...
 
Commits (2)
......@@ -31,21 +31,21 @@ Implementation
globally routable IP address via stateless auto configuration should the network support it. This behaviour would now
change to the more secure default of not configuring network interfaces that the end user does not know about.
Effects if not used: Although the USE_AUTOCONF6[x] option in rc.inet1.conf can be used to disable stateless auto
Effects if not used: Although the USE_SLAAC[x] option in rc.inet1.conf can be used to disable stateless auto
configuration by RA for an interface via /proc/sys/net/ipv6/conf/$interface/autoconf, there is a chance that auto
configuration will happen anyway because of a race condition between when the ipv6 kernel module is loaded and when
USE_AUTOCONF6[x] is applied by rc.inet1 - if a RA packet arrives during that time, the interface will be auto
configured regardless of the USE_AUTOCONF6[x] option.
USE_SLAAC[x] is applied by rc.inet1 - if a RA packet arrives during that time, the interface will be auto configured
regardless of the USE_SLAAC[x] option.
Once that auto configured IP is attached to the interface, even disabling auto configuration via the /proc/sys/net/
interface will not automatically remove the IP from the interface. A manual 'ip -6 addr del' would need to be applied
to remove that address.
This can lead to the situation where the user thinks they have disabled stateless auto configuration using the
USE_AUTOCONF6[x] option in rc.inet1.conf, but an IP is still assigned in the brief time between module load and
setting autconf off via /proc.
USE_SLAAC[x] option in rc.inet1.conf, but an IP is still assigned in the brief time between module load and setting
autconf off via /proc.
* v6 IPs can be configured via stateless auto configuration by RA, DHCP6 or statically using the following new options
for rc.inet1.conf:
USE_AUTOCONF6[x]="" Allow stateless auto configuration by RA of a (potentially) globally routable v6 IP.
USE_SLAAC[x]="" Allow stateless auto configuration by RA of a (potentially) globally routable v6 IP.
With this option set to "yes", the interface's v6 IP will ONLY be configured via RA,
even if RA indicates DHCP6 is available on the network - if RA is not available on the
network, no IPv6 address will be assigned.
......@@ -58,12 +58,12 @@ Implementation
This is the preferred option to configure an interface dynamically - whether the
network is setup for DHCP6 or stateless auto configuration, dhcpcd will be able to
configure the interface.
IPADDR6[x]="" Set the static v6 address for the interface.
When either the USE_DHCP6[x] or USE_AUTOCONF6[x] options are set to "yes", this setting
is ignored - dynamic configuration takes precedence over fixed IPs in Slackware.
PREFIX6[x]="" The prefix for the v6 address set in IPADDR6[x]. This should be in CIDR format without
the / - eg, "64". If this option is not set. a prefix of 64 will be assumed, and a
warning emitted.
IP6ADDR[x]="" Set the static v6 address for the interface.
When either the USE_DHCP6[x] or USE_SLAAC[x] options are set to "yes", this setting is
ignored - dynamic configuration takes precedence over fixed IPs in Slackware.
PREFIXLEN[x]="" The prefix length for the v6 address set in IP6ADDR[x]. This should be in CIDR format
with an optional leading /, eg: 64 or /48. If this option is not set. a prefix length of
64 will be assumed, and a warning emitted about the unset option.
This is the equilavant of the v4 NETMASK[x] option, but is named more appropriately for
IPv6 terminology.
GATEWAY6="" The default IPv6 gateway for the network.
......@@ -73,27 +73,27 @@ Implementation
and IPv6 interfaces can have a number of v4 or v6 IP alias addresses assigned to them. IPv4 aliases may be configured
in the usual way using the IPv4 IPALIASES[x] option in rc.inet1.conf. IPv6 aliases are configured using the following
new option for rc.inet1.conf:
IPALIASES6[x]="" A space delimited list of IPv6 addresses and prefix combinations which should be added
IP6ALIASES[x]="" A space delimited list of IPv6 addresses and prefix combinations which should be added
to the interface. Addresses should be listed in the format: ipaddr/prefix -- If no
prefix is set, 64 is assumed.
