for i in ${rc_conf_files}; do case ${sourced_files} in *:$i:*) ;; *) sourced_files="${sourced_files}:$i:" if [ -r $i ]; then . $i fi ;; esac done } fi diff --git a/etc/network.subr b/etc/network.subr index 8185c5a0c7c5..64fb0fe65bee 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -1,1383 +1,1395 @@ # # Copyright (c) 2003 The FreeBSD Project. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # # Subroutines commonly used from network startup scripts. # Requires that rc.conf be loaded first. # # ifn_start ifn # Bring up and configure an interface. If some configuration is # applied print the interface configuration. # ifn_start() { local ifn cfg ifn="$1" cfg=1 [ -z "$ifn" ] && err 1 "ifn_start called without an interface" ifscript_up ${ifn} && cfg=0 ifconfig_up ${ifn} && cfg=0 - ipv4_up ${ifn} && cfg=0 - ipv6_up ${ifn} && cfg=0 - ipx_up ${ifn} && cfg=0 + afexists inet && ipv4_up ${ifn} && cfg=0 + afexists inet6 && ipv6_up ${ifn} && cfg=0 + afexists ipx && ipx_up ${ifn} && cfg=0 childif_create ${ifn} && cfg=0 return $cfg } # ifn_stop ifn # Shutdown and de-configure an interface. If action is taken # print the interface name. # ifn_stop() { local ifn cfg ifn="$1" cfg=1 [ -z "$ifn" ] && err 1 "ifn_stop called without an interface" - ipx_down ${ifn} && cfg=0 - ipv6_down ${ifn} && cfg=0 - ipv4_down ${ifn} && cfg=0 + afexists ipx && ipx_down ${ifn} && cfg=0 + afexists inet6 && ipv6_down ${ifn} && cfg=0 + afexists inet && ipv4_down ${ifn} && cfg=0 ifconfig_down ${ifn} && cfg=0 ifscript_down ${ifn} && cfg=0 childif_destroy ${ifn} && cfg=0 return $cfg } # ifconfig_up if # Evaluate ifconfig(8) arguments for interface $if and # run ifconfig(8) with those arguments. It returns 0 if # arguments were found and executed or 1 if the interface # had no arguments. Pseudo arguments DHCP and WPA are handled # here. # ifconfig_up() { local _cfg _ipv6_opts ifconfig_args _cfg=1 + # Make sure lo0 always comes up. + if [ "$1" = "lo0" ]; then + _cfg=0 + fi + # ifconfig_IF ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then ifconfig $1 ${ifconfig_args} _cfg=0 fi # inet6 specific if afexists inet6; then if ipv6if $1; then if checkyesno ipv6_gateway_enable; then _ipv6_opts="-accept_rtadv" fi else if checkyesno ipv6_activate_all_interfaces; then _ipv6_opts="-ifdisabled" else _ipv6_opts="ifdisabled" fi # backward compatibility: $ipv6_enable case $ipv6_enable in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) _ipv6_opts="${_ipv6_opts} accept_rtadv" ;; esac fi if [ -n "${_ipv6_opts}" ]; then ifconfig $1 inet6 ${_ipv6_opts} fi # ifconfig_IF_ipv6 ifconfig_args=`ifconfig_getargs $1 ipv6` if [ -n "${ifconfig_args}" ]; then ifconfig $1 inet6 -ifdisabled ifconfig $1 ${ifconfig_args} _cfg=0 fi # backward compatiblity: $ipv6_ifconfig_IF ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` if [ -n "${ifconfig_args}" ]; then warn "\$ipv6_ifconfig_$1 is obsolete." \ " Use ifconfig_$1_ipv6 instead." ifconfig $1 inet6 -ifdisabled ifconfig $1 inet6 ${ifconfig_args} _cfg=0 fi fi if [ ${_cfg} -eq 0 ]; then ifconfig $1 up fi if wpaif $1; then /etc/rc.d/wpa_supplicant start $1 _cfg=0 # XXX: not sure this should count fi if dhcpif $1; then if [ $_cfg -ne 0 ] ; then ifconfig $1 up fi if syncdhcpif $1; then /etc/rc.d/dhclient start $1 fi _cfg=0 fi return $_cfg } # ifconfig_down if # returns 1 if