1.\" Copyright (c) 1983, 1991, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)routed.8 8.2 (Berkeley) 12/11/93 33.\" $FreeBSD$ 34.\" 35.Dd June 1, 1996 36.Dt ROUTED 8 37.Os BSD 4.4 38.Sh NAME 39.Nm routed 40.Nd network RIP and router discovery routing daemon 41.Sh SYNOPSIS 42.Nm 43.Op Fl sqdghmAt 44.Op Fl T Ar tracefile 45.Oo 46.Fl F 47.Ar net Ns Op /mask Ns Op ,metric 48.Oc 49.Op Fl P Ar parms 50.Sh DESCRIPTION 51.Nm Routed 52is a dameon invoked at boot time to manage the network 53routing tables. 54It uses Routing Information Protocol, RIPv1 (RFC\ 1058), 55RIPv2 (RFC\ 1723), 56and Internet Router Discovery Protocol (RFC 1256) 57to maintain the kernel routing table. 58The RIPv1 protocol is based on the reference 4.3BSD daemon. 59.Pp 60It listens on the 61.Xr udp 4 62socket for the 63.Xr route 8 64service (see 65.Xr services 5 ) 66for Routing Information Protocol packets. 67It also sends and receives multicast Router Discovery ICMP messages. 68If the host is a router, 69.Nm 70periodically supplies copies 71of its routing tables to any directly connected hosts and networks. 72It also advertise or solicits default routes using Router Discovery 73ICMP messages. 74.Pp 75When started (or when a network interface is later turned on), 76.Nm 77uses an AF_ROUTE address family facility to find those 78directly connected interfaces configured into the 79system and marked "up". 80It adds necessary routes for the interfaces 81to the kernel routing table. 82Soon after being first started, and provided there is at least one 83interface on which RIP has not been disabled, 84.Nm 85deletes all pre-existing 86non-static routes in kernel table. 87Static routes in the kernel table are preserved and 88included in RIP responses if they have a valid RIP metric 89(see 90.Xr route 8 ). 91.Pp 92If more than one interface is present (not counting the loopback interface), 93it is assumed that the host should forward packets among the 94connected networks. 95After transmitting a RIP 96.Em request 97and 98Router Discovery Advertisements or Solicitations on a new interface, 99the daemon enters a loop, listening for 100RIP request and response and Router Discovery packets from other hosts. 101.Pp 102When a 103.Em request 104packet is received, 105.Nm 106formulates a reply based on the information maintained in its 107internal tables. 108The 109.Em response 110packet generated contains a list of known routes, each marked 111with a "hop count" metric (a count of 16 or greater is 112considered "infinite"). 113Advertised metrics reflect the metric associated with interface 114(see 115.Xr ifconfig 8 ), 116so setting the metric on an interface 117is an effective way to steer traffic. 118.Pp 119Responses do not contain routes with a first hop on the requesting 120network to implement in part 121.Em split-horizon . 122Requests from query programs 123such as 124.Xr rtquery 8 125are answered with the complete table. 126.Pp 127The routing table maintained by the daemon 128includes space for several gateways for each destination 129to speed recovery from a failing router. 130RIP 131.Em response 132packets received are used to update the routing tables provided they are 133from one of the several currently recognized gateways or 134advertise a better metric than at least one of the existing 135gateways. 136.Pp 137When an update is applied, 138.Nm 139records the change in its own tables and updates the kernel routing table 140if the best route to the destination changes. 141The change in the kernel routing table is reflected in the next batch of 142.Em response 143packets sent. 144If the next response is not scheduled for a while, a 145.Em flash update 146response containing only recently changed routes is sent. 147.Pp 148In addition to processing incoming packets, 149.Nm 150also periodically checks the routing table entries. 151If an entry has not been updated for 3 minutes, the entry's metric 152is set to infinity and marked for deletion. 153Deletions are delayed until the route has been advertised with 154an infinite metric to insure the invalidation 155is propagated throughout the local internet. 156This is a form of 157.Em poison reverse . 