xref: /freebsd/libexec/rc/rc.d/routing (revision 49086aa35d987b78dbc3c9ec94814fe338e07164)
1#!/bin/sh
2#
3# Configure routing and miscellaneous network tunables
4#
5#
6
7# PROVIDE: routing
8# REQUIRE: netif ppp stf
9# KEYWORD: nojailvnet
10
11. /etc/rc.subr
12. /etc/network.subr
13
14name="routing"
15desc="Routing setup"
16start_cmd="routing_start doall"
17stop_cmd="routing_stop"
18extra_commands="options static"
19static_cmd="routing_start static"
20options_cmd="routing_start options"
21
22ROUTE_CMD="/sbin/route"
23
24routing_start()
25{
26	local _cmd _af _if _a _ret
27	_cmd=$1
28	_af=$2
29	_if=$3
30	_ret=0
31
32	case $_if in
33	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
34	esac
35
36	case $_af in
37	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
38		for _a in inet inet6; do
39			afexists $_a || continue
40			setroutes $_cmd $_a $_if || _ret=1
41		done
42	;;
43	*)
44		if afexists $_af; then
45			setroutes $_cmd $_af $_if || _ret=1
46		else
47			err 1 "Unsupported address family: $_af."
48		fi
49	;;
50	esac
51
52	return $_ret
53}
54
55routing_stop()
56{
57	local _af _if _a
58	_af=$1
59	_if=$2
60
61	case $_if in
62	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
63	esac
64
65	case $_af in
66	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
67		for _a in inet inet6; do
68			afexists $_a || continue
69			eval static_${_a} delete $_if
70			# When $_if is specified, do not flush routes.
71			if ! [ -n "$_if" ]; then
72				eval routing_stop_${_a}
73			fi
74		done
75	;;
76	*)
77		if afexists $_af; then
78			eval static_${_af} delete $_if
79			# When $_if is specified, do not flush routes.
80			if ! [ -n "$_if" ]; then
81				eval routing_stop_${_af}
82			fi
83		else
84			err 1 "Unsupported address family: $_af."
85		fi
86	;;
87	esac
88}
89
90setroutes()
91{
92	local _ret
93	_ret=0
94	case $1 in
95	static)
96		static_$2 add $3
97		_ret=$?
98		;;
99	options)
100		options_$2
101		;;
102	doall)
103		static_$2 add $3
104		_ret=$?
105		options_$2
106		;;
107	esac
108	return $_ret
109}
110
111routing_stop_inet()
112{
113	${ROUTE_CMD} -n flush -inet
114}
115
116routing_stop_inet6()
117{
118	local i
119
120	${ROUTE_CMD} -n flush -inet6
121	for i in `list_net_interfaces`; do
122		if ipv6if $i; then
123			ifconfig $i inet6 -defaultif
124		fi
125	done
126}
127
128get_fibmod()
129{
130	local _fibs
131
132	_fibs=$((`${SYSCTL_N} net.fibs` - 1))
133	if [ ${_fibs} -gt 0 ]; then
134		echo "-fib 0-${_fibs}"
135	else
136		echo
137	fi
138}
139
140static_inet()
141{
142	local _action _if _skip _fibmod _fibs
143	_action=$1
144	_if=$2
145
146	_fibmod=`get_fibmod`
147	_fibs=$((`${SYSCTL_N} net.fibs` - 1))
148
149	# Provide loopback route in all routing tables.  This has to come
150	# first so that any following routes can be added.
151	static_routes="_loopback ${static_routes}"
152	route__loopback="-inet 127.0.0.1 -iface lo0 ${_fibmod}"
153
154	# Add default route.
