mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-01 00:18:15 +01:00
- Reimplement $gif_interfaces as a variant of $cloned_interfaces.
Newly-configured systems should use $cloned_interfaces. - Call clone_{up,down}() and ifnet_rename() in rc.d/netif {start,stop}. ifnet_rename() now accepts an interface name list as its argument. - Add rc.d/netif clear. The "clear" subcommand is basically equivalent to "stop" but it does not call clone_down(). - Add "ifname:sticky" keyword into $cloned_interfaces. If :sticky is specified, the interface will not be destroyed in rc.d/netif stop. - Add cloned_interfaces_sticky={YES,NO}. This variable globally sets :sticky keyword above for all interfaces. The default value is NO. When cloned_interfaces_sticky=YES, :nosticky keyword can be used to override it on per interface basis.
This commit is contained in:
parent
eb84fc9506
commit
7dce7544fc
112
etc/network.subr
112
etc/network.subr
@ -660,6 +660,11 @@ ipv4_down()
|
||||
IFS="$_ifs"
|
||||
for _inet in $inetList ; do
|
||||
# get rid of extraneous line
|
||||
case $_inet in
|
||||
"") break ;;
|
||||
inet\ *) ;;
|
||||
*) continue ;;
|
||||
esac
|
||||
[ -z "$_inet" ] && break
|
||||
|
||||
_inet=`expr "$_inet" : '.*\(inet \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*'`
|
||||
@ -1192,18 +1197,62 @@ ifscript_down()
|
||||
#
|
||||
clone_up()
|
||||
{
|
||||
local _prefix _list ifn
|
||||
local _prefix _list ifn ifopt _iflist _n tmpargs
|
||||
_prefix=
|
||||
_list=
|
||||
_iflist=$*
|
||||
|
||||
# create_args_IF
|
||||
for ifn in ${cloned_interfaces}; do
|
||||
# Parse ifn:ifopt.
|
||||
OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS
|
||||
case $_iflist in
|
||||
""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;;
|
||||
*) continue ;;
|
||||
esac
|
||||
# Skip if ifn already exists.
|
||||
if ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then
|
||||
continue
|
||||
fi
|
||||
${IFCONFIG_CMD} ${ifn} create `get_if_var ${ifn} create_args_IF`
|
||||
if [ $? -eq 0 ]; then
|
||||
_list="${_list}${_prefix}${ifn}"
|
||||
[ -z "$_prefix" ] && _prefix=' '
|
||||
fi
|
||||
done
|
||||
if [ -n "$gif_interfaces" ]; then
|
||||
warn "\$gif_interfaces is obsolete. Use \$cloned_interfaces instead."
|
||||
fi
|
||||
for ifn in ${gif_interfaces}; do
|
||||
# Parse ifn:ifopt.
|
||||
OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS
|
||||
case $_iflist in
|
||||
""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;;
|
||||
*) continue ;;
|
||||
esac
|
||||
# Skip if ifn already exists.
|
||||
if ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then
|
||||
continue
|
||||
fi
|
||||
case $ifn in
|
||||
gif[0-9]*)
|
||||
${IFCONFIG_CMD} $ifn create
|
||||
;;
|
||||
*)
|
||||
_n=$(${IFCONFIG_CMD} gif create)
|
||||
${IFCONFIG_CMD} $_n name $ifn
|
||||
;;
|
||||
esac
|
||||
if [ $? -eq 0 ]; then
|
||||
_list="${_list}${_prefix}${ifn}"
|
||||
[ -z "$_prefix" ] && _prefix=' '
|
||||
fi
|
||||
tmpargs=$(get_if_var $ifn gifconfig_IF)
|
||||
eval ifconfig_${ifn}=\"tunnel \$tmpargs\"
|
||||
done
|
||||
if [ -n "${_list}" ]; then
|
||||
echo "Created clone interfaces: ${_list}."
