network.subr revision 76695 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/network.subr 76695 2001-05-16 19:23:54Z jesper $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Convert host.conf to nsswitch.conf if necessary
42	if [ -f "/etc/host.conf" ]; then
43		echo ''
44		echo 'Warning: /etc/host.conf is no longer used'
45		if [ -f "/etc/nsswitch.conf" ]; then
46		    echo '  /etc/nsswitch.conf will be used instead'
47		else
48		    echo '  /etc/nsswitch.conf will be created for you'
49		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50		fi
51	fi
52
53	# Set the host name if it is not already set
54	#
55	if [ -z "`hostname -s`" ]; then
56		hostname ${hostname}
57		echo -n ' hostname'
58	fi
59
60	# Establish ipfilter ruleset as early as possible (best in
61	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62	#
63	case "${ipfilter_enable}" in
64	[Yy][Ee][Ss])
65		if [ -r "${ipfilter_rules}" ]; then
66			echo -n ' ipfilter';
67			${ipfilter_program:-/sbin/ipf -Fa -f} \
68			    "${ipfilter_rules}" ${ipfilter_flags}
69			case "${ipmon_enable}" in
70			[Yy][Ee][Ss])
71				echo -n ' ipmon'
72				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
73				;;
74			esac
75			case "${ipnat_enable}" in
76			[Yy][Ee][Ss])
77				if [ -r "${ipnat_rules}" ]; then
78					echo -n ' ipnat';
79				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
80					"${ipnat_rules}" ${ipnat_flags}
81				else
82					echo -n ' NO IPNAT RULES'
83				fi
84				;;
85			esac
86		else
87			ipfilter_enable="NO"
88			echo -n ' NO IPF RULES'
89		fi
90		;;
91	esac
92
93	# Set the domainname if we're using NIS
94	#
95	case ${nisdomainname} in
96	[Nn][Oo] | '')
97		;;
98	*)
99		domainname ${nisdomainname}
100		echo -n ' domain'
101		;;
102	esac
103
104	echo '.'
105
106	# Initial ATM interface configuration
107	#
108	case ${atm_enable} in
109	[Yy][Ee][Ss])
110		if [ -r /etc/rc.atm ]; then
111			. /etc/rc.atm
112			atm_pass1
113		fi
114		;;
115	esac
116
117	# Special options for sppp(4) interfaces go here.  These need
118	# to go _before_ the general ifconfig section, since in the case
119	# of hardwired (no link1 flag) but required authentication, you
120	# cannot pass auth parameters down to the already running interface.
121	#
122	for ifn in ${sppp_interfaces}; do
123		eval spppcontrol_args=\$spppconfig_${ifn}
124		if [ -n "${spppcontrol_args}" ]; then
125			# The auth secrets might contain spaces; in order
126			# to retain the quotation, we need to eval them
127			# here.
128			eval spppcontrol ${ifn} ${spppcontrol_args}
129		fi
130	done
131
132	# Set up all the network interfaces, calling startup scripts if needed
133	#
134	case ${network_interfaces} in
135	[Aa][Uu][Tt][Oo])
136		network_interfaces="`ifconfig -l`"
137		;;
138	esac
139
140	dhcp_interfaces=""
141	for ifn in ${network_interfaces}; do
142		if [ -r /etc/start_if.${ifn} ]; then
143			. /etc/start_if.${ifn}
144			eval showstat_$ifn=1
145		fi
146
147		# Do the primary ifconfig if specified
148		#
149		eval ifconfig_args=\$ifconfig_${ifn}
150
151		case ${ifconfig_args} in
152		'')
153			;;
154		[Dd][Hh][Cc][Pp])
155			# DHCP inits are done all in one go below
156			dhcp_interfaces="$dhcp_interfaces $ifn"
157			eval showstat_$ifn=1
158			;;
159		*)
160			ifconfig ${ifn} ${ifconfig_args}
161			eval showstat_$ifn=1
162			;;
163		esac
164	done
165
166	if [ ! -z "${dhcp_interfaces}" ]; then
167		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
168	fi
169
170	for ifn in ${network_interfaces}; do
171		# Check to see if aliases need to be added
172		#
173		alias=0
174		while : ; do
175			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
176			if [ -n "${ifconfig_args}" ]; then
177				ifconfig ${ifn} ${ifconfig_args} alias
178				eval showstat_$ifn=1
179				alias=`expr ${alias} + 1`
180			else
181				break;
182			fi
183		done
184
185		# Do ipx address if specified
186		#
187		eval ifconfig_args=\$ifconfig_${ifn}_ipx
188		if [ -n "${ifconfig_args}" ]; then
189			ifconfig ${ifn} ${ifconfig_args}
190			eval showstat_$ifn=1
191		fi
192	done
193
194	for ifn in ${network_interfaces}; do
195		eval showstat=\$showstat_${ifn}
196		if [ ! -z ${showstat} ]; then
197			ifconfig ${ifn}
198		fi
199	done
200
201	# ISDN subsystem startup
202	#
203	case ${isdn_enable} in
204	[Yy][Ee][Ss])
205		if [ -r /etc/rc.isdn ]; then
206			. /etc/rc.isdn
207		fi
208		;;
209	esac
210
211	# Start user ppp if required.  This must happen before natd.
