routing revision 197139
1#!/bin/sh 2# 3# Configure routing and miscellaneous network tunables 4# 5# $FreeBSD: head/etc/rc.d/routing 197139 2009-09-12 22:13:41Z hrs $ 6# 7 8# PROVIDE: routing 9# REQUIRE: netif ppp 10# KEYWORD: nojail 11 12. /etc/rc.subr 13. /etc/network.subr 14 15name="routing" 16start_cmd="routing_start" 17stop_cmd="routing_stop" 18extra_commands="options static" 19static_cmd="static_start" 20options_cmd="options_start" 21 22routing_start() 23{ 24 static_start "$@" 25 options_start "$@" 26} 27 28routing_stop() 29{ 30 static_stop "$@" 31 route -n flush 32 for i in ${ipv6_network_interfaces}; do 33 ifconfig $i inet6 -defaultif 34 done 35} 36 37static_start() 38{ 39 local _af 40 _af=$1 41 42 case ${_af} in 43 inet) 44 do_static inet add 45 ;; 46 inet6) 47 do_static inet6 add 48 ;; 49 atm) 50 do_static atm add 51 ;; 52 *) 53 do_static inet add 54 do_static inet6 add 55 do_static atm add 56 ;; 57 esac 58} 59 60static_stop() 61{ 62 local _af 63 _af=$1 64 65 case ${_af} in 66 inet) 67 do_static inet delete 68 ;; 69 inet6) 70 do_static inet6 delete 71 ;; 72 atm) 73 do_static atm delete 74 ;; 75 *) 76 do_static inet delete 77 do_static inet6 delete 78 do_static atm delete 79 ;; 80 esac 81} 82 83do_static() 84{ 85 local _af _action 86 _af=$1 87 _action=$2 88 89 eval $1_static $2 90} 91 92inet_static() 93{ 94 local _action 95 _action=$1 96 97 case ${defaultrouter} in 98 [Nn][Oo] | '') 99 ;; 100 *) 101 static_routes="default ${static_routes}" 102 route_default="default ${defaultrouter}" 103 ;; 104 esac 105 106 if [ -n "${static_routes}" ]; then 107 for i in ${static_routes}; do 108 route_args=`get_if_var $i route_IF` 109 route ${_action} ${route_args} 110 done 111 fi 112} 113 114inet6_static() 115{ 116 local _action i 117 _action=$1 118 119 # disallow "internal" addresses to appear on the wire 120 route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 121 route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 122 123 case ${ipv6_defaultrouter} in 124 [Nn][Oo] | '') 125 ;; 126 *) 127 ipv6_static_routes="default ${ipv6_static_routes}" 128 ipv6_route_default="default ${ipv6_defaultrouter}" 129 ;; 130 esac 131 132 if [ -n "${ipv6_static_routes}" ]; then 133 for i in ${ipv6_static_routes}; do 134 ipv6_route_args=`get_if_var $i ipv6_route_IF` 135 route ${_action} -inet6 ${route_args} 136 done 137 fi 138 139 # Fixup $ipv6_network_interfaces 140 case ${ipv6_network_interfaces} in 141 [Nn][Oo][Nn][Ee]) 142 ipv6_network_interfaces='' 143 ;; 144 esac 145 146 if checkyesno ipv6_gateway_enable; then 147 for i in ${ipv6_network_interfaces}; do 148 149 laddr=`network6_getladdr $i exclude_tentative` 150 case ${laddr} in 151 '') 152 ;; 153 *) 154 ipv6_working_interfaces="$i \ 155 ${ipv6_working_interfaces}" 156 ;; 157 esac 158 done 159 ipv6_network_interfaces=${ipv6_working_interfaces} 160 fi 161 162 # Install the "default interface" to kernel, which will be used 163 # as the default route when there's no router. 