6 files changed, 87 insertions, 59 deletions

diff --git a/source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf b/source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf
deleted file mode 100644
index c33faf65b..000000000
--- a/source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-##############################################################################
-# Do not edit this file; instead, copy it to /etc/modprobe.d/ and edit that
-##############################################################################
-#
-# Disable the automatic creation of a bond0 interface when module is loaded
-# Otherwise, /etc/rc.d/rc.inet1 will not be able to configure it
-#
-options bonding max_bonds=0
-options rtnl-link-bond max_bonds=0
diff --git a/source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf b/source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf
deleted file mode 100644
index a0395a5ad..000000000
--- a/source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-##############################################################################
-# Do not edit this file; instead, copy it to /etc/modprobe.d/ and edit that
-##############################################################################
-#
-# Disable IPv6 auto configuration (SLAAC) by default
-#
-options ipv6 autoconf=0
-options net-pf-10 autoconf=0
diff --git a/source/n/network-scripts/network-scripts.SlackBuild b/source/n/network-scripts/network-scripts.SlackBuild
index 4832d4db2..0093d246a 100755
--- a/source/n/network-scripts/network-scripts.SlackBuild
+++ b/source/n/network-scripts/network-scripts.SlackBuild
@@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 PKGNAM=network-scripts
 VERSION=${VERSION:-15.0}
 ARCH=noarch
-BUILD=${BUILD:-13}
+BUILD=${BUILD:-14}
 
 # If the variable PRINT_PACKAGE_NAME is set, then this script will report what
 # the name of the created package would be, and then exit. This information
diff --git a/source/n/network-scripts/scripts/netconfig b/source/n/network-scripts/scripts/netconfig
index 69c6d6edf..bb5a5acc2 100644
--- a/source/n/network-scripts/scripts/netconfig
+++ b/source/n/network-scripts/scripts/netconfig
@@ -185,6 +185,7 @@ GATEWAY6="$GATEWAY6"
 # these for your wireless network.
 #IFNAME[4]="wlan0"
 #IPADDRS[4]=""
+#USE_DHCP[4]="yes"
 #DHCP_HOSTNAME[4]="icculus-wireless"
 #DHCP_KEEPRESOLV[4]="yes"
 #DHCP_KEEPNTP[4]="yes"
@@ -231,6 +232,16 @@ GATEWAY6="$GATEWAY6"
 #SLAAC_TIMEOUT[4]="15"          # The default timeout for auto configuration to
                                 # wait for the interface to come up is 15 sec.
                                 # Increase the timeout if required.
+#SLAAC_PRIVIPGEN[4]="yes"       # When assigning addresses via SLAAC, use the
+                                # 'private' (RFC7217) address generation method.
+                                # It is advisable to also set SLAAC_SECRET[x].
+#SLAAC_SECRET[4]="xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx"
+                                # When SLAAC_PRIVIPGEN[x]="yes" is set, this is
+                                # the secret to be used.  This must be in the
+                                # form of an IPv6 address.  When left unset, a
+                                # random secret is used (this is the default).
+#SLAAC_TEMPADDR[4]="yes"        # Use a temporary address with SLAAC to enhance
+                                # security.
 #USE_RA[4]="yes"                # Accept router advertisements even when SLAAC
                                 # is disabled on the interface.
 #WLAN_ESSID[4]="DARKSTAR"       # An example of how you can override _any_
@@ -481,8 +492,11 @@ EOF
   DOMAIN="`cat $TMP/SeTdom`"
