068c02de6d
Print a separate "Additional routing options" line for each address family which has additional options, so that it does not get mixed up with the output from adding routes. This also reverts r224048 which added newlines to two arbitrary routing options.
361 lines
6.5 KiB
Bash
Executable File
361 lines
6.5 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# Configure routing and miscellaneous network tunables
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: routing
|
|
# REQUIRE: faith netif ppp stf
|
|
# KEYWORD: nojail
|
|
|
|
. /etc/rc.subr
|
|
. /etc/network.subr
|
|
|
|
name="routing"
|
|
start_cmd="routing_start doall"
|
|
stop_cmd="routing_stop"
|
|
extra_commands="options static"
|
|
static_cmd="routing_start static"
|
|
options_cmd="routing_start options"
|
|
|
|
afcheck()
|
|
{
|
|
case $_af in
|
|
""|inet|inet6|ipx|atm)
|
|
;;
|
|
*)
|
|
err 1 "Unsupported address family: $_af."
|
|
;;
|
|
esac
|
|
}
|
|
|
|
routing_start()
|
|
{
|
|
local _cmd _af _a
|
|
_cmd=$1
|
|
_af=$2
|
|
|
|
afcheck
|
|
|
|
case $_af in
|
|
inet|inet6|ipx|atm)
|
|
setroutes $_cmd $_af
|
|
;;
|
|
"")
|
|
for _a in inet inet6 ipx atm; do
|
|
afexists $_a && setroutes $_cmd $_a
|
|
done
|
|
;;
|
|
esac
|
|
}
|
|
|
|
routing_stop()
|
|
{
|
|
local _af _a
|
|
_af=$1
|
|
|
|
afcheck
|
|
|
|
case $_af in
|
|
inet|inet6|ipx|atm)
|
|
eval static_${_af} delete
|
|
eval routing_stop_${_af}
|
|
;;
|
|
"")
|
|
for _a in inet inet6 ipx atm; do
|
|
afexists $_a || continue
|
|
eval static_${_a} delete
|
|
eval routing_stop_${_a}
|
|
done
|
|
;;
|
|
esac
|
|
}
|
|
|
|
setroutes()
|
|
{
|
|
case $1 in
|
|
static)
|
|
static_$2 add
|
|
;;
|
|
options)
|
|
options_$2
|
|
;;
|
|
doall)
|
|
static_$2 add
|
|
options_$2
|
|
;;
|
|
esac
|
|
}
|
|
|
|
routing_stop_inet()
|
|
{
|
|
route -n flush -inet
|
|
}
|
|
|
|
routing_stop_inet6()
|
|
{
|
|
local i
|
|
|
|
route -n flush -inet6
|
|
for i in ${ipv6_network_interfaces}; do
|
|
ifconfig $i inet6 -defaultif
|
|
done
|
|
}
|
|
|
|
routing_stop_atm()
|
|
{
|
|
return 0
|
|
}
|
|
|
|
routing_stop_ipx()
|
|
{
|
|
return 0
|
|
}
|
|
|
|
static_inet()
|
|
{
|
|
local _action
|
|
_action=$1
|
|
|
|
case ${defaultrouter} in
|
|
[Nn][Oo] | '')
|
|
;;
|
|
*)
|
|
static_routes="default ${static_routes}"
|
|
route_default="default ${defaultrouter}"
|
|
;;
|
|
esac
|
|
|
|
if [ -n "${static_routes}" ]; then
|
|
for i in ${static_routes}; do
|
|
route_args=`get_if_var $i route_IF`
|
|
route ${_action} ${route_args}
|
|
done
|
|
fi
|
|
}
|
|
|
|
static_inet6()
|
|
{
|
|
local _action i
|
|
_action=$1
|
|
|
|
# disallow "internal" addresses to appear on the wire
|
|
route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
|
|
route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
|
|
|
|
case ${ipv6_defaultrouter} in
|
|
[Nn][Oo] | '')
|
|
;;
|
|
*)
|
|
ipv6_static_routes="default ${ipv6_static_routes}"
|
|
ipv6_route_default="default ${ipv6_defaultrouter}"
|
|
;;
|
|
esac
|
|
|
|
if [ -n "${ipv6_static_routes}" ]; then
|
|
for i in ${ipv6_static_routes}; do
|
|
ipv6_route_args=`get_if_var $i ipv6_route_IF`
|
|
route ${_action} -inet6 ${ipv6_route_args}
|
|
done
|
|
fi
|
|
|
|
# Fixup $ipv6_network_interfaces
|
|
case ${ipv6_network_interfaces} in
|
|
[Nn][Oo][Nn][Ee])
|
|
ipv6_network_interfaces=''
|
|
;;
|
|
esac
|
|
|
|
if checkyesno ipv6_gateway_enable; then
|
|
for i in ${ipv6_network_interfaces}; do
|
|
|
|
laddr=`network6_getladdr $i exclude_tentative`
|
|
case ${laddr} in
|
|
'')
|
|
;;
|
|
*)
|
|
ipv6_working_interfaces="$i \
|
|
${ipv6_working_interfaces}"
|
|
;;
