xref: /freebsd/libexec/rc/rc.d/routing (revision e64fe029e9d3ce476e77a478318e0c3cd201ff08)
1#!/bin/sh
2#
3# Configure routing and miscellaneous network tunables
4#
5# $FreeBSD$
6#
7
8# PROVIDE: routing
9# REQUIRE: netif ppp stf
10# KEYWORD: nojailvnet
11
12. /etc/rc.subr
13. /etc/network.subr
14
15name="routing"
16desc="Routing setup"
17start_cmd="routing_start doall"
18stop_cmd="routing_stop"
19extra_commands="options static"
20static_cmd="routing_start static"
21options_cmd="routing_start options"
22
23ROUTE_CMD="/sbin/route"
24
25routing_start()
26{
27	local _cmd _af _if _a _ret
28	_cmd=$1
29	_af=$2
30	_if=$3
31	_ret=0
32
33	case $_if in
34	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
35	esac
36
37	case $_af in
38	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
39		for _a in inet inet6; do
40			afexists $_a || continue
41			setroutes $_cmd $_a $_if || _ret=1
42		done
43	;;
44	*)
45		if afexists $_af; then
46			setroutes $_cmd $_af $_if || _ret=1
47		else
48			err 1 "Unsupported address family: $_af."
49		fi
50	;;
51	esac
52
53	return $_ret
54}
55
56routing_stop()
57{
58	local _af _if _a
59	_af=$1
60	_if=$2
61
62	case $_if in
63	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
64	esac
65
66	case $_af in
67	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
68		for _a in inet inet6; do
69			afexists $_a || continue
70			eval static_${_a} delete $_if
71			# When $_if is specified, do not flush routes.
72			if ! [ -n "$_if" ]; then
73				eval routing_stop_${_a}
74			fi
75		done
76	;;
77	*)
78		if afexists $_af; then
79			eval static_${_af} delete $_if
80			# When $_if is specified, do not flush routes.
81			if ! [ -n "$_if" ]; then
82				eval routing_stop_${_af}
83			fi
84		else
85			err 1 "Unsupported address family: $_af."
86		fi
87	;;
88	esac
89}
90
91setroutes()
92{
93	local _ret
94	_ret=0
95	case $1 in
96	static)
97		static_$2 add $3
98		_ret=$?
99		;;
100	options)
101		options_$2
102		;;
103	doall)
104		static_$2 add $3
105		_ret=$?
106		options_$2
107		;;
108	esac
109	return $_ret
110}
111
112routing_stop_inet()
113{
114	${ROUTE_CMD} -n flush -inet
115}
116
117routing_stop_inet6()
118{
119	local i
120
121	${ROUTE_CMD} -n flush -inet6
122	for i in `list_net_interfaces`; do
123		if ipv6if $i; then
124			ifconfig $i inet6 -defaultif
125		fi
126	done
127}
128
129get_fibmod()
130{
131	local _fibs
132
133	_fibs=$((`${SYSCTL_N} net.fibs` - 1))
134	if [ ${_fibs} -gt 0 ]; then
135		echo "-fib 0-${_fibs}"
136	else
137		echo
138	fi
139}
140
141static_inet()
142{
143	local _action _if _skip _fibmod _fibs
144	_action=$1
145	_if=$2
146
147	_fibmod=`get_fibmod`
148	_fibs=$((`${SYSCTL_N} net.fibs` - 1))
149
150	# Provide loopback route in all routing tables.  This has to come
151	# first so that any following routes can be added.
152	static_routes="_loopback ${static_routes}"
153	route__loopback="-inet 127.0.0.1 -iface lo0 ${_fibmod}"
154
155	# Add default route.
