xref: /freebsd-11-stable/etc/rc.d/routing

#!/bin/sh
#
# Configure routing and miscellaneous network tunables
#
# $FreeBSD: head/etc/rc.d/routing 251584 2013-06-09 18:11:36Z hrs $
#

# PROVIDE: routing
# REQUIRE: faith netif ppp stf
# KEYWORD: nojailvnet

. /etc/rc.subr
. /etc/network.subr

name="routing"
start_cmd="routing_start doall"
stop_cmd="routing_stop"
extra_commands="options static"
static_cmd="routing_start static"
options_cmd="routing_start options"

ROUTE_CMD="/sbin/route"

routing_start()
{
	local _cmd _af _if _a
	_cmd=$1
	_af=$2
	_if=$3

	case $_if in
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
	esac

	case $_af in
	inet|inet6|ipx|atm)
		if afexists $_af; then
			setroutes $_cmd $_af $_if
		else
			err 1 "Unsupported address family: $_af."
		fi
		;;
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
		for _a in inet inet6 ipx atm; do
			afexists $_a && setroutes $_cmd $_a $_if
		done
		;;
	*)
		err 1 "Unsupported address family: $_af."
		;;
	esac
}

routing_stop()
{
	local _af _if _a
	_af=$1
	_if=$2

	case $_if in
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
	esac

	case $_af in
	inet|inet6|ipx|atm)
		if afexists $_af; then
			eval static_${_af} delete $_if 
			# When $_if is specified, do not flush routes.
			if ! [ -n "$_if" ]; then
				eval routing_stop_${_af}
			fi
		else
			err 1 "Unsupported address family: $_af."
		fi
		;;
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
		for _a in inet inet6 ipx atm; do
			afexists $_a || continue
			eval static_${_a} delete $_if
			# When $_if is specified, do not flush routes.
			if ! [ -n "$_if" ]; then
				eval routing_stop_${_a}
			fi
		done
		;;
	*)
		err 1 "Unsupported address family: $_af."
		;;
	esac
}

setroutes()
{
	case $1 in
	static)
		static_$2 add $3
		;;
	options)
		options_$2
		;;
	doall)
		static_$2 add $3
		options_$2
		;;
	esac
}

routing_stop_inet()
{
	${ROUTE_CMD} -n flush -inet
}

routing_stop_inet6()
{
	local i

	${ROUTE_CMD} -n flush -inet6
	for i in `list_net_interfaces`; do
		if ipv6if $i; then
			ifconfig $i inet6 -defaultif
		fi
	done
}

routing_stop_atm()
{
	return 0
}

routing_stop_ipx()
{
	return 0
}

static_inet()
{
	local _action _if _skip
	_action=$1
	_if=$2

	# Add default route.
	case ${defaultrouter} in
	[Nn][Oo] | '')
		;;
	*)
		static_routes="_default ${static_routes}"
		route__default="default ${defaultrouter}"
		;;
	esac

	# Install configured routes.
	if [ -n "${static_routes}" ]; then
		for i in ${static_routes}; do
			_skip=0
			if [ -n "$_if" ]; then
				case $i in
				*:$_if)	;;
				*)	_skip=1 ;;
				esac
			fi
			if [ $_skip = 0 ]; then
				route_args=`get_if_var ${i%:*} route_IF`
				if [ -n "$route_args" ]; then
					${ROUTE_CMD} ${_action} ${route_args}
				else
					warn "route_${i%:*} not found."
				fi
			fi
		done
	fi
}

static_inet6()
{
	local _action _if _skip fibmod fibs
	_action=$1
	_if=$2

	# get the number of FIBs supported.
	fibs=$((`${SYSCTL_N} net.fibs` - 1))
	if [ "$fibs" -gt 0 ]; then
		fibmod="-fib 0-$fibs"
	else
		fibmod=
	fi

	# Add pre-defined static routes first.
	ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}"
	ipv6_static_routes="_lla _llma ${ipv6_static_routes}"

	# disallow "internal" addresses to appear on the wire
	ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
	ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"

	# Disallow link-local unicast packets without outgoing scope
	# identifiers.  However, if you set "ipv6_default_interface",
	# for the host case, you will allow to omit the identifiers.
	# Under this configuration, the packets will go to the default
	# interface.
	ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}"
	ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}"

