network.subr revision 86851 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/network.subr 86851 2001-11-24 13:48:30Z darrenr $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Generate host.conf for compatibility
42	#
43	if [ -f "/etc/nsswitch.conf" ]; then
44		echo -n ' host.conf'
45		generate_host_conf /etc/nsswitch.conf /etc/host.conf
46	fi
47
48	# Convert host.conf to nsswitch.conf if necessary
49	#
50	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
51		echo ''
52		echo 'Warning: /etc/host.conf is no longer used'
53		echo '  /etc/nsswitch.conf will be created for you'
54		convert_host_conf /etc/host.conf /etc/nsswitch.conf
55	fi
56
57	# Set the host name if it is not already set
58	#
59	if [ -z "`hostname -s`" ]; then
60		hostname ${hostname}
61		echo -n ' hostname'
62	fi
63
64	# Establish ipfilter ruleset as early as possible (best in
65	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
66
67	# check whether ipfilter and/or ipnat is enabled
68	ipfilter_active="NO"
69	case ${ipfilter_enable} in
70	[Yy][Ee][Ss])
71		ipfilter_active="YES"
72		;;
73	esac
74	case ${ipnat_enable} in
75	[Yy][Ee][Ss])
76		ipfilter_active="YES"
77		;;
78	esac
79	case ${ipfilter_active} in
80	[Yy][Ee][Ss])
81		# load ipfilter kernel module if needed
82		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
83			if kldload ipl; then
84				echo 'IP-filter module loaded.'
85			else
86				echo 'Warning: IP-filter module failed to load.'
87				# avoid further errors
88				ipmon_enable="NO"
89				ipfilter_enable="NO"
90				ipnat_enable="NO"
91				ipfs_enable="NO"
92			fi
93		fi
94		# start ipmon before loading any rules
95		case "${ipmon_enable}" in
96		[Yy][Ee][Ss])
97			echo -n ' ipmon'
98			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
99			;;
100		esac
101		case "${ipfilter_enable}" in
102		[Yy][Ee][Ss])
103			if [ -r "${ipfilter_rules}" ]; then
104				echo -n ' ipfilter'
105				${ipfilter_program:-/sbin/ipf} -Fa -f \
106				    "${ipfilter_rules}" ${ipfilter_flags}
107			else
108				ipfilter_enable="NO"
109				echo -n ' NO IPF RULES'
110			fi
111			;;
112		esac
113		case "${ipnat_enable}" in
114		[Yy][Ee][Ss])
115			if [ -r "${ipnat_rules}" ]; then
116				echo -n ' ipnat'
117				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
118				    "${ipnat_rules}" ${ipnat_flags}
119			else
120				ipnat_enable="NO"
121				echo -n ' NO IPNAT RULES'
122			fi
123			;;
124		esac
125		# restore filter/NAT state tables after loading the rules
126		case "${ipfs_enable}" in
127		[Yy][Ee][Ss])
128			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
129				echo -n ' ipfs'
130				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
131				# remove files to avoid reloading old state
132				# after an ungraceful shutdown
133				rm -f /var/db/ipf/ipstate.ipf
134				rm -f /var/db/ipf/ipnat.ipf
135			fi
136			;;
137		esac
138		;;
139	esac
140
141	# Set the domainname if we're using NIS
142	#
143	case ${nisdomainname} in
144	[Nn][Oo] | '')
145		;;
146	*)
147		domainname ${nisdomainname}
148		echo -n ' domain'
149		;;
150	esac
151
152	echo '.'
153
154	# Initial ATM interface configuration
155	#
156	case ${atm_enable} in
157	[Yy][Ee][Ss])
158		if [ -r /etc/rc.atm ]; then
159			. /etc/rc.atm
160			atm_pass1
161		fi
162		;;
163	esac
164
165	# Attempt to create cloned interfaces.
166	for ifn in ${cloned_interfaces}; do
167		ifconfig ${ifn} create
168	done
169
170	# Special options for sppp(4) interfaces go here.  These need
171	# to go _before_ the general ifconfig section, since in the case
172	# of hardwired (no link1 flag) but required authentication, you
173	# cannot pass auth parameters down to the already running interface.
