1.\" $Revision: 2.26 $ 2.\" 3.\" Copyright (c) 1983, 1991, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.Dd June 27, 2022 31.Dt ROUTED 8 32.Os 33.Sh NAME 34.Nm routed , 35.Nm rdisc 36.Nd network RIP and router discovery routing daemon 37.Sh SYNOPSIS 38.Nm 39.Op Fl isqdghmpAtv 40.Op Fl T Ar tracefile 41.Oo 42.Fl F 43.Ar net Ns Op /mask Ns Op ,metric 44.Oc 45.Op Fl P Ar parms 46.Sh DESCRIPTION 47The 48.Nm 49utility is a daemon invoked at boot time to manage the network 50routing tables. 51It uses Routing Information Protocol, RIPv1 (RFC\ 1058), 52RIPv2 (RFC\ 1723), 53and Internet Router Discovery Protocol (RFC 1256) 54to maintain the kernel routing table. 55The RIPv1 protocol is based on the reference 56.Bx 4.3 57daemon. 58.Pp 59It listens on the 60.Xr udp 4 61socket for the 62.Xr route 8 63service (see 64.Xr services 5 ) 65for Routing Information Protocol packets. 66It also sends and receives multicast Router Discovery ICMP messages. 67If the host is a router, 68.Nm 69periodically supplies copies 70of its routing tables to any directly connected hosts and networks. 71It also advertises or solicits default routes using Router Discovery 72ICMP messages. 73.Pp 74When started (or when a network interface is later turned on), 75.Nm 76uses an AF_ROUTE address family facility to find those 77directly connected interfaces configured into the 78system and marked "up". 79It adds necessary routes for the interfaces 80to the kernel routing table. 81Soon after being first started, and provided there is at least one 82interface on which RIP has not been disabled, 83.Nm 84deletes all pre-existing 85non-static routes in kernel table. 86Static routes in the kernel table are preserved and 87included in RIP responses if they have a valid RIP -hopcount 88(see 89.Xr route 8 ) . 90.Pp 91If more than one interface is present (not counting the loopback interface), 92it is assumed that the host should forward packets among the 93connected networks. 94After transmitting a RIP 95.Em request 96and 97Router Discovery Advertisements or Solicitations on a new interface, 98the daemon enters a loop, listening for 99RIP request and response and Router Discovery packets from other hosts. 100.Pp 101When a 102.Em request 103packet is received, 104.Nm 105formulates a reply based on the information maintained in its 106internal tables. 107The 108.Em response 109packet generated contains a list of known routes, each marked 110with a "hop count" metric (a count of 16 or greater is 111considered "infinite"). 112The advertised metric for a route reflects the metrics associated 113with interfaces 114(see 115.Xr ifconfig 8 ) 116though which it is received and sent, 117so setting the metric on an interface 118is an effective way to steer traffic. 119See also 120.Cm adj_inmetric 121and 122.Cm adj_outmetric 123parameters below. 124.Pp 125Responses do not include routes with a first hop on the requesting 126network to implement in part 127.Em split-horizon . 128Requests from query programs 129such as 130.Xr rtquery 8 131are answered with the complete table. 132.Pp 133The routing table maintained by the daemon 134includes space for several gateways for each destination 135to speed recovery from a failing router. 136RIP 137.Em response 138packets received are used to update the routing tables provided they are 139from one of the several currently recognized gateways or 140advertise a better metric than at least one of the existing 141gateways. 142.Pp 143When an update is applied, 144.Nm 145records the change in its own tables and updates the kernel routing table 146if the best route to the destination changes. 147The change in the kernel routing table is reflected in the next batch of 148.Em response 149packets sent. 150If the next response is not scheduled for a while, a 151.Em flash update 152response containing only recently changed routes is sent. 153.Pp 154In addition to processing incoming packets, 155.Nm 156also periodically checks the routing table entries. 