network.subr revision 83656 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/network.subr 83656 2001-09-19 00:22:26Z peter $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Convert host.conf to nsswitch.conf if necessary
42	if [ -f "/etc/host.conf" ]; then
43		echo ''
44		echo 'Warning: /etc/host.conf is no longer used'
45		if [ -f "/etc/nsswitch.conf" ]; then
46		    echo '  /etc/nsswitch.conf will be used instead'
47		else
48		    echo '  /etc/nsswitch.conf will be created for you'
49		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50		fi
51	fi
52
53	# Set the host name if it is not already set
54	#
55	if [ -z "`hostname -s`" ]; then
56		hostname ${hostname}
57		echo -n ' hostname'
58	fi
59
60	# Establish ipfilter ruleset as early as possible (best in
61	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62	#
63	if /sbin/ipfstat -i > /dev/null 2>&1; then
64		ipfilter_in_kernel=1
65	else
66		ipfilter_in_kernel=0
67	fi
68
69	case "${ipfilter_enable}" in
70	[Yy][Ee][Ss])
71		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
72			ipfilter_in_kernel=1
73			echo "Kernel ipfilter module loaded."
74		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
75			echo "Warning: ipfilter kernel module failed to load."
76		fi
77
78		if [ -r "${ipfilter_rules}" ]; then
79			echo -n ' ipfilter';
80			${ipfilter_program:-/sbin/ipf -Fa -f} \
81			    "${ipfilter_rules}" ${ipfilter_flags}
82			case "${ipmon_enable}" in
83			[Yy][Ee][Ss])
84				echo -n ' ipmon'
85				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
86				;;
87			esac
88			case "${ipnat_enable}" in
89			[Yy][Ee][Ss])
90				if [ -r "${ipnat_rules}" ]; then
91					echo -n ' ipnat';
92				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
93					"${ipnat_rules}" ${ipnat_flags}
94				else
95					echo -n ' NO IPNAT RULES'
96				fi
97				;;
98			esac
99		else
100			ipfilter_enable="NO"
101			echo -n ' NO IPF RULES'
102		fi
103		;;
104	esac
105
106	# Set the domainname if we're using NIS
107	#
108	case ${nisdomainname} in
109	[Nn][Oo] | '')
110		;;
111	*)
112		domainname ${nisdomainname}
113		echo -n ' domain'
114		;;
115	esac
116
117	echo '.'
118
119	# Initial ATM interface configuration
120	#
121	case ${atm_enable} in
122	[Yy][Ee][Ss])
123		if [ -r /etc/rc.atm ]; then
124			. /etc/rc.atm
125			atm_pass1
126		fi
127		;;
128	esac
129
130	# Special options for sppp(4) interfaces go here.  These need
131	# to go _before_ the general ifconfig section, since in the case
132	# of hardwired (no link1 flag) but required authentication, you
133	# cannot pass auth parameters down to the already running interface.
134	#
135	for ifn in ${sppp_interfaces}; do
136		eval spppcontrol_args=\$spppconfig_${ifn}
137		if [ -n "${spppcontrol_args}" ]; then
138			# The auth secrets might contain spaces; in order
139			# to retain the quotation, we need to eval them
140			# here.
