etc/rc.d/routing

   1 #!/bin/sh
   2 #
   3 # Configure routing and miscellaneous network tunables
   4 #
   5 # $FreeBSD$
   6 #
   7
   8 # PROVIDE: routing
   9 # REQUIRE: netif ppp stf
  10 # KEYWORD: nojailvnet
  11
  12 . /etc/rc.subr
  13 . /etc/network.subr
  14
  15 name="routing"
  16 desc="Routing setup"
  17 start_cmd="routing_start doall"
  18 stop_cmd="routing_stop"
  19 extra_commands="options static"
  20 static_cmd="routing_start static"
  21 options_cmd="routing_start options"
  22
  23 ROUTE_CMD="/sbin/route"
  24
  25 routing_start()
  26 {
  27         local _cmd _af _if _a _ret
  28         _cmd=$1
  29         _af=$2
  30         _if=$3
  31         _ret=0
  32
  33         case $_if in
  34         ""|[Aa][Ll][Ll]|[Aa][Nn][Yy])   _if="" ;;
  35         esac
  36
  37         case $_af in
  38         ""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
  39                 for _a in inet inet6 atm; do
  40                         afexists $_a || continue
  41                         setroutes $_cmd $_a $_if || _ret=1
  42                 done
  43         ;;
  44         *)
  45                 if afexists $_af; then
  46                         setroutes $_cmd $_af $_if || _ret=1
  47                 else
  48                         err 1 "Unsupported address family: $_af."
  49                 fi
  50         ;;
  51         esac
  52
  53         return $_ret
  54 }
  55
  56 routing_stop()
  57 {
  58         local _af _if _a
  59         _af=$1
  60         _if=$2
  61
  62         case $_if in
  63         ""|[Aa][Ll][Ll]|[Aa][Nn][Yy])   _if="" ;;
  64         esac
  65
  66         case $_af in
  67         ""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
  68                 for _a in inet inet6 atm; do
  69                         afexists $_a || continue
  70                         eval static_${_a} delete $_if
  71                         # When $_if is specified, do not flush routes.
  72                         if ! [ -n "$_if" ]; then
  73                                 eval routing_stop_${_a}
  74                         fi
  75                 done
  76         ;;
  77         *)
  78                 if afexists $_af; then
  79                         eval static_${_af} delete $_if
  80                         # When $_if is specified, do not flush routes.
  81                         if ! [ -n "$_if" ]; then
  82                                 eval routing_stop_${_af}
  83                         fi
  84                 else
  85                         err 1 "Unsupported address family: $_af."
  86                 fi
  87         ;;
  88         esac
  89 }
  90
  91 setroutes()
  92 {
  93         local _ret
  94         _ret=0
  95         case $1 in
  96         static)
  97                 static_$2 add $3
  98                 _ret=$?
  99                 ;;
 100         options)
 101                 options_$2
 102                 ;;
 103         doall)
 104                 static_$2 add $3
 105                 _ret=$?
 106                 options_$2
 107                 ;;
 108         esac
 109         return $_ret
 110 }
 111
 112 routing_stop_inet()
 113 {
 114         ${ROUTE_CMD} -n flush -inet
 115 }
 116
 117 routing_stop_inet6()
 118 {
 119         local i
 120
 121         ${ROUTE_CMD} -n flush -inet6
 122         for i in `list_net_interfaces`; do
 123                 if ipv6if $i; then
 124                         ifconfig $i inet6 -defaultif
 125                 fi
 126         done
 127 }
 128
 129 routing_stop_atm()
 130 {
 131         return 0
 132 }
 133
 134 get_fibmod()
 135 {
 136         local _fibs
 137
 138         _fibs=$((`${SYSCTL_N} net.fibs` - 1))
 139         if [ ${_fibs} -gt 0 ]; then
 140                 echo "-fib 0-${_fibs}"
 141         else
 142                 echo
 143         fi
 144 }
 145
 146 static_inet()
 147 {
 148         local _action _if _skip _fibmod
 149         _action=$1
 150         _if=$2
 151
 152         _fibmod=`get_fibmod`
 153
 154         # Provide loopback route in all routing tables.  This has to come
 155         # first so that any following routes can be added.