157If an entry has not been updated for 3 minutes, the entry's metric 158is set to infinity and marked for deletion. 159Deletions are delayed until the route has been advertised with 160an infinite metric to ensure the invalidation 161is propagated throughout the local internet. 162This is a form of 163.Em poison reverse . 164.Pp 165Routes in the kernel table that are added or changed as a result 166of ICMP Redirect messages are deleted after a while to minimize 167.Em black-holes . 168When a TCP connection suffers a timeout, 169the kernel tells 170.Nm , 171which deletes all redirected routes 172through the gateway involved, advances the age of all RIP routes through 173the gateway to allow an alternate to be chosen, and advances of the 174age of any relevant Router Discovery Protocol default routes. 175.Pp 176Hosts acting as internetwork routers gratuitously supply their 177routing tables every 30 seconds to all directly connected hosts 178and networks. 179These RIP responses are sent to the broadcast address on nets that support 180broadcasting, 181to the destination address on point-to-point links, and to the router's 182own address on other networks. 183If RIPv2 is enabled, multicast packets are sent on interfaces that 184support multicasting. 185.Pp 186If no response is received on a remote interface, if there are errors 187while sending responses, 188or if there are more errors than input or output (see 189.Xr netstat 1 ) , 190then the cable or some other part of the interface is assumed to be 191disconnected or broken, and routes are adjusted appropriately. 192.Pp 193The 194.Em Internet Router Discovery Protocol 195is handled similarly. 196When the daemon is supplying RIP routes, it also listens for 197Router Discovery Solicitations and sends Advertisements. 198When it is quiet and listening to other RIP routers, it 199sends Solicitations and listens for Advertisements. 200If it receives 201a good Advertisement and it is not multi-homed, 202it stops listening for broadcast or multicast RIP responses. 203It tracks several advertising routers to speed recovery when the 204currently chosen router dies. 205If all discovered routers disappear, 206the daemon resumes listening to RIP responses. 207It continues listening to RIP while using Router Discovery 208if multi-homed to ensure all interfaces are used. 209.Pp 210The Router Discovery standard requires that advertisements 211have a default "lifetime" of 30 minutes. 212That means should 213something happen, a client can be without a good route for 21430 minutes. 215It is a good idea to reduce the default to 45 216seconds using 217.Fl P Cm rdisc_interval=45 218on the command line or 219.Cm rdisc_interval=45 220in the 221.Pa /etc/gateways 222file. 223.Pp 224While using Router Discovery (which happens by default when 225the system has a single network interface and a Router Discover Advertisement 226is received), there is a single default route and a variable number of 227redirected host routes in the kernel table. 228On a host with more than one network interface, 229this default route will be via only one of the interfaces. 230Thus, multi-homed hosts running with 231.Fl q 232might need 233.Cm no_rdisc 234described below. 235.Pp 236See the 237.Cm pm_rdisc 238facility described below to support "legacy" systems 239that can handle neither RIPv2 nor Router Discovery. 240.Pp 241By default, neither Router Discovery advertisements nor solicitations 242are sent over point to point links (e.g.\& PPP). 243The netmask associated with point-to-point links (such as SLIP 244or PPP, with the IFF_POINTOPOINT flag) is used by 245.Nm 246to infer the netmask used by the remote system when RIPv1 is used. 247.Pp 248The following options are available: 249.Bl -tag -width indent 250.It Fl i 251allow 252.Nm 253to accept a RIP request from non-router node. 254When specified once, 255.Nm 256replies to a route information query from neighbor nodes. 257When specified twice, 258it replies to a query from remote nodes in addition. 259.Xr rtquery 8 260utility can be used to send a request. 