etc/rc.d/routing

   1 #!/bin/sh
   2 #
   3 # Configure routing and miscellaneous network tunables
   4 #
   5 # $FreeBSD$
   6 #
   7
   8 # PROVIDE: routing
   9 # REQUIRE: faith netif ppp stf
  10 # KEYWORD: nojail
  11
  12 . /etc/rc.subr
  13 . /etc/network.subr
  14
  15 name="routing"
  16 start_cmd="routing_start doall"
  17 stop_cmd="routing_stop"
  18 extra_commands="options static"
  19 static_cmd="routing_start static"
  20 options_cmd="routing_start options"
  21
  22 afcheck()
  23 {
  24         case $_af in
  25         ""|inet|inet6|ipx|atm)
  26                 ;;
  27         *)
  28                 err 1 "Unsupported address family: $_af."
  29                 ;;
  30         esac
  31 }
  32
  33 routing_start()
  34 {
  35         local _cmd _af _a
  36         _cmd=$1
  37         _af=$2
  38
  39         afcheck
  40
  41         case $_af in
  42         inet|inet6|ipx|atm)
  43                 setroutes $_cmd $_af
  44                 ;;
  45         "")
  46                 for _a in inet inet6 ipx atm; do
  47                         afexists $_a && setroutes $_cmd $_a
  48                 done
  49                 ;;
  50         esac
  51         [ -n "${_ropts_initdone}" ] && echo '.'
  52 }
  53
  54 routing_stop()
  55 {
  56         local _af _a
  57         _af=$1
  58
  59         afcheck
  60
  61         case $_af in
  62         inet|inet6|ipx|atm)
  63                 eval static_${_af} delete
  64                 eval routing_stop_${_af}
  65                 ;;
  66         "")
  67                 for _a in inet inet6 ipx atm; do
  68                         afexists $_a || continue
  69                         eval static_${_a} delete
  70                         eval routing_stop_${_a}
  71                 done
  72                 ;;
  73         esac
  74 }
  75
  76 setroutes()
  77 {
  78         case $1 in
  79         static)
  80                 static_$2 add
  81                 ;;
  82         options)
  83                 options_$2
  84                 ;;
  85         doall)
  86                 static_$2 add
  87                 options_$2
  88                 ;;
  89         esac
  90 }
  91
  92 routing_stop_inet()
  93 {
  94         route -n flush -inet
  95 }
  96
  97 routing_stop_inet6()
  98 {
  99         local i
 100
 101         route -n flush -inet6
 102         for i in ${ipv6_network_interfaces}; do
 103                 ifconfig $i inet6 -defaultif
 104         done
 105 }
 106
 107 routing_stop_atm()
 108 {
 109         return 0
 110 }
 111
 112 routing_stop_ipx()
 113 {
 114         return 0
 115 }
 116
 117 static_inet()
 118 {
 119         local _action
 120         _action=$1
 121
 122         case ${defaultrouter} in
 123         [Nn][Oo] | '')
 124                 ;;
 125         *)
 126                 static_routes="default ${static_routes}"
 127                 route_default="default ${defaultrouter}"
 128                 ;;
 129         esac
 130
 131         if [ -n "${static_routes}" ]; then
 132                 for i in ${static_routes}; do
 133                         route_args=`get_if_var $i route_IF`
 134                         route ${_action} ${route_args}
 135                 done
 136         fi
 137 }
 138
 139 static_inet6()
 140 {
 141         local _action i
 142         _action=$1
 143
 144         # disallow "internal" addresses to appear on the wire
 145         route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
 146         route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
 147
 148         case ${ipv6_defaultrouter} in
 149         [Nn][Oo] | '')
 150                 ;;
 151         *)
 152                 ipv6_static_routes="default ${ipv6_static_routes}"
 153                 ipv6_route_default="default ${ipv6_defaultrouter}"
 154                 ;;
 155         esac
 156
 157         if [ -n "${ipv6_static_routes}" ]; then
 158                 for i in ${ipv6_static_routes}; do
 159                         ipv6_route_args=`get_if_var $i ipv6_route_IF`
 160                         route ${_action} -inet6 ${ipv6_route_args}
 161                 done
 162         fi
 163
 164         # Fixup $ipv6_network_interfaces
 165         case ${ipv6_network_interfaces} in
 166         [Nn][Oo][Nn][Ee])
 167                 ipv6_network_interfaces=''
 168                 ;;
 169         esac
 170
 171         if checkyesno ipv6_gateway_enable; then
 172                 for i in ${ipv6_network_interfaces}; do
 173
 174                         laddr=`network6_getladdr $i exclude_tentative`
 175                         case ${laddr} in
 176                         '')
 177                                 ;;
 178                         *)
 179                                 ipv6_working_interfaces="$i \
 180                                     ${ipv6_working_interfaces}"
 181                                 ;;
 182                         esac
 183                 done
 184                 ipv6_network_interfaces=${ipv6_working_interfaces}
 185         fi
 186
 187         # Install the "default interface" to kernel, which will be used
 188         # as the default route when there's no router.
