routing revision 197719
1#!/bin/sh 2# 3# Configure routing and miscellaneous network tunables 4# 5# $FreeBSD: head/etc/rc.d/routing 197719 2009-10-02 20:19:53Z hrs $ 6# 7 8# PROVIDE: routing 9# REQUIRE: faith netif ppp stf 10# KEYWORD: nojail 11 12. /etc/rc.subr 13. /etc/network.subr 14 15name="routing" 16start_cmd="routing_start doall" 17stop_cmd="routing_stop" 18extra_commands="options static" 19static_cmd="routing_start static" 20options_cmd="routing_start options" 21 22afcheck() 23{ 24 case $_af in 25 ""|inet|inet6|ipx|atm) 26 ;; 27 *) 28 err 1 "Unsupported address family: $_af." 29 ;; 30 esac 31} 32 33routing_start() 34{ 35 local _cmd _af _a 36 _cmd=$1 37 _af=$2 38 39 afcheck 40 41 case $_af in 42 inet|inet6|ipx|atm) 43 setroutes $_cmd $_af 44 ;; 45 "") 46 for _a in inet inet6 ipx atm; do 47 afexists $_a && setroutes $_cmd $_a 48 done 49 ;; 50 esac 51 [ -n "${_ropts_initdone}" ] && echo '.' 52} 53 54routing_stop() 55{ 56 local _af _a 57 _af=$1 58 59 afcheck 60 61 case $_af in 62 inet|inet6|ipx|atm) 63 eval static_${_af} delete 64 eval routing_stop_${_af} 65 ;; 66 "") 67 for _a in inet inet6 ipx atm; do 68 afexists $_a || continue 69 eval static_${_a} delete 70 eval routing_stop_${_a} 71 done 72 ;; 73 esac 74} 75 76setroutes() 77{ 78 case $1 in 79 static) 80 static_$2 add 81 ;; 82 options) 83 options_$2 84 ;; 85 doall) 86 static_$2 add 87 options_$2 88 ;; 89 esac 90} 91 92routing_stop_inet() 93{ 94 route -n flush -inet 95} 96 97routing_stop_inet6() 98{ 99 local i 100 101 route -n flush -inet6 102 for i in ${ipv6_network_interfaces}; do 103 ifconfig $i inet6 -defaultif 104 done 105} 106 107routing_stop_atm() 108{ 109 return 0 110} 111 112routing_stop_ipx() 113{ 114 return 0 115} 116 117static_inet() 118{ 119 local _action 120 _action=$1 121 122 case ${defaultrouter} in 123 [Nn][Oo] | '') 124 ;; 125 *) 126 static_routes="default ${static_routes}" 127 route_default="default ${defaultrouter}" 128 ;; 129 esac 130 131 if [ -n "${static_routes}" ]; then 132 for i in ${static_routes}; do 133 route_args=`get_if_var $i route_IF` 134 route ${_action} ${route_args} 135 done 136 fi 137} 138 139static_inet6() 140{ 141 local _action i 142 _action=$1 143 144 # disallow "internal" addresses to appear on the wire 145 route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 146 route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 147 148 case ${ipv6_defaultrouter} in 149 [Nn][Oo] | '') 150 ;; 151 *) 152 ipv6_static_routes="default ${ipv6_static_routes}" 153 ipv6_route_default="default ${ipv6_defaultrouter}" 154 ;; 155 esac 156 157 if [ -n "${ipv6_static_routes}" ]; then 158 for i in ${ipv6_static_routes}; do 159 ipv6_route_args=`get_if_var $i ipv6_route_IF` 160 route ${_action} -inet6 ${ipv6_route_args} 161 done 162 fi 163 164 # Fixup $ipv6_network_interfaces 165 case ${ipv6_network_interfaces} in 166 [Nn][Oo][Nn][Ee]) 167 ipv6_network_interfaces='' 168 ;; 169 esac 170 171 if checkyesno ipv6_gateway_enable; then 172 for i in ${ipv6_network_interfaces}; do 173 174 laddr=`network6_getladdr $i exclude_tentative` 175 case ${laddr} in 176 '') 177 ;; 178 *) 179 ipv6_working_interfaces="$i \ 180 ${ipv6_working_interfaces}" 181 ;; 182 esac 183 done 184 ipv6_network_interfaces=${ipv6_working_interfaces} 185 fi 186 187 # Install the "default interface" to kernel, which will be used 188 # as the default route when there's no router. 189 case "${ipv6_default_interface}" in 190 [Nn][Oo] | [Nn][Oo][Nn][Ee]) 191 ipv6_default_interface="" 192 ;; 193 [Aa][Uu][Tt][Oo] | "") 194 for i in ${ipv6_network_interfaces}; do 195 case $i in 196 lo0|faith[0-9]*) 197 continue 198 ;; 199 esac 200 laddr=`network6_getladdr $i exclude_tentative` 201 case ${laddr} in 202 '') 203 ;; 204 *) 205 ipv6_default_interface=$i 206 break 207 ;; 208 esac 209 done 210 ;; 211 esac 212 213 # Disallow unicast packets without outgoing scope identifiers, 214 # or route such packets to a "default" interface, if it is specified. 