routing revision 89911 
1218885Sdim#!/bin/sh -
2218885Sdim#
3218885Sdim# Copyright (c) 1993  The FreeBSD Project
4218885Sdim# All rights reserved.
5218885Sdim#
6218885Sdim# Redistribution and use in source and binary forms, with or without
7218885Sdim# modification, are permitted provided that the following conditions
8218885Sdim# are met:
9218885Sdim# 1. Redistributions of source code must retain the above copyright
10218885Sdim#    notice, this list of conditions and the following disclaimer.
11218885Sdim# 2. Redistributions in binary form must reproduce the above copyright
12218885Sdim#    notice, this list of conditions and the following disclaimer in the
13249423Sdim#    documentation and/or other materials provided with the distribution.
14218885Sdim#
15218885Sdim# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16218885Sdim# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17218885Sdim# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18218885Sdim# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19218885Sdim# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20218885Sdim# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21249423Sdim# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22249423Sdim# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23249423Sdim# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24249423Sdim# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25243830Sdim# SUCH DAMAGE.
26243830Sdim#
27263508Sdim# $FreeBSD: head/etc/rc.d/routing 89911 2002-01-28 11:05:01Z sheldonh $
28263508Sdim#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29243830Sdim#
30243830Sdim
31263508Sdim# Note that almost all of the user-configurable behavior is no longer in
32263508Sdim# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33243830Sdim# first before contemplating any changes here.  If you do need to change
34243830Sdim# this file for some reason, we would like to know about it.
35243830Sdim
36243830Sdim# First pass startup stuff.
37243830Sdim#
38243830Sdimnetwork_pass1() {
39243830Sdim	echo -n 'Doing initial network setup:'
40243830Sdim
41243830Sdim	# Generate host.conf for compatibility
42243830Sdim	#
43243830Sdim	if [ -f "/etc/nsswitch.conf" ]; then
44243830Sdim		echo -n ' host.conf'
45243830Sdim		generate_host_conf /etc/nsswitch.conf /etc/host.conf
46243830Sdim	fi
47243830Sdim
48243830Sdim	# Convert host.conf to nsswitch.conf if necessary
49263508Sdim	#
50263508Sdim	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
51263508Sdim		echo ''
52263508Sdim		echo 'Warning: /etc/host.conf is no longer used'
53239462Sdim		echo '  /etc/nsswitch.conf will be created for you'
54239462Sdim		convert_host_conf /etc/host.conf /etc/nsswitch.conf
55239462Sdim	fi
56239462Sdim
57239462Sdim	# Set the host name if it is not already set
58239462Sdim	#
59239462Sdim	if [ -z "`hostname -s`" ]; then
60239462Sdim		hostname ${hostname}
61239462Sdim		echo -n ' hostname'
62249423Sdim	fi
63249423Sdim
64249423Sdim	# Establish ipfilter ruleset as early as possible (best in
65249423Sdim	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
66239462Sdim
67239462Sdim	# check whether ipfilter and/or ipnat is enabled
68263508Sdim	ipfilter_active="NO"
69263508Sdim	case ${ipfilter_enable} in
70263508Sdim	[Yy][Ee][Ss])
71263508Sdim		ipfilter_active="YES"
72263508Sdim		;;
73263508Sdim	esac
74263508Sdim	case ${ipnat_enable} in
75263508Sdim	[Yy][Ee][Ss])
76263508Sdim		ipfilter_active="YES"
77263508Sdim		;;
78263508Sdim	esac
79263508Sdim	case ${ipfilter_active} in
80263508Sdim	[Yy][Ee][Ss])
81263508Sdim		# load ipfilter kernel module if needed
82249423Sdim		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
83249423Sdim			if kldload ipl; then
84249423Sdim				echo 'IP-filter module loaded.'
85249423Sdim			else
86249423Sdim				echo 'Warning: IP-filter module failed to load.'