156	case ${defaultrouter} in
157	[Nn][Oo] | '')
158		;;
159	*)
160		static_routes="${static_routes} _default"
161		route__default="default ${defaultrouter}"
162		;;
163	esac
164
165	# Add default routes for fibs
166	if [ ${_fibs} -gt 0 ]; then
167		for _fibnum in `jot ${_fibs}` ; do
168			eval _fib_gw=\${defaultrouter_fib${_fibnum}}
169			case ${_fib_gw} in
170			[Nn][Oo] | '')
171				;;
172			*)
173				static_routes="${static_routes} _default_fib${_fibnum}"
174				eval route__default_fib${_fibnum}="'default ${_fib_gw} -fib ${_fibnum}'"
175				;;
176			esac
177		done
178	fi
179
180
181	# Install configured routes.
182	if [ -n "${static_routes}" ]; then
183		for i in ${static_routes}; do
184			_skip=0
185			if [ -n "$_if" ]; then
186				case $i in
187				*:$_if)	;;
188				*)	_skip=1 ;;
189				esac
190			fi
191			if [ $_skip = 0 ]; then
192				route_args=`get_if_var ${i%:*} route_IF`
193				if [ -n "$route_args" ]; then
194					${ROUTE_CMD} ${_action} ${route_args}
195				else
196					warn "route_${i%:*} not found."
197				fi
198			fi
199		done
200	fi
201}
202
203static_inet6()
204{
205	local _action _if _skip fibmod _fibs
206	_action=$1
207	_if=$2
208
209	fibmod=`get_fibmod`
210	_fibs=$((`${SYSCTL_N} net.fibs` - 1))
211
212	# Add pre-defined static routes first.
213	ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}"
214	ipv6_static_routes="_lla _llma ${ipv6_static_routes}"
215	ipv6_static_routes="_loopback ${ipv6_static_routes}"
216
217	# disallow "internal" addresses to appear on the wire
218	ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
219	ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
220
221	# Create a loopback route in every fib
222	ipv6_route__loopback="::1 -prefixlen 128 -iface lo0 ${fibmod}"
223
224	# Disallow link-local unicast packets without outgoing scope
225	# identifiers.  However, if you set "ipv6_default_interface",
226	# for the host case, you will allow to omit the identifiers.
227	# Under this configuration, the packets will go to the default
228	# interface.
229	ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}"
230	ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}"
231
232	# Add default route.
233	case ${ipv6_defaultrouter} in
234	[Nn][Oo] | '')
235		;;
236	*)
237		ipv6_static_routes="${ipv6_static_routes} _default"
238		ipv6_route__default="default ${ipv6_defaultrouter}"
239		;;
240	esac
241
242	# Add default routes for fibs
243	if [ ${_fibs} -gt 0 ]; then
244		for _fibnum in `jot ${_fibs}` ; do
245			eval _fib_gw=\${ipv6_defaultrouter_fib${_fibnum}}
246			case ${_fib_gw} in
247			[Nn][Oo] | '')
248				;;
249			*)
250				ipv6_static_routes="${ipv6_static_routes} _default_fib${_fibnum}"
251				eval ipv6_route__default_fib${_fibnum}="'default ${_fib_gw} -fib ${_fibnum}'"
252				;;
253			esac
254		done
255	fi
256
257
258	# Install configured routes.
259	if [ -n "${ipv6_static_routes}" ]; then
260		for i in ${ipv6_static_routes}; do
261			_skip=0
262			if [ -n "$_if" ]; then
263				case $i in
264				*:$_if)	;;
265				*)	_skip=1 ;;
266				esac
267			fi
268			if [ $_skip = 0 ]; then
269				ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF`
270				if [ -n "$ipv6_route_args" ]; then
271					${ROUTE_CMD} ${_action} \
272						-inet6 ${ipv6_route_args}
273				else
274					warn "route_${i%:*} not found"
275				fi
276			fi
277		done
278	fi
279
280	# Install the "default interface" to kernel, which will be used
281	# as the default route when there's no router.
282
283	# Disable installing the default interface when we act
284	# as router to avoid conflict between the default
285	# router list and the manual configured default route.
