#
259065 |
|
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
256255 |
|
10-Oct-2013 |
hrs |
Add support for "vnet jname" argument in ifconfig_IF. The vnet keyword is ignored except for "rc.d/netif vnet{up,down} ifn" because a jail is usually created after interface initialization on boot time.
"rc.d/netif vnetup ifn" moves ifn into the specified jail. It is designed to be used in other scripts like rc.d/jail, not automatically invoked during the interface initialization.
Approved by: re (kib)
|
#
256040 |
|
04-Oct-2013 |
hrs |
Do not attempt to do AF-specific configurations on a interface when noafif() is true. The following warning message was displayed when pflog0 interface existed, for example:
ifconfig: ioctl(SIOCGIFINFO_IN6): Protocol family not supported
Reported by: bz Approved by: re (gjb)
|
#
256039 |
|
04-Oct-2013 |
hrs |
Add epair(4) support in $cloned_interfaces. One should be specified as "epair0" in $cloned_interfaces and "epair0[ab]" in the others in rc.conf like the following:
cloned_interfaces="epair0" ifconfig_epair0a="inet 192.168.1.1/24" ifconfig_epair0b="inet 192.168.2.1/24"
/etc/rc.d/netif now accepts both "netif start epair0" and "netif start epair0a".
Approved by: re (kib)
|
#
255653 |
|
17-Sep-2013 |
hrs |
Fix parsing lines of ifconfig output which include \t in the case of inet and inet6.
Approved by: re (delphij)
|
#
254743 |
|
23-Aug-2013 |
asomers |
Correctly remove an interface's ipv4 address when the user calls "/etc/rc.d/netif stop XXX". The old globbing pattern failed to account for the possibility of a tab occuring before "inet".
Reviewed by: will Approved by: ken (mentor, implicit) MFC after: Never (bug affects head only) Sponsored by: Spectra Logic
|
#
253924 |
|
04-Aug-2013 |
hrs |
- Reimplement $gif_interfaces as a variant of $cloned_interfaces. Newly-configured systems should use $cloned_interfaces.
- Call clone_{up,down}() and ifnet_rename() in rc.d/netif {start,stop}. ifnet_rename() now accepts an interface name list as its argument.
- Add rc.d/netif clear. The "clear" subcommand is basically equivalent to "stop" but it does not call clone_down().
- Add "ifname:sticky" keyword into $cloned_interfaces. If :sticky is specified, the interface will not be destroyed in rc.d/netif stop.
- Add cloned_interfaces_sticky={YES,NO}. This variable globally sets :sticky keyword above for all interfaces. The default value is NO. When cloned_interfaces_sticky=YES, :nosticky keyword can be used to override it on per interface basis.
|
#
253520 |
|
21-Jul-2013 |
hrs |
Do not set ND6_IFF_ACCEPT_RTADV on if_bridge(4) interfaces when ipv6_enable=yes.
MFC after: 3 days
|
#
253505 |
|
20-Jul-2013 |
hrs |
Fix address range specification with ifconfig(8) options such as:
- inet 192.0.2.1-10 netmask 255.255.255.0 (inet range spec + ifconfig options) - inet6 2001:db8:1::1-f prefixlen 60 (inet6 range spec + ifconfig options)
If prefixlen or netmask option is specified with CIDR notation at the same time, the option is used.
Tested by: Michael Grimm MFC after: 3 days
|
#
253444 |
|
18-Jul-2013 |
hrs |
- Fix a bug in ipv6_prefix_IF. It did not work with the 64-bit prefix notation like 2001:db8:1:1.
- Use eui64 flag in ifconfig(8) instead of network6_getladdr()[*] for interface indentifier part.
Suggested by: ume [*] MFC after: 3 days
|
#
252426 |
|
30-Jun-2013 |
hrs |
Add "ether" and "link" to ifconfig_alias{es,N}.
|
#
252360 |
|
28-Jun-2013 |
delphij |
Don't attempt to do DHCP on certain interfaces, similar to what's done for ipv6_autoconfif() in r212577.
MFC after: 1 week
|
#
252230 |
|
26-Jun-2013 |
rpaulo |
Implement ifconfig_wlanX="HOSTAP".
Not only this is a bit cleaner, it allows multiple instances of hostapd to be running on the system host, useful for simultaneous dual-band WiFi. This is similar to ifconfig_wlanX="WPA" but it uses /etc/hostapd-wlanX.conf. Compatibility with hostapd_enable=YES/NO was kept.
Reviewed by: adrian
|
#
252015 |
|
20-Jun-2013 |
hrs |
- Add CIDR notation support like 192.168.1-2.10-16/24 to $ifconfig_IF_aliasN. This is an extended version of ipv4_addr_IF which supports both IPv4 and IPv6, and multiple range specifications. To avoid to generate too many addresses, the maximum number of the generated addresses is currently limited to 31.
- Add $ifconfig_IF_aliases, which accepts multiple IP aliases in a variable.
- ipv6_prefix_IF now supports !/64 prefix length. In addition to the old 64-bit format (2001:db8:1:1), a full 128-bit format like 2001:db8:1:1::/64 is supported.
- Replace ifconfig command with $IFCONFIG_CMD variable to support a dry-run mode in the future.
- Remove IP aliases before removing all of IPv4 addresses when doing "rc.d/netif down".
- Add a DAD wait to network6_getladdr() because it is possible to fail to configure an EUI64 address when ipv6_prefix_IF is specified.
A summary of the supported ifconfig_* variables is as follows:
# IPv4 configuration. ifconfig_em0="inet 192.168.0.1" # IPv6 configuration. ifconfig_em0_ipv6="inet6 2001:db8::1/64" # IPv4 address range spec. Now deprecated. ipv4_addr_em0="10.2.1.1-10" # IPv6 alias. ifconfig_em0_alias0="inet6 2001:db8:5::1 prefixlen 70" # IPv4 alias. ifconfig_em0_alias1="inet 10.2.2.1/24" # IPv4 alias with range spec w/o AF keyword (backward compat). ifconfig_em0_alias2="10.3.1.1-10/32" # IPv6 alias with range spec. ifconfig_em0_alias3="inet6 2001:db8:20-2f::1/64" # ifconfig_IF_aliases is just like ifconfig_IF_aliasN. ifconfig_em0_aliases="inet 10.3.3.201-204/24 inet6 2001:db8:210-213::1/64 inet 10.1.1.1/24" # IPv6 alias (backward compat) ipv6_ifconfig_em0_alias0="inet6 2001:db8:f::1/64" # IPv6 alias w/o AF keyword (backward compat) ipv6_ifconfig_em0_alias1="2001:db8:f:1::1/64" # IPv6 prefix. ipv6_prefix_em0="2001:db8::/64"
Tested by: Kimmo Paasiala
|
#
242181 |
|
27-Oct-2012 |
hrs |
Fix an issue when ipv6_enable=YES && ipv6_gateway_enable=YES which could prevent rtadvd(8) from working as intended.
Spotted by: brian Discussed with: brian
|
#
230453 |
|
22-Jan-2012 |
hrs |
Fix several glitches in IPv6-related knobs:
- ipv6_enable + ipv6_gateway_enable should unset ACCEPT_RTADV by default for backward compatibility.
- Configurations in ipv6_prefix_IF should be recognized even if there is no ifconfig_IF_ipv6.
- DAD wait should be performed at once, not on a per-interface basis, if possible. This fixes an issue that a system with a lot of IPv6-capable interfaces takes too long for booting.
MFC after: 1 week
|
#
229783 |
|
07-Jan-2012 |
uqs |
Spelling fixes for etc/
|
#
228472 |
|
13-Dec-2011 |
glebius |
Add compatibility support for specifing IPv4 aliases in rc.conf without the "inet" keyword.
Obtained from: hrs
|
#
226652 |
|
23-Oct-2011 |
hrs |
Add support for removing addresses added by ipv6_prefix_hostid_addr_up() upon rc.d/netif stop.
|
#
226649 |
|
23-Oct-2011 |
hrs |
Fix an issue that 127/8 is not configured when $ifconfig_DEFAULT is not empty.
Spotted by: ume
|
#
225849 |
|
28-Sep-2011 |
delphij |
Test if the interface is afif in dhcpif() and syncdhcpif(), as done in ipv6_autoconfif.
Reviewed by: hrs (freebsd-rc@) MFC after: 1 week
|
#
225560 |
|
14-Sep-2011 |
brueffer |
Minor spelling, wording and punctuation fixes in comments.