87249423Sdim				# avoid further errors
88249423Sdim				ipmon_enable="NO"
89249423Sdim				ipfilter_enable="NO"
90249423Sdim				ipnat_enable="NO"
91249423Sdim				ipfs_enable="NO"
92234353Sdim			fi
93234353Sdim		fi
94239462Sdim		# start ipmon before loading any rules
95239462Sdim		case "${ipmon_enable}" in
96243830Sdim		[Yy][Ee][Ss])
97243830Sdim			echo -n ' ipmon'
98243830Sdim			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
99243830Sdim			;;
100243830Sdim		esac
101243830Sdim		case "${ipfilter_enable}" in
102234353Sdim		[Yy][Ee][Ss])
103234353Sdim			if [ -r "${ipfilter_rules}" ]; then
104234353Sdim				echo -n ' ipfilter'
105234353Sdim				${ipfilter_program:-/sbin/ipf} -Fa -f \
106239462Sdim				    "${ipfilter_rules}" ${ipfilter_flags}
107239462Sdim			else
108243830Sdim				ipfilter_enable="NO"
109243830Sdim				echo -n ' NO IPF RULES'
110243830Sdim			fi
111243830Sdim			;;
112243830Sdim		esac
113243830Sdim		case "${ipnat_enable}" in
114234353Sdim		[Yy][Ee][Ss])
115234353Sdim			if [ -r "${ipnat_rules}" ]; then
116234353Sdim				echo -n ' ipnat'
117234353Sdim				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
118234353Sdim				    "${ipnat_rules}" ${ipnat_flags}
119234353Sdim			else
120239462Sdim				ipnat_enable="NO"
121239462Sdim				echo -n ' NO IPNAT RULES'
122234353Sdim			fi
123234353Sdim			;;
124239462Sdim		esac
125239462Sdim		# restore filter/NAT state tables after loading the rules
126243830Sdim		case "${ipfs_enable}" in
127243830Sdim		[Yy][Ee][Ss])
128243830Sdim			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
129243830Sdim				echo -n ' ipfs'
130243830Sdim				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
131243830Sdim				# remove files to avoid reloading old state
132239462Sdim				# after an ungraceful shutdown
133239462Sdim				rm -f /var/db/ipf/ipstate.ipf
134249423Sdim				rm -f /var/db/ipf/ipnat.ipf
135249423Sdim			fi
136249423Sdim			;;
137249423Sdim		esac
138249423Sdim		;;
139249423Sdim	esac
140249423Sdim
141249423Sdim	# Set the domainname if we're using NIS
142249423Sdim	#
143249423Sdim	case ${nisdomainname} in
144249423Sdim	[Nn][Oo] | '')
145249423Sdim		;;
146249423Sdim	*)
147249423Sdim		domainname ${nisdomainname}
148243830Sdim		echo -n ' domain'
149243830Sdim		;;
150243830Sdim	esac
151243830Sdim
152243830Sdim	echo '.'
153243830Sdim
154243830Sdim	# Initial ATM interface configuration
155243830Sdim	#
156234353Sdim	case ${atm_enable} in
157234353Sdim	[Yy][Ee][Ss])
158239462Sdim		if [ -r /etc/rc.atm ]; then
159239462Sdim			. /etc/rc.atm
160234353Sdim			atm_pass1
161234353Sdim		fi
162249423Sdim		;;
163249423Sdim	esac
164249423Sdim
165249423Sdim	# Attempt to create cloned interfaces.
166249423Sdim	for ifn in ${cloned_interfaces}; do
167249423Sdim		ifconfig ${ifn} create
168249423Sdim	done
169249423Sdim
170234353Sdim	# Special options for sppp(4) interfaces go here.  These need
171234353Sdim	# to go _before_ the general ifconfig section, since in the case
172234353Sdim	# of hardwired (no link1 flag) but required authentication, you
173234353Sdim	# cannot pass auth parameters down to the already running interface.
174234353Sdim	#
175234353Sdim	for ifn in ${sppp_interfaces}; do
176234353Sdim		eval spppcontrol_args=\$spppconfig_${ifn}
177234353Sdim		if [ -n "${spppcontrol_args}" ]; then
178234353Sdim			# The auth secrets might contain spaces; in order
179234353Sdim			# to retain the quotation, we need to eval them
180234353Sdim			# here.
