freebsd-skq/etc/rc.d/routing
Xin LI 335c94e632 Create the default router last. This allows using an static
interface route for default routes, which seems to be common
among many dedicated hosting providers.

Reviewed by:	hrs
MFC after:	2 weeks
2013-09-02 23:52:25 +00:00

407 lines
7.6 KiB
Bash
Executable File

#!/bin/sh
#
# Configure routing and miscellaneous network tunables
#
# $FreeBSD$
#
# PROVIDE: routing
# REQUIRE: faith netif ppp stf
# KEYWORD: nojailvnet
. /etc/rc.subr
. /etc/network.subr
name="routing"
start_cmd="routing_start doall"
stop_cmd="routing_stop"
extra_commands="options static"
static_cmd="routing_start static"
options_cmd="routing_start options"
ROUTE_CMD="/sbin/route"
routing_start()
{
local _cmd _af _if _a
_cmd=$1
_af=$2
_if=$3
case $_if in
""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;;
esac
case $_af in
inet|inet6|ipx|atm)
if afexists $_af; then
setroutes $_cmd $_af $_if
else
err 1 "Unsupported address family: $_af."
fi
;;
""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
for _a in inet inet6 ipx atm; do
afexists $_a && setroutes $_cmd $_a $_if
done
;;
*)
err 1 "Unsupported address family: $_af."
;;
esac
}
routing_stop()
{
local _af _if _a
_af=$1
_if=$2
case $_if in
""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;;
esac
case $_af in
inet|inet6|ipx|atm)
if afexists $_af; then
eval static_${_af} delete $_if
# When $_if is specified, do not flush routes.
if ! [ -n "$_if" ]; then
eval routing_stop_${_af}
fi
else
err 1 "Unsupported address family: $_af."
fi
;;
""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
for _a in inet inet6 ipx atm; do
afexists $_a || continue
eval static_${_a} delete $_if
# When $_if is specified, do not flush routes.
if ! [ -n "$_if" ]; then
eval routing_stop_${_a}
fi
done
;;
*)
err 1 "Unsupported address family: $_af."
;;
esac
}
setroutes()
{
case $1 in
static)
static_$2 add $3
;;
options)
options_$2
;;
doall)
static_$2 add $3
options_$2
;;
esac
}
routing_stop_inet()
{
${ROUTE_CMD} -n flush -inet
}
routing_stop_inet6()
{
local i
${ROUTE_CMD} -n flush -inet6
for i in `list_net_interfaces`; do
if ipv6if $i; then
ifconfig $i inet6 -defaultif
fi
done
}
routing_stop_atm()
{
return 0
}
routing_stop_ipx()
{
return 0
}
static_inet()
{
local _action _if _skip
_action=$1
_if=$2
# Add default route.
case ${defaultrouter} in
[Nn][Oo] | '')
;;
*)
static_routes="${static_routes} _default"
route__default="default ${defaultrouter}"
;;
esac
# Install configured routes.
if [ -n "${static_routes}" ]; then
for i in ${static_routes}; do
_skip=0
if [ -n "$_if" ]; then
case $i in
*:$_if) ;;
*) _skip=1 ;;
esac
fi
if [ $_skip = 0 ]; then
route_args=`get_if_var ${i%:*} route_IF`
if [ -n "$route_args" ]; then
${ROUTE_CMD} ${_action} ${route_args}
else
warn "route_${i%:*} not found."
fi
fi
done
fi
}
static_inet6()
{
local _action _if _skip fibmod fibs
_action=$1
_if=$2
# get the number of FIBs supported.
fibs=$((`${SYSCTL_N} net.fibs` - 1))
if [ "$fibs" -gt 0 ]; then
fibmod="-fib 0-$fibs"
else
fibmod=
fi
# Add pre-defined static routes first.
ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}"
ipv6_static_routes="_lla _llma ${ipv6_static_routes}"
# disallow "internal" addresses to appear on the wire
ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
# Disallow link-local unicast packets without outgoing scope
# identifiers. However, if you set "ipv6_default_interface",
# for the host case, you will allow to omit the identifiers.
# Under this configuration, the packets will go to the default
# interface.
ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}"
ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}"
# Add default route.
case ${ipv6_defaultrouter} in
[Nn][Oo] | '')
;;
*)
ipv6_static_routes="${ipv6_static_routes} _default"
ipv6_route__default="default ${ipv6_defaultrouter}"
