routing revision 255163 
1#!/bin/sh
2#
3# Configure routing and miscellaneous network tunables
4#
5# $FreeBSD: head/etc/rc.d/routing 255163 2013-09-02 23:52:25Z delphij $
6#
7
8# PROVIDE: routing
9# REQUIRE: faith netif ppp stf
10# KEYWORD: nojailvnet
11
12. /etc/rc.subr
13. /etc/network.subr
14
15name="routing"
16start_cmd="routing_start doall"
17stop_cmd="routing_stop"
18extra_commands="options static"
19static_cmd="routing_start static"
20options_cmd="routing_start options"
21
22ROUTE_CMD="/sbin/route"
23
24routing_start()
25{
26	local _cmd _af _if _a
27	_cmd=$1
28	_af=$2
29	_if=$3
30
31	case $_if in
32	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
33	esac
34
35	case $_af in
36	inet|inet6|ipx|atm)
37		if afexists $_af; then
38			setroutes $_cmd $_af $_if
39		else
40			err 1 "Unsupported address family: $_af."
41		fi
42		;;
43	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
44		for _a in inet inet6 ipx atm; do
45			afexists $_a && setroutes $_cmd $_a $_if
46		done
47		;;
48	*)
49		err 1 "Unsupported address family: $_af."
50		;;
51	esac
52}
53
54routing_stop()
55{
56	local _af _if _a
57	_af=$1
58	_if=$2
59
60	case $_if in
61	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
62	esac
63
64	case $_af in
65	inet|inet6|ipx|atm)
66		if afexists $_af; then
67			eval static_${_af} delete $_if 
68			# When $_if is specified, do not flush routes.
69			if ! [ -n "$_if" ]; then
70				eval routing_stop_${_af}
71			fi
72		else
73			err 1 "Unsupported address family: $_af."
74		fi
75		;;
76	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
77		for _a in inet inet6 ipx atm; do
78			afexists $_a || continue
79			eval static_${_a} delete $_if
80			# When $_if is specified, do not flush routes.
81			if ! [ -n "$_if" ]; then
82				eval routing_stop_${_a}
83			fi
84		done
85		;;
86	*)
87		err 1 "Unsupported address family: $_af."
88		;;
89	esac
90}
91
92setroutes()
93{
94	case $1 in
95	static)
96		static_$2 add $3
97		;;
98	options)
99		options_$2
100		;;
101	doall)
102		static_$2 add $3
103		options_$2
104		;;
105	esac
106}
107
108routing_stop_inet()
109{
110	${ROUTE_CMD} -n flush -inet
111}
112
113routing_stop_inet6()
114{
115	local i
116
117	${ROUTE_CMD} -n flush -inet6
118	for i in `list_net_interfaces`; do
119		if ipv6if $i; then
120			ifconfig $i inet6 -defaultif
121		fi
122	done
123}
124
125routing_stop_atm()
126{
127	return 0
128}
129
130routing_stop_ipx()
131{
132	return 0
133}
134
135static_inet()
136{
137	local _action _if _skip
138	_action=$1
139	_if=$2
140
141	# Add default route.
142	case ${defaultrouter} in
143	[Nn][Oo] | '')
144		;;
145	*)
146		static_routes="${static_routes} _default"
147		route__default="default ${defaultrouter}"
148		;;
149	esac
150
151	# Install configured routes.
152	if [ -n "${static_routes}" ]; then
153		for i in ${static_routes}; do
154			_skip=0
155			if [ -n "$_if" ]; then
156				case $i in
157				*:$_if)	;;
158				*)	_skip=1 ;;
159				esac
160			fi
161			if [ $_skip = 0 ]; then
162				route_args=`get_if_var ${i%:*} route_IF`
163				if [ -n "$route_args" ]; then
164					${ROUTE_CMD} ${_action} ${route_args}
165				else
166					warn "route_${i%:*} not found."
167				fi
168			fi
169		done
170	fi
171}
172
173static_inet6()
174{
175	local _action _if _skip fibmod fibs
176	_action=$1
177	_if=$2
178
179	# get the number of FIBs supported.
180	fibs=$((`${SYSCTL_N} net.fibs` - 1))
181	if [ "$fibs" -gt 0 ]; then
182		fibmod="-fib 0-$fibs"
183	else
184		fibmod=
185	fi
186
187	# Add pre-defined static routes first.
188	ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}"
189	ipv6_static_routes="_lla _llma ${ipv6_static_routes}"
190
191	# disallow "internal" addresses to appear on the wire
192	ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
193	ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
194
195	# Disallow link-local unicast packets without outgoing scope
196	# identifiers.  However, if you set "ipv6_default_interface",
197	# for the host case, you will allow to omit the identifiers.
198	# Under this configuration, the packets will go to the default
199	# interface.
200	ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}"
201	ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}"
202
203	# Add default route.