181234353Sdim			eval spppcontrol ${ifn} ${spppcontrol_args}
182239462Sdim		fi
183239462Sdim	done
184234353Sdim
185234353Sdim	# gifconfig
186239462Sdim	network_gif_setup
187239462Sdim
188249423Sdim	# Set up all the network interfaces, calling startup scripts if needed
189249423Sdim	#
190234353Sdim	case ${network_interfaces} in
191234353Sdim	[Aa][Uu][Tt][Oo])
192243830Sdim		network_interfaces="`ifconfig -l`"
193243830Sdim		;;
194243830Sdim	*)
195243830Sdim		network_interfaces="${network_interfaces} ${cloned_interfaces}"
196243830Sdim		;;
197243830Sdim	esac
198234353Sdim
199234353Sdim	dhcp_interfaces=""
200239462Sdim	for ifn in ${network_interfaces}; do
201239462Sdim		if [ -r /etc/start_if.${ifn} ]; then
202234353Sdim			. /etc/start_if.${ifn}
203234353Sdim			eval showstat_$ifn=1
204239462Sdim		fi
205239462Sdim
206239462Sdim		# Do the primary ifconfig if specified
207239462Sdim		#
208234353Sdim		eval ifconfig_args=\$ifconfig_${ifn}
209234353Sdim
210239462Sdim		case ${ifconfig_args} in
211239462Sdim		'')
212234353Sdim			;;
213234353Sdim		[Dd][Hh][Cc][Pp])
214234353Sdim			# DHCP inits are done all in one go below
215234353Sdim			dhcp_interfaces="$dhcp_interfaces $ifn"
216239462Sdim			eval showstat_$ifn=1
217239462Sdim			;;
218234353Sdim		*)
219234353Sdim			ifconfig ${ifn} ${ifconfig_args}
220249423Sdim			eval showstat_$ifn=1
221249423Sdim			;;
222249423Sdim		esac
223249423Sdim	done
224249423Sdim
225249423Sdim	if [ ! -z "${dhcp_interfaces}" ]; then
226249423Sdim		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
227249423Sdim	fi
228249423Sdim
229249423Sdim	for ifn in ${network_interfaces}; do
230249423Sdim		# Check to see if aliases need to be added
231249423Sdim		#
232249423Sdim		alias=0
233249423Sdim		while : ; do
234249423Sdim			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
235249423Sdim			if [ -n "${ifconfig_args}" ]; then
236249423Sdim				ifconfig ${ifn} ${ifconfig_args} alias
237249423Sdim				eval showstat_$ifn=1
238249423Sdim				alias=$((${alias} + 1))
239249423Sdim			else
240249423Sdim				break;
241249423Sdim			fi
242249423Sdim		done
243249423Sdim
244239462Sdim		# Do ipx address if specified
245239462Sdim		#
246249423Sdim		eval ifconfig_args=\$ifconfig_${ifn}_ipx
247249423Sdim		if [ -n "${ifconfig_args}" ]; then
248234353Sdim			ifconfig ${ifn} ${ifconfig_args}
249234353Sdim			eval showstat_$ifn=1
250239462Sdim		fi
251239462Sdim	done
252234353Sdim
253234353Sdim	for ifn in ${network_interfaces}; do
254234353Sdim		eval showstat=\$showstat_${ifn}
255234353Sdim		if [ ! -z ${showstat} ]; then
256239462Sdim			ifconfig ${ifn}
257239462Sdim		fi
258234353Sdim	done
259234353Sdim
260249423Sdim	# ISDN subsystem startup
261249423Sdim	#
262249423Sdim	case ${isdn_enable} in
263249423Sdim	[Yy][Ee][Ss])
264249423Sdim		if [ -r /etc/rc.isdn ]; then
265249423Sdim			. /etc/rc.isdn
266239462Sdim		fi
267239462Sdim		;;
268234353Sdim	esac
269234353Sdim
270249423Sdim	# Start user ppp if required.  This must happen before natd.
271249423Sdim	#
272243830Sdim	case ${ppp_enable} in
273243830Sdim	[Yy][Ee][Ss])
274249423Sdim		# Establish ppp mode.
275249423Sdim		#
276249423Sdim		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
277249423Sdim			-a "${ppp_mode}" != "dedicated" \
278249423Sdim			-a "${ppp_mode}" != "background" ]; then
279249423Sdim			ppp_mode="auto"
280249423Sdim		fi
281249423Sdim
282249423Sdim		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
283249423Sdim
284249423Sdim		# Switch on NAT mode?
285249423Sdim		#
286249423Sdim		case ${ppp_nat} in
287249423Sdim		[Yy][Ee][Ss])
288249423Sdim			ppp_command="${ppp_command} -nat"
289249423Sdim			;;
290249423Sdim		esac
291249423Sdim
292249423Sdim		ppp_command="${ppp_command} ${ppp_profile}"
293249423Sdim
294249423Sdim		echo "Starting ppp as \"${ppp_user}\""
295249423Sdim		su -m ${ppp_user} -c "exec ${ppp_command}"
296249423Sdim		;;
297249423Sdim	esac
298249423Sdim
299249423Sdim	# Re-Sync ipfilter so it picks up any new network interfaces
300249423Sdim	#
301249423Sdim	case ${ipfilter_active} in
