routing revision 89911
1218885Sdim#!/bin/sh - 2218885Sdim# 3218885Sdim# Copyright (c) 1993 The FreeBSD Project 4218885Sdim# All rights reserved. 5218885Sdim# 6218885Sdim# Redistribution and use in source and binary forms, with or without 7218885Sdim# modification, are permitted provided that the following conditions 8218885Sdim# are met: 9218885Sdim# 1. Redistributions of source code must retain the above copyright 10218885Sdim# notice, this list of conditions and the following disclaimer. 11218885Sdim# 2. Redistributions in binary form must reproduce the above copyright 12218885Sdim# notice, this list of conditions and the following disclaimer in the 13249423Sdim# documentation and/or other materials provided with the distribution. 14218885Sdim# 15218885Sdim# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16218885Sdim# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17218885Sdim# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18218885Sdim# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19218885Sdim# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20218885Sdim# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21249423Sdim# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22249423Sdim# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23249423Sdim# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24249423Sdim# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25243830Sdim# SUCH DAMAGE. 26243830Sdim# 27263508Sdim# $FreeBSD: head/etc/rc.d/routing 89911 2002-01-28 11:05:01Z sheldonh $ 28263508Sdim# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29243830Sdim# 30243830Sdim 31263508Sdim# Note that almost all of the user-configurable behavior is no longer in 32263508Sdim# this file, but rather in /etc/defaults/rc.conf. Please check that file 33243830Sdim# first before contemplating any changes here. If you do need to change 34243830Sdim# this file for some reason, we would like to know about it. 35243830Sdim 36243830Sdim# First pass startup stuff. 37243830Sdim# 38243830Sdimnetwork_pass1() { 39243830Sdim echo -n 'Doing initial network setup:' 40243830Sdim 41243830Sdim # Generate host.conf for compatibility 42243830Sdim # 43243830Sdim if [ -f "/etc/nsswitch.conf" ]; then 44243830Sdim echo -n ' host.conf' 45243830Sdim generate_host_conf /etc/nsswitch.conf /etc/host.conf 46243830Sdim fi 47243830Sdim 48243830Sdim # Convert host.conf to nsswitch.conf if necessary 49263508Sdim # 50263508Sdim if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 51263508Sdim echo '' 52263508Sdim echo 'Warning: /etc/host.conf is no longer used' 53239462Sdim echo ' /etc/nsswitch.conf will be created for you' 54239462Sdim convert_host_conf /etc/host.conf /etc/nsswitch.conf 55239462Sdim fi 56239462Sdim 57239462Sdim # Set the host name if it is not already set 58239462Sdim # 59239462Sdim if [ -z "`hostname -s`" ]; then 60239462Sdim hostname ${hostname} 61239462Sdim echo -n ' hostname' 62249423Sdim fi 63249423Sdim 64249423Sdim # Establish ipfilter ruleset as early as possible (best in 65249423Sdim # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 66239462Sdim 67239462Sdim # check whether ipfilter and/or ipnat is enabled 68263508Sdim ipfilter_active="NO" 69263508Sdim case ${ipfilter_enable} in 70263508Sdim [Yy][Ee][Ss]) 71263508Sdim ipfilter_active="YES" 72263508Sdim ;; 73263508Sdim esac 74263508Sdim case ${ipnat_enable} in 75263508Sdim [Yy][Ee][Ss]) 76263508Sdim ipfilter_active="YES" 77263508Sdim ;; 78263508Sdim esac 79263508Sdim case ${ipfilter_active} in 80263508Sdim [Yy][Ee][Ss]) 81263508Sdim # load ipfilter kernel module if needed 82249423Sdim if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 83249423Sdim if kldload ipl; then 84249423Sdim echo 'IP-filter module loaded.' 