network.subr revision 85831
125184Sjkh#!/bin/sh - 2113674Smtm# 3113674Smtm# Copyright (c) 1993 The FreeBSD Project 4113674Smtm# All rights reserved. 5113674Smtm# 6113674Smtm# Redistribution and use in source and binary forms, with or without 7113674Smtm# modification, are permitted provided that the following conditions 8113674Smtm# are met: 9113674Smtm# 1. Redistributions of source code must retain the above copyright 10113674Smtm# notice, this list of conditions and the following disclaimer. 11113674Smtm# 2. Redistributions in binary form must reproduce the above copyright 12113674Smtm# notice, this list of conditions and the following disclaimer in the 13113674Smtm# documentation and/or other materials provided with the distribution. 14113674Smtm# 15113674Smtm# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16113674Smtm# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17113674Smtm# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18113674Smtm# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19113674Smtm# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20113674Smtm# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21113674Smtm# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22113674Smtm# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23113674Smtm# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24113674Smtm# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2550472Speter# SUCH DAMAGE. 2666830Sobrien# 2725184Sjkh# $FreeBSD: head/etc/network.subr 85831 2001-11-01 12:39:01Z des $ 28113674Smtm# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29113674Smtm# 30113674Smtm 31113674Smtm# Note that almost all of the user-configurable behavior is no longer in 3225184Sjkh# this file, but rather in /etc/defaults/rc.conf. Please check that file 33178356Ssam# first before contemplating any changes here. If you do need to change 34197147Shrs# this file for some reason, we would like to know about it. 35225560Sbrueffer 36178356Ssam# First pass startup stuff. 37178356Ssam# 38178356Ssamnetwork_pass1() { 39178356Ssam echo -n 'Doing initial network setup:' 40178356Ssam 41178356Ssam # Generate host.conf for compatibility 42178356Ssam # 43178356Ssam if [ -f "/etc/nsswitch.conf" ]; then 44178356Ssam echo '' 45178356Ssam echo 'Generating /etc/host.conf for compatibility' 46178356Ssam generate_host_conf /etc/nsswitch.conf /etc/host.conf 47222515Sbz fi 48222515Sbz 49222515Sbz # Convert host.conf to nsswitch.conf if necessary 50197139Shrs # 51178356Ssam if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 52178356Ssam echo '' 53178356Ssam echo 'Warning: /etc/host.conf is no longer used' 54178356Ssam echo ' /etc/nsswitch.conf will be created for you' 55197139Shrs convert_host_conf /etc/host.conf /etc/nsswitch.conf 56225560Sbrueffer fi 57197147Shrs 58178356Ssam # Set the host name if it is not already set 59178356Ssam # 60178356Ssam if [ -z "`hostname -s`" ]; then 61178356Ssam hostname ${hostname} 62178356Ssam echo -n ' hostname' 63178356Ssam fi 64178356Ssam 65197139Shrs # Establish ipfilter ruleset as early as possible (best in 66178356Ssam # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 67222515Sbz # 68222515Sbz if /sbin/ipfstat -i > /dev/null 2>&1; then 69222515Sbz ipfilter_in_kernel=1 70178356Ssam else 71178356Ssam ipfilter_in_kernel=0 72197139Shrs fi 73178356Ssam 74178356Ssam case "${ipfilter_enable}" in 75178356Ssam [Yy][Ee][Ss]) 76178356Ssam if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 77113674Smtm ipfilter_in_kernel=1 78113674Smtm echo "Kernel ipfilter module loaded." 