routing revision 285830
1#!/bin/sh 2# 3# Configure routing and miscellaneous network tunables 4# 5# $FreeBSD: releng/10.2/etc/rc.d/routing 278659 2015-02-13 04:50:39Z rpaulo $ 6# 7 8# PROVIDE: routing 9# REQUIRE: faith netif ppp stf 10# KEYWORD: nojailvnet 11 12. /etc/rc.subr 13. /etc/network.subr 14 15name="routing" 16start_cmd="routing_start doall" 17stop_cmd="routing_stop" 18extra_commands="options static" 19static_cmd="routing_start static" 20options_cmd="routing_start options" 21 22ROUTE_CMD="/sbin/route" 23 24routing_start() 25{ 26 local _cmd _af _if _a _ret 27 _cmd=$1 28 _af=$2 29 _if=$3 30 _ret=0 31 32 case $_if in 33 ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; 34 esac 35 36 case $_af in 37 ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) 38 for _a in inet inet6 atm; do 39 afexists $_a || continue 40 setroutes $_cmd $_a $_if || _ret=1 41 done 42 ;; 43 *) 44 if afexists $_af; then 45 setroutes $_cmd $_af $_if || _ret=1 46 else 47 err 1 "Unsupported address family: $_af." 48 fi 49 ;; 50 esac 51 52 return $_ret 53} 54 55routing_stop() 56{ 57 local _af _if _a 58 _af=$1 59 _if=$2 60 61 case $_if in 62 ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; 63 esac 64 65 case $_af in 66 ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) 67 for _a in inet inet6 ipx atm; do 68 afexists $_a || continue 69 eval static_${_a} delete $_if 70 # When $_if is specified, do not flush routes. 71 if ! [ -n "$_if" ]; then 72 eval routing_stop_${_a} 73 fi 74 done 75 ;; 76 *) 77 if afexists $_af; then 78 eval static_${_af} delete $_if 79 # When $_if is specified, do not flush routes. 80 if ! [ -n "$_if" ]; then 81 eval routing_stop_${_af} 82 fi 83 else 84 err 1 "Unsupported address family: $_af." 85 fi 86 ;; 87 esac 88} 89 90setroutes() 91{ 92 case $1 in 93 static) 94 static_$2 add $3 95 ;; 96 options) 97 options_$2 98 ;; 99 doall) 100 static_$2 add $3 101 options_$2 102 ;; 103 esac 104} 105 106routing_stop_inet() 107{ 108 ${ROUTE_CMD} -n flush -inet 109} 110 111routing_stop_inet6() 112{ 113 local i 114 115 ${ROUTE_CMD} -n flush -inet6 116 for i in `list_net_interfaces`; do 117 if ipv6if $i; then 118 ifconfig $i inet6 -defaultif 119 fi 120 done 121} 122 123routing_stop_atm() 124{ 125 return 0 126} 127 128routing_stop_ipx() 129{ 130 return 0 131} 132 133static_inet() 134{ 135 local _action _if _skip 136 _action=$1 137 _if=$2 138 139 # Add default route. 140 case ${defaultrouter} in 141 [Nn][Oo] | '') 142 ;; 143 *) 144 static_routes="${static_routes} _default" 145 route__default="default ${defaultrouter}" 146 ;; 147 esac 148 149 # Install configured routes. 150 if [ -n "${static_routes}" ]; then 151 for i in ${static_routes}; do 152 _skip=0 153 if [ -n "$_if" ]; then 154 case $i in 155 *:$_if) ;; 156 *) _skip=1 ;; 157 esac 158 fi 159 if [ $_skip = 0 ]; then 160 route_args=`get_if_var ${i%:*} route_IF` 161 if [ -n "$route_args" ]; then 162 ${ROUTE_CMD} ${_action} ${route_args} 163 else 164 warn "route_${i%:*} not found." 165 fi 166 fi 167 done 168 fi 169} 170 171static_inet6() 172{ 173 local _action _if _skip fibmod fibs allfibs 174 _action=$1 175 _if=$2 176 177 # get the number of FIBs supported. 178 fibs=$((`${SYSCTL_N} net.fibs` - 1)) 179 allfibs=`${SYSCTL_N} net.add_addr_allfibs` 180 if [ "$fibs" -gt 0 ] && [ "$allfibs" -ne 0 ]; then 181 fibmod="-fib 0-$fibs" 182 else 183 fibmod= 184 fi 185 186 # Add pre-defined static routes first. 187 ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}" 188 ipv6_static_routes="_lla _llma ${ipv6_static_routes}" 189 190 # disallow "internal" addresses to appear on the wire 191 ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" 192 ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" 193 194 # Disallow link-local unicast packets without outgoing scope 195 # identifiers. However, if you set "ipv6_default_interface", 196 # for the host case, you will allow to omit the identifiers. 197 # Under this configuration, the packets will go to the default 198 # interface. 199 ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}" 200 ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}" 201 202 # Add default route. 203 case ${ipv6_defaultrouter} in 204 [Nn][Oo] | '') 205 ;; 206 *) 207 ipv6_static_routes="${ipv6_static_routes} _default" 208 ipv6_route__default="default ${ipv6_defaultrouter}" 209 ;; 210 esac 211 212 # Install configured routes. 