;;
esac
# Install configured routes.
if [ -n "${ipv6_static_routes}" ]; then
for i in ${ipv6_static_routes}; do
_skip=0
if [ -n "$_if" ]; then
case $i in
*:$_if) ;;
*) _skip=1 ;;
esac
fi
if [ $_skip = 0 ]; then
ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF`
if [ -n "$ipv6_route_args" ]; then
${ROUTE_CMD} ${_action} \
-inet6 ${ipv6_route_args}
else
warn "route_${i%:*} not found"
fi
fi
done
fi
# Install the "default interface" to kernel, which will be used
# as the default route when there's no router.
# Disable installing the default interface when we act
# as router to avoid conflict between the default
# router list and the manual configured default route.
if checkyesno ipv6_gateway_enable; then
return
fi
case "${ipv6_default_interface}" in
[Nn][Oo] | [Nn][Oo][Nn][Ee])
return
;;
[Aa][Uu][Tt][Oo] | "")
for i in ${ipv6_network_interfaces}; do
case $i in
[Nn][Oo][Nn][Ee])
return
;;
lo0|faith[0-9]*)
continue
;;
esac
laddr=`network6_getladdr $i exclude_tentative`
case ${laddr} in
'')
;;
*)
ipv6_default_interface=$i
break
;;
esac
done
;;
esac
ifconfig ${ipv6_default_interface} inet6 defaultif
sysctl net.inet6.ip6.use_defaultzone=1
}
static_atm()
{
local _action i route_args
_action=$1
if [ -n "${natm_static_routes}" ]; then
for i in ${natm_static_routes}; do
route_args=`get_if_var $i route_IF`
if [ -n "$route_args" ]; then
atmconfig natm ${_action} ${route_args}
else
warn "route_${i} not found."
fi
done
fi
}
static_ipx()
{
:
}
ropts_init()
{
if [ -z "${_ropts_initdone}" ]; then
echo -n "Additional $1 routing options:"
_ropts_initdone=yes
fi
}
options_inet()
{
_ropts_initdone=
if checkyesno icmp_bmcastecho; then
ropts_init inet
echo -n ' broadcast ping responses=YES'
${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
else
${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
fi
if checkyesno icmp_drop_redirect; then
ropts_init inet
echo -n ' ignore ICMP redirect=YES'
${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
else
${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
fi
if checkyesno icmp_log_redirect; then
ropts_init inet
echo -n ' log ICMP redirect=YES'
${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
else
${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
fi
if checkyesno gateway_enable; then
ropts_init inet
echo -n ' gateway=YES'
${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
else
${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
fi
if checkyesno forward_sourceroute; then
ropts_init inet
echo -n ' do source routing=YES'
${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
else
${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
fi
if checkyesno accept_sourceroute; then
ropts_init inet
echo -n ' accept source routing=YES'
${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
else
${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
fi
if checkyesno arpproxy_all; then
ropts_init inet
echo -n ' ARP proxyall=YES'
${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
else
${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
fi
[ -n "${_ropts_initdone}" ] && echo '.'
}
options_inet6()
{
_ropts_initdone=
if checkyesno ipv6_gateway_enable; then
ropts_init inet6
echo -n ' gateway=YES'
${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
else
${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
fi
[ -n "${_ropts_initdone}" ] && echo '.'
}
options_atm()
{
_ropts_initdone=
[ -n "${_ropts_initdone}" ] && echo '.'
}
options_ipx()
{
_ropts_initdone=
if checkyesno ipxgateway_enable; then
ropts_init ipx
echo -n ' gateway=YES'
${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null
else
${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null
fi
[ -n "${_ropts_initdone}" ] && echo '.'
}
load_rc_config $name
run_rc_command "$@"