routing revision 197699
1100280Sgordon#!/bin/sh 225184Sjkh# 3100280Sgordon# Configure routing and miscellaneous network tunables 466830Sobrien# 550472Speter# $FreeBSD: head/etc/rc.d/routing 197699 2009-10-02 02:28:59Z hrs $ 666830Sobrien# 725184Sjkh 8117019Smtm# PROVIDE: routing 9197527Shrs# REQUIRE: faith netif ppp stf 10136224Smtm# KEYWORD: nojail 1125184Sjkh 12100280Sgordon. /etc/rc.subr 13179079Sbrooks. /etc/network.subr 1425184Sjkh 15117019Smtmname="routing" 16117019Smtmstart_cmd="routing_start" 17117019Smtmstop_cmd="routing_stop" 18117019Smtmextra_commands="options static" 19117019Smtmstatic_cmd="static_start" 20117019Smtmoptions_cmd="options_start" 2185831Sdes 22117019Smtmrouting_start() 23100280Sgordon{ 24197139Shrs static_start "$@" 25197139Shrs options_start "$@" 26117019Smtm} 27117019Smtm 28117019Smtmrouting_stop() 29117019Smtm{ 30197699Shrs local _af 31197699Shrs 32197139Shrs static_stop "$@" 33197699Shrs for _af in inet inet6; do 34197699Shrs afexists ${_af} && eval routing_stop_${_af} 35197699Shrs done 36197699Shrs} 37197699Shrs 38197699Shrsrouting_stop_inet() 39197699Shrs{ 40197699Shrs route -n flush -inet 41197699Shrs} 42197699Shrs 43197699Shrsrouting_stop_inet6() 44197699Shrs{ 45197699Shrs local i 46197699Shrs 47197699Shrs route -n flush -inet6 48197139Shrs for i in ${ipv6_network_interfaces}; do 49197139Shrs ifconfig $i inet6 -defaultif 50197139Shrs done 51117019Smtm} 52117019Smtm 53117019Smtmstatic_start() 54117019Smtm{ 55197139Shrs local _af 56197139Shrs _af=$1 57197139Shrs 58197139Shrs case ${_af} in 59197699Shrs inet|inet6|atm) 60197699Shrs do_static add ${_af} 61197139Shrs ;; 62197699Shrs "") 63197699Shrs do_static add inet inet6 atm 64197139Shrs ;; 65197139Shrs esac 66197139Shrs} 67197139Shrs 68197139Shrsstatic_stop() 69197139Shrs{ 70197139Shrs local _af 71197139Shrs _af=$1 72197139Shrs 73197139Shrs case ${_af} in 74197699Shrs inet|inet6|atm) 75197699Shrs do_static delete ${_af} 76197139Shrs ;; 77197699Shrs "") 78197699Shrs do_static delete inet inet6 atm 79197139Shrs ;; 80197139Shrs esac 81197139Shrs} 82197139Shrs 83197139Shrsdo_static() 84197139Shrs{ 85197139Shrs local _af _action 86197699Shrs _action=$1 87197139Shrs 88197699Shrs shift 89197699Shrs for _af in "$@"; do 90197699Shrs afexists ${_af} && eval static_${_af} ${_action} 91197699Shrs done 92197139Shrs} 93197139Shrs 94197699Shrsstatic_inet() 95197139Shrs{ 96197139Shrs local _action 97197139Shrs _action=$1 98197139Shrs 9951231Ssheldonh case ${defaultrouter} in 10051231Ssheldonh [Nn][Oo] | '') 10151231Ssheldonh ;; 10251231Ssheldonh *) 10351231Ssheldonh static_routes="default ${static_routes}" 10451231Ssheldonh route_default="default ${defaultrouter}" 10551231Ssheldonh ;; 10651231Ssheldonh esac 10740006Sphk 10851231Ssheldonh if [ -n "${static_routes}" ]; then 10951231Ssheldonh for i in ${static_routes}; do 110197139Shrs route_args=`get_if_var $i route_IF` 111197139Shrs route ${_action} ${route_args} 11251231Ssheldonh done 11351231Ssheldonh fi 114197139Shrs} 115197139Shrs 116197699Shrsstatic_inet6() 117197139Shrs{ 118197139Shrs local _action i 119197139Shrs _action=$1 120197139Shrs 121197139Shrs # disallow "internal" addresses to appear on the wire 122197139Shrs route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 123197139Shrs route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 124197139Shrs 125197139Shrs case ${ipv6_defaultrouter} in 126197139Shrs [Nn][Oo] | '') 127197139Shrs ;; 128197139Shrs *) 129197139Shrs ipv6_static_routes="default ${ipv6_static_routes}" 130197139Shrs ipv6_route_default="default ${ipv6_defaultrouter}" 