PR: 155984 Submitted by: gcooper Approved by: re (kib) MFC after: 1 week
|
#
225522 |
|
12-Sep-2011 |
hrs |
- Add an warning when ifconfig_IF_ipv6 has no inet6 keyword in front of an IPv6 address. (r225489)
- Use eval for ${ifconfig_args} to fix an issue fixed in r223506. (r225489)
Approved by: re (bz)
|
#
225521 |
|
12-Sep-2011 |
hrs |
Add $ipv6_cpe_wanif to enable functionality required for IPv6 CPE (r225485). When setting an interface name to it, the following configurations will be enabled:
1. "no_radr" is set to all IPv6 interfaces automatically.
2. "-no_radr accept_rtadv" will be set only for $ipv6_cpe_wanif. This is done just before evaluating $ifconfig_IF_ipv6 in the rc.d scripts (this means you can manually supersede this configuration if necessary).
3. The node will add RA-sending routers to the default router list even if net.inet6.ip6.forwarding=1.
This mode is added to conform to RFC 6204 (a router which connects the end-user network to a service provider network). To enable packet forwarding, you still need to set ipv6_gateway_enable=YES.
Note that accepting router entries into the default router list when packet forwarding capability and a routing daemon are enabled can result in messing up the routing table. To minimize such unexpected behaviors, "no_radr" is set on all interfaces but $ipv6_cpe_wanif.
Approved by: re (bz)
|
#
223506 |
|
24-Jun-2011 |
pluknet |
Add support for string values with white spaces for ifconfig(8) parameters accepting them (such as description, group).
Changes discussed on freebsd-rc.
PR: conf/156675 Reported by: "Alexander V. Chernikov" <melifaro att ipfw ru> Suggested by: hrs Analyzed with: Alexander V. Chernikov via IRC MFC after: 2 weeks
|
#
222996 |
|
11-Jun-2011 |
hrs |
Add a helper function to check kern.features.* sysctls.
Discussed with: dougb
|
#
222746 |
|
06-Jun-2011 |
hrs |
Do not mark lo0 as IFDISABLED even if there is no $ifconfig_lo0_ipv6 line.
|
#
222733 |
|
06-Jun-2011 |
hrs |
Remove "ifconfig IF inet6 -accept_rtadv" when ipv6_gateway_enable=YES because this is no longer needed.
|
#
222515 |
|
30-May-2011 |
bz |
No logner set an IPv4 loopback address by default in defaults/rc.conf. If not specified, network.subr will add it automatically if we have INET support (1).
In network.subr only call the address family up/down functions if the respective AF is available.
Switch to new kern.features variables for inet and inet6 as the inet sysctl tree is also available for IPv6-only kernels leading to unexpected results.
Suggested by: hrs (1) Reviewed by: hrs Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems MFC after: 20 days
|
#
221884 |
|
14-May-2011 |
jilles |
network.subr: Use printf(1) builtin for hexprint function.
Now that printf(1) is a shell builtin, there is no need to emulate it anymore. The external printf(1) is /usr/bin/printf and therefore may not be available in early boot.
It may be faster to use printf directly but the function is useful for compatibility.
|
#
212579 |
|
13-Sep-2010 |
hrs |
Split $ipv6_prefer into $ip6addrctl_policy and $ipv6_activate_all_interfaces.
The $ip6addrctl_policy is a variable to choose a pre-defined address selection policy set by ip6addrctl(8). The keyword "ipv4_prefer" sets IPv4-preferred one described in Section 10.3, the keyword "ipv6_prefer" sets IPv6-preferred one in Section 2.1 in RFC 3484, respectively. When "AUTO" is specified, it attempts to read /etc/ip6addrctl.conf first. If it is found, it reads and installs it as a policy table. If not, either of the two pre-defined policy tables is chosen automatically according to $ipv6_activate_all_interfaces.
When $ipv6_activate_all_interfaces=NO, interfaces which have no corresponding $ifconfig_IF_ipv6 is marked as IFDISABLED for security reason.
The default values are ip6addrctl_policy=AUTO and ipv6_activate_all_interfaces=NO.
Discussed with: ume and bz
|
#
212578 |
|
13-Sep-2010 |
hrs |
Localize $_punct_c in get_if_var() and whitespace clean-ups.
Based on: changes in r206408 by dougb
|
#
212577 |
|
13-Sep-2010 |
hrs |
- Check some specific IFs first in ipv6_autoconfif(). - $ipv6_enable supports YES|TRUE|ON|1 as in checkyesno().
Based on: changes in r206408 by dougb
|
#
212575 |
|
13-Sep-2010 |
hrs |
Fix $ipv6_network_interfaces and set it as AUTO by default.
Based on: changes in r206408 by dougb
|
#
212574 |
|
13-Sep-2010 |
hrs |
Revert changes in r206408.
Discussed with: dougb, core.5, and core.6
|
#
208213 |
|
17-May-2010 |
jhb |
Prevent unloading a kld for a driver that has subinterfaces (vlan and/or wlan interfaces) from being automatically reloaded via devd shutdown event handlers. - Revert part of my previous changes to call ifn_stop on subinterfaces when an interface is detached. It is better to destroy the interfaces first so that an 'ifconfig foo0.blah down' doesn't result in ifconfig auto-loading if_foo.ko. The ifconfig command will not be invoked if foo0.blah is gone when ifn_stop() is called. Furthermore, it is not necessary to explicitly invoke ifn_stop() after the subinterface is destroyed as devd will already do that. - Pass -n to ifconfig when destroying interfaces so that destroying a cloned interface does not kldload any drivers.
Reviewed by: dougb MFC after: 4 days
|
#
208060 |
|
14-May-2010 |
dougb |
Remove trailing white space. No functional changes.
|
#
207592 |
|
03-May-2010 |
dougb |
Make address assignment via ipv6_prefix_IF work again
|
#
206408 |
|
08-Apr-2010 |
dougb |
Improve the handling of IPv6 configuration in rc.d. The ipv6_enable and ipv6_ifconfig_<interface> options have already been deprecated, these changes do not alter that.
With these changes any value set for ipv6_enable will emit a warning. In order to avoid a POLA violation for the deprecation of the option ipv6_enable=NO will still disable configuration for all interfaces other than lo0. ipv6_enable=YES will not have any effect, but will emit an additional warning. Support and warnings for this option will be removed in FreeBSD 10.x.
Consistent with the current code, in order for IPv6 to be configured on an interface (other than lo0) an ifconfig_<interface>_ipv6 option will have to be added to /etc/rc.conf[.local].
1. Clean up and minor optimizations for the following functions: ifconfig_up (the ipv6 elements) ipv6if ipv6_autoconfif get_if_var _ifconfig_getargs The cleanups generally were to move the "easy" tests earlier in the functions, and consolidate duplicate code.
2. Stop overloading ipv6_prefer with the ability to disable IPv6 configuration.
3. Remove noafif() which was only ever called from ipv6_autoconfif. Instead, simplify and integrate the tests into that function, and convert the test to use is_wired_interface() instead of listing wireless interfaces explicitly.
4. Integrate backwards compatibility for ipv6_ifconfig_<interface> into _ifconfig_getargs. This dramatically simplifies the code in all of the callers, and avoids a lot of other code duplication.
5. In rc.d/netoptions, add code for an ipv6_privacy option to use RFC 4193 style pseudo-random addresses (this is what windows does by default, FYI).
6. Add support for the [NO]RTADV options in ifconfig_getargs() and ipv6_autoconfif(). In the latter, include support for the explicit addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done in the current code.
7. In rc.d/netif add a warning if $ipv6_enable is set, and remove the set_rcvar_obsolete for it. Also remove the latter from rc.d/ip6addrctl.
8. In /etc/defaults/rc.conf:
Add an example for RTADV configuration.
Set ipv6_network_interfaces to AUTO.
Switch ipv6_prefer to YES. If ipv6_enable is not set this will have no effect.
Add a default for ipv6_privacy (NO).
9. Document all of this in rc.conf.5.
|
#
203433 |
|
03-Feb-2010 |
ume |
Add rc.d script for the rtsold(8) daemon.
The rtsol(8) handles just one RA then exit. So, the OtherConfig flag may not be handled well by rtsol(8) in the environment where there are multiple RA servers on the segment. In such case, rtsold(8) will be your friend.
Reviewed by: hrs MFC after: 2 weeks
|
#
201216 |
|
29-Dec-2009 |
jhb |
Remove a trailing reference to the obsolete vaps_<IF> variable.
Reviewed by: brooks MFC after: 3 days
|
#
201215 |
|
29-Dec-2009 |
jhb |
Add support for configuring vlan(4) interfaces as child devices similar to wlan(4) interfaces. vlan(4) interfaces are listed via a new 'vlans_<IF>' variable. If a vlan interface is a number, then that number is treated as the vlan tag for the interface and the interface will be named '<IF>.<tag>'. Otherwise, the vlan tag must be provided via a vlan parameter in a 'create_args_<vlan>' variable.
