routing revision 231852
1#!/bin/sh 2# 3# Configure routing and miscellaneous network tunables 4# 5# $FreeBSD: head/etc/rc.d/routing 231852 2012-02-17 02:39:58Z bz $ 6# 7 8# PROVIDE: routing 9# REQUIRE: faith netif ppp stf 10# KEYWORD: nojail 11 12. /etc/rc.subr 13. /etc/network.subr 14 15name="routing" 16start_cmd="routing_start doall" 17stop_cmd="routing_stop" 18extra_commands="options static" 19static_cmd="routing_start static" 20options_cmd="routing_start options" 21 22afcheck() 23{ 24 case $_af in 25 ""|inet|inet6|ipx|atm) 26 ;; 27 *) 28 err 1 "Unsupported address family: $_af." 29 ;; 30 esac 31} 32 33routing_start() 34{ 35 local _cmd _af _a 36 _cmd=$1 37 _af=$2 38 39 afcheck 40 41 case $_af in 42 inet|inet6|ipx|atm) 43 setroutes $_cmd $_af 44 ;; 45 "") 46 for _a in inet inet6 ipx atm; do 47 afexists $_a && setroutes $_cmd $_a 48 done 49 ;; 50 esac 51} 52 53routing_stop() 54{ 55 local _af _a 56 _af=$1 57 58 afcheck 59 60 case $_af in 61 inet|inet6|ipx|atm) 62 eval static_${_af} delete 63 eval routing_stop_${_af} 64 ;; 65 "") 66 for _a in inet inet6 ipx atm; do 67 afexists $_a || continue 68 eval static_${_a} delete 69 eval routing_stop_${_a} 70 done 71 ;; 72 esac 73} 74 75setroutes() 76{ 77 case $1 in 78 static) 79 static_$2 add 80 ;; 81 options) 82 options_$2 83 ;; 84 doall) 85 static_$2 add 86 options_$2 87 ;; 88 esac 89} 90 91routing_stop_inet() 92{ 93 route -n flush -inet 94} 95 96routing_stop_inet6() 97{ 98 local i 99 100 route -n flush -inet6 101 for i in `list_net_interfaces`; do 102 if ipv6if $i; then 103 ifconfig $i inet6 -defaultif 104 fi 105 done 106} 107 108routing_stop_atm() 109{ 110 return 0 111} 112 113routing_stop_ipx() 114{ 115 return 0 116} 117 118static_inet() 119{ 120 local _action 121 _action=$1 122 123 case ${defaultrouter} in 124 [Nn][Oo] | '') 125 ;; 126 *) 127 static_routes="default ${static_routes}" 128 route_default="default ${defaultrouter}" 129 ;; 130 esac 131 132 if [ -n "${static_routes}" ]; then 133 for i in ${static_routes}; do 134 route_args=`get_if_var $i route_IF` 135 route ${_action} ${route_args} 136 done 137 fi 138} 139 140static_inet6() 141{ 142 local _action i fibs 143 _action=$1 144 145 # get the number of FIBs supported. 146 fibs=`sysctl -n net.fibs` 147 : ${fibs:=1} 148 149 # disallow "internal" addresses to appear on the wire 150 i=0 151 while test ${i} -lt ${fibs}; do 152 setfib -F ${i} route ${_action} \ 153 -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 154 setfib -F ${i} route ${_action} \ 155 -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 156 i=$((i + 1)) 157 done 158 159 case ${ipv6_defaultrouter} in 160 [Nn][Oo] | '') 161 ;; 162 *) 163 ipv6_static_routes="default ${ipv6_static_routes}" 164 ipv6_route_default="default ${ipv6_defaultrouter}" 165 ;; 166 esac 167 168 if [ -n "${ipv6_static_routes}" ]; then 169 for i in ${ipv6_static_routes}; do 170 ipv6_route_args=`get_if_var $i ipv6_route_IF` 171 route ${_action} -inet6 ${ipv6_route_args} 172 done 173 fi 174 175 # Fixup $ipv6_network_interfaces 176 case ${ipv6_network_interfaces} in 177 [Nn][Oo][Nn][Ee]) 178 ipv6_network_interfaces='' 179 ;; 180 esac 181 182 if checkyesno ipv6_gateway_enable; then 183 for i in ${ipv6_network_interfaces}; do 184 185 laddr=`network6_getladdr $i exclude_tentative` 186 case ${laddr} in 187 '') 188 ;; 189 *) 190 ipv6_working_interfaces="$i \ 191 ${ipv6_working_interfaces}" 192 ;; 193 esac 194 done 195 ipv6_network_interfaces=${ipv6_working_interfaces} 196 fi 197 198 # Install the "default interface" to kernel, which will be used 199 # as the default route when there's no router. 200 case "${ipv6_default_interface}" in 201 [Nn][Oo] | [Nn][Oo][Nn][Ee]) 202 ipv6_default_interface="" 203 ;; 204 [Aa][Uu][Tt][Oo] | "") 205 for i in ${ipv6_network_interfaces}; do 206 case $i in 207 lo0|faith[0-9]*) 208 continue 209 ;; 210 esac 211 laddr=`network6_getladdr $i exclude_tentative` 212 case ${laddr} in 213 '') 214 ;; 215 *) 216 ipv6_default_interface=$i 217 break 218 ;; 219 esac 220 done 221 ;; 222 esac 223 224 # Disallow link-local unicast packets without outgoing scope 225 # identifiers. However, if you set "ipv6_default_interface", 226 # for the host case, you will allow to omit the identifiers. 