routing revision 230991
1100280Sgordon#!/bin/sh 225184Sjkh# 3100280Sgordon# Configure routing and miscellaneous network tunables 466830Sobrien# 550472Speter# $FreeBSD: head/etc/rc.d/routing 230991 2012-02-04 18:14:49Z hrs $ 666830Sobrien# 725184Sjkh 8117019Smtm# PROVIDE: routing 9197527Shrs# REQUIRE: faith netif ppp stf 10136224Smtm# KEYWORD: nojail 1125184Sjkh 12100280Sgordon. /etc/rc.subr 13179079Sbrooks. /etc/network.subr 1425184Sjkh 15117019Smtmname="routing" 16197719Shrsstart_cmd="routing_start doall" 17117019Smtmstop_cmd="routing_stop" 18117019Smtmextra_commands="options static" 19197719Shrsstatic_cmd="routing_start static" 20197719Shrsoptions_cmd="routing_start options" 2185831Sdes 22197719Shrsafcheck() 23197719Shrs{ 24197719Shrs case $_af in 25197719Shrs ""|inet|inet6|ipx|atm) 26197719Shrs ;; 27197719Shrs *) 28197719Shrs err 1 "Unsupported address family: $_af." 29197719Shrs ;; 30197719Shrs esac 31197719Shrs} 32197719Shrs 33117019Smtmrouting_start() 34100280Sgordon{ 35197719Shrs local _cmd _af _a 36197719Shrs _cmd=$1 37197719Shrs _af=$2 38197719Shrs 39197719Shrs afcheck 40197719Shrs 41197719Shrs case $_af in 42197719Shrs inet|inet6|ipx|atm) 43197719Shrs setroutes $_cmd $_af 44197719Shrs ;; 45197719Shrs "") 46197719Shrs for _a in inet inet6 ipx atm; do 47197719Shrs afexists $_a && setroutes $_cmd $_a 48197719Shrs done 49197719Shrs ;; 50197719Shrs esac 51117019Smtm} 52117019Smtm 53117019Smtmrouting_stop() 54117019Smtm{ 55197719Shrs local _af _a 56197719Shrs _af=$1 57197699Shrs 58197719Shrs afcheck 59197719Shrs 60197719Shrs case $_af in 61197719Shrs inet|inet6|ipx|atm) 62197719Shrs eval static_${_af} delete 63197719Shrs eval routing_stop_${_af} 64197719Shrs ;; 65197719Shrs "") 66197719Shrs for _a in inet inet6 ipx atm; do 67197719Shrs afexists $_a || continue 68197719Shrs eval static_${_a} delete 69197719Shrs eval routing_stop_${_a} 70197719Shrs done 71197719Shrs ;; 72197719Shrs esac 73197699Shrs} 74197699Shrs 75197719Shrssetroutes() 76197719Shrs{ 77197719Shrs case $1 in 78197719Shrs static) 79197719Shrs static_$2 add 80197719Shrs ;; 81197719Shrs options) 82197719Shrs options_$2 83197719Shrs ;; 84197719Shrs doall) 85197719Shrs static_$2 add 86197719Shrs options_$2 87197719Shrs ;; 88197719Shrs esac 89197719Shrs} 90197719Shrs 91197699Shrsrouting_stop_inet() 92197699Shrs{ 93197699Shrs route -n flush -inet 94197699Shrs} 95197699Shrs 96197699Shrsrouting_stop_inet6() 97197699Shrs{ 98197699Shrs local i 99197699Shrs 100197699Shrs route -n flush -inet6 101230991Shrs for i in `list_net_interfaces`; do 102230991Shrs if ipv6if $i; then 103230991Shrs ifconfig $i inet6 -defaultif 104230991Shrs fi 105197139Shrs done 106117019Smtm} 107117019Smtm 108197719Shrsrouting_stop_atm() 109117019Smtm{ 110197719Shrs return 0 111197139Shrs} 112197139Shrs 113197719Shrsrouting_stop_ipx() 114197139Shrs{ 115197719Shrs return 0 116197139Shrs} 117197139Shrs 118197699Shrsstatic_inet() 119197139Shrs{ 120197139Shrs local _action 121197139Shrs _action=$1 122197139Shrs 12351231Ssheldonh case ${defaultrouter} in 12451231Ssheldonh [Nn][Oo] | '') 12551231Ssheldonh ;; 12651231Ssheldonh *) 12751231Ssheldonh static_routes="default ${static_routes}" 12851231Ssheldonh route_default="default ${defaultrouter}" 12951231Ssheldonh ;; 13051231Ssheldonh esac 13140006Sphk 13251231Ssheldonh if [ -n "${static_routes}" ]; then 13351231Ssheldonh for i in ${static_routes}; do 134197139Shrs route_args=`get_if_var $i route_IF` 135197139Shrs route ${_action} ${route_args} 13651231Ssheldonh done 13751231Ssheldonh fi 138197139Shrs} 139197139Shrs 140197699Shrsstatic_inet6() 141197139Shrs{ 142197139Shrs local _action i 143197139Shrs _action=$1 144197139Shrs 145197139Shrs # disallow "internal" addresses to appear on the wire 146197139Shrs route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject 147197139Shrs