155	case ${defaultrouter} in
156	[Nn][Oo] | '')
157		;;
158	*)
159		static_routes="${static_routes} _default"
160		route__default="default ${defaultrouter}"
161		;;
162	esac
163
164	# Add default routes for fibs
165	if [ ${_fibs} -gt 0 ]; then
166		for _fibnum in `jot ${_fibs}` ; do
167			eval _fib_gw=\${defaultrouter_fib${_fibnum}}
168			case ${_fib_gw} in
169			[Nn][Oo] | '')
170				;;
171			*)
172				static_routes="${static_routes} _default_fib${_fibnum}"
173				eval route__default_fib${_fibnum}="'default ${_fib_gw} -fib ${_fibnum}'"
174				;;
175			esac
176		done
177	fi
178
179
180	# Install configured routes.
181	if [ -n "${static_routes}" ]; then
182		for i in ${static_routes}; do
183			_skip=0
184			if [ -n "$_if" ]; then
185				case $i in
186				*:$_if)	;;
187				*)	_skip=1 ;;
188				esac
189			fi
190			if [ $_skip = 0 ]; then
191				route_args=`get_if_var ${i%:*} route_IF`
192				if [ -n "$route_args" ]; then
193					${ROUTE_CMD} ${_action} ${route_args}
194				else
195					warn "route_${i%:*} not found."
196				fi
197			fi
198		done
199	fi
200}
201
202static_inet6()
203{
204	local _action _if _skip fibmod _fibs
205	_action=$1
206	_if=$2
207
208	fibmod=`get_fibmod`
209	_fibs=$((`${SYSCTL_N} net.fibs` - 1))
210
211	# Add pre-defined static routes first.
212	ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}"
213	ipv6_static_routes="_lla _llma ${ipv6_static_routes}"
214	ipv6_static_routes="_loopback ${ipv6_static_routes}"
215
216	# disallow "internal" addresses to appear on the wire
217	ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
218	ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
219
220	# Create a loopback route in every fib
221	ipv6_route__loopback="::1 -prefixlen 128 -iface lo0 ${fibmod}"
222
223	# Disallow link-local unicast packets without outgoing scope
224	# identifiers.  However, if you set "ipv6_default_interface",
225	# for the host case, you will allow to omit the identifiers.
226	# Under this configuration, the packets will go to the default
227	# interface.
228	ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}"
229	ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}"
230
231	# Add default route.
232	case ${ipv6_defaultrouter} in
233	[Nn][Oo] | '')
234		;;
235	*)
236		ipv6_static_routes="${ipv6_static_routes} _default"
237		ipv6_route__default="default ${ipv6_defaultrouter}"
238		;;
239	esac
240
241	# Add default routes for fibs
242	if [ ${_fibs} -gt 0 ]; then
243		for _fibnum in `jot ${_fibs}` ; do
244			eval _fib_gw=\${ipv6_defaultrouter_fib${_fibnum}}
245			case ${_fib_gw} in
246			[Nn][Oo] | '')
247				;;
248			*)
249				ipv6_static_routes="${ipv6_static_routes} _default_fib${_fibnum}"
250				eval ipv6_route__default_fib${_fibnum}="'default ${_fib_gw} -fib ${_fibnum}'"
251				;;
252			esac
253		done
254	fi
255
256
257	# Install configured routes.
258	if [ -n "${ipv6_static_routes}" ]; then
259		for i in ${ipv6_static_routes}; do
260			_skip=0
261			if [ -n "$_if" ]; then
262				case $i in
263				*:$_if)	;;
264				*)	_skip=1 ;;
265				esac
266			fi
267			if [ $_skip = 0 ]; then
268				ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF`
269				if [ -n "$ipv6_route_args" ]; then
270					${ROUTE_CMD} ${_action} \
271						-inet6 ${ipv6_route_args}
272				else
273					warn "route_${i%:*} not found"
274				fi
275			fi
276		done
277	fi
278
279	# Install the "default interface" to kernel, which will be used
280	# as the default route when there's no router.
281
282	# Disable installing the default interface when we act
283	# as router to avoid conflict between the default
284	# router list and the manual configured default route.
