xref: /freebsd/libexec/rc/rc.d/stf (revision f99f0ee14e3af81c23150a6a340259ca8a33d01a)
1#!/bin/sh
2#
3
4# PROVIDE: stf
5# REQUIRE: netif
6# KEYWORD: nojail
7
8. /etc/rc.subr
9. /etc/network.subr
10
11name="stf"
12desc="6to4 tunnel interface"
13start_cmd="stf_up"
14stop_cmd="stf_down"
15
16stf_up()
17{
18	case ${stf_interface_ipv4addr} in
19	[Nn][Oo] | '')
20		;;
21	*)
22		# assign IPv6 addr and interface route for 6to4 interface
23		stf_prefixlen=$((16+${stf_interface_ipv4plen:-0}))
24		OIFS="$IFS"
25		IFS=".$IFS"
26		set ${stf_interface_ipv4addr}
27		IFS="$OIFS"
28		hexfrag1=`hexprint $(($1*256 + $2))`
29		hexfrag2=`hexprint $(($3*256 + $4))`
30		ipv4_in_hexformat="${hexfrag1}:${hexfrag2}"
31		case ${stf_interface_ipv6_ifid} in
32		[Aa][Uu][Tt][Oo] | '')
33			for i in ${ipv6_network_interfaces}; do
34				laddr=`network6_getladdr ${i}`
35				case ${laddr} in
36				'')
37					;;
38				*)
39					break
40					;;
41				esac
42			done
43			stf_interface_ipv6_ifid=`expr "${laddr}" : \
44						      'fe80::\(.*\)%\(.*\)'`
45			case ${stf_interface_ipv6_ifid} in
46			'')
47				stf_interface_ipv6_ifid=0:0:0:1
48				;;
49			esac
50			;;
51		esac
52		echo "Configuring 6to4 tunnel interface: stf0."
53		ifconfig stf0 create >/dev/null 2>&1
54		ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \
55			prefixlen ${stf_prefixlen}
56		check_startmsgs && /sbin/ifconfig stf0
57
58		# disallow packets to malicious 6to4 prefix
59		route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
60		route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
61		route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
62		route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
63		;;
64	esac
65}
66
67stf_down()
68{
69	echo "Removing 6to4 tunnel interface: stf0."
70	ifconfig stf0 destroy
71	route delete -inet6 2002:e000:: -prefixlen 20 ::1
72	route delete -inet6 2002:7f00:: -prefixlen 24 ::1
73	route delete -inet6 2002:0000:: -prefixlen 24 ::1
74	route delete -inet6 2002:ff00:: -prefixlen 24 ::1
75}
76
77load_rc_config $name
78
79# doesn't make sense to run in a svcj: config setting
80stf_svcj="NO"
81
82run_rc_command "$1"
83