While I'm here, fix a few nits in rc.conf(5) and mention create_args_<IF> in the description of cloned_interfaces.
Reviewed by: brooks MFC after: 2 weeks
|
#
197697 |
|
02-Oct-2009 |
hrs |
- Add AF_IPX and AF_NATM to afexists().
- Add afexists() check to address family specific rc.d scripts. A script for an AF will be silently ignored if the kernel has no support for the AF.
|
#
197526 |
|
26-Sep-2009 |
hrs |
Fix several logic bugs in the previous IPv6 variable change and re-add $ipv6_enable support for backward compatibility. From UPDATING:
1. To use IPv6, simply define $ifconfig_IF_ipv6 like $ifconfig_IF for IPv4. For aliases, $ifconfig_IF_aliasN should be used. Note that both variables need the "inet6" keyword at the head.
Do not set $ipv6_network_interfaces manually if you do not understand what you are doing. It is not needed in most cases.
$ipv6_ifconfig_IF and $ipv6_ifconfig_IF_aliasN still work, but they are obsolete.
2. $ipv6_enable is obsolete. Use $ipv6_prefer and/or "inet6 accept_rtadv" keyword in ifconfig(8) instead.
If you define $ipv6_enable=YES, it means $ipv6_prefer=YES and all configured interfaces have "inet6 accept_rtadv" in the $ifconfig_IF_ipv6. These are for backward compatibility.
3. A new variable $ipv6_prefer has been added. If NO, IPv6 functionality of interfaces with no corresponding $ifconfig_IF_ipv6 is disabled by using "inet6 ifdisabled" flag, and the default address selection policy of ip6addrctl(8) is the IPv4-preferred one (see rc.d/ip6addrctl for more details). Note that if you want to configure IPv6 functionality on the disabled interfaces after boot, first you need to clear the flag by using ifconfig(8) like:
ifconfig em0 inet6 -ifdisabled
If YES, the default address selection policy is set as IPv6-preferred.
The default value of $ipv6_prefer is NO.
4. If your system need to receive Router Advertisement messages, define "inet6 accept_rtadv" in $ifconfig_IF_ipv6. The rc(8) scripts automatically invoke rtsol(8) when the interface becomes UP. The Router Advertisement messages are used for SLAAC (State-Less Address AutoConfiguration).
|
#
197147 |
|
12-Sep-2009 |
hrs |
Add missing comments and whitespace clean-ups.
|
#
197139 |
|
12-Sep-2009 |
hrs |
Integrate rc.d/network_ipv6 into rc.d/netif:
- Add rc.d/stf and rc.d/faith for stf(4) and faith(4). - Remove rc.d/auto_linklocal and rc.d/network_ipv6. - Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif depends on some sysctl variables.
Reviewed by: brooks MFC after: 3 days
|
#
196589 |
|
27-Aug-2009 |
dougb |
In the loop through the list of interfaces in network6_interface_setup() rtsol_interface gets reset to "yes" each time through the loop, but rtsol_available does not. If a user has lo0 first in their list of interfaces rtsol_available will get set to "no" the first time through the loop and subsequent interfaces will not get rtsol'ed when they should.
Therefore change the conditional for the is_wired() test to _interface.
Noticed by: Dimitry Andric <dimitry@andric.com>
|
#
196523 |
|
24-Aug-2009 |
dougb |
Improve the case test to detect the presence of lo0 in the list of network_interfaces.
Submitted by: Christoph Mallon <christoph.mallon@gmx.de>
|
#
196478 |
|
23-Aug-2009 |
dougb |
Prior to the dire warning about values of network_interfaces other than AUTO the biggest mistake users made was leaving lo0 off the list. Since lo0 is effectively mandatory, check for it and add it to the list if it's not there.
|
#
196436 |
|
23-Aug-2009 |
dougb |
Move is_wired_interface() from rc.d/wpa_supplicant into network.subr, simplify it a bit, and make use of that method to determine if an interface is a candidate for IPv6 rtsol rather than listing all of the possible wireless interfaces that should _not_ get rtsol'ed.
This change is only relevant for 8.0+ unless the "wlan mandatory" code gets ported back to RELENG_7.
|
#
195029 |
|
25-Jun-2009 |
dougb |
rtsol should not be run on the wireless NIC interfaces directly, it will run on wlan0 instead.
|
#
193199 |
|
01-Jun-2009 |
dougb |
Eliminate the warning that "Values of network_interfaces other than AUTO are deprecated.' There is no good reason to deprecate them, and setting this to different values can be useful for custom solutions and/or one-off configuration problems.
|
#
189759 |
|
13-Mar-2009 |
brooks |
Add support for setting the debug flags on wlan interfaces after the are created using wlandebug_<ifn> variables.
|
#
188118 |
|
04-Feb-2009 |
thompsa |
Check for NOAUTO on child interfaces (eg wlanX) so they can be created via rc.conf but not necessarily started.
|
#
183517 |
|
01-Oct-2008 |
brooks |
Remove compat support for vaps_<ifn> and vap_create_<ifn> variables as promised in r178527. These variables were never in a release version.
Reminded by: sam
|
#
179961 |
|
23-Jun-2008 |
mtm |
Implement a "quiet" mode for rc.d/netif, which only outputs the interface name of interfaces that were configured.
This change has the added benefit that ifn_start() and ifn_stop() in network.subr no longer write to standard output. Whether to output and what to output is now handled entirely in rc.d/netif.
|
#
179314 |
|
26-May-2008 |
dougb |
Add a missing space between a variable and the ] for a test
|
#
179003 |
|
14-May-2008 |
brooks |
Change the default value of synchronous_dhclient to NO.
To preserve the existing behavior of etc/rc.d/netif, add code to wait up to if_up_delay seconds (30 seconds by default) for a default route to be configured if there are any dhcp interfaces. This should be extended to test that the interface is actually up.
X-MFC after:
|
#
179002 |
|
14-May-2008 |
brooks |
Fix last commit and call childif_destroy() correctly.
|
#
179001 |
|
14-May-2008 |
brooks |
Don't print the interface status if we only create child or destroy interfaces.
Correctly return status from childif_create().
|
#
178695 |
|
30-Apr-2008 |
brooks |
Emit a warning when the network_interfaces variable is not set to AUTO.
MFC after: 3 days
|
#
178527 |
|
25-Apr-2008 |
brooks |
Replace the prototype vaps_<ifn> and vap_create_<ifn> variables with more wlans_<ifn> and create_args_<ifn>
Add documentation for these variants and generally update the wireless device example.
There is are very short lived shim from vaps_<ifn> which produces a warning and vap_create_<ifn> which does not. Misuse the MFC notification service to remind me to remove them.
MFC after: 3 weeks
|
#
178356 |
|
20-Apr-2008 |
sam |
rc support for vaps
|
#
177682 |
|
28-Mar-2008 |
brooks |
Support gif_interface values that don't follow the pattern gif###. Remove ancient compatablity support for gif_interface="NO".
|
#
173355 |
|
05-Nov-2007 |
thompsa |
Change wpa_supplicant to down the interface at the start of the init routine. wpa_supplicant expects that it has exclusive access to the net80211 state so when its starts poking in the WEP/WPA settings and the card is already scanning it can cause net80211 to try and associate incorrectly with a protected AP.
This is an inconvenience for firmware based cards such as iwi where it can be sent an auth instruction with incomplete security info and cause a firmware error.
Remove the 'ifconfig up' from network.subr since wpa_supplicant will immediately down the interface again.
Reported by: Guy Helmer (and others) Reviewed by: sam, brooks, avatar MFC after: 3 days
|
#
169889 |
|
22-May-2007 |
thompsa |
Do not attempt to load the kernel module when checking if an interface exists.
This would cause pseudo network modules to be reloaded again when trying to unload the first time if any cloned interfaces exist.
MFC after: 2 weeks
|
#
168033 |
|
29-Mar-2007 |
ache |
Back out network.subr :- fix and comment out dhc*_fxp0 examples instead
Submitted by: jhb
|
#
168023 |
|
29-Mar-2007 |
ache |
Fix get_if_var() with 3 args (i.e. with default)
All xxx_<ifname> flags are set to empty strings automatically earlier so eval echo \${${prefix}${_if}${suffix}-${_default}} not substitute the default but return just the empty string. Fix it using eval echo \${${prefix}${_if}${suffix}:-${_default}} (i.e. treat empty strings as unset)
The bug manifistates itself with the following warning from checkyesno(): /etc/rc.d/dhclient: WARNING: $background_dhclient is not set properly - see rc.conf(5)
|
#
166583 |
|
09-Feb-2007 |
flz |
Add support for EtherChannel configuration to rc startup scripts.