261.Pp 262This feature is disabled by default because of a risk of reflection attack 263though it is useful for debugging purpose. 264.It Fl s 265force 266.Nm 267to supply routing information. 268This is the default if multiple network interfaces are present on which 269RIP or Router Discovery have not been disabled, and if the kernel switch 270ipforwarding=1. 271.It Fl q 272is the opposite of the 273.Fl s 274option. 275This is the default when only one interface is present. 276With this explicit option, the daemon is always in "quiet-mode" for RIP 277and does not supply routing information to other computers. 278.It Fl d 279do not run in the background. 280This option is meant for interactive use. 281.It Fl g 282used on internetwork routers to offer a route 283to the "default" destination. 284It is equivalent to 285.Fl F 286.Cm 0/0,1 287and is present mostly for historical reasons. 288A better choice is 289.Fl P Cm pm_rdisc 290on the command line or 291.Cm pm_rdisc 292in the 293.Pa /etc/gateways 294file, 295since a larger metric 296will be used, reducing the spread of the potentially dangerous 297default route. 298This is typically used on a gateway to the Internet, 299or on a gateway that uses another routing protocol whose routes 300are not reported to other local routers. 301Notice that because a metric of 1 is used, this feature is 302dangerous. 303It is more commonly accidentally used to create chaos with a 304routing loop than to solve problems. 305.It Fl h 306cause host or point-to-point routes to not be advertised, 307provided there is a network route going the same direction. 308That is a limited kind of aggregation. 309This option is useful on gateways to Ethernets that have other gateway 310machines connected with point-to-point links such as SLIP. 311.It Fl m 312cause the machine to advertise a host or point-to-point route to 313its primary interface. 314It is useful on multi-homed machines such as NFS servers. 315This option should not be used except when the cost of 316the host routes it generates is justified by the popularity of 317the server. 318It is effective only when the machine is supplying 319routing information, because there is more than one interface. 320The 321.Fl m 322option overrides the 323.Fl q 324option to the limited extent of advertising the host route. 325.It Fl A 326do not ignore RIPv2 authentication if we do not care about RIPv2 327authentication. 328This option is required for conformance with RFC 1723. 329However, it makes no sense and breaks using RIP as a discovery protocol 330to ignore all RIPv2 packets that carry authentication when this machine 331does not care about authentication. 332.It Fl t 333increase the debugging level, which causes more information to be logged 334on the tracefile specified with 335.Fl T 336or standard out. 337The debugging level can be increased or decreased 338with the 339.Em SIGUSR1 340or 341.Em SIGUSR2 342signals or with the 343.Xr rtquery 8 344command. 345.It Fl T Ar tracefile 346increases the debugging level to at least 1 and 347causes debugging information to be appended to the trace file. 348Note that because of security concerns, it is wisest to not run 349.Nm 350routinely with tracing directed to a file. 351.It Fl v 352display and logs the version of daemon. 353.It Fl F Ar net[/mask][,metric] 354minimize routes in transmissions via interfaces with addresses that match 355.Em net/mask , 356and synthesizes a default route to this machine with the 357.Em metric . 358The intent is to reduce RIP traffic on slow, point-to-point links 359such as PPP links by replacing many large UDP packets of RIP information 360with a single, small packet containing a "fake" default route. 361If 362.Em metric 363is absent, a value of 14 is assumed to limit 364the spread of the "fake" default route. 365This is a dangerous feature that when used carelessly can cause routing 366loops. 367Notice also that more than one interface can match the specified network 368number and mask. 369See also 370.Fl g . 