/etc/rc.d/routing
Shell | 393 lines | 320 code | 51 blank | 22 comment | 36 complexity | 297c0d58143f485b40d40e11a58be021 MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception, BSD-3-Clause, LGPL-2.0, LGPL-2.1, BSD-2-Clause, 0BSD, JSON, AGPL-1.0, GPL-2.0
- #!/bin/sh
- #
- # Configure routing and miscellaneous network tunables
- #
- # $FreeBSD$
- #
- # PROVIDE: routing
- # REQUIRE: faith netif ppp stf
- # KEYWORD: nojail
- . /etc/rc.subr
- . /etc/network.subr
- name="routing"
- start_cmd="routing_start doall"
- stop_cmd="routing_stop"
- extra_commands="options static"
- static_cmd="routing_start static"
- options_cmd="routing_start options"
- afcheck()
- {
- case $_af in
- ""|inet|inet6|ipx|atm)
- ;;
- *)
- err 1 "Unsupported address family: $_af."
- ;;
- esac
- }
- routing_start()
- {
- local _cmd _af _a
- _cmd=$1
- _af=$2
- afcheck
- case $_af in
- inet|inet6|ipx|atm)
- setroutes $_cmd $_af
- ;;
- "")
- for _a in inet inet6 ipx atm; do
- afexists $_a && setroutes $_cmd $_a
- done
- ;;
- esac
- }
- routing_stop()
- {
- local _af _a
- _af=$1
- afcheck
- case $_af in
- inet|inet6|ipx|atm)
- eval static_${_af} delete
- eval routing_stop_${_af}
- ;;
- "")
- for _a in inet inet6 ipx atm; do
- afexists $_a || continue
- eval static_${_a} delete
- eval routing_stop_${_a}
- done
- ;;
- esac
- }
- setroutes()
- {
- case $1 in
- static)
- static_$2 add
- ;;
- options)
- options_$2
- ;;
- doall)
- static_$2 add
- options_$2
- ;;
- esac
- }
- routing_stop_inet()
- {
- route -n flush -inet
- }
- routing_stop_inet6()
- {
- local i
- route -n flush -inet6
- for i in `list_net_interfaces`; do
- if ipv6if $i; then
- ifconfig $i inet6 -defaultif
- fi
- done
- }
- routing_stop_atm()
- {
- return 0
- }
- routing_stop_ipx()
- {
- return 0
- }
- static_inet()
- {
- local _action
- _action=$1
- case ${defaultrouter} in
- [Nn][Oo] | '')
- ;;
- *)
- static_routes="default ${static_routes}"
- route_default="default ${defaultrouter}"
- ;;
- esac
- if [ -n "${static_routes}" ]; then
- for i in ${static_routes}; do
- route_args=`get_if_var $i route_IF`
- route ${_action} ${route_args}
- done
- fi
- }
- static_inet6()
- {
- local _action i fibs
- _action=$1
- # get the number of FIBs supported.
- fibs=`sysctl -n net.fibs`
- : ${fibs:=1}
- # disallow "internal" addresses to appear on the wire
- route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
- route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
- i=1
- if test ${i} -lt ${fibs}; then
- printf "Also installing reject routes for FIBs"
- while test ${i} -lt ${fibs}; do
- setfib -F ${i} route -q ${_action} \
- -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
- setfib -F ${i} route -q ${_action} \
- -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
- printf " %d" ${i}
- i=$((i + 1))
- done
- printf "\n"
- fi
- case ${ipv6_defaultrouter} in
- [Nn][Oo] | '')
- ;;
- *)
- ipv6_static_routes="default ${ipv6_static_routes}"
- ipv6_route_default="default ${ipv6_defaultrouter}"
- ;;
- esac
- if [ -n "${ipv6_static_routes}" ]; then
- for i in ${ipv6_static_routes}; do
- ipv6_route_args=`get_if_var $i ipv6_route_IF`
- route ${_action} -inet6 ${ipv6_route_args}
- done
- fi
- # Fixup $ipv6_network_interfaces
- case ${ipv6_network_interfaces} in
- [Nn][Oo][Nn][Ee])
- ipv6_network_interfaces=''
- ;;
- esac
- if checkyesno ipv6_gateway_enable; then
- for i in ${ipv6_network_interfaces}; do
- laddr=`network6_getladdr $i exclude_tentative`
- case ${laddr} in
- '')
- ;;
- *)
- ipv6_working_interfaces="$i \
- ${ipv6_working_interfaces}"
- ;;
- esac
- done
- ipv6_network_interfaces=${ipv6_working_interfaces}
- fi
- # Install the "default interface" to kernel, which will be used
- # as the default route when there's no router.