79113674Smtm elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 80113674Smtm echo "Warning: ipfilter kernel module failed to load." 81147088Sbrooks fi 82147088Sbrooks 83113674Smtm if [ -r "${ipfilter_rules}" ]; then 84113674Smtm echo -n ' ipfilter'; 85113674Smtm ${ipfilter_program:-/sbin/ipf -Fa -f} \ 86197139Shrs "${ipfilter_rules}" ${ipfilter_flags} 87147088Sbrooks case "${ipmon_enable}" in 88147088Sbrooks [Yy][Ee][Ss]) 89222515Sbz echo -n ' ipmon' 90222515Sbz ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 91222515Sbz ;; 92222515Sbz esac 93222515Sbz case "${ipfs_enable}" in 94197139Shrs [Yy][Ee][Ss]) 95147088Sbrooks if [ -r "/var/db/ipf/ipstate.ipf" ]; then 96113674Smtm echo -n ' ipfs'; 97223506Spluknet eval ${ipfs_program:-/sbin/ipfs -R} \ 98147088Sbrooks ${ipfs_flags} 99113674Smtm fi 100147088Sbrooks ;; 101197139Shrs esac 102197139Shrs else 103222733Shrs ipfilter_enable="NO" 104222733Shrs echo -n ' NO IPF RULES' 105222746Shrs fi 106222733Shrs esac 107212574Shrs case "${ipnat_enable}" in 108197139Shrs [Yy][Ee][Ss]) 109222733Shrs if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 110222733Shrs ipfilter_in_kernel=1 111222733Shrs echo "Kernel ipfilter module loaded." 112222733Shrs elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 113222733Shrs echo "Warning: ipfilter kernel module failed to load." 114222733Shrs fi 115222733Shrs if [ -r "${ipnat_rules}" ]; then 116225521Shrs echo -n ' ipnat'; 117225521Shrs eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 118225521Shrs "${ipnat_rules}" ${ipnat_flags} 119225521Shrs else 120225521Shrs echo -n ' NO IPNAT RULES' 121225521Shrs fi 122212574Shrs ;; 123212574Shrs esac 124197526Shrs 125212574Shrs # Set the domainname if we're using NIS 126212574Shrs # 127212574Shrs case ${nisdomainname} in 128212574Shrs [Nn][Oo] | '') 129225522Shrs ;; 130225522Shrs *) 131225522Shrs domainname ${nisdomainname} 132225522Shrs echo -n ' domain' 133225522Shrs ;; 134225522Shrs esac 135225522Shrs 136225522Shrs echo '.' 137212574Shrs 138225522Shrs # Initial ATM interface configuration 139212574Shrs # 140212574Shrs case ${atm_enable} in 141212574Shrs [Yy][Ee][Ss]) 142212574Shrs if [ -r /etc/rc.atm ]; then 143212574Shrs . /etc/rc.atm 144212574Shrs atm_pass1 145212574Shrs fi 146212574Shrs ;; 147212574Shrs esac 148225522Shrs 149212574Shrs # Attempt to create cloned interfaces. 150212574Shrs for ifn in ${cloned_interfaces}; do 151197139Shrs ifconfig ${ifn} create 152197139Shrs done 153197139Shrs 154197139Shrs # Special options for sppp(4) interfaces go here. These need 155197139Shrs # to go _before_ the general ifconfig section, since in the case 156197139Shrs # of hardwired (no link1 flag) but required authentication, you 157147088Sbrooks # cannot pass auth parameters down to the already running interface. 158147682Sbrooks # 159147088Sbrooks for ifn in ${sppp_interfaces}; do 160147088Sbrooks eval spppcontrol_args=\$spppconfig_${ifn} 161147088Sbrooks if [ -n "${spppcontrol_args}" ]; then 162147088Sbrooks # The auth secrets might contain spaces; in order 163149726Sbrooks # to retain the quotation, we need to eval them 164149726Sbrooks # here. 165149726Sbrooks eval spppcontrol ${ifn} ${spppcontrol_args} 166157706Sbrooks fi 167157706Sbrooks done 168157706Sbrooks 169147088Sbrooks # gifconfig 170147088Sbrooks network_gif_setup 171147088Sbrooks 172147121Sbrooks # Set up all the network interfaces, calling startup scripts if needed 173113674Smtm # 17425184Sjkh case ${network_interfaces} in 175116029Smtm [Aa][Uu][Tt][Oo]) 176161386Sbrooks network_interfaces="`ifconfig -l`" 177161386Sbrooks ;; 178116029Smtm *) 179116029Smtm network_interfaces="${network_interfaces} ${cloned_interfaces}" 180116029Smtm ;; 181197139Shrs esac 182147121Sbrooks 183116029Smtm dhcp_interfaces="" 184147088Sbrooks for ifn in ${network_interfaces}; do 185147682Sbrooks if [ -r /etc/start_if.${ifn} ]; then 186147121Sbrooks . /etc/start_if.