routing revision 319220
1#!/bin/sh 2# 3# Configure routing and miscellaneous network tunables 4# 5# $FreeBSD: stable/10/etc/rc.d/routing 319220 2017-05-30 16:05:11Z asomers $ 6# 7 8# PROVIDE: routing 9# REQUIRE: faith netif ppp stf 10# KEYWORD: nojailvnet 11 12. /etc/rc.subr 13. /etc/network.subr 14 15name="routing" 16start_cmd="routing_start doall" 17stop_cmd="routing_stop" 18extra_commands="options static" 19static_cmd="routing_start static" 20options_cmd="routing_start options" 21 22ROUTE_CMD="/sbin/route" 23 24routing_start() 25{ 26 local _cmd _af _if _a _ret 27 _cmd=$1 28 _af=$2 29 _if=$3 30 _ret=0 31 32 case $_if in 33 ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; 34 esac 35 36 case $_af in 37 ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) 38 for _a in inet inet6 atm; do 39 afexists $_a || continue 40 setroutes $_cmd $_a $_if || _ret=1 41 done 42 ;; 43 *) 44 if afexists $_af; then 45 setroutes $_cmd $_af $_if || _ret=1 46 else 47 err 1 "Unsupported address family: $_af." 48 fi 49 ;; 50 esac 51 52 return $_ret 53} 54 55routing_stop() 56{ 57 local _af _if _a 58 _af=$1 59 _if=$2 60 61 case $_if in 62 ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; 63 esac 64 65 case $_af in 66 ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) 67 for _a in inet inet6 ipx atm; do 68 afexists $_a || continue 69 eval static_${_a} delete $_if 70 # When $_if is specified, do not flush routes. 71 if ! [ -n "$_if" ]; then 72 eval routing_stop_${_a} 73 fi 74 done 75 ;; 76 *) 77 if afexists $_af; then 78 eval static_${_af} delete $_if 79 # When $_if is specified, do not flush routes. 80 if ! [ -n "$_if" ]; then 81 eval routing_stop_${_af} 82 fi 83 else 84 err 1 "Unsupported address family: $_af." 85 fi 86 ;; 87 esac 88} 89 90setroutes() 91{ 92 local _ret 93 _ret=0 94 case $1 in 95 static) 96 static_$2 add $3 97 _ret=$? 98 ;; 99 options) 100 options_$2 101 ;; 102 doall) 103 static_$2 add $3 104 _ret=$? 105 options_$2 106 ;; 107 esac 108 return $_ret 109} 110 111routing_stop_inet() 112{ 113 ${ROUTE_CMD} -n flush -inet 114} 115 116routing_stop_inet6() 117{ 118 local i 119 120 ${ROUTE_CMD} -n flush -inet6 121 for i in `list_net_interfaces`; do 122 if ipv6if $i; then 123 ifconfig $i inet6 -defaultif 124 fi 125 done 126} 127 128routing_stop_atm() 129{ 130 return 0 131} 132 133routing_stop_ipx() 134{ 135 return 0 136} 137 138static_inet() 139{ 140 local _action _if _skip 141 _action=$1 142 _if=$2 143 144 # Add default route. 145 case ${defaultrouter} in 146 [Nn][Oo] | '') 147 ;; 148 *) 149 static_routes="${static_routes} _default" 150 route__default="default ${defaultrouter}" 151 ;; 152 esac 153 154 # Install configured routes. 155 if [ -n "${static_routes}" ]; then 156 for i in ${static_routes}; do 157 _skip=0 158 if [ -n "$_if" ]; then 159 case $i in 160 *:$_if) ;; 161 *) _skip=1 ;; 162 esac 163 fi 164 if [ $_skip = 0 ]; then 165 route_args=`get_if_var ${i%:*} route_IF` 166 if [ -n "$route_args" ]; then 167 ${ROUTE_CMD} ${_action} ${route_args} 168 else 169 warn "route_${i%:*} not found." 170 fi 171 fi 172 done 173 fi 174} 175 176static_inet6() 177{ 178 local _action _if _skip fibmod fibs allfibs 179 _action=$1 180 _if=$2 181 182 # get the number of FIBs supported. 183 fibs=$((`${SYSCTL_N} net.fibs` - 1)) 184 allfibs=`${SYSCTL_N} net.add_addr_allfibs` 185 if [ "$fibs" -gt 0 ] && [ "$allfibs" -ne 0 ]; then 186 fibmod="-fib 0-$fibs" 187 else 188 fibmod= 189 fi 190 191 # Add pre-defined static routes first. 192 ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}" 193 ipv6_static_routes="_lla _llma ${ipv6_static_routes}" 194 195 # disallow "internal" addresses to appear on the wire 196 ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" 197 ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" 198 199 # Disallow link-local unicast packets without outgoing scope 200 # identifiers. However, if you set "ipv6_default_interface", 201 # for the host case, you will allow to omit the identifiers. 202 # Under this configuration, the packets will go to the default 203 # interface. 204 ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}" 205 ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}" 206 207 # Add default route. 208 case ${ipv6_defaultrouter} in 209 [Nn][Oo] | '') 210 ;; 211 *) 212 ipv6_static_routes="${ipv6_static_routes} _default" 213 ipv6_route__default="default ${ipv6_defaultrouter}" 214 ;; 215 esac 216 217 # Install configured routes. 