routing revision 227366
155342Snyan#!/bin/sh 255342Snyan# 355342Snyan# Configure routing and miscellaneous network tunables 453207Snyan# 555342Snyan# $FreeBSD: head/etc/rc.d/routing 227366 2011-11-08 23:02:32Z jilles $ 655342Snyan# 755342Snyan 855342Snyan# PROVIDE: routing 955342Snyan# REQUIRE: faith netif ppp stf 1055342Snyan# KEYWORD: nojail 1155342Snyan 1255342Snyan. /etc/rc.subr 1355342Snyan. /etc/network.subr 1455342Snyan 1555342Snyanname="routing" 1655342Snyanstart_cmd="routing_start doall" 1755342Snyanstop_cmd="routing_stop" 1855342Snyanextra_commands="options static" 1955342Snyanstatic_cmd="routing_start static" 2055342Snyanoptions_cmd="routing_start options" 2155342Snyan 2255342Snyanafcheck() 2355342Snyan{ 2455342Snyan case $_af in 2543561Skato ""|inet|inet6|ipx|atm) 2643561Skato ;; 27119880Sobrien *) 28119880Sobrien err 1 "Unsupported address family: $_af." 29119880Sobrien ;; 3043561Skato esac 3143561Skato} 3243561Skato 3343561Skatorouting_start() 3468358Snyan{ 3543561Skato local _cmd _af _a 3643561Skato _cmd=$1 37200255Snyan _af=$2 38200255Snyan 3943561Skato afcheck 40200255Snyan 41200255Snyan case $_af in 42200255Snyan inet|inet6|ipx|atm) 43200255Snyan setroutes $_cmd $_af 44200255Snyan ;; 4555342Snyan "") 4655342Snyan for _a in inet inet6 ipx atm; do 4743561Skato afexists $_a && setroutes $_cmd $_a 4855342Snyan done 4955342Snyan ;; 5055342Snyan esac 5155342Snyan} 5243561Skato 5355342Snyanrouting_stop() 54153599Snyan{ 5543561Skato local _af _a 56200255Snyan _af=$1 57200255Snyan 58200255Snyan afcheck 59200255Snyan 60200255Snyan case $_af in 61200255Snyan inet|inet6|ipx|atm) 62200255Snyan eval static_${_af} delete 63200255Snyan eval routing_stop_${_af} 6455342Snyan ;; 65 "") 66 for _a in inet inet6 ipx atm; do 67 afexists $_a || continue 68 eval static_${_a} delete 69 eval routing_stop_${_a} 70 done 71 ;; 72 esac 73} 74 75setroutes() 76{ 77 case $1 in 78 static) 79 static_$2 add 80 ;; 81 options) 82 options_$2 83 ;; 84 doall) 85 static_$2 add 86 options_$2 87 ;; 88 esac 89} 90 91routing_stop_inet() 92{ 93 route -n flush -inet 94} 95 96routing_stop_inet6() 97{ 98 local i 99 100 route -n flush -inet6 101 for i in ${ipv6_network_interfaces}; do 102 ifconfig $i inet6 -defaultif 103 done 104} 105 106routing_stop_atm() 107{ 108 return 0 109} 110 111routing_stop_ipx() 112{ 113 return 0 114} 115 116static_inet() 117{ 118 local _action 119 _action=$1 120 121 case ${defaultrouter} in 122 [Nn][Oo] | '') 123 ;; 124 *) 125 static_routes="default ${static_routes}" 126 route_default="default ${defaultrouter}" 127 ;; 128 esac 129 130 if [ -n "${static_routes}" ]; then 131 for i in ${static_routes}; do 132 route_args=`get_if_var $i route_IF` 133 route ${_action} ${route_args} 134 done 135 fi 136} 137 138static_inet6() 139{ 140 local _action i 141 _action=$1 142 143 # disallow "internal" addresses to appear on the wire 144 route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 145 route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 146 147 case ${ipv6_defaultrouter} in 148 [Nn][Oo] | '') 149 ;; 150 *) 151 ipv6_static_routes="default ${ipv6_static_routes}" 152 ipv6_route_default="default ${ipv6_defaultrouter}" 153 ;; 154 esac 155 156 if [ -n "${ipv6_static_routes}" ]; then 157 for i in ${ipv6_static_routes}; do 158 ipv6_route_args=`get_if_var $i ipv6_route_IF` 159 route ${_action} -inet6 ${ipv6_route_args} 160 done 161 fi 162 163 # Fixup $ipv6_network_interfaces 164 case ${ipv6_network_interfaces} in 165 [Nn][Oo][Nn][Ee]) 166 ipv6_network_interfaces='' 167 ;; 168 esac 169 170 if checkyesno ipv6_gateway_enable; then 171 for i in ${ipv6_network_interfaces}; do 172 173 laddr=`network6_getladdr $i exclude_tentative` 174 case ${laddr} in 175 '') 176 ;; 177 *) 178 ipv6_working_interfaces="$i \ 179 ${ipv6_working_interfaces}" 180 ;; 181 esac 182 done 183 ipv6_network_interfaces=${ipv6_working_interfaces} 184 fi 185 186 # Install the "default interface" to kernel, which will be used 187 # as the default route when there's no router. 