defaultroute revision 49110 
1193323Sed#!/bin/sh -
2193323Sed#
3193323Sed#	$Id: rc.network,v 1.50 1999/07/16 09:26:52 jkh Exp $
4193323Sed#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
5193323Sed
6193323Sed# Note that almost all the user-configurable behavior is no longer in
7193323Sed# this file, but rather in /etc/rc.conf.  Please check that file
8193323Sed# first before contemplating any changes here.  If you do need to change
9193323Sed# this file for some reason, we would like to know about it.
10193323Sed
11193323Sed# First pass startup stuff.
12193323Sed
13193323Sednetwork_pass1() {
14193323Sed    echo -n 'Doing initial network setup:'
15193323Sed    # Set the host name if it is not already set
16193323Sed    if [ -z "`hostname -s`" ] ; then
17193323Sed	    hostname $hostname
18193323Sed	    echo -n ' hostname'
19193323Sed    fi
20193323Sed
21193323Sed    # Set the domainname if we're using NIS
22193323Sed    if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then
23193323Sed	    domainname $nisdomainname
24193323Sed	    echo -n ' domain'
25193323Sed    fi
26199481Srdivacky    echo '.'
27199481Srdivacky
28199481Srdivacky    # Initial ATM interface configuration
29199481Srdivacky    if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then
30199481Srdivacky	    . /etc/rc.atm
31193323Sed	    atm_pass1
32193323Sed    fi
33193323Sed
34193323Sed    # ISDN subsystem startup
35193323Sed    if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then
36193323Sed	    . /etc/rc.isdn
37193323Sed    fi
38193323Sed
39193323Sed    # Special options for sppp(4) interfaces go here.  These need
40193323Sed    # to go _before_ the general ifconfig section, since in the case
41193323Sed    # of hardwired (no link1 flag) but required authentication, you
42193323Sed    # cannot pass auth parameters down to the already running interface.
43193323Sed    for ifn in ${sppp_interfaces}; do
44205218Srdivacky	    eval spppcontrol_args=\$spppconfig_${ifn}
45193323Sed	    if [ -n "${spppcontrol_args}" ] ; then
46198090Srdivacky		    # The auth secrets might contain spaces; in order
47193323Sed		    # to retain the quotation, we need to eval them
48193323Sed		    # here.
49193323Sed		    eval spppcontrol ${ifn} ${spppcontrol_args}
50198090Srdivacky	    fi
51198090Srdivacky    done
52193323Sed
53195340Sed    # Set up all the network interfaces, calling startup scripts if needed
54193323Sed    if [ "x${network_interfaces}" = "xauto" ]; then
55204642Srdivacky	    network_interfaces="`ifconfig -l`"
56193323Sed    fi
57193323Sed    for ifn in ${network_interfaces}; do
58193323Sed	    showstat=false
59193323Sed	    if [ -e /etc/start_if.${ifn} ]; then
60193323Sed		    . /etc/start_if.${ifn}
61193323Sed		    showstat=true
62193323Sed	    fi
63193323Sed	    # Do the primary ifconfig if specified
64193323Sed	    eval ifconfig_args=\$ifconfig_${ifn}
65193323Sed	    if [ -n "${ifconfig_args}" ] ; then
66198892Srdivacky		    # See if we are using DHCP
67193323Sed		    if [ X"${ifconfig_args}" = X"DHCP" ]; then
68198090Srdivacky			     ${dhcp_program} ${dhcp_flags} ${ifn}
69193323Sed		    else
70193323Sed			     ifconfig ${ifn} ${ifconfig_args}
71193323Sed		    fi
72193323Sed		    showstat=true
73193323Sed	    fi
74193323Sed	    # Check to see if aliases need to be added
75198090Srdivacky	    alias=0
76198090Srdivacky	    while :
77193323Sed	    do
78193323Sed		    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
79193323Sed		    if [ -n "${ifconfig_args}" ]; then
80198090Srdivacky			    ifconfig ${ifn} ${ifconfig_args} alias
81198090Srdivacky			    showstat=true
82193323Sed			    alias=`expr ${alias} + 1`
83193323Sed		    else
84193323Sed			    break;
85193323Sed		    fi
86193323Sed	    done
87198090Srdivacky	    # Do ipx address if specified
88193323Sed	    eval ifconfig_args=\$ifconfig_${ifn}_ipx
89193323Sed	    if [ -n "${ifconfig_args}" ]; then
90193323Sed		    ifconfig ${ifn} ${ifconfig_args}
91199481Srdivacky		    showstat=true
92199481Srdivacky	    fi
93193323Sed	    if [ "${showstat}" = "true" ]
94193323Sed	    then
95198090Srdivacky		    ifconfig ${ifn}
96193323Sed	    fi
97198090Srdivacky    done
98198090Srdivacky
99199481Srdivacky    # Initialize IP filtering using ipfw
100193323Sed    echo ""
101193323Sed    /sbin/ipfw -q flush > /dev/null 2>&1
102193323Sed    if [ $? = 0 ] ; then
103193323Sed	firewall_in_kernel=1
104193323Sed    else 
105193323Sed	firewall_in_kernel=0
106193323Sed    fi
107193323Sed
108193323Sed    if [ $firewall_in_kernel = 0 -a "x$firewall_enable"  = "xYES" ] ; then
109193323Sed	if kldload ipfw; then
110193323Sed		firewall_in_kernel=1		# module loaded successfully
111193323Sed		echo "Kernel firewall module loaded."