wpa_supplicant or dhclient was stopped or # the interface exists. # ifconfig_down() { local _cfg _cfg=1 if wpaif $1; then /etc/rc.d/wpa_supplicant stop $1 _cfg=0 fi if dhcpif $1; then /etc/rc.d/dhclient stop $1 _cfg=0 fi if ifexists $1; then ifconfig $1 down _cfg=0 fi return $_cfg } # get_if_var if var [default] # Return the value of the pseudo-hash corresponding to $if where # $var is a string containg the sub-string "IF" which will be # replaced with $if after the characters defined in _punct are # replaced with '_'. If the variable is unset, replace it with # $default if given. get_if_var() { local _if _punct _punct_c _var _default prefix suffix if [ $# -ne 2 -a $# -ne 3 ]; then err 3 'USAGE: get_if_var name var [default]' fi _if=$1 _punct=". - / +" for _punct_c in $_punct; do _if=`ltr ${_if} ${_punct_c} '_'` done _var=$2 _default=$3 prefix=${_var%%IF*} suffix=${_var##*IF} eval echo \${${prefix}${_if}${suffix}-${_default}} } # _ifconfig_getargs if [af] # Echos the arguments for the supplied interface to stdout. # returns 1 if empty. In general, ifconfig_getargs should be used # outside this file. _ifconfig_getargs() { local _ifn _af _ifn=$1 _af=${2+_$2} if [ -z "$_ifn" ]; then return 1 fi get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" } # ifconfig_getargs if [af] # Takes the result from _ifconfig_getargs and removes pseudo # args such as DHCP and WPA. ifconfig_getargs() { local _tmpargs _arg _args _tmpargs=`_ifconfig_getargs $1 $2` if [ $? -eq 1 ]; then return 1 fi _args= for _arg in $_tmpargs; do case $_arg in [Dd][Hh][Cc][Pp]) ;; [Nn][Oo][Aa][Uu][Tt][Oo]) ;; [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ww][Pp][Aa]) ;; *) _args="$_args $_arg" ;; esac done echo $_args } # autoif # Returns 0 if the interface should be automaticly configured at # boot time and 1 otherwise. autoif() { local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Aa][Uu][Tt][Oo]) return 1 ;; esac done return 0 } # dhcpif if # Returns 0 if the interface is a DHCP interface and 1 otherwise. dhcpif() { local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` for _arg in $_tmpargs; do case $_arg in [Dd][Hh][Cc][Pp]) return 0 ;; [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) return 0 ;; [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) return 0 ;; esac done return 1 } # syncdhcpif # Returns 0 if the interface should be configured synchronously and # 1 otherwise. syncdhcpif() { local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) return 1 ;; [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) return 0 ;; esac done checkyesno synchronous_dhclient } # wpaif if # Returns 0 if the interface is a WPA interface and 1 otherwise. wpaif() { local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` for _arg in $_tmpargs; do case $_arg in [Ww][Pp][Aa]) return 0 ;; esac done return 1 } # afexists af # Returns 0 if the address family is enabled in the kernel # 1 otherwise. afexists() { local _af _af=$1 case ${_af} in inet) - ${SYSCTL_N} net.inet > /dev/null 2>&1 + ${SYSCTL_N} kern.features.inet > /dev/null 2>&1 ;; inet6) - ${SYSCTL_N} net.inet6 > /dev/null 2>&1 + ${SYSCTL_N} kern.features.inet6 > /dev/null 2>&1 ;; ipx) ${SYSCTL_N} net.ipx > /dev/null 2>&1 ;; atm) if [ -x /sbin/atmconfig ]; then /sbin/atmconfig diag list > /dev/null 2>&1 else return 1 fi ;; *) err 