302249423Sdim	[Yy][Ee][Ss])
303249423Sdim		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
304249423Sdim		;;
305249423Sdim	esac
306249423Sdim	unset ipfilter_active
307249423Sdim
308234353Sdim	# Initialize IP filtering using ipfw
309234353Sdim	#
310234353Sdim	if /sbin/ipfw -q flush > /dev/null 2>&1; then
311249423Sdim		firewall_in_kernel=1
312249423Sdim	else
313249423Sdim		firewall_in_kernel=0
314249423Sdim	fi
315249423Sdim
316249423Sdim	case ${firewall_enable} in
317249423Sdim	[Yy][Ee][Ss])
318249423Sdim		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
319249423Sdim			firewall_in_kernel=1
320249423Sdim			echo 'Kernel firewall module loaded'
321249423Sdim		elif [ "${firewall_in_kernel}" -eq 0 ]; then
322249423Sdim			echo 'Warning: firewall kernel module failed to load'
323249423Sdim		fi
324249423Sdim		;;
325249423Sdim	esac
326249423Sdim
327263508Sdim	# Load the filters if required
328263508Sdim	#
329249423Sdim	case ${firewall_in_kernel} in
330249423Sdim	1)
331249423Sdim		if [ -z "${firewall_script}" ]; then
332249423Sdim			firewall_script=/etc/rc.firewall
333234353Sdim		fi
334234353Sdim
335249423Sdim		case ${firewall_enable} in
336249423Sdim		[Yy][Ee][Ss])
337249423Sdim			if [ -r "${firewall_script}" ]; then
338249423Sdim				. "${firewall_script}"
339249423Sdim				echo -n 'Firewall rules loaded, starting divert daemons:'
340249423Sdim
341249423Sdim				# Network Address Translation daemon
342249423Sdim				#
343249423Sdim				case ${natd_enable} in
344249423Sdim				[Yy][Ee][Ss])
345234353Sdim					if [ -n "${natd_interface}" ]; then
346234353Sdim						if echo ${natd_interface} | \
347234353Sdim							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
348234353Sdim							natd_ifarg="-a ${natd_interface}"
349239462Sdim						else
350239462Sdim							natd_ifarg="-n ${natd_interface}"
351234353Sdim						fi
352234353Sdim
353234353Sdim						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
354234353Sdim					fi
355239462Sdim					;;
356239462Sdim				esac
357234353Sdim
358234353Sdim				echo '.'
359239462Sdim
360239462Sdim			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
361239462Sdim				echo 'Warning: kernel has firewall functionality,' \
362239462Sdim				     'but firewall rules are not enabled.'
363239462Sdim				echo '		 All ip services are disabled.'
364239462Sdim			fi
365243830Sdim
366243830Sdim			case ${firewall_logging} in
367243830Sdim			[Yy][Ee][Ss] | '')
368243830Sdim				echo 'Firewall logging=YES'
369243830Sdim				sysctl net.inet.ip.fw.verbose=1 >/dev/null
370243830Sdim				;;
371239462Sdim			*)
372239462Sdim				;;
373239462Sdim			esac
374239462Sdim
375249423Sdim			;;
376249423Sdim		esac
377249423Sdim		;;
378249423Sdim	esac
379243830Sdim
380243830Sdim	# Additional ATM interface configuration
381249423Sdim	#
382249423Sdim	if [ -n "${atm_pass1_done}" ]; then
383249423Sdim		atm_pass2
384249423Sdim	fi
385239462Sdim
386239462Sdim	# Configure routing
387239462Sdim	#
388239462Sdim	case ${defaultrouter} in
389234353Sdim	[Nn][Oo] | '')
390234353Sdim		;;
391234353Sdim	*)
392234353Sdim		static_routes="default ${static_routes}"
393249423Sdim		route_default="default ${defaultrouter}"
394249423Sdim		;;
395218885Sdim	esac
396218885Sdim
397218885Sdim	# Set up any static routes.  This should be done before router discovery.
398218885Sdim	#
399249423Sdim	if [ -n "${static_routes}" ]; then
400249423Sdim		for i in ${static_routes}; do
401249423Sdim			eval route_args=\$route_${i}
402249423Sdim			route add ${route_args}
403249423Sdim		done
404249423Sdim	fi
405249423Sdim
406249423Sdim	echo -n 'Additional routing options:'
407249423Sdim	case ${tcp_extensions} in
408249423Sdim	[Yy][Ee][Ss] | '')
409234353Sdim		;;
410234353Sdim	*)
411234353Sdim		echo -n ' tcp extensions=NO'
412234353Sdim		sysctl net.inet.tcp.rfc1323=0 >/dev/null
413234353Sdim		;;
414234353Sdim	esac
415249423Sdim
416249423Sdim	case ${icmp_bmcastecho} in
417249423Sdim	[Yy][Ee][Ss])
418249423Sdim		echo -n ' broadcast ping responses=YES'