204	case ${ipv6_defaultrouter} in
205	[Nn][Oo] | '')
206		;;
207	*)
208		ipv6_static_routes="${ipv6_static_routes} _default"
209		ipv6_route__default="default ${ipv6_defaultrouter}"
210		;;
211	esac
212
213	# Install configured routes.
214	if [ -n "${ipv6_static_routes}" ]; then
215		for i in ${ipv6_static_routes}; do
216			_skip=0
217			if [ -n "$_if" ]; then
218				case $i in
219				*:$_if)	;;
220				*)	_skip=1 ;;
221				esac
222			fi
223			if [ $_skip = 0 ]; then
224				ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF`
225				if [ -n "$ipv6_route_args" ]; then
226					${ROUTE_CMD} ${_action} \
227						-inet6 ${ipv6_route_args}
228				else
229					warn "route_${i%:*} not found"
230				fi
231			fi
232		done
233	fi
234
235	# Install the "default interface" to kernel, which will be used
236	# as the default route when there's no router.
237
238	# Disable installing the default interface when we act
239	# as router to avoid conflict between the default
240	# router list and the manual configured default route.
241	if checkyesno ipv6_gateway_enable; then
242		return
243	fi
244
245	case "${ipv6_default_interface}" in
246	[Nn][Oo] | [Nn][Oo][Nn][Ee])
247		return
248		;;
249	[Aa][Uu][Tt][Oo] | "")
250		for i in ${ipv6_network_interfaces}; do
251			case $i in
252			[Nn][Oo][Nn][Ee])
253				return
254				;;
255			lo0|faith[0-9]*)
256				continue
257				;;
258			esac
259			laddr=`network6_getladdr $i exclude_tentative`
260			case ${laddr} in
261			'')
262				;;
263			*)
264				ipv6_default_interface=$i
265				break
266				;;
267			esac
268		done
269		;;
270	esac
271
272	ifconfig ${ipv6_default_interface} inet6 defaultif
273	sysctl net.inet6.ip6.use_defaultzone=1
274}
275
276static_atm()
277{
278	local _action i route_args
279	_action=$1
280
281	if [ -n "${natm_static_routes}" ]; then
282		for i in ${natm_static_routes}; do
283			route_args=`get_if_var $i route_IF`
284			if [ -n "$route_args" ]; then
285				atmconfig natm ${_action} ${route_args}
286			else
287				warn "route_${i} not found."
288			fi
289		done
290	fi
291}
292
293static_ipx()
294{
295	:
296}
297
298ropts_init()
299{
300	if [ -z "${_ropts_initdone}" ]; then
301		echo -n "Additional $1 routing options:"
302		_ropts_initdone=yes
303	fi
304}
305
306options_inet()
307{
308	_ropts_initdone=
309	if checkyesno icmp_bmcastecho; then
310		ropts_init inet
311		echo -n ' broadcast ping responses=YES'
312		${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
313	else
314		${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
315	fi
316
317	if checkyesno icmp_drop_redirect; then
318		ropts_init inet
319		echo -n ' ignore ICMP redirect=YES'
320		${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
321	else
322		${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
323	fi
324
325	if checkyesno icmp_log_redirect; then
326		ropts_init inet
327		echo -n ' log ICMP redirect=YES'
328		${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
329	else
330		${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
331	fi
332
333	if checkyesno gateway_enable; then
334		ropts_init inet
335		echo -n ' gateway=YES'
336		${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
337	else
338		${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
339	fi
340
341	if checkyesno forward_sourceroute; then
342		ropts_init inet
343		echo -n ' do source routing=YES'
344		${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
345	else
346		${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
347	fi
348
349	if checkyesno accept_sourceroute; then
350		ropts_init inet
351		echo -n ' accept source routing=YES'
352		${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
353	else
354		${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
355	fi
356
357	if checkyesno arpproxy_all; then
358		ropts_init inet
359		echo -n ' ARP proxyall=YES'
360		${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
361	else
362		${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
363	fi
364
365	[ -n "${_ropts_initdone}" ] && echo '.'
366}
367
368options_inet6()
369{
370	_ropts_initdone=
371
372	if checkyesno ipv6_gateway_enable; then
373		ropts_init inet6
374		echo -n ' gateway=YES'
375		${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
376	else
377		${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
378	fi
379
380	[ -n "${_ropts_initdone}" ] && echo '.'
381}
382
383options_atm()
384{
385	_ropts_initdone=
386
387	[ -n "${_ropts_initdone}" ] && echo '.'
388}
389
390options_ipx()
391{
392	_ropts_initdone=
393
394	if checkyesno ipxgateway_enable; then
395		ropts_init ipx
396		echo -n ' gateway=YES'
397		${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null
398	else
399		${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null
400	fi
401
402	[ -n "${_ropts_initdone}" ] && echo '.'
403}
404
405load_rc_config $name
406run_rc_command "$@"
407