371.It Fl P Ar parms 372is equivalent to adding the parameter 373line 374.Em parms 375to the 376.Pa /etc/gateways 377file. 378.El 379.Pp 380Any other argument supplied is interpreted as the name 381of a file in which the actions of 382.Nm 383should be logged. 384It is better to use 385.Fl T 386instead of 387appending the name of the trace file to the command. 388.Pp 389The 390.Nm 391utility also supports the notion of 392"distant" 393.Em passive 394or 395.Em active 396gateways. 397When 398.Nm 399is started, it reads the file 400.Pa /etc/gateways 401to find such distant gateways which may not be located using 402only information from a routing socket, to discover if some 403of the local gateways are 404.Em passive , 405and to obtain other parameters. 406Gateways specified in this manner should be marked passive 407if they are not expected to exchange routing information, 408while gateways marked active 409should be willing to exchange RIP packets. 410Routes through 411.Em passive 412gateways are installed in the 413kernel's routing tables once upon startup and are not included in 414transmitted RIP responses. 415.Pp 416Distant active gateways are treated like network interfaces. 417RIP responses are sent 418to the distant 419.Em active 420gateway. 421If no responses are received, the associated route is deleted from 422the kernel table and RIP responses advertised via other interfaces. 423If the distant gateway resumes sending RIP responses, the associated 424route is restored. 425.Pp 426Such gateways can be useful on media that do not support broadcasts 427or multicasts but otherwise act like classic shared media like 428Ethernets such as some ATM networks. 429One can list all RIP routers reachable on the HIPPI or ATM network in 430.Pa /etc/gateways 431with a series of 432"host" lines. 433Note that it is usually desirable to use RIPv2 in such situations 434to avoid generating lists of inferred host routes. 435.Pp 436Gateways marked 437.Em external 438are also passive, but are not placed in the kernel 439routing table nor are they included in routing updates. 440The function of external entries is to indicate 441that another routing process 442will install such a route if necessary, 443and that other routes to that destination should not be installed 444by 445.Nm . 446Such entries are only required when both routers may learn of routes 447to the same destination. 448.Pp 449The 450.Pa /etc/gateways 451file is comprised of a series of lines, each in 452one of the following two formats or consist of parameters described later. 453Blank lines and lines starting with '#' are comments. 454.Bd -ragged 455.Cm net 456.Ar Nname[/mask] 457.Cm gateway 458.Ar Gname 459.Cm metric 460.Ar value 461.Pf < Cm passive No \&| 462.Cm active No \&| 463.Cm extern Ns > 464.Ed 465.Bd -ragged 466.Cm host 467.Ar Hname 468.Cm gateway 469.Ar Gname 470.Cm metric 471.Ar value 472.Pf < Cm passive No \&| 473.Cm active No \&| 474.Cm extern Ns > 475.Ed 476.Pp 477.Ar Nname 478or 479.Ar Hname 480is the name of the destination network or host. 481It may be a symbolic network name or an Internet address 482specified in "dot" notation (see 483.Xr inet 3 ) . 484(If it is a name, then it must either be defined in 485.Pa /etc/networks 486or 487.Pa /etc/hosts , 488or a method in 489.Xr nsswitch.conf 5 490must be able to resolve it.) 491.Pp 492.Ar Mask 493is an optional number between 1 and 32 indicating the netmask associated 494with 495.Ar Nname . 496.Pp 497.Ar Gname 498is the name or address of the gateway to which RIP responses should 499be forwarded. 500.Pp 501.Ar Value 502is the hop count to the destination host or network. 503.Pp 504.Cm Host Ar hname 505is equivalent to 506.Cm net Ar nname/32 . 507.Pp 508One of the keywords 509.Cm passive , 510.Cm active 511or 512.Cm external 513must be present to indicate whether the gateway should be treated as 514.Cm passive 515or 516.Cm active 517(as described above), 518or whether the gateway is 519.Cm external 520to the scope of the RIP protocol. 521.Pp 522As can be seen when debugging is turned on with 523.Fl t , 524such lines create pseudo-interfaces. 