   rm -f $TMP/SeTdom $TMP/tempmsg
   # These regexes doon't catch everything, just basic syntax mistakes.
-  if [ "$DOMAIN" = "" ] || [[ ! "$DOMAIN" =~ ^([[:alnum:]]+[-.]*[[:alnum:]]+)+$ ]] || \
-      [[ "${DOMAIN:0:1}" =~ ^[.-]$ ]] || [[ "${DOMAIN: -1:1}" == ^[.-]$ ]]; then
+  DN="${DOMAIN%.*}"
+  TLD="${DOMAIN##*.}"
+  if [ -z "$DOMAIN" ] || [ -z "$TLD" ] || [ -z "$DN" ] || [[ ! "$DOMAIN" =~ ^[^.-][[:alnum:].-]+[^.-]$ ]] || \
+      [[ ! "$DN" =~ ^[^.-][[:alnum:].-]+[^.-]$ ]] || [[ "$DN" =~ \.\. ]] || [[ "$DN" =~ -- ]] || \
+      [[ ! "$TLD" =~ ^[^-][[:alnum:]-]+[^-]$ ]]; then
     dialog --title "DOMAINNAME" --ok-button "Back" --msgbox \
       "That doesn't appear to be a valid domain name.\n
 Domain names can only contain letters and numbers, hyphens
diff --git a/source/n/network-scripts/scripts/rc.inet1 b/source/n/network-scripts/scripts/rc.inet1
index 755e7efec..d33ab7747 100644
--- a/source/n/network-scripts/scripts/rc.inet1
+++ b/source/n/network-scripts/scripts/rc.inet1
@@ -159,9 +159,13 @@ br_open() {
       debug_log "/sbin/ip link set dev ${IFNAME[$1]} type bridge $IFOPT"
       /sbin/ip link set dev ${IFNAME[$1]} type bridge $IFOPT
     fi
-  done <<<"${IFOPTS[$i]/%|*([[:blank:]])}|"	# The | on the end is required.
-  debug_log "/sbin/ip link set dev ${IFNAME[$1]} up"
-  /sbin/ip link set dev ${IFNAME[$1]} up
+  done <<<"${IFOPTS[$1]/%|*([[:blank:]])}|"	# The | on the end is required.
+  # Don't bring up the interface if it will be brought up later during IP configuration.
+  # This prevents a situation where SLAAC takes a while to apply if the interface is already up.
+  if [ -z "${IPADDRS[$1]}" ] && [ -z "${IP6ADDRS[$1]}" ] && [ -z "${IPADDR[$1]}" ] && [ "${USE_DHCP[$1]}" != "yes" ] && [ "${USE_DHCP6[$1]}" != "yes" ] && [ "${USE_SLAAC[$1]}" != "yes" ]; then
+    debug_log "/sbin/ip link set dev ${IFNAME[$1]} up"
+    /sbin/ip link set dev ${IFNAME[$1]} up
+  fi
 }
 
 # Function to disassemble a bridge interface.
@@ -323,6 +327,51 @@ if_up() {
       debug_log "/sbin/ip address flush dev ${1}"
       /sbin/ip address flush dev ${1}
       IF_UP=0
+      if [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" = "yes" ]; then # configure via SLAAC
+        info_log "${1}: enabling SLAAC"
+        # Enable accepting of RA packets, unless explicitly configured not to:
+        if [ "${USE_RA[$i]}" = "no" ]; then
+          debug_log "${1}: ignoring IPv6 RA"
+          echo "0" >/proc/sys/net/ipv6/conf/${1}/accept_ra
+        else
+          debug_log "${1}: accepting IPv6 RA"
+          echo "1" >/proc/sys/net/ipv6/conf/${1}/accept_ra
+        fi
+        # Set up SLAAC privacy enhancements if configured.