215 route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject 216 217 case ${ipv6_default_interface} in 218 '') 219 route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject 220 ;; 221 *) 222 laddr=`network6_getladdr ${ipv6_default_interface}` 223 route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface 224 225 # Disable installing the default interface with the 226 # case net.inet6.ip6.forwarding=0 and 227 # the interface with no ND6_IFF_ACCEPT_RTADV 228 # to avoid conflict between the default router list and 229 # the manual configured default route. 230 if ! checkyesno ipv6_gateway_enable; then 231 ifconfig ${ipv6_default_interface} nd6 | \ 232 while read proto options 233 do 234 case "${proto}:${options}" in 235 nd6:*ACCEPT_RTADV*) 236 ifconfig ${ipv6_default_interface} inet6 defaultif 237 break 238 ;; 239 esac 240 done 241 fi 242 ;; 243 esac 244} 245 246static_atm() 247{ 248 local _action i route_args 249 _action=$1 250 251 if [ -n "${natm_static_routes}" ]; then 252 for i in ${natm_static_routes}; do 253 route_args=`get_if_var $i route_IF` 254 atmconfig natm ${_action} ${route_args} 255 done 256 fi 257} 258 259static_ipx() 260{ 261} 262 263_ropts_initdone= 264ropts_init() 265{ 266 if [ -z "${_ropts_initdone}" ]; then 267 echo -n 'Additional routing options:' 268 _ropts_initdone=yes 269 fi 270} 271 272options_inet() 273{ 274 if checkyesno icmp_bmcastecho; then 275 ropts_init 276 echo -n ' broadcast ping responses=YES' 277 ${SYSCTL_W} net.inet.icmp.bmcastecho=1 > /dev/null 278 else 279 ${SYSCTL_W} net.inet.icmp.bmcastecho=0 > /dev/null 280 fi 281 282 if checkyesno icmp_drop_redirect; then 283 ropts_init 284 echo -n ' ignore ICMP redirect=YES' 285 ${SYSCTL_W} net.inet.icmp.drop_redirect=1 > /dev/null 286 else 287 ${SYSCTL_W} net.inet.icmp.drop_redirect=0 > /dev/null 288 fi 289 290 if checkyesno icmp_log_redirect; then 291 ropts_init 292 echo -n ' log ICMP redirect=YES' 293 ${SYSCTL_W} net.inet.icmp.log_redirect=1 > /dev/null 294 else 295 ${SYSCTL_W} net.inet.icmp.log_redirect=0 > /dev/null 296 fi 297 298 if checkyesno gateway_enable; then 299 ropts_init 300 echo -n ' IPv4 gateway=YES' 301 ${SYSCTL_W} net.inet.ip.forwarding=1 > /dev/null 302 else 303 ${SYSCTL_W} net.inet.ip.forwarding=0 > /dev/null 304 fi 305 306 if checkyesno forward_sourceroute; then 307 ropts_init 308 echo -n ' do source routing=YES' 309 ${SYSCTL_W} net.inet.ip.sourceroute=1 > /dev/null 310 else 311 ${SYSCTL_W} net.inet.ip.sourceroute=0 > /dev/null 312 fi 313 314 if checkyesno accept_sourceroute; then 315 ropts_init 316 echo -n ' accept source routing=YES' 317 ${SYSCTL_W} net.inet.ip.accept_sourceroute=1 > /dev/null 318 else 319 ${SYSCTL_W} net.inet.ip.accept_sourceroute=0 > /dev/null 320 fi 321 322 if checkyesno arpproxy_all; then 323 ropts_init 324 echo -n ' ARP proxyall=YES' 325 ${SYSCTL_W} net.link.ether.inet.proxyall=1 > /dev/null 326 else 327 ${SYSCTL_W} net.link.ether.inet.proxyall=0 > /dev/null 328 fi 329} 330 331options_inet6() 332{ 333 if checkyesno ipv6_gateway_enable; then 334 ropts_init 335 echo -n ' IPv6 gateway=YES' 336 ${SYSCTL_W} net.inet6.ip6.forwarding=1 > /dev/null 337 else 338 ${SYSCTL_W} net.inet6.ip6.forwarding=0 > /dev/null 339 fi 340} 341 342options_atm() 343{ 344} 345 346options_ipx() 347{ 348 if checkyesno ipxgateway_enable; then 349 ropts_init 350 echo -n ' IPX gateway=YES' 351 ${SYSCTL_W} net.ipx.ipx.ipxforwarding=1 > /dev/null 352 else 353 ${SYSCTL_W} net.ipx.ipx.ipxforwarding=0 > /dev/null 354 fi 355} 356 357load_rc_config $name 358run_rc_command "$@" 359