131197139Shrs ;; 132197139Shrs esac 133197139Shrs 134197139Shrs if [ -n "${ipv6_static_routes}" ]; then 135197139Shrs for i in ${ipv6_static_routes}; do 136197139Shrs ipv6_route_args=`get_if_var $i ipv6_route_IF` 137197175Sbz route ${_action} -inet6 ${ipv6_route_args} 138197139Shrs done 139197139Shrs fi 140197139Shrs 141197139Shrs # Fixup $ipv6_network_interfaces 142197139Shrs case ${ipv6_network_interfaces} in 143197139Shrs [Nn][Oo][Nn][Ee]) 144197139Shrs ipv6_network_interfaces='' 145197139Shrs ;; 146197139Shrs esac 147197139Shrs 148197139Shrs if checkyesno ipv6_gateway_enable; then 149197139Shrs for i in ${ipv6_network_interfaces}; do 150197139Shrs 151197139Shrs laddr=`network6_getladdr $i exclude_tentative` 152197139Shrs case ${laddr} in 153197139Shrs '') 154197139Shrs ;; 155197139Shrs *) 156197139Shrs ipv6_working_interfaces="$i \ 157197139Shrs ${ipv6_working_interfaces}" 158197139Shrs ;; 159197139Shrs esac 160197139Shrs done 161197139Shrs ipv6_network_interfaces=${ipv6_working_interfaces} 162197139Shrs fi 163197139Shrs 164197139Shrs # Install the "default interface" to kernel, which will be used 165197139Shrs # as the default route when there's no router. 166197139Shrs case "${ipv6_default_interface}" in 167197139Shrs [Nn][Oo] | [Nn][Oo][Nn][Ee]) 168197139Shrs ipv6_default_interface="" 169197139Shrs ;; 170197139Shrs [Aa][Uu][Tt][Oo] | "") 171197139Shrs for i in ${ipv6_network_interfaces}; do 172197139Shrs case $i in 173197139Shrs lo0|faith[0-9]*) 174197139Shrs continue 175197139Shrs ;; 176197139Shrs esac 177197139Shrs laddr=`network6_getladdr $i exclude_tentative` 178197139Shrs case ${laddr} in 179197139Shrs '') 180197139Shrs ;; 181197139Shrs *) 182197139Shrs ipv6_default_interface=$i 183197139Shrs break 184197139Shrs ;; 185197139Shrs esac 186197139Shrs done 187197139Shrs ;; 188197139Shrs esac 189197139Shrs 190197139Shrs # Disallow unicast packets without outgoing scope identifiers, 191197139Shrs # or route such packets to a "default" interface, if it is specified. 192197139Shrs route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject 193197139Shrs 194197139Shrs case ${ipv6_default_interface} in 195197139Shrs '') 196197139Shrs route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject 197197139Shrs ;; 198197139Shrs *) 199197139Shrs laddr=`network6_getladdr ${ipv6_default_interface}` 200197139Shrs route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface 201197139Shrs 202197139Shrs # Disable installing the default interface with the 203197139Shrs # case net.inet6.ip6.forwarding=0 and 204197139Shrs # the interface with no ND6_IFF_ACCEPT_RTADV 205197139Shrs # to avoid conflict between the default router list and 206197139Shrs # the manual configured default route. 207197139Shrs if ! checkyesno ipv6_gateway_enable; then 208197139Shrs ifconfig ${ipv6_default_interface} nd6 | \ 209197139Shrs while read proto options 210197139Shrs do 211197139Shrs case "${proto}:${options}" in 212197139Shrs nd6:*ACCEPT_RTADV*) 213197139Shrs ifconfig ${ipv6_default_interface} inet6 defaultif 214197139Shrs break 215197139Shrs ;; 216197139Shrs esac 217197139Shrs done 218197139Shrs fi 219197139Shrs ;; 220197139Shrs esac 221197139Shrs} 222197139Shrs 223197699Shrsstatic_atm() 224197139Shrs{ 225197699Shrs local _action i route_args 226197139Shrs _action=$1 227197139Shrs 228118908Sharti if [ -n "${natm_static_routes}" ]; then 229118908Sharti for i in ${natm_static_routes}; do 230197139Shrs route_args=`get_if_var $i route_IF` 231197139Shrs atmconfig natm ${_action} ${route_args} 232118908Sharti done 233118908Sharti fi 234117019Smtm} 23529300Sdanny 236179940Smtm_ropts_initdone= 237179940Smtmropts_init() 238179940Smtm{ 239179940Smtm if [ -z "${_ropts_initdone}" ]; then 240179940Smtm echo -n 'Additional routing options:' 241179940Smtm _ropts_initdone=yes 242179940Smtm fi 243179940Smtm} 244179940Smtm 245117019Smtmoptions_start() 246117019Smtm{ 247197699Shrs local _af 248197699Shrs 249197699Shrs for _af in inet inet6 ipx; do 250197699Shrs afexists ${_af} && eval options_${_af} 251197699Shrs done 252197699Shrs [ -n "${_ropts_initdone}" ] && echo '.' 