1#!/bin/sh
2#
3# Configure routing and miscellaneous network tunables
4#
5# $FreeBSD: stable/11/etc/rc.d/routing 318965 2017-05-26 19:19:47Z n_hibma $
6#
7
8# PROVIDE: routing
9# REQUIRE: netif ppp stf
10# KEYWORD: nojailvnet
11
12. /etc/rc.subr
13. /etc/network.subr
14
15name="routing"
16desc="Routing setup"
17start_cmd="routing_start doall"
18stop_cmd="routing_stop"
19extra_commands="options static"
20static_cmd="routing_start static"
21options_cmd="routing_start options"
22
23ROUTE_CMD="/sbin/route"
24
25routing_start()
26{
27	local _cmd _af _if _a _ret
28	_cmd=$1
29	_af=$2
30	_if=$3
31	_ret=0
32
33	case $_if in
34	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
35	esac
36
37	case $_af in
38	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
39		for _a in inet inet6 atm; do
40			afexists $_a || continue
41			setroutes $_cmd $_a $_if || _ret=1
42		done
43	;;
44	*)
45		if afexists $_af; then
46			setroutes $_cmd $_af $_if || _ret=1
47		else
48			err 1 "Unsupported address family: $_af."
49		fi
50	;;
51	esac
52
53	return $_ret
54}
55
56routing_stop()
57{
58	local _af _if _a
59	_af=$1
60	_if=$2
61
62	case $_if in
63	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
64	esac
65
66	case $_af in
67	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
68		for _a in inet inet6 atm; do
69			afexists $_a || continue
70			eval static_${_a} delete $_if
71			# When $_if is specified, do not flush routes.
72			if ! [ -n "$_if" ]; then
73				eval routing_stop_${_a}
74			fi
75		done
76	;;
77	*)
78		if afexists $_af; then
79			eval static_${_af} delete $_if 
80			# When $_if is specified, do not flush routes.
81			if ! [ -n "$_if" ]; then
82				eval routing_stop_${_af}
83			fi
84		else
85			err 1 "Unsupported address family: $_af."
86		fi
87	;;
88	esac
89}
90
91setroutes()
92{
93	local _ret
94	_ret=0
95	case $1 in
96	static)
97		static_$2 add $3
98		_ret=$?
99		;;
100	options)
101		options_$2
102		;;
103	doall)
104		static_$2 add $3
105		_ret=$?
106		options_$2
107		;;
108	esac
109	return $_ret
110}
111
112routing_stop_inet()
113{
114	${ROUTE_CMD} -n flush -inet
115}
116
117routing_stop_inet6()
118{
119	local i
120
121	${ROUTE_CMD} -n flush -inet6
122	for i in `list_net_interfaces`; do
123		if ipv6if $i; then
124			ifconfig $i inet6 -defaultif
125		fi
126	done
127}
128
129routing_stop_atm()
130{
131	return 0
132}
133
134get_fibmod()
135{
136	local _fibs
137
138	_fibs=$((`${SYSCTL_N} net.fibs` - 1))
139	if [ ${_fibs} -gt 0 ]; then
140		echo "-fib 0-${_fibs}"
141	else
142		echo
143	fi
144}
145
146static_inet()
147{
148	local _action _if _skip _fibmod
149	_action=$1
150	_if=$2
151
152	_fibmod=`get_fibmod`
153
154	# Provide loopback route in all routing tables.  This has to come
155	# first so that any following routes can be added.
156	static_routes="_loopback ${static_routes}"
157	route__loopback="-inet 127.0.0.1 -iface lo0 ${_fibmod}"
158
159	# Add default route.
160	case ${defaultrouter} in
161	[Nn][Oo] | '')
162		;;
163	*)
164		static_routes="${static_routes} _default"
165		route__default="default ${defaultrouter}"
166		;;
167	esac
168
169	# Install configured routes.
170	if [ -n "${static_routes}" ]; then
171		for i in ${static_routes}; do
172			_skip=0
173			if [ -n "$_if" ]; then
174				case $i in
175				*:$_if)	;;
176				*)	_skip=1 ;;
177				esac
178			fi
179			if [ $_skip = 0 ]; then
180				route_args=`get_if_var ${i%:*} route_IF`
181				if [ -n "$route_args" ]; then
182					${ROUTE_CMD} ${_action} ${route_args}
183				else
184					warn "route_${i%:*} not found."
185				fi
186			fi
187		done
188	fi
189}
190
191static_inet6()
192{
193	local _action _if _skip fibmod allfibs
194	_action=$1
195	_if=$2
196
197	fibmod=`get_fibmod`
198
199	# Add pre-defined static routes first.
200	ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}"
201	ipv6_static_routes="_lla _llma ${ipv6_static_routes}"
202	ipv6_static_routes="_loopback ${ipv6_static_routes}"
203
204	# disallow "internal" addresses to appear on the wire
205	ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
206	ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
207
208	# Create a loopback route in every fib
209	ipv6_route__loopback="::1 -prefixlen 128 -iface lo0 ${fibmod}"
210
211	# Disallow link-local unicast packets without outgoing scope
212	# identifiers.  However, if you set "ipv6_default_interface",
213	# for the host case, you will allow to omit the identifiers.