212	#
213	case ${ppp_enable} in
214	[Yy][Ee][Ss])
215		# Establish ppp mode.
216		#
217		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
218			-a "${ppp_mode}" != "dedicated" \
219			-a "${ppp_mode}" != "background" ]; then
220			ppp_mode="auto"
221		fi
222
223		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
224
225		# Switch on NAT mode?
226		#
227		case ${ppp_nat} in
228		[Yy][Ee][Ss])
229			ppp_command="${ppp_command} -nat"
230			;;
231		esac
232
233		ppp_command="${ppp_command} ${ppp_profile}"
234
235		echo -n "Starting ppp as \"${ppp_user}\""
236		su -m ${ppp_user} -c "exec ${ppp_command}"
237		;;
238	esac
239
240	# Initialize IP filtering using ipfw
241	#
242	if /sbin/ipfw -q flush > /dev/null 2>&1; then
243		firewall_in_kernel=1
244	else
245		firewall_in_kernel=0
246	fi
247
248	case ${firewall_enable} in
249	[Yy][Ee][Ss])
250		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
251			firewall_in_kernel=1
252			echo 'Kernel firewall module loaded'
253		elif [ "${firewall_in_kernel}" -eq 0 ]; then
254			echo 'Warning: firewall kernel module failed to load'
255		fi
256		;;
257	esac
258
259	# Load the filters if required
260	#
261	case ${firewall_in_kernel} in
262	1)
263		if [ -z "${firewall_script}" ]; then
264			firewall_script=/etc/rc.firewall
265		fi
266
267		case ${firewall_enable} in
268		[Yy][Ee][Ss])
269			if [ -r "${firewall_script}" ]; then
270				. "${firewall_script}"
271				echo -n 'Firewall rules loaded, starting divert daemons:'
272
273				# Network Address Translation daemon
274				#
275				case ${natd_enable} in
276				[Yy][Ee][Ss])
277					if [ -n "${natd_interface}" ]; then
278						if echo ${natd_interface} | \
279							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
280							natd_ifarg="-a ${natd_interface}"
281						else
282							natd_ifarg="-n ${natd_interface}"
283						fi
284
285						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
286					fi
287					;;
288				esac
289
290				echo '.'
291
292			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
293				echo 'Warning: kernel has firewall functionality,' \
294				     'but firewall rules are not enabled.'
295				echo '		 All ip services are disabled.'
296			fi
297
298			case ${firewall_logging} in
299			[Yy][Ee][Ss] | '')
300				echo 'Firewall logging=YES'
301				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
302				;;
303			*)
304				;;
305			esac
306
307			;;
308		esac
309		;;
310	esac
311
312	# Additional ATM interface configuration
313	#
314	if [ -n "${atm_pass1_done}" ]; then
315		atm_pass2
316	fi
317
318	# Configure routing
319	#
320	case ${defaultrouter} in
321	[Nn][Oo] | '')
322		;;
323	*)
324		static_routes="default ${static_routes}"
325		route_default="default ${defaultrouter}"
326		;;
327	esac
328
329	# Set up any static routes.  This should be done before router discovery.
