routing revision 250804
1100280Sgordon#!/bin/sh 225184Sjkh# 3100280Sgordon# Configure routing and miscellaneous network tunables 466830Sobrien# 550472Speter# $FreeBSD: head/etc/rc.d/routing 250804 2013-05-19 04:10:34Z jamie $ 666830Sobrien# 725184Sjkh 8117019Smtm# PROVIDE: routing 9197527Shrs# REQUIRE: faith netif ppp stf 10250804Sjamie# KEYWORD: nojailvnet 1125184Sjkh 12100280Sgordon. /etc/rc.subr 13179079Sbrooks. /etc/network.subr 1425184Sjkh 15117019Smtmname="routing" 16197719Shrsstart_cmd="routing_start doall" 17117019Smtmstop_cmd="routing_stop" 18117019Smtmextra_commands="options static" 19197719Shrsstatic_cmd="routing_start static" 20197719Shrsoptions_cmd="routing_start options" 2185831Sdes 22197719Shrsafcheck() 23197719Shrs{ 24197719Shrs case $_af in 25197719Shrs ""|inet|inet6|ipx|atm) 26197719Shrs ;; 27197719Shrs *) 28197719Shrs err 1 "Unsupported address family: $_af." 29197719Shrs ;; 30197719Shrs esac 31197719Shrs} 32197719Shrs 33117019Smtmrouting_start() 34100280Sgordon{ 35197719Shrs local _cmd _af _a 36197719Shrs _cmd=$1 37197719Shrs _af=$2 38197719Shrs 39197719Shrs afcheck 40197719Shrs 41197719Shrs case $_af in 42197719Shrs inet|inet6|ipx|atm) 43197719Shrs setroutes $_cmd $_af 44197719Shrs ;; 45197719Shrs "") 46197719Shrs for _a in inet inet6 ipx atm; do 47197719Shrs afexists $_a && setroutes $_cmd $_a 48197719Shrs done 49197719Shrs ;; 50197719Shrs esac 51117019Smtm} 52117019Smtm 53117019Smtmrouting_stop() 54117019Smtm{ 55197719Shrs local _af _a 56197719Shrs _af=$1 57197699Shrs 58197719Shrs afcheck 59197719Shrs 60197719Shrs case $_af in 61197719Shrs inet|inet6|ipx|atm) 62197719Shrs eval static_${_af} delete 63197719Shrs eval routing_stop_${_af} 64197719Shrs ;; 65197719Shrs "") 66197719Shrs for _a in inet inet6 ipx atm; do 67197719Shrs afexists $_a || continue 68197719Shrs eval static_${_a} delete 69197719Shrs eval routing_stop_${_a} 70197719Shrs done 71197719Shrs ;; 72197719Shrs esac 73197699Shrs} 74197699Shrs 75197719Shrssetroutes() 76197719Shrs{ 77197719Shrs case $1 in 78197719Shrs static) 79197719Shrs static_$2 add 80197719Shrs ;; 81197719Shrs options) 82197719Shrs options_$2 83197719Shrs ;; 84197719Shrs doall) 85197719Shrs static_$2 add 86197719Shrs options_$2 87197719Shrs ;; 88197719Shrs esac 89197719Shrs} 90197719Shrs 91197699Shrsrouting_stop_inet() 92197699Shrs{ 93197699Shrs route -n flush -inet 94197699Shrs} 95197699Shrs 96197699Shrsrouting_stop_inet6() 97197699Shrs{ 98197699Shrs local i 99197699Shrs 100197699Shrs route -n flush -inet6 101230991Shrs for i in `list_net_interfaces`; do 102230991Shrs if ipv6if $i; then 103230991Shrs ifconfig $i inet6 -defaultif 104230991Shrs fi 105197139Shrs done 106117019Smtm} 107117019Smtm 108197719Shrsrouting_stop_atm() 109117019Smtm{ 110197719Shrs return 0 111197139Shrs} 112197139Shrs 113197719Shrsrouting_stop_ipx() 114197139Shrs{ 115197719Shrs return 0 116197139Shrs} 117197139Shrs 118197699Shrsstatic_inet() 119197139Shrs{ 120197139Shrs local _action 121197139Shrs _action=$1 122197139Shrs 12351231Ssheldonh case ${defaultrouter} in 12451231Ssheldonh [Nn][Oo] | '') 12551231Ssheldonh ;; 12651231Ssheldonh *) 12751231Ssheldonh static_routes="default ${static_routes}" 12851231Ssheldonh route_default="default ${defaultrouter}" 12951231Ssheldonh ;; 13051231Ssheldonh esac 13140006Sphk 13251231Ssheldonh if [ -n "${static_routes}" ]; then 13351231Ssheldonh for i in ${static_routes}; do 134197139Shrs route_args=`get_if_var $i route_IF` 135197139Shrs route ${_action} ${route_args} 13651231Ssheldonh done 13751231Ssheldonh fi 138197139Shrs} 139197139Shrs 140197699Shrsstatic_inet6() 141197139Shrs{ 142243188Shrs local _action fibmod fibs 143197139Shrs _action=$1 144197139Shrs 145231852Sbz # get the number of FIBs supported. 