1 "afexists(): Unsupported address family: $_af" ;; esac } # noafif if # Returns 0 if the interface has no af configuration and 1 otherwise. noafif() { local _if _if=$1 case $_if in pflog[0-9]*|\ pfsync[0-9]*|\ an[0-9]*|\ ath[0-9]*|\ ipw[0-9]*|\ ipfw[0-9]*|\ iwi[0-9]*|\ iwn[0-9]*|\ ral[0-9]*|\ wi[0-9]*|\ wl[0-9]*|\ wpi[0-9]*) return 0 ;; esac return 1 } # ipv6if if # Returns 0 if the interface should be configured for IPv6 and # 1 otherwise. ipv6if() { local _if _tmpargs i _if=$1 if ! afexists inet6; then return 1 fi # lo0 is always IPv6-enabled case $_if in lo0) return 0 ;; esac case "${ipv6_network_interfaces}" in $_if|"$_if "*|*" $_if"|*" $_if "*|[Aa][Uu][Tt][Oo]) # True if $ifconfig_IF_ipv6 is defined. _tmpargs=`_ifconfig_getargs $_if ipv6` if [ -n "${_tmpargs}" ]; then return 0 fi # backward compatibility: True if $ipv6_ifconfig_IF is defined. _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` if [ -n "${_tmpargs}" ]; then return 0 fi ;; esac return 1 } # ipv6_autoconfif if # Returns 0 if the interface should be configured for IPv6 with # Stateless Address Configuration, 1 otherwise. ipv6_autoconfif() { local _if _tmpargs _arg _if=$1 case $_if in lo0|\ stf[0-9]*|\ faith[0-9]*|\ lp[0-9]*|\ sl[0-9]*) return 1 ;; esac if noafif $_if; then return 1 fi if ! ipv6if $_if; then return 1 fi if checkyesno ipv6_gateway_enable; then return 1 fi _tmpargs=`get_if_var $_if ipv6_prefix_IF` if [ -n "${_tmpargs}" ]; then return 1 fi # backward compatibility: $ipv6_enable case $ipv6_enable in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0 ;; esac _tmpargs=`_ifconfig_getargs $_if ipv6` for _arg in $_tmpargs; do case $_arg in accept_rtadv) return 0 ;; esac done # backward compatibility: $ipv6_ifconfig_IF _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` for _arg in $_tmpargs; do case $_arg in accept_rtadv) return 0 ;; esac done return 1 } # ifexists if # Returns 0 if the interface exists and 1 otherwise. ifexists() { [ -z "$1" ] && return 1 ifconfig -n $1 > /dev/null 2>&1 } # ipv4_up if # add IPv4 addresses to the interface $if ipv4_up() { local _if _ret _if=$1 _ret=1 + # Add 127.0.0.1/8 to lo0 unless otherwise specified. + if [ "${_if}" = "lo0" ]; then + ifconfig_args=`ifconfig_getargs ${_if}` + if [ -z "${ifconfig_args}" ]; then + ifconfig ${_if} inet 127.0.0.1/8 alias + fi + fi ifalias_up ${_if} inet && _ret=0 ipv4_addrs_common ${_if} alias && _ret=0 return $_ret } # ipv6_up if # add IPv6 addresses to the interface $if ipv6_up() { local _if _ret _if=$1 _ret=1 if ! ipv6if $_if; then return 0 fi ifalias_up ${_if} inet6 && _ret=0 ipv6_prefix_hostid_addr_up ${_if} && _ret=0 ipv6_accept_rtadv_up ${_if} && _ret=0 # wait for DAD sleep `${SYSCTL_N} net.inet6.ip6.dad_count` sleep 1 return $_ret } # ipv4_down if # remove IPv4 addresses from the interface $if ipv4_down() { local _if _ifs _ret inetList oldifs _inet _if=$1 _ifs="^" _ret=1 inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" for _inet in $inetList ; do # get rid of extraneous line [ -z "$_inet" ] && break _inet=`expr "$_inet" : '.