 156         static_routes="_loopback ${static_routes}"
 157         route__loopback="-inet 127.0.0.1 -iface lo0 ${_fibmod}"
 158
 159         # Add default route.
 160         case ${defaultrouter} in
 161         [Nn][Oo] | '')
 162                 ;;
 163         *)
 164                 static_routes="${static_routes} _default"
 165                 route__default="default ${defaultrouter}"
 166                 ;;
 167         esac
 168
 169         # Install configured routes.
 170         if [ -n "${static_routes}" ]; then
 171                 for i in ${static_routes}; do
 172                         _skip=0
 173                         if [ -n "$_if" ]; then
 174                                 case $i in
 175                                 *:$_if) ;;
 176                                 *)      _skip=1 ;;
 177                                 esac
 178                         fi
 179                         if [ $_skip = 0 ]; then
 180                                 route_args=`get_if_var ${i%:*} route_IF`
 181                                 if [ -n "$route_args" ]; then
 182                                         ${ROUTE_CMD} ${_action} ${route_args}
 183                                 else
 184                                         warn "route_${i%:*} not found."
 185                                 fi
 186                         fi
 187                 done
 188         fi
 189 }
 190
 191 static_inet6()
 192 {
 193         local _action _if _skip fibmod allfibs
 194         _action=$1
 195         _if=$2
 196
 197         fibmod=`get_fibmod`
 198
 199         # Add pre-defined static routes first.
 200         ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}"
 201         ipv6_static_routes="_lla _llma ${ipv6_static_routes}"
 202         ipv6_static_routes="_loopback ${ipv6_static_routes}"
 203
 204         # disallow "internal" addresses to appear on the wire
 205         ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
 206         ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
 207
 208         # Create a loopback route in every fib
 209         ipv6_route__loopback="::1 -prefixlen 128 -iface lo0 ${fibmod}"
 210
 211         # Disallow link-local unicast packets without outgoing scope
 212         # identifiers.  However, if you set "ipv6_default_interface",
 213         # for the host case, you will allow to omit the identifiers.
 214         # Under this configuration, the packets will go to the default
 215         # interface.
 216         ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}"
 217         ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}"
 218
 219         # Add default route.
 220         case ${ipv6_defaultrouter} in
 221         [Nn][Oo] | '')
 222                 ;;
 223         *)
 224                 ipv6_static_routes="${ipv6_static_routes} _default"
 225                 ipv6_route__default="default ${ipv6_defaultrouter}"
 226                 ;;
 227         esac
 228
 229         # Install configured routes.
 230         if [ -n "${ipv6_static_routes}" ]; then
 231                 for i in ${ipv6_static_routes}; do
 232                         _skip=0
 233                         if [ -n "$_if" ]; then
 234                                 case $i in
 235                                 *:$_if) ;;
 236                                 *)      _skip=1 ;;
 237                                 esac
 238                         fi
 239                         if [ $_skip = 0 ]; then
 240                                 ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF`
 241                                 if [ -n "$ipv6_route_args" ]; then
 242                                         ${ROUTE_CMD} ${_action} \
 243                                                 -inet6 ${ipv6_route_args}
 244                                 else
 245                                         warn "route_${i%:*} not found"
 246                                 fi
 247                         fi
 248                 done
 249         fi
 250
 251         # Install the "default interface" to kernel, which will be used
 252         # as the default route when there's no router.
 253
 254         # Disable installing the default interface when we act
 255         # as router to avoid conflict between the default
 256         # router list and the manual configured default route.
