1#!/bin/sh 2# 3 4# PROVIDE: stf 5# REQUIRE: netif 6# KEYWORD: nojail 7 8. /etc/rc.subr 9. /etc/network.subr 10 11name="stf" 12desc="6to4 tunnel interface" 13start_cmd="stf_up" 14stop_cmd="stf_down" 15 16stf_up() 17{ 18 case ${stf_interface_ipv4addr} in 19 [Nn][Oo] | '') 20 ;; 21 *) 22 # assign IPv6 addr and interface route for 6to4 interface 23 stf_prefixlen=$((16+${stf_interface_ipv4plen:-0})) 24 OIFS="$IFS" 25 IFS=".$IFS" 26 set ${stf_interface_ipv4addr} 27 IFS="$OIFS" 28 hexfrag1=`hexprint $(($1*256 + $2))` 29 hexfrag2=`hexprint $(($3*256 + $4))` 30 ipv4_in_hexformat="${hexfrag1}:${hexfrag2}" 31 case ${stf_interface_ipv6_ifid} in 32 [Aa][Uu][Tt][Oo] | '') 33 for i in ${ipv6_network_interfaces}; do 34 laddr=`network6_getladdr ${i}` 35 case ${laddr} in 36 '') 37 ;; 38 *) 39 break 40 ;; 41 esac 42 done 43 stf_interface_ipv6_ifid=`expr "${laddr}" : \ 44 'fe80::\(.*\)%\(.*\)'` 45 case ${stf_interface_ipv6_ifid} in 46 '') 47 stf_interface_ipv6_ifid=0:0:0:1 48 ;; 49 esac 50 ;; 51 esac 52 echo "Configuring 6to4 tunnel interface: stf0." 53 ifconfig stf0 create >/dev/null 2>&1 54 ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \ 55 prefixlen ${stf_prefixlen} 56 check_startmsgs && /sbin/ifconfig stf0 57 58 # disallow packets to malicious 6to4 prefix 59 route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject 60 route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject 61 route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject 62 route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject 63 ;; 64 esac 65} 66 67stf_down() 68{ 69 echo "Removing 6to4 tunnel interface: stf0." 70 ifconfig stf0 destroy 71 route delete -inet6 2002:e000:: -prefixlen 20 ::1 72 route delete -inet6 2002:7f00:: -prefixlen 24 ::1 73 route delete -inet6 2002:0000:: -prefixlen 24 ::1 74 route delete -inet6 2002:ff00:: -prefixlen 24 ::1 75} 76 77load_rc_config $name 78run_rc_command "$1" 79