${ifn} 187147088Sbrooks eval showstat_$ifn=1 188147088Sbrooks fi 189147088Sbrooks 190147088Sbrooks # Do the primary ifconfig if specified 191147088Sbrooks # 192147088Sbrooks eval ifconfig_args=\$ifconfig_${ifn} 193147088Sbrooks 194161386Sbrooks case ${ifconfig_args} in 195161386Sbrooks '') 196161386Sbrooks ;; 197161386Sbrooks [Dd][Hh][Cc][Pp]) 198157706Sbrooks # DHCP inits are done all in one go below 199147121Sbrooks dhcp_interfaces="$dhcp_interfaces $ifn" 200116029Smtm eval showstat_$ifn=1 201116029Smtm ;; 202157706Sbrooks *) 203197147Shrs ifconfig ${ifn} ${ifconfig_args} 204197147Shrs eval showstat_$ifn=1 205197147Shrs ;; 206197147Shrs esac 207197147Shrs done 208157706Sbrooks 209157706Sbrooks if [ ! -z "${dhcp_interfaces}" ]; then 210212578Shrs ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 211197139Shrs fi 212157706Sbrooks 213157706Sbrooks for ifn in ${network_interfaces}; do 214157706Sbrooks # Check to see if aliases need to be added 215157706Sbrooks # 216157706Sbrooks alias=0 217157706Sbrooks while : ; do 218157736Sbrooks eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 219157706Sbrooks if [ -n "${ifconfig_args}" ]; then 220157706Sbrooks ifconfig ${ifn} ${ifconfig_args} alias 221157706Sbrooks eval showstat_$ifn=1 222157706Sbrooks alias=`expr ${alias} + 1` 223157706Sbrooks else 224157706Sbrooks break; 225157706Sbrooks fi 226168033Sache done 227157706Sbrooks 228157706Sbrooks # Do ipx address if specified 229197139Shrs # 230225560Sbrueffer eval ifconfig_args=\$ifconfig_${ifn}_ipx 231225560Sbrueffer if [ -n "${ifconfig_args}" ]; then 232147088Sbrooks ifconfig ${ifn} ${ifconfig_args} 233147088Sbrooks eval showstat_$ifn=1 234147088Sbrooks fi 235212574Shrs done 236147088Sbrooks 237197139Shrs for ifn in ${network_interfaces}; do 238197139Shrs eval showstat=\$showstat_${ifn} 239147088Sbrooks if [ ! -z ${showstat} ]; then 240147088Sbrooks ifconfig ${ifn} 241147088Sbrooks fi 242147088Sbrooks done 243212574Shrs 244147088Sbrooks # ISDN subsystem startup 245147088Sbrooks # 246197139Shrs case ${isdn_enable} in 247147088Sbrooks [Yy][Ee][Ss]) 248147088Sbrooks if [ -r /etc/rc.isdn ]; then 249147088Sbrooks . /etc/rc.isdn 250147088Sbrooks fi 251197139Shrs ;; 252197139Shrs esac 253147088Sbrooks 254147088Sbrooks # Start user ppp if required. This must happen before natd. 255147088Sbrooks # 256147088Sbrooks case ${ppp_enable} in 257147088Sbrooks [Yy][Ee][Ss]) 258147088Sbrooks # Establish ppp mode. 259147088Sbrooks # 260157706Sbrooks if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 261157706Sbrooks -a "${ppp_mode}" != "dedicated" \ 262157706Sbrooks -a "${ppp_mode}" != "background" ]; then 263157706Sbrooks ppp_mode="auto" 264157706Sbrooks fi 265147088Sbrooks 266147088Sbrooks ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 267147088Sbrooks 268147088Sbrooks # Switch on NAT mode? 269147088Sbrooks # 270147088Sbrooks case ${ppp_nat} in 271147088Sbrooks [Yy][Ee][Ss]) 272147088Sbrooks ppp_command="${ppp_command} -nat" 273147088Sbrooks ;; 274149401Sbrooks esac 275225560Sbrueffer 276149401Sbrooks ppp_command="${ppp_command} ${ppp_profile}" 277149401Sbrooks 278149401Sbrooks echo "Starting ppp as \"${ppp_user}\"" 279197139Shrs su -m ${ppp_user} -c "exec ${ppp_command}" 280149401Sbrooks ;; 281197139Shrs esac 282149401Sbrooks 283149401Sbrooks # Re-Sync ipfilter 284149401Sbrooks # 285149401Sbrooks case ${ipfilter_enable} in 286149401Sbrooks [Yy][Ee][Ss]) 287149401Sbrooks ${ipfilter_program:-/sbin/ipf -y} 288149401Sbrooks ;; 289197139Shrs *) 290149401Sbrooks case ${ipnat_enable} in 291149401Sbrooks [Yy][Ee][Ss]) 292149401Sbrooks ${ipfilter_program:-/sbin/ipf -y} 293147088Sbrooks ;; 294147088Sbrooks esac 295147088Sbrooks esac 296147088Sbrooks 297197139Shrs # Initialize IP filtering using ipfw 298147088Sbrooks # 299197139Shrs if /sbin/ipfw -q flush > /dev/null 2>&1; then 300147088Sbrooks firewall_in_kernel=1 301147088Sbrooks else 302147088Sbrooks firewall_in_kernel=0 303147088Sbrooks fi 