xref: /freebsd/libexec/rc/rc.d/stf (revision c66ec88fed842fbaad62c30d510644ceb7bd2d71)
1#!/bin/sh
2# $FreeBSD$
3#
4
5# PROVIDE: stf
6# REQUIRE: netif
7# KEYWORD: nojail
8
9. /etc/rc.subr
10. /etc/network.subr
11
12name="stf"
13desc="6to4 tunnel interface"
14start_cmd="stf_up"
15stop_cmd="stf_down"
16
17stf_up()
18{
19	case ${stf_interface_ipv4addr} in
20	[Nn][Oo] | '')
21		;;
22	*)
23		# assign IPv6 addr and interface route for 6to4 interface
24		stf_prefixlen=$((16+${stf_interface_ipv4plen:-0}))
25		OIFS="$IFS"
26		IFS=".$IFS"
27		set ${stf_interface_ipv4addr}
28		IFS="$OIFS"
29		hexfrag1=`hexprint $(($1*256 + $2))`
30		hexfrag2=`hexprint $(($3*256 + $4))`
31		ipv4_in_hexformat="${hexfrag1}:${hexfrag2}"
32		case ${stf_interface_ipv6_ifid} in
33		[Aa][Uu][Tt][Oo] | '')
34			for i in ${ipv6_network_interfaces}; do
35				laddr=`network6_getladdr ${i}`
36				case ${laddr} in
37				'')
38					;;
39				*)
40					break
41					;;
42				esac
43			done
44			stf_interface_ipv6_ifid=`expr "${laddr}" : \
45						      'fe80::\(.*\)%\(.*\)'`
46			case ${stf_interface_ipv6_ifid} in
47			'')
48				stf_interface_ipv6_ifid=0:0:0:1
49				;;
50			esac
51			;;
52		esac
53		echo "Configuring 6to4 tunnel interface: stf0."
54		ifconfig stf0 create >/dev/null 2>&1
55		ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \
56			prefixlen ${stf_prefixlen}
57		check_startmsgs && /sbin/ifconfig stf0
58
59		# disallow packets to malicious 6to4 prefix
60		route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
61		route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
62		route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
63		route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
64		;;
65	esac
66}
67
68stf_down()
69{
70	echo "Removing 6to4 tunnel interface: stf0."
71	ifconfig stf0 destroy
72	route delete -inet6 2002:e000:: -prefixlen 20 ::1
73	route delete -inet6 2002:7f00:: -prefixlen 24 ::1
74	route delete -inet6 2002:0000:: -prefixlen 24 ::1
75	route delete -inet6 2002:ff00:: -prefixlen 24 ::1
76}
77
78load_rc_config $name
79run_rc_command "$1"
80