- case "${ipv6_default_interface}" in
- [Nn][Oo] | [Nn][Oo][Nn][Ee])
- ipv6_default_interface=""
- ;;
- [Aa][Uu][Tt][Oo] | "")
- for i in ${ipv6_network_interfaces}; do
- case $i in
- lo0|faith[0-9]*)
- continue
- ;;
- esac
- laddr=`network6_getladdr $i exclude_tentative`
- case ${laddr} in
- '')
- ;;
- *)
- ipv6_default_interface=$i
- break
- ;;
- esac
- done
- ;;
- esac
- # Disallow link-local unicast packets without outgoing scope
- # identifiers. However, if you set "ipv6_default_interface",
- # for the host case, you will allow to omit the identifiers.
- # Under this configuration, the packets will go to the default
- # interface.
- route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
- route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
- i=1
- if test ${i} -lt ${fibs}; then
- printf "Also installing reject routes for FIBs"
- while test ${i} -lt ${fibs}; do
- setfib -F ${i} route -q ${_action} \
- -inet6 fe80:: -prefixlen 10 ::1 -reject
- setfib -F ${i} route -q ${_action} \
- -inet6 ff02:: -prefixlen 16 ::1 -reject
- printf " %d" ${i}
- i=$((i + 1))
- done
- printf "\n"
- fi
- case ${ipv6_default_interface} in
- '')
- ;;
- *)
- # Disable installing the default interface when we act
- # as router to avoid conflict between the default
- # router list and the manual configured default route.
- if ! checkyesno ipv6_gateway_enable; then
- ifconfig ${ipv6_default_interface} inet6 defaultif
- sysctl net.inet6.ip6.use_defaultzone=1
- fi
- ;;
- esac
- }
- static_atm()
- {
- local _action i route_args
- _action=$1
- if [ -n "${natm_static_routes}" ]; then
- for i in ${natm_static_routes}; do
- route_args=`get_if_var $i route_IF`
- atmconfig natm ${_action} ${route_args}
- done
- fi
- }
- static_ipx()
- {
- :
- }
- ropts_init()
- {
- if [ -z "${_ropts_initdone}" ]; then
- echo -n "Additional $1 routing options:"
- _ropts_initdone=yes
- fi
- }
- options_inet()
- {
- _ropts_initdone=
- if checkyesno icmp_bmcastecho; then
- ropts_init inet
- echo -n ' broadcast ping responses=YES'
- ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
- else
- ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
- fi
- if checkyesno icmp_drop_redirect; then
- ropts_init inet
- echo -n ' ignore ICMP redirect=YES'
- ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
- else
- ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
- fi
- if checkyesno icmp_log_redirect; then
- ropts_init inet
- echo -n ' log ICMP redirect=YES'
- ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
- else
- ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
- fi
- if checkyesno gateway_enable; then
- ropts_init inet
- echo -n ' gateway=YES'
- ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
- else
- ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
- fi
- if checkyesno forward_sourceroute; then
- ropts_init inet
- echo -n ' do source routing=YES'
- ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
- else
- ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
- fi
- if checkyesno accept_sourceroute; then
- ropts_init inet
- echo -n ' accept source routing=YES'
- ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
- else
- ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
- fi
- if checkyesno arpproxy_all; then
- ropts_init inet
- echo -n ' ARP proxyall=YES'
- ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
- else
- ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
- fi
- [ -n "${_ropts_initdone}" ] && echo '.'
- }
- options_inet6()
- {
- _ropts_initdone=
- if checkyesno ipv6_gateway_enable; then
- ropts_init inet6
- echo -n ' gateway=YES'
- ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
- else
- ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
- fi
- [ -n "${_ropts_initdone}" ] && echo '.'
- }
- options_atm()
- {
- _ropts_initdone=
- [ -n "${_ropts_initdone}" ] && echo '.'
- }
- options_ipx()
- {
- _ropts_initdone=
- if checkyesno ipxgateway_enable; then
- ropts_init ipx
- echo -n ' gateway=YES'
- ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null
- else
- ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null
- fi
- [ -n "${_ropts_initdone}" ] && echo '.'
- }
- load_rc_config $name
- run_rc_command "$@"