304147088Sbrooks 305157706Sbrooks case ${firewall_enable} in 306157706Sbrooks [Yy][Ee][Ss]) 307157706Sbrooks if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 308157706Sbrooks firewall_in_kernel=1 309157706Sbrooks echo 'Kernel firewall module loaded' 310157706Sbrooks elif [ "${firewall_in_kernel}" -eq 0 ]; then 311147088Sbrooks echo 'Warning: firewall kernel module failed to load' 312147088Sbrooks fi 313197139Shrs ;; 314147088Sbrooks esac 315147088Sbrooks 316147088Sbrooks # Load the filters if required 317157706Sbrooks # 318157706Sbrooks case ${firewall_in_kernel} in 319157706Sbrooks 1) 320157706Sbrooks if [ -z "${firewall_script}" ]; then 321157706Sbrooks firewall_script=/etc/rc.firewall 322197139Shrs fi 323157706Sbrooks 324197139Shrs case ${firewall_enable} in 325157706Sbrooks [Yy][Ee][Ss]) 326157706Sbrooks if [ -r "${firewall_script}" ]; then 327157706Sbrooks . "${firewall_script}" 328157706Sbrooks echo -n 'Firewall rules loaded, starting divert daemons:' 329157706Sbrooks 330157706Sbrooks # Network Address Translation daemon 331157706Sbrooks # 332157706Sbrooks case ${natd_enable} in 333157706Sbrooks [Yy][Ee][Ss]) 334157706Sbrooks if [ -n "${natd_interface}" ]; then 335197139Shrs if echo ${natd_interface} | \ 336197139Shrs grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 337157706Sbrooks natd_ifarg="-a ${natd_interface}" 338157706Sbrooks else 339147088Sbrooks natd_ifarg="-n ${natd_interface}" 340147088Sbrooks fi 341147088Sbrooks 342147088Sbrooks echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 343197139Shrs fi 344147088Sbrooks ;; 345197139Shrs esac 346147088Sbrooks 347147088Sbrooks echo '.' 348147088Sbrooks 349147088Sbrooks elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 350147088Sbrooks echo 'Warning: kernel has firewall functionality,' \ 351147088Sbrooks 'but firewall rules are not enabled.' 352147088Sbrooks echo ' All ip services are disabled.' 353197139Shrs fi 354147088Sbrooks 355147088Sbrooks case ${firewall_logging} in 356147088Sbrooks [Yy][Ee][Ss] | '') 357197139Shrs echo 'Firewall logging=YES' 358197139Shrs sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 359197139Shrs ;; 360197139Shrs *) 361197139Shrs ;; 362197139Shrs esac 363197139Shrs 364197139Shrs ;; 365197139Shrs esac 366222996Shrs ;; 367222996Shrs esac 368197139Shrs 369197697Shrs # Additional ATM interface configuration 370197697Shrs # 371197697Shrs if [ -n "${atm_pass1_done}" ]; then 372197697Shrs atm_pass2 373197697Shrs fi 374197697Shrs 375197697Shrs # Configure routing 376197697Shrs # 377197697Shrs case ${defaultrouter} in 378197697Shrs [Nn][Oo] | '') 379197139Shrs ;; 380197139Shrs *) 381197139Shrs static_routes="default ${static_routes}" 382197139Shrs route_default="default ${defaultrouter}" 383197139Shrs ;; 384197139Shrs esac 385212574Shrs 386212574Shrs # Set up any static routes. This should be done before router discovery. 387212574Shrs # 388212574Shrs if [ -n "${static_routes}" ]; then 389212574Shrs for i in ${static_routes}; do 390212574Shrs eval route_args=\$route_${i} 391212574Shrs route add ${route_args} 392212574Shrs done 393212574Shrs fi 394212574Shrs 395212574Shrs echo -n 'Additional routing options:' 396212574Shrs case ${tcp_extensions} in 397212574Shrs [Yy][Ee][Ss] | '') 398212577Shrs ;; 399212574Shrs *) 400212574Shrs echo -n ' tcp extensions=NO' 401212574Shrs sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 402212574Shrs ;; 403212574Shrs esac 404212574Shrs 405212574Shrs case ${icmp_bmcastecho} in 406212574Shrs [Yy][Ee][Ss]) 407212574Shrs echo -n ' broadcast ping responses=YES' 408212574Shrs sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 409212574Shrs ;; 410212574Shrs esac 411212574Shrs 412162490Sbrooks case ${icmp_drop_redirect} in 413162490Sbrooks [Yy][Ee][Ss]) 414162490Sbrooks echo -n ' ignore ICMP redirect=YES' 