* The following new misc options have been added for use in rc.inet1.conf:
AUTOCONF6_TIMEOUT[x]="" The time to wait (in seconds) for an interface to be configured by RA stateless auto
SLAAC_TIMEOUT[x]="" The time to wait (in seconds) for an interface to be configured by RA stateless auto
configuration. When unset, the default is 15. Some networks may require a longer
period for the router to broadcast an advertisement packet on the network.
Changes from previous Slackware versions
----------------------------------------
* Previously, if the network the host is connecting to is configured for stateless RA auto configuration, the host would
bring up an interface with a (potentially) globally routable IPv6 address with no configuration by the user/admin.
* Previously, if the network the host is connecting to is configured for stateless auto configuration (SLAAC), the host
would bring up an interface with a (potentially) globally routable IPv6 address with no configuration by the admin.
This has been changed so that all network configuration must be explicitly enabled. Thus, interfaces will no longer
automatically come up with a valid IPv6 address on networks which support stateless configuration, without enabling
the USE_AUTOCONF6[x]="yes" option for the interface. This change is detailed above in the 'Implementation' section
and is a security enhancement.
the USE_SLAAC[x]="yes" option for the interface. This change is detailed above in the 'Implementation' section and is
a security enhancement.
* rc.inet1 now explicitly disables RA (via the accept_ra tunable in /proc) for an interface before trying to bring up
any IPs configured for it. This prevents RA from automatically adding a default route to the table when it is
active on the network. Unless USE_AUTOCONF6[x] is set for the interface, RA is left disabled and no automatic default
active on the network. Unless USE_SLAAC[x] is set for the interface, RA is left disabled and no automatic default
routes will be added. This is a change from previous versions of Slackware, which would auto configure default routes.
This is a security fix in the same vain as the above. This can easily be changed back to the previous behaviour.
* Interfaces will no longer be brought into the 'up' state unless they are actually configured with an IP address. In
......@@ -101,11 +101,11 @@ Changes from previous Slackware versions
interface would be left in the 'up' state after executing 'rc.inet1 start'. This will no longer happen, and is
considered a clean-up of the current odd behaviour.
* If no NETMASK[x] is set for an interface, rc.inet1 will now assume a prefix/netmask of 24 (and will emit a warning).
CIDR notation netmasks are now recommended, but the old style dotted-quad notation is still accepted for IPv4. This
is a configuration enhancement.
CIDR notation netmasks are now recommended (with the leading / as optional), but the old style dotted-quad notation is
still accepted for IPv4. This is a configuration enhancement.
* In previous versions, the IP aliases configuration for IPv4 assumed a netmask of /32, making the interface only
addressable by itself. Now, a netmask of /24 is assumed where none is provided in the configuration. This is a
bugfix, but can be easily changed back to the old behaviour if undesired.
bugfix, but can be easily reverted to the old behaviour if undesired.
Known issues
......
options ipv6 autoconf=0
......@@ -143,8 +143,8 @@ if_up() {
# If the interface is a bridge, then create it first:
[ -n "${BRNICS[$i]}" ] && br_open $i
# Skip unconfigured interfaces:
if [ -z "${IPADDR[$i]}" ] && [ "${USE_DHCP[$i]}" != "yes" ] && [ -z "${IPADDR6[$i]}" ] && \
[ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_AUTOCONF6[$i]}" != "yes" ]; then
if [ -z "${IPADDR[$i]}" ] && [ "${USE_DHCP[$i]}" != "yes" ] && [ -z "${IP6ADDR[$i]}" ] && \
[ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" != "yes" ]; then
debug_log "skipping ${1} early, interface is not configured in /etc/rc.d/rc.inet1.conf"
return
fi
......@@ -204,7 +204,7 @@ if_up() {
/sbin/ip link set dev ${1} down
fi
fi
if [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_AUTOCONF6[$i]}" = "yes" ]; then # configure interface via stateless auto config
if [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" = "yes" ]; then # configure interface via stateless auto config
echo "/etc/rc.d/rc.inet1: using Router Advertisement stateless auto configuration for ${1}" | $LOGGER
# Enable accepting of router advertisment packets, and auto configuration of interfaces:
echo "1" >/proc/sys/net/ipv6/conf/$1/accept_ra
......@@ -212,13 +212,13 @@ if_up() {
# Bring the interface up:
/sbin/ip link set dev ${1} up
echo "Waiting for router announcement on ${1}..."