525To set parameters for remote or external interfaces, 526a line starting with 527.Cm if=alias(Hname) , 528.Cm if=remote(Hname) , 529etc.\& should be used. 530.Ss Parameters 531Lines that start with neither "net" nor "host" must consist of one 532or more of the following parameter settings, separated by commas or 533blanks: 534.Bl -tag -width indent 535.It Cm if Ns = Ns Ar ifname 536indicates that the other parameters on the line apply to the interface 537name 538.Ar ifname . 539.It Cm subnet Ns = Ns Ar nname Ns Oo / Ns Ar mask Oc Ns Op , Ns Ar metric 540advertises a route to network 541.Ar nname 542with mask 543.Ar mask 544and the supplied metric (default 1). 545This is useful for filling "holes" in CIDR allocations. 546This parameter must appear by itself on a line. 547The network number must specify a full, 32-bit value, as in 192.0.2.0 548instead of 192.0.2. 549.Pp 550Do not use this feature unless necessary. 551It is dangerous. 552.It Cm ripv1_mask Ns = Ns Ar nname Ns / Ns Ar mask1 , Ns Ar mask2 553specifies that netmask of the network of which 554.Ar nname Ns / Ns Ar mask1 555is 556a subnet should be 557.Ar mask2 . 558For example, 559.Dq Li ripv1_mask=192.0.2.16/28,27 560marks 192.0.2.16/28 561as a subnet of 192.0.2.0/27 instead of 192.0.2.0/24. 562It is better to turn on RIPv2 instead of using this facility, for example 563with 564.Cm ripv2_out . 565.It Cm passwd Ns = Ns Ar XXX[|KeyID[start|stop]] 566specifies a RIPv2 cleartext password that will be included on 567all RIPv2 responses sent, and checked on all RIPv2 responses received. 568Any blanks, tab characters, commas, or '#', '|', or NULL characters in the 569password must be escaped with a backslash (\\). 570The common escape sequences \\n, \\r, \\t, \\b, and \\xxx have their 571usual meanings. 572The 573.Cm KeyID 574must be unique but is ignored for cleartext passwords. 575If present, 576.Cm start 577and 578.Cm stop 579are timestamps in the form year/month/day@hour:minute. 580They specify when the password is valid. 581The valid password with the most future is used on output packets, unless 582all passwords have expired, in which case the password that expired most 583recently is used, or unless no passwords are valid yet, in which case 584no password is output. 585Incoming packets can carry any password that is valid, will 586be valid within the next 24 hours, or that was valid within the preceding 58724 hours. 588To protect the secrets, the passwd settings are valid only in the 589.Pa /etc/gateways 590file and only when that file is readable only by UID 0. 591.It Cm md5_passwd Ns \&= Ns Ar XXX|KeyID[start|stop] 592specifies a RIPv2 MD5 password. 593Except that a 594.Cm KeyID 595is required, this keyword is similar to 596.Cm passwd . 597.It Cm no_ag 598turns off aggregation of subnets in RIPv1 and RIPv2 responses. 599.It Cm no_super_ag 600turns off aggregation of networks into supernets in RIPv2 responses. 601.It Cm passive 602marks the interface to not be advertised in updates sent via other 603interfaces, and turns off all RIP and router discovery through the interface. 604.It Cm no_rip 605disables all RIP processing on the specified interface. 606If no interfaces are allowed to process RIP packets, 607.Nm 608acts purely as a router discovery daemon. 609.Pp 610Note that turning off RIP without explicitly turning on router 611discovery advertisements with 612.Cm rdisc_adv 613or 614.Fl s 615causes 616.Nm 617to act as a client router discovery daemon, not advertising. 618.It Cm no_rip_mcast 619causes RIPv2 packets to be broadcast instead of multicast. 620.It Cm no_rip_out 621causes no RIP updates to be sent. 622.It Cm no_ripv1_in 623causes RIPv1 received responses to be ignored. 624.It Cm no_ripv2_in 625causes RIPv2 received responses to be ignored. 626.It Cm ripv2_out 627turns on RIPv2 output and causes RIPv2 advertisements to be 628multicast when possible. 629.It Cm ripv2 630is equivalent to 631.Cm no_ripv1_in 632and 633.Cm no_ripv1_out . 634This enables RIPv2. 