*\(inet \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*'` IFS="$oldifs" ifconfig ${_if} ${_inet} delete IFS="$_ifs" _ret=0 done IFS="$oldifs" ifalias_down ${_if} inet && _ret=0 ipv4_addrs_common ${_if} -alias && _ret=0 return $_ret } # ipv6_down if # remove IPv6 addresses from the interface $if ipv6_down() { local _if _ifs _ret inetList oldifs _inet6 _if=$1 _ifs="^" _ret=1 if ! ipv6if $_if; then return 0 fi ipv6_accept_rtadv_down ${_if} && _ret=0 ifalias_down ${_if} inet6 && _ret=0 inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" for _inet6 in $inetList ; do # get rid of extraneous line [ -z "$_inet6" ] && break _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` IFS="$oldifs" ifconfig ${_if} ${_inet6} -alias IFS="$_ifs" _ret=0 done IFS="$oldifs" return $_ret } # ipv4_addrs_common if action # Evaluate the ifconfig_if_ipv4 arguments for interface $if and # use $action to add or remove IPv4 addresses from $if. ipv4_addrs_common() { local _ret _if _action _cidr _cidr_addr local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount _ret=1 _if=$1 _action=$2 # get ipv4-addresses cidr_addr=`get_if_var $_if ipv4_addrs_IF` for _cidr in ${cidr_addr}; do _ipaddr=${_cidr%%/*} _netmask="/"${_cidr##*/} _range=${_ipaddr##*.} _ipnet=${_ipaddr%.*} _iplow=${_range%-*} _iphigh=${_range#*-} # clear netmask when removing aliases if [ "${_action}" = "-alias" ]; then _netmask="" fi _ipcount=${_iplow} while [ "${_ipcount}" -le "${_iphigh}" ]; do eval "ifconfig ${_if} ${_action} ${_ipnet}.${_ipcount}${_netmask}" _ipcount=$((${_ipcount}+1)) _ret=0 # only the first ipaddr in a subnet need the real netmask if [ "${_action}" != "-alias" ]; then _netmask="/32" fi done done return $_ret } # ifalias_up if af # Configure aliases for network interface $if. # It returns 0 if at least one alias was configured or # 1 if there were none. # ifalias_up() { local _ret _ret=1 case "$2" in inet) _ret=`ifalias_ipv4_up "$1"` ;; inet6) _ret=`ifalias_ipv6_up "$1"` ;; esac return $_ret } # ifalias_ipv4_up if # Helper function for ifalias_up(). Handles IPv4. # ifalias_ipv4_up() { local _ret alias ifconfig_args _ret=1 # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet\ *) ifconfig $1 ${ifconfig_args} alias && _ret=0 ;; "") break ;; esac alias=$((${alias} + 1)) done return $_ret } # ifalias_ipv6_up if # Helper function for ifalias_up(). Handles IPv6. # ifalias_ipv6_up() { local _ret alias ifconfig_args _ret=1 # ifconfig_IF_aliasN which starts with "inet6" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet6\ *) ifconfig $1 ${ifconfig_args} alias && _ret=0 ;; "") break ;; esac alias=$((${alias} + 1)) done # backward compatibility: ipv6_ifconfig_IF_aliasN. alias=0 while : ; do ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` case "${ifconfig_args}" in "") break ;; *) ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0 warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ " Use ifconfig_$1_aliasN instead." ;; esac alias=$((${alias} + 1)) done return $_ret } # ifalias_down if af # Remove aliases for network interface $if. # It returns 0 if at least one alias was removed or # 1 if there were none. # ifalias_down() { local _ret _ret=1 case "$2" in inet) _ret=`ifalias_ipv4_down "$1"` ;; inet6) _ret=`ifalias_ipv6_down "$1"` ;; esac return $_ret } # ifalias_ipv4_down if # Helper function for ifalias_down(). Handles IPv4. # ifalias_ipv4_down() { local _ret alias ifconfig_args _ret=1 # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet\ *) ifconfig $1 ${ifconfig_args} -alias && _ret=0 ;; "") break ;; esac alias=$((${alias} + 1)) done return $_ret } # ifalias_ipv6_down if # Helper function for ifalias_down(). Handles IPv6. # ifalias_ipv6_down() { local _ret alias ifconfig_args _ret=1 # ifconfig_IF_aliasN which starts with "inet6" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet6\ *) ifconfig $1 ${ifconfig_args} -alias && _ret=0 ;; "") break ;; esac alias=$((${alias} + 1)) done # backward compatibility: ipv6_ifconfig_IF_aliasN. alias=0 while : ; do ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` case "${ifconfig_args}" in "") break ;; *) ifconfig $1 inet6 ${ifconfig_args} -alias && _ret=0 warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ " Use ifconfig_$1_aliasN instead." ;; esac alias=$((${alias} + 1)) done return $_ret } # ipv6_prefix_hostid_addr_up if # add IPv6 prefix + hostid addr to the interface $if ipv6_prefix_hostid_addr_up() { local _if prefix laddr hostid j address _if=$1 prefix=`get_if_var ${_if} ipv6_prefix_IF` if [ -n "${prefix}" ]; then laddr=`network6_getladdr ${_if}` hostid=${laddr#fe80::} hostid=${hostid%\%*} for j in ${prefix}; do address=$j\:${hostid} ifconfig ${_if} inet6 ${address} prefixlen 64 alias # if I am a router, add subnet router # anycast address (RFC 2373). if checkyesno ipv6_gateway_enable; then ifconfig ${_if} inet6 $j:: prefixlen 64 \ alias anycast fi done fi } # ipv6_accept_rtadv_up if # Enable accepting Router Advertisement and send Router # Solicitation message ipv6_accept_rtadv_up() { if ipv6_autoconfif $1; then ifconfig $1 inet6 accept_rtadv up if ! checkyesno rtsold_enable; then rtsol ${rtsol_flags} $1 fi fi } # ipv6_accept_rtadv_down if # Disable accepting Router Advertisement ipv6_accept_rtadv_down() { if ipv6_autoconfif $1; then ifconfig $1 inet6 -accept_rtadv fi } # ifscript_up if # Evaluate a startup script for the $if interface. # It returns 0 if a script was found and processed or # 1 if no script was found. # ifscript_up() { if [ -r /etc/start_if.$1 ]; then . /etc/start_if.$1 return 0 else return 1 fi } # ifscript_down if # Evaluate a shutdown script for the $if interface. # It returns 0 if a script was found and processed or # 1 if no script was found. # ifscript_down() { if [ -r /etc/stop_if.$1 ]; then . /etc/stop_if.$1 return 0 else return 1 fi } # clone_up # Create cloneable interfaces. # clone_up() { local _prefix _list ifn _prefix= _list= # create_args_IF for ifn in ${cloned_interfaces}; do ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF` if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' fi done debug "Cloned: ${_list}" } # clone_down # Destroy cloned interfaces. Destroyed interfaces are echoed to # standard output. # clone_down() { local _prefix _list ifn _prefix= _list= for ifn in ${cloned_interfaces}; do ifconfig -n ${ifn} destroy if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' fi done debug "Destroyed clones: ${_list}" } # childif_create # Create and configure child interfaces. Return 0 if child # interfaces are created. # childif_create() { local cfg child child_vlans child_wlans create_args debug_flags ifn i cfg=1 ifn=$1 # Create wireless interfaces child_wlans=`get_if_var $ifn wlans_IF` for child in ${child_wlans}; do create_args="wlandev $ifn `get_if_var $child create_args_IF`" debug_flags="`get_if_var $child wlandebug_IF`" if expr $child : 'wlan[0-9][0-9]*$' >/dev/null 2>&1; then ifconfig $child create ${create_args} && cfg=0 