Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Automatically create and destroy cloning interfaces and sync...
details: https://anonhg.NetBSD.org/src/rev/5a8da1edc7b8
branches: trunk
changeset: 537723:5a8da1edc7b8
user: tron <tron%NetBSD.org@localhost>
date: Sat Oct 05 05:24:40 2002 +0000
description:
Automatically create and destroy cloning interfaces and sync IP Filter
immediately afterwards before bringing the interface up. This avoids
a small security gap existing in the previous scheme where IP Filter
was synced after all cloning interfaces were created and brought up.
diffstat:
etc/rc.d/network | 28 +++++++++++++++-------------
share/man/man5/ifconfig.if.5 | 9 +++++++--
2 files changed, 22 insertions(+), 15 deletions(-)
diffs (100 lines):
diff -r bffd9d712035 -r 5a8da1edc7b8 etc/rc.d/network
--- a/etc/rc.d/network Sat Oct 05 04:13:30 2002 +0000
+++ b/etc/rc.d/network Sat Oct 05 05:24:40 2002 +0000
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: network,v 1.38 2002/05/04 13:53:02 tron Exp $
+# $NetBSD: network,v 1.39 2002/10/05 05:24:40 tron Exp $
#
# PROVIDE: network
@@ -185,6 +185,13 @@
echo -n 'Configuring network interfaces:'
for int in $tmp; do
eval args=\$ifconfig_$int
+ if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then
+ if ifconfig $int create 2>/dev/null && \
+ checkyesno ipfilter; then
+ # resync ipf(4)
+ ipf -y >/dev/null
+ fi
+ fi
if [ -n "$args" ]; then
echo -n " $int"
ifconfig $int $args
@@ -193,7 +200,7 @@
while read args; do
[ -z "$args" ] && continue
case "$args" in
- "#"*)
+ "#"*|create)
;;
"!"*)
eval ${args#*!}
@@ -308,11 +315,6 @@
fi
fi
- # resync ipf(4)
- if checkyesno ipfilter; then
- /sbin/ipf -y
- fi
-
# XXX this must die
if [ -s /etc/netstart.local ]; then
sh /etc/netstart.local start
@@ -360,6 +362,11 @@
if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then
echo -n " $int"
ifconfig $int down
+ if ifconfig $int destroy 2>/dev/null && \
+ checkyesno ipfilter; then
+ # resync ipf(4)
+ ipf -y >/dev/null
+ fi
fi
done
echo "."
@@ -369,12 +376,7 @@
#
route -n flush
- # resync ipf(4)
- if checkyesno ipfilter; then
- /sbin/ipf -y
- fi
-
}
-load_rc_config $name
+load_rc_config $name ipfilter
run_rc_command "$1"
diff -r bffd9d712035 -r 5a8da1edc7b8 share/man/man5/ifconfig.if.5
--- a/share/man/man5/ifconfig.if.5 Sat Oct 05 04:13:30 2002 +0000
+++ b/share/man/man5/ifconfig.if.5 Sat Oct 05 05:24:40 2002 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: ifconfig.if.5,v 1.5 2001/12/14 15:12:39 wiz Exp $
+.\" $NetBSD: ifconfig.if.5,v 1.6 2002/10/05 05:24:41 tron Exp $
.\"
.\" Copyright (c) 1996 Matthew R. Green
.\" All rights reserved.
@@ -91,12 +91,17 @@
The following example is for dynamically-created pseudo interfaces like
.Xr gif 4 :
.Bd -literal -offset indent
-create
up
# configure IPv6 default route toward the interface
!route add -inet6 default ::1
!route change -inet6 default -ifp $int
.Ed
+.Pp
+Earlier versions of
+.Pa /etc/rc.d/network
+required an explicit
+.Sq create
+command for such interfaces. This is now handled automatically.
.Sh FILES
.Pa /etc/rc.d/network
.Sh SEE ALSO
Home |
Main Index |
Thread Index |
Old Index