415162490Sbrooks sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 416162490Sbrooks ;; 417212574Shrs esac 418212574Shrs 419212574Shrs case ${icmp_log_redirect} in 420197139Shrs [Yy][Ee][Ss]) 421162490Sbrooks echo -n ' log ICMP redirect=YES' 422162490Sbrooks sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 423197139Shrs ;; 424197139Shrs esac 425212574Shrs 426197139Shrs case ${gateway_enable} in 427197139Shrs [Yy][Ee][Ss]) 428197139Shrs echo -n ' IP gateway=YES' 429197139Shrs sysctl -w net.inet.ip.forwarding=1 >/dev/null 430197139Shrs ;; 431212574Shrs esac 432212575Shrs 433212575Shrs case ${forward_sourceroute} in 434212575Shrs [Yy][Ee][Ss]) 435212575Shrs echo -n ' do source routing=YES' 436212575Shrs sysctl -w net.inet.ip.sourceroute=1 >/dev/null 437212575Shrs ;; 438197139Shrs esac 439212575Shrs 440212575Shrs case ${accept_sourceroute} in 441212575Shrs [Yy][Ee][Ss]) 442212574Shrs echo -n ' accept source routing=YES' 443212574Shrs sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 444212575Shrs ;; 445212575Shrs esac 446197139Shrs 447162490Sbrooks case ${tcp_keepalive} in 448162490Sbrooks [Yy][Ee][Ss]) 449162490Sbrooks echo -n ' TCP keepalive=YES' 450197139Shrs sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 451197139Shrs ;; 452225560Sbrueffer esac 453197139Shrs 454197139Shrs case ${tcp_drop_synfin} in 455197139Shrs [Yy][Ee][Ss]) 456197139Shrs echo -n ' drop SYN+FIN packets=YES' 457197139Shrs sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 458212577Shrs ;; 459212577Shrs esac 460212577Shrs 461212577Shrs case ${ipxgateway_enable} in 462212577Shrs [Yy][Ee][Ss]) 463212577Shrs echo -n ' IPX gateway=YES' 464197139Shrs sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 465212577Shrs ;; 466212577Shrs esac 467212574Shrs 468212574Shrs case ${arpproxy_all} in 469212574Shrs [Yy][Ee][Ss]) 470212577Shrs echo -n ' ARP proxyall=YES' 471212577Shrs sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 472212577Shrs ;; 473197139Shrs esac 474197139Shrs 475197139Shrs case ${ip_portrange_first} in 476197526Shrs [Nn][Oo] | '') 477197526Shrs ;; 478197526Shrs *) 479197526Shrs echo -n " ip_portrange_first=$ip_portrange_first" 480212574Shrs sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 481212574Shrs ;; 482212577Shrs esac 483197526Shrs 484212577Shrs case ${ip_portrange_last} in 485197526Shrs [Nn][Oo] | '') 486197526Shrs ;; 487212574Shrs *) 488212574Shrs echo -n " ip_portrange_last=$ip_portrange_last" 489212574Shrs sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 490212574Shrs ;; 491212574Shrs esac 492212574Shrs 493212574Shrs echo '.' 494212574Shrs 495212574Shrs case ${ipsec_enable} in 496212574Shrs [Yy][Ee][Ss]) 497212574Shrs if [ -f ${ipsec_file} ]; then 498212574Shrs echo ' ipsec: enabled' 499212574Shrs setkey -f ${ipsec_file} 500212574Shrs else 501212574Shrs echo ' ipsec: file not found' 502212574Shrs fi 503212574Shrs ;; 504212574Shrs esac 505212574Shrs 506197139Shrs echo -n 'Routing daemons:' 507197139Shrs case ${router_enable} in 508197139Shrs [Yy][Ee][Ss]) 509161386Sbrooks echo -n " ${router}"; ${router} ${router_flags} 510161386Sbrooks ;; 511161386Sbrooks esac 512161386Sbrooks 513197139Shrs case ${ipxrouted_enable} in 514169889Sthompsa [Yy][Ee][Ss]) 515161386Sbrooks echo -n ' IPXrouted' 516161386Sbrooks IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 517152441Sbrooks ;; 518212578Shrs esac 519152441Sbrooks 520152441Sbrooks case ${mrouted_enable} in 521197139Shrs [Yy][Ee][Ss]) 522152441Sbrooks echo -n ' mrouted'; mrouted ${mrouted_flags} 523197139Shrs ;; 524197139Shrs esac 525222515Sbz 526222515Sbz case ${rarpd_enable} in 527222515Sbz [Yy][Ee][Ss]) 528222515Sbz echo -n ' rarpd'; rarpd ${rarpd_flags} 529222515Sbz ;; 530222515Sbz esac 531222515Sbz echo '.' 