route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject 148197139Shrs 149197139Shrs case ${ipv6_defaultrouter} in 150197139Shrs [Nn][Oo] | '') 151197139Shrs ;; 152197139Shrs *) 153197139Shrs ipv6_static_routes="default ${ipv6_static_routes}" 154197139Shrs ipv6_route_default="default ${ipv6_defaultrouter}" 155197139Shrs ;; 156197139Shrs esac 157197139Shrs 158197139Shrs if [ -n "${ipv6_static_routes}" ]; then 159197139Shrs for i in ${ipv6_static_routes}; do 160197139Shrs ipv6_route_args=`get_if_var $i ipv6_route_IF` 161197175Sbz route ${_action} -inet6 ${ipv6_route_args} 162197139Shrs done 163197139Shrs fi 164197139Shrs 165197139Shrs # Fixup $ipv6_network_interfaces 166197139Shrs case ${ipv6_network_interfaces} in 167197139Shrs [Nn][Oo][Nn][Ee]) 168197139Shrs ipv6_network_interfaces='' 169197139Shrs ;; 170197139Shrs esac 171197139Shrs 172197139Shrs if checkyesno ipv6_gateway_enable; then 173197139Shrs for i in ${ipv6_network_interfaces}; do 174197139Shrs 175197139Shrs laddr=`network6_getladdr $i exclude_tentative` 176197139Shrs case ${laddr} in 177197139Shrs '') 178197139Shrs ;; 179197139Shrs *) 180197139Shrs ipv6_working_interfaces="$i \ 181197139Shrs ${ipv6_working_interfaces}" 182197139Shrs ;; 183197139Shrs esac 184197139Shrs done 185197139Shrs ipv6_network_interfaces=${ipv6_working_interfaces} 186197139Shrs fi 187197139Shrs 188197139Shrs # Install the "default interface" to kernel, which will be used 189197139Shrs # as the default route when there's no router. 190197139Shrs case "${ipv6_default_interface}" in 191197139Shrs [Nn][Oo] | [Nn][Oo][Nn][Ee]) 192197139Shrs ipv6_default_interface="" 193197139Shrs ;; 194197139Shrs [Aa][Uu][Tt][Oo] | "") 195197139Shrs for i in ${ipv6_network_interfaces}; do 196197139Shrs case $i in 197197139Shrs lo0|faith[0-9]*) 198197139Shrs continue 199197139Shrs ;; 200197139Shrs esac 201197139Shrs laddr=`network6_getladdr $i exclude_tentative` 202197139Shrs case ${laddr} in 203197139Shrs '') 204197139Shrs ;; 205197139Shrs *) 206197139Shrs ipv6_default_interface=$i 207197139Shrs break 208197139Shrs ;; 209197139Shrs esac 210197139Shrs done 211197139Shrs ;; 212197139Shrs esac 213197139Shrs 214207225Sume # Disallow link-local unicast packets without outgoing scope 215207225Sume # identifiers. However, if you set "ipv6_default_interface", 216207225Sume # for the host case, you will allow to omit the identifiers. 217207225Sume # Under this configuration, the packets will go to the default 218207225Sume # interface. 219197139Shrs route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject 220207225Sume route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject 221197139Shrs 222197139Shrs case ${ipv6_default_interface} in 223197139Shrs '') 224197139Shrs ;; 225197139Shrs *) 226207225Sume # Disable installing the default interface when we act 227207225Sume # as router to avoid conflict between the default 228207225Sume # router list and the manual configured default route. 229197139Shrs if ! checkyesno ipv6_gateway_enable; then 230207225Sume ifconfig ${ipv6_default_interface} inet6 defaultif 231207225Sume sysctl net.inet6.ip6.use_defaultzone=1 232197139Shrs fi 233197139Shrs ;; 234197139Shrs esac 235197139Shrs} 236197139Shrs 237197699Shrsstatic_atm() 238197139Shrs{ 239197699Shrs local _action i route_args 240197139Shrs _action=$1 241197139Shrs 242118908Sharti if [ -n "${natm_static_routes}" ]; then 243118908Sharti for i in ${natm_static_routes}; do 244197139Shrs route_args=`get_if_var $i route_IF` 245197139Shrs atmconfig natm ${_action} ${route_args} 246118908Sharti done 247118908Sharti fi 248117019Smtm} 24929300Sdanny 250197719Shrsstatic_ipx() 251197719Shrs{ 252227366Sjilles : 253197719Shrs} 254197719Shrs 255179940Smtmropts_init() 256179940Smtm{ 257179940Smtm if [ -z "${_ropts_initdone}" ]; then 258224132Sjilles echo -n "Additional $1 routing options:" 259179940Smtm _ropts_initdone=yes 260179940Smtm fi 261179940Smtm} 262179940Smtm 263197699Shrsoptions_inet() 264197699Shrs{ 265224132Sjilles _ropts_initdone= 266197139Shrs if checkyesno icmp_bmcastecho; then 267224132Sjilles ropts_init inet 26851231Ssheldonh echo -n ' broadcast ping responses=YES' 269220153Semaste ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null 270197699Shrs else 271220153Semaste ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null 272197139Shrs fi 27345096Simp 274197139Shrs if checkyesno icmp_drop_redirect; then 275224132Sjilles ropts_init inet 27651231Ssheldonh echo -n ' ignore ICMP redirect=YES' 277220153Semaste ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null 278197699Shrs else 279220153Semaste ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null 280197139Shrs fi 28139267Sjkoshy 282197139Shrs if checkyesno icmp_log_redirect; then 283224132Sjilles ropts_init inet 28451231Ssheldonh echo -n ' log ICMP redirect=YES' 285220153Semaste ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null 286197699Shrs else 287220153Semaste ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null 288197139Shrs fi 28933439Sguido 290197139Shrs if checkyesno gateway_enable; then 291224132Sjilles ropts_init inet 292224132Sjilles echo -n ' gateway=YES' 293220153Semaste ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null 294197699Shrs else 295220153Semaste ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null 296197139Shrs fi 29733439Sguido 298197139Shrs if checkyesno forward_sourceroute; then 299224132Sjilles ropts_init inet 30051231Ssheldonh echo -n ' do source routing=YES' 301220153Semaste ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null 302197699Shrs else 303220153Semaste ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null 304197139Shrs fi 30547752Sphk 306197139Shrs if checkyesno accept_sourceroute; then 307224132Sjilles ropts_init inet 30851231Ssheldonh echo -n ' accept source routing=YES' 309220153Semaste ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null 310197699Shrs else 311220153Semaste ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null 312197139Shrs fi 31351209Sdes 314197699Shrs if checkyesno arpproxy_all; then 315224132Sjilles ropts_init inet 316197699Shrs echo -n ' ARP proxyall=YES' 317220153Semaste ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null 318197699Shrs else 319220153Semaste ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null 320197139Shrs fi 321224132Sjilles 322224132Sjilles [ -n "${_ropts_initdone}" ] && echo '.' 323197699Shrs} 32451231Ssheldonh 325197699Shrsoptions_inet6() 326197699Shrs{ 327224132Sjilles _ropts_initdone= 328224132Sjilles 329197699Shrs if checkyesno ipv6_gateway_enable; then 330224132Sjilles ropts_init inet6 331224132Sjilles echo -n ' gateway=YES' 332220153Semaste ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null 333197699Shrs else 334220153Semaste ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null 335197139Shrs fi 336224132Sjilles 337224132Sjilles [ -n "${_ropts_initdone}" ] && echo '.' 338197699Shrs} 33961961Sdillon 340197719Shrsoptions_atm() 341197719Shrs{ 342224132Sjilles _ropts_initdone= 343224132Sjilles 344224132Sjilles [ -n "${_ropts_initdone}" ] && echo '.' 345197719Shrs} 346197719Shrs 347197699Shrsoptions_ipx() 348197699Shrs{ 349224132Sjilles _ropts_initdone= 350224132Sjilles 351197699Shrs if checkyesno ipxgateway_enable; then 352224132Sjilles ropts_init ipx 353224132Sjilles echo -n ' gateway=YES' 354220153Semaste ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null 355197699Shrs else 356220153Semaste ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null 357197699Shrs fi 358224132Sjilles 359224132Sjilles [ -n "${_ropts_initdone}" ] && echo '.' 36025184Sjkh} 36125184Sjkh 362100280Sgordonload_rc_config $name 363197139Shrsrun_rc_command "$@" 364