330	#
331	if [ -n "${static_routes}" ]; then
332		for i in ${static_routes}; do
333			eval route_args=\$route_${i}
334			route add ${route_args}
335		done
336	fi
337
338	echo -n 'Additional routing options:'
339	case ${tcp_extensions} in
340	[Yy][Ee][Ss] | '')
341		;;
342	*)
343		echo -n ' tcp extensions=NO'
344		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
345		;;
346	esac
347
348	case ${icmp_bmcastecho} in
349	[Yy][Ee][Ss])
350		echo -n ' broadcast ping responses=YES'
351		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
352		;;
353	esac
354
355	case ${icmp_drop_redirect} in
356	[Yy][Ee][Ss])
357		echo -n ' ignore ICMP redirect=YES'
358		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
359		;;
360	esac
361
362	case ${icmp_log_redirect} in
363	[Yy][Ee][Ss])
364		echo -n ' log ICMP redirect=YES'
365		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
366		;;
367	esac
368
369	case ${gateway_enable} in
370	[Yy][Ee][Ss])
371		echo -n ' IP gateway=YES'
372		sysctl -w net.inet.ip.forwarding=1 >/dev/null
373		;;
374	esac
375
376	case ${forward_sourceroute} in
377	[Yy][Ee][Ss])
378		echo -n ' do source routing=YES'
379		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
380		;;
381	esac
382
383	case ${accept_sourceroute} in
384	[Yy][Ee][Ss])
385		echo -n ' accept source routing=YES'
386		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
387		;;
388	esac
389
390	case ${tcp_keepalive} in
391	[Yy][Ee][Ss])
392		echo -n ' TCP keepalive=YES'
393		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
394		;;
395	esac
396
397	case ${tcp_drop_synfin} in
398	[Yy][Ee][Ss])
399		echo -n ' drop SYN+FIN packets=YES'
400		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
401		;;
402	esac
403
404	case ${ipxgateway_enable} in
405	[Yy][Ee][Ss])
406		echo -n ' IPX gateway=YES'
407		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
408		;;
409	esac
410
411	case ${arpproxy_all} in
412	[Yy][Ee][Ss])
413		echo -n ' ARP proxyall=YES'
414		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
415		;;
416	esac
417
418	case ${ip_portrange_first} in
419	[Nn][Oo] | '')
420		;;
421	*)
422		echo -n " ip_portrange_first=$ip_portrange_first"
423		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
424		;;
425	esac
426
427	case ${ip_portrange_last} in
428	[Nn][Oo] | '')
429		;;
430	*)
431		echo -n " ip_portrange_last=$ip_portrange_last"
432		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
433		;;
434	esac
435
436	echo '.'
437
438	case ${ipsec_enable} in
439	[Yy][Ee][Ss])
440		if [ -f ${ipsec_file} ]; then
441		    echo ' ipsec: enabled'
442		    setkey -f ${ipsec_file}
443		else
444		    echo ' ipsec: file not found'
445		fi
446		;;
447	esac
448
449	echo -n 'Routing daemons:'
450	case ${router_enable} in
451	[Yy][Ee][Ss])
452		echo -n " ${router}";	${router} ${router_flags}
453		;;
454	esac
455
456	case ${ipxrouted_enable} in
457	[Yy][Ee][Ss])
458		echo -n ' IPXrouted'
459		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
460		;;
461	esac
462
463	case ${mrouted_enable} in
464	[Yy][Ee][Ss])
465		echo -n ' mrouted';	mrouted ${mrouted_flags}
466		;;
467	esac
468
469	case ${rarpd_enable} in
470	[Yy][Ee][Ss])
471		echo -n ' rarpd';	rarpd ${rarpd_flags}
472		;;
473	esac
474	echo '.'
475
476	# Let future generations know we made it.