85249423Sdim else 86249423Sdim echo 'Warning: IP-filter module failed to load.' 87249423Sdim # avoid further errors 88249423Sdim ipmon_enable="NO" 89249423Sdim ipfilter_enable="NO" 90249423Sdim ipnat_enable="NO" 91249423Sdim ipfs_enable="NO" 92234353Sdim fi 93234353Sdim fi 94239462Sdim # start ipmon before loading any rules 95239462Sdim case "${ipmon_enable}" in 96243830Sdim [Yy][Ee][Ss]) 97243830Sdim echo -n ' ipmon' 98243830Sdim ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 99243830Sdim ;; 100243830Sdim esac 101243830Sdim case "${ipfilter_enable}" in 102234353Sdim [Yy][Ee][Ss]) 103234353Sdim if [ -r "${ipfilter_rules}" ]; then 104234353Sdim echo -n ' ipfilter' 105234353Sdim ${ipfilter_program:-/sbin/ipf} -Fa -f \ 106239462Sdim "${ipfilter_rules}" ${ipfilter_flags} 107239462Sdim else 108243830Sdim ipfilter_enable="NO" 109243830Sdim echo -n ' NO IPF RULES' 110243830Sdim fi 111243830Sdim ;; 112243830Sdim esac 113243830Sdim case "${ipnat_enable}" in 114234353Sdim [Yy][Ee][Ss]) 115234353Sdim if [ -r "${ipnat_rules}" ]; then 116234353Sdim echo -n ' ipnat' 117234353Sdim eval ${ipnat_program:-/sbin/ipnat} -CF -f \ 118234353Sdim "${ipnat_rules}" ${ipnat_flags} 119234353Sdim else 120239462Sdim ipnat_enable="NO" 121239462Sdim echo -n ' NO IPNAT RULES' 122234353Sdim fi 123234353Sdim ;; 124239462Sdim esac 125239462Sdim # restore filter/NAT state tables after loading the rules 126243830Sdim case "${ipfs_enable}" in 127243830Sdim [Yy][Ee][Ss]) 128243830Sdim if [ -r "/var/db/ipf/ipstate.ipf" ]; then 129243830Sdim echo -n ' ipfs' 130243830Sdim ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} 131243830Sdim # remove files to avoid reloading old state 132239462Sdim # after an ungraceful shutdown 133239462Sdim rm -f /var/db/ipf/ipstate.ipf 134249423Sdim rm -f /var/db/ipf/ipnat.ipf 135249423Sdim fi 136249423Sdim ;; 137249423Sdim esac 138249423Sdim ;; 139249423Sdim esac 140249423Sdim 141249423Sdim # Set the domainname if we're using NIS 142249423Sdim # 143249423Sdim case ${nisdomainname} in 144249423Sdim [Nn][Oo] | '') 145249423Sdim ;; 146249423Sdim *) 147249423Sdim domainname ${nisdomainname} 148243830Sdim echo -n ' domain' 149243830Sdim ;; 150243830Sdim esac 151243830Sdim 152243830Sdim echo '.' 153243830Sdim 154243830Sdim # Initial ATM interface configuration 155243830Sdim # 156234353Sdim case ${atm_enable} in 157234353Sdim [Yy][Ee][Ss]) 158239462Sdim if [ -r /etc/rc.atm ]; then 159239462Sdim . /etc/rc.atm 160234353Sdim atm_pass1 161234353Sdim fi 162249423Sdim ;; 163249423Sdim esac 164249423Sdim 165249423Sdim # Attempt to create cloned interfaces. 166249423Sdim for ifn in ${cloned_interfaces}; do 167249423Sdim ifconfig ${ifn} create 168249423Sdim done 169249423Sdim 170234353Sdim # Special options for sppp(4) interfaces go here. These need 171234353Sdim # to go _before_ the general ifconfig section, since in the case 172234353Sdim # of hardwired (no link1 flag) but required authentication, you 173234353Sdim # cannot pass auth parameters down to the already running interface. 174234353Sdim # 175234353Sdim for ifn in ${sppp_interfaces}; do 176234353Sdim eval spppcontrol_args=\$spppconfig_${ifn} 177234353Sdim if [ -n "${spppcontrol_args}" ]; then 178234353Sdim # The auth secrets might contain spaces; in order 179234353Sdim # to retain the quotation, we need to eval them 180234353Sdim # here. 181234353Sdim eval spppcontrol ${ifn} ${spppcontrol_args} 182239462Sdim fi 183239462Sdim done 184234353Sdim 185234353Sdim # gifconfig 186239462Sdim network_gif_setup 187239462Sdim 188249423Sdim # Set up all the network interfaces, calling startup scripts if needed 189249423Sdim # 190234353Sdim case ${network_interfaces} in 191234353Sdim [Aa][Uu][Tt][Oo]) 192243830Sdim network_interfaces="`ifconfig -l`" 193243830Sdim ;; 194243830Sdim *) 195243830Sdim network_interfaces="${network_interfaces} ${cloned_interfaces}" 196243830Sdim ;; 197243830Sdim esac 198234353Sdim 199234353Sdim dhcp_interfaces="" 200239462Sdim for ifn in ${network_interfaces}; do 201239462Sdim if [ -r /etc/start_if.