174	#
175	for ifn in ${sppp_interfaces}; do
176		eval spppcontrol_args=\$spppconfig_${ifn}
177		if [ -n "${spppcontrol_args}" ]; then
178			# The auth secrets might contain spaces; in order
179			# to retain the quotation, we need to eval them
180			# here.
181			eval spppcontrol ${ifn} ${spppcontrol_args}
182		fi
183	done
184
185	# gifconfig
186	network_gif_setup
187
188	# Set up all the network interfaces, calling startup scripts if needed
189	#
190	case ${network_interfaces} in
191	[Aa][Uu][Tt][Oo])
192		network_interfaces="`ifconfig -l`"
193		;;
194	*)
195		network_interfaces="${network_interfaces} ${cloned_interfaces}"
196		;;
197	esac
198
199	dhcp_interfaces=""
200	for ifn in ${network_interfaces}; do
201		if [ -r /etc/start_if.${ifn} ]; then
202			. /etc/start_if.${ifn}
203			eval showstat_$ifn=1
204		fi
205
206		# Do the primary ifconfig if specified
207		#
208		eval ifconfig_args=\$ifconfig_${ifn}
209
210		case ${ifconfig_args} in
211		'')
212			;;
213		[Dd][Hh][Cc][Pp])
214			# DHCP inits are done all in one go below
215			dhcp_interfaces="$dhcp_interfaces $ifn"
216			eval showstat_$ifn=1
217			;;
218		*)
219			ifconfig ${ifn} ${ifconfig_args}
220			eval showstat_$ifn=1
221			;;
222		esac
223	done
224
225	if [ ! -z "${dhcp_interfaces}" ]; then
226		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
227	fi
228
229	for ifn in ${network_interfaces}; do
230		# Check to see if aliases need to be added
231		#
232		alias=0
233		while : ; do
234			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
235			if [ -n "${ifconfig_args}" ]; then
236				ifconfig ${ifn} ${ifconfig_args} alias
237				eval showstat_$ifn=1
238				alias=$((${alias} + 1))
239			else
240				break;
241			fi
242		done
243
244		# Do ipx address if specified
245		#
246		eval ifconfig_args=\$ifconfig_${ifn}_ipx
247		if [ -n "${ifconfig_args}" ]; then
248			ifconfig ${ifn} ${ifconfig_args}
249			eval showstat_$ifn=1
250		fi
251	done
252
253	for ifn in ${network_interfaces}; do
254		eval showstat=\$showstat_${ifn}
255		if [ ! -z ${showstat} ]; then
256			ifconfig ${ifn}
257		fi
258	done
259
260	# ISDN subsystem startup
261	#
262	case ${isdn_enable} in
263	[Yy][Ee][Ss])
264		if [ -r /etc/rc.isdn ]; then
265			. /etc/rc.isdn
266		fi
267		;;
268	esac
269
270	# Start user ppp if required.  This must happen before natd.
271	#
272	case ${ppp_enable} in
273	[Yy][Ee][Ss])
274		# Establish ppp mode.
275		#
276		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
277			-a "${ppp_mode}" != "dedicated" \
278			-a "${ppp_mode}" != "background" ]; then
279			ppp_mode="auto"
280		fi
281
282		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
283
284		# Switch on NAT mode?