Note: This also deprecates "NO" as a way to specify an empty list of interfaces for gif_interfaces.
PR: conf/104884 Submitted by: nork Harassed by: brd Discussed with: brooks, dougb
|
#
163759 |
|
29-Oct-2006 |
mlaier |
Do not try to rtsol on pflog or pfsync devices.
|
#
163083 |
|
07-Oct-2006 |
ume |
Restore the behavior that net.inet6.ip6.auto_linklocal=0 could be coexist with ipv6_enable="YES".
MFC after: 3 days
|
#
162949 |
|
02-Oct-2006 |
gnn |
Turn off automatic link local address if ipv6_enable is not set to YES in rc.conf
Reviewed by: KAME core team, cperciva MFC after: 3 days
|
#
162490 |
|
20-Sep-2006 |
brooks |
Introduce a new method ipv6if which attemptes to figure out if an interface is an IPv6 interface.
Use this method to decide if we should attempt to configure an interface with an IPv6 address in pccard_ether. The mechanism pccard_ether uses to do this is unsuited to the task because it assumes the list of interfaces it is passed is the full list of IPv6 interfaces and makes decissions based on that. This is at least a step in the right direction and is probably about as much as we can MFC safely.
PR: conf/103428 MFC after: 3 days
|
#
161386 |
|
17-Aug-2006 |
brooks |
Introduce a new function, ifexists and use it to avoid attempting to touch interfaces that don't actually exist in the stop case. In the process move some IPv4 specific code from ifconfig_down to ipv4_down.
This should solve problems with ifconfig: error messages on boot when interfaces are renamed.
|
#
157737 |
|
13-Apr-2006 |
brooks |
Spell synchronous with required silent 'h'.
Reported by: ru, ceri Pointy hat: brooks
|
#
157736 |
|
13-Apr-2006 |
brooks |
Add missing _ to $_punct.
Submitted by: Dmitry Pryanishnikov <dmitry at atlantis.dp.ua>
|
#
157706 |
|
13-Apr-2006 |
brooks |
Commit the various network interface configutation updates I've been working on. 1) Make it possible to configure interfaces with certain characters in their names that aren't valid in shell variables. Currently supported characters are ".-/+". They are converted into '_' characters. 2) Replace nearly all eval statements in network.subr with a new function get_if_var which substitues an interface name (after the translations above) for "IF" in a variable name. 3) Fix list_net_interfaces() in the nodhcp case. 4) Allow the administrator to specify if dhclient should be started when /etc/rc.d/netif configures the interface or only by devd. This can be set on both a per interface and system wide basis.
PR: conf/88974 [1,2], conf/92433 [1,2]
|
#
152441 |
|
14-Nov-2005 |
brooks |
Add a new configuration variable, ipv4_addrs_<ifn>, which adds one or more IPv4 address from a ranged list in CIRD notation:
ipv4_addrs_ed0="192.168.0.1/24 192.168.1.1-5/28"
In the process move alias processing into new ipv4_up/down functions to more toward a less IPv4 centric world.
Submitted by: Philipp Wuensche <cryx dash freebsd at h3q dot com>
|
#
149726 |
|
02-Sep-2005 |
brooks |
- Alwasy explicitly bring the interface up before configuring it. - If an interface's ifconfig_<ifn> is set, but empty, don't set it to ifconfig_DEFAULT. This way interfaces can be disabled even in the presence of ifconfig_DEFAULT. - When listing interfaces and network_interfaces=auto, place lo0 first if it's around.
|
#
149483 |
|
26-Aug-2005 |
brooks |
Support ifconfig_<ifn> variables containing quoted variables with spaces in them by wrapping the ifconfig command with eval "...".
For example, this allows:
ifconfig_iwi0="DHCP ssid 'foo bar baz'"
|
#
149401 |
|
23-Aug-2005 |
brooks |
- Remove the removable_interfaces variable. /etc/pccard_ether will now run on any interface. - Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration of an interface at boot or via /etc/pccard_ether. This allows /etc/rc.d/netif to be used to start and stop an interface on a purely manual basis. The decision to affect pccard_ether may be revisited at a later date.
Requested by: imp, gallatin (removable_interfaces) Discussed with: sam, Randy Bush (NOAUTO)
|
#
147684 |
|
30-Jun-2005 |
brooks |
- Remove the pccard_ifconfig variable in favor of a new ifconfig_DEFAULT variable. Unlike pccard_ifconfig, ifconfig_DEFAULT applies to all interfaces that do not specify an ifconfig_<ifn> variable rather than just those listed in removable_interfaces. - Correct the list of interfaces when network_interfaces and removable_interfaces are both set by including removable_interfaces in the list of canidates. - When listing dhcp interfaces, include those with other ifconfig options so nat works.
Approved by: re (network interface startup blanket)
|
#
147682 |
|
30-Jun-2005 |
brooks |
Add support for starting wpa_supplicant by adding the WPA keyword to an interface's ifconfig_<ifn> entry in /etc/rc.conf.
Approved by: re (network interface startup blanket)
|
#
147121 |
|
07-Jun-2005 |
brooks |
Fix return values of ifconfig_up/down.
Reported by: Andrea Campi
|
#
147088 |
|
07-Jun-2005 |
brooks |
Support code for the OpenBSD dhclient. This significantly changes the way interfaces are configured. Some key points:
- At startup, all interfaces are configured through /etc/rc.d/netif. - ifconfig_<if> variables my now mix real ifconfig commands the with DHCP and WPA directives. For example, this allows media configuration prior to running dhclient. - /etc/rc.d/dhclient is not run at startup except by netif to start dhclient on specific interfaces. - /etc/pccard_ether calls "/etc/rc.d/netif start <if>" to do most of it's work. - /etc/pccard_ether no longer takes additional arguments to pass to ifconfig. Instead, ifconfig_<if> variables are now honored in favor of pccard_ifconfig when available. - /etc/pccard_ether will only run on interfaces specified in removable_interfaces, even if pccard_ifconfig is set.
|
#
138405 |
|
05-Dec-2004 |
pjd |
'all' argument for list_net_interfaces() is now unused, remove it.
|
#
138386 |
|
05-Dec-2004 |
rse |
Use "ifconfig -l" instead of "list_network_interfaces all" in ifnet_rename() to support situations where rc.conf's $network_interfaces variable is set to an explicit list of network interfaces (instead of the default "auto").
Using "list_network_interfaces all" resulted in using $network_interfaces for both interface _renaming_ and interface _configuration_ which obviously cannot work either before (if the new name is in $network_interfaces) or after (if the old name is in $network_interfaces) renaming the interface.
|
#
138385 |
|
05-Dec-2004 |
rse |
fix typo: s/intefraces/interfaces/
|
#
137070 |
|
30-Oct-2004 |
pjd |
Allow to change interfaces name on boot time. Now, one should be able to put something like this into /etc/rc.conf:
ifconfig_fxp0_name="net0" ifconfig_net0="inet 10.0.0.1/16"
Reviewed by: green
|
#
134429 |
|
28-Aug-2004 |
yar |
Avoid double appearing of cloned interfaces in the output from list_net_interfaces() when network_interfaces=auto.
Rationale: Since the auto case is special, the lesser evil had to be chosen among not adding cloned interfaces to _tmplist or removing duplicates from _tmplist after adding cloned interfaces. Since list_net_interfaces() must not use /usr/bin tools, the former "evil" appeared clearer and much more efficient. (See the PR audit trail for discussion.)
PR: conf/63700 Reviewed by: brooks MFC after: 5 days
|
#
134376 |
|
27-Aug-2004 |
yar |
Fix a typo in a variable name.
|
#
130151 |
|
06-Jun-2004 |
schweikh |
Removed whitespace at BOF, EOL & EOF.
|
#
118797 |
|
11-Aug-2003 |
mbr |
Improve the handling dhcp handling of pccard_ether.
There are now many configurations which have a NIC on board, and pccard slots. If a dhclient is running on the internal nic, the Improve the handling dhcp handling of pccard_ether.
Improve the dhcp handling of pccard_ether.
There are now many configurations which have a NIC on board and Improve the dhcp handling of pccard_ether.
There are now many configurations which have a NIC on board and cardbus slots too. If a dhclient was already running on the internal NIC, the user was forced to kill a running dhclient manually.
