routing | searchcode

/etc/rc.d/routing

https://bitbucket.org/freebsd/freebsd-head/
Shell | 393 lines | 320 code | 51 blank | 22 comment | 36 complexity | 297c0d58143f485b40d40e11a58be021 MD5 | raw file
Possible License(s): MPL-2.0-no-copyleft-exception, BSD-3-Clause, LGPL-2.0, LGPL-2.1, BSD-2-Clause, 0BSD, JSON, AGPL-1.0, GPL-2.0

#!/bin/sh
#
# Configure routing and miscellaneous network tunables
#
# $FreeBSD$
#

# PROVIDE: routing
# REQUIRE: faith netif ppp stf
# KEYWORD: nojail

. /etc/rc.subr
. /etc/network.subr

name="routing"
start_cmd="routing_start doall"
stop_cmd="routing_stop"
extra_commands="options static"
static_cmd="routing_start static"
options_cmd="routing_start options"

afcheck()
{
	case $_af in
	""|inet|inet6|ipx|atm)
		;;
	*)
		err 1 "Unsupported address family: $_af."
		;;
	esac
}

routing_start()
{
	local _cmd _af _a
	_cmd=$1
	_af=$2

	afcheck

	case $_af in
	inet|inet6|ipx|atm)
		setroutes $_cmd $_af
		;;
	"")
		for _a in inet inet6 ipx atm; do
			afexists $_a && setroutes $_cmd $_a
		done
		;;
	esac
}

routing_stop()
{
	local _af _a
	_af=$1

	afcheck

	case $_af in
	inet|inet6|ipx|atm)
		eval static_${_af} delete
		eval routing_stop_${_af}
		;;
	"")
		for _a in inet inet6 ipx atm; do
			afexists $_a || continue
			eval static_${_a} delete
			eval routing_stop_${_a}
		done
		;;
	esac
}

setroutes()
{
	case $1 in
	static)
		static_$2 add
		;;
	options)
		options_$2
		;;
	doall)
		static_$2 add
		options_$2
		;;
	esac
}

routing_stop_inet()
{
	route -n flush -inet
}

routing_stop_inet6()
{
	local i

	route -n flush -inet6
	for i in `list_net_interfaces`; do
		if ipv6if $i; then
			ifconfig $i inet6 -defaultif
		fi
	done
}

routing_stop_atm()
{
	return 0
}

routing_stop_ipx()
{
	return 0
}

static_inet()
{
	local _action
	_action=$1

	case ${defaultrouter} in
	[Nn][Oo] | '')
		;;
	*)
		static_routes="default ${static_routes}"
		route_default="default ${defaultrouter}"
		;;
	esac

	if [ -n "${static_routes}" ]; then
		for i in ${static_routes}; do
			route_args=`get_if_var $i route_IF`
			route ${_action} ${route_args}
		done
	fi
}

static_inet6()
{
	local _action i fibs
	_action=$1

	# get the number of FIBs supported.
	fibs=`sysctl -n net.fibs`
	: ${fibs:=1}

	# disallow "internal" addresses to appear on the wire
	route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
	route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
	i=1
	if test ${i} -lt ${fibs}; then
		printf "Also installing reject routes for FIBs"
		while test ${i} -lt ${fibs}; do
			setfib -F ${i} route -q ${_action} \
			    -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
			setfib -F ${i} route -q ${_action} \
			    -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
			printf " %d" ${i}
			i=$((i + 1))
		done
		printf "\n"
	fi

	case ${ipv6_defaultrouter} in
	[Nn][Oo] | '')
		;;
	*)
		ipv6_static_routes="default ${ipv6_static_routes}"
		ipv6_route_default="default ${ipv6_defaultrouter}"
		;;
	esac

	if [ -n "${ipv6_static_routes}" ]; then
		for i in ${ipv6_static_routes}; do
			ipv6_route_args=`get_if_var $i ipv6_route_IF`
			route ${_action} -inet6 ${ipv6_route_args}
		done
	fi

	# Fixup $ipv6_network_interfaces
	case ${ipv6_network_interfaces} in
	[Nn][Oo][Nn][Ee])
		ipv6_network_interfaces=''
		;;
	esac

	if checkyesno ipv6_gateway_enable; then
		for i in ${ipv6_network_interfaces}; do

			laddr=`network6_getladdr $i exclude_tentative`
			case ${laddr} in
			'')
				;;
			*)
				ipv6_working_interfaces="$i \
				    ${ipv6_working_interfaces}"
				;;
			esac
		done
		ipv6_network_interfaces=${ipv6_working_interfaces}
	fi