|
||||
fi
|
||||
debug "Cloned: ${_list}"
|
||||
}
|
||||
|
||||
@ -1213,17 +1262,42 @@ clone_up()
|
||||
#
|
||||
clone_down()
|
||||
{
|
||||
local _prefix _list ifn
|
||||
local _prefix _list ifn ifopt _iflist _sticky
|
||||
_prefix=
|
||||
_list=
|
||||
_iflist=$*
|
||||
|
||||
for ifn in ${cloned_interfaces}; do
|
||||
: ${cloned_interfaces_sticky:=NO}
|
||||
if checkyesno cloned_interfaces_sticky; then
|
||||
_sticky=1
|
||||
else
|
||||
_sticky=0
|
||||
fi
|
||||
for ifn in ${cloned_interfaces} ${gif_interfaces}; do
|
||||
# Parse ifn:ifopt.
|
||||
OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS
|
||||
case $ifopt:$_sticky in
|
||||
sticky:*) continue ;; # :sticky => not destroy
|
||||
nosticky:*) ;; # :nosticky => destroy
|
||||
*:1) continue ;; # global sticky knob == 1
|
||||
esac
|
||||
case $_iflist in
|
||||
""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;;
|
||||
*) continue ;;
|
||||
esac
|
||||
# Skip if ifn does not exist.
|
||||
if ! ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then
|
||||
continue
|
||||
fi
|
||||
${IFCONFIG_CMD} -n ${ifn} destroy
|
||||
if [ $? -eq 0 ]; then
|
||||
_list="${_list}${_prefix}${ifn}"
|
||||
[ -z "$_prefix" ] && _prefix=' '
|
||||
fi
|
||||
done
|
||||
if [ -n "${_list}" ]; then
|
||||
echo "Destroyed clone interfaces: ${_list}."
|
||||
fi
|
||||
debug "Destroyed clones: ${_list}"
|
||||
}
|
||||
|
||||
@ -1347,32 +1421,6 @@ ng_create_one()
|
||||
done
|
||||
}
|
||||
|
||||
# gif_up
|
||||
# Create gif(4) tunnel interfaces.
|
||||
gif_up()
|
||||
{
|
||||
local i peers
|
||||
|
||||
for i in ${gif_interfaces}; do
|
||||
peers=`get_if_var $i gifconfig_IF`
|
||||
case ${peers} in
|
||||
'')
|
||||
continue
|
||||
;;
|
||||
*)
|
||||
if expr $i : 'gif[0-9][0-9]*$' >/dev/null 2>&1; then
|
||||
${IFCONFIG_CMD} $i create >/dev/null 2>&1
|
||||
else
|
||||
gif=`${IFCONFIG_CMD} gif create`
|
||||
${IFCONFIG_CMD} $gif name $i
|
||||
fi
|
||||
${IFCONFIG_CMD} $i tunnel ${peers}
|
||||
${IFCONFIG_CMD} $i up
|
||||
;;
|
||||
esac
|
||||
done
|
||||
}
|
||||
|
||||
# ng_fec_create ifn
|
||||
# Configure Fast EtherChannel for interface $ifn. Returns 0 if
|
||||
# FEC arguments were found and configured; returns !0 otherwise.
|
||||
@ -1470,15 +1518,15 @@ ipx_down()
|
||||
return $_ret
|
||||
}
|
||||
|
||||
# ifnet_rename
|
||||
# Rename all requested interfaces.
|
||||
# ifnet_rename [ifname]
|
||||
# Rename interfaces if ifconfig_IF_name is defined.
|
||||
#
|
||||
ifnet_rename()
|
||||
{
|
||||
local _if _ifname
|
||||
|
||||
# ifconfig_IF_name
|
||||
for _if in `${IFCONFIG_CMD} -l`; do
|
||||
for _if in ${*:-$(${IFCONFIG_CMD} -l)}; do
|
||||
_ifname=`get_if_var $_if ifconfig_IF_name`
|
||||
if [ ! -z "$_ifname" ]; then
|
||||
${IFCONFIG_CMD} $_if name $_ifname
|
||||
|
@ -38,7 +38,8 @@ start_cmd="network_start"
|
||||
stop_cmd="network_stop"
|
||||
cloneup_cmd="clone_up"
|
||||
clonedown_cmd="clone_down"
|
||||
extra_commands="cloneup clonedown"
|
||||
clear_cmd="doclear"
|
||||
extra_commands="cloneup clonedown clear"
|
||||
cmdifn=
|
||||
|
||||
set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces
|
||||
@ -60,19 +61,16 @@ network_start()
