routing revision 197699
1#!/bin/sh 2# 3# Configure routing and miscellaneous network tunables 4# 5# $FreeBSD: head/etc/rc.d/routing 197699 2009-10-02 02:28:59Z hrs $ 6# 7 8# PROVIDE: routing 9# REQUIRE: faith netif ppp stf 10# KEYWORD: nojail 11 12. /etc/rc.subr 13. /etc/network.subr 14 15name="routing" 16start_cmd="routing_start" 17stop_cmd="routing_stop" 18extra_commands="options static" 19static_cmd="static_start" 20options_cmd="options_start" 21 22routing_start() 23{ 24 static_start "$@" 25 options_start "$@" 26} 27 28routing_stop() 29{ 30 local _af 31 32 static_stop "$@" 33 for _af in inet inet6; do 34 afexists ${_af} && eval routing_stop_${_af} 35 done 36} 37 38routing_stop_inet() 39{ 40 route -n flush -inet 41} 42 43routing_stop_inet6() 44{ 45 local i 46 47 route -n flush -inet6 48 for i in ${ipv6_network_interfaces}; do 49 ifconfig $i inet6 -defaultif 50 done 51} 52 53static_start() 54{ 55 local _af 56 _af=$1 57 58 case ${_af} in 59 inet|inet6|atm) 60 do_static add ${_af} 61 ;; 62 "") 63 do_static add inet inet6 atm 64 ;; 65 esac 66} 67 68static_stop() 69{ 70 local _af 71 _af=$1 72 73 case ${_af} in 74 inet|inet6|atm) 75 do_static delete ${_af} 76 ;; 77 "") 78 do_static delete inet inet6 atm 79 ;; 80 esac 81} 82 83do_static() 84{ 85 local _af _action 86 _action=$1 87 88 shift 89 for _af in "$@"; do 90 afexists ${_af} && eval static_${_af} ${_action} 91 done 92} 93 94static_inet() 95{ 96 local _action 97 _action=$1 98 99 case ${defaultrouter} in 100 [Nn][Oo] | '') 101 ;; 102 *) 103 static_routes="default ${static_routes}" 104 route_default="default ${defaultrouter}" 105 ;; 106 esac 107 108 if [ -n "${static_routes}" ]; then 109 for i in ${static_routes}; do 110 route_args=`get_if_var $i route_IF` 111 route ${_action} ${route_args} 112 done 113 fi 114} 115 116static_inet6() 117{ 118 local _action i 119 _action=$1 120 121 # disallow "internal" addresses to appear on the wire 122 route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 123 route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 124 125 case ${ipv6_defaultrouter} in 126 [Nn][Oo] | '') 127 ;; 128 *) 129 ipv6_static_routes="default ${ipv6_static_routes}" 130 ipv6_route_default="default ${ipv6_defaultrouter}" 131 ;; 132 esac 133 134 if [ -n "${ipv6_static_routes}" ]; then 135 for i in ${ipv6_static_routes}; do 136 ipv6_route_args=`get_if_var $i ipv6_route_IF` 137 route ${_action} -inet6 ${ipv6_route_args} 138 done 139 fi 140 141 # Fixup $ipv6_network_interfaces 142 case ${ipv6_network_interfaces} in 143 [Nn][Oo][Nn][Ee]) 144 ipv6_network_interfaces='' 145 ;; 146 esac 147 148 if checkyesno ipv6_gateway_enable; then 149 for i in ${ipv6_network_interfaces}; do 150 151 laddr=`network6_getladdr $i exclude_tentative` 152 case ${laddr} in 153 '') 154 ;; 155 *) 156 ipv6_working_interfaces="$i \ 157 ${ipv6_working_interfaces}" 158 ;; 159 esac 160 done 161 ipv6_network_interfaces=${ipv6_working_interfaces} 162 fi 163 164 # Install the "default interface" to kernel, which will be used 165 # as the default route when there's no router. 166 case "${ipv6_default_interface}" in 167 [Nn][Oo] | [Nn][Oo][Nn][Ee]) 168 ipv6_default_interface="" 169 ;; 170 [Aa][Uu][Tt][Oo] | "") 171 for i in ${ipv6_network_interfaces}; do 172 case $i in 173 lo0|faith[0-9]*) 174 continue 175 ;; 176 esac 177 laddr=`network6_getladdr $i exclude_tentative` 178 case ${laddr} in 179 '') 180 ;; 181 *) 182 ipv6_default_interface=$i 183 break 184 ;; 185 esac 186 done 187 ;; 188 esac 189 190 # Disallow unicast packets without outgoing scope identifiers, 191 # or route such packets to a "default" interface, if it is specified. 