285		#
286		case ${ppp_nat} in
287		[Yy][Ee][Ss])
288			ppp_command="${ppp_command} -nat"
289			;;
290		esac
291
292		ppp_command="${ppp_command} ${ppp_profile}"
293
294		echo "Starting ppp as \"${ppp_user}\""
295		su -m ${ppp_user} -c "exec ${ppp_command}"
296		;;
297	esac
298
299	# Re-Sync ipfilter so it picks up any new network interfaces
300	#
301	case ${ipfilter_active} in
302	[Yy][Ee][Ss])
303		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
304		;;
305	esac
306	unset ipfilter_active
307
308	# Initialize IP filtering using ipfw
309	#
310	if /sbin/ipfw -q flush > /dev/null 2>&1; then
311		firewall_in_kernel=1
312	else
313		firewall_in_kernel=0
314	fi
315
316	case ${firewall_enable} in
317	[Yy][Ee][Ss])
318		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
319			firewall_in_kernel=1
320			echo 'Kernel firewall module loaded'
321		elif [ "${firewall_in_kernel}" -eq 0 ]; then
322			echo 'Warning: firewall kernel module failed to load'
323		fi
324		;;
325	esac
326
327	# Load the filters if required
328	#
329	case ${firewall_in_kernel} in
330	1)
331		if [ -z "${firewall_script}" ]; then
332			firewall_script=/etc/rc.firewall
333		fi
334
335		case ${firewall_enable} in
336		[Yy][Ee][Ss])
337			if [ -r "${firewall_script}" ]; then
338				. "${firewall_script}"
339				echo -n 'Firewall rules loaded, starting divert daemons:'
340
341				# Network Address Translation daemon
342				#
343				case ${natd_enable} in
344				[Yy][Ee][Ss])
345					if [ -n "${natd_interface}" ]; then
346						if echo ${natd_interface} | \
347							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
348							natd_ifarg="-a ${natd_interface}"
349						else
350							natd_ifarg="-n ${natd_interface}"
351						fi
352
353						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
354					fi
355					;;
356				esac
357
358				echo '.'
359
360			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
361				echo 'Warning: kernel has firewall functionality,' \
362				     'but firewall rules are not enabled.'
363				echo '		 All ip services are disabled.'
364			fi
365
366			case ${firewall_logging} in
367			[Yy][Ee][Ss] | '')
368				echo 'Firewall logging=YES'
369				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
370				;;
371			*)
372				;;
373			esac
374
375			;;
376		esac
377		;;
378	esac
379
380	# Additional ATM interface configuration
381	#
382	if [ -n "${atm_pass1_done}" ]; then
383		atm_pass2
384	fi
385
386	# Configure routing
387	#
388	case ${defaultrouter} in
389	[Nn][Oo] | '')
390		;;
391	*)
392		static_routes="default ${static_routes}"
393		route_default="default ${defaultrouter}"
394		;;
395	esac
396
397	# Set up any static routes.  This should be done before router discovery.
398	#
399	if [ -n "${static_routes}" ]; then
400		for i in ${static_routes}; do
401			eval route_args=\$route_${i}
402			route add ${route_args}
403		done
404	fi
405
406	echo -n 'Additional routing options:'
407	case ${tcp_extensions} in
408	[Yy][Ee][Ss] | '')
409		;;
410	*)
411		echo -n ' tcp extensions=NO'
412		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
413		;;
414	esac
415
416	case ${icmp_bmcastecho} in
417	[Yy][Ee][Ss])
418		echo -n ' broadcast ping responses=YES'
419		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
420		;;
421	esac
422
423	case ${icmp_drop_redirect} in
424	[Yy][Ee][Ss])
425		echo -n ' ignore ICMP redirect=YES'
426		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
427		;;
428	esac
429
430	case ${icmp_log_redirect} in
431	[Yy][Ee][Ss])
432		echo -n ' log ICMP redirect=YES'
433		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
434		;;
435	esac
436
437	case ${gateway_enable} in
438	[Yy][Ee][Ss])
439		echo -n ' IP gateway=YES'
440		sysctl -w net.inet.ip.forwarding=1 >/dev/null
441		;;
442	esac
443
444	case ${forward_sourceroute} in
445	[Yy][Ee][Ss])
446		echo -n ' do source routing=YES'
447		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
448		;;
449	esac
450
451	case ${accept_sourceroute} in
452	[Yy][Ee][Ss])
453		echo -n ' accept source routing=YES'
454		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
455		;;
456	esac
457
458	case ${tcp_keepalive} in
459	[Yy][Ee][Ss])
460		echo -n ' TCP keepalive=YES'
461		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
462		;;
463	esac
464
465	case ${tcp_drop_synfin} in
466	[Yy][Ee][Ss])
467		echo -n ' drop SYN+FIN packets=YES'
468		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
469		;;
470	esac
471
472	case ${ipxgateway_enable} in
473	[Yy][Ee][Ss])
474		echo -n ' IPX gateway=YES'
475		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
476		;;
477	esac
478
479	case ${arpproxy_all} in
480	[Yy][Ee][Ss])
481		echo -n ' ARP proxyall=YES'
482		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
483		;;
484	esac
485
486	case ${ip_portrange_first} in
487	[Nn][Oo] | '')
488		;;
489	*)
490		echo -n " ip_portrange_first=$ip_portrange_first"
491		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
492		;;
493	esac
494
495	case ${ip_portrange_last} in
496	[Nn][Oo] | '')
497		;;
498	*)
499		echo -n " ip_portrange_last=$ip_portrange_last"
500		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
501		;;
502	esac
503
504	echo '.'