141			eval spppcontrol ${ifn} ${spppcontrol_args}
142		fi
143	done
144
145	# gifconfig
146	network_gif_setup
147
148	# Set up all the network interfaces, calling startup scripts if needed
149	#
150	case ${network_interfaces} in
151	[Aa][Uu][Tt][Oo])
152		network_interfaces="`ifconfig -l`"
153		;;
154	esac
155
156	dhcp_interfaces=""
157	for ifn in ${network_interfaces}; do
158		if [ -r /etc/start_if.${ifn} ]; then
159			. /etc/start_if.${ifn}
160			eval showstat_$ifn=1
161		fi
162
163		# Do the primary ifconfig if specified
164		#
165		eval ifconfig_args=\$ifconfig_${ifn}
166
167		case ${ifconfig_args} in
168		'')
169			;;
170		[Dd][Hh][Cc][Pp])
171			# DHCP inits are done all in one go below
172			dhcp_interfaces="$dhcp_interfaces $ifn"
173			eval showstat_$ifn=1
174			;;
175		*)
176			ifconfig ${ifn} ${ifconfig_args}
177			eval showstat_$ifn=1
178			;;
179		esac
180	done
181
182	if [ ! -z "${dhcp_interfaces}" ]; then
183		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
184	fi
185
186	for ifn in ${network_interfaces}; do
187		# Check to see if aliases need to be added
188		#
189		alias=0
190		while : ; do
191			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
192			if [ -n "${ifconfig_args}" ]; then
193				ifconfig ${ifn} ${ifconfig_args} alias
194				eval showstat_$ifn=1
195				alias=`expr ${alias} + 1`
196			else
197				break;
198			fi
199		done
200
201		# Do ipx address if specified
202		#
203		eval ifconfig_args=\$ifconfig_${ifn}_ipx
204		if [ -n "${ifconfig_args}" ]; then
205			ifconfig ${ifn} ${ifconfig_args}
206			eval showstat_$ifn=1
207		fi
208	done
209
210	for ifn in ${network_interfaces}; do
211		eval showstat=\$showstat_${ifn}
212		if [ ! -z ${showstat} ]; then
213			ifconfig ${ifn}
214		fi
215	done
216
217	# ISDN subsystem startup
218	#
219	case ${isdn_enable} in
220	[Yy][Ee][Ss])
221		if [ -r /etc/rc.isdn ]; then
222			. /etc/rc.isdn
223		fi
224		;;
225	esac
226
227	# Start user ppp if required.  This must happen before natd.
228	#
229	case ${ppp_enable} in
230	[Yy][Ee][Ss])
231		# Establish ppp mode.
232		#
233		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
234			-a "${ppp_mode}" != "dedicated" \
235			-a "${ppp_mode}" != "background" ]; then
236			ppp_mode="auto"
237		fi
238
239		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
240
241		# Switch on NAT mode?
242		#
243		case ${ppp_nat} in
244		[Yy][Ee][Ss])
245			ppp_command="${ppp_command} -nat"
246			;;
247		esac
248
249		ppp_command="${ppp_command} ${ppp_profile}"
250
251		echo "Starting ppp as \"${ppp_user}\""
252		su -m ${ppp_user} -c "exec ${ppp_command}"
253		;;
254	esac
255
256	# Initialize IP filtering using ipfw
257	#
258	if /sbin/ipfw -q flush > /dev/null 2>&1; then
259		firewall_in_kernel=1
260	else
261		firewall_in_kernel=0
262	fi
263
264	case ${firewall_enable} in
265	[Yy][Ee][Ss])
266		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
267			firewall_in_kernel=1
268			echo 'Kernel firewall module loaded'
269		elif [ "${firewall_in_kernel}" -eq 0 ]; then
270			echo 'Warning: firewall kernel module failed to load'
271		fi
272		;;
273	esac
274
275	# Load the filters if required
276	#
277	case ${firewall_in_kernel} in
278	1)
279		if [ -z "${firewall_script}" ]; then
280			firewall_script=/etc/rc.firewall
281		fi
282
283		case ${firewall_enable} in
284		[Yy][Ee][Ss])
285			if [ -r "${firewall_script}" ]; then
286				. "${firewall_script}"
287				echo -n 'Firewall rules loaded, starting divert daemons:'
288
289				# Network Address Translation daemon
290				#
291				case ${natd_enable} in
292				[Yy][Ee][Ss])
293					if [ -n "${natd_interface}" ]; then
294						if echo ${natd_interface} | \
295							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
296							natd_ifarg="-a ${natd_interface}"
297						else
298							natd_ifarg="-n ${natd_interface}"
299						fi
300
301						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
302					fi
303					;;
304				esac
305
306				echo '.'
307
308			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
309				echo 'Warning: kernel has firewall functionality,' \
310				     'but firewall rules are not enabled.'
311				echo '		 All ip services are disabled.'
312			fi
313
314			case ${firewall_logging} in
315			[Yy][Ee][Ss] | '')
316				echo 'Firewall logging=YES'
317				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
318				;;
319			*)
320				;;
321			esac
322
323			;;
324		esac
325		;;
326	esac
327
328	# Additional ATM interface configuration
329	#
330	if [ -n "${atm_pass1_done}" ]; then
331		atm_pass2
332	fi
333
334	# Configure routing
335	#
336	case ${defaultrouter} in
337	[Nn][Oo] | '')
338		;;
339	*)
340		static_routes="default ${static_routes}"
341		route_default="default ${defaultrouter}"
342		;;
343	esac
344
345	# Set up any static routes.  This should be done before router discovery.