188 case "${ipv6_default_interface}" in 189 [Nn][Oo] | [Nn][Oo][Nn][Ee]) 190 ipv6_default_interface="" 191 ;; 192 [Aa][Uu][Tt][Oo] | "") 193 for i in ${ipv6_network_interfaces}; do 194 case $i in 195 lo0|faith[0-9]*) 196 continue 197 ;; 198 esac 199 laddr=`network6_getladdr $i exclude_tentative` 200 case ${laddr} in 201 '') 202 ;; 203 *) 204 ipv6_default_interface=$i 205 break 206 ;; 207 esac 208 done 209 ;; 210 esac 211 212 # Disallow link-local unicast packets without outgoing scope 213 # identifiers. However, if you set "ipv6_default_interface", 214 # for the host case, you will allow to omit the identifiers. 215 # Under this configuration, the packets will go to the default 216 # interface. 217 route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject 218 route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject 219 220 case ${ipv6_default_interface} in 221 '') 222 ;; 223 *) 224 # Disable installing the default interface when we act 225 # as router to avoid conflict between the default 226 # router list and the manual configured default route. 227 if ! checkyesno ipv6_gateway_enable; then 228 ifconfig ${ipv6_default_interface} inet6 defaultif 229 sysctl net.inet6.ip6.use_defaultzone=1 230 fi 231 ;; 232 esac 233} 234 235static_atm() 236{ 237 local _action i route_args 238 _action=$1 239 240 if [ -n "${natm_static_routes}" ]; then 241 for i in ${natm_static_routes}; do 242 route_args=`get_if_var $i route_IF` 243 atmconfig natm ${_action} ${route_args} 244 done 245 fi 246} 247 248static_ipx() 249{ 250 : 251} 252 253ropts_init() 254{ 255 if [ -z "${_ropts_initdone}" ]; then 256 echo -n "Additional $1 routing options:" 257 _ropts_initdone=yes 258 fi 259} 260 261options_inet() 262{ 263 _ropts_initdone= 264 if checkyesno icmp_bmcastecho; then 265 ropts_init inet 266 echo -n ' broadcast ping responses=YES' 267 ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null 268 else 269 ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null 270 fi 271 272 if checkyesno icmp_drop_redirect; then 273 ropts_init inet 274 echo -n ' ignore ICMP redirect=YES' 275 ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null 276 else 277 ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null 278 fi 279 280 if checkyesno icmp_log_redirect; then 281 ropts_init inet 282 echo -n ' log ICMP redirect=YES' 283 ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null 284 else 285 ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null 286 fi 287 288 if checkyesno gateway_enable; then 289 ropts_init inet 290 echo -n ' gateway=YES' 291 ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null 292 else 293 ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null 294 fi 295 296 if checkyesno forward_sourceroute; then 297 ropts_init inet 298 echo -n ' do source routing=YES' 299 ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null 300 else 301 ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null 302 fi 303 304 if checkyesno accept_sourceroute; then 305 ropts_init inet 306 echo -n ' accept source routing=YES' 307 ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null 308 else 309 ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null 310 fi 311 312 if checkyesno arpproxy_all; then 313 ropts_init inet 314 echo -n ' ARP proxyall=YES' 315 ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null 316 else 317 ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null 318 fi 319 320 [ -n "${_ropts_initdone}" ] && echo '.' 321} 322 323options_inet6() 324{ 325 _ropts_initdone= 326 327 if checkyesno ipv6_gateway_enable; then 328 ropts_init inet6 329 echo -n ' gateway=YES' 330 ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null 331 else 332 ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null 333 fi 334 335 [ -n "${_ropts_initdone}" ] && echo '.' 336} 337 338options_atm() 339{ 340 _ropts_initdone= 341 342 [ -n "${_ropts_initdone}" ] && echo '.' 343} 344 345options_ipx() 346{ 347 _ropts_initdone= 348 349 if checkyesno ipxgateway_enable; then 350 ropts_init ipx 351 echo -n ' gateway=YES' 352 ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null 353 else 354 ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null 355 fi 356 357 [ -n "${_ropts_initdone}" ] && echo '.' 358} 359 360load_rc_config $name 361run_rc_command "$@" 362