#!/bin/sh # # Configure routing and miscellaneous network tunables # # $FreeBSD$ # # PROVIDE: routing # REQUIRE: faith netif ppp stf # KEYWORD: nojail . /etc/rc.subr . /etc/network.subr name="routing" start_cmd="routing_start doall" stop_cmd="routing_stop" extra_commands="options static" static_cmd="routing_start static" options_cmd="routing_start options" afcheck() { case $_af in ""|inet|inet6|ipx|atm) ;; *) err 1 "Unsupported address family: $_af." ;; esac } routing_start() { local _cmd _af _a _cmd=$1 _af=$2 afcheck case $_af in inet|inet6|ipx|atm) setroutes $_cmd $_af ;; "") for _a in inet inet6 ipx atm; do afexists $_a && setroutes $_cmd $_a done ;; esac } routing_stop() { local _af _a _af=$1 afcheck case $_af in inet|inet6|ipx|atm) eval static_${_af} delete eval routing_stop_${_af} ;; "") for _a in inet inet6 ipx atm; do afexists $_a || continue eval static_${_a} delete eval routing_stop_${_a} done ;; esac } setroutes() { case $1 in static) static_$2 add ;; options) options_$2 ;; doall) static_$2 add options_$2 ;; esac } routing_stop_inet() { route -n flush -inet } routing_stop_inet6() { local i route -n flush -inet6 for i in `list_net_interfaces`; do if ipv6if $i; then ifconfig $i inet6 -defaultif fi done } routing_stop_atm() { return 0 } routing_stop_ipx() { return 0 } static_inet() { local _action _action=$1 case ${defaultrouter} in [Nn][Oo] | '') ;; *) static_routes="default ${static_routes}" route_default="default ${defaultrouter}" ;; esac if [ -n "${static_routes}" ]; then for i in ${static_routes}; do route_args=`get_if_var $i route_IF` route ${_action} ${route_args} done fi } static_inet6() { local _action i _action=$1 # disallow "internal" addresses to appear on the wire route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject case ${ipv6_defaultrouter} in [Nn][Oo] | '') ;; *) ipv6_static_routes="default ${ipv6_static_routes}" ipv6_route_default="default ${ipv6_defaultrouter}" ;; esac if [ -n "${ipv6_static_routes}" ]; then for i in ${ipv6_static_routes}; do ipv6_route_args=`get_if_var $i ipv6_route_IF` route ${_action} -inet6 ${ipv6_route_args} done fi # Fixup $ipv6_network_interfaces case ${ipv6_network_interfaces} in [Nn][Oo][Nn][Ee]) ipv6_network_interfaces='' ;; esac if checkyesno ipv6_gateway_enable; then for i in ${ipv6_network_interfaces}; do laddr=`network6_getladdr $i exclude_tentative` case ${laddr} in '') ;; *) ipv6_working_interfaces="$i \ ${ipv6_working_interfaces}" ;; esac done ipv6_network_interfaces=${ipv6_working_interfaces} fi # Install the "default interface" to kernel, which will be used # as the default route when there's no router. case "${ipv6_default_interface}" in [Nn][Oo] | [Nn][Oo][Nn][Ee]) ipv6_default_interface="" ;; [Aa][Uu][Tt][Oo] | "") for i in ${ipv6_network_interfaces}; do case $i in lo0|faith[0-9]*) continue ;; esac laddr=`network6_getladdr $i exclude_tentative` case ${laddr} in '') ;; *) ipv6_default_interface=$i break ;; esac done ;; esac # Disallow link-local unicast packets without outgoing scope # identifiers. However, if you set "ipv6_default_interface", # for the host case, you will allow to omit the identifiers. # Under this configuration, the packets will go to the default # interface. route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject case ${ipv6_default_interface} in '') ;; *) # Disable installing the default interface when we act # as router to avoid conflict between the default # router list and the manual configured default route. if ! checkyesno ipv6_gateway_enable; then ifconfig ${ipv6_default_interface} inet6 defaultif sysctl net.inet6.ip6.use_defaultzone=1 fi ;; esac } static_atm() { local _action i route_args _action=$1 if [ -n "${natm_static_routes}" ]; then for i in ${natm_static_routes}; do route_args=`get_if_var $i route_IF` atmconfig natm ${_action} ${route_args} done fi } static_ipx() { : } ropts_init() { if [ -z "${_ropts_initdone}" ]; then echo -n "Additional $1 routing options:" _ropts_initdone=yes fi } options_inet() { _ropts_initdone= if checkyesno icmp_bmcastecho; then ropts_init inet echo -n ' broadcast ping responses=YES' ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null else ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null fi if checkyesno icmp_drop_redirect; then ropts_init inet echo -n ' ignore ICMP redirect=YES' ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null else ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null fi if checkyesno icmp_log_redirect; then ropts_init inet echo -n ' log ICMP redirect=YES' ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null else ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null fi if checkyesno gateway_enable; then ropts_init inet echo -n ' gateway=YES' ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null else ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null fi if checkyesno forward_sourceroute; then ropts_init inet echo -n ' do source routing=YES' ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null else ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null fi if checkyesno accept_sourceroute; then ropts_init inet echo -n ' accept source routing=YES' ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null else ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null fi if checkyesno arpproxy_all; then ropts_init inet echo -n ' ARP proxyall=YES' ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null else ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null fi [ -n "${_ropts_initdone}" ] && echo '.' } options_inet6() { _ropts_initdone= if checkyesno ipv6_gateway_enable; then ropts_init inet6 echo -n ' gateway=YES' ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null else ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null fi [ -n "${_ropts_initdone}" ] && echo '.' } options_atm() { _ropts_initdone= [ -n "${_ropts_initdone}" ] && echo '.' } options_ipx() { _ropts_initdone= if checkyesno ipxgateway_enable; then ropts_init ipx echo -n ' gateway=YES' ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null else ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null fi [ -n "${_ropts_initdone}" ] && echo '.' } load_rc_config $name run_rc_command "$@"