192 route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject 193 194 case ${ipv6_default_interface} in 195 '') 196 route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject 197 ;; 198 *) 199 laddr=`network6_getladdr ${ipv6_default_interface}` 200 route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface 201 202 # Disable installing the default interface with the 203 # case net.inet6.ip6.forwarding=0 and 204 # the interface with no ND6_IFF_ACCEPT_RTADV 205 # to avoid conflict between the default router list and 206 # the manual configured default route. 207 if ! checkyesno ipv6_gateway_enable; then 208 ifconfig ${ipv6_default_interface} nd6 | \ 209 while read proto options 210 do 211 case "${proto}:${options}" in 212 nd6:*ACCEPT_RTADV*) 213 ifconfig ${ipv6_default_interface} inet6 defaultif 214 break 215 ;; 216 esac 217 done 218 fi 219 ;; 220 esac 221} 222 223static_atm() 224{ 225 local _action i route_args 226 _action=$1 227 228 if [ -n "${natm_static_routes}" ]; then 229 for i in ${natm_static_routes}; do 230 route_args=`get_if_var $i route_IF` 231 atmconfig natm ${_action} ${route_args} 232 done 233 fi 234} 235 236_ropts_initdone= 237ropts_init() 238{ 239 if [ -z "${_ropts_initdone}" ]; then 240 echo -n 'Additional routing options:' 241 _ropts_initdone=yes 242 fi 243} 244 245options_start() 246{ 247 local _af 248 249 for _af in inet inet6 ipx; do 250 afexists ${_af} && eval options_${_af} 251 done 252 [ -n "${_ropts_initdone}" ] && echo '.' 253} 254 255options_inet() 256{ 257 if checkyesno icmp_bmcastecho; then 258 ropts_init 259 echo -n ' broadcast ping responses=YES' 260 ${SYSCTL_W} net.inet.icmp.bmcastecho=1 > /dev/null 261 else 262 ${SYSCTL_W} net.inet.icmp.bmcastecho=0 > /dev/null 263 fi 264 265 if checkyesno icmp_drop_redirect; then 266 ropts_init 267 echo -n ' ignore ICMP redirect=YES' 268 ${SYSCTL_W} net.inet.icmp.drop_redirect=1 > /dev/null 269 else 270 ${SYSCTL_W} net.inet.icmp.drop_redirect=0 > /dev/null 271 fi 272 273 if checkyesno icmp_log_redirect; then 274 ropts_init 275 echo -n ' log ICMP redirect=YES' 276 ${SYSCTL_W} net.inet.icmp.log_redirect=1 > /dev/null 277 else 278 ${SYSCTL_W} net.inet.icmp.log_redirect=0 > /dev/null 279 fi 280 281 if checkyesno gateway_enable; then 282 ropts_init 283 echo -n ' IPv4 gateway=YES' 284 ${SYSCTL_W} net.inet.ip.forwarding=1 > /dev/null 285 else 286 ${SYSCTL_W} net.inet.ip.forwarding=0 > /dev/null 287 fi 288 289 if checkyesno forward_sourceroute; then 290 ropts_init 291 echo -n ' do source routing=YES' 292 ${SYSCTL_W} net.inet.ip.sourceroute=1 > /dev/null 293 else 294 ${SYSCTL_W} net.inet.ip.sourceroute=0 > /dev/null 295 fi 296 297 if checkyesno accept_sourceroute; then 298 ropts_init 299 echo -n ' accept source routing=YES' 300 ${SYSCTL_W} net.inet.ip.accept_sourceroute=1 > /dev/null 301 else 302 ${SYSCTL_W} net.inet.ip.accept_sourceroute=0 > /dev/null 303 fi 304 305 if checkyesno arpproxy_all; then 306 ropts_init 307 echo -n ' ARP proxyall=YES' 308 ${SYSCTL_W} net.link.ether.inet.proxyall=1 > /dev/null 309 else 310 ${SYSCTL_W} net.link.ether.inet.proxyall=0 > /dev/null 311 fi 312} 313 314options_inet6() 315{ 316 if checkyesno ipv6_gateway_enable; then 317 ropts_init 318 echo -n ' IPv6 gateway=YES' 319 ${SYSCTL_W} net.inet6.ip6.forwarding=1 > /dev/null 320 else 321 ${SYSCTL_W} net.inet6.ip6.forwarding=0 > /dev/null 322 fi 323} 324 325options_ipx() 326{ 327 if checkyesno ipxgateway_enable; then 328 ropts_init 329 echo -n ' IPX gateway=YES' 330 ${SYSCTL_W} net.ipx.ipx.ipxforwarding=1 > /dev/null 331 else 332 ${SYSCTL_W} net.ipx.ipx.ipxforwarding=0 > /dev/null 333 fi 334} 335 336load_rc_config $name 337run_rc_command "$@" 338