diff options
Diffstat (limited to 'source/n/network-scripts')
-rw-r--r-- | source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf | 9 | ||||
-rw-r--r-- | source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf | 8 | ||||
-rwxr-xr-x | source/n/network-scripts/network-scripts.SlackBuild | 2 | ||||
-rw-r--r-- | source/n/network-scripts/scripts/netconfig | 18 | ||||
-rw-r--r-- | source/n/network-scripts/scripts/rc.inet1 | 91 | ||||
-rw-r--r-- | source/n/network-scripts/scripts/rc.inet1.conf | 18 |
6 files changed, 87 insertions, 59 deletions
diff --git a/source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf b/source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf deleted file mode 100644 index c33faf65b..000000000 --- a/source/n/network-scripts/modprobe.d/modprobe.d/bonding.conf +++ /dev/null @@ -1,9 +0,0 @@ -############################################################################## -# Do not edit this file; instead, copy it to /etc/modprobe.d/ and edit that -############################################################################## -# -# Disable the automatic creation of a bond0 interface when module is loaded -# Otherwise, /etc/rc.d/rc.inet1 will not be able to configure it -# -options bonding max_bonds=0 -options rtnl-link-bond max_bonds=0 diff --git a/source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf b/source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf deleted file mode 100644 index a0395a5ad..000000000 --- a/source/n/network-scripts/modprobe.d/modprobe.d/ipv6.conf +++ /dev/null @@ -1,8 +0,0 @@ -############################################################################## -# Do not edit this file; instead, copy it to /etc/modprobe.d/ and edit that -############################################################################## -# -# Disable IPv6 auto configuration (SLAAC) by default -# -options ipv6 autoconf=0 -options net-pf-10 autoconf=0 diff --git a/source/n/network-scripts/network-scripts.SlackBuild b/source/n/network-scripts/network-scripts.SlackBuild index 4832d4db2..0093d246a 100755 --- a/source/n/network-scripts/network-scripts.SlackBuild +++ b/source/n/network-scripts/network-scripts.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=network-scripts VERSION=${VERSION:-15.0} ARCH=noarch -BUILD=${BUILD:-13} +BUILD=${BUILD:-14} # If the variable PRINT_PACKAGE_NAME is set, then this script will report what # the name of the created package would be, and then exit. This information diff --git a/source/n/network-scripts/scripts/netconfig b/source/n/network-scripts/scripts/netconfig index 69c6d6edf..bb5a5acc2 100644 --- a/source/n/network-scripts/scripts/netconfig +++ b/source/n/network-scripts/scripts/netconfig @@ -185,6 +185,7 @@ GATEWAY6="$GATEWAY6" # these for your wireless network. #IFNAME[4]="wlan0" #IPADDRS[4]="" +#USE_DHCP[4]="yes" #DHCP_HOSTNAME[4]="icculus-wireless" #DHCP_KEEPRESOLV[4]="yes" #DHCP_KEEPNTP[4]="yes" @@ -231,6 +232,16 @@ GATEWAY6="$GATEWAY6" #SLAAC_TIMEOUT[4]="15" # The default timeout for auto configuration to # wait for the interface to come up is 15 sec. # Increase the timeout if required. +#SLAAC_PRIVIPGEN[4]="yes" # When assigning addresses via SLAAC, use the + # 'private' (RFC7217) address generation