477	#
478	network_pass1_done=YES
479}
480
481network_pass2() {
482	echo -n 'Doing additional network setup:'
483	case ${named_enable} in
484	[Yy][Ee][Ss])
485		echo -n ' named';	${named_program:-named} ${named_flags}
486		;;
487	esac
488
489	case ${ntpdate_enable} in
490	[Yy][Ee][Ss])
491		echo -n ' ntpdate'
492		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
493		;;
494	esac
495
496	case ${xntpd_enable} in
497	[Yy][Ee][Ss])
498		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
499		;;
500	esac
501
502	case ${timed_enable} in
503	[Yy][Ee][Ss])
504		echo -n ' timed';	timed ${timed_flags}
505		;;
506	esac
507
508	case ${portmap_enable} in
509	[Yy][Ee][Ss])
510		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
511			${portmap_flags}
512
513		# Start ypserv if we're an NIS server.
514		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
515		#
516		case ${nis_server_enable} in
517		[Yy][Ee][Ss])
518			echo -n ' ypserv'; ypserv ${nis_server_flags}
519
520			case ${nis_ypxfrd_enable} in
521			[Yy][Ee][Ss])
522				echo -n ' rpc.ypxfrd'
523				rpc.ypxfrd ${nis_ypxfrd_flags}
524				;;
525			esac
526
527			case ${nis_yppasswdd_enable} in
528			[Yy][Ee][Ss])
529				echo -n ' rpc.yppasswdd'
530				rpc.yppasswdd ${nis_yppasswdd_flags}
531				;;
532			esac
533			;;
534		esac
535
536		# Start ypbind if we're an NIS client
537		#
538		case ${nis_client_enable} in
539		[Yy][Ee][Ss])
540			echo -n ' ypbind'; ypbind ${nis_client_flags}
541			case ${nis_ypset_enable} in
542			[Yy][Ee][Ss])
543				echo -n ' ypset';	ypset ${nis_ypset_flags}
544				;;
545			esac
546			;;
547		esac
548
549		# Start keyserv if we are running Secure RPC
550		#
551		case ${keyserv_enable} in
552		[Yy][Ee][Ss])
553			echo -n ' keyserv';	keyserv ${keyserv_flags}
554			;;
555		esac
556
557		# Start ypupdated if we are running Secure RPC
558		# and we are NIS master
559		#
560		case ${rpc_ypupdated_enable} in
561		[Yy][Ee][Ss])
562			echo -n ' rpc.ypupdated';	rpc.ypupdated
563			;;
564		esac
565		;;
566	esac
567
568	# Start ATM daemons
569	if [ -n "${atm_pass2_done}" ]; then
570		atm_pass3
571	fi
572
573	echo '.'
574	network_pass2_done=YES
575}
576
577network_pass3() {
578	echo -n 'Starting final network daemons:'
579
580	case ${portmap_enable} in
581	[Yy][Ee][Ss])
582		case ${nfs_server_enable} in
583		[Yy][Ee][Ss])
584			if [ -r /etc/exports ]; then
585				echo -n ' mountd'
586
587				case ${weak_mountd_authentication} in
588				[Yy][Ee][Ss])
589					mountd_flags="${mountd_flags} -n"
590					;;
591				esac
592
593				mountd ${mountd_flags}
594
595				case ${nfs_reserved_port_only} in
596				[Yy][Ee][Ss])
597					echo -n ' NFS on reserved port only=YES'
598					sysctl -w vfs.nfs.nfs_privport=1 > /dev/null
599					;;
600				esac
601
602				echo -n ' nfsd';	nfsd ${nfs_server_flags}
603
604				if [ -n "${nfs_bufpackets}" ]; then
605					sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
606				fi
607
608				case ${rpc_lockd_enable} in
609				[Yy][Ee][Ss])
610					echo -n ' rpc.lockd';	rpc.lockd
611					;;
612				esac
613
614				case ${rpc_statd_enable} in
615				[Yy][Ee][Ss])
616					echo -n ' rpc.statd';	rpc.statd
617					;;
618				esac
619			fi
620			;;
621		*)
622			case ${single_mountd_enable} in
623			[Yy][Ee][Ss])
624				if [ -r /etc/exports ]; then
625					echo -n ' mountd'
626
627					case ${weak_mountd_authentication} in
628					[Yy][Ee][Ss])
629						mountd_flags="-n"
630						;;
631					esac
632
633					mountd ${mountd_flags}
634				fi
635				;;
636			esac
637			;;
638		esac
639
640		case ${nfs_client_enable} in
641		[Yy][Ee][Ss])
642			echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
643				if [ -n "${nfs_access_cache}" ]; then
644			echo -n " NFS access cache time=${nfs_access_cache}"
645			sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
646			fi
647			;;
648		esac
649
650		# If /var/db/mounttab exists, some nfs-server has not been
651		# sucessfully notified about a previous client shutdown.