164 case "${ipv6_default_interface}" in 165 [Nn][Oo] | [Nn][Oo][Nn][Ee]) 166 ipv6_default_interface="" 167 ;; 168 [Aa][Uu][Tt][Oo] | "") 169 for i in ${ipv6_network_interfaces}; do 170 case $i in 171 lo0|faith[0-9]*) 172 continue 173 ;; 174 esac 175 laddr=`network6_getladdr $i exclude_tentative` 176 case ${laddr} in 177 '') 178 ;; 179 *) 180 ipv6_default_interface=$i 181 break 182 ;; 183 esac 184 done 185 ;; 186 esac 187 188 # Disallow unicast packets without outgoing scope identifiers, 189 # or route such packets to a "default" interface, if it is specified. 190 route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject 191 192 case ${ipv6_default_interface} in 193 '') 194 route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject 195 ;; 196 *) 197 laddr=`network6_getladdr ${ipv6_default_interface}` 198 route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface 199 200 # Disable installing the default interface with the 201 # case net.inet6.ip6.forwarding=0 and 202 # the interface with no ND6_IFF_ACCEPT_RTADV 203 # to avoid conflict between the default router list and 204 # the manual configured default route. 205 if ! checkyesno ipv6_gateway_enable; then 206 ifconfig ${ipv6_default_interface} nd6 | \ 207 while read proto options 208 do 209 case "${proto}:${options}" in 210 nd6:*ACCEPT_RTADV*) 211 ifconfig ${ipv6_default_interface} inet6 defaultif 212 break 213 ;; 214 esac 215 done 216 fi 217 ;; 218 esac 219} 220 221atm_static() 222{ 223 local _action i 224 _action=$1 225 226 if [ -n "${natm_static_routes}" ]; then 227 for i in ${natm_static_routes}; do 228 route_args=`get_if_var $i route_IF` 229 atmconfig natm ${_action} ${route_args} 230 done 231 fi 232} 233 234_ropts_initdone= 235ropts_init() 236{ 237 if [ -z "${_ropts_initdone}" ]; then 238 echo -n 'Additional routing options:' 239 _ropts_initdone=yes 240 fi 241} 242 243options_start() 244{ 245 if checkyesno icmp_bmcastecho; then 246 ropts_init 247 echo -n ' broadcast ping responses=YES' 248 sysctl net.inet.icmp.bmcastecho=1 >/dev/null 249 fi 250 251 if checkyesno icmp_drop_redirect; then 252 ropts_init 253 echo -n ' ignore ICMP redirect=YES' 254 sysctl net.inet.icmp.drop_redirect=1 >/dev/null 255 fi 256 257 if checkyesno icmp_log_redirect; then 258 ropts_init 259 echo -n ' log ICMP redirect=YES' 260 sysctl net.inet.icmp.log_redirect=1 >/dev/null 261 fi 262 263 if checkyesno gateway_enable; then 264 ropts_init 265 echo -n ' IPv4 gateway=YES' 266 sysctl net.inet.ip.forwarding=1 >/dev/null 267 fi 268 269 if checkyesno ipv6_gateway_enable; then 270 ropts_init 271 echo -n ' IPv6 gateway=YES' 272 sysctl net.inet6.ip6.forwarding=1 >/dev/null 273 fi 274 275 if checkyesno forward_sourceroute; then 276 ropts_init 277 echo -n ' do source routing=YES' 278 sysctl net.inet.ip.sourceroute=1 >/dev/null 279 fi 280 281 if checkyesno accept_sourceroute; then 282 ropts_init 283 echo -n ' accept source routing=YES' 284 sysctl net.inet.ip.accept_sourceroute=1 >/dev/null 285 fi 286 287 if checkyesno ipxgateway_enable; then 288 ropts_init 289 echo -n ' IPX gateway=YES' 290 sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null 291 fi 292 293 if checkyesno arpproxy_all; then 294 ropts_init 295 echo -n ' ARP proxyall=YES' 296 sysctl net.link.ether.inet.proxyall=1 >/dev/null 297 fi 298 299 [ -n "${_ropts_initdone}" ] && echo '.' 300} 301 302load_rc_config $name 303run_rc_command "$@" 304