213 if [ -n "${ipv6_static_routes}" ]; then 214 for i in ${ipv6_static_routes}; do 215 _skip=0 216 if [ -n "$_if" ]; then 217 case $i in 218 *:$_if) ;; 219 *) _skip=1 ;; 220 esac 221 fi 222 if [ $_skip = 0 ]; then 223 ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF` 224 if [ -n "$ipv6_route_args" ]; then 225 ${ROUTE_CMD} ${_action} \ 226 -inet6 ${ipv6_route_args} 227 else 228 warn "route_${i%:*} not found" 229 fi 230 fi 231 done 232 fi 233 234 # Install the "default interface" to kernel, which will be used 235 # as the default route when there's no router. 236 237 # Disable installing the default interface when we act 238 # as router to avoid conflict between the default 239 # router list and the manual configured default route. 240 if checkyesno ipv6_gateway_enable; then 241 return 242 fi 243 244 case "${ipv6_default_interface}" in 245 [Nn][Oo] | [Nn][Oo][Nn][Ee]) 246 return 247 ;; 248 [Aa][Uu][Tt][Oo] | "") 249 for i in ${ipv6_network_interfaces}; do 250 case $i in 251 [Nn][Oo][Nn][Ee]) 252 return 253 ;; 254 lo0|faith[0-9]*) 255 continue 256 ;; 257 esac 258 laddr=`network6_getladdr $i exclude_tentative` 259 case ${laddr} in 260 '') 261 ;; 262 *) 263 ipv6_default_interface=$i 264 break 265 ;; 266 esac 267 done 268 ;; 269 esac 270 271 ifconfig ${ipv6_default_interface} inet6 defaultif 272 sysctl net.inet6.ip6.use_defaultzone=1 273} 274 275static_atm() 276{ 277 local _action i route_args 278 _action=$1 279 280 if [ -n "${natm_static_routes}" ]; then 281 for i in ${natm_static_routes}; do 282 route_args=`get_if_var $i route_IF` 283 if [ -n "$route_args" ]; then 284 atmconfig natm ${_action} ${route_args} 285 else 286 warn "route_${i} not found." 287 fi 288 done 289 fi 290} 291 292static_ipx() 293{ 294 : 295} 296 297ropts_init() 298{ 299 if [ -z "${_ropts_initdone}" ]; then 300 echo -n "Additional $1 routing options:" 301 _ropts_initdone=yes 302 fi 303} 304 305options_inet() 306{ 307 _ropts_initdone= 308 if checkyesno icmp_bmcastecho; then 309 ropts_init inet 310 echo -n ' broadcast ping responses=YES' 311 ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null 312 else 313 ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null 314 fi 315 316 if checkyesno icmp_drop_redirect; then 317 ropts_init inet 318 echo -n ' ignore ICMP redirect=YES' 319 ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null 320 else 321 ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null 322 fi 323 324 if checkyesno icmp_log_redirect; then 325 ropts_init inet 326 echo -n ' log ICMP redirect=YES' 327 ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null 328 else 329 ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null 330 fi 331 332 if checkyesno gateway_enable; then 333 ropts_init inet 334 echo -n ' gateway=YES' 335 ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null 336 else 337 ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null 338 fi 339 340 if checkyesno forward_sourceroute; then 341 ropts_init inet 342 echo -n ' do source routing=YES' 343 ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null 344 else 345 ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null 346 fi 347 348 if checkyesno accept_sourceroute; then 349 ropts_init inet 350 echo -n ' accept source routing=YES' 351 ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null 352 else 353 ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null 354 fi 355 356 if checkyesno arpproxy_all; then 357 ropts_init inet 358 echo -n ' ARP proxyall=YES' 359 ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null 360 else 361 ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null 362 fi 363 364 [ -n "${_ropts_initdone}" ] && echo '.' 365} 366 367options_inet6() 368{ 369 _ropts_initdone= 370 371 if checkyesno ipv6_gateway_enable; then 372 ropts_init inet6 373 echo -n ' gateway=YES' 374 ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null 375 else 376 ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null 377 fi 378 379 [ -n "${_ropts_initdone}" ] && echo '.' 380} 381 382options_atm() 383{ 384 _ropts_initdone= 385 386 [ -n "${_ropts_initdone}" ] && echo '.' 387} 388 389options_ipx() 390{ 391 _ropts_initdone= 392 393 if checkyesno ipxgateway_enable; then 394 ropts_init ipx 395 echo -n ' gateway=YES' 396 ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null 397 else 398 ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null 399 fi 400 401 [ -n "${_ropts_initdone}" ] && echo '.' 402} 403 404load_rc_config $name 405run_rc_command "$@" 406