method. + # It is advisable to also set SLAAC_SECRET[x]. +#SLAAC_SECRET[4]="xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx" + # When SLAAC_PRIVIPGEN[x]="yes" is set, this is + # the secret to be used. This must be in the + # form of an IPv6 address. When left unset, a + # random secret is used (this is the default). +#SLAAC_TEMPADDR[4]="yes" # Use a temporary address with SLAAC to enhance + # security. #USE_RA[4]="yes" # Accept router advertisements even when SLAAC # is disabled on the interface. #WLAN_ESSID[4]="DARKSTAR" # An example of how you can override _any_ @@ -481,8 +492,11 @@ EOF DOMAIN="`cat $TMP/SeTdom`" rm -f $TMP/SeTdom $TMP/tempmsg # These regexes doon't catch everything, just basic syntax mistakes. - if [ "$DOMAIN" = "" ] || [[ ! "$DOMAIN" =~ ^([[:alnum:]]+[-.]*[[:alnum:]]+)+$ ]] || \ - [[ "${DOMAIN:0:1}" =~ ^[.-]$ ]] || [[ "${DOMAIN: -1:1}" == ^[.-]$ ]]; then + DN="${DOMAIN%.*}" + TLD="${DOMAIN##*.}" + if [ -z "$DOMAIN" ] || [ -z "$TLD" ] || [ -z "$DN" ] || [[ ! "$DOMAIN" =~ ^[^.-][[:alnum:].-]+[^.-]$ ]] || \ + [[ ! "$DN" =~ ^[^.-][[:alnum:].-]+[^.-]$ ]] || [[ "$DN" =~ \.\. ]] || [[ "$DN" =~ -- ]] || \ + [[ ! "$TLD" =~ ^[^-][[:alnum:]-]+[^-]$ ]]; then dialog --title "DOMAINNAME" --ok-button "Back" --msgbox \ "That doesn't appear to be a valid domain name.\n Domain names can only contain letters and numbers, hyphens diff --git a/source/n/network-scripts/scripts/rc.inet1 b/source/n/network-scripts/scripts/rc.inet1 index 755e7efec..d33ab7747 100644 --- a/source/n/network-scripts/scripts/rc.inet1 +++ b/source/n/network-scripts/scripts/rc.inet1 @@ -159,9 +159,13 @@ br_open() { debug_log "/sbin/ip link set dev ${IFNAME[$1]} type bridge $IFOPT" /sbin/ip link set dev ${IFNAME[$1]} type bridge $IFOPT fi - done <<<"${IFOPTS[$i]/%|*([[:blank:]])}|" # The | on the end is required. - debug_log "/sbin/ip link set dev ${IFNAME[$1]} up" - /sbin/ip link set dev ${IFNAME[$1]} up + done <<<"${IFOPTS[$1]/%|*([[:blank:]])}|" # The | on the end is required. + # Don't bring up the interface if it will be brought up later during IP configuration. + # This prevents a situation where SLAAC takes a while to apply if the interface is already up. + if [ -z "${IPADDRS[$1]}" ] && [ -z "${IP6ADDRS[$1]}" ] && [ -z "${IPADDR[$1]}" ] && [ "${USE_DHCP[$1]}" != "yes" ] && [ "${USE_DHCP6[$1]}" != "yes" ] && [ "${USE_SLAAC[$1]}" != "yes" ]; then + debug_log "/sbin/ip link set dev ${IFNAME[$1]} up" + /sbin/ip link set dev ${IFNAME[$1]} up + fi } # Function to disassemble a bridge interface. @@ -323,6 +327,51 @@ if_up() { debug_log "/sbin/ip address flush dev ${1}" /sbin/ip address flush dev ${1} IF_UP=0 + if [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" = "yes" ]; then # configure via SLAAC + info_log "${1}: enabling SLAAC" + # Enable accepting of RA packets, unless explicitly configured not to: + if [ "${USE_RA[$i]}" = "no" ]; then + debug_log "${1}: ignoring IPv6 RA" + echo "0" >/proc/sys/net/ipv6/conf/${1}/accept_ra + else + debug_log "${1}: accepting IPv6 RA" + echo "1" >/proc/sys/net/ipv6/conf/${1}/accept_ra + fi + # Set up SLAAC privacy enhancements if configured. + if [ "${SLAAC_PRIVIPGEN[$i]}" = "yes" ]; then + if [ -n "${SLAAC_SECRET[$i]}" ]; then + debug_log "${1}: seeding secret