253197699Shrs} 254197699Shrs 255197699Shrsoptions_inet() 256197699Shrs{ 257197139Shrs if checkyesno icmp_bmcastecho; then 258179940Smtm ropts_init 25951231Ssheldonh echo -n ' broadcast ping responses=YES' 260197699Shrs ${SYSCTL_W} net.inet.icmp.bmcastecho=1 > /dev/null 261197699Shrs else 262197699Shrs ${SYSCTL_W} net.inet.icmp.bmcastecho=0 > /dev/null 263197139Shrs fi 26445096Simp 265197139Shrs if checkyesno icmp_drop_redirect; then 266179940Smtm ropts_init 26751231Ssheldonh echo -n ' ignore ICMP redirect=YES' 268197699Shrs ${SYSCTL_W} net.inet.icmp.drop_redirect=1 > /dev/null 269197699Shrs else 270197699Shrs ${SYSCTL_W} net.inet.icmp.drop_redirect=0 > /dev/null 271197139Shrs fi 27239267Sjkoshy 273197139Shrs if checkyesno icmp_log_redirect; then 274179940Smtm ropts_init 27551231Ssheldonh echo -n ' log ICMP redirect=YES' 276197699Shrs ${SYSCTL_W} net.inet.icmp.log_redirect=1 > /dev/null 277197699Shrs else 278197699Shrs ${SYSCTL_W} net.inet.icmp.log_redirect=0 > /dev/null 279197139Shrs fi 28033439Sguido 281197139Shrs if checkyesno gateway_enable; then 282179940Smtm ropts_init 283197139Shrs echo -n ' IPv4 gateway=YES' 284197699Shrs ${SYSCTL_W} net.inet.ip.forwarding=1 > /dev/null 285197699Shrs else 286197699Shrs ${SYSCTL_W} net.inet.ip.forwarding=0 > /dev/null 287197139Shrs fi 28833439Sguido 289197139Shrs if checkyesno forward_sourceroute; then 290197139Shrs ropts_init 29151231Ssheldonh echo -n ' do source routing=YES' 292197699Shrs ${SYSCTL_W} net.inet.ip.sourceroute=1 > /dev/null 293197699Shrs else 294197699Shrs ${SYSCTL_W} net.inet.ip.sourceroute=0 > /dev/null 295197139Shrs fi 29647752Sphk 297197139Shrs if checkyesno accept_sourceroute; then 298179940Smtm ropts_init 29951231Ssheldonh echo -n ' accept source routing=YES' 300197699Shrs ${SYSCTL_W} net.inet.ip.accept_sourceroute=1 > /dev/null 301197699Shrs else 302197699Shrs ${SYSCTL_W} net.inet.ip.accept_sourceroute=0 > /dev/null 303197139Shrs fi 30451209Sdes 305197699Shrs if checkyesno arpproxy_all; then 306179940Smtm ropts_init 307197699Shrs echo -n ' ARP proxyall=YES' 308197699Shrs ${SYSCTL_W} net.link.ether.inet.proxyall=1 > /dev/null 309197699Shrs else 310197699Shrs ${SYSCTL_W} net.link.ether.inet.proxyall=0 > /dev/null 311197139Shrs fi 312197699Shrs} 31351231Ssheldonh 314197699Shrsoptions_inet6() 315197699Shrs{ 316197699Shrs if checkyesno ipv6_gateway_enable; then 317179940Smtm ropts_init 318197699Shrs echo -n ' IPv6 gateway=YES' 319197699Shrs ${SYSCTL_W} net.inet6.ip6.forwarding=1 > /dev/null 320197699Shrs else 321197699Shrs ${SYSCTL_W} net.inet6.ip6.forwarding=0 > /dev/null 322197139Shrs fi 323197699Shrs} 32461961Sdillon 325197699Shrsoptions_ipx() 326197699Shrs{ 327197699Shrs if checkyesno ipxgateway_enable; then 328197699Shrs ropts_init 329197699Shrs echo -n ' IPX gateway=YES' 330197699Shrs ${SYSCTL_W} net.ipx.ipx.ipxforwarding=1 > /dev/null 331197699Shrs else 332197699Shrs ${SYSCTL_W} net.ipx.ipx.ipxforwarding=0 > /dev/null 333197699Shrs fi 33425184Sjkh} 33525184Sjkh 336100280Sgordonload_rc_config $name 337197139Shrsrun_rc_command "$@" 338