${ifn} ]; then 202234353Sdim . /etc/start_if.${ifn} 203234353Sdim eval showstat_$ifn=1 204239462Sdim fi 205239462Sdim 206239462Sdim # Do the primary ifconfig if specified 207239462Sdim # 208234353Sdim eval ifconfig_args=\$ifconfig_${ifn} 209234353Sdim 210239462Sdim case ${ifconfig_args} in 211239462Sdim '') 212234353Sdim ;; 213234353Sdim [Dd][Hh][Cc][Pp]) 214234353Sdim # DHCP inits are done all in one go below 215234353Sdim dhcp_interfaces="$dhcp_interfaces $ifn" 216239462Sdim eval showstat_$ifn=1 217239462Sdim ;; 218234353Sdim *) 219234353Sdim ifconfig ${ifn} ${ifconfig_args} 220249423Sdim eval showstat_$ifn=1 221249423Sdim ;; 222249423Sdim esac 223249423Sdim done 224249423Sdim 225249423Sdim if [ ! -z "${dhcp_interfaces}" ]; then 226249423Sdim ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 227249423Sdim fi 228249423Sdim 229249423Sdim for ifn in ${network_interfaces}; do 230249423Sdim # Check to see if aliases need to be added 231249423Sdim # 232249423Sdim alias=0 233249423Sdim while : ; do 234249423Sdim eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 235249423Sdim if [ -n "${ifconfig_args}" ]; then 236249423Sdim ifconfig ${ifn} ${ifconfig_args} alias 237249423Sdim eval showstat_$ifn=1 238249423Sdim alias=$((${alias} + 1)) 239249423Sdim else 240249423Sdim break; 241249423Sdim fi 242249423Sdim done 243249423Sdim 244239462Sdim # Do ipx address if specified 245239462Sdim # 246249423Sdim eval ifconfig_args=\$ifconfig_${ifn}_ipx 247249423Sdim if [ -n "${ifconfig_args}" ]; then 248234353Sdim ifconfig ${ifn} ${ifconfig_args} 249234353Sdim eval showstat_$ifn=1 250239462Sdim fi 251239462Sdim done 252234353Sdim 253234353Sdim for ifn in ${network_interfaces}; do 254234353Sdim eval showstat=\$showstat_${ifn} 255234353Sdim if [ ! -z ${showstat} ]; then 256239462Sdim ifconfig ${ifn} 257239462Sdim fi 258234353Sdim done 259234353Sdim 260249423Sdim # ISDN subsystem startup 261249423Sdim # 262249423Sdim case ${isdn_enable} in 263249423Sdim [Yy][Ee][Ss]) 264249423Sdim if [ -r /etc/rc.isdn ]; then 265249423Sdim . /etc/rc.isdn 266239462Sdim fi 267239462Sdim ;; 268234353Sdim esac 269234353Sdim 270249423Sdim # Start user ppp if required. This must happen before natd. 271249423Sdim # 272243830Sdim case ${ppp_enable} in 273243830Sdim [Yy][Ee][Ss]) 274249423Sdim # Establish ppp mode. 275249423Sdim # 276249423Sdim if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 277249423Sdim -a "${ppp_mode}" != "dedicated" \ 278249423Sdim -a "${ppp_mode}" != "background" ]; then 279249423Sdim ppp_mode="auto" 280249423Sdim fi 281249423Sdim 282249423Sdim ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 283249423Sdim 284249423Sdim # Switch on NAT mode? 285249423Sdim # 286249423Sdim case ${ppp_nat} in 287249423Sdim [Yy][Ee][Ss]) 288249423Sdim ppp_command="${ppp_command} -nat" 289249423Sdim ;; 290249423Sdim esac 291249423Sdim 292249423Sdim ppp_command="${ppp_command} ${ppp_profile}" 293249423Sdim 294249423Sdim echo "Starting ppp as \"${ppp_user}\"" 295249423Sdim su -m ${ppp_user} -c "exec ${ppp_command}" 296249423Sdim ;; 297249423Sdim esac 298249423Sdim 299249423Sdim # Re-Sync ipfilter so it picks up any new network interfaces 300249423Sdim # 301249423Sdim case ${ipfilter_active} in 302249423Sdim [Yy][Ee][Ss]) 303249423Sdim ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 304249423Sdim ;; 305249423Sdim esac 306249423Sdim unset ipfilter_active 307249423Sdim 308234353Sdim # Initialize IP filtering using ipfw 309234353Sdim # 310234353Sdim if /sbin/ipfw -q flush > /dev/null 2>&1; then 311249423Sdim firewall_in_kernel=1 312249423Sdim else 313249423Sdim firewall_in_kernel=0 314249423Sdim fi 315249423Sdim 316249423Sdim case ${firewall_enable} in 317249423Sdim [Yy][Ee][Ss]) 318249423Sdim if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 319249423Sdim firewall_in_kernel=1 320249423Sdim echo 'Kernel firewall module loaded' 321249423Sdim elif [ "${firewall_in_kernel}" -eq 0 ]; then 322249423Sdim echo 'Warning: firewall kernel module failed to load' 323249423Sdim fi 324249423Sdim ;; 325249423Sdim esac 326249423Sdim 327263508Sdim # Load the filters if required 328263508Sdim # 329249423Sdim case ${firewall_in_kernel} in 330249423Sdim 1) 331249423Sdim if [ -z "${firewall_script}" ]; then 332249423Sdim firewall_script=/etc/rc.firewall 333234353Sdim fi 334234353Sdim 335249423Sdim case ${firewall_enable} in 336249423Sdim [Yy][Ee][Ss]) 337249423Sdim if [ -r "${firewall_script}" ]; then 338249423Sdim . "${firewall_script}" 339249423Sdim echo -n 'Firewall rules loaded, starting divert daemons:' 340249423Sdim 341249423Sdim # Network Address Translation daemon 342249423Sdim # 343249423Sdim case ${natd_enable} in 344249423Sdim [Yy][Ee][Ss]) 345234353Sdim if [ -n "${natd_interface}" ]; then 346234353Sdim if echo ${natd_interface} | \ 347234353Sdim grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 348234353Sdim natd_ifarg="-a ${natd_interface}" 349239462Sdim else 350239462Sdim natd_ifarg="-n ${natd_interface}" 351234353Sdim fi 352234353Sdim 353234353Sdim echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 354234353Sdim fi 355239462Sdim ;; 356239462Sdim esac 357234353Sdim 358234353Sdim echo '.' 359239462Sdim 360239462Sdim elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 361239462Sdim echo 'Warning: kernel has firewall functionality,' \ 362239462Sdim 'but firewall rules are not enabled.' 363239462Sdim echo ' All ip services are disabled.' 364239462Sdim fi 365243830Sdim 366243830Sdim case ${firewall_logging} in 367243830Sdim [Yy][Ee][Ss] | '') 368243830Sdim echo 'Firewall logging=YES' 369243830Sdim sysctl net.inet.ip.fw.verbose=1 >/dev/null 370243830Sdim ;; 371239462Sdim *) 372239462Sdim ;; 373239462Sdim esac 374239462Sdim 375249423Sdim ;; 376249423Sdim esac 377249423Sdim ;; 378249423Sdim esac 379243830Sdim 380243830Sdim # Additional ATM interface configuration 381249423Sdim # 382249423Sdim if [ -n "${atm_pass1_done}" ]; then 383249423Sdim atm_pass2 384249423Sdim fi 385239462Sdim 386239462Sdim # Configure routing 387239462Sdim # 388239462Sdim case ${defaultrouter} in 389234353Sdim [Nn][Oo] | '') 390234353Sdim ;; 391234353Sdim *) 392234353Sdim static_routes="default ${static_routes}" 393249423Sdim route_default="default ${defaultrouter}" 394249423Sdim ;; 395218885Sdim esac 396218885Sdim 397218885Sdim # Set up any static routes. This should be done before router discovery. 398218885Sdim # 399249423Sdim if [ -n "${static_routes}" ]; then 400249423Sdim for i in ${static_routes}; do 401249423Sdim eval route_args=\$route_${i} 402249423Sdim route add ${route_args} 403249423Sdim done 404249423Sdim fi 405249423Sdim 406249423Sdim echo -n 'Additional routing options:' 407249423Sdim case ${tcp_extensions} in 408249423Sdim [Yy][Ee][Ss] | '') 409234353Sdim ;; 410234353Sdim *) 411234353Sdim echo -n ' tcp extensions=NO' 412234353Sdim sysctl net.inet.tcp.rfc1323=0 >/dev/null 413234353Sdim ;; 414234353Sdim esac 415249423Sdim 416249423Sdim case ${icmp_bmcastecho} in 417249423Sdim [Yy][Ee][Ss]) 418249423Sdim echo -n ' broadcast ping responses=YES' 419249423Sdim sysctl net.inet.icmp.bmcastecho=1 >/dev/null 420249423Sdim ;; 421249423Sdim esac 422249423Sdim 423249423Sdim case ${icmp_drop_redirect} in 424249423Sdim [Yy][Ee][Ss]) 425249423Sdim echo -n ' ignore ICMP redirect=YES' 426249423Sdim sysctl net.inet.icmp.drop_redirect=1 >/dev/null 427249423Sdim ;; 428249423Sdim esac 429249423Sdim 430249423Sdim case ${icmp_log_redirect} in 431243830Sdim [Yy][Ee][Ss]) 432243830Sdim echo -n ' log ICMP redirect=YES' 433234353Sdim sysctl net.inet.icmp.log_redirect=1 >/dev/null 434234353Sdim ;; 435234353Sdim esac 436234353Sdim 437234353Sdim case ${gateway_enable} in 438234353Sdim [Yy][Ee][Ss]) 439249423Sdim echo -n ' IP gateway=YES' 440249423Sdim sysctl net.inet.ip.forwarding=1 >/dev/null 441249423Sdim ;; 442249423Sdim esac 443249423Sdim 444249423Sdim case ${forward_sourceroute} in 445239462Sdim [Yy][Ee][Ss]) 446239462Sdim echo -n ' do source routing=YES' 447239462Sdim sysctl net.inet.ip.sourceroute=1 >/dev/null 448239462Sdim ;; 449249423Sdim esac 450249423Sdim 451249423Sdim case ${accept_sourceroute} in 452249423Sdim [Yy][Ee][Ss]) 453249423Sdim echo -n ' accept source routing=YES' 454249423Sdim sysctl net.inet.ip.accept_sourceroute=1 >/dev/null 455249423Sdim ;; 456249423Sdim esac 457249423Sdim 458249423Sdim case ${tcp_keepalive} in 459243830Sdim [Nn][Oo]) 460243830Sdim echo -n ' TCP keepalive=NO' 461243830Sdim sysctl net.inet.tcp.always_keepalive=0 >/dev/null 462243830Sdim ;; 463249423Sdim esac 464249423Sdim 465249423Sdim case ${tcp_drop_synfin} in 466249423Sdim [Yy][Ee][Ss]) 467249423Sdim echo -n ' drop SYN+FIN packets=YES' 468249423Sdim sysctl net.inet.tcp.drop_synfin=1 >/dev/null 469249423Sdim ;; 470249423Sdim esac 471234353Sdim 472234353Sdim case ${ipxgateway_enable} in 473234353Sdim [Yy][Ee][Ss]) 474234353Sdim echo -n ' IPX gateway=YES' 475234982Sdim sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null 476234353Sdim ;; 477249423Sdim esac 478249423Sdim 479234982Sdim case ${arpproxy_all} in 480234982Sdim [Yy][Ee][Ss]) 481234982Sdim echo -n ' ARP proxyall=YES' 482234982Sdim sysctl net.link.ether.inet.proxyall=1 >/dev/null 483234982Sdim ;; 484234982Sdim esac 485249423Sdim 486249423Sdim case ${ip_portrange_first} in 487249423Sdim [Nn][Oo] | '') 488249423Sdim ;; 489249423Sdim *) 490249423Sdim echo -n " ip_portrange_first=$ip_portrange_first" 491249423Sdim sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 492249423Sdim ;; 493249423Sdim esac 494234353Sdim 495234353Sdim case ${ip_portrange_last} in 496234353Sdim [Nn][Oo] | '') 497234353Sdim ;; 498234353Sdim *) 499234353Sdim echo -n " ip_portrange_last=$ip_portrange_last" 500239462Sdim sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 501239462Sdim ;; 502234353Sdim esac 503234353Sdim 504239462Sdim echo '.' 505239462Sdim 506221345Sdim case ${ipsec_enable} in 507221345Sdim [Yy][Ee][Ss]) 508249423Sdim if [ -f ${ipsec_file} ]; then 509249423Sdim echo ' ipsec: enabled' 510249423Sdim setkey -f ${ipsec_file} 511249423Sdim else 512234353Sdim echo ' ipsec: file not found' 513234353Sdim fi 514239462Sdim ;; 515239462Sdim esac 516234353Sdim 517234353Sdim echo -n 'Routing daemons:' 518249423Sdim case ${router_enable} in 519249423Sdim [Yy][Ee][Ss]) 520249423Sdim echo -n " ${router}"; ${router} ${router_flags} 521249423Sdim ;; 522249423Sdim esac 523249423Sdim 524249423Sdim case ${ipxrouted_enable} in 525249423Sdim [Yy][Ee][Ss]) 526249423Sdim echo -n ' IPXrouted' 527249423Sdim IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 528243830Sdim ;; 529243830Sdim esac 530249423Sdim 531249423Sdim case ${mrouted_enable} in 532249423Sdim [Yy][Ee][Ss]) 533249423Sdim echo -n ' mrouted'; mrouted ${mrouted_flags} 534239462Sdim ;; 535239462Sdim esac 536239462Sdim 537239462Sdim case ${rarpd_enable} in 538243830Sdim [Yy][Ee][Ss]) 539243830Sdim echo -n ' rarpd'; rarpd ${rarpd_flags} 540249423Sdim ;; 541249423Sdim esac 542239462Sdim echo '.' 