419249423Sdim		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
420249423Sdim		;;
421249423Sdim	esac
422249423Sdim
423249423Sdim	case ${icmp_drop_redirect} in
424249423Sdim	[Yy][Ee][Ss])
425249423Sdim		echo -n ' ignore ICMP redirect=YES'
426249423Sdim		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
427249423Sdim		;;
428249423Sdim	esac
429249423Sdim
430249423Sdim	case ${icmp_log_redirect} in
431243830Sdim	[Yy][Ee][Ss])
432243830Sdim		echo -n ' log ICMP redirect=YES'
433234353Sdim		sysctl net.inet.icmp.log_redirect=1 >/dev/null
434234353Sdim		;;
435234353Sdim	esac
436234353Sdim
437234353Sdim	case ${gateway_enable} in
438234353Sdim	[Yy][Ee][Ss])
439249423Sdim		echo -n ' IP gateway=YES'
440249423Sdim		sysctl net.inet.ip.forwarding=1 >/dev/null
441249423Sdim		;;
442249423Sdim	esac
443249423Sdim
444249423Sdim	case ${forward_sourceroute} in
445239462Sdim	[Yy][Ee][Ss])
446239462Sdim		echo -n ' do source routing=YES'
447239462Sdim		sysctl net.inet.ip.sourceroute=1 >/dev/null
448239462Sdim		;;
449249423Sdim	esac
450249423Sdim
451249423Sdim	case ${accept_sourceroute} in
452249423Sdim	[Yy][Ee][Ss])
453249423Sdim		echo -n ' accept source routing=YES'
454249423Sdim		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
455249423Sdim		;;
456249423Sdim	esac
457249423Sdim
458249423Sdim	case ${tcp_keepalive} in
459243830Sdim	[Nn][Oo])
460243830Sdim		echo -n ' TCP keepalive=NO'
461243830Sdim		sysctl net.inet.tcp.always_keepalive=0 >/dev/null
462243830Sdim		;;
463249423Sdim	esac
464249423Sdim
465249423Sdim	case ${tcp_drop_synfin} in
466249423Sdim	[Yy][Ee][Ss])
467249423Sdim		echo -n ' drop SYN+FIN packets=YES'
468249423Sdim		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
469249423Sdim		;;
470249423Sdim	esac
471234353Sdim
472234353Sdim	case ${ipxgateway_enable} in
473234353Sdim	[Yy][Ee][Ss])
474234353Sdim		echo -n ' IPX gateway=YES'
475234982Sdim		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
476234353Sdim		;;
477249423Sdim	esac
478249423Sdim
479234982Sdim	case ${arpproxy_all} in
480234982Sdim	[Yy][Ee][Ss])
481234982Sdim		echo -n ' ARP proxyall=YES'
482234982Sdim		sysctl net.link.ether.inet.proxyall=1 >/dev/null
483234982Sdim		;;
484234982Sdim	esac
485249423Sdim
486249423Sdim	case ${ip_portrange_first} in
487249423Sdim	[Nn][Oo] | '')
488249423Sdim		;;
489249423Sdim	*)
490249423Sdim		echo -n " ip_portrange_first=$ip_portrange_first"
491249423Sdim		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
492249423Sdim		;;
493249423Sdim	esac
494234353Sdim
495234353Sdim	case ${ip_portrange_last} in
496234353Sdim	[Nn][Oo] | '')
497234353Sdim		;;
498234353Sdim	*)
499234353Sdim		echo -n " ip_portrange_last=$ip_portrange_last"
500239462Sdim		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
501239462Sdim		;;
502234353Sdim	esac
503234353Sdim
504239462Sdim	echo '.'
505239462Sdim
506221345Sdim	case ${ipsec_enable} in
507221345Sdim	[Yy][Ee][Ss])
508249423Sdim		if [ -f ${ipsec_file} ]; then
509249423Sdim		    echo ' ipsec: enabled'
510249423Sdim		    setkey -f ${ipsec_file}
511249423Sdim		else
512234353Sdim		    echo ' ipsec: file not found'
513234353Sdim		fi
514239462Sdim		;;
515239462Sdim	esac
516234353Sdim
517234353Sdim	echo -n 'Routing daemons:'
518249423Sdim	case ${router_enable} in
519249423Sdim	[Yy][Ee][Ss])
520249423Sdim		echo -n " ${router}";	${router} ${router_flags}
521249423Sdim		;;
522249423Sdim	esac
523249423Sdim
524249423Sdim	case ${ipxrouted_enable} in
525249423Sdim	[Yy][Ee][Ss])
526249423Sdim		echo -n ' IPXrouted'
527249423Sdim		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
528243830Sdim		;;
529243830Sdim	esac
530249423Sdim
531249423Sdim	case ${mrouted_enable} in
532249423Sdim	[Yy][Ee][Ss])
533249423Sdim		echo -n ' mrouted';	mrouted ${mrouted_flags}
534239462Sdim		;;
535239462Sdim	esac
536239462Sdim
537239462Sdim	case ${rarpd_enable} in
538243830Sdim	[Yy][Ee][Ss])
539243830Sdim		echo -n ' rarpd';	rarpd ${rarpd_flags}
540249423Sdim		;;
541249423Sdim	esac
542239462Sdim	echo '.'
543239462Sdim
544243830Sdim	# Let future generations know we made it.