346	#
347	if [ -n "${static_routes}" ]; then
348		for i in ${static_routes}; do
349			eval route_args=\$route_${i}
350			route add ${route_args}
351		done
352	fi
353
354	echo -n 'Additional routing options:'
355	case ${tcp_extensions} in
356	[Yy][Ee][Ss] | '')
357		;;
358	*)
359		echo -n ' tcp extensions=NO'
360		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
361		;;
362	esac
363
364	case ${icmp_bmcastecho} in
365	[Yy][Ee][Ss])
366		echo -n ' broadcast ping responses=YES'
367		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
368		;;
369	esac
370
371	case ${icmp_drop_redirect} in
372	[Yy][Ee][Ss])
373		echo -n ' ignore ICMP redirect=YES'
374		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
375		;;
376	esac
377
378	case ${icmp_log_redirect} in
379	[Yy][Ee][Ss])
380		echo -n ' log ICMP redirect=YES'
381		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
382		;;
383	esac
384
385	case ${gateway_enable} in
386	[Yy][Ee][Ss])
387		echo -n ' IP gateway=YES'
388		sysctl -w net.inet.ip.forwarding=1 >/dev/null
389		;;
390	esac
391
392	case ${forward_sourceroute} in
393	[Yy][Ee][Ss])
394		echo -n ' do source routing=YES'
395		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
396		;;
397	esac
398
399	case ${accept_sourceroute} in
400	[Yy][Ee][Ss])
401		echo -n ' accept source routing=YES'
402		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
403		;;
404	esac
405
406	case ${tcp_keepalive} in
407	[Yy][Ee][Ss])
408		echo -n ' TCP keepalive=YES'
409		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
410		;;
411	esac
412
413	case ${tcp_drop_synfin} in
414	[Yy][Ee][Ss])
415		echo -n ' drop SYN+FIN packets=YES'
416		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
417		;;
418	esac
419
420	case ${ipxgateway_enable} in
421	[Yy][Ee][Ss])
422		echo -n ' IPX gateway=YES'
423		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
424		;;
425	esac
426
427	case ${arpproxy_all} in
428	[Yy][Ee][Ss])
429		echo -n ' ARP proxyall=YES'
430		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
431		;;
432	esac
433
434	case ${ip_portrange_first} in
435	[Nn][Oo] | '')
436		;;
437	*)
438		echo -n " ip_portrange_first=$ip_portrange_first"
439		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
440		;;
441	esac
442
443	case ${ip_portrange_last} in
444	[Nn][Oo] | '')
445		;;
446	*)
447		echo -n " ip_portrange_last=$ip_portrange_last"
448		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
449		;;
450	esac
451
452	echo '.'
453
454	case ${ipsec_enable} in
455	[Yy][Ee][Ss])
456		if [ -f ${ipsec_file} ]; then
457		    echo ' ipsec: enabled'
458		    setkey -f ${ipsec_file}
459		else
460		    echo ' ipsec: file not found'
461		fi
462		;;
463	esac
464
465	echo -n 'Routing daemons:'
466	case ${router_enable} in
467	[Yy][Ee][Ss])
468		echo -n " ${router}";	${router} ${router_flags}
469		;;
470	esac
471
472	case ${ipxrouted_enable} in
473	[Yy][Ee][Ss])
474		echo -n ' IPXrouted'
475		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
476		;;
477	esac
478
479	case ${mrouted_enable} in
480	[Yy][Ee][Ss])
481		echo -n ' mrouted';	mrouted ${mrouted_flags}
482		;;
483	esac
484
485	case ${rarpd_enable} in
486	[Yy][Ee][Ss])
487		echo -n ' rarpd';	rarpd ${rarpd_flags}
488		;;
489	esac
490	echo '.'
491
492	# Let future generations know we made it.