+        if [ "${SLAAC_PRIVIPGEN[$i]}" = "yes" ]; then
+          if [ -n "${SLAAC_SECRET[$i]}" ]; then
+            debug_log "${1}: seeding secret and enabling private IPv6 generation"
+            echo "${SLAAC_SECRET[$i]}" >/proc/sys/net/ipv6/conf/${1}/stable_secret
+            echo "2" >/proc/sys/net/ipv6/conf/${1}/addr_gen_mode
+          else
+            debug_log "${1}: using random secret and enabling private IPv6 generation"
+            echo -n >/proc/sys/net/ipv6/conf/${1}/stable_secret
+            echo "3" >/proc/sys/net/ipv6/conf/${1}/addr_gen_mode
+          fi
+        fi
+        if [ "${SLAAC_TEMPADDR[$i]}" = "yes" ]; then
+          debug_log "${1}: enabling SLAAC tempaddr"
+          echo "2" >/proc/sys/net/ipv6/conf/${1}/use_tempaddr
+        fi
+        # Enable auto configuration of interfaces:
+        echo "1" >/proc/sys/net/ipv6/conf/${1}/autoconf
+        # Bring the interface up:
+        debug_log "/sbin/ip link set dev ${1} up"
+        /sbin/ip link set dev ${1} up
+        echo "${1}: waiting for router announcement"
+        for ((j = ${SLAAC_TIMEOUT[$i]:=15} * 2; j--;)); do # by default, wait a max of 15 seconds for the interface to configure
+          /sbin/ip -6 address show dynamic dev ${1} 2>/dev/null | grep -Ewq 'inet6' && { IF_UP=1; break; }
+          sleep 0.5
+        done
+        if ((IF_UP != 1)); then
+          echo "${1}: timed out"
+          info_log "${1}: failed to auto configure after ${SLAAC_TIMEOUT[$i]} seconds"
+          debug_log "/sbin/ip address flush dev ${1}"
+          /sbin/ip address flush dev ${1}
+          debug_log "/sbin/ip link set dev ${1} down"
+          /sbin/ip link set dev ${1} down
+        fi
+      fi
       # Slackware historically favours dynamic configuration over fixed IP to configure interfaces, so keep that tradition:
       if [ "${USE_DHCP[$i]}" = "yes" ] || { [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" = "yes" ]; }; then # use dhcpcd
         info_log "${1}: starting dhcpcd"
@@ -368,35 +417,6 @@ if_up() {
           /sbin/ip link set dev ${1} down
         fi
       fi
-      if [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" = "yes" ]; then # configure via SLAAC
-        info_log "${1}: enabling SLAAC"
-        # Enable accepting of RA packets, unless explicitly configured not to:
-        if [ "${USE_RA[$i]}" = "no" ]; then
-          debug_log "${1}: ignoring IPv6 RA"
-          echo "0" >/proc/sys/net/ipv6/conf/${1}/accept_ra
-        else
-          debug_log "${1}: accepting IPv6 RA"
-          echo "1" >/proc/sys/net/ipv6/conf/${1}/accept_ra
-        fi
-        # Enable auto configuration of interfaces:
-        echo "1" >/proc/sys/net/ipv6/conf/${1}/autoconf
-        # Bring the interface up:
-        debug_log "/sbin/ip link set dev ${1} up"
-        /sbin/ip link set dev ${1} up
-        echo "${1}: waiting for router announcement"
-        for ((j = ${SLAAC_TIMEOUT[$i]:=15} * 2; j--;)); do # by default, wait a max of 15 seconds for the interface to configure
-          /sbin/ip -6 address show dynamic dev ${1} 2>/dev/null | grep -Ewq 'inet6' && { IF_UP=1; break; }
-          sleep 0.5
-        done
-        if ((IF_UP != 1)); then
-          echo "${1}: timed out"
-          info_log "${1}: failed to auto configure after ${SLAAC_TIMEOUT[$i]} seconds"
-          debug_log "/sbin/ip address flush dev ${1}"
-          /sbin/ip address flush dev ${1}
-          debug_log "/sbin/ip link set dev ${1} down"
-          /sbin/ip link set dev ${1} down
-        fi
-      fi
       if [ -e /proc/sys/net/ipv6 ] && [ -n "${IP6ADDRS[$i]}" ]; then # add v6 IPs
         info_log "${1}: setting IPv6 addresses"
         # IPv6's Duplicate Address Detection (DAD) causes a race condition when bringing up interfaces, as
@@ -545,11 +565,14 @@ if_down() {
     # Bring the interface down:
     debug_log "/sbin/ip link set dev ${1} down"