If now a pccard is included at startup time, /etc/rc.d/dhclient start does include it into the startup list for dhcp devices. That means you can now do dhcp on the internal and the pccard devices at the same time. If the card is plugged in later, a running dhclient (working for the internal interface only) is killed, and restarted, but the interface name of the new pccard is added to the internal name. After removal, /etc/rc.d/dhclient is started again. This script does nothing if there are no devices in /etc/rc.conf
This is only a workaround for a well known problem. After we have a dhcp client which handles device adding and removal, it will go away.
|
#
118666 |
|
08-Aug-2003 |
ume |
add rtsol_flags.
MFC after: 1 week
|
#
116774 |
|
24-Jun-2003 |
kuriyama |
Check by [ $? -eq 0 ] rather than $?.
Reviewed by: mtm
|
#
116100 |
|
09-Jun-2003 |
mtm |
o Fix a typo o Fill in the ipx_down() routine.
Submitted by: ceri
|
#
116032 |
|
08-Jun-2003 |
mtm |
- Remove a debugging echo. - When we change the IFS make sure to return it to its previous value before executing a command.
|
#
116029 |
|
08-Jun-2003 |
mtm |
Implement *_down network routines for ifconfig'ed interfaces, cloned interfaces, interface aliases, user supplied ifconfig scripts, and ipx interfaces. The ipx routine fails unconditionaly at the moment. Someone who has a need for it can fill it in with the appropriate incantations.
|
#
114942 |
|
12-May-2003 |
ume |
pccard_ether didn't setup IPv6 after rcTOS sweep.
Reviewed by: mtm and dougb Approved by: re (scott)
|
#
113674 |
|
18-Apr-2003 |
mtm |
Break out and rewrite the network setup scripts. o /etc/network.subr contains common subroutines used for seting up network interfaces o rc.d/hostname sets the hostname if not already set o rc.d/nisdomain sets the nis domain *after* rpcbind but before the yp* daemons. This fixes issues with temporary hangs when looking up informaion in nis before it's ready. o rc.d/netif brings network interfaces (minus dhcp) up. o rc.d/network1 has been disabled and will be retired before RELENG_5. It will be replaced by rc.d/netif
Approved by: markm (mentor)
|
#
110746 |
|
12-Feb-2003 |
imp |
Back out 1.143 and 1.144. They are no longer needed now that we start devd later in the boot process. This should fix all the problems people have had with those commits. Diskless should be working again, and those that mount /usr with nfs should be able to do that again too.
|
#
107841 |
|
13-Dec-2002 |
imp |
o Don't consider LOOPBACK devices as configured...
|
#
107774 |
|
12-Dec-2002 |
imp |
o redirect the grep to /dev/null o use ifn rather than interface in rc.network o merge into rc.d/network1
Approved by: (re blanket)
|
#
104980 |
|
12-Oct-2002 |
schweikh |
Fix style bugs: * Space -> tabs conversion. * Removed blanks before semicolon in "if ... ; then". * Proper indentation of misindented lines. * Put a full stop after some comments. * Removed whitespace at end of line.
Approved by: silence from gordon
|
#
103710 |
|
20-Sep-2002 |
ume |
up gif during setup.
|
#
101594 |
|
09-Aug-2002 |
gordon |
Correct comment
Submitted by: Mike Makonnen <makonnen@pacbell.net>
|
#
100286 |
|
18-Jul-2002 |
dd |
Remove spurious "echo '.'".
|
#
100283 |
|
18-Jul-2002 |
dougb |
Make nisdomainname=NO DTRT
Submitted by: des, via Mike Makonnen <makonnen@pacbell.net>
|
#
100282 |
|
18-Jul-2002 |
dougb |
Cleanup some pollution from the NetBSD sync, and add gif setup.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
|
#
100281 |
|
18-Jul-2002 |
gordon |
Fix a typo that caused dhclient not to work.
Submitted by: Dennis Kristensen <snicki@snicki.dk> Reviewed by: Mike Makonnen <makonnen@pacbell.net>
|
#
100280 |
|
18-Jul-2002 |
gordon |
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
|
#
94465 |
|
11-Apr-2002 |
des |
Cosmetic changes to the previous commit, bringing it closer to what I already had in my tree but didn't want to commit.
|
#
94391 |
|
10-Apr-2002 |
peter |
Since sshd expects /etc/ssh/ssh_host_rsa_key to exist, we had better create it. Also specify protocol v1/v2 in case people wonder why we generate two RSA keys.
|
#
93566 |
|
01-Apr-2002 |
dougb |
The good news is that my initial PR was correct... the bad news is that I was apparently smoking something when I committed the last fix, because as ume was kindly enough to set me straight on, amd *will* start with no arguments at all, as long as there is an /etc/amd.conf file for it to read. What it won't do is start with *just* -p.
In any case, now it's fixed.
|
#
92638 |
|
19-Mar-2002 |
des |
Don't try to generate ssh keys if ssh isn't installed.
|
#
92628 |
|
18-Mar-2002 |
cjc |
IPFilter may need to be re-sync'ed even if we are not filtering, but only doing ipnat(8). Go back to using $ipfilter_active, but turn off $ipfilter_active when loading ipl.ko has failed.
Submitted by: devet@devet.org (Arjan de Vet) MFC after: 3 days
|
#
92478 |
|
17-Mar-2002 |
dougb |
Answer the question posed in 1.126. amd won't start without either a conf file, or command line options. I brought this up in PR 12432, which (ironically) obrien assigned to me after I became a committer. :)
PR: conf/12432 Submitted by: Me
|
#
92184 |
|
12-Mar-2002 |
cjc |
The reload of ipf(8) rules should depend on $ipfilter_enable, not $ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to load, and $ipfilter_active can be "YES" when we are not using ipf(8).
MFC after: 3 days
|
#
92127 |
|
11-Mar-2002 |
obrien |
Background the startup of `Amd', it often blocks on startup.
|
#
92126 |
|
11-Mar-2002 |
obrien |
Why shouldn't amd always write its PID to a file? Since I cannot answer that question, make it.
|
#
91626 |
|
04-Mar-2002 |
dd |
Redirect stdout of `ipf -y' to /dev/null. This removes a stray "filter sync'd" in the middle of the boot output if IPFilter is enabled, but does not hide any potential errors, which go to stderr.
|
#
90957 |
|
20-Feb-2002 |
cjc |
There is no reason to demand the administrator set 'natd_interface' when running natd(8) out of the rc-files. It is perfectly valid for the interface or alias address to be set in a natd(8) configuration file, not on the command line. Also, loosen up the restrictions on identifying an IP address argument in 'natd_interface.'
Fix the documentation, rc.conf(5), to reflect this change.
Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.
MFC after: 3 days
|
#
90403 |
|
08-Feb-2002 |
cjc |
peter points out that we probably should not mess with the sysctl(8) values at all if they are not purposefully set. What if the administrator messed with them in /etc/sysctl.conf? We don't want to overwrite them.
If 'log_in_vain' is zero, do not force the issue. If it is non-zero, set it.
|
#
89912 |
|
28-Jan-2002 |
sheldonh |
(forced commit)
The previous change is subject to:
MFC after: 1 month
|
#
89911 |
|
28-Jan-2002 |
sheldonh |
Register amd's dependency on NFS.
This change was submitted to the freebsd-audit mailing list for review but received no feedback. Hindsight-enabled reviews are welcome.
PR: conf/31358 Submitted: Thomas Quinot <thomas@cuivre.fr.eu.org>
|
#
89808 |
|
26-Jan-2002 |
cjc |
Make the rc.conf(5) 'log_in_vain' knob an integer.
Try this out in -CURRENT, MFC, and then consider dropping the 'log_in_vain' knob all together. It really is something for sysctl.conf(5).
PR: bin/32953 Reviewed by: -bugs discussion MFC after: 1 week
|
#
87781 |
|
13-Dec-2001 |
alfred |
rpc.lockd needs rpc.statd to be running for it to start up properly. so swap the order.
Also allow rpc.lockd and rpc.statd to be turned on if nfsclient is enabled. They are needed to provide client side locking support.
PR: conf/27811
|
#
87646 |
|
11-Dec-2001 |
ru |
s/sysctl -w/sysctl/
|
#
87500 |
|
07-Dec-2001 |
rwatson |
o Update rc.network to reflect the recent change of default in the kernel TCP timer code: rather than checking for tcp_keepalive being set to "YES", check for "NO" and turn off keepalives if the variable is set in that manner.
o Note: eventually, it would make sense to remove this variable from rc.conf management, and instead rely on sysctl.conf. In fact, this is probably true of a number of rc.conf variables whose sole aim is to drive the setting of sysctls at boot time.
|
#
87443 |
|
06-Dec-2001 |
cjc |
Protect the '*' in pppoed_provider (the default) from metacharacter expansion in the rc-scripts.