545243830Sdim	#
546243830Sdim	network_pass1_done=YES
547243830Sdim}
548239462Sdim
549239462Sdimnetwork_pass2() {
550249423Sdim	echo -n 'Doing additional network setup:'
551249423Sdim	case ${named_enable} in
552239462Sdim	[Yy][Ee][Ss])
553239462Sdim		echo -n ' named';	${named_program:-named} ${named_flags}
554239462Sdim		;;
555239462Sdim	esac
556239462Sdim
557239462Sdim	case ${ntpdate_enable} in
558243830Sdim	[Yy][Ee][Ss])
559243830Sdim		echo -n ' ntpdate'
560239462Sdim		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
561239462Sdim		;;
562243830Sdim	esac
563243830Sdim
564243830Sdim	case ${xntpd_enable} in
565243830Sdim	[Yy][Ee][Ss])
566243830Sdim		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
567243830Sdim		;;
568243830Sdim	esac
569243830Sdim
570243830Sdim	case ${timed_enable} in
571243830Sdim	[Yy][Ee][Ss])
572243830Sdim		echo -n ' timed';	timed ${timed_flags}
573243830Sdim		;;
574249423Sdim	esac
575249423Sdim
576249423Sdim	case ${portmap_enable} in
577249423Sdim	[Yy][Ee][Ss])
578243830Sdim		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
579243830Sdim			${portmap_flags}
580243830Sdim
581243830Sdim		# Start ypserv if we're an NIS server.
582243830Sdim		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
583243830Sdim		#
584243830Sdim		case ${nis_server_enable} in
585243830Sdim		[Yy][Ee][Ss])
586243830Sdim			echo -n ' ypserv'; ypserv ${nis_server_flags}
587243830Sdim
588243830Sdim			case ${nis_ypxfrd_enable} in
589249423Sdim			[Yy][Ee][Ss])
590249423Sdim				echo -n ' rpc.ypxfrd'
591249423Sdim				rpc.ypxfrd ${nis_ypxfrd_flags}
592249423Sdim				;;
593234353Sdim			esac
594234353Sdim
595234353Sdim			case ${nis_yppasswdd_enable} in
596234353Sdim			[Yy][Ee][Ss])
597234353Sdim				echo -n ' rpc.yppasswdd'
598234353Sdim				rpc.yppasswdd ${nis_yppasswdd_flags}
599239462Sdim				;;
600239462Sdim			esac
601234353Sdim			;;
602234353Sdim		esac
603239462Sdim
604239462Sdim		# Start ypbind if we're an NIS client
605249423Sdim		#
606249423Sdim		case ${nis_client_enable} in
607249423Sdim		[Yy][Ee][Ss])
608249423Sdim			echo -n ' ypbind'; ypbind ${nis_client_flags}
609249423Sdim			case ${nis_ypset_enable} in
610249423Sdim			[Yy][Ee][Ss])
611249423Sdim				echo -n ' ypset';	ypset ${nis_ypset_flags}
612249423Sdim				;;
613234353Sdim			esac
614234353Sdim			;;
615234353Sdim		esac
616234353Sdim
617234353Sdim		# Start keyserv if we are running Secure RPC
618234353Sdim		#
619249423Sdim		case ${keyserv_enable} in
620249423Sdim		[Yy][Ee][Ss])
621249423Sdim			echo -n ' keyserv';	keyserv ${keyserv_flags}
622249423Sdim			;;
623249423Sdim		esac
624249423Sdim
625249423Sdim		# Start ypupdated if we are running Secure RPC
626249423Sdim		# and we are NIS master
627249423Sdim		#
628249423Sdim		case ${rpc_ypupdated_enable} in
629249423Sdim		[Yy][Ee][Ss])
630249423Sdim			echo -n ' rpc.ypupdated';	rpc.ypupdated
631243830Sdim			;;
632243830Sdim		esac
633249423Sdim		;;
634249423Sdim	esac
635249423Sdim
636249423Sdim	# Start ATM daemons
637249423Sdim	if [ -n "${atm_pass2_done}" ]; then
638249423Sdim		atm_pass3
639249423Sdim	fi
640249423Sdim
641249423Sdim	echo '.'