652		# If there is no /var/db/mounttab, we do nothing.
653		if [ -f /var/db/mounttab ]; then
654			rpc.umntall -k
655		fi
656
657		case ${amd_enable} in
658		[Yy][Ee][Ss])
659			echo -n ' amd'
660			case ${amd_map_program} in
661			[Nn][Oo] | '')
662				;;
663			*)
664				amd_flags="${amd_flags} `eval\
665					${amd_map_program}`"
666				;;
667		esac
668
669			if [ -n "${amd_flags}" ]; then
670				amd -p ${amd_flags}\
671					> /var/run/amd.pid 2> /dev/null
672			else
673				amd 2> /dev/null
674			fi
675			;;
676		esac
677		;;
678	esac
679
680	case ${rwhod_enable} in
681	[Yy][Ee][Ss])
682		echo -n ' rwhod';	rwhod ${rwhod_flags}
683		;;
684	esac
685
686	# Kerberos runs ONLY on the Kerberos server machine
687	case ${kerberos_server_enable} in
688	[Yy][Ee][Ss])
689		case ${kerberos_stash} in
690		[Yy][Ee][Ss])
691			stash_flag=-n
692			;;
693		*)
694			stash_flag=
695			;;
696		esac
697
698		echo -n ' kerberos'
699		kerberos ${stash_flag} >> /var/log/kerberos.log &
700
701		case ${kadmind_server_enable} in
702		[Yy][Ee][Ss])
703			echo -n ' kadmind'
704			(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
705			;;
706		esac
707		unset stash_flag
708		;;
709	esac
710
711	case ${pppoed_enable} in
712	[Yy][Ee][Ss])
713		if [ -n "${pppoed_provider}" ]; then
714			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
715		fi
716		echo -n ' pppoed';
717		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
718		;;
719	esac
720
721	case ${sshd_enable} in
722	[Yy][Ee][Ss])
723		if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
724			if [ -f /etc/ssh/ssh_host_key ]; then
725				/bin/ln -s /etc/ssh/ssh_host_key /etc/ssh/ssh_host_rsa_key
726				/bin/ln -s /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_rsa_key.pub
727			else
728				echo ' creating ssh RSA host key';
729				/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_rsa_key
730			fi
731		fi
732		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
733			echo ' creating ssh DSA host key';
734			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
735		fi
736		;;
737	esac
738
739	echo '.'
740	network_pass3_done=YES
741}
742
743network_pass4() {
744	echo -n 'Additional TCP options:'
745	case ${log_in_vain} in
746	[Nn][Oo] | '')
747		;;
748	*)
749		echo -n ' log_in_vain=YES'
750		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
751		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
752		;;
753	esac
754
755	echo '.'
756	network_pass4_done=YES
757}
758
759convert_host_conf() {
760    host_conf=$1; shift;
761    nsswitch_conf=$1; shift;
762    awk '                                                                   \
763        /^[:blank:]*#/       { next }                                       \
764        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
765        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
766        /nis/                { nsswitch[c] = "nis";   c++; next }           \
767        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
768        END {                                                               \
769                printf "hosts: ";                                           \
770                for (i in nsswitch) printf "%s ", nsswitch[i];              \
771                printf "\n";                                                \
772        }' < $host_conf > $nsswitch_conf
773}
774
775