543239462Sdim 544243830Sdim # Let future generations know we made it. 545243830Sdim # 546243830Sdim network_pass1_done=YES 547243830Sdim} 548239462Sdim 549239462Sdimnetwork_pass2() { 550249423Sdim echo -n 'Doing additional network setup:' 551249423Sdim case ${named_enable} in 552239462Sdim [Yy][Ee][Ss]) 553239462Sdim echo -n ' named'; ${named_program:-named} ${named_flags} 554239462Sdim ;; 555239462Sdim esac 556239462Sdim 557239462Sdim case ${ntpdate_enable} in 558243830Sdim [Yy][Ee][Ss]) 559243830Sdim echo -n ' ntpdate' 560239462Sdim ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 561239462Sdim ;; 562243830Sdim esac 563243830Sdim 564243830Sdim case ${xntpd_enable} in 565243830Sdim [Yy][Ee][Ss]) 566243830Sdim echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 567243830Sdim ;; 568243830Sdim esac 569243830Sdim 570243830Sdim case ${timed_enable} in 571243830Sdim [Yy][Ee][Ss]) 572243830Sdim echo -n ' timed'; timed ${timed_flags} 573243830Sdim ;; 574249423Sdim esac 575249423Sdim 576249423Sdim case ${portmap_enable} in 577249423Sdim [Yy][Ee][Ss]) 578243830Sdim echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 579243830Sdim ${portmap_flags} 580243830Sdim 581243830Sdim # Start ypserv if we're an NIS server. 582243830Sdim # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 583243830Sdim # 584243830Sdim case ${nis_server_enable} in 585243830Sdim [Yy][Ee][Ss]) 586243830Sdim echo -n ' ypserv'; ypserv ${nis_server_flags} 587243830Sdim 588243830Sdim case ${nis_ypxfrd_enable} in 589249423Sdim [Yy][Ee][Ss]) 590249423Sdim echo -n ' rpc.ypxfrd' 591249423Sdim rpc.ypxfrd ${nis_ypxfrd_flags} 592249423Sdim ;; 593234353Sdim esac 594234353Sdim 595234353Sdim case ${nis_yppasswdd_enable} in 596234353Sdim [Yy][Ee][Ss]) 597234353Sdim echo -n ' rpc.yppasswdd' 598234353Sdim rpc.yppasswdd ${nis_yppasswdd_flags} 599239462Sdim ;; 600239462Sdim esac 601234353Sdim ;; 602234353Sdim esac 603239462Sdim 604239462Sdim # Start ypbind if we're an NIS client 605249423Sdim # 606249423Sdim case ${nis_client_enable} in 607249423Sdim [Yy][Ee][Ss]) 608249423Sdim echo -n ' ypbind'; ypbind ${nis_client_flags} 609249423Sdim case ${nis_ypset_enable} in 610249423Sdim [Yy][Ee][Ss]) 611249423Sdim echo -n ' ypset'; ypset ${nis_ypset_flags} 612249423Sdim ;; 613234353Sdim esac 614234353Sdim ;; 615234353Sdim esac 616234353Sdim 617234353Sdim # Start keyserv if we are running Secure RPC 618234353Sdim # 619249423Sdim case ${keyserv_enable} in 620249423Sdim [Yy][Ee][Ss]) 621249423Sdim echo -n ' keyserv'; keyserv ${keyserv_flags} 622249423Sdim ;; 623249423Sdim esac 624249423Sdim 625249423Sdim # Start ypupdated if we are running Secure RPC 626249423Sdim # and we are NIS master 627249423Sdim # 628249423Sdim case ${rpc_ypupdated_enable} in 629249423Sdim [Yy][Ee][Ss]) 630249423Sdim echo -n ' rpc.ypupdated'; rpc.ypupdated 631243830Sdim ;; 632243830Sdim esac 633249423Sdim ;; 634249423Sdim esac 635249423Sdim 636249423Sdim # Start ATM daemons 637249423Sdim if [ -n "${atm_pass2_done}" ]; then 638249423Sdim atm_pass3 639249423Sdim fi 640249423Sdim 641249423Sdim echo '.' 