| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds some security and privacy enhancements to SLAAC configuration.
When SLAAC_PRIVIPGEN is "yes", address generation is enhanced with a secret
key for the interface set in SLAAC_SECRET. This prevents predictable
address generation.
When SLAAC_TEMPADDR is "yes", a temporary address is used with SLAAC.
Thanks to davjohn from LQ for the inital patches and help testing.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit introduces the logic for a new IPADDRS array which will work in a
similar way to the IPv6 IP6ADDRS array. The IPADDRS array can hold multiple
IPv4 addresses with netmasks, which are used in preference to, but maintaining
backwards compatibility with, the old IPADDR/NETMASK arrays.
If IPADDRS is set for an interface, the IPs and netmasks configured in the
array are set before an also configured IPADDR/NETMASK. This maintains
backwards compatibility - users can continue to use the IPADDR/NETMASK and
IPALIASES arrays to configure the interface and completely ignore IPADDRS,
or keep their old rc.inet1.conf files, if they so wish.
If the IPADDRS arrays contains multiple IPs, those IPs are all added to the
interface regardles of whether any IP in IPADDRS is or is not set.
These IPs will also be added to the interface just as with IPALIASES if
DHCP/SLAAC is used to set the first IP. The IPALIASES IPs are also added to
the interface to maintain backwards compatibility.
IPa set in IPADDRS to be used as 'alias' interfaces, are NOT given the usual
ethX:Y name, like the IPs listed in IPALIASES. To get an ethX:Y interface
the iPALIASES array should be used; to have the IPs simply added to the
interface the user should use the IPADDRS array with multiple (space separated)
IPs and netmasks. Using IPALIASES along side IPADDRS is completly legal and
maintains backwards compatibility - it would yield a mixture of IPs set with
and without ethX:Y aliases.
This changeset moves the IPv4 configuration to be on par with the new IPv6
configuration syntax, but maintains FULL backwards compatibility with the old
style syntax.
Additionally, handling of IP4ADDRS has been modified such that it matches the
IPADDRS usage. That is, any IPs listed in IP6ADDRS are also added to the
interface (just as IPADDRS and IPALIASES are added for v4) whether the
interface is configured with DHCP/DHCP6/SLAAC or not. This is a change to
the IP6ADDRS usage, but since this script hasn't been officially accepted,
there is no backwards compatibility issues.
Again, note that these changes DO NOT change previous behaviour or damage
backwards compatability. New functionallity and semantics only change
behaviour of non-released features, so there is no bother to the changes.
netconfig will be modified to output the new IPADDRS syntax, just as it does
for IP6ADDRS and both will allow multiple IPs to be specified at configuration
time - this is an improvement on the current netconfig behaviour.
|
| |
|
|
|
|
| |
Thanks to Fraks on LQ.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously we had an xOPTS variable for each type of interface that could
be configured. I've replaced this with a generic IFOPTS option which can
be used to supply interface type specific options to 'ip'.
As the option is now generic, it can be applied to physical interfaces too;
so interfaces such as eth0 can have options applied just like a virtual
interface.
|
| |
|
|
|
|
|
|
|
| |
Before, it was not possible to set bridge specific options when creating
a bridge. This option adds the ability to set options via a BROPTS
variable, which takes a pipe (|) delimited set of options as documented
in the ip-link(8) man page (search for "BRIDGE Type Support").
|
|
|
|
|
| |
This variable can be used to set custom options to configure the VLAN
interface. It does not need to be used in 'normal' operation with a VLAN.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bonding code introduces three new variables for use in rc.inet1.conf:
BONDNICS[x]=""
BONDMODE[x]=""
BONDOPTS[x]=""
The BONDNICS variable takes a list of interfaces which should be slaved to
the bond.
BONDMODE sets the mode of the bond. Useful options are 'balance-rr',
'active-backup' and '802.3ad'. A full list of options can be found in
/usr/src/linux/Documentation/networking/bonding.txt and README.bonding.
BONDOPTS are a pipe (|) separated list of options to apply to the bond after
the interfaces have been added. Useful options are 'primary' (which is
required when BONDMODE is 'active-backup', 'xmit_hash_policy' (which can be
used with 'balance-rr' to choose the hash policy, 'lacp_rate' (which should
be used with '802.3ad' mode), and 'miimon' (which should be used with all
modes) See the kernel source documentation or README.bonding for more info.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It occurred to me that IPv6 addresses don't really need to have IP6ALIASES
since all IPs are just added to the interface itself. So I've changed the
syntax from using IP6ADDR + PREFIXLEN + IP6ALIASES to using just a single
IP6ADDRS array, which takes a list of IP addresses with a prefix length
in a space separated list. eg:
IP6ADDRS[0]="a:b:c:d::1/64 1:2:3::1/48"
If the prefix length is omitted a /64 length is assumed and a warning
emitted.
|
|
|
|
| |
Signed-off-by: Robby Workman <rworkman@slackware.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* USE_AUTOCONF->USE_SLAAC to be more consistent with IPv6 terminology
* PREFIX6->PREFIXLEN to be more consistent with IPv6 terminology
Thanks to David Spencer (idlemoor) for the patch to the above
* AUTOCONF_TIMEOUT->SLAAC_TIMEOUT to be consistent with USE_SLAAC change
Since some options for IPv6 no longer end in '6', we can relax the naming
of others, so these make sense: IPADDR6->IP6ADDR ; IPALIASES6->IP6ALIASES
Update to rc.inet1.conf example file - thanks to David Spencer.
Signed-off-by: Robby Workman <rworkman@slackware.com>
|
|
|
|
| |
Signed-off-by: Robby Workman <rworkman@slackware.com>
|
|
|
|
| |
Signed-off-by: Robby Workman <rworkman@slackware.com>
|
|
|
|
|
|
|
| |
This is needed for container networking - the bridge for it
must be in promiscuous mode.
Signed-off-by: Robby Workman <rworkman@slackware.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a built-in way of counting the number of elements in an array:
${#arrayname[@]}. Use this, and the fact that "for i in $(seq 0 -1)" will
not evaluate body of the loop even once, to simplify code and get rid of
virtif_determine().
While at it, add a note to rc.inet1.conf mentioning the necessity of
keeping array indexes monotonically increasing (from 0), otherwise the
code will fail (so would the original code).
Signed-off-by: Robby Workman <rworkman@slackware.com>
|
|
|
|
|
| |
This was accidentally changed from 15 seconds back to the
14.2 default of 10 seconds. Thanks to Eduard Rozenberg.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is accomplished with a new parameter in rc.inet1.conf:
IPALIASES[$index]="space separated list of addresses"
The aliases are added with a /32 mask and a label of
${interface}:{$number} to remain compatible with net-tools.
IP address aliases are supported for both statically configured
interfaces and dhcp-configured interfaces, although they'll only
be configured for dhcp if the dhcpcd call succeeds.
* note: I don't what happens if dhcpcd gets IPv4LL address
|
| |
|
|
If other files are needed, they can be added later
|