112198090Srdivacky	else
113193323Sed		echo "Warning: firewall kernel module failed to load."
114201360Srdivacky	fi
115193323Sed    fi
116193323Sed
117198090Srdivacky    # Load the filters if required
118198090Srdivacky    if [ $firewall_in_kernel = 1 ]; then
119193323Sed	if [ -z "${firewall_script}" ] ; then
120193323Sed	    firewall_script="/etc/rc.firewall"
121193323Sed	fi
122193323Sed	if [ -f ${firewall_script} -a X"$firewall_enable" = X"YES" ]; then
123193323Sed	    . ${firewall_script}
124198090Srdivacky	    echo -n 'Firewall rules loaded, starting divert daemons:'
125193323Sed
126193323Sed	    # Network Address Translation daemon
127193323Sed	    if [ X"${natd_enable}" = X"YES" -a -n "${natd_interface}" ]; then
128193323Sed		if echo ${natd_interface} | \
129193323Sed		    grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
130193323Sed		    natd_ifarg="-a ${natd_interface}"
131193323Sed		else
132198090Srdivacky		    natd_ifarg="-n ${natd_interface}"
133193323Sed		fi
134193323Sed		echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg}
135193323Sed	    fi
136204961Srdivacky	    echo '.'
137198090Srdivacky	else
138198090Srdivacky	    IPFW_DEFAULT=`ipfw l 65535`
139198090Srdivacky	    if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then
140198090Srdivacky		echo -n "Warning: kernel has firewall functionality, "
141198090Srdivacky		echo "but firewall rules are not enabled."
142198090Srdivacky		echo "         All ip services are disabled."
143198090Srdivacky	    fi
144198090Srdivacky	fi
145210299Sed    fi
146210299Sed
147210299Sed    # Warm up user ppp if required.
148210299Sed    if [ "X$ppp_enable" = X"YES" ]; then
149210299Sed	    # Establish ppp mode.
150198090Srdivacky	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
151198090Srdivacky		-a "X$ppp_mode" != X"dedicated" ]; then \
152198090Srdivacky	        ppp_mode="auto";
153198090Srdivacky	    fi
154204642Srdivacky	    ppp_command="-${ppp_mode} ";
155204642Srdivacky
156204642Srdivacky	    # Switch on alias mode?
157204642Srdivacky	    if [ "X$ppp_alias" = X"YES" ]; then
158204642Srdivacky		ppp_command="${ppp_command} -alias";
159198090Srdivacky	    fi
160198090Srdivacky
161198090Srdivacky	    echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile}
162198090Srdivacky    fi
163198090Srdivacky
164198090Srdivacky    # Additional ATM interface configuration
165198090Srdivacky    if [ -n "${atm_pass1_done}" ]; then
166198090Srdivacky	    atm_pass2
167198090Srdivacky    fi
168198090Srdivacky
169198090Srdivacky    # Configure routing
170198090Srdivacky
171204642Srdivacky    if [ "x$defaultrouter" != "xNO" ] ; then
172204642Srdivacky	    static_routes="default ${static_routes}"
173204642Srdivacky	    route_default="default ${defaultrouter}"
174204642Srdivacky    fi
175204642Srdivacky    
176204642Srdivacky    # Set up any static routes.  This should be done before router discovery.