for ((j = ${AUTOCONF6_TIMEOUT[$i]:=15} * 2; j--;)); do # by default, wait a max of 15 seconds for the interface to configure
for ((j = ${SLAAC_TIMEOUT[$i]:=15} * 2; j--;)); do # by default, wait a max of 15 seconds for the interface to configure
/sbin/ip -6 address show dynamic dev ${1} 2>/dev/null | grep -Ewq 'inet6' && { IF_UP=1; break; }
sleep 0.5
done
if (($IF_UP != 1)); then
echo "Timed out!"
echo "/etc/rc.d/rc.inet1: failed to auto configure ${1} after ${AUTOCONF6_TIMEOUT[$i]} seconds" | $LOGGER
echo "/etc/rc.d/rc.inet1: failed to auto configure ${1} after ${SLAAC_TIMEOUT[$i]} seconds" | $LOGGER
/sbin/ip address flush dev ${1}
/sbin/ip link set dev ${1} down
fi
......@@ -243,17 +243,17 @@ if_up() {
/sbin/ip link set dev ${1} down
fi
fi
if [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_AUTOCONF6[$i]}" != "yes" ] && [ -n "${IPADDR6[$i]}" ]; then # add a fixed v6 IP
if [ -z "${PREFIX6[$i]}" ]; then
echo "/etc/rc.d/rc.inet1: no PREFIX6 set for ${1} - assuming 64" | $LOGGER
PREFIX6[$i]="64"
if [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" != "yes" ] && [ -n "${IP6ADDR[$i]}" ]; then # add a fixed v6 IP
if [ -z "${PREFIXLEN[$i]}" ]; then
echo "/etc/rc.d/rc.inet1: no PREFIXLEN set for ${1} - assuming 64" | $LOGGER
PREFIXLEN[$i]="64"
fi
echo "/etc/rc.d/rc.inet1: /sbin/ip -6 address add ${IPADDR6[$i]}/${PREFIX6[$i]#/} dev ${1}" | $LOGGER
if /sbin/ip -6 address add ${IPADDR6[$i]}/${PREFIX6[$i]#/} dev ${1} && \
echo "/etc/rc.d/rc.inet1: /sbin/ip -6 address add ${IP6ADDR[$i]}/${PREFIXLEN[$i]#/} dev ${1}" | $LOGGER
if /sbin/ip -6 address add ${IP6ADDR[$i]}/${PREFIXLEN[$i]#/} dev ${1} && \
/sbin/ip link set dev ${1} up; then
IF_UP=1
else
echo "/etc/rc.d/rc.inet1: failed to a set IP ${IPADDR6[$i]} for ${1}" | $LOGGER
echo "/etc/rc.d/rc.inet1: failed to a set IP ${IP6ADDR[$i]} for ${1}" | $LOGGER
if (($IF_UP != 1)); then # a v4 address was configured, don't flush it
/sbin/ip address flush dev ${1}
/sbin/ip link set dev ${1} down
......@@ -276,13 +276,13 @@ if_up() {
fi
done
fi
if [ -n "${IPALIASES6[$i]}" ]; then
if [ -n "${IP6ALIASES[$i]}" ]; then
# IPv6's Duplicate Address Detection (DAD) causes a race condition when bringing up interfaces, as
# described here: https://www.agwa.name/blog/post/beware_the_ipv6_dad_race_condition
# Disable DAD while bringing up the interface - but note that this means the loss of detection of a
# duplicate address. It's a trade off, unfortunately.
echo "0" >/proc/sys/net/ipv6/conf/$1/accept_dad
for ipalias in ${IPALIASES6[$i]}; do
for ipalias in ${IP6ALIASES[$i]}; do
ip="${ipalias%/*}"
nm="${ipalias#*/}"
[ -z "$nm" ] || [ "$ip" == "$nm" ] && nm="64"
......
