4 # Note that almost all of the user-configurable behavior is not in this
5 # file, but rather in /etc/defaults/rc.conf. Please check that file
6 # first before contemplating any changes here. If you do need to change
7 # this file for some reason, we would like to know about it.
12 echo -n 'Doing IPv6 network setup:'
14 case ${ipv6_gateway_enable} in
17 # list of interfaces, and prefix for interfaces
19 case ${ipv6_network_interfaces} in
21 ipv6_network_interfaces="`ifconfig -l`"
27 # manual configurations - in case ip6_gateway_enable=NO
28 # you can configure only single interface,
29 # as specification assumes that
30 # autoconfigured host has single interface only.
32 case ${ipv6_network_interfaces} in
34 ipv6_network_interfaces="`ifconfig -l \
44 # disallow "internal" addresses to appear on the wire
45 route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
46 route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
48 case ${ipv6_gateway_enable} in
51 sysctl -w net.inet6.ip6.forwarding=1
52 sysctl -w net.inet6.ip6.accept_rtadv=0
55 for i in $ipv6_network_interfaces; do
58 sleep `sysctl -n net.inet6.ip6.dad_count`
61 # setting up interfaces
62 for i in $ipv6_network_interfaces; do
63 eval prefix=\$ipv6_prefix_$i
69 for j in ${prefix}; do
70 case ${prefixcmd_enable} in
75 laddr=`ifconfig $i inet6 \
76 | grep 'inet6 fe80:' \
77 | head -1 | awk '{print $2}'`
78 hostid=`echo ${laddr} | sed \
79 -e 's/fe80:[0-9a-fA-F]+::/fe80::/' \
80 -e 's/fe80:://' -e 's/%.*//'`
83 eval hostid_$i=${hostid}
84 eval address_$i=${address}
86 ifconfig $i inet6 ${address} \
91 # subnet-router anycast address (rfc2373)
92 ifconfig $i inet6 $j:: prefixlen 64 \
99 # again, wait for DAD's completion (for global addrs)
100 sleep `sysctl -n net.inet6.ip6.dad_count`
103 # Filter out interfaces on which IPv6 addr init failed.
104 ipv6_working_interfaces=""
105 for i in ${ipv6_network_interfaces}; do
106 laddr=`ifconfig $i inet6 2>/dev/null | \
107 grep 'inet6 fe80:' | \
108 head -1 | grep -v tentative`
113 ipv6_working_interfaces="$i \
114 ${ipv6_working_interfaces}"
118 ipv6_network_interfaces=${ipv6_working_interfaces}
126 # install the "default interface" to kernel, which will be used
127 # as the default route when there's no router.
128 network6_default_interface_setup
130 # setup static routes
131 network6_static_routes_setup
134 case ${ipv6_router_enable} in
136 if [ -x ${ipv6_router} ]; then
137 echo -n " ${ipv6_router}"
138 ${ipv6_router} ${ipv6_router_flags}
144 # This should enabled with a great care.
145 # You may want to fine-tune /etc/rtadvd.conf.
147 # And if you wish your rtadvd to receive and process
148 # router renumbering messages, specify your Router Renumbering
149 # security policy by -P option.
151 # See `man 3 ipsec_set_policy` for IPsec policy specification
153 # (CAUTION: This enables your routers prefix renumbering
154 # from another machine, so if you enable this, do it with
157 case ${rtadvd_enable} in
160 rtadvd_interfaces=`echo ${ipv6_network_interfaces} | \
162 rtadvd ${rtadvd_interfaces}
164 # Enable Router Renumbering, unicast case
165 # (use correct src/dst addr)
166 # rtadvd -P "in ipsec ah/transport/fec0:0:0:1::1-fec0:0:0:10::1/require" \
167 # ${ipv6_network_interfaces}
168 # Enable Router Renumbering, multicast case
169 # (use correct src addr)
170 # rtadvd -P "in ipsec ah/transport/ff05::2-fec0:0:0:10::1/require" \
171 # ${ipv6_network_interfaces}
176 case ${mroute6d_enable} in
178 if [ -x ${mroute6d_program} ]; then
179 echo -n " ${mroute6d_program}"
180 ${mroute6d_program} ${mroute6d_flags}
186 # act as endhost - automatically configured
187 sysctl -w net.inet6.ip6.forwarding=0
188 sysctl -w net.inet6.ip6.accept_rtadv=1
190 ifconfig ${ipv6_network_interfaces} up
191 rtsol ${ipv6_network_interfaces}
195 # wait for DAD's completion (for global addrs)
196 sleep `sysctl -n net.inet6.ip6.dad_count`
205 # install the "default interface" to kernel, which will be used
206 # as the default route when there's no router.