493	#
494	network_pass1_done=YES
495}
496
497network_pass2() {
498	echo -n 'Doing additional network setup:'
499	case ${named_enable} in
500	[Yy][Ee][Ss])
501		echo -n ' named';	${named_program:-named} ${named_flags}
502		;;
503	esac
504
505	case ${ntpdate_enable} in
506	[Yy][Ee][Ss])
507		echo -n ' ntpdate'
508		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
509		;;
510	esac
511
512	case ${xntpd_enable} in
513	[Yy][Ee][Ss])
514		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
515		;;
516	esac
517
518	case ${timed_enable} in
519	[Yy][Ee][Ss])
520		echo -n ' timed';	timed ${timed_flags}
521		;;
522	esac
523
524	case ${portmap_enable} in
525	[Yy][Ee][Ss])
526		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
527			${portmap_flags}
528
529		# Start ypserv if we're an NIS server.
530		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
531		#
532		case ${nis_server_enable} in
533		[Yy][Ee][Ss])
534			echo -n ' ypserv'; ypserv ${nis_server_flags}
535
536			case ${nis_ypxfrd_enable} in
537			[Yy][Ee][Ss])
538				echo -n ' rpc.ypxfrd'
539				rpc.ypxfrd ${nis_ypxfrd_flags}
540				;;
541			esac
542
543			case ${nis_yppasswdd_enable} in
544			[Yy][Ee][Ss])
545				echo -n ' rpc.yppasswdd'
546				rpc.yppasswdd ${nis_yppasswdd_flags}
547				;;
548			esac
549			;;
550		esac
551
552		# Start ypbind if we're an NIS client
553		#
554		case ${nis_client_enable} in
555		[Yy][Ee][Ss])
556			echo -n ' ypbind'; ypbind ${nis_client_flags}
557			case ${nis_ypset_enable} in
558			[Yy][Ee][Ss])
559				echo -n ' ypset';	ypset ${nis_ypset_flags}
560				;;
561			esac
562			;;
563		esac
564
565		# Start keyserv if we are running Secure RPC
566		#
567		case ${keyserv_enable} in
568		[Yy][Ee][Ss])
569			echo -n ' keyserv';	keyserv ${keyserv_flags}
570			;;
571		esac
572
573		# Start ypupdated if we are running Secure RPC
574		# and we are NIS master
575		#
576		case ${rpc_ypupdated_enable} in
577		[Yy][Ee][Ss])
578			echo -n ' rpc.ypupdated';	rpc.ypupdated
579			;;
580		esac
581		;;
582	esac
583
584	# Start ATM daemons
585	if [ -n "${atm_pass2_done}" ]; then
586		atm_pass3
587	fi
588
589	echo '.'
590	network_pass2_done=YES
591}
592
593network_pass3() {
594	echo -n 'Starting final network daemons:'
595
596	case ${portmap_enable} in
597	[Yy][Ee][Ss])
598		case ${nfs_server_enable} in
599		[Yy][Ee][Ss])
600			if [ -r /etc/exports ]; then
601				echo -n ' mountd'
602
603				case ${weak_mountd_authentication} in
604				[Yy][Ee][Ss])
605					mountd_flags="${mountd_flags} -n"
606					;;
607				esac
608
609				mountd ${mountd_flags}
610
611				case ${nfs_reserved_port_only} in
612				[Yy][Ee][Ss])
613					echo -n ' NFS on reserved port only=YES'
614					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
615					;;
616				esac
617
618				echo -n ' nfsd';	nfsd ${nfs_server_flags}
619
620				case ${rpc_lockd_enable} in
621				[Yy][Ee][Ss])
622					echo -n ' rpc.lockd';	rpc.lockd
623					;;
624				esac
625
626				case ${rpc_statd_enable} in
627				[Yy][Ee][Ss])
628					echo -n ' rpc.statd';	rpc.statd
629					;;
630				esac
631			fi
632			;;
633		*)
634			case ${single_mountd_enable} in
635			[Yy][Ee][Ss])
636				if [ -r /etc/exports ]; then
637					echo -n ' mountd'
638
639					case ${weak_mountd_authentication} in
640					[Yy][Ee][Ss])
641						mountd_flags="-n"
642						;;
643					esac
644
645					mountd ${mountd_flags}
646				fi
647				;;
648			esac
649			;;
650		esac
651
652		case ${nfs_client_enable} in
653		[Yy][Ee][Ss])
654			#echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
655			if [ -n "${nfs_access_cache}" ]; then
656				echo -n " NFS access cache time=${nfs_access_cache}"
657				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
658			fi
659			if [ -n "${nfs_bufpackets}" ]; then
660				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
661			fi
662			;;
663		esac
664
665		# If /var/db/mounttab exists, some nfs-server has not been
666		# sucessfully notified about a previous client shutdown.