158.Pp 159Routes in the kernel table that are added or changed as a result 160of ICMP Redirect messages are deleted after a while to minimize 161.Em black-holes . 162When a TCP connection suffers a timeout, 163the kernel tells 164.Nm routed , 165which deletes all redirected routes 166through the gateway involved, advances the age of all RIP routes through 167the gateway to allow an alternate to be chosen, and advances of the 168age of any relevant Router Discovery Protocol default routes. 169.Pp 170Hosts acting as internetwork routers gratuitously supply their 171routing tables every 30 seconds to all directly connected hosts 172and networks. 173These RIP responses are sent to the broadcast address on nets that support 174broadcasting, 175to the destination address on point-to-point links, and to the router's 176own address on other networks. 177If RIPv2 is enabled, multicast packets are sent on interfaces that 178support multicasting. 179.Pp 180If no response is received on a remote interface, if there are errors 181while sending responses, 182or if there are more errors than input or output (see 183.Xr netstat 8 ), 184then the cable or some other part of the interface is assumed to be 185disconnected or broken, and routes are adjusted appropriately. 186.Pp 187The 188.Em Internet Router Discovery Protocol 189is handled similarly. 190When the daemon is supplying RIP routes, it also listens for 191Router Discovery Solicitations and sends Advertisements. 192When it is quiet and only listening to other RIP routers, it 193sends Solicitations and listens for Advertisements. 194If it receives 195a good Advertisement, it stops listening for broadcast or multicast 196RIP responses. 197It tracks several advertising routers to speed recovery when the 198currently chosen router dies. 199If all discovered routers disappear, 200the daemon resumes listening to RIP responses. 201.Pp 202While using Router Discovery (which happens by default when 203the system has a single network interface and a Router Discovery Advertisement 204is received), there is a single default route and a variable number of 205redirected host routes in the kernel table. 206.Pp 207The Router Discovery standard requires that advertisements 208have a default "lifetime" of 30 minutes. That means should 209something happen, a client can be without a good route for 21030 minutes. It is a good idea to reduce the default to 45 211seconds using 212.Fl P Cm rdisc_interval=45 213on the command line or 214.Cm rdisc_interval=45 215in the 216.Pa /etc/gateways 217file. 218.Pp 219While using Router Discovery (which happens by default when 220the system has a single network interface and a Router Discover Advertisement 221is received), there is a single default route and a variable number of 222redirected host routes in the kernel table. 223On a host with more than one network interface, 224this default route will be via only one of the interfaces. 225Thus, multi-homed hosts running with \f3\-q\f1 might need 226.Cm no_rdisc 227described below. 228.Pp 229See the 230.Cm pm_rdisc 231facility described below to support "legacy" systems 232that can handle neither RIPv2 nor Router Discovery. 233.Pp 234By default, neither Router Discovery advertisements nor solicitations 235are sent over point to point links (e.g. PPP). 236The netmask associated with point-to-point links (such as SLIP 237or PPP, with the IFF_POINTOPOINT flag) is used by 238.Nm routed 239to infer the netmask used by the remote system when RIPv1 is used. 240.Pp 241Options supported by 242.Nm routed : 243.Bl -tag -width Ds 244.It Fl s 245this option forces 246.Nm 247to supply routing information. 248This is the default if multiple network interfaces are present on which 249RIP or Router Discovery have not been disabled, and if the kernel switch 250ipforwarding=1. 251.It Fl q 252is the opposite of the 253.Fl s 254option. 255This is the default when only one interface is present. 256.It Fl d 257Do not run in the background. 258This option is meant for interactive use. 259.It Fl g 260This flag is used on internetwork routers to offer a route 261to the "default" destination. 262It is equivalent to 263.Fl F 264.Cm 0/0,1 265and is present mostly for historical reasons. 