286	if checkyesno ipv6_gateway_enable; then
287		return
288	fi
289
290	case "${ipv6_default_interface}" in
291	[Nn][Oo] | [Nn][Oo][Nn][Ee])
292		return
293		;;
294	[Aa][Uu][Tt][Oo] | "")
295		for i in ${ipv6_network_interfaces}; do
296			case $i in
297			[Nn][Oo][Nn][Ee])
298				return
299				;;
300			lo0)
301				continue
302				;;
303			esac
304			laddr=`network6_getladdr $i exclude_tentative`
305			case ${laddr} in
306			'')
307				;;
308			*)
309				ipv6_default_interface=$i
310				break
311				;;
312			esac
313		done
314		;;
315	esac
316
317	ifconfig ${ipv6_default_interface} inet6 defaultif
318	${SYSCTL} net.inet6.ip6.use_defaultzone=1 > /dev/null
319}
320
321ropts_init()
322{
323	if [ -z "${_ropts_initdone}" ]; then
324		echo -n "Additional $1 routing options:"
325		_ropts_initdone=yes
326	fi
327}
328
329_check_dynamicrouting()
330{
331	local skip file name rcvar
332
333	# copied from /etc/rc
334	skip="-s nostart"
335	if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then
336		skip="$skip -s nojail"
337	fi
338	[ -n "$local_startup" ] && find_local_scripts_new
339	[ -n "$system_rc" ] && find_system_scripts
340
341	for file in $( rcorder ${skip} ${system_rc} ${local_rc} 2>/dev/null |
342		       xargs grep -lE '^# PROVIDE:.*\<dynamicrouting\>' ); do
343		(set -- enabled; . $file) && return 0;
344	done
345
346	return 1
347}
348
349options_inet()
350{
351	local _icmp_drop_redirect
352
353	_ropts_initdone=
354	if checkyesno icmp_bmcastecho; then
355		ropts_init inet
356		echo -n ' broadcast ping responses=YES'
357		${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
358	else
359		${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
360	fi
361
362	_icmp_drop_redirect="${icmp_drop_redirect}"
363	case "${_icmp_drop_redirect}" in
364	[Aa][Uu][Tt][Oo] | "")
365		if _check_dynamicrouting; then
366			_icmp_drop_redirect="yes"
367		else
368			_icmp_drop_redirect="no"
369		fi
370		;;
371	esac
372	if checkyesno _icmp_drop_redirect; then
373		ropts_init inet
374		echo -n ' ignore ICMP redirect=YES'
375		${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
376	else
377		${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
378	fi
379
380	if checkyesno icmp_log_redirect; then
381		ropts_init inet
382		echo -n ' log ICMP redirect=YES'
383		${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
384	else
385		${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
386	fi
387
388	if checkyesno gateway_enable; then
389		ropts_init inet
390		echo -n ' gateway=YES'
391		${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
392	else
393		${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
394	fi
395
396	if checkyesno forward_sourceroute; then
397		ropts_init inet
398		echo -n ' do source routing=YES'
399		${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
400	else
401		${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
402	fi
403
404	if checkyesno accept_sourceroute; then
405		ropts_init inet
406		echo -n ' accept source routing=YES'
407		${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
408	else
409		${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
410	fi
411
412	if checkyesno arpproxy_all; then
413		ropts_init inet
414		echo -n ' ARP proxyall=YES'
415		${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
416	else
417		${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
418	fi
419
420	[ -n "${_ropts_initdone}" ] && echo '.'
421}
422
423options_inet6()
424{
425	_ropts_initdone=
426
427	if checkyesno ipv6_gateway_enable; then
428		ropts_init inet6
429		echo -n ' gateway=YES'
430		${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
431	else
432		${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
433	fi
434
435	[ -n "${_ropts_initdone}" ] && echo '.'
436}
437
438load_rc_config $name
439run_rc_command "$@"
440