PR: 32552 Submitted by: Gleb Smirnoff <glebius@rinet.ru> Approved by: ru Obtained from: ru MFC after: 1 day
|
#
86882 |
|
24-Nov-2001 |
dd |
Spelling police: sucessful -> successful.
|
#
86863 |
|
24-Nov-2001 |
ru |
(Forced commit to list actual problems fixed / PRs affected).
Overview of problems fixed:
- fix support for saving and restoring filter/NAT state information (across reboots for example);
- ipmon(8) is started before loading any filter/NAT rules;
- ipmon(8) and ipfs(8) do not solely depend on ipfilter_enable anymore, they now also work when only ipnat_enable is true;
- the multiple occurrences of code loading the ipfilter kernel module have been removed;
- the options have been removed from the _program variables in defaults/rc.conf and the comments in that file have been updated to reflect (possibly new) reality;
- the rc.conf.5 manual page has been updated to reflect the changes.
Submitted by: Arjan de Vet <devet@devet.org> PR: conf/25223, kern/25344, conf/25809, conf/26275, bin/27016, conf/31482
|
#
86851 |
|
24-Nov-2001 |
darrenr |
Resolve all the ipfilter startup issues in rc.network with one big patch to get it all right, allowing ipnat to be enabled independantly of ipfilter in rc.conf (among other things).
PR: multiple Submitted by: Arjan de Vet <devet@devet.org> Reviewed by: Giorgos Keramidas <keramida@FreeBSD.org>
|
#
86342 |
|
14-Nov-2001 |
sheldonh |
Avoid unnecessary calls to expr(1) by using standard shell arithmetic expansion instead.
|
#
86163 |
|
06-Nov-2001 |
fenner |
Update the nsswitch.conf -> host.conf generator to handle criteria, continuation lines, extra whitespace, and to use the last matching line in the file. This syncs the host.conf generation with how the nsswitch.conf is parsed. Only print " host.conf" instead of a multi-line message, since this happens on every boot.
|
#
85831 |
|
01-Nov-2001 |
des |
Modify the way host.conf and nsswitch.conf are treated at boot time:
- if nsswitch.conf exists, host.conf is auto-generated for compatibility with legacy applications and libraries.
- if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto- generated as usual.
|
#
85222 |
|
20-Oct-2001 |
darrenr |
Do an ipf -y after bringing up ppp to ensure rules which mention ppp get matched. Moification on PR to handle ipnat not being dependant on ipfilter_enable
PR: 22859
|
#
85221 |
|
20-Oct-2001 |
darrenr |
Allow ipnat_enable to be set to "yes" without requiring ipfiltre_enable to be set to "yes"
PR: 25223
|
#
85219 |
|
20-Oct-2001 |
darrenr |
Put in place for using ipfs use on shutdown and startup.
PR: 27070
|
#
85136 |
|
19-Oct-2001 |
dougb |
Handle the lack of nfs server or client support in the kernel by kldload'ing the appropriate modules before enabling the service.
|
#
84780 |
|
10-Oct-2001 |
jhb |
Remove references to nfsiod and nfs_client_flags now that they are obsolete.
Submitted by: Gordon Tetlow <gordont@gnf.org>
|
#
83677 |
|
19-Sep-2001 |
brooks |
Add a new rc.conf variable, cloned_interfaces, to create cloned interfaces at boot.
|
#
83656 |
|
18-Sep-2001 |
peter |
The vfs.nfs.bufpackets sysctl is in the client, not the server. Move it to the client section. Turn off nfsiod, it no longer exists (now just kthreads). I need revisit nfsiod so that we have an argument passthrough.
|
#
80683 |
|
30-Jul-2001 |
darrenr |
Merge in patch to automagically decide whether or not a kldload of ipfilter is required into rc.network.
Person failed to use a real name so both email addresses from PR included (Sent was different to From).
PR: 22998 Submitted by: dl@leo.org/spock@empire.trek.org
|
#
80515 |
|
28-Jul-2001 |
markm |
Upgraded launchpad for kerberos. Noe kerberos IV OR kerberos 5 may be started at boot for kerberos servers.
|
#
79107 |
|
02-Jul-2001 |
brooks |
Create gif devices in the "gifconfig" stage while configuring them.
Reviewed by: ru, ume Obtained from: NetBSD MFC after: 1 week
|
#
78354 |
|
16-Jun-2001 |
schweikh |
Fix misindented esac.
MFC after: 1 week
|
#
78064 |
|
11-Jun-2001 |
ume |
Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge.
TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT.
Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
|
#
77992 |
|
10-Jun-2001 |
brian |
Add a missing \n
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> PR: 28014 MFC after: 1 week
|
#
77651 |
|
03-Jun-2001 |
brian |
Move gif_interfaces from an IP6 option to a regular IP option.
PR: 26543 Submitted by: Brooks Davis <brooks@one-eyed-alien.net> MFC after: 3 weeks
|
#
76820 |
|
18-May-2001 |
obrien |
Restore the RSA host key to /etc/ssh/ssh_host_key. Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
|
#
76695 |
|
16-May-2001 |
jesper |
Link /etc/ssh/ssh_host_key to /etc/ssh/ssh_host_rsa_key to deal with gratutious changes in the latest SSH
Reviewed by: obrien Approved by: obrien
|
#
76400 |
|
09-May-2001 |
peter |
s/ssh_host_key/ssh_host_rsa_key/ since that is what openssh uses now after a mergemaster.
|
#
74493 |
|
19-Mar-2001 |
des |
Axe TCP_RESTRICT_RST. It was never a particularly good idea except for a few very specific scenarios, and now that we have had net.inet.tcp.blackhole for quite some time there is really no reason to use it any more.
(second of three commits)
|
#
74462 |
|
19-Mar-2001 |
alfred |
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and associated changes that had to happen to make this possible as well as bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the 1999 release.
Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface.
Many userland updates were done to bring the code up to par with the recent RPC API.
There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library.
While we're at it, bring in NetBSD's lockd, it's been far too long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
|
#
70129 |
|
17-Dec-2000 |
dougb |
* Add an eval so that ipnat_flags=">/dev/null" works, per the PR * Do some line length and specify full path cleanups while I'm here
PR: conf/22937 Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
|
#
70108 |
|
17-Dec-2000 |
dougb |
Apply a more consistent style to the echo statements in /etc/ scripts. * Put quotes around each line * Single quotes for lines with no variable interpolation * Double quotes if there is * Capitalize each word that begins a line * Make echo -n 'Doing foo:' ... echo '.' more of a standard
No functionality changes
|
#
67012 |
|
12-Oct-2000 |
ru |
Fixed the reporting of ip_portrange_{first|last}.
|
#
66830 |
|
08-Oct-2000 |
obrien |
Add copyright notices. Other systems have been barrowing our /etc files w/o giving any credit.
|
#
66745 |
|
06-Oct-2000 |
darrenr |
This brings support for IP Filter into rc.network and rc.conf with the appropriate documentation added to rc.conf(5). If all goes well with this over the next few weeks, the PR will be closed with the pullup of patches back to 4-STABLE.
PR: 20202 Submitted by: Gerhard Sittig <Gerhard.Sittig@gmx.net> Reviewed by: Darren Reed <darrenr@freebsd.org> Approved by: Darren Reed <darrenr@freebsd.org> Obtained from: Gerhard Sittig <Gerhard.Sittig@gmx.net>
|
#
66422 |
|
28-Sep-2000 |
brian |
Use su -m instead of just su to avoid reading the users login profile
|
#
65532 |
|
06-Sep-2000 |
nectar |
Add nsswitch support. By creating an /etc/nsswitch.conf file, you can configure FreeBSD so that various databases such as passwd and group can be looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch: . getgrent, getgrnam, getgrgid . getpwent, getpwnam, getpwuid . getusershell . getaddrinfo . gethostbyname, gethostbyname2, gethostbyaddr . getnetbyname, getnetbyaddr . getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified to warn that host.conf is no longer used at boot time. In addition, if there is a host.conf but no nsswitch.conf, the latter is created at boot time from the former.
Obtained from: NetBSD
|
#
64731 |
|
16-Aug-2000 |
jhb |
Fix a whitespace bogon.
|
#
64471 |
|
09-Aug-2000 |
brian |
Allow a ppp_user specification to run ppp at startup
PR: 20258
|
#
63147 |
|
14-Jul-2000 |
nbm |
Add to, don't overwrite, user-settable mountd_flags.