and enabling private IPv6 generation" + echo "${SLAAC_SECRET[$i]}" >/proc/sys/net/ipv6/conf/${1}/stable_secret + echo "2" >/proc/sys/net/ipv6/conf/${1}/addr_gen_mode + else + debug_log "${1}: using random secret and enabling private IPv6 generation" + echo -n >/proc/sys/net/ipv6/conf/${1}/stable_secret + echo "3" >/proc/sys/net/ipv6/conf/${1}/addr_gen_mode + fi + fi + if [ "${SLAAC_TEMPADDR[$i]}" = "yes" ]; then + debug_log "${1}: enabling SLAAC tempaddr" + echo "2" >/proc/sys/net/ipv6/conf/${1}/use_tempaddr + fi + # Enable auto configuration of interfaces: + echo "1" >/proc/sys/net/ipv6/conf/${1}/autoconf + # Bring the interface up: + debug_log "/sbin/ip link set dev ${1} up" + /sbin/ip link set dev ${1} up + echo "${1}: waiting for router announcement" + for ((j = ${SLAAC_TIMEOUT[$i]:=15} * 2; j--;)); do # by default, wait a max of 15 seconds for the interface to configure + /sbin/ip -6 address show dynamic dev ${1} 2>/dev/null | grep -Ewq 'inet6' && { IF_UP=1; break; } + sleep 0.5 + done + if ((IF_UP != 1)); then + echo "${1}: timed out" + info_log "${1}: failed to auto configure after ${SLAAC_TIMEOUT[$i]} seconds" + debug_log "/sbin/ip address flush dev ${1}" + /sbin/ip address flush dev ${1} + debug_log "/sbin/ip link set dev ${1} down" + /sbin/ip link set dev ${1} down + fi + fi # Slackware historically favours dynamic configuration over fixed IP to configure interfaces, so keep that tradition: if [ "${USE_DHCP[$i]}" = "yes" ] || { [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" = "yes" ]; }; then # use dhcpcd info_log "${1}: starting dhcpcd" @@ -368,35 +417,6 @@ if_up() { /sbin/ip link set dev ${1} down fi fi - if [ -e /proc/sys/net/ipv6 ] && [ "${USE_DHCP6[$i]}" != "yes" ] && [ "${USE_SLAAC[$i]}" = "yes" ]; then # configure via SLAAC - info_log "${1}: enabling SLAAC" - # Enable accepting of RA packets, unless explicitly configured not to: - if [ "${USE_RA[$i]}" = "no" ]; then - debug_log "${1}: ignoring IPv6 RA" - echo "0" >/proc/sys/net/ipv6/conf/${1}/accept_ra - else - debug_log "${1}: accepting IPv6 RA" - echo "1" >/proc/sys/net/ipv6/conf/${1}/accept_ra - fi - # Enable auto configuration of interfaces: - echo "1" >/proc/sys/net/ipv6/conf/${1}/autoconf - # Bring the interface up: - debug_log "/sbin/ip link set dev ${1} up" - /sbin/ip link set dev ${1} up - echo "${1}: waiting for router announcement" - for ((j = ${SLAAC_TIMEOUT[$i]:=15} * 2; j--;)); do # by default, wait a max of 15 seconds for the interface to configure - /sbin/ip -6 address show dynamic dev ${1} 2>/dev/null | grep -Ewq 'inet6' && { IF_UP=1; break; } - sleep 0.5 - done - if ((IF_UP != 1)); then - echo "${1}: timed out" - info_log "${1}: failed to auto configure after ${SLAAC_TIMEOUT[$i]} seconds" - debug_log "/sbin/ip address flush dev ${1}" - /sbin/ip address flush dev ${1} - debug_log "/sbin/ip link set dev ${1} down" - /sbin/ip link set dev ${1} down - fi - fi if [ -e /proc/sys/net/ipv6 ] && [ -n "${IP6ADDRS[$i]}" ]; then # add v6 IPs info_log "${1}: setting IPv6 addresses" # IPv6's Duplicate Address Detection (DAD) causes a race condition when bringing up interfaces, as @@ -545,11 +565,14 @@ if_down() { # Bring the interface down: debug_log "/sbin/ip link set dev ${1} down" /sbin/ip link set