532197139Shrs 533197139Shrs # Let future generations know we made it. 534197139Shrs # 535197139Shrs network_pass1_done=YES 536152441Sbrooks} 537152441Sbrooks 538197139Shrsnetwork_pass2() { 539197139Shrs echo -n 'Doing additional network setup:' 540197139Shrs case ${named_enable} in 541197139Shrs [Yy][Ee][Ss]) 542197139Shrs echo -n ' named'; ${named_program:-named} ${named_flags} 543197139Shrs ;; 544197139Shrs esac 545197139Shrs 546197139Shrs case ${ntpdate_enable} in 547197139Shrs [Yy][Ee][Ss]) 548197139Shrs echo -n ' ntpdate' 549197139Shrs ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 550197139Shrs ;; 551197139Shrs esac 552197139Shrs 553197139Shrs case ${xntpd_enable} in 554197139Shrs [Yy][Ee][Ss]) 555197139Shrs echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 556197139Shrs ;; 557197139Shrs esac 558197139Shrs 559197139Shrs case ${timed_enable} in 560197139Shrs [Yy][Ee][Ss]) 561152441Sbrooks echo -n ' timed'; timed ${timed_flags} 562197147Shrs ;; 563152441Sbrooks esac 564152441Sbrooks 565197139Shrs case ${portmap_enable} in 566152441Sbrooks [Yy][Ee][Ss]) 567161386Sbrooks echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 568161386Sbrooks ${portmap_flags} 569161386Sbrooks 570161386Sbrooks # Start ypserv if we're an NIS server. 571161386Sbrooks # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 572161386Sbrooks # 573161386Sbrooks case ${nis_server_enable} in 574161386Sbrooks [Yy][Ee][Ss]) 575161386Sbrooks echo -n ' ypserv'; ypserv ${nis_server_flags} 576161386Sbrooks 577161386Sbrooks case ${nis_ypxfrd_enable} in 578161386Sbrooks [Yy][Ee][Ss]) 579161386Sbrooks echo -n ' rpc.ypxfrd' 580161386Sbrooks rpc.ypxfrd ${nis_ypxfrd_flags} 581161386Sbrooks ;; 582161386Sbrooks esac 583161386Sbrooks 584161386Sbrooks case ${nis_yppasswdd_enable} in 585161386Sbrooks [Yy][Ee][Ss]) 586161386Sbrooks echo -n ' rpc.yppasswdd' 587197139Shrs rpc.yppasswdd ${nis_yppasswdd_flags} 588161386Sbrooks ;; 589161386Sbrooks esac 590161386Sbrooks ;; 591152441Sbrooks esac 592152441Sbrooks 593197139Shrs # Start ypbind if we're an NIS client 594197139Shrs # 595197139Shrs case ${nis_client_enable} in 596197139Shrs [Yy][Ee][Ss]) 597197139Shrs echo -n ' ypbind'; ypbind ${nis_client_flags} 598197139Shrs case ${nis_ypset_enable} in 599197139Shrs [Yy][Ee][Ss]) 600197139Shrs echo -n ' ypset'; ypset ${nis_ypset_flags} 601197139Shrs ;; 602197139Shrs esac 603197139Shrs ;; 604197139Shrs esac 605197139Shrs 606197139Shrs # Start keyserv if we are running Secure RPC 607197139Shrs # 608197139Shrs case ${keyserv_enable} in 609197139Shrs [Yy][Ee][Ss]) 610197139Shrs echo -n ' keyserv'; keyserv ${keyserv_flags} 611197139Shrs ;; 612197139Shrs esac 613197139Shrs 614197139Shrs # Start ypupdated if we are running Secure RPC 615197139Shrs # and we are NIS master 616197139Shrs # 617197139Shrs case ${rpc_ypupdated_enable} in 618197139Shrs [Yy][Ee][Ss]) 619197139Shrs echo -n ' rpc.ypupdated'; rpc.ypupdated 620197139Shrs ;; 621197139Shrs esac 622197139Shrs ;; 623197139Shrs esac 624197139Shrs 625197139Shrs # Start ATM daemons 626197139Shrs if [ -n "${atm_pass2_done}" ]; then 627197139Shrs atm_pass3 628197139Shrs fi 629152441Sbrooks 630197147Shrs echo '.' 631197147Shrs network_pass2_done=YES 632152441Sbrooks} 633197147Shrs 634197139Shrsnetwork_pass3() { 635212578Shrs echo -n 'Starting final network daemons:' 636152441Sbrooks 637152441Sbrooks case ${portmap_enable} in 638152441Sbrooks [Yy][Ee][Ss]) 639212578Shrs case ${nfs_server_enable} in 640152441Sbrooks [Yy][Ee][Ss]) 641157706Sbrooks # Handle absent nfs server support 642212578Shrs nfsserver_in_kernel=0 643152441Sbrooks if sysctl vfs.nfsrv >/dev/null 2>&1; then 644152441Sbrooks nfsserver_in_kernel=1 645152441Sbrooks else 646152441Sbrooks kldload nfsserver && nfsserver_in_kernel=1 647152441Sbrooks fi 648152441Sbrooks 649152441Sbrooks if [ -r /etc/exports -a \ 650152441Sbrooks ${nfsserver_in_kernel} -eq 1 ]; then 651152441Sbrooks echo -n ' mountd' 652152441Sbrooks 653152441Sbrooks case ${weak_mountd_authentication} in 654152441Sbrooks [Yy][Ee][Ss]) 655212578Shrs mountd_flags="${mountd_flags} -n" 656152441Sbrooks ;; 657152441Sbrooks esac 658152441Sbrooks 659152441Sbrooks mountd ${mountd_flags} 660152441Sbrooks 661152441Sbrooks case ${nfs_reserved_port_only} in 662152441Sbrooks [Yy][Ee][Ss]) 663152441Sbrooks echo -n ' NFS on reserved port only=YES' 664152441Sbrooks sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 665152441Sbrooks ;; 666152441Sbrooks esac 667152441Sbrooks 668197139Shrs echo -n ' nfsd'; nfsd ${nfs_server_flags} 669152441Sbrooks 670152441Sbrooks case ${rpc_lockd_enable} in 671152441Sbrooks [Yy][Ee][Ss]) 672197139Shrs echo -n ' rpc.lockd'; rpc.lockd 673113674Smtm ;; 674113674Smtm esac 675113674Smtm 676113674Smtm case ${rpc_statd_enable} in 677113674Smtm [Yy][Ee][Ss]) 678113674Smtm echo -n ' rpc.statd'; rpc.statd 679197139Shrs ;; 680113674Smtm esac 681197139Shrs else 682197139Shrs echo -n ' Warning: nfs server failed' 683197139Shrs fi 684197139Shrs ;; 685197139Shrs *) 686197139Shrs case ${single_mountd_enable} in 687197139Shrs [Yy][Ee][Ss]) 688197139Shrs if [ -r /etc/exports ]; then 689197139Shrs echo -n ' mountd' 690197139Shrs 691197139Shrs case ${weak_mountd_authentication} in 692197139Shrs [Yy][Ee][Ss]) 693197139Shrs mountd_flags="-n" 694197139Shrs ;; 695197139Shrs esac 696197139Shrs 697197139Shrs mountd ${mountd_flags} 698197139Shrs fi 699197139Shrs ;; 700197139Shrs esac 701197139Shrs ;; 702197139Shrs esac 703113674Smtm 704113674Smtm case ${nfs_client_enable} in 705157706Sbrooks [Yy][Ee][Ss]) 706197139Shrs if [ -n "${nfs_access_cache}" ]; then 707197139Shrs echo -n " NFS access cache time=${nfs_access_cache}" 708197139Shrs sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 709197139Shrs fi 710197139Shrs if [ -n "${nfs_bufpackets}" ]; then 711197139Shrs sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 712197139Shrs fi 713197139Shrs ;; 714197147Shrs esac 715197139Shrs 716197139Shrs # If /var/db/mounttab exists, some nfs-server has not been 717197139Shrs # sucessfully notified about a previous client shutdown. 718197139Shrs # If there is no /var/db/mounttab, we do nothing. 719197139Shrs if [ -f /var/db/mounttab ]; then 720197139Shrs rpc.umntall -k 721197139Shrs fi 722197139Shrs 723197139Shrs case ${amd_enable} in 724197139Shrs [Yy][Ee][Ss]) 725197139Shrs echo -n ' amd' 726197139Shrs case ${amd_map_program} in 727197139Shrs [Nn][Oo] | '') 728197139Shrs ;; 729197139Shrs *) 730197139Shrs amd_flags="${amd_flags} `eval\ 731197139Shrs ${amd_map_program}`" 732197139Shrs ;; 733197139Shrs esac 734197139Shrs 735197139Shrs if [ -n "${amd_flags}" ]; then 736197139Shrs amd -p ${amd_flags}\ 737113674Smtm > /var/run/amd.pid 2> /dev/null 738197139Shrs else 739197139Shrs amd 2> /dev/null 740197139Shrs fi 741113674Smtm ;; 742197139Shrs esac 743197139Shrs ;; 744197139Shrs esac 745197139Shrs 746197139Shrs case ${rwhod_enable} in 747197139Shrs [Yy][Ee][Ss]) 748197139Shrs echo -n ' rwhod'; rwhod ${rwhod_flags} 749197139Shrs ;; 750197139Shrs esac 751197139Shrs 752197139Shrs # Kerberos servers run ONLY on the Kerberos server machine 753197526Shrs case ${kerberos4_server_enable} in 754197139Shrs [Yy][Ee][Ss]) 755197139Shrs case ${kerberos_stash} in 756197139Shrs [Yy][Ee][Ss]) 757197139Shrs stash=-n 758197139Shrs ;; 759197139Shrs *) 760113674Smtm stash= 761113674Smtm ;; 762100280Sgordon esac 763197147Shrs 764116029Smtm echo -n ' kerberosIV' 765116029Smtm ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 766116029Smtm 767116029Smtm case ${kadmind4_server_enable} in 768116029Smtm [Yy][Ee][Ss]) 769116029Smtm echo -n ' kadmindIV' 770197139Shrs ( 771116029Smtm sleep 20; 772197139Shrs ${kadmind4_server} ${stash} >/dev/null 2>&1 & 773197139Shrs ) & 774197139Shrs ;; 775197139Shrs esac 776197139Shrs unset stash_flag 777197139Shrs ;; 778197139Shrs esac 779197139Shrs 780197139Shrs case ${kerberos5_server_enable} in 781197139Shrs [Yy][Ee][Ss]) 782197139Shrs echo -n ' kerberos5' 783197139Shrs ${kerberos5_server} & 784197139Shrs 785197147Shrs case ${kadmind5_server_enable} in 786197139Shrs [Yy][Ee][Ss]) 787197139Shrs echo -n ' kadmind5' 788197139Shrs ${kadmind5_server} & 789197139Shrs ;; 790197139Shrs esac 791197139Shrs ;; 792197139Shrs esac 793197139Shrs 794116029Smtm case ${pppoed_enable} in 795116029Smtm [Yy][Ee][Ss]) 796157706Sbrooks if [ -n "${pppoed_provider}" ]; then 797197139Shrs pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 798197139Shrs fi 799197139Shrs echo -n ' pppoed'; 800197139Shrs /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 801197139Shrs ;; 802197139Shrs esac 803197139Shrs 804197139Shrs case ${sshd_enable} in 805197147Shrs [Yy][Ee][Ss]) 806197139Shrs if [ ! -f /etc/ssh/ssh_host_key ]; then 807197139Shrs echo ' creating ssh RSA host key'; 808197139Shrs /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 809197139Shrs fi 810197139Shrs if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 811197147Shrs echo ' creating ssh DSA host key'; 812197139Shrs /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 813197139Shrs fi 814197139Shrs ;; 815197139Shrs esac 816197139Shrs 817197139Shrs echo '.' 818197139Shrs network_pass3_done=YES 819197139Shrs} 820197139Shrs 821197139Shrsnetwork_pass4() { 822197139Shrs echo -n 'Additional TCP options:' 823197139Shrs case ${log_in_vain} in 824197139Shrs [Nn][Oo] | '') 825197139Shrs ;; 826197139Shrs *) 827197139Shrs echo -n ' log_in_vain=YES' 828116029Smtm sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 829197139Shrs sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 830197139Shrs ;; 831197139Shrs esac 832116029Smtm 833197139Shrs echo '.' 834197139Shrs network_pass4_done=YES 835197526Shrs} 836197139Shrs 837197139Shrsnetwork_gif_setup() { 838197139Shrs case ${gif_interfaces} in 839197139Shrs [Nn][Oo] | '') 840197139Shrs ;; 841197139Shrs *) 842197139Shrs for i in ${gif_interfaces}; do 843197526Shrs eval peers=\$gifconfig_$i 844197526Shrs case ${peers} in 845197139Shrs '') 846197139Shrs continue 847197139Shrs ;; 848197526Shrs *) 849197139Shrs ifconfig $i create >/dev/null 2>&1 850197139Shrs ifconfig $i tunnel ${peers} 851116029Smtm ;; 852116029Smtm esac 853116029Smtm done 854197139Shrs ;; 855197139Shrs esac 856197139Shrs} 857197139Shrs 858197139Shrsconvert_host_conf() { 859197139Shrs host_conf=$1; shift; 860197139Shrs nsswitch_conf=$1; shift; 861197139Shrs awk ' \ 862197139Shrs /^[:blank:]*#/ { next } \ 863197139Shrs /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 864197139Shrs /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 865197139Shrs /nis/ { nsswitch[c] = "nis"; c++; next } \ 866197139Shrs { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 867197139Shrs END { \ 868197139Shrs printf "hosts: "; \ 869197139Shrs for (i in nsswitch) printf "%s ", nsswitch[i]; \ 870197139Shrs printf "\n"; \ 871197139Shrs }' < $host_conf > $nsswitch_conf 872197139Shrs} 873197139Shrs 874197139Shrsgenerate_host_conf() { 875197139Shrs nsswitch_conf=$1; shift; 876197139Shrs host_conf=$1; shift; 877197139Shrs 878197139Shrs awk ' 879197139ShrsBEGIN { 880197139Shrs xlat["files"] = "hosts"; 881197139Shrs xlat["dns"] = "bind"; 882197139Shrs xlat["nis"] = "nis"; 883197139Shrs} 884197139Shrs/^hosts:/ { 885197139Shrs print "# Auto-generated, do not edit"; 886197139Shrs for (n = 2; n <= NF; ++n) 887197139Shrs if ($n in xlat) 888203433Sume print xlat[$n]; 889203433Sume quit; 890203433Sume} 891197139Shrs// { 892197139Shrs next; 893197139Shrs} 894197139Shrs' <$nsswitch_conf >$host_conf 895197139Shrs} 896197139Shrs