635.It Cm no_rdisc 636disables the Internet Router Discovery Protocol. 637.It Cm no_solicit 638disables the transmission of Router Discovery Solicitations. 639.It Cm send_solicit 640specifies that Router Discovery solicitations should be sent, 641even on point-to-point links, 642which by default only listen to Router Discovery messages. 643.It Cm no_rdisc_adv 644disables the transmission of Router Discovery Advertisements. 645.It Cm rdisc_adv 646specifies that Router Discovery Advertisements should be sent, 647even on point-to-point links, 648which by default only listen to Router Discovery messages. 649.It Cm bcast_rdisc 650specifies that Router Discovery packets should be broadcast instead of 651multicast. 652.It Cm rdisc_pref Ns \&= Ns Ar N 653sets the preference in Router Discovery Advertisements to the optionally 654signed integer 655.Ar N . 656The default preference is 0. 657Default routes with smaller or more negative preferences are preferred by 658clients. 659.It Cm rdisc_interval Ns \&= Ns Ar N 660sets the nominal interval with which Router Discovery Advertisements 661are transmitted to N seconds and their lifetime to 3*N. 662.It Cm fake_default Ns \&= Ns Ar metric 663has an identical effect to 664.Fl F Ar net[/mask][=metric] 665with the network and mask coming from the specified interface. 666.It Cm pm_rdisc 667is similar to 668.Cm fake_default . 669When RIPv2 routes are multicast, so that RIPv1 listeners cannot 670receive them, this feature causes a RIPv1 default route to be 671broadcast to RIPv1 listeners. 672Unless modified with 673.Cm fake_default , 674the default route is broadcast with a metric of 14. 675That serves as a "poor man's router discovery" protocol. 676.It Cm adj_inmetric Ns \&= Ns Ar delta 677adjusts the hop count or metric of received RIP routes by 678.Ar delta . 679The metric of every received RIP route is increased by the sum 680of two values associated with the interface. 681One is the adj_inmetric value and the other is the interface 682metric set with 683.Xr ifconfig 8 . 684.It Cm adj_outmetric Ns \&= Ns Ar delta 685adjusts the hop count or metric of advertised RIP routes by 686.Ar delta . 687The metric of every received RIP route is increased by the metric 688associated with the interface by which it was received, or by 1 if 689the interface does not have a non-zero metric. 690The metric of the received route is then increased by the 691adj_outmetric associated with the interface. 692Every advertised route is increased by a total of four 693values, 694the metric set for the interface by which it was received with 695.Xr ifconfig 8 , 696the 697.Cm adj_inmetric Ar delta 698of the receiving interface, 699the metric set for the interface by which it is transmitted with 700.Xr ifconfig 8 , 701and the 702.Cm adj_outmetric Ar delta 703of the transmitting interface. 704.It Cm trust_gateway Ns \&= Ns Ar rname[|net1/mask1|net2/mask2|...] 705causes RIP packets from router 706.Ar rname 707and other routers named in other 708.Cm trust_gateway 709keywords to be accepted, and packets from other routers to be ignored. 710If networks are specified, then routes to other networks will be ignored 711from that router. 712.It Cm redirect_ok 713allows the kernel to listen ICMP Redirect messages when the system is acting 714as a router and forwarding packets. 715Otherwise, ICMP Redirect messages are overridden and deleted when the 716system is acting as a router. 717.El 718.Sh FILES 719.Bl -tag -width /etc/gateways -compact 720.It Pa /etc/gateways 721for distant gateways 722.El 723.Sh SEE ALSO 724.Xr icmp 4 , 725.Xr udp 4 , 726.Xr rtquery 8 727.Rs 728.%T Internet Transport Protocols 729.%R XSIS 028112 730.%Q Xerox System Integration Standard 731.Re 732.Sh HISTORY 733The 734.Nm 735utility appeared in 736.Bx 4.2 . 737.\" LocalWords: loopback ICMP rtquery ifconfig multicasting Solicitations RIPv 738.\" LocalWords: netstat rdisc 739.Sh BUGS 740It does not always detect unidirectional failures in network interfaces, 741for example, when the output side fails. 742