if [ -n "${debug_flags}" ]; then wlandebug -i $child ${debug_flags} fi else i=`ifconfig wlan create ${create_args}` if [ -n "${debug_flags}" ]; then wlandebug -i $i ${debug_flags} fi ifconfig $i name $child && cfg=0 fi if autoif $child; then ifn_start $child fi done # Create vlan interfaces child_vlans=`get_if_var $ifn vlans_IF` if [ -n "${child_vlans}" ]; then load_kld if_vlan fi for child in ${child_vlans}; do if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then child="${ifn}.${child}" create_args=`get_if_var $child create_args_IF` ifconfig $child create ${create_args} && cfg=0 else create_args="vlandev $ifn `get_if_var $child create_args_IF`" if expr $child : 'vlan[0-9][0-9]*$' >/dev/null 2>&1; then ifconfig $child create ${create_args} && cfg=0 else i=`ifconfig vlan create ${create_args}` ifconfig $i name $child && cfg=0 fi fi if autoif $child; then ifn_start $child fi done return ${cfg} } # childif_destroy # Destroy child interfaces. # childif_destroy() { local cfg child child_vlans child_wlans ifn cfg=1 child_wlans=`get_if_var $ifn wlans_IF` for child in ${child_wlans}; do if ! ifexists $child; then continue fi ifconfig -n $child destroy && cfg=0 done child_vlans=`get_if_var $ifn vlans_IF` for child in ${child_vlans}; do if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then child="${ifn}.${child}" fi if ! ifexists $child; then continue fi ifconfig -n $child destroy && cfg=0 done return ${cfg} } # ng_mkpeer # Create netgraph nodes. # ng_mkpeer() { ngctl -f - 2> /dev/null </dev/null 2>&1; then ifconfig $i create >/dev/null 2>&1 else gif=`ifconfig gif create` ifconfig $gif name $i fi ifconfig $i tunnel ${peers} ifconfig $i up ;; esac done } # ng_fec_create ifn # Configure Fast EtherChannel for interface $ifn. Returns 0 if # FEC arguments were found and configured; returns !0 otherwise. ng_fec_create() { local req_iface iface bogus req_iface="$1" ngctl shutdown ${req_iface}: > /dev/null 2>&1 bogus="" while true; do iface=`ng_create_one fec dummy fec` if [ -z "${iface}" ]; then exit 2 fi if [ "${iface}" = "${req_iface}" ]; then break fi bogus="${bogus} ${iface}" done for iface in ${bogus}; do ngctl shutdown ${iface}: done } # fec_up # Create Fast EtherChannel interfaces. fec_up() { local i j for i in ${fec_interfaces}; do ng_fec_create $i for j in `get_if_var $i fecconfig_IF`; do case ${j} in '') continue ;; *) ngctl msg ${i}: add_iface "\"${j}\"" ;; esac done done } # ipx_up ifn # Configure any IPX addresses for interface $ifn. Returns 0 if # IPX arguments were found and configured; returns 1 otherwise. # ipx_up() { local ifn ifn="$1" # ifconfig_IF_ipx ifconfig_args=`_ifconfig_getargs $ifn ipx` if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} return 0 fi return 1 } # ipx_down ifn # Remove IPX addresses for interface $ifn. Returns 0 if IPX # addresses were found and unconfigured. It returns 1, otherwise. # ipx_down() { local _if _ifs _ret ipxList oldifs _ipx _if=$1 _ifs="^" _ret=1 ipxList="`ifconfig ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" for _ipx in $ipxList ; do # get rid of extraneous line [ -z "$_ipx" ] && break _ipx=`expr "$_ipx" : '.*\(ipx [0-9a-h]\{1,8\}H*\.[0-9a-h]\{1,12\}\).