505
506	case ${ipsec_enable} in
507	[Yy][Ee][Ss])
508		if [ -f ${ipsec_file} ]; then
509		    echo ' ipsec: enabled'
510		    setkey -f ${ipsec_file}
511		else
512		    echo ' ipsec: file not found'
513		fi
514		;;
515	esac
516
517	echo -n 'Routing daemons:'
518	case ${router_enable} in
519	[Yy][Ee][Ss])
520		echo -n " ${router}";	${router} ${router_flags}
521		;;
522	esac
523
524	case ${ipxrouted_enable} in
525	[Yy][Ee][Ss])
526		echo -n ' IPXrouted'
527		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
528		;;
529	esac
530
531	case ${mrouted_enable} in
532	[Yy][Ee][Ss])
533		echo -n ' mrouted';	mrouted ${mrouted_flags}
534		;;
535	esac
536
537	case ${rarpd_enable} in
538	[Yy][Ee][Ss])
539		echo -n ' rarpd';	rarpd ${rarpd_flags}
540		;;
541	esac
542	echo '.'
543
544	# Let future generations know we made it.
545	#
546	network_pass1_done=YES
547}
548
549network_pass2() {
550	echo -n 'Doing additional network setup:'
551	case ${named_enable} in
552	[Yy][Ee][Ss])
553		echo -n ' named';	${named_program:-named} ${named_flags}
554		;;
555	esac
556
557	case ${ntpdate_enable} in
558	[Yy][Ee][Ss])
559		echo -n ' ntpdate'
560		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
561		;;
562	esac
563
564	case ${xntpd_enable} in
565	[Yy][Ee][Ss])
566		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
567		;;
568	esac
569
570	case ${timed_enable} in
571	[Yy][Ee][Ss])
572		echo -n ' timed';	timed ${timed_flags}
573		;;
574	esac
575
576	case ${portmap_enable} in
577	[Yy][Ee][Ss])
578		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
579			${portmap_flags}
580
581		# Start ypserv if we're an NIS server.
582		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
583		#
584		case ${nis_server_enable} in
585		[Yy][Ee][Ss])
586			echo -n ' ypserv'; ypserv ${nis_server_flags}
587
588			case ${nis_ypxfrd_enable} in
589			[Yy][Ee][Ss])
590				echo -n ' rpc.ypxfrd'
591				rpc.ypxfrd ${nis_ypxfrd_flags}
592				;;
593			esac
594
595			case ${nis_yppasswdd_enable} in
596			[Yy][Ee][Ss])
597				echo -n ' rpc.yppasswdd'
598				rpc.yppasswdd ${nis_yppasswdd_flags}
599				;;
600			esac
601			;;
602		esac
603
604		# Start ypbind if we're an NIS client
605		#
606		case ${nis_client_enable} in
607		[Yy][Ee][Ss])
608			echo -n ' ypbind'; ypbind ${nis_client_flags}
609			case ${nis_ypset_enable} in
610			[Yy][Ee][Ss])
611				echo -n ' ypset';	ypset ${nis_ypset_flags}
612				;;
613			esac
614			;;
615		esac
616
617		# Start keyserv if we are running Secure RPC
618		#
619		case ${keyserv_enable} in
620		[Yy][Ee][Ss])
621			echo -n ' keyserv';	keyserv ${keyserv_flags}
622			;;
623		esac
624
625		# Start ypupdated if we are running Secure RPC
626		# and we are NIS master
627		#
628		case ${rpc_ypupdated_enable} in
629		[Yy][Ee][Ss])
630			echo -n ' rpc.ypupdated';	rpc.ypupdated
631			;;
632		esac
633		;;
634	esac
635
636	# Start ATM daemons
637	if [ -n "${atm_pass2_done}" ]; then
638		atm_pass3
639	fi
640
641	echo '.'