642249423Sdim	network_pass2_done=YES
643249423Sdim}
644249423Sdim
645249423Sdimnetwork_pass3() {
646249423Sdim	echo -n 'Starting final network daemons:'
647249423Sdim
648249423Sdim	case ${portmap_enable} in
649234353Sdim	[Yy][Ee][Ss])
650218885Sdim		case ${nfs_server_enable} in
651218885Sdim		[Yy][Ee][Ss])
652218885Sdim			# Handle absent nfs server support
653218885Sdim			nfsserver_in_kernel=0
654218885Sdim			if sysctl vfs.nfsrv >/dev/null 2>&1; then
655218885Sdim				nfsserver_in_kernel=1
656218885Sdim			else
657218885Sdim				kldload nfsserver && nfsserver_in_kernel=1
658234353Sdim			fi
659234353Sdim
660234353Sdim			if [ -r /etc/exports -a \
661234353Sdim			    ${nfsserver_in_kernel} -eq 1 ]; then
662234353Sdim				echo -n ' mountd'
663234353Sdim
664234353Sdim				case ${weak_mountd_authentication} in
665234353Sdim				[Yy][Ee][Ss])
666234353Sdim					mountd_flags="${mountd_flags} -n"
667234353Sdim					;;
668234353Sdim				esac
669234353Sdim
670234353Sdim				mountd ${mountd_flags}
671234353Sdim
672234353Sdim				case ${nfs_reserved_port_only} in
673234353Sdim				[Yy][Ee][Ss])
674234353Sdim					echo -n ' NFS on reserved port only=YES'
675234353Sdim					sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
676218885Sdim					;;
677218885Sdim				esac
678218885Sdim
679218885Sdim				echo -n ' nfsd';	nfsd ${nfs_server_flags}
680223017Sdim
681218885Sdim				case ${rpc_statd_enable} in
682239462Sdim				[Yy][Ee][Ss])
683239462Sdim					echo -n ' rpc.statd';	rpc.statd
684239462Sdim					;;
685239462Sdim				esac
686218885Sdim
687218885Sdim				case ${rpc_lockd_enable} in
688218885Sdim				[Yy][Ee][Ss])
689234353Sdim					echo -n ' rpc.lockd';	rpc.lockd
690218885Sdim					;;
691218885Sdim				esac
692239462Sdim			else
693239462Sdim				echo -n ' Warning: nfs server failed'
694239462Sdim			fi
695239462Sdim			;;
696239462Sdim		*)
697239462Sdim			case ${single_mountd_enable} in
698239462Sdim			[Yy][Ee][Ss])
699239462Sdim				if [ -r /etc/exports ]; then
700239462Sdim					echo -n ' mountd'
701239462Sdim
702239462Sdim					case ${weak_mountd_authentication} in
703239462Sdim					[Yy][Ee][Ss])
704263508Sdim						mountd_flags="-n"
705263508Sdim						;;
706239462Sdim					esac
707239462Sdim
708239462Sdim					mountd ${mountd_flags}
709239462Sdim				fi
710263508Sdim				;;
711239462Sdim			esac
712239462Sdim			;;
713239462Sdim		esac
714263508Sdim
715263508Sdim		case ${nfs_client_enable} in
716263508Sdim		[Yy][Ee][Ss])
717239462Sdim			nfsclient_in_kernel=0
718239462Sdim			# Handle absent nfs client support
719239462Sdim			if sysctl vfs.nfs >/dev/null 2>&1; then
720239462Sdim				nfsclient_in_kernel=1
721239462Sdim			else
722234353Sdim				kldload nfsclient && nfsclient_in_kernel=1
723234353Sdim			fi
724234353Sdim
725234353Sdim			if [ ${nfsclient_in_kernel} -eq 1 ]
726234353Sdim			then
727234353Sdim				if [ -n "${nfs_access_cache}" ]; then
728234353Sdim					echo -n " NFS access cache time=${nfs_access_cache}"
729234353Sdim					sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
730234353Sdim				fi
731234353Sdim				if [ -n "${nfs_bufpackets}" ]; then
732218885Sdim					sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
733218885Sdim				fi
734218885Sdim				case ${rpc_statd_enable} in
735234353Sdim				[Yy][Ee][Ss])
736218885Sdim					echo -n ' rpc.statd';	rpc.statd
737218885Sdim					;;
738218885Sdim				esac
739234353Sdim
740218885Sdim				case ${rpc_lockd_enable} in
741234353Sdim				[Yy][Ee][Ss])
742234353Sdim					echo -n ' rpc.lockd';	rpc.lockd
743234353Sdim					;;
744234353Sdim				esac
745234353Sdim
746234353Sdim				case ${amd_enable} in
747234353Sdim				[Yy][Ee][Ss])
748234353Sdim					echo -n ' amd'
749234353Sdim					case ${amd_map_program} in
750234353Sdim					[Nn][Oo] | '')
751234353Sdim						;;
752218885Sdim					*)
753218885Sdim						amd_flags="${amd_flags} `eval\
754218885Sdim							${amd_map_program}`"
755218885Sdim						;;
756218885Sdim					esac
757218885Sdim
758218885Sdim					if [ -n "${amd_flags}" ]; then
759218885Sdim						amd -p ${amd_flags}\
760							> /var/run/amd.pid 2> /dev/null
761					else
762						amd 2> /dev/null
763					fi
764					;;
765				esac
766			else
767				echo 'Warning: NFS client kernel module failed to load'
768				nfs_client_enable=NO
769			fi
770			;;
771		esac
772
773		# If /var/db/mounttab exists, some nfs-server has not been
774		# successfully notified about a previous client shutdown.