214	# Under this configuration, the packets will go to the default
215	# interface.
216	ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}"
217	ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}"
218
219	# Add default route.
220	case ${ipv6_defaultrouter} in
221	[Nn][Oo] | '')
222		;;
223	*)
224		ipv6_static_routes="${ipv6_static_routes} _default"
225		ipv6_route__default="default ${ipv6_defaultrouter}"
226		;;
227	esac
228
229	# Install configured routes.
230	if [ -n "${ipv6_static_routes}" ]; then
231		for i in ${ipv6_static_routes}; do
232			_skip=0
233			if [ -n "$_if" ]; then
234				case $i in
235				*:$_if)	;;
236				*)	_skip=1 ;;
237				esac
238			fi
239			if [ $_skip = 0 ]; then
240				ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF`
241				if [ -n "$ipv6_route_args" ]; then
242					${ROUTE_CMD} ${_action} \
243						-inet6 ${ipv6_route_args}
244				else
245					warn "route_${i%:*} not found"
246				fi
247			fi
248		done
249	fi
250
251	# Install the "default interface" to kernel, which will be used
252	# as the default route when there's no router.
253
254	# Disable installing the default interface when we act
255	# as router to avoid conflict between the default
256	# router list and the manual configured default route.
257	if checkyesno ipv6_gateway_enable; then
258		return
259	fi
260
261	case "${ipv6_default_interface}" in
262	[Nn][Oo] | [Nn][Oo][Nn][Ee])
263		return
264		;;
265	[Aa][Uu][Tt][Oo] | "")
266		for i in ${ipv6_network_interfaces}; do
267			case $i in
268			[Nn][Oo][Nn][Ee])
269				return
270				;;
271			lo0)
272				continue
273				;;
274			esac
275			laddr=`network6_getladdr $i exclude_tentative`
276			case ${laddr} in
277			'')
278				;;
279			*)
280				ipv6_default_interface=$i
281				break
282				;;
283			esac
284		done
285		;;
286	esac
287
288	ifconfig ${ipv6_default_interface} inet6 defaultif
289	${SYSCTL} net.inet6.ip6.use_defaultzone=1 > /dev/null
290}
291
292static_atm()
293{
294	local _action i route_args
295	_action=$1
296
297	if [ -n "${natm_static_routes}" ]; then
298		for i in ${natm_static_routes}; do
299			route_args=`get_if_var $i route_IF`
300			if [ -n "$route_args" ]; then
301				atmconfig natm ${_action} ${route_args}
302			else
303				warn "route_${i} not found."
304			fi
305		done
306	fi
307}
308
309ropts_init()
310{
311	if [ -z "${_ropts_initdone}" ]; then
312		echo -n "Additional $1 routing options:"
313		_ropts_initdone=yes
314	fi
315}
316
317options_inet()
318{
319	_ropts_initdone=
320	if checkyesno icmp_bmcastecho; then
321		ropts_init inet
322		echo -n ' broadcast ping responses=YES'
323		${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
324	else
325		${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
326	fi
327
328	if checkyesno icmp_drop_redirect; then
329		ropts_init inet
330		echo -n ' ignore ICMP redirect=YES'
331		${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
332	else
333		${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
334	fi
335
336	if checkyesno icmp_log_redirect; then
337		ropts_init inet
338		echo -n ' log ICMP redirect=YES'
339		${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
340	else
341		${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
342	fi
343
344	if checkyesno gateway_enable; then
345		ropts_init inet
346		echo -n ' gateway=YES'
347		${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
348	else
349		${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
350	fi
351
352	if checkyesno forward_sourceroute; then
353		ropts_init inet
354		echo -n ' do source routing=YES'
355		${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
356	else
357		${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
358	fi
359
360	if checkyesno accept_sourceroute; then
361		ropts_init inet
362		echo -n ' accept source routing=YES'
363		${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
364	else
365		${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
366	fi
367
368	if checkyesno arpproxy_all; then
369		ropts_init inet
370		echo -n ' ARP proxyall=YES'
371		${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
372	else
373		${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
374	fi
375
376	[ -n "${_ropts_initdone}" ] && echo '.'
377}
378
379options_inet6()
380{
381	_ropts_initdone=
382
383	if checkyesno ipv6_gateway_enable; then
384		ropts_init inet6
385		echo -n ' gateway=YES'
386		${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
387	else
388		${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
389	fi
390
391	[ -n "${_ropts_initdone}" ] && echo '.'
392}
393
394options_atm()
395{
396	_ropts_initdone=
397
398	[ -n "${_ropts_initdone}" ] && echo '.'
399}
400
401load_rc_config $name
402run_rc_command "$@"
403