285	if checkyesno ipv6_gateway_enable; then
286		return
287	fi
288
289	case "${ipv6_default_interface}" in
290	[Nn][Oo] | [Nn][Oo][Nn][Ee])
291		return
292		;;
293	[Aa][Uu][Tt][Oo] | "")
294		for i in ${ipv6_network_interfaces}; do
295			case $i in
296			[Nn][Oo][Nn][Ee])
297				return
298				;;
299			lo0)
300				continue
301				;;
302			esac
303			laddr=`network6_getladdr $i exclude_tentative`
304			case ${laddr} in
305			'')
306				;;
307			*)
308				ipv6_default_interface=$i
309				break
310				;;
311			esac
312		done
313		;;
314	esac
315
316	ifconfig ${ipv6_default_interface} inet6 defaultif
317	${SYSCTL} net.inet6.ip6.use_defaultzone=1 > /dev/null
318}
319
320ropts_init()
321{
322	if [ -z "${_ropts_initdone}" ]; then
323		echo -n "Additional $1 routing options:"
324		_ropts_initdone=yes
325	fi
326}
327
328_check_dynamicrouting()
329{
330	local skip file name rcvar
331
332	# copied from /etc/rc
333	skip="-s nostart"
334	if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then
335		skip="$skip -s nojail"
336	fi
337	[ -n "$local_startup" ] && find_local_scripts_new
338	[ -n "$system_rc" ] && find_system_scripts
339
340	for file in $( rcorder ${skip} ${system_rc} ${local_rc} 2>/dev/null |
341		       xargs grep -lE '^# PROVIDE:.*\<dynamicrouting\>' ); do
342		(set -- enabled; . $file) && return 0;
343	done
344
345	return 1
346}
347
348options_inet()
349{
350	local _icmp_drop_redirect
351
352	_ropts_initdone=
353	if checkyesno icmp_bmcastecho; then
354		ropts_init inet
355		echo -n ' broadcast ping responses=YES'
356		${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
357	else
358		${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
359	fi
360
361	_icmp_drop_redirect="${icmp_drop_redirect}"
362	case "${_icmp_drop_redirect}" in
363	[Aa][Uu][Tt][Oo] | "")
364		if _check_dynamicrouting; then
365			_icmp_drop_redirect="yes"
366		else
367			_icmp_drop_redirect="no"
368		fi
369		;;
370	esac
371	if checkyesno _icmp_drop_redirect; then
372		ropts_init inet
373		echo -n ' ignore ICMP redirect=YES'
374		${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
375	else
376		${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
377	fi
378
379	if checkyesno icmp_log_redirect; then
380		ropts_init inet
381		echo -n ' log ICMP redirect=YES'
382		${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
383	else
384		${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
385	fi
386
387	if checkyesno gateway_enable; then
388		ropts_init inet
389		echo -n ' gateway=YES'
390		${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
391	else
392		${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
393	fi
394
395	if checkyesno forward_sourceroute; then
396		ropts_init inet
397		echo -n ' do source routing=YES'
398		${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
399	else
400		${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
401	fi
402
403	if checkyesno accept_sourceroute; then
404		ropts_init inet
405		echo -n ' accept source routing=YES'
406		${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
407	else
408		${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
409	fi
410
411	if checkyesno arpproxy_all; then
412		ropts_init inet
413		echo -n ' ARP proxyall=YES'
414		${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
415	else
416		${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
417	fi
418
419	[ -n "${_ropts_initdone}" ] && echo '.'
420}
421
422options_inet6()
423{
424	_ropts_initdone=
425
426	if checkyesno ipv6_gateway_enable; then
427		ropts_init inet6
428		echo -n ' gateway=YES'
429		${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
430	else
431		${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
432	fi
433
434	[ -n "${_ropts_initdone}" ] && echo '.'
435}
436
437load_rc_config $name
438
439# doesn't make sense to run in a svcj: config setting
440routing_svcj="NO"
441
442run_rc_command "$@"
443