266A better choice is 267.Fl P Cm pm_rdisc 268on the command line or 269.Cm pm_rdisc 270in the 271.Pa /etc/gateways 272file. 273since a larger metric 274will be used, reducing the spread of the potentially dangerous 275default route. 276This is typically used on a gateway to the Internet, 277or on a gateway that uses another routing protocol whose routes 278are not reported to other local routers. 279Notice that because a metric of 1 is used, this feature is 280dangerous. It is more commonly accidentally used to create chaos with routing 281loop than to solve problems. 282.It Fl h 283This causes host or point-to-point routes to not be advertised, 284provided there is a network route going the same direction. 285That is a limited kind of aggregation. 286This option is useful on gateways to ethernets that have other gateway 287machines connected with point-to-point links such as SLIP. 288.It Fl m 289This causes the machine to advertise a host or point-to-point route to 290its primary interface. 291It is useful on multi-homed machines such as NFS servers. 292This option should not be used except when the cost of 293the host routes it generates is justified by the popularity of 294the server. 295It is effective only when the machine is supplying 296routing information, because there is more than one interface. 297The 298.Fl m 299option overrides the 300.Fl q 301option to the limited extent of advertising the host route. 302.It Fl A 303do not ignore RIPv2 authentication if we do not care about RIPv2 304authentication. 305This option is required for conformance with RFC 1723. 306However, it makes no sense and breaks using RIP as a discovery protocol 307to ignore all RIPv2 packets that carry authentication when this machine 308does not care about authentication. 309.It Fl T Ar tracefile 310increases the debugging level to at least 1 and 311causes debugging information to be appended to the trace file. 312Note that because of security concerns, it is wisest to not run 313.Nm routed 314routinely with tracing directed to a file. 315.It Fl t 316increases the debugging level, which causes more information to be logged 317on the tracefile specified with 318.Fl T 319or standard out. 320The debugging level can be increased or decreased 321with the 322.Em SIGUSR1 323or 324.Em SIGUSR2 325signals or with the 326.Xr rtquery 8 327command. 328.It Fl F Ar net[/mask][,metric] 329minimize routes in transmissions via interfaces with addresses that match 330.Em net/mask , 331and synthesizes a default route to this machine with the 332.Em metric . 333The intent is to reduce RIP traffic on slow, point-to-point links 334such as PPP links by replacing many large UDP packets of RIP information 335with a single, small packet containing a "fake" default route. 336If 337.Em metric 338is absent, a value of 14 is assumed to limit 339the spread of the "fake" default route. 340 341This is a dangerous feature that when used carelessly can cause routing 342loops. 343Notice also that more than one interface can match the specified network 344number and mask. 345See also 346.Fl g . 347.It Fl P Ar parms 348is equivalent to adding the parameter 349line 350.Em parms 351to the 352.Pa /etc/gateways 353file. 354.El 355.Pp 356Any other argument supplied is interpreted as the name 357of a file in which the actions of 358.Nm 359should be logged. 360It is better to use 361.Fl T 362instead of 363appending the name of the trace file to the command. 364.Pp 365.Nm 366also supports the notion of 367"distant" 368.Em passive 369or 370.Em active 371gateways. 372When 373.Nm 374is started, it reads the file 375.Pa /etc/gateways 376to find such distant gateways which may not be located using 377only information from a routing socket, to discover if some 378of the local gateways are 379.Em passive , 380and to obtain other parameters. 381Gateways specified in this manner should be marked passive 382if they are not expected to exchange routing information, 383while gateways marked active 384should be willing to exchange RIP packets. 385Routes through 386.Em passive 387gateways are installed in the 388kernel's routing tables once upon startup and are not included in 389transmitted RIP responses. 390.Pp 391Distant active gateways are treated like network interfaces. 