 189         case "${ipv6_default_interface}" in
 190         [Nn][Oo] | [Nn][Oo][Nn][Ee])
 191                 ipv6_default_interface=""
 192                 ;;
 193         [Aa][Uu][Tt][Oo] | "")
 194                 for i in ${ipv6_network_interfaces}; do
 195                         case $i in
 196                         lo0|faith[0-9]*)
 197                                 continue
 198                                 ;;
 199                         esac
 200                         laddr=`network6_getladdr $i exclude_tentative`
 201                         case ${laddr} in
 202                         '')
 203                                 ;;
 204                         *)
 205                                 ipv6_default_interface=$i
 206                                 break
 207                                 ;;
 208                         esac
 209                 done
 210                 ;;
 211         esac
 212
 213         # Disallow link-local unicast packets without outgoing scope
 214         # identifiers.  However, if you set "ipv6_default_interface",
 215         # for the host case, you will allow to omit the identifiers.
 216         # Under this configuration, the packets will go to the default
 217         # interface.
 218         route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
 219         route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
 220
 221         case ${ipv6_default_interface} in
 222         '')
 223                 ;;
 224         *)
 225                 # Disable installing the default interface when we act
 226                 # as router to avoid conflict between the default
 227                 # router list and the manual configured default route.
 228                 if ! checkyesno ipv6_gateway_enable; then
 229                         ifconfig ${ipv6_default_interface} inet6 defaultif
 230                         sysctl net.inet6.ip6.use_defaultzone=1
 231                 fi
 232                 ;;
 233         esac
 234 }
 235
 236 static_atm()
 237 {
 238         local _action i route_args
 239         _action=$1
 240
 241         if [ -n "${natm_static_routes}" ]; then
 242                 for i in ${natm_static_routes}; do
 243                         route_args=`get_if_var $i route_IF`
 244                         atmconfig natm ${_action} ${route_args}
 245                 done
 246         fi
 247 }
 248
 249 static_ipx()
 250 {
 251 }
 252
 253 _ropts_initdone=
 254 ropts_init()
 255 {
 256         if [ -z "${_ropts_initdone}" ]; then
 257                 echo -n 'Additional routing options:'
 258                 _ropts_initdone=yes
 259         fi
 260 }
 261
 262 options_inet()
 263 {
 264         if checkyesno icmp_bmcastecho; then
 265                 ropts_init
 266                 echo -n ' broadcast ping responses=YES'
 267                 ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
 268         else
 269                 ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
 270         fi
 271
 272         if checkyesno icmp_drop_redirect; then
 273                 ropts_init
 274                 echo -n ' ignore ICMP redirect=YES'
 275                 ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
 276         else
 277                 ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
 278         fi
 279
 280         if checkyesno icmp_log_redirect; then
 281                 ropts_init
 282                 echo -n ' log ICMP redirect=YES'
 283                 ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
 284         else
 285                 ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
 286         fi
 287
 288         if checkyesno gateway_enable; then
 289                 ropts_init
 290                 echo -n ' IPv4 gateway=YES'
 291                 ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
 292         else
 293                 ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
 294         fi
 295
 296         if checkyesno forward_sourceroute; then
 297                 ropts_init
 298                 echo -n ' do source routing=YES'
 299                 ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
 300         else
 301                 ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
 302         fi
 303
 304         if checkyesno accept_sourceroute; then
 305                 ropts_init
 306                 echo -n ' accept source routing=YES'
 307                 ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
 308         else
 309                 ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
 310         fi
 311
 312         if checkyesno arpproxy_all; then
 313                 ropts_init
 314                 echo -n ' ARP proxyall=YES'
 315                 ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
 316         else
 317                 ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
 318         fi
 319 }
 320
 321 options_inet6()
 322 {
 323         if checkyesno ipv6_gateway_enable; then
 324                 ropts_init
 325                 echo -n ' IPv6 gateway=YES'
 326                 ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
 327         else
 328                 ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
 329         fi
 330 }
 331
 332 options_atm()
 333 {
 334 }
 335
 336 options_ipx()
 337 {
 338         if checkyesno ipxgateway_enable; then
 339                 ropts_init
 340                 echo -n ' IPX gateway=YES'
 341                 ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null
 342         else
 343                 ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null
 344         fi
 345 }
 346
 347 load_rc_config $name
 348 run_rc_command "$@"