667		# If there is no /var/db/mounttab, we do nothing.
668		if [ -f /var/db/mounttab ]; then
669			rpc.umntall -k
670		fi
671
672		case ${amd_enable} in
673		[Yy][Ee][Ss])
674			echo -n ' amd'
675			case ${amd_map_program} in
676			[Nn][Oo] | '')
677				;;
678			*)
679				amd_flags="${amd_flags} `eval\
680					${amd_map_program}`"
681				;;
682			esac
683
684			if [ -n "${amd_flags}" ]; then
685				amd -p ${amd_flags}\
686					> /var/run/amd.pid 2> /dev/null
687			else
688				amd 2> /dev/null
689			fi
690			;;
691		esac
692		;;
693	esac
694
695	case ${rwhod_enable} in
696	[Yy][Ee][Ss])
697		echo -n ' rwhod';	rwhod ${rwhod_flags}
698		;;
699	esac
700
701	# Kerberos servers run ONLY on the Kerberos server machine
702	case ${kerberos4_server_enable} in
703	[Yy][Ee][Ss])
704		case ${kerberos_stash} in
705		[Yy][Ee][Ss])
706			stash=-n
707			;;
708		*)
709			stash=
710			;;
711		esac
712
713		echo -n ' kerberosIV'
714		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
715
716		case ${kadmind4_server_enable} in
717		[Yy][Ee][Ss])
718			echo -n ' kadmindIV'
719			(
720				sleep 20;
721				${kadmind4_server} ${stash} >/dev/null 2>&1 &
722			) &
723			;;
724		esac
725		unset stash_flag
726		;;
727	esac
728
729	case ${kerberos5_server_enable} in
730	[Yy][Ee][Ss])
731		echo -n ' kerberos5'
732		${kerberos5_server} &
733
734		case ${kadmind5_server_enable} in
735		[Yy][Ee][Ss])
736			echo -n ' kadmind5'
737			${kadmind5_server} &
738			;;
739		esac
740		;;
741	esac
742
743	case ${pppoed_enable} in
744	[Yy][Ee][Ss])
745		if [ -n "${pppoed_provider}" ]; then
746			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
747		fi
748		echo -n ' pppoed';
749		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
750		;;
751	esac
752
753	case ${sshd_enable} in
754	[Yy][Ee][Ss])
755		if [ ! -f /etc/ssh/ssh_host_key ]; then
756			echo ' creating ssh RSA host key';
757			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
758		fi
759		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
760			echo ' creating ssh DSA host key';
761			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
762		fi
763		;;
764	esac
765
766	echo '.'
767	network_pass3_done=YES
768}
769
770network_pass4() {
771	echo -n 'Additional TCP options:'
772	case ${log_in_vain} in
773	[Nn][Oo] | '')
774		;;
775	*)
776		echo -n ' log_in_vain=YES'
777		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
778		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
779		;;
780	esac
781
782	echo '.'
783	network_pass4_done=YES
784}
785
786network_gif_setup() {
787	case ${gif_interfaces} in
788	[Nn][Oo] | '')
789		;;
790	*)
791		for i in ${gif_interfaces}; do
792			eval peers=\$gifconfig_$i
793			case ${peers} in
794			'')
795				continue
796				;;
797			*)
798				ifconfig $i create tunnel ${peers}
799				;;
800			esac
801		done
802		;;
803	esac
804}
805
806convert_host_conf() {
807    host_conf=$1; shift;
808    nsswitch_conf=$1; shift;
809    awk '                                                                   \
810        /^[:blank:]*#/       { next }                                       \
811        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
812        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
813        /nis/                { nsswitch[c] = "nis";   c++; next }           \
814        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
815        END {                                                               \
816                printf "hosts: ";                                           \
817                for (i in nsswitch) printf "%s ", nsswitch[i];              \
818                printf "\n";                                                \
819        }' < $host_conf > $nsswitch_conf
820}
821
822