dev ${1} down - # Reset autoconf and accept_ra back to defaults: + # Reset everything back to defaults: if [ -e /proc/sys/net/ipv6 ]; then - debug_log "${1}: resetting IPv6 autoconf and RA to defaults" + debug_log "${1}: resetting IPv6 configuration to defaults" cat /proc/sys/net/ipv6/conf/default/autoconf >/proc/sys/net/ipv6/conf/${1}/autoconf cat /proc/sys/net/ipv6/conf/default/accept_ra >/proc/sys/net/ipv6/conf/${1}/accept_ra + cat /proc/sys/net/ipv6/conf/default/use_tempaddr >/proc/sys/net/ipv6/conf/${1}/use_tempaddr + cat /proc/sys/net/ipv6/conf/default/addr_gen_mode >/proc/sys/net/ipv6/conf/${1}/addr_gen_mode + echo -n >/proc/sys/net/ipv6/conf/${1}/stable_secret fi # If the interface is a bridge, then destroy it now: [ -n "${BRNICS[$i]}" ] && br_close $i diff --git a/source/n/network-scripts/scripts/rc.inet1.conf b/source/n/network-scripts/scripts/rc.inet1.conf index 0daee7017..e952498e9 100644 --- a/source/n/network-scripts/scripts/rc.inet1.conf +++ b/source/n/network-scripts/scripts/rc.inet1.conf @@ -69,7 +69,7 @@ GATEWAY6="" # BONDNICS is a space delimited list of interfaces to add to this bond. The # BONDNICS interfaces will be brought up and configured while bringing up the # bond interface, so do not need to be previously defined in rc.inet1.conf. -# BONDMODE sets the bonding mode for this interface. If not specified when +# BONDMODE sets the bonding mode for this interface. If not specified when # BONDNICS has been used, the default is 'balance-rr'. # IFOPTS is a pipe (|) delimited list of bonding module specific settings to be # applied to the interface, and should always include the 'miimon' option when @@ -83,9 +83,7 @@ GATEWAY6="" #BONDNICS[0]="eth0 eth1" #BONDMODE[0]="balance-rr" #IFOPTS[0]="xmit_hash_policy layer2+3 | miimon 100" -#IPADDR[0]="192.168.0.1" -#NETMASK[0]="24" -#IPALIASES[0]="" +#IPADDRS[0]="192.168.0.1/24" #USE_DHCP[0]="" #DHCP_HOSTNAME[0]="" #IP6ADDRS[0]="" @@ -174,7 +172,7 @@ GATEWAY6="" # Some examples of additional network parameters that you can use. #IFNAME[4]="wlan0" # Use a different interface name instead of # the default 'eth4' -#IFOPTS[4]="" # A pipe (|) delimited list of interface type +#IFOPTS[4]="" # A pipe (|) delimited list of interface type # specific options to apply. These options # can be found in the ip-link(8) man page in # the approprite section for the interface @@ -200,6 +198,16 @@ GATEWAY6="" #SLAAC_TIMEOUT[4]="15" # The default timeout for auto configuration to # wait for the interface to come up is 15 sec. # Increase the timeout if required. +#SLAAC_PRIVIPGEN[4]="yes" # When assigning addresses via SLAAC, use the + # 'private' (RFC7217) address generation method. + # It is advisable to also set SLAAC_SECRET[x]. +#SLAAC_SECRET[4]="xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx" + # When SLAAC_PRIVIPGEN[x]="yes" is set, this is + # the secret to be used. This must be in the + # form of an IPv6 address. When left unset, a + # random secret is used (this is the default). +#SLAAC_TEMPADDR[4]="yes" # Use a temporary address with SLAAC to enhance + # security. #USE_RA[4]="yes" # Accept router advertisements even when SLAAC # is disabled on the interface. #WLAN_ESSID[4]="DARKSTAR" # An example of how you can override _any_ |