642249423Sdim network_pass2_done=YES 643249423Sdim} 644249423Sdim 645249423Sdimnetwork_pass3() { 646249423Sdim echo -n 'Starting final network daemons:' 647249423Sdim 648249423Sdim case ${portmap_enable} in 649234353Sdim [Yy][Ee][Ss]) 650218885Sdim case ${nfs_server_enable} in 651218885Sdim [Yy][Ee][Ss]) 652218885Sdim # Handle absent nfs server support 653218885Sdim nfsserver_in_kernel=0 654218885Sdim if sysctl vfs.nfsrv >/dev/null 2>&1; then 655218885Sdim nfsserver_in_kernel=1 656218885Sdim else 657218885Sdim kldload nfsserver && nfsserver_in_kernel=1 658234353Sdim fi 659234353Sdim 660234353Sdim if [ -r /etc/exports -a \ 661234353Sdim ${nfsserver_in_kernel} -eq 1 ]; then 662234353Sdim echo -n ' mountd' 663234353Sdim 664234353Sdim case ${weak_mountd_authentication} in 665234353Sdim [Yy][Ee][Ss]) 666234353Sdim mountd_flags="${mountd_flags} -n" 667234353Sdim ;; 668234353Sdim esac 669234353Sdim 670234353Sdim mountd ${mountd_flags} 671234353Sdim 672234353Sdim case ${nfs_reserved_port_only} in 673234353Sdim [Yy][Ee][Ss]) 674234353Sdim echo -n ' NFS on reserved port only=YES' 675234353Sdim sysctl vfs.nfsrv.nfs_privport=1 > /dev/null 676218885Sdim ;; 677218885Sdim esac 678218885Sdim 679218885Sdim echo -n ' nfsd'; nfsd ${nfs_server_flags} 680223017Sdim 681218885Sdim case ${rpc_statd_enable} in 682239462Sdim [Yy][Ee][Ss]) 683239462Sdim echo -n ' rpc.statd'; rpc.statd 684239462Sdim ;; 685239462Sdim esac 686218885Sdim 687218885Sdim case ${rpc_lockd_enable} in 688218885Sdim [Yy][Ee][Ss]) 689234353Sdim echo -n ' rpc.lockd'; rpc.lockd 690218885Sdim ;; 691218885Sdim esac 692239462Sdim else 693239462Sdim echo -n ' Warning: nfs server failed' 694239462Sdim fi 695239462Sdim ;; 696239462Sdim *) 697239462Sdim case ${single_mountd_enable} in 698239462Sdim [Yy][Ee][Ss]) 699239462Sdim if [ -r /etc/exports ]; then 700239462Sdim echo -n ' mountd' 701239462Sdim 702239462Sdim case ${weak_mountd_authentication} in 703239462Sdim [Yy][Ee][Ss]) 704263508Sdim mountd_flags="-n" 705263508Sdim ;; 706239462Sdim esac 707239462Sdim 708239462Sdim mountd ${mountd_flags} 709239462Sdim fi 710263508Sdim ;; 711239462Sdim esac 712239462Sdim ;; 713239462Sdim esac 714263508Sdim 715263508Sdim case ${nfs_client_enable} in 716263508Sdim [Yy][Ee][Ss]) 717239462Sdim nfsclient_in_kernel=0 718239462Sdim # Handle absent nfs client support 719239462Sdim if sysctl vfs.nfs >/dev/null 2>&1; then 720239462Sdim nfsclient_in_kernel=1 721239462Sdim else 722234353Sdim kldload nfsclient && nfsclient_in_kernel=1 723234353Sdim fi 724234353Sdim 725234353Sdim if [ ${nfsclient_in_kernel} -eq 1 ] 726234353Sdim then 727234353Sdim if [ -n "${nfs_access_cache}" ]; then 728234353Sdim echo -n " NFS access cache time=${nfs_access_cache}" 729234353Sdim sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 730234353Sdim fi 731234353Sdim if [ -n "${nfs_bufpackets}" ]; then 732218885Sdim sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 733218885Sdim fi 734218885Sdim case ${rpc_statd_enable} in 735234353Sdim [Yy][Ee][Ss]) 736218885Sdim echo -n ' rpc.statd'; rpc.statd 737218885Sdim ;; 738218885Sdim esac 739234353Sdim 740218885Sdim case ${rpc_lockd_enable} in 741234353Sdim [Yy][Ee][Ss]) 742234353Sdim echo -n ' rpc.lockd'; rpc.lockd 743234353Sdim ;; 744234353Sdim esac 745234353Sdim 746234353Sdim case ${amd_enable} in 747234353Sdim [Yy][Ee][Ss]) 748234353Sdim echo -n ' amd' 749234353Sdim case ${amd_map_program} in 750234353Sdim [Nn][Oo] | '') 751234353Sdim ;; 752218885Sdim *) 753218885Sdim amd_flags="${amd_flags} `eval\ 754218885Sdim ${amd_map_program}`" 755218885Sdim ;; 756218885Sdim esac 757218885Sdim 758218885Sdim if [ -n "${amd_flags}" ]; then 759218885Sdim amd -p ${amd_flags}\ 760 > /var/run/amd.pid 2> /dev/null 761 else 762 amd 2> /dev/null 763 fi 764 ;; 765 esac 766 else 767 echo 'Warning: NFS client kernel module failed to load' 768 nfs_client_enable=NO 769 fi 770 ;; 771 esac 772 773 # If /var/db/mounttab exists, some nfs-server has not been 774 # successfully notified about a previous client shutdown. 775 # If there is no /var/db/mounttab, we do nothing. 