177204642Srdivacky    if [ "x${static_routes}" != "x" ]; then
178204642Srdivacky	    for i in ${static_routes}; do
179204642Srdivacky		    eval route_args=\$route_${i}
180204642Srdivacky		    route add ${route_args}
181204642Srdivacky	    done
182204642Srdivacky    fi
183204642Srdivacky
184204642Srdivacky    echo -n 'Additional routing options:'
185204642Srdivacky    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
186204642Srdivacky	    echo -n ' tcp extensions=NO'
187204642Srdivacky	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
188204642Srdivacky    fi
189204642Srdivacky
190204642Srdivacky    if [ -n "$log_in_vain" -a "x$log_in_vain" != "xNO" ] ; then
191204642Srdivacky	    echo -n ' log_in_vain=YES'
192193323Sed	    sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
193198090Srdivacky	    sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
194198090Srdivacky    fi
195198090Srdivacky
196199481Srdivacky    if [ X"$icmp_bmcastecho" = X"YES" ]; then
197210299Sed	    echo -n ' broadcast ping responses=YES'
198199481Srdivacky	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
199199481Srdivacky    fi
200193323Sed
201193323Sed    if [ "X$gateway_enable" = X"YES" ]; then
202193323Sed	    echo -n ' IP gateway=YES'
203193323Sed	    sysctl -w net.inet.ip.forwarding=1 >/dev/null
204193323Sed    fi
205193323Sed    
206193323Sed    if [ "X$forward_sourceroute" = X"YES" ]; then
207193323Sed	    echo -n ' do source routing=YES'
208193323Sed	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null
209203954Srdivacky    fi
210203954Srdivacky
211203954Srdivacky    if [ "X$accept_sourceroute" = X"YES" ]; then
212193323Sed	    echo -n ' accept source routing=YES'
213193323Sed	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
214193323Sed    fi
215193323Sed
216193323Sed    if [ "X$tcp_keepalive" = X"YES" ]; then
217193323Sed	    echo -n ' TCP keepalive=YES'
218193323Sed	    sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
219199481Srdivacky    fi
220210299Sed
221199481Srdivacky    if [ "X$ipxgateway_enable" = X"YES" ]; then
222199481Srdivacky	    echo -n ' IPX gateway=YES'
223193323Sed	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
224193323Sed    fi
225193323Sed    
226193323Sed    if [ "X$arpproxy_all" = X"YES" ]; then
227193323Sed	    echo -n ' ARP proxyall=YES'
228193323Sed	    sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
229199481Srdivacky    fi
230199481Srdivacky    echo '.'
231193323Sed
232193323Sed    echo -n 'routing daemons:'
233193323Sed    if [ "X$router_enable" = X"YES" ]; then
234199481Srdivacky	    echo -n " ${router}";	${router} ${router_flags}
235198090Srdivacky    fi
236193323Sed    
237193323Sed    if [ "X$ipxrouted_enable" = X"YES" ]; then
238193323Sed	    echo -n ' IPXrouted'
239193323Sed	    IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
240193323Sed    fi
241193323Sed    
242193323Sed    if [ "X${mrouted_enable}" = X"YES" ]; then
243193323Sed	    echo -n ' mrouted'; mrouted ${mrouted_flags}
244193323Sed    fi
245193323Sed
246193323Sed    if [ "X$rarpd_enable" = X"YES" ]; then
247199481Srdivacky	    echo -n ' rarpd';     rarpd ${rarpd_flags}
248199481Srdivacky    fi
249210299Sed    echo '.'
250199481Srdivacky    network_pass1_done=YES	# Let future generations know we made it.
251199481Srdivacky}
252193323Sed
253193323Sednetwork_pass2() {
254193323Sed    echo -n 'Doing additional network setup:'
255193323Sed    if [ "X${named_enable}" = X"YES" ]; then
256193323Sed	    echo -n ' named';		${named_program-"named"} ${named_flags}
257193323Sed    fi
258193323Sed
259193323Sed    if [ "X${ntpdate_enable}" = X"YES" ]; then
260198090Srdivacky	    echo -n ' ntpdate';	${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1
261193323Sed    fi
262193323Sed
263193323Sed    if [ "X${xntpd_enable}" = X"YES" ]; then
264193323Sed	    echo -n ' xntpd';	${xntpd_program} ${xntpd_flags}
265193323Sed    fi
266202878Srdivacky
267195340Sed    if [ "X${timed_enable}" = X"YES" ]; then
268195340Sed	    echo -n ' timed';		timed ${timed_flags}
269195340Sed    fi
270195340Sed
271195340Sed    if [ "X${portmap_enable}" = X"YES" ]; then
272195340Sed	    echo -n ' portmap';		${portmap_program} ${portmap_flags}
273195340Sed    fi
274195340Sed
275199481Srdivacky    # Start ypserv if we're an NIS server.