642	network_pass2_done=YES
643}
644
645network_pass3() {
646	echo -n 'Starting final network daemons:'
647
648	case ${portmap_enable} in
649	[Yy][Ee][Ss])
650		case ${nfs_server_enable} in
651		[Yy][Ee][Ss])
652			# Handle absent nfs server support
653			nfsserver_in_kernel=0
654			if sysctl vfs.nfsrv >/dev/null 2>&1; then
655				nfsserver_in_kernel=1
656			else
657				kldload nfsserver && nfsserver_in_kernel=1
658			fi
659
660			if [ -r /etc/exports -a \
661			    ${nfsserver_in_kernel} -eq 1 ]; then
662				echo -n ' mountd'
663
664				case ${weak_mountd_authentication} in
665				[Yy][Ee][Ss])
666					mountd_flags="${mountd_flags} -n"
667					;;
668				esac
669
670				mountd ${mountd_flags}
671
672				case ${nfs_reserved_port_only} in
673				[Yy][Ee][Ss])
674					echo -n ' NFS on reserved port only=YES'
675					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
676					;;
677				esac
678
679				echo -n ' nfsd';	nfsd ${nfs_server_flags}
680
681				case ${rpc_lockd_enable} in
682				[Yy][Ee][Ss])
683					echo -n ' rpc.lockd';	rpc.lockd
684					;;
685				esac
686
687				case ${rpc_statd_enable} in
688				[Yy][Ee][Ss])
689					echo -n ' rpc.statd';	rpc.statd
690					;;
691				esac
692			else
693				echo -n ' Warning: nfs server failed'
694			fi
695			;;
696		*)
697			case ${single_mountd_enable} in
698			[Yy][Ee][Ss])
699				if [ -r /etc/exports ]; then
700					echo -n ' mountd'
701
702					case ${weak_mountd_authentication} in
703					[Yy][Ee][Ss])
704						mountd_flags="-n"
705						;;
706					esac
707
708					mountd ${mountd_flags}
709				fi
710				;;
711			esac
712			;;
713		esac
714
715		case ${nfs_client_enable} in
716		[Yy][Ee][Ss])
717			if [ -n "${nfs_access_cache}" ]; then
718				echo -n " NFS access cache time=${nfs_access_cache}"
719				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
720			fi
721			if [ -n "${nfs_bufpackets}" ]; then
722				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
723			fi
724			;;
725		esac
726
727		# If /var/db/mounttab exists, some nfs-server has not been
728		# sucessfully notified about a previous client shutdown.
729		# If there is no /var/db/mounttab, we do nothing.