218 if [ -n "${ipv6_static_routes}" ]; then 219 for i in ${ipv6_static_routes}; do 220 _skip=0 221 if [ -n "$_if" ]; then 222 case $i in 223 *:$_if) ;; 224 *) _skip=1 ;; 225 esac 226 fi 227 if [ $_skip = 0 ]; then 228 ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF` 229 if [ -n "$ipv6_route_args" ]; then 230 ${ROUTE_CMD} ${_action} \ 231 -inet6 ${ipv6_route_args} 232 else 233 warn "route_${i%:*} not found" 234 fi 235 fi 236 done 237 fi 238 239 # Install the "default interface" to kernel, which will be used 240 # as the default route when there's no router. 241 242 # Disable installing the default interface when we act 243 # as router to avoid conflict between the default 244 # router list and the manual configured default route. 245 if checkyesno ipv6_gateway_enable; then 246 return 247 fi 248 249 case "${ipv6_default_interface}" in 250 [Nn][Oo] | [Nn][Oo][Nn][Ee]) 251 return 252 ;; 253 [Aa][Uu][Tt][Oo] | "") 254 for i in ${ipv6_network_interfaces}; do 255 case $i in 256 [Nn][Oo][Nn][Ee]) 257 return 258 ;; 259 lo0|faith[0-9]*) 260 continue 261 ;; 262 esac 263 laddr=`network6_getladdr $i exclude_tentative` 264 case ${laddr} in 265 '') 266 ;; 267 *) 268 ipv6_default_interface=$i 269 break 270 ;; 271 esac 272 done 273 ;; 274 esac 275 276 ifconfig ${ipv6_default_interface} inet6 defaultif 277 sysctl net.inet6.ip6.use_defaultzone=1 278} 279 280static_atm() 281{ 282 local _action i route_args 283 _action=$1 284 285 if [ -n "${natm_static_routes}" ]; then 286 for i in ${natm_static_routes}; do 287 route_args=`get_if_var $i route_IF` 288 if [ -n "$route_args" ]; then 289 atmconfig natm ${_action} ${route_args} 290 else 291 warn "route_${i} not found." 292 fi 293 done 294 fi 295} 296 297static_ipx() 298{ 299 : 300} 301 302ropts_init() 303{ 304 if [ -z "${_ropts_initdone}" ]; then 305 echo -n "Additional $1 routing options:" 306 _ropts_initdone=yes 307 fi 308} 309 310options_inet() 311{ 312 _ropts_initdone= 313 if checkyesno icmp_bmcastecho; then 314 ropts_init inet 315 echo -n ' broadcast ping responses=YES' 316 ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null 317 else 318 ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null 319 fi 320 321 if checkyesno icmp_drop_redirect; then 322 ropts_init inet 323 echo -n ' ignore ICMP redirect=YES' 324 ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null 325 else 326 ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null 327 fi 328 329 if checkyesno icmp_log_redirect; then 330 ropts_init inet 331 echo -n ' log ICMP redirect=YES' 332 ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null 333 else 334 ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null 335 fi 336 337 if checkyesno gateway_enable; then 338 ropts_init inet 339 echo -n ' gateway=YES' 340 ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null 341 else 342 ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null 343 fi 344 345 if checkyesno forward_sourceroute; then 346 ropts_init inet 347 echo -n ' do source routing=YES' 348 ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null 349 else 350 ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null 351 fi 352 353 if checkyesno accept_sourceroute; then 354 ropts_init inet 355 echo -n ' accept source routing=YES' 356 ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null 357 else 358 ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null 359 fi 360 361 if checkyesno arpproxy_all; then 362 ropts_init inet 363 echo -n ' ARP proxyall=YES' 364 ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null 365 else 366 ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null 367 fi 368 369 [ -n "${_ropts_initdone}" ] && echo '.' 370} 371 372options_inet6() 373{ 374 _ropts_initdone= 375 376 if checkyesno ipv6_gateway_enable; then 377 ropts_init inet6 378 echo -n ' gateway=YES' 379 ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null 380 else 381 ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null 382 fi 383 384 [ -n "${_ropts_initdone}" ] && echo '.' 385} 386 387options_atm() 388{ 389 _ropts_initdone= 390 391 [ -n "${_ropts_initdone}" ] && echo '.' 392} 393 394options_ipx() 395{ 396 _ropts_initdone= 397 398 if checkyesno ipxgateway_enable; then 399 ropts_init ipx 400 echo -n ' gateway=YES' 401 ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null 402 else 403 ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null 404 fi 405 406 [ -n "${_ropts_initdone}" ] && echo '.' 407} 408 409load_rc_config $name 410run_rc_command "$@" 411