392RIP responses are sent 393to the distant 394.Em active 395gateway. 396If no responses are received, the associated route is deleted from 397the kernel table and RIP responses advertised via other interfaces. 398If the distant gateway resumes sending RIP responses, the associated 399route is restored. 400.Pp 401Such gateways can be useful on media that do not support broadcasts 402or multicasts but otherwise act like classic shared media like 403Ethernets such as some ATM networks. 404One can list all RIP routers reachable on the ATM network in 405.Pa /etc/gateways 406with a series of 407"host" lines. 408.Pp 409Gateways marked 410.Em external 411are also passive, but are not placed in the kernel 412routing table nor are they included in routing updates. 413The function of external entries is to indicate 414that another routing process 415will install such a route if necessary, 416and that alternate routes to that destination should not be installed 417by 418.Nm routed . 419Such entries are only required when both routers may learn of routes 420to the same destination. 421.Pp 422The 423.Em /etc/gateways 424file is comprised of a series of lines, each in 425one of the following formats or consist of parameters described below: 426.Pp 427.Bd -ragged 428.Cm net 429.Ar Nname[/mask] 430.Cm gateway 431.Ar Gname 432.Cm metric 433.Ar value 434.Pf < Cm passive No \&| 435.Cm active No \&| 436.Cm extern Ns > 437.Ed 438.Bd -ragged 439.Cm host 440.Ar Hname 441.Cm gateway 442.Ar Gname 443.Cm metric 444.Ar value 445.Pf < Cm passive No \&| 446.Cm active No \&| 447.Cm extern Ns > 448.Ed 449.Pp 450.Ar Nname 451or 452.Ar Hname 453is the name of the destination network or host. 454It may be a symbolic network name or an Internet address 455specified in "dot" notation (see 456.Xr inet 3 ). 457(If it is a name, then it must either be defined in 458.Pa /etc/networks 459or 460.Pa /etc/hosts , 461or 462.Xr named 8 , 463must have been started before 464.Xr routed Ns .) 465.Pp 466.Ar mask 467is an optional number between 1 and 32 indicating the netmask associated 468with 469.Ar Nname . 470.Pp 471.Ar Gname 472is the name or address of the gateway to which RIP responses should 473be forwarded. 474.Pp 475.Ar Value 476is the hop count to the destination host or network. 477.Ar " host hname " 478is equivalent to 479.Ar " net nname/32 ". 480.Pp 481One of the keywords 482.Cm passive , 483.Cm active 484or 485.Cm external 486must be present to indicate whether the gateway should be treated as 487.Cm passive 488or 489.Cm active 490(as described above), 491or whether the gateway is 492.Cm external 493to the scope of the RIP protocol. 494.Pp 495Lines that start with neither "net" nor "host" must consist of one 496or more of the following parameter settings, separated by commas or 497blanks: 498.Bl -tag -width Ds 499.It Cm if Ns \&= Ns Ar ifname 500indicates that the other parameters on the line apply to the interface 501name 502.Ar ifname . 503.It Cm subnet Ns \&= Ns Ar nname[/mask][,metric] 504advertises a route to network 505.Ar nname 506with mask 507.Ar mask 508and the supplied metric (default 1). 509This is useful for filling "holes" in CIDR allocations. 510This parameter must appear by itself on a line. 511.Pp 512Do not use this feature unless necessary. It is dangerous. 513.It Cm passwd Ns \&= Ns Ar XXX 514specifies a RIPv2 password that will be included on all RIPv2 515responses sent and checked on all RIPv2 responses received. 516The password must not contain any blanks, tab characters, commas 517or '#' characters. 518.It Cm passwd Ns \&= Ns Ar XXX1[|KeyID[start|stop]] 519specifies a RIPv2 cleartext password that will be included on 520all RIPv2 responses sent, and checked on all RIPv2 responses received. 521Any blanks, tab characters, commas, or '#', '|', or NULL characters in the 522password must be escaped with a backslash (\\). 523The common escape sequences \\n, \\r, \\t, \\b, and \\xxx have their 524usual meanings. 525The 526.Cm KeyID 527must be unique but is ignored for cleartext passwords. 528If present, 529.Cm start 530and 531.Cm stop 532are timestamps in the form year/month/day@hour:minute. 533They specify when the password is valid. 