*'` IFS="$oldifs" ifconfig ${_if} ${_ipx} delete IFS="$_ifs" _ret=0 done IFS="$oldifs" return $_ret } # ifnet_rename # Rename all requested interfaces. # ifnet_rename() { local _if _ifname # ifconfig_IF_name for _if in `ifconfig -l`; do _ifname=`get_if_var $_if ifconfig_IF_name` if [ ! -z "$_ifname" ]; then ifconfig $_if name $_ifname fi done return 0 } # list_net_interfaces type # List all network interfaces. The type of interface returned # can be controlled by the type argument. The type # argument can be any of the following: # nodhcp - all interfaces, excluding DHCP configured interfaces # dhcp - list only DHCP configured interfaces # noautoconf - all interfaces, excluding IPv6 Stateless # Address Autoconf configured interfaces # autoconf - list only IPv6 Stateless Address Autoconf # configured interfaces # If no argument is specified all network interfaces are output. # Note that the list will include cloned interfaces if applicable. # Cloned interfaces must already exist to have a chance to appear # in the list if ${network_interfaces} is set to `auto'. # list_net_interfaces() { local type _tmplist _list _autolist _lo _if type=$1 # Get a list of ALL the interfaces and make lo0 first if it's there. # _tmplist= case ${network_interfaces} in [Aa][Uu][Tt][Oo]) _autolist="`ifconfig -l`" _lo= for _if in ${_autolist} ; do if autoif $_if; then if [ "$_if" = "lo0" ]; then _lo="lo0 " else _tmplist="${_tmplist} ${_if}" fi fi done _tmplist="${_lo}${_tmplist# }" ;; *) _tmplist="${network_interfaces} ${cloned_interfaces}" # lo0 is effectively mandatory, so help prevent foot-shooting # case "$_tmplist" in lo0|'lo0 '*|*' lo0'|*' lo0 '*) ;; # This is fine, do nothing *) _tmplist="lo0 ${_tmplist}" ;; esac ;; esac _list= case "$type" in nodhcp) for _if in ${_tmplist} ; do if ! dhcpif $_if && \ [ -n "`_ifconfig_getargs $_if`" ]; then _list="${_list# } ${_if}" fi done ;; dhcp) for _if in ${_tmplist} ; do if dhcpif $_if; then _list="${_list# } ${_if}" fi done ;; noautoconf) for _if in ${_tmplist} ; do if ! ipv6_autoconfif $_if && \ [ -n "`_ifconfig_getargs $_if ipv6`" ]; then _list="${_list# } ${_if}" fi done ;; autoconf) for _if in ${_tmplist} ; do if ipv6_autoconfif $_if; then _list="${_list# } ${_if}" fi done ;; *) _list=${_tmplist} ;; esac echo $_list return 0 } # get_default_if -address_family # Get the interface of the default route for the given address family. # The -address_family argument must be suitable passing to route(8). # get_default_if() { local routeget oldifs defif line defif= oldifs="$IFS" IFS=" " for line in `route -n get $1 default 2>/dev/null`; do case $line in *interface:*) defif=${line##*: } ;; esac done IFS=${oldifs} echo $defif } # hexdigit arg # Echo decimal number $arg (single digit) in hexadecimal format. hexdigit() { printf '%x\n' "$1" } # hexprint arg # Echo decimal number $arg (multiple digits) in hexadecimal format. hexprint() { printf '%x\n' "$1" } is_wired_interface() { local media case `ifconfig $1 2>/dev/null` in *media:?Ethernet*) media=Ethernet ;; esac test "$media" = "Ethernet" } # network6_getladdr if [flag] # Echo link-local address from $if if any. # If flag is defined, tentative ones will be excluded. network6_getladdr() { local proto addr rest ifconfig $1 2>/dev/null | while read proto addr rest; do case ${proto} in inet6) case ${addr} in fe80::*) if [ -z "$2" ]; then echo ${addr} return fi case ${rest} in *tentative*) continue ;; *) echo ${addr} return esac esac esac done }