276199481Srdivacky    # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
277199481Srdivacky    if [ "X${nis_server_enable}" = X"YES" ]; then
278199481Srdivacky	    echo -n ' ypserv'; ypserv ${nis_server_flags}
279199481Srdivacky	    
280199481Srdivacky	    if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then
281199481Srdivacky		    echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags}
282199481Srdivacky	    fi
283195340Sed	    
284195340Sed	    if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then
285195340Sed		    echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags}
286195340Sed	    fi
287195340Sed    fi
288195340Sed
289195340Sed    # Start ypbind if we're an NIS client
290195340Sed    if [ "X${nis_client_enable}" = X"YES" ]; then
291195340Sed	    echo -n ' ypbind'; ypbind ${nis_client_flags}
292195340Sed	    if [ "X${nis_ypset_enable}" = X"YES" ]; then
293195340Sed		    echo -n ' ypset'; ypset ${nis_ypset_flags}
294195340Sed	    fi
295195340Sed    fi
296205218Srdivacky
297205218Srdivacky    # Start keyserv if we are running Secure RPC
298205218Srdivacky    if [ "X${keyserv_enable}" = X"YES" ]; then
299195340Sed	    echo -n ' keyserv';		keyserv ${keyserv_flags}
300195340Sed    fi
301199481Srdivacky    # Start ypupdated if we are running Secure RPC and we are NIS master
302199481Srdivacky    if [ "X$rpc_ypupdated_enable" = X"YES" ]; then
303195340Sed	    echo -n ' rpc.ypupdated';	rpc.ypupdated
304195340Sed    fi
305195340Sed
306195340Sed    # Start ATM daemons
307195340Sed    if [ -n "${atm_pass2_done}" ]; then
308195340Sed	    atm_pass3
309195340Sed    fi
310195340Sed
311195340Sed    echo '.'
312195340Sed    network_pass2_done=YES
313195340Sed}
314195340Sed
315195340Sednetwork_pass3() {
316204642Srdivacky    echo -n 'Starting final network daemons:'
317204642Srdivacky
318204642Srdivacky    if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then
319204642Srdivacky	    echo -n ' mountd'
320204642Srdivacky	    if [ "X${weak_mountd_authentication}" = X"YES" ]; then
321195340Sed		    mountd_flags="-n"
322195340Sed	    fi
323195340Sed	    mountd ${mountd_flags}
324195340Sed	    if [ "X${nfs_reserved_port_only}" = X"YES" ]; then
325195340Sed		    echo -n ' NFS on reserved port only=YES'
326195340Sed		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
327195340Sed	    fi
328195340Sed	    echo -n ' nfsd';		nfsd ${nfs_server_flags}
329198090Srdivacky	    if [ "X$rpc_lockd_enable" = X"YES" ]; then
330198090Srdivacky		echo -n ' rpc.lockd';		rpc.lockd
331198090Srdivacky	    fi
332198090Srdivacky	    if [ "X$rpc_statd_enable" = X"YES" ]; then
333195340Sed		echo -n ' rpc.statd';		rpc.statd
334195340Sed	    fi
335195340Sed    fi
336195340Sed    
337195340Sed    if [ "X${nfs_client_enable}" = X"YES" ]; then
338195340Sed	    echo -n ' nfsiod';		nfsiod ${nfs_client_flags}
339195340Sed	    if [ "X${nfs_access_cache}" != X ]; then
340195340Sed		echo -n " NFS access cache time=${nfs_access_cache}"
341195340Sed		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
342195340Sed		    >/dev/null
343195340Sed	    fi
344195340Sed    fi
345193323Sed
346193323Sed    if [ "X${amd_enable}" = X"YES" ]; then
347193323Sed	    echo -n ' amd'
348193323Sed	    if [ "X${amd_map_program}" != X"NO" ]; then
349193323Sed		amd_flags="${amd_flags} `eval ${amd_map_program}`"
350193323Sed	    fi
351193323Sed	    if [ -n "$amd_flags" ]
352198090Srdivacky	    then
353193323Sed	      amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
354193323Sed	    else
355193323Sed	      amd 2> /dev/null
356193323Sed	    fi
357193323Sed    fi
358210299Sed
359210299Sed    if [ "X${rwhod_enable}" = X"YES" ]; then
360210299Sed	    echo -n ' rwhod';	rwhod ${rwhod_flags}
361199481Srdivacky    fi
362199481Srdivacky
363199481Srdivacky    # Kerberos runs ONLY on the Kerberos server machine
364210299Sed    if [ "X${kerberos_server_enable}" = X"YES" ]; then
365193323Sed	    if [ "X${kerberos_stash}" = "XYES" ]; then
366199481Srdivacky		stash_flag=-n
367210299Sed	    else
368199481Srdivacky		stash_flag=
369210299Sed	    fi
370199481Srdivacky	    echo -n ' kerberos'; \
371193323Sed		kerberos ${stash_flag} >> /var/log/kerberos.log &
372193323Sed	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
373193323Sed		echo -n ' kadmind'; \
374193323Sed		(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
375193323Sed	    fi
376204642Srdivacky	    unset stash_flag
377204642Srdivacky    fi
378204642Srdivacky    
379204642Srdivacky    echo '.'
380193323Sed    network_pass3_done=YES
381193323Sed}
382193323Sed