PR: conf/15745 Submitted by: Vivek Khera <khera@kciLink.com>
|
#
61961 |
|
22-Jun-2000 |
dillon |
Add ip_portrange_first and ip_portrange_last rc.conf/rc.network options. This allows you to set the standard dynamic port assignment range prior to any network daemons (like named) starting up, necessary if you are also using a firewall to restrict lower ports. will be MFC'd in a few days
|
#
60628 |
|
16-May-2000 |
dillon |
Add ipsec_enable and ipsec_file options to run IPSEC's setkey program with the specified configuration file at the appropriate time.
|
#
60613 |
|
15-May-2000 |
kris |
Remove extraneous ";;" in previous commit
Submitted by: jedgar
|
#
60578 |
|
15-May-2000 |
kris |
Create a DSA host key if one does not already exist, and teach sshd_config about it.
|
#
60103 |
|
06-May-2000 |
ache |
Add firewall_logging knob to enable/disablle events logging, disabled by default. Needed mainly for ipfw kernel module to enable logging disabled there.
|
#
58710 |
|
27-Mar-2000 |
dillon |
Add a sysctl to specify the amount of UDP receive space NFS should reserve, in maximal NFS packets. Originally only 2 packets worth of space was reserved. The default is now 4, which appears to greatly improve performance for slow to mid-speed machines on gigabit networks.
Add documentation and correct some prior documentation.
Problem Researched by: Andrew Gallatin <gallatin@cs.duke.edu> Approved by: jkh
|
#
57627 |
|
29-Feb-2000 |
jkh |
cosmetic fix - add a space.
|
#
57572 |
|
28-Feb-2000 |
markm |
Get the order of things right; the keys need to be generated early to allow entropy to replenish. sshd must start late to catch the full effects of ldconfig.
|
#
57567 |
|
28-Feb-2000 |
jkh |
Generate new sshd host key when necessary. I'm tired of waiting for someone to commit this. :)
|
#
57459 |
|
24-Feb-2000 |
markm |
Run sshd at boot time if the sysadmin wants it. Also install ssh[d] config files in the right place.
|
#
57012 |
|
06-Feb-2000 |
hm |
Approved by: jkh Reviewed by: joerg
The isdnd is able to listen on a socket for isdnmonitor to connect to it to remotely control it (similar to ppp and pppctl). When this is enabled in the isdnd config file, it will fail currently because isdnd is started before the network interfaces are configured. It is necessary to move the isdnd start after the ifconfig of the network interfaces, then this problem will not occur.
|
#
56038 |
|
15-Jan-2000 |
green |
This is another in Martin Blapp's N-series of mount-related cleanups :) Changes are: - rpc.umntall is called at the right places now in /etc/rc* - rpc.umntall timeout has been lowered from two days (too high) to one - verbose messages in rpc.umntall have been clarified - kill double entries in /var/db/mounttab when rpc.umntall is invoked - ${early_nfs_mounts} has been removed from /etc/rc - patched mount(8) -p to print different pass/dump values for ufs filesystems. (last patch recieved from dan <bugg@bugg.strangled.net>)
Submitted by: Martin Blapp <mbr@imp.ch>, dan <bugg@bugg.strangled.net>
|
#
54739 |
|
17-Dec-1999 |
roberto |
xntpd -> ntpd.
Submitted by: ru
|
#
54458 |
|
11-Dec-1999 |
obrien |
Suport multiple ``ifconfig_*?="DHCP"'' configurations.
Currently we have a problem in that `dhclient' bails when configuring the second interface as port 68 is already in use (by the `dhclient' started for the first interface).
PR: 14810 Submitted by: n_hibma
|
#
53613 |
|
22-Nov-1999 |
brian |
Oops, typo
|
#
53611 |
|
22-Nov-1999 |
brian |
Add pppoed startup options
|
#
53314 |
|
17-Nov-1999 |
ache |
Add network pass4 - after all local (/usr/local/etc/rc.d f.e.) daemons started. Move log_in_vain option there. It is needed to avoid lot of connections to port 80 logged on production WWW server prior Apache started from /usr/local/etc/rc.d
|
#
53158 |
|
14-Nov-1999 |
ache |
Add single_mountd_enable hook to run mountd but not NFS server Needed for machine with CFS but without real NFS
|
#
51426 |
|
19-Sep-1999 |
green |
Make the firewall file variable space-safe.
|
#
51231 |
|
13-Sep-1999 |
sheldonh |
Apply a consistent style to most of the etc scripts. Particularly, use case instead of test where appropriate, since case allows case is a sh builtin and (as a side-effect) allows case-insensitivity.
Changes discussed on freebsd-hackers.
Submitted by: Doug Barton <Doug@gorean.org>
|
#
51209 |
|
12-Sep-1999 |
des |
Add the net.inet.tcp.restrict_rst and net.inet.tcp.drop_synfin sysctl variables, conditional on the TCP_RESTRICT_RST and TCP_DROP_SYNFIN kernel options, respectively. See the comments in LINT for details.
|
#
50735 |
|
01-Sep-1999 |
peter |
-background is also a legitimate ppp mode. Don't change it to -auto.
|
#
50472 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
50470 |
|
27-Aug-1999 |
jkh |
Catch an extra X on DHCP.
Spotted by the eagle eyes of: Pierre DAVID <Pierre.David@prism.uvsq.fr>
|
#
50357 |
|
25-Aug-1999 |
sheldonh |
Style clean-up:
* All variables are now embraced: ${foo}
* All comparisons against some value now take the form: [ "${foo}" ? "value" ] where ? is a comparison operator
* All empty string tests now take the form: [ -z "${foo}" ]
* All non-empty string tests now take the form: [ -n "${foo}" ]
Submitted by: jkh
|
#
50193 |
|
22-Aug-1999 |
brian |
ppp_alias -> ppp_nat
Submitted by: Josef L. Karthauser <joe@FreeBSD.org.uk>
|
#
50063 |
|
19-Aug-1999 |
brian |
Quieten ppp at startup.
|
#
49603 |
|
10-Aug-1999 |
des |
Add net.inet.icmp.log_redirect and net.inet.icmp.drop_redirect, for respectively logging and dropping ICMP REDIRECT packets.
Note that there is no rate limiting on the log messages, so log_redirect should be used with caution (preferrably only for debugging purposes).
|
#
49122 |
|
26-Jul-1999 |
brian |
Start ppp before natd, not afterwards.
Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>
|
#
49110 |
|
26-Jul-1999 |
brian |
Add a default ppp.conf (mode 600).
Originally submitted by: Wayne Self <wself@cdrom.com>
Allow a ppp startup option in rc.conf.
Adjust sysinstall so that it appends to the end of ppp.conf and uses the generated profile to start ppp in auto mode on boot.
Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>
|
#
48842 |
|
16-Jul-1999 |
jkh |
Allow DHCP to be used in an ifconfig variable instead of the usual address information, producing the obvious effect (dhcp configuration).
Submitted by: "Sean O'Connell" <sean@stat.Duke.EDU>
|
#
48687 |
|
08-Jul-1999 |
peter |
Tweak previous commit. Only sense the configuration if network_interfaces is set to "auto". Any network_interfaces settings will be treated as before.
|
#
48662 |
|
07-Jul-1999 |
peter |
Do away with ${network_interfaces} in rc.conf. Just use `ifconfig -l` to get a list of interfaces, and then automatically configure them if ${ifconfig_${ifn}} or /etc/start_if.${ifn} exists.
This makes it a lot easier to deal with machines that constantly change their network configuration as you can leave ifconfig settings for all the possible cards - just the ones that are present will be configured.
|
#
47838 |
|
08-Jun-1999 |
brian |
If amd_flags is empty, don't add -p as it makes amd abend.
|
#
47755 |
|
05-Jun-1999 |
bde |
Don't discard error output from sysctl(8).
Do discard standard output from the sysctl for approxy_all, and echo what this sysctl is doing in the usual way. This fix is probably backwards. We should probably just use the standard sysctl output in all cases (it needs to have a newline filtered out).
Echo what the sysctls for nfs_reserved_port_only and nfs_access_cache are doing.
|
#
47752 |
|
05-Jun-1999 |
phk |
Add handle to control global TCP keepalives and turn them on as default.
Despite their name it doesn't keep TCP sessions alive, it kills them if the other end has gone AWOL. This happens a lot with clients which use NAT, dynamic IP assignment or which has a 2^32 * 10^-3 seconds upper bound on their uptime.
There is no detectable increase in network trafic because of this: two minimal TCP packets every two hours for a live TCP connection.
Many servers already enable keepalives themselves.
The host requirements RFC is 10 years old, and doesn't know about the loosing clients of todays InterNet.
|
#
45622 |
|
12-Apr-1999 |
brian |
Remove extraneous space PR: 11096
|
#
45542 |
|
10-Apr-1999 |
des |
Allow the user to specify a different firewall script than /etc/rc.firewall.
|
#
45096 |
|
28-Mar-1999 |
imp |
Add two features: log_in_vain: log_in_vain turns on logging for packets to ports for which there is no listener. rc.sysctl: A generic way to set sysctl values. It reads /etc/syslog.conf and sets values based on that. No /etc/syslog.conf has been checked in yet, and I've not added this to the makefile yet until I get more feedback.