730		if [ -f /var/db/mounttab ]; then
731			rpc.umntall -k
732		fi
733
734		case ${amd_enable} in
735		[Yy][Ee][Ss])
736			echo -n ' amd'
737			case ${amd_map_program} in
738			[Nn][Oo] | '')
739				;;
740			*)
741				amd_flags="${amd_flags} `eval\
742					${amd_map_program}`"
743				;;
744			esac
745
746			if [ -n "${amd_flags}" ]; then
747				amd -p ${amd_flags}\
748					> /var/run/amd.pid 2> /dev/null
749			else
750				amd 2> /dev/null
751			fi
752			;;
753		esac
754		;;
755	esac
756
757	case ${rwhod_enable} in
758	[Yy][Ee][Ss])
759		echo -n ' rwhod';	rwhod ${rwhod_flags}
760		;;
761	esac
762
763	# Kerberos servers run ONLY on the Kerberos server machine
764	case ${kerberos4_server_enable} in
765	[Yy][Ee][Ss])
766		case ${kerberos_stash} in
767		[Yy][Ee][Ss])
768			stash=-n
769			;;
770		*)
771			stash=
772			;;
773		esac
774
775		echo -n ' kerberosIV'
776		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
777
778		case ${kadmind4_server_enable} in
779		[Yy][Ee][Ss])
780			echo -n ' kadmindIV'
781			(
782				sleep 20;
783				${kadmind4_server} ${stash} >/dev/null 2>&1 &
784			) &
785			;;
786		esac
787		unset stash_flag
788		;;
789	esac
790
791	case ${kerberos5_server_enable} in
792	[Yy][Ee][Ss])
793		echo -n ' kerberos5'
794		${kerberos5_server} &
795
796		case ${kadmind5_server_enable} in
797		[Yy][Ee][Ss])
798			echo -n ' kadmind5'
799			${kadmind5_server} &
800			;;
801		esac
802		;;
803	esac
804
805	case ${pppoed_enable} in
806	[Yy][Ee][Ss])
807		if [ -n "${pppoed_provider}" ]; then
808			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
809		fi
810		echo -n ' pppoed';
811		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
812		;;
813	esac
814
815	case ${sshd_enable} in
816	[Yy][Ee][Ss])
817		if [ ! -f /etc/ssh/ssh_host_key ]; then
818			echo ' creating ssh RSA host key';
819			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
820		fi
821		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
822			echo ' creating ssh DSA host key';
823			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
824		fi
825		;;
826	esac
827
828	echo '.'
829	network_pass3_done=YES
830}
831
832network_pass4() {
833	echo -n 'Additional TCP options:'
834	case ${log_in_vain} in
835	[Nn][Oo] | '')
836		;;
837	*)
838		echo -n ' log_in_vain=YES'
839		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
840		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
841		;;
842	esac
843
844	echo '.'
845	network_pass4_done=YES
846}
847
848network_gif_setup() {
849	case ${gif_interfaces} in
850	[Nn][Oo] | '')
851		;;
852	*)
853		for i in ${gif_interfaces}; do
854			eval peers=\$gifconfig_$i
855			case ${peers} in
856			'')
857				continue
858				;;
859			*)
860				ifconfig $i create >/dev/null 2>&1
861				ifconfig $i tunnel ${peers}
862				;;
863			esac
864		done
865		;;
866	esac
867}
868
869convert_host_conf() {
870    host_conf=$1; shift;
871    nsswitch_conf=$1; shift;
872    awk '                                                                   \
873        /^[:blank:]*#/       { next }                                       \
874        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
875        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
876        /nis/                { nsswitch[c] = "nis";   c++; next }           \
877        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
878        END {                                                               \
879                printf "hosts: ";                                           \
880                for (i in nsswitch) printf "%s ", nsswitch[i];              \
881                printf "\n";                                                \
882        }' < $host_conf > $nsswitch_conf
883}
884
885generate_host_conf() {
886    nsswitch_conf=$1; shift;
887    host_conf=$1; shift;
888    
889    awk '
890BEGIN {
891    xlat["files"] = "hosts";
892    xlat["dns"] = "bind";
893    xlat["nis"] = "nis";
894    cont = 0;
895}
896sub(/^[\t ]*hosts:/, "") || cont {
897    if (!cont)
898	srcs = ""
899    sub(/#.*/, "")
900    gsub(/[][]/, " & ")
901    cont = sub(/\\$/, "")
902    srcs = srcs " " $0
903}
904END {
905    print "# Auto-generated from nsswitch.conf, do not edit"
906    ns = split(srcs, s)
907    for (n = 1; n <= ns; ++n) {
908        if (s[n] in xlat)
909            print xlat[s[n]]
910    }
911}
912' <$nsswitch_conf >$host_conf
913}
914