 257         if checkyesno ipv6_gateway_enable; then
 258                 return
 259         fi
 260
 261         case "${ipv6_default_interface}" in
 262         [Nn][Oo] | [Nn][Oo][Nn][Ee])
 263                 return
 264                 ;;
 265         [Aa][Uu][Tt][Oo] | "")
 266                 for i in ${ipv6_network_interfaces}; do
 267                         case $i in
 268                         [Nn][Oo][Nn][Ee])
 269                                 return
 270                                 ;;
 271                         lo0)
 272                                 continue
 273                                 ;;
 274                         esac
 275                         laddr=`network6_getladdr $i exclude_tentative`
 276                         case ${laddr} in
 277                         '')
 278                                 ;;
 279                         *)
 280                                 ipv6_default_interface=$i
 281                                 break
 282                                 ;;
 283                         esac
 284                 done
 285                 ;;
 286         esac
 287
 288         ifconfig ${ipv6_default_interface} inet6 defaultif
 289         sysctl net.inet6.ip6.use_defaultzone=1
 290 }
 291
 292 static_atm()
 293 {
 294         local _action i route_args
 295         _action=$1
 296
 297         if [ -n "${natm_static_routes}" ]; then
 298                 for i in ${natm_static_routes}; do
 299                         route_args=`get_if_var $i route_IF`
 300                         if [ -n "$route_args" ]; then
 301                                 atmconfig natm ${_action} ${route_args}
 302                         else
 303                                 warn "route_${i} not found."
 304                         fi
 305                 done
 306         fi
 307 }
 308
 309 ropts_init()
 310 {
 311         if [ -z "${_ropts_initdone}" ]; then
 312                 echo -n "Additional $1 routing options:"
 313                 _ropts_initdone=yes
 314         fi
 315 }
 316
 317 options_inet()
 318 {
 319         _ropts_initdone=
 320         if checkyesno icmp_bmcastecho; then
 321                 ropts_init inet
 322                 echo -n ' broadcast ping responses=YES'
 323                 ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
 324         else
 325                 ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
 326         fi
 327
 328         if checkyesno icmp_drop_redirect; then
 329                 ropts_init inet
 330                 echo -n ' ignore ICMP redirect=YES'
 331                 ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
 332         else
 333                 ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
 334         fi
 335
 336         if checkyesno icmp_log_redirect; then
 337                 ropts_init inet
 338                 echo -n ' log ICMP redirect=YES'
 339                 ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
 340         else
 341                 ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
 342         fi
 343
 344         if checkyesno gateway_enable; then
 345                 ropts_init inet
 346                 echo -n ' gateway=YES'
 347                 ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
 348         else
 349                 ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
 350         fi
 351
 352         if checkyesno forward_sourceroute; then
 353                 ropts_init inet
 354                 echo -n ' do source routing=YES'
 355                 ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
 356         else
 357                 ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
 358         fi
 359
 360         if checkyesno accept_sourceroute; then
 361                 ropts_init inet
 362                 echo -n ' accept source routing=YES'
 363                 ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
 364         else
 365                 ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
 366         fi
 367
 368         if checkyesno arpproxy_all; then
 369                 ropts_init inet
 370                 echo -n ' ARP proxyall=YES'
 371                 ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
 372         else
 373                 ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
 374         fi
 375
 376         [ -n "${_ropts_initdone}" ] && echo '.'
 377 }
 378
 379 options_inet6()
 380 {
 381         _ropts_initdone=
 382
 383         if checkyesno ipv6_gateway_enable; then
 384                 ropts_init inet6
 385                 echo -n ' gateway=YES'
 386                 ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
 387         else
 388                 ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
 389         fi
 390
 391         [ -n "${_ropts_initdone}" ] && echo '.'
 392 }
 393
 394 options_atm()
 395 {
 396         _ropts_initdone=
 397
 398         [ -n "${_ropts_initdone}" ] && echo '.'
 399 }
 400
 401 load_rc_config $name
 402 run_rc_command "$@"