|
||||
# disable SIGINT (Ctrl-c) when running at startup
|
||||
trap : 2
|
||||
|
||||
# Create cloned interfaces
|
||||
clone_up
|
||||
|
||||
# Create Fast EtherChannel interfaces
|
||||
fec_up
|
||||
|
||||
# Create IPv6<-->IPv4 tunnels
|
||||
gif_up
|
||||
|
||||
# Rename interfaces.
|
||||
ifnet_rename
|
||||
fi
|
||||
|
||||
# Create cloned interfaces
|
||||
clone_up $cmdifn
|
||||
|
||||
# Rename interfaces.
|
||||
ifnet_rename $cmdifn
|
||||
|
||||
# Configure the interface(s).
|
||||
network_common ifn_start
|
||||
|
||||
@ -91,6 +89,18 @@ network_start()
|
||||
}
|
||||
|
||||
network_stop()
|
||||
{
|
||||
_clone_down=1
|
||||
network_stop0 $*
|
||||
}
|
||||
|
||||
doclear()
|
||||
{
|
||||
_clone_down=
|
||||
network_stop0 $*
|
||||
}
|
||||
|
||||
network_stop0()
|
||||
{
|
||||
local _if
|
||||
|
||||
@ -101,6 +111,11 @@ network_stop()
|
||||
# Deconfigure the interface(s)
|
||||
network_common ifn_stop
|
||||
|
||||
# Destroy cloned interfaces
|
||||
if [ -n "$_clone_down" ]; then
|
||||
clone_down $cmdifn
|
||||
fi
|
||||
|
||||
if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then
|
||||
for _if in $cmdifn; do
|
||||
/etc/rc.d/routing stop any $_if
|
||||
@ -142,6 +157,16 @@ network_common()
|
||||
_fail=
|
||||
_ok=
|
||||
for ifn in ${_cooked_list}; do
|
||||
# Skip if ifn does not exist.
|
||||
case $_func in
|
||||
ifn_stop)
|
||||
if ! ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then
|
||||
warn "$ifn does not exist. Skipped."
|
||||
_fail="${_fail} ${ifn}"
|
||||
continue
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
if ${_func} ${ifn} $2; then
|
||||
_ok="${_ok} ${ifn}"
|
||||
if ipv6if ${ifn}; then
|
||||
|
@ -24,7 +24,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd July 12, 2013
|
||||
.Dd July 22, 2013
|
||||
.Dt RC.CONF 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -1651,11 +1651,33 @@ Further cloning arguments may be passed to the
|
||||
command for each interface by setting the
|
||||
.Va create_args_ Ns Aq Ar interface
|
||||
variable.
|
||||
If an interface name is specified with
|
||||
.Dq :sticky
|
||||
keyword,
|
||||
the interface will not be destroyed even when
|
||||
.Pa rc.d/netif
|
||||
script is invoked with
|
||||
.Dq stop
|
||||
argument.
|
||||
This is useful when reconfiguring the interface without destroying it.
|
||||
Entries in
|
||||
.Va cloned_interfaces
|
||||
are automatically appended to
|
||||
.Va network_interfaces
|
||||
for configuration.
|
||||
.It Va cloned_interfaces_sticky
|
||||
.Pq Vt bool
|
||||
This variable is to globally enable functionality of
|
||||
.Dq :sticky
|
||||
keyword in
|
||||
.Va cloned_interfaces
|
||||
for all interfaces.
|
||||
The default value is
|
||||
.Dq NO .
|
||||
Even if this variable is specified to
|
||||
.Dq YES ,
|
||||
.Dq :nosticky
|
||||
keyword can be used to override it on per interface basis.
|
||||
.It Va fec_interfaces
|
||||
.Pq Vt str
|
||||
Set to the list of
|
||||
@ -1685,6 +1707,8 @@ ifconfig_fec0="DHCP"
|
||||
.Ed
|
||||
.It Va gif_interfaces
|
||||
.Pq Vt str
|
||||
This variable is deprecated in favor of
|
||||
.Va cloned_interfaces .
|
||||
Set to the list of
|
||||
.Xr gif 4
|
||||
tunnel interfaces to configure on this host.
|
||||
|
Loading…
Reference in New Issue
Block a user