776 if [ -f /var/db/mounttab ]; then 777 rpc.umntall -k 778 fi 779 780 ;; 781 esac 782 783 case ${rwhod_enable} in 784 [Yy][Ee][Ss]) 785 echo -n ' rwhod'; rwhod ${rwhod_flags} 786 ;; 787 esac 788 789 # Kerberos servers run ONLY on the Kerberos server machine 790 case ${kerberos4_server_enable} in 791 [Yy][Ee][Ss]) 792 case ${kerberos_stash} in 793 [Yy][Ee][Ss]) 794 stash=-n 795 ;; 796 *) 797 stash= 798 ;; 799 esac 800 801 echo -n ' kerberosIV' 802 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 803 804 case ${kadmind4_server_enable} in 805 [Yy][Ee][Ss]) 806 echo -n ' kadmindIV' 807 ( 808 sleep 20; 809 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 810 ) & 811 ;; 812 esac 813 unset stash_flag 814 ;; 815 esac 816 817 case ${kerberos5_server_enable} in 818 [Yy][Ee][Ss]) 819 echo -n ' kerberos5' 820 ${kerberos5_server} & 821 822 case ${kadmind5_server_enable} in 823 [Yy][Ee][Ss]) 824 echo -n ' kadmind5' 825 ${kadmind5_server} & 826 ;; 827 esac 828 ;; 829 esac 830 831 case ${pppoed_enable} in 832 [Yy][Ee][Ss]) 833 if [ -n "${pppoed_provider}" ]; then 834 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 835 fi 836 echo -n ' pppoed'; 837 _opts=$-; set -f 838 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 839 set +f; set -${_opts} 840 ;; 841 esac 842 843 case ${sshd_enable} in 844 [Yy][Ee][Ss]) 845 if [ ! -f /etc/ssh/ssh_host_key ]; then 846 echo ' creating ssh RSA host key'; 847 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 848 fi 849 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 850 echo ' creating ssh DSA host key'; 851 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 852 fi 853 ;; 854 esac 855 856 echo '.' 857 network_pass3_done=YES 858} 859 860network_pass4() { 861 echo -n 'Additional TCP options:' 862 case ${log_in_vain} in 863 [Nn][Oo] | '') 864 log_in_vain=0 865 ;; 866 [Yy][Ee][Ss]) 867 log_in_vain=1 868 ;; 869 [0-9]*) 870 ;; 871 *) 872 echo " invalid log_in_vain setting: ${log_in_vain}" 873 log_in_vain=0 874 ;; 875 esac 876 877 [ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}" 878 sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null 879 sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null 880 881 echo '.' 882 network_pass4_done=YES 883} 884 885network_gif_setup() { 886 case ${gif_interfaces} in 887 [Nn][Oo] | '') 888 ;; 889 *) 890 for i in ${gif_interfaces}; do 891 eval peers=\$gifconfig_$i 892 case ${peers} in 893 '') 894 continue 895 ;; 896 *) 897 ifconfig $i create >/dev/null 2>&1 898 ifconfig $i tunnel ${peers} 899 ;; 900 esac 901 done 902 ;; 903 esac 904} 905 906convert_host_conf() { 907 host_conf=$1; shift; 908 nsswitch_conf=$1; shift; 909 awk ' \ 910 /^[:blank:]*#/ { next } \ 911 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 912 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 913 /nis/ { nsswitch[c] = "nis"; c++; next } \ 914 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 915 END { \ 916 printf "hosts: "; \ 917 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 918 printf "\n"; \ 919 }' < $host_conf > $nsswitch_conf 920} 921 922generate_host_conf() { 923 nsswitch_conf=$1; shift; 924 host_conf=$1; shift; 925 926 awk ' 927BEGIN { 928 xlat["files"] = "hosts"; 929 xlat["dns"] = "bind"; 930 xlat["nis"] = "nis"; 931 cont = 0; 932} 933sub(/^[\t ]*hosts:/, "") || cont { 934 if (!cont) 935 srcs = "" 936 sub(/#.*/, "") 937 gsub(/[][]/, " & ") 938 cont = sub(/\\$/, "") 939 srcs = srcs " " $0 940} 941END { 942 print "# Auto-generated from nsswitch.conf, do not edit" 943 ns = split(srcs, s) 944 for (n = 1; n <= ns; ++n) { 945 if (s[n] in xlat) 946 print xlat[s[n]] 947 } 948} 949' <$nsswitch_conf >$host_conf 950} 951