207 # ndp -I ${ipv6_default_interface}
208 network6_default_interface_setup
210 # setup static routes
211 network6_static_routes_setup
215 case ${ipv6_ipv4mapping} in
217 echo -n ' IPv4 mapped IPv6 address support=YES'
218 sysctl -w net.inet6.ip6.mapped_addr=1 >/dev/null
221 echo -n ' IPv4 mapped IPv6 address support=NO'
222 sysctl -w net.inet6.ip6.mapped_addr=0 >/dev/null
228 # Let future generations know we made it.
230 network6_pass1_done=YES
233 network6_gif_setup() {
234 case ${gif_interfaces} in
238 for i in ${gif_interfaces}; do
239 eval peers=\$gifconfig_$i
245 gifconfig $i ${peers}
253 network6_stf_setup() {
254 case ${stf_interface_ipv4addr} in
258 # setup outer IPv4 addrs
259 gifconfig stf0 ${stf_interface_ipv4addr} 255.255.255.255
260 # assign IPv6 addr and interface route for 6to4 interface
261 stf_prefixlen=$((16+${stf_interface_ipv4plen:-0}))
264 set ${stf_interface_ipv4addr}
266 ipv4_in_hexformat=`printf "%x:%x\n" \
267 $(($1*256 + $2)) $(($3*256 + $4))`
268 case ${stf_interface_ipv6_ifid} in
269 [Aa][Uu][Tt][Oo] | '')
270 laddr=`ifconfig stf0 inet6 | grep 'inet6 fe80:' \
271 | head -1 | awk '{print $2}'`
272 stf_interface_ipv6_ifid=`echo ${laddr} | sed \
273 -e 's/fe80:[0-9a-fA-F]+::/fe80::/' \
274 -e 's/fe80:://' -e 's/%.*//'`
275 case ${stf_interface_ipv6_ifid} in
277 stf_interface_ipv6_ifid=0:0:0:1
282 ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \
283 prefixlen ${stf_prefixlen}
284 # disallow packets to malicious 6to4 prefix
285 route add -inet6 2002:7f00:0000:: -prefixlen 24 ::1 -reject
286 route add -inet6 2002:0000:0000:: -prefixlen 48 ::1 -reject
287 route add -inet6 2002:ffff:ffff:: -prefixlen 48 ::1 -reject
292 network6_static_routes_setup() {
293 # Set up any static routes.
294 case ${ipv6_static_routes} in
298 for i in ${ipv6_static_routes}; do
299 eval ipv6_route_args=\$ipv6_route_${i}
300 route add -inet6 ${ipv6_route_args}
306 network6_default_interface_setup() {
307 # Choose IPv6 default interface if it is not clearly specified.
308 case ${ipv6_default_interface} in
310 for i in ${ipv6_network_interfaces}; do
311 laddr=`ifconfig $i inet6 2>/dev/null \
312 | grep 'inet6 fe80:' | \
313 head -1 | grep -v tentative`
318 ipv6_default_interface=$i
326 # Disallow unicast packets without outgoing scope identifiers,
327 # or route such packets to a "default" interface, if it is specified.
328 case ${ipv6_default_interface} in
330 route add -inet6 fe80:: -prefixlen 10 ::1 -reject
331 route add -inet6 ff02:: -prefixlen 16 ::1 -reject
334 laddr=`ifconfig ${ipv6_default_interface} inet6 \
335 | grep 'inet6 fe80:' | head -1 | awk '{print $2}'`
336 route add -inet6 fe80:: ${laddr} -prefixlen 10 -interface \
338 route add -inet6 ff02:: ${laddr} -prefixlen 16 -interface \