	# Add default route.
	case ${ipv6_defaultrouter} in
	[Nn][Oo] | '')
		;;
	*)
		ipv6_static_routes="_default ${ipv6_static_routes}"
		ipv6_route__default="default ${ipv6_defaultrouter}"
		;;
	esac

	# Install configured routes.
	if [ -n "${ipv6_static_routes}" ]; then
		for i in ${ipv6_static_routes}; do
			_skip=0
			if [ -n "$_if" ]; then
				case $i in
				*:$_if)	;;
				*)	_skip=1 ;;
				esac
			fi
			if [ $_skip = 0 ]; then
				ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF`
				if [ -n "$ipv6_route_args" ]; then
					${ROUTE_CMD} ${_action} \
						-inet6 ${ipv6_route_args}
				else
					warn "route_${i%:*} not found"
				fi
			fi
		done
	fi

	# Install the "default interface" to kernel, which will be used
	# as the default route when there's no router.

	# Disable installing the default interface when we act
	# as router to avoid conflict between the default
	# router list and the manual configured default route.
	if checkyesno ipv6_gateway_enable; then
		return
	fi

	case "${ipv6_default_interface}" in
	[Nn][Oo] | [Nn][Oo][Nn][Ee])
		return
		;;
	[Aa][Uu][Tt][Oo] | "")
		for i in ${ipv6_network_interfaces}; do
			case $i in
			[Nn][Oo][Nn][Ee])
				return
				;;
			lo0|faith[0-9]*)
				continue
				;;
			esac
			laddr=`network6_getladdr $i exclude_tentative`
			case ${laddr} in
			'')
				;;
			*)
				ipv6_default_interface=$i
				break
				;;
			esac
		done
		;;
	esac

	ifconfig ${ipv6_default_interface} inet6 defaultif
	sysctl net.inet6.ip6.use_defaultzone=1
}

static_atm()
{
	local _action i route_args
	_action=$1

	if [ -n "${natm_static_routes}" ]; then
		for i in ${natm_static_routes}; do
			route_args=`get_if_var $i route_IF`
			if [ -n "$route_args" ]; then
				atmconfig natm ${_action} ${route_args}
			else
				warn "route_${i} not found."
			fi
		done
	fi
}

static_ipx()
{
	:
}

ropts_init()
{
	if [ -z "${_ropts_initdone}" ]; then
		echo -n "Additional $1 routing options:"
		_ropts_initdone=yes
	fi
}

options_inet()
{
	_ropts_initdone=
	if checkyesno icmp_bmcastecho; then
		ropts_init inet
		echo -n ' broadcast ping responses=YES'
		${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
	else
		${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
	fi

	if checkyesno icmp_drop_redirect; then
		ropts_init inet
		echo -n ' ignore ICMP redirect=YES'
		${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
	else
		${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
	fi

	if checkyesno icmp_log_redirect; then
		ropts_init inet
		echo -n ' log ICMP redirect=YES'
		${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
	else
		${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
	fi

	if checkyesno gateway_enable; then
		ropts_init inet
		echo -n ' gateway=YES'
		${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
	else
		${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
	fi

	if checkyesno forward_sourceroute; then
		ropts_init inet
		echo -n ' do source routing=YES'
		${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
	else
		${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
	fi

	if checkyesno accept_sourceroute; then
		ropts_init inet
		echo -n ' accept source routing=YES'
		${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
	else
		${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
	fi

	if checkyesno arpproxy_all; then
		ropts_init inet
		echo -n ' ARP proxyall=YES'
		${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
	else
		${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
	fi

	[ -n "${_ropts_initdone}" ] && echo '.'
}

options_inet6()
{
	_ropts_initdone=

	if checkyesno ipv6_gateway_enable; then
		ropts_init inet6
		echo -n ' gateway=YES'
		${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
	else
		${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
	fi

	[ -n "${_ropts_initdone}" ] && echo '.'
}

options_atm()
{
	_ropts_initdone=

	[ -n "${_ropts_initdone}" ] && echo '.'
}

options_ipx()
{
	_ropts_initdone=

	if checkyesno ipxgateway_enable; then
		ropts_init ipx
		echo -n ' gateway=YES'
		${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null
	else
		${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null
	fi

	[ -n "${_ropts_initdone}" ] && echo '.'
}

load_rc_config $name
run_rc_command "$@"