227 # Under this configuration, the packets will go to the default 228 # interface. 229 i=0 230 while test ${i} -lt ${fibs}; do 231 setfib -F ${i} route ${_action} \ 232 -inet6 fe80:: -prefixlen 10 ::1 -reject 233 setfib -F ${i} route ${_action} \ 234 -inet6 ff02:: -prefixlen 16 ::1 -reject 235 i=$((i + 1)) 236 done 237 238 case ${ipv6_default_interface} in 239 '') 240 ;; 241 *) 242 # Disable installing the default interface when we act 243 # as router to avoid conflict between the default 244 # router list and the manual configured default route. 245 if ! checkyesno ipv6_gateway_enable; then 246 ifconfig ${ipv6_default_interface} inet6 defaultif 247 sysctl net.inet6.ip6.use_defaultzone=1 248 fi 249 ;; 250 esac 251} 252 253static_atm() 254{ 255 local _action i route_args 256 _action=$1 257 258 if [ -n "${natm_static_routes}" ]; then 259 for i in ${natm_static_routes}; do 260 route_args=`get_if_var $i route_IF` 261 atmconfig natm ${_action} ${route_args} 262 done 263 fi 264} 265 266static_ipx() 267{ 268 : 269} 270 271ropts_init() 272{ 273 if [ -z "${_ropts_initdone}" ]; then 274 echo -n "Additional $1 routing options:" 275 _ropts_initdone=yes 276 fi 277} 278 279options_inet() 280{ 281 _ropts_initdone= 282 if checkyesno icmp_bmcastecho; then 283 ropts_init inet 284 echo -n ' broadcast ping responses=YES' 285 ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null 286 else 287 ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null 288 fi 289 290 if checkyesno icmp_drop_redirect; then 291 ropts_init inet 292 echo -n ' ignore ICMP redirect=YES' 293 ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null 294 else 295 ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null 296 fi 297 298 if checkyesno icmp_log_redirect; then 299 ropts_init inet 300 echo -n ' log ICMP redirect=YES' 301 ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null 302 else 303 ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null 304 fi 305 306 if checkyesno gateway_enable; then 307 ropts_init inet 308 echo -n ' gateway=YES' 309 ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null 310 else 311 ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null 312 fi 313 314 if checkyesno forward_sourceroute; then 315 ropts_init inet 316 echo -n ' do source routing=YES' 317 ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null 318 else 319 ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null 320 fi 321 322 if checkyesno accept_sourceroute; then 323 ropts_init inet 324 echo -n ' accept source routing=YES' 325 ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null 326 else 327 ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null 328 fi 329 330 if checkyesno arpproxy_all; then 331 ropts_init inet 332 echo -n ' ARP proxyall=YES' 333 ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null 334 else 335 ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null 336 fi 337 338 [ -n "${_ropts_initdone}" ] && echo '.' 339} 340 341options_inet6() 342{ 343 _ropts_initdone= 344 345 if checkyesno ipv6_gateway_enable; then 346 ropts_init inet6 347 echo -n ' gateway=YES' 348 ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null 349 else 350 ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null 351 fi 352 353 [ -n "${_ropts_initdone}" ] && echo '.' 354} 355 356options_atm() 357{ 358 _ropts_initdone= 359 360 [ -n "${_ropts_initdone}" ] && echo '.' 361} 362 363options_ipx() 364{ 365 _ropts_initdone= 366 367 if checkyesno ipxgateway_enable; then 368 ropts_init ipx 369 echo -n ' gateway=YES' 370 ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null 371 else 372 ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null 373 fi 374 375 [ -n "${_ropts_initdone}" ] && echo '.' 376} 377 378load_rc_config $name 379run_rc_command "$@" 380