Reviewed by: -current, -hackers and bde especially
|
#
44992 |
|
24-Mar-1999 |
brian |
Move natd from network_pass3 to network_pass1
|
#
44668 |
|
11-Mar-1999 |
jfitz |
Add ${lpd_program} and ${portmap_program} as variables in rc.conf, with suitable defaults pointing to the FreeBSD-shipped versions. This will allow for easier integration of third-party replacements for these daemons. Reviewed by: Several members of -committers
|
#
42627 |
|
13-Jan-1999 |
joerg |
Add some special hooks for sppp(4) interfaces. In addition to the normal ifconfig stuff, one might need to pass down authentication parameters for them.
This is closely tied to Hellmuth's impending rc patches for ISDN, but sppp can also be used separately (thus it doesn't go directly into the planned ISDN section of rc.conf).
Reviewed by: hm
|
#
42621 |
|
13-Jan-1999 |
hm |
Integrate the ISDN subsystem into the /etc/rc framework Reviewed by: Joerg Wunsch
|
#
42270 |
|
03-Jan-1999 |
jkh |
Allow rwhod to take flags.
PR: 7705 Submitted by: Johan Karlsson <k@numeri.campus.luth.se>
|
#
41371 |
|
27-Nov-1998 |
jkoshy |
Direct std{err,out} to /dev/null when invoking sysctl(8) for setting `nfs_access_cache_timeout'.
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
|
#
41185 |
|
15-Nov-1998 |
msmith |
Implement the nfs_access_cache variable, allowing us to set the timeout for the NFS client's ACCESS cache.
|
#
41077 |
|
11-Nov-1998 |
peter |
kldload ipfw, it's installed always and works on both kernel formats
|
#
40006 |
|
06-Oct-1998 |
phk |
Here are some scripts and man pages for configuring HARP ATM interfaces.
Reviewed by: phk Submitted by: Mike Spengler <mks@networkcs.com>
|
#
39380 |
|
16-Sep-1998 |
cracauer |
rc.conf variable $amd_map_program needs to be eval'ed. PR: misc/7435 Submitted by: David Wolfskill <dhw@whistle.com>
|
#
39267 |
|
15-Sep-1998 |
jkoshy |
Turn off replies to ICMP echo requests for broadcast and multicast addresses by default.
Add a knob "icmp_bmcastecho" to "rc.network" to allow this behaviour to be controlled from "rc.conf".
Document the controlling sysctl variable "net.inet.icmp.bmcastecho" in sysctl(3).
Reviewed by: dg, jkh Reminded on -hackers by: Steinar Haug <sthaug@nethelp.no>
|
#
38876 |
|
06-Sep-1998 |
phk |
tcp_extensions now only applies to RFC1323
|
#
38316 |
|
14-Aug-1998 |
phk |
In /etc/rc.network, near line 242, setting up Kerberos, variable "stash_flag" is set. A few lines later, it is evaluated as "stash_flags" with a trailing "s", and then a bit later the singular version is unset.
PR: 7609 Reviewed by: phk Submitted by: Walt Howard <howard@ee.utah.edu>
|
#
37514 |
|
08-Jul-1998 |
nectar |
Allow either an IP address or an interface to be specified in the rc.conf variable ``natd_interface''. rc.network will determine whether it is an IP address or an interface name, and invoke natd with the -a or -n flag as appropriate.
PR: 6947 Reviewed by: jkh@FreeBSD.ORG
|
#
36985 |
|
14-Jun-1998 |
steve |
Cleanup natd startup test.
PR: 6946 Submitted by: Jacques Vidrine <n@nectar.com>
|
#
36174 |
|
19-May-1998 |
jkh |
cosmetic: clean up startup messages and rearrange some options to go in a more proper order.
|
#
35787 |
|
06-May-1998 |
andreas |
Overlooked, that newer naming convention is xxx_program instead of xxx_prog. So changed it to ntpdate_program and xntpd_program. Backout last change, now we have again named_program, sorry.
|
#
35751 |
|
05-May-1998 |
andreas |
Add variables for the ntpdate and xntpd program, you might want to run the binaries from the new ntp v4 port.
|
#
35459 |
|
26-Apr-1998 |
phk |
Jean-Simon Pendry's paper on amd refers to the use of "ypcat -k" against the "master map" to get the list of mount point/amd map correspondences, and using that list as command-line arguments to start amd.
When I tried to do this with the existing /etc/rc* scripts, I found that I couldn't do this by modifying only /etc/rc.conf: that file gets sourced very early by /etc/rc, well before any networking functionality is present, let alone NIS. Further, I wasn't able to figure out a way to use various levels & types of quoting to defer evaluation of the string to a point subsequent to NIS initialization.
As a result, I resorted to hacking /etc/rc.network -- but I did it in a way that ought to be reasonably general, and avoid breakage for anyone else.
PR: 6387 Reviewed by: phk Submitted by: David Wolfskill <dhw@whistle.com>
|
#
35267 |
|
18-Apr-1998 |
brian |
Add natd support. PR: 6339 Submitted by: cdillon@wolves.k12.mo.us
|
#
35149 |
|
12-Apr-1998 |
markm |
Enable the SecureRPC bits in rc.conf, if the Administrator wants them.
|
#
34395 |
|
09-Mar-1998 |
jkh |
Allow rarpd to be started from rc.conf PR: 5457 Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
|
#
33682 |
|
20-Feb-1998 |
brian |
Remove useless argument to ``. start_if.$ifn'' Pointed out by: Tim Tsai <tim@futuresouth.com>
|
#
33439 |
|
16-Feb-1998 |
guido |
Add 2 new rc.conf variables: forward_sourceroute : controls setting of existing net.inet.ip.sourceroute accept_sourceroute : control setting of new net.inet.ip.accept_sourceroute
|
#
33337 |
|
14-Feb-1998 |
alex |
Avoid using grep when determining ipfw's default policy -- it may not be available at this stage of the boot if /usr is NFS mounted.
|
#
33149 |
|
07-Feb-1998 |
alex |
Don't assume that IP services are disabled just because firewall_enable is not set to YES in rc.conf.
Noticed by: Mikael Karpberg <karpen@ocean.campus.luth.se>
|
#
32949 |
|
31-Jan-1998 |
wollman |
Add an additional `named_program' variable so that we can easily choose between 4.9.6 and the port of 8.x.
|
#
32382 |
|
10-Jan-1998 |
alex |
Compare return code from ipfw against 0 for success instead of == 1 for error.
Pointed out by: Matthew Thyer <thyerm@camtech.net.au>
|
#
31472 |
|
01-Dec-1997 |
obrien |
MF 22s
|
#
31033 |
|
07-Nov-1997 |
sef |
Allow the system to be configured to pass "-n" to kerberos and kadmind or not; also, only run kadmind on a non-slave server. Man page for rc.conf is also updated.
Reviewed by: Mark Murray
|
#
29590 |
|
18-Sep-1997 |
danny |
Fix some problems in the rules file loading and need for modload detection.
Found by: "James E. Housley" <housley@pr-comm.com>
|
#
29300 |
|
11-Sep-1997 |
danny |
Reviewed by: msmith, alex Cosmetic changes to the loading of firewall rules and lkm.
|
#
27218 |
|
05-Jul-1997 |
pst |
Merge from 2.2 (tcp extensions in phase 1)
|
#
25916 |
|
19-May-1997 |
jkh |
Neaten up some things which were inconsistent, add a few more flags to things which need them, general cleanup. Submitted by: Brian Somers <brian@awfulhak.org>
|
#
25765 |
|
13-May-1997 |
jkh |
Add arp_proxyall knob. Submitted by: Christoph Kukulies <kuku@gilberto.physik.RWTH-Aachen.DE>
|
#
25412 |
|
03-May-1997 |
jkh |
Update the etc world from RELENG_2_2 which is now more up-to-date (gotta get myself -current again, this is a drag).
Also-fixes-problems-noted-by: Wolfgang Helbig & Joerg Wunsch
|
#
25365 |
|
01-May-1997 |
jkh |
Ack, learn to spell "extentions" the same way in the same file. Also make the output a little less cryptic for sysctl settings.
Suggested by: bde
|
#
25364 |
|
01-May-1997 |
jkh |
YAMF22 PR: 3456
|
#
25337 |
|
01-May-1997 |
jkh |
YAMF22
|
#
25184 |
|
27-Apr-1997 |
jkh |
Bring in rc file changes from -current.
|