# /etc/rc.d/rc.inet1.conf
#
# This file contains the configuration settings for network interfaces.
# If USE_DHCP[interface] is set to "yes", this overrides any other settings.
# If you don't have an interface, leave the settings null ("").
......@@ -11,54 +12,68 @@
# Several other parameters are available, the end of this file contains a
# comprehensive set of examples.
# Important note for IPv6 stateless auto configuration (SLAAC) users:
# From Slackware 15.0 onwards, you need to set USE_SLAAC[0]="yes" (etc) below
# =============================================================================
# Config information for eth0:
# IPv4 config information for eth0:
IPADDR[0]=""
NETMASK[0]=""
IPALIASES[0]=""
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""
# Config information for eth1:
# IPv4 config information for eth1:
IPADDR[1]=""
NETMASK[1]=""
IPALIASES[1]=""
USE_DHCP[1]=""
DHCP_HOSTNAME[1]=""
# Config information for eth2:
# IPv4 config information for eth2:
IPADDR[2]=""
NETMASK[2]=""
IPALIASES[2]=""
USE_DHCP[2]=""
DHCP_HOSTNAME[2]=""
# Config information for eth3:
# IPv4 config information for eth3:
IPADDR[3]=""
NETMASK[3]=""
IPALIASES[3]=""
USE_DHCP[3]=""
DHCP_HOSTNAME[3]=""
# Default gateway IP address:
# IPv4 default gateway IP address:
GATEWAY=""
# IPv6 configuration options:
#IPADDR6[0]=
#PREFIX6[0]=
#IPALIASES6[0]=
#USE_DHCP6[0]=
#USE_AUTOCONF6[0]=
# =============================================================================
# IPv6 config information for eth0:
IP6ADDR[0]=""
PREFIXLEN[0]=""
IP6ALIASES[0]=""
USE_SLAAC[0]=""
USE_DHCP6[0]=""
# Default gateway IPv6 address:
#GATEWAY6=""
# IPv6 config information for eth1:
IP6ADDR[1]=""
PREFIXLEN[1]=""
IP6ALIASES[1]=""
USE_SLAAC[1]=""
USE_DHCP6[1]=""
# Change this to "yes" for debugging output to stdout. Unfortunately,
# /sbin/hotplug seems to disable stdout so you'll only see debugging output
# when rc.inet1 is called directly.
# IPv6 default gateway address:
GATEWAY6=""
# =============================================================================
# Change this to "yes" for debugging output to stdout.
DEBUG_ETH_UP="no"
# =============================================================================
# Example of how to configure a bridge:
# Note the added "BRNICS" variable which contains a space-separated list
# of the physical or virtual network interfaces you want to add to the bridge.
......@@ -70,6 +85,8 @@ DEBUG_ETH_UP="no"
#USE_DHCP[0]=""
#DHCP_HOSTNAME[0]=""
# =============================================================================
# Virtual interfaces to create - these are created before any address
# configuration or bridge setup is done, so you may use these interfaces
# as IFNAME or BRNICS values. These can be tun or tap interfaces:
......@@ -89,6 +106,8 @@ DEBUG_ETH_UP="no"
#VIRTIFUSER[1]="someuser"
#VIRTIFGROUP[1]="somegroup"
# =============================================================================
## Example config information for wlan0. Uncomment the lines you need and fill
## in your data. (You may not need all of these for your wireless network)
#IFNAME[4]="wlan0"
......@@ -110,6 +129,8 @@ DEBUG_ETH_UP="no"
#WLAN_WPADRIVER[4]="wext"
#WLAN_WPAWAIT[4]=30
# =============================================================================
## Some examples of additional network parameters that you can use.
## Config information for wlan0:
#IFNAME[4]="wlan0" # Use a different interface name instead of
......@@ -135,9 +156,9 @@ DEBUG_ETH_UP="no"
# server is not found (ipv4ll link-local
# adresses in the IP range 169.254.0.0/16 are
# also known as "zeroconf" addresses)
#AUTOCONF6_TIMEOUT[4]="15" # The default timeout for auto configuration to
# wait for the interface to come up is 15 sec.
# Increase the timeout if required.
#SLAAC_TIMEOUT[4]="15" # The default timeout for auto configuration to
# wait for the interface to come up is 15 sec.
# Increase the timeout if required.
#WLAN_ESSID[4]=DARKSTAR # An example of how you can override _any_
# parameter defined in rc.wireless.conf, by
# prepending 'WLAN_' to the parameter's name.
......