	# Install the "default interface" to kernel, which will be used
	# as the default route when there's no router.
	case "${ipv6_default_interface}" in
	[Nn][Oo] | [Nn][Oo][Nn][Ee])
		ipv6_default_interface=""
		;;
	[Aa][Uu][Tt][Oo] | "")
		for i in ${ipv6_network_interfaces}; do
			case $i in
			lo0|faith[0-9]*)
				continue
				;;
			esac
			laddr=`network6_getladdr $i exclude_tentative`
			case ${laddr} in
			'')
				;;
			*)
				ipv6_default_interface=$i
				break
				;;
			esac
		done
		;;
	esac

	# Disallow link-local unicast packets without outgoing scope
	# identifiers.  However, if you set "ipv6_default_interface",
	# for the host case, you will allow to omit the identifiers.
	# Under this configuration, the packets will go to the default
	# interface.
	route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
	route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
	i=1
	if test ${i} -lt ${fibs}; then
		printf "Also installing reject routes for FIBs"
		while test ${i} -lt ${fibs}; do
			setfib -F ${i} route -q ${_action} \
			    -inet6 fe80:: -prefixlen 10 ::1 -reject
			setfib -F ${i} route -q ${_action} \
			    -inet6 ff02:: -prefixlen 16 ::1 -reject
			printf " %d" ${i}
			i=$((i + 1))
		done
		printf "\n"
	fi

	case ${ipv6_default_interface} in
	'')
		;;
	*)
		# Disable installing the default interface when we act
		# as router to avoid conflict between the default
		# router list and the manual configured default route.
		if ! checkyesno ipv6_gateway_enable; then
			ifconfig ${ipv6_default_interface} inet6 defaultif
			sysctl net.inet6.ip6.use_defaultzone=1
		fi
		;;
	esac
}

static_atm()
{
	local _action i route_args
	_action=$1

	if [ -n "${natm_static_routes}" ]; then
		for i in ${natm_static_routes}; do
			route_args=`get_if_var $i route_IF`
			atmconfig natm ${_action} ${route_args}
		done
	fi
}

static_ipx()
{
	:
}

ropts_init()
{
	if [ -z "${_ropts_initdone}" ]; then
		echo -n "Additional $1 routing options:"
		_ropts_initdone=yes
	fi
}

options_inet()
{
	_ropts_initdone=
	if checkyesno icmp_bmcastecho; then
		ropts_init inet
		echo -n ' broadcast ping responses=YES'
		${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
	else
		${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
	fi

	if checkyesno icmp_drop_redirect; then
		ropts_init inet
		echo -n ' ignore ICMP redirect=YES'
		${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
	else
		${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
	fi

	if checkyesno icmp_log_redirect; then
		ropts_init inet
		echo -n ' log ICMP redirect=YES'
		${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
	else
		${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
	fi

	if checkyesno gateway_enable; then
		ropts_init inet
		echo -n ' gateway=YES'
		${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
	else
		${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
	fi

	if checkyesno forward_sourceroute; then
		ropts_init inet
		echo -n ' do source routing=YES'
		${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
	else
		${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
	fi

	if checkyesno accept_sourceroute; then
		ropts_init inet
		echo -n ' accept source routing=YES'
		${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
	else
		${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
	fi

	if checkyesno arpproxy_all; then
		ropts_init inet
		echo -n ' ARP proxyall=YES'
		${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
	else
		${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
	fi

	[ -n "${_ropts_initdone}" ] && echo '.'
}

options_inet6()
{
	_ropts_initdone=

	if checkyesno ipv6_gateway_enable; then
		ropts_init inet6
		echo -n ' gateway=YES'
		${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
	else
		${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
	fi

	[ -n "${_ropts_initdone}" ] && echo '.'
}

options_atm()
{
	_ropts_initdone=

	[ -n "${_ropts_initdone}" ] && echo '.'
}

options_ipx()
{
	_ropts_initdone=

	if checkyesno ipxgateway_enable; then
		ropts_init ipx
		echo -n ' gateway=YES'
		${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null
	else
		${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null
	fi

	[ -n "${_ropts_initdone}" ] && echo '.'
}

load_rc_config $name
run_rc_command "$@"