     /sbin/ip link set dev ${1} down
-    # Reset autoconf and accept_ra back to defaults:
+    # Reset everything back to defaults:
     if [ -e /proc/sys/net/ipv6 ]; then
-      debug_log "${1}: resetting IPv6 autoconf and RA to defaults"
+      debug_log "${1}: resetting IPv6 configuration to defaults"
       cat /proc/sys/net/ipv6/conf/default/autoconf >/proc/sys/net/ipv6/conf/${1}/autoconf
       cat /proc/sys/net/ipv6/conf/default/accept_ra >/proc/sys/net/ipv6/conf/${1}/accept_ra
+      cat /proc/sys/net/ipv6/conf/default/use_tempaddr >/proc/sys/net/ipv6/conf/${1}/use_tempaddr
+      cat /proc/sys/net/ipv6/conf/default/addr_gen_mode >/proc/sys/net/ipv6/conf/${1}/addr_gen_mode
+      echo -n >/proc/sys/net/ipv6/conf/${1}/stable_secret
     fi
     # If the interface is a bridge, then destroy it now:
     [ -n "${BRNICS[$i]}" ] && br_close $i
diff --git a/source/n/network-scripts/scripts/rc.inet1.conf b/source/n/network-scripts/scripts/rc.inet1.conf
index 0daee7017..e952498e9 100644
--- a/source/n/network-scripts/scripts/rc.inet1.conf
+++ b/source/n/network-scripts/scripts/rc.inet1.conf
@@ -69,7 +69,7 @@ GATEWAY6=""
 # BONDNICS is a space delimited list of interfaces to add to this bond.  The
 # BONDNICS interfaces will be brought up and configured while bringing up the
 # bond interface, so do not need to be previously defined in rc.inet1.conf.
-# BONDMODE sets the bonding mode for this interface.  If not specified when 
+# BONDMODE sets the bonding mode for this interface.  If not specified when
 # BONDNICS has been used, the default is 'balance-rr'.
 # IFOPTS is a pipe (|) delimited list of bonding module specific settings to be
 # applied to the interface, and should always include the 'miimon' option when
@@ -83,9 +83,7 @@ GATEWAY6=""
 #BONDNICS[0]="eth0 eth1"
 #BONDMODE[0]="balance-rr"
 #IFOPTS[0]="xmit_hash_policy layer2+3 | miimon 100"
-#IPADDR[0]="192.168.0.1"
-#NETMASK[0]="24"
-#IPALIASES[0]=""
+#IPADDRS[0]="192.168.0.1/24"
 #USE_DHCP[0]=""
 #DHCP_HOSTNAME[0]=""
 #IP6ADDRS[0]=""
@@ -174,7 +172,7 @@ GATEWAY6=""
 # Some examples of additional network parameters that you can use.
 #IFNAME[4]="wlan0"              # Use a different interface name instead of
                                 # the default 'eth4'
-#IFOPTS[4]=""			# A pipe (|) delimited list of interface type
+#IFOPTS[4]=""                   # A pipe (|) delimited list of interface type
                                 # specific options to apply.  These options
                                 # can be found in the ip-link(8) man page in
                                 # the approprite section for the interface
@@ -200,6 +198,16 @@ GATEWAY6=""
 #SLAAC_TIMEOUT[4]="15"          # The default timeout for auto configuration to
                                 # wait for the interface to come up is 15 sec.
                                 # Increase the timeout if required.
+#SLAAC_PRIVIPGEN[4]="yes"       # When assigning addresses via SLAAC, use the
+                                # 'private' (RFC7217) address generation method.
+                                # It is advisable to also set SLAAC_SECRET[x].
+#SLAAC_SECRET[4]="xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx"
+                                # When SLAAC_PRIVIPGEN[x]="yes" is set, this is
+                                # the secret to be used.  This must be in the
+                                # form of an IPv6 address.  When left unset, a
+                                # random secret is used (this is the default).
+#SLAAC_TEMPADDR[4]="yes"        # Use a temporary address with SLAAC to enhance
+                                # security.
 #USE_RA[4]="yes"                # Accept router advertisements even when SLAAC
                                 # is disabled on the interface.
 #WLAN_ESSID[4]="DARKSTAR"       # An example of how you can override _any_