146243188Shrs fibs=$((`${SYSCTL_N} net.fibs` - 1)) 147243212Shrs if [ "$fibs" -gt 0 ]; then 148243188Shrs fibmod="-fib 0-$fibs" 149243188Shrs else 150243188Shrs fibmod= 151243188Shrs fi 152231852Sbz 153197139Shrs # disallow "internal" addresses to appear on the wire 154243188Shrs route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod} 155243188Shrs route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod} 156197139Shrs 157197139Shrs case ${ipv6_defaultrouter} in 158197139Shrs [Nn][Oo] | '') 159197139Shrs ;; 160197139Shrs *) 161197139Shrs ipv6_static_routes="default ${ipv6_static_routes}" 162197139Shrs ipv6_route_default="default ${ipv6_defaultrouter}" 163197139Shrs ;; 164197139Shrs esac 165197139Shrs 166197139Shrs if [ -n "${ipv6_static_routes}" ]; then 167197139Shrs for i in ${ipv6_static_routes}; do 168197139Shrs ipv6_route_args=`get_if_var $i ipv6_route_IF` 169197175Sbz route ${_action} -inet6 ${ipv6_route_args} 170197139Shrs done 171197139Shrs fi 172197139Shrs 173197139Shrs # Fixup $ipv6_network_interfaces 174197139Shrs case ${ipv6_network_interfaces} in 175197139Shrs [Nn][Oo][Nn][Ee]) 176197139Shrs ipv6_network_interfaces='' 177197139Shrs ;; 178197139Shrs esac 179197139Shrs 180197139Shrs if checkyesno ipv6_gateway_enable; then 181197139Shrs for i in ${ipv6_network_interfaces}; do 182197139Shrs 183197139Shrs laddr=`network6_getladdr $i exclude_tentative` 184197139Shrs case ${laddr} in 185197139Shrs '') 186197139Shrs ;; 187197139Shrs *) 188197139Shrs ipv6_working_interfaces="$i \ 189197139Shrs ${ipv6_working_interfaces}" 190197139Shrs ;; 191197139Shrs esac 192197139Shrs done 193197139Shrs ipv6_network_interfaces=${ipv6_working_interfaces} 194197139Shrs fi 195197139Shrs 196197139Shrs # Install the "default interface" to kernel, which will be used 197197139Shrs # as the default route when there's no router. 198197139Shrs case "${ipv6_default_interface}" in 199197139Shrs [Nn][Oo] | [Nn][Oo][Nn][Ee]) 200197139Shrs ipv6_default_interface="" 201197139Shrs ;; 202197139Shrs [Aa][Uu][Tt][Oo] | "") 203197139Shrs for i in ${ipv6_network_interfaces}; do 204197139Shrs case $i in 205197139Shrs lo0|faith[0-9]*) 206197139Shrs continue 207197139Shrs ;; 208197139Shrs esac 209197139Shrs laddr=`network6_getladdr $i exclude_tentative` 210197139Shrs case ${laddr} in 211197139Shrs '') 212197139Shrs ;; 213197139Shrs *) 214197139Shrs ipv6_default_interface=$i 215197139Shrs break 216197139Shrs ;; 217197139Shrs esac 218197139Shrs done 219197139Shrs ;; 220197139Shrs esac 221197139Shrs 222207225Sume # Disallow link-local unicast packets without outgoing scope 223207225Sume # identifiers. However, if you set "ipv6_default_interface", 224207225Sume # for the host case, you will allow to omit the identifiers. 225207225Sume # Under this configuration, the packets will go to the default 226207225Sume # interface. 227243188Shrs route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject ${fibmod} 228243188Shrs route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject ${fibmod} 229197139Shrs 230197139Shrs case ${ipv6_default_interface} in 231197139Shrs '') 232197139Shrs ;; 233197139Shrs *) 234207225Sume # Disable installing the default interface when we act 235207225Sume # as router to avoid conflict between the default 236207225Sume # router list and the manual configured default route. 237197139Shrs if ! checkyesno ipv6_gateway_enable; then 238207225Sume ifconfig ${ipv6_default_interface} inet6 defaultif 239207225Sume sysctl net.inet6.ip6.use_defaultzone=1 240197139Shrs fi 241197139Shrs ;; 242197139Shrs esac 243197139Shrs} 244197139Shrs 245197699Shrsstatic_atm() 246197139Shrs{ 247197699Shrs local _action i route_args 248197139Shrs _action=$1 249197139Shrs 250118908Sharti if [ -n "${natm_static_routes}" ]; then 251118908Sharti for i in ${natm_static_routes}; do 252197139Shrs route_args=`get_if_var $i route_IF` 253197139Shrs atmconfig natm ${_action} ${route_args} 254118908Sharti done 255118908Sharti fi 256117019Smtm} 25729300Sdanny 258197719Shrsstatic_ipx() 259197719Shrs{ 260227366Sjilles : 261197719Shrs} 262197719Shrs 263179940Smtmropts_init() 264179940Smtm{ 265179940Smtm if [ -z "${_ropts_initdone}" ]; then 266224132Sjilles echo -n "Additional $1 routing options:" 267179940Smtm _ropts_initdone=yes 268179940Smtm fi 269179940Smtm} 270179940Smtm 271197699Shrsoptions_inet() 272197699Shrs{ 273224132Sjilles _ropts_initdone= 274197139Shrs if checkyesno icmp_bmcastecho; then 275224132Sjilles ropts_init inet 27651231Ssheldonh echo -n ' broadcast ping responses=YES' 277220153Semaste ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null 278197699Shrs else 279220153Semaste ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null 280197139Shrs fi 28145096Simp 282197139Shrs if checkyesno icmp_drop_redirect; then 283224132Sjilles ropts_init inet 28451231Ssheldonh echo -n ' ignore ICMP redirect=YES' 285220153Semaste ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null 286197699Shrs else 287220153Semaste ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null 288197139Shrs fi 28939267Sjkoshy 290197139Shrs if checkyesno icmp_log_redirect; then 291224132Sjilles ropts_init inet 29251231Ssheldonh echo -n ' log ICMP redirect=YES' 293220153Semaste ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null 294197699Shrs else 295220153Semaste ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null 296197139Shrs fi 29733439Sguido 298197139Shrs if checkyesno gateway_enable; then 299224132Sjilles ropts_init inet 300224132Sjilles echo -n ' gateway=YES' 301220153Semaste ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null 302197699Shrs else 303220153Semaste ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null 304197139Shrs fi 30533439Sguido 306197139Shrs if checkyesno forward_sourceroute; then 307224132Sjilles ropts_init inet 30851231Ssheldonh echo -n ' do source routing=YES' 309220153Semaste ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null 310197699Shrs else 311220153Semaste ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null 312197139Shrs fi 31347752Sphk 314197139Shrs if checkyesno accept_sourceroute; then 315224132Sjilles ropts_init inet 31651231Ssheldonh echo -n ' accept source routing=YES' 317220153Semaste ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null 318197699Shrs else 319220153Semaste ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null 320197139Shrs fi 32151209Sdes 322197699Shrs if checkyesno arpproxy_all; then 323224132Sjilles ropts_init inet 324197699Shrs echo -n ' ARP proxyall=YES' 325220153Semaste ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null 326197699Shrs else 327220153Semaste ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null 328197139Shrs fi 329224132Sjilles 330224132Sjilles [ -n "${_ropts_initdone}" ] && echo '.' 331197699Shrs} 33251231Ssheldonh 333197699Shrsoptions_inet6() 334197699Shrs{ 335224132Sjilles _ropts_initdone= 336224132Sjilles 337197699Shrs if checkyesno ipv6_gateway_enable; then 338224132Sjilles ropts_init inet6 339224132Sjilles echo -n ' gateway=YES' 340220153Semaste ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null 341197699Shrs else 342220153Semaste ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null 343197139Shrs fi 344224132Sjilles 345224132Sjilles [ -n "${_ropts_initdone}" ] && echo '.' 346197699Shrs} 34761961Sdillon 348197719Shrsoptions_atm() 349197719Shrs{ 350224132Sjilles _ropts_initdone= 351224132Sjilles 352224132Sjilles [ -n "${_ropts_initdone}" ] && echo '.' 353197719Shrs} 354197719Shrs 355197699Shrsoptions_ipx() 356197699Shrs{ 357224132Sjilles _ropts_initdone= 358224132Sjilles 359197699Shrs if checkyesno ipxgateway_enable; then 360224132Sjilles ropts_init ipx 361224132Sjilles echo -n ' gateway=YES' 362220153Semaste ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null 363197699Shrs else 364220153Semaste ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null 365197699Shrs fi 366224132Sjilles 367224132Sjilles [ -n "${_ropts_initdone}" ] && echo '.' 36825184Sjkh} 36925184Sjkh 370100280Sgordonload_rc_config $name 371197139Shrsrun_rc_command "$@" 372