|
|
esac
|
|
done
|
|
ipv6_network_interfaces=${ipv6_working_interfaces}
|
|
fi
|
|
|
|
# Install the "default interface" to kernel, which will be used
|
|
# as the default route when there's no router.
|
|
case "${ipv6_default_interface}" in
|
|
[Nn][Oo] | [Nn][Oo][Nn][Ee])
|
|
ipv6_default_interface=""
|
|
;;
|
|
[Aa][Uu][Tt][Oo] | "")
|
|
for i in ${ipv6_network_interfaces}; do
|
|
case $i in
|
|
lo0|faith[0-9]*)
|
|
continue
|
|
;;
|
|
esac
|
|
laddr=`network6_getladdr $i exclude_tentative`
|
|
case ${laddr} in
|
|
'')
|
|
;;
|
|
*)
|
|
ipv6_default_interface=$i
|
|
break
|
|
;;
|
|
esac
|
|
done
|
|
;;
|
|
esac
|
|
|
|
# Disallow link-local unicast packets without outgoing scope
|
|
# identifiers. However, if you set "ipv6_default_interface",
|
|
# for the host case, you will allow to omit the identifiers.
|
|
# Under this configuration, the packets will go to the default
|
|
# interface.
|
|
route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
|
|
route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
|
|
|
|
case ${ipv6_default_interface} in
|
|
'')
|
|
;;
|
|
*)
|
|
# Disable installing the default interface when we act
|
|
# as router to avoid conflict between the default
|
|
# router list and the manual configured default route.
|
|
if ! checkyesno ipv6_gateway_enable; then
|
|
ifconfig ${ipv6_default_interface} inet6 defaultif
|
|
sysctl net.inet6.ip6.use_defaultzone=1
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
static_atm()
|
|
{
|
|
local _action i route_args
|
|
_action=$1
|
|
|
|
if [ -n "${natm_static_routes}" ]; then
|
|
for i in ${natm_static_routes}; do
|
|
route_args=`get_if_var $i route_IF`
|
|
atmconfig natm ${_action} ${route_args}
|
|
done
|
|
fi
|
|
}
|
|
|
|
static_ipx()
|
|
{
|
|
}
|
|
|
|
ropts_init()
|
|
{
|
|
if [ -z "${_ropts_initdone}" ]; then
|
|
echo -n "Additional $1 routing options:"
|
|
_ropts_initdone=yes
|
|
fi
|
|
}
|
|
|
|
options_inet()
|
|
{
|
|
_ropts_initdone=
|
|
if checkyesno icmp_bmcastecho; then
|
|
ropts_init inet
|
|
echo -n ' broadcast ping responses=YES'
|
|
${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
|
|
else
|
|
${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
|
|
fi
|
|
|
|
if checkyesno icmp_drop_redirect; then
|
|
ropts_init inet
|
|
echo -n ' ignore ICMP redirect=YES'
|
|
${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
|
|
else
|
|
${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
|
|
fi
|
|
|
|
if checkyesno icmp_log_redirect; then
|
|
ropts_init inet
|
|
echo -n ' log ICMP redirect=YES'
|
|
${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
|
|
else
|
|
${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
|
|
fi
|
|
|
|
if checkyesno gateway_enable; then
|
|
ropts_init inet
|
|
echo -n ' gateway=YES'
|
|
${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
|
|
else
|
|
${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
|
|
fi
|
|
|
|
if checkyesno forward_sourceroute; then
|
|
ropts_init inet
|
|
echo -n ' do source routing=YES'
|
|
${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
|
|
else
|
|
${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
|
|
fi
|
|
|
|
if checkyesno accept_sourceroute; then
|
|
ropts_init inet
|
|
echo -n ' accept source routing=YES'
|
|
${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
|
|
else
|
|
${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
|
|
fi
|
|
|
|
if checkyesno arpproxy_all; then
|
|
ropts_init inet
|
|
echo -n ' ARP proxyall=YES'
|
|
${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
|
|
else
|
|
${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
|
|
fi
|
|
|
|
[ -n "${_ropts_initdone}" ] && echo '.'
|
|
}
|
|
|
|
options_inet6()
|
|
{
|
|
_ropts_initdone=
|
|
|
|
if checkyesno ipv6_gateway_enable; then
|
|
ropts_init inet6
|
|
echo -n ' gateway=YES'
|
|
${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
|
|
else
|
|
${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
|
|
fi
|
|
|
|
[ -n "${_ropts_initdone}" ] && echo '.'
|
|
}
|
|
|
|
options_atm()
|
|
{
|
|
_ropts_initdone=
|
|
|
|
[ -n "${_ropts_initdone}" ] && echo '.'
|
|
}
|
|
|
|
options_ipx()
|
|
{
|
|
_ropts_initdone=
|
|
|
|
if checkyesno ipxgateway_enable; then
|
|
ropts_init ipx
|
|
echo -n ' gateway=YES'
|
|
${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null
|
|
else
|
|
${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null
|
|
fi
|
|
|
|
[ -n "${_ropts_initdone}" ] && echo '.'
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$@"
|