534The valid password with the most future is used on output packets, unless 535all passwords have expired, in which case the password that expired most 536recently is used, or unless no passwords are valid yet, in which case 537no password is output. 538Incoming packets can carry any password that is valid, will 539be valid within 24 hours, or that was valid within 24 hours. 540.It Cm md5_passwd Ns \&= Ns Ar XXX1|KeyID[start|stop] 541specifes a RIPv2 MD5 password. 542Except that a 543.Cm KeyID 544is required, this keyword is similar to 545.Cm passwd . 546To protect the secrets, this parameter setting is valid only in the 547.Em /etc/gateways 548file and only when that file is readable only by UID 0. 549.It Cm no_ag 550turns off aggregation of subnets in RIPv1 and RIPv2 responses. 551.It Cm no_super_ag 552turns off aggregation of networks into supernets in RIPv2 responses. 553.It Cm passive 554marks the interface to not be advertised in updates sent via other 555interfaces, and turns off all RIP and router discovery through the interface. 556.It Cm no_rip 557disables all RIP processing on the specified interface. 558If no interfaces are allowed to process RIP packets, 559.Nm 560acts purely as a router discovery daemon. 561.Pp 562Note that turning off RIP without explicitly turning on router 563discovery advertisements with 564.Cm rdisc_adv 565or 566.Fl s 567causes 568.Nm routed 569to act as a client router discovery daemon, not advertising. 570.It Cm no_ripv1_in 571causes RIPv1 received responses to be ignored. 572.It Cm no_ripv2_in 573causes RIPv2 received responses to be ignored. 574.It Cm ripv2_out 575turns off RIPv1 output and causes RIPv2 advertisements to be 576multicast when possible. 577.It Cm ripv2 578is equivalent to 579.Cm no_ripv1_in 580and 581.Cm no_ripv1_out . 582.It Cm no_rdisc 583disables the Internet Router Discovery Protocol. 584.It Cm no_solicit 585disables the transmission of Router Discovery Solicitations. 586.It Cm send_solicit 587specifies that Router Discovery solicitations should be sent, 588even on point-to-point links, 589which by default only listen to Router Discovery messages. 590.It Cm no_rdisc_adv 591disables the transmission of Router Discovery Advertisements 592.It Cm rdisc_adv 593specifies that Router Discovery Advertisements should be sent, 594even on point-to-point links, 595which by default only listen to Router Discovery messages 596.It Cm bcast_rdisc 597specifies that Router Discovery packets should be broadcast instead of 598multicast. 599.It Cm rdisc_pref Ns \&= Ns Ar N 600sets the preference in Router Discovery Advertisements to the integer 601.Ar N . 602.It Cm rdisc_interval Ns \&= Ns Ar N 603sets the nominal interval with which Router Discovery Advertisements 604are transmitted to N seconds and their lifetime to 3*N. 605.It Cm fake_default Ns \&= Ns Ar metric 606has an identical effect to 607.Fl F Ar net[/mask][=metric] 608with the network and mask coming from the sepcified interface. 609.It Cm pm_rdisc 610is similar to 611.Cm fake_default . 612When RIPv2 routes are multicast, so that RIPv1 listeners cannot 613receive them, this feature causes a RIPv1 default route to be 614broadcast to RIPv1 listeners. 615Unless modified with 616.Cm fake_default , 617the default route is broadcast with a metric of 14. 618That serves as a "poor man's router discovery" protocol. 619.It Cm trust_gateway Ns \&= Ns Ar rname 620causes RIP packets from that router and other routers named in 621other 622.Cm trust_gateway 623keywords to be accept, and packets from other routers to be ignored. 624.It Cm redirect_ok 625causes RIP to allow ICMP Redirect messages when the system is acting 626as a router and forwarding packets. 627Otherwise, ICMP Redirect messages are are overridden. 628.El 629.Pp 630.Sh FILES 631.Bl -tag -width /etc/gateways -compact 632.It Pa /etc/gateways 633for distant gateways 634.El 635.Sh SEE ALSO 636.Xr icmp 4 , 637.Xr udp 4 , 638.Xr gated 8 , 639.Xr htable 8 , 640.Xr rtquery 8 . 641.Rs 642.%T Internet Transport Protocols 643.%R XSIS 028112 644.%Q Xerox System Integration Standard 645.Re 646.Sh BUGS 647It does not always detect unidirectional failures in network interfaces 648(e.g., when the output side fails). 649.Sh HISTORY 650The 651.Nm 652command appeared in 653.Bx 4.2 . 654