775		# If there is no /var/db/mounttab, we do nothing.
776		if [ -f /var/db/mounttab ]; then
777			rpc.umntall -k
778		fi
779
780		;;
781	esac
782
783	case ${rwhod_enable} in
784	[Yy][Ee][Ss])
785		echo -n ' rwhod';	rwhod ${rwhod_flags}
786		;;
787	esac
788
789	# Kerberos servers run ONLY on the Kerberos server machine
790	case ${kerberos4_server_enable} in
791	[Yy][Ee][Ss])
792		case ${kerberos_stash} in
793		[Yy][Ee][Ss])
794			stash=-n
795			;;
796		*)
797			stash=
798			;;
799		esac
800
801		echo -n ' kerberosIV'
802		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
803
804		case ${kadmind4_server_enable} in
805		[Yy][Ee][Ss])
806			echo -n ' kadmindIV'
807			(
808				sleep 20;
809				${kadmind4_server} ${stash} >/dev/null 2>&1 &
810			) &
811			;;
812		esac
813		unset stash_flag
814		;;
815	esac
816
817	case ${kerberos5_server_enable} in
818	[Yy][Ee][Ss])
819		echo -n ' kerberos5'
820		${kerberos5_server} &
821
822		case ${kadmind5_server_enable} in
823		[Yy][Ee][Ss])
824			echo -n ' kadmind5'
825			${kadmind5_server} &
826			;;
827		esac
828		;;
829	esac
830
831	case ${pppoed_enable} in
832	[Yy][Ee][Ss])
833		if [ -n "${pppoed_provider}" ]; then
834			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
835		fi
836		echo -n ' pppoed';
837		_opts=$-; set -f
838		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
839		set +f; set -${_opts}
840		;;
841	esac
842
843	case ${sshd_enable} in
844	[Yy][Ee][Ss])
845		if [ ! -f /etc/ssh/ssh_host_key ]; then
846			echo ' creating ssh RSA host key';
847			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
848		fi
849		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
850			echo ' creating ssh DSA host key';
851			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
852		fi
853		;;
854	esac
855
856	echo '.'
857	network_pass3_done=YES
858}
859
860network_pass4() {
861	echo -n 'Additional TCP options:'
862	case ${log_in_vain} in
863	[Nn][Oo] | '')
864		log_in_vain=0
865		;;
866	[Yy][Ee][Ss])
867		log_in_vain=1
868		;;
869	[0-9]*)
870		;;
871	*)
872		echo " invalid log_in_vain setting: ${log_in_vain}"
873		log_in_vain=0
874		;;
875	esac
876
877	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
878	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
879	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
880
881	echo '.'
882	network_pass4_done=YES
883}
884
885network_gif_setup() {
886	case ${gif_interfaces} in
887	[Nn][Oo] | '')
888		;;
889	*)
890		for i in ${gif_interfaces}; do
891			eval peers=\$gifconfig_$i
892			case ${peers} in
893			'')
894				continue
895				;;
896			*)
897				ifconfig $i create >/dev/null 2>&1
898				ifconfig $i tunnel ${peers}
899				;;
900			esac
901		done
902		;;
903	esac
904}
905
906convert_host_conf() {
907    host_conf=$1; shift;
908    nsswitch_conf=$1; shift;
909    awk '                                                                   \
910        /^[:blank:]*#/       { next }                                       \
911        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
912        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
913        /nis/                { nsswitch[c] = "nis";   c++; next }           \
914        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
915        END {                                                               \
916                printf "hosts: ";                                           \
917                for (i in nsswitch) printf "%s ", nsswitch[i];              \
918                printf "\n";                                                \
919        }' < $host_conf > $nsswitch_conf
920}
921
922generate_host_conf() {
923    nsswitch_conf=$1; shift;
924    host_conf=$1; shift;
925    
926    awk '
927BEGIN {
928    xlat["files"] = "hosts";
929    xlat["dns"] = "bind";
930    xlat["nis"] = "nis";
931    cont = 0;
932}
933sub(/^[\t ]*hosts:/, "") || cont {
934    if (!cont)
935	srcs = ""
936    sub(/#.*/, "")
937    gsub(/[][]/, " & ")
938    cont = sub(/\\$/, "")
939    srcs = srcs " " $0
940}
941END {
942    print "# Auto-generated from nsswitch.conf, do not edit"
943    ns = split(srcs, s)
944    for (n = 1; n <= ns; ++n) {
945        if (s[n] in xlat)
946            print xlat[s[n]]
947    }
948}
949' <$nsswitch_conf >$host_conf
950}
951