netoptions revision 91626 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/netoptions 91626 2002-03-04 10:30:24Z dd $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Generate host.conf for compatibility
42	#
43	if [ -f "/etc/nsswitch.conf" ]; then
44		echo -n ' host.conf'
45		generate_host_conf /etc/nsswitch.conf /etc/host.conf
46	fi
47
48	# Convert host.conf to nsswitch.conf if necessary
49	#
50	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
51		echo ''
52		echo 'Warning: /etc/host.conf is no longer used'
53		echo '  /etc/nsswitch.conf will be created for you'
54		convert_host_conf /etc/host.conf /etc/nsswitch.conf
55	fi
56
57	# Set the host name if it is not already set
58	#
59	if [ -z "`hostname -s`" ]; then
60		hostname ${hostname}
61		echo -n ' hostname'
62	fi
63
64	# Establish ipfilter ruleset as early as possible (best in
65	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
66
67	# check whether ipfilter and/or ipnat is enabled
68	ipfilter_active="NO"
69	case ${ipfilter_enable} in
70	[Yy][Ee][Ss])
71		ipfilter_active="YES"
72		;;
73	esac
74	case ${ipnat_enable} in
75	[Yy][Ee][Ss])
76		ipfilter_active="YES"
77		;;
78	esac
79	case ${ipfilter_active} in
80	[Yy][Ee][Ss])
81		# load ipfilter kernel module if needed
82		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
83			if kldload ipl; then
84				echo 'IP-filter module loaded.'
85			else
86				echo 'Warning: IP-filter module failed to load.'
87				# avoid further errors
88				ipmon_enable="NO"
89				ipfilter_enable="NO"
90				ipnat_enable="NO"
91				ipfs_enable="NO"
92			fi
93		fi
94		# start ipmon before loading any rules
95		case "${ipmon_enable}" in
96		[Yy][Ee][Ss])
97			echo -n ' ipmon'
98			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
99			;;
100		esac
101		case "${ipfilter_enable}" in
102		[Yy][Ee][Ss])
103			if [ -r "${ipfilter_rules}" ]; then
104				echo -n ' ipfilter'
105				${ipfilter_program:-/sbin/ipf} -Fa -f \
106				    "${ipfilter_rules}" ${ipfilter_flags}
107			else
108				ipfilter_enable="NO"
109				echo -n ' NO IPF RULES'
110			fi
111			;;
112		esac
113		case "${ipnat_enable}" in
114		[Yy][Ee][Ss])
115			if [ -r "${ipnat_rules}" ]; then
116				echo -n ' ipnat'
117				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
118				    "${ipnat_rules}" ${ipnat_flags}
119			else
120				ipnat_enable="NO"
121				echo -n ' NO IPNAT RULES'
122			fi
123			;;
124		esac
125		# restore filter/NAT state tables after loading the rules
126		case "${ipfs_enable}" in
127		[Yy][Ee][Ss])
128			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
129				echo -n ' ipfs'
130				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
131				# remove files to avoid reloading old state
132				# after an ungraceful shutdown
133				rm -f /var/db/ipf/ipstate.ipf
134				rm -f /var/db/ipf/ipnat.ipf
135			fi
136			;;
137		esac
138		;;
139	esac
140
141	# Set the domainname if we're using NIS
142	#
143	case ${nisdomainname} in
144	[Nn][Oo] | '')
145		;;
146	*)
147		domainname ${nisdomainname}
148		echo -n ' domain'
149		;;
150	esac
151
152	echo '.'
153
154	# Initial ATM interface configuration
155	#
156	case ${atm_enable} in
157	[Yy][Ee][Ss])
158		if [ -r /etc/rc.atm ]; then
159			. /etc/rc.atm
160			atm_pass1
161		fi
162		;;
163	esac
164
165	# Attempt to create cloned interfaces.
166	for ifn in ${cloned_interfaces}; do
167		ifconfig ${ifn} create
168	done
169
170	# Special options for sppp(4) interfaces go here.  These need
171	# to go _before_ the general ifconfig section, since in the case
172	# of hardwired (no link1 flag) but required authentication, you
173	# cannot pass auth parameters down to the already running interface.
174	#
175	for ifn in ${sppp_interfaces}; do
176		eval spppcontrol_args=\$spppconfig_${ifn}
177		if [ -n "${spppcontrol_args}" ]; then
178			# The auth secrets might contain spaces; in order
179			# to retain the quotation, we need to eval them
180			# here.
181			eval spppcontrol ${ifn} ${spppcontrol_args}
182		fi
183	done
184
185	# gifconfig
186	network_gif_setup
187
188	# Set up all the network interfaces, calling startup scripts if needed
189	#
190	case ${network_interfaces} in
191	[Aa][Uu][Tt][Oo])
192		network_interfaces="`ifconfig -l`"
193		;;
194	*)
195		network_interfaces="${network_interfaces} ${cloned_interfaces}"
196		;;
197	esac
198
199	dhcp_interfaces=""
200	for ifn in ${network_interfaces}; do
201		if [ -r /etc/start_if.${ifn} ]; then
202			. /etc/start_if.${ifn}
203			eval showstat_$ifn=1
204		fi
205
206		# Do the primary ifconfig if specified
207		#
208		eval ifconfig_args=\$ifconfig_${ifn}
209
210		case ${ifconfig_args} in
211		'')
212			;;
213		[Dd][Hh][Cc][Pp])
214			# DHCP inits are done all in one go below
215			dhcp_interfaces="$dhcp_interfaces $ifn"
216			eval showstat_$ifn=1
217			;;
218		*)
219			ifconfig ${ifn} ${ifconfig_args}
220			eval showstat_$ifn=1
221			;;
222		esac
223	done
224
225	if [ ! -z "${dhcp_interfaces}" ]; then
226		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
227	fi
228
229	for ifn in ${network_interfaces}; do
230		# Check to see if aliases need to be added
231		#
232		alias=0
233		while : ; do
234			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
235			if [ -n "${ifconfig_args}" ]; then
236				ifconfig ${ifn} ${ifconfig_args} alias
237				eval showstat_$ifn=1
238				alias=$((${alias} + 1))
239			else
240				break;
241			fi
242		done
243
244		# Do ipx address if specified
245		#
246		eval ifconfig_args=\$ifconfig_${ifn}_ipx
247		if [ -n "${ifconfig_args}" ]; then
248			ifconfig ${ifn} ${ifconfig_args}
249			eval showstat_$ifn=1
250		fi
251	done
252
253	for ifn in ${network_interfaces}; do
254		eval showstat=\$showstat_${ifn}
255		if [ ! -z ${showstat} ]; then
256			ifconfig ${ifn}
257		fi
258	done
259
260	# ISDN subsystem startup
261	#
262	case ${isdn_enable} in
263	[Yy][Ee][Ss])
264		if [ -r /etc/rc.isdn ]; then
265			. /etc/rc.isdn
266		fi
267		;;
268	esac
269
270	# Start user ppp if required.  This must happen before natd.
271	#
272	case ${ppp_enable} in
273	[Yy][Ee][Ss])
274		# Establish ppp mode.
275		#
276		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
277			-a "${ppp_mode}" != "dedicated" \
278			-a "${ppp_mode}" != "background" ]; then
279			ppp_mode="auto"
280		fi
281
282		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
283
284		# Switch on NAT mode?
285		#
286		case ${ppp_nat} in
287		[Yy][Ee][Ss])
288			ppp_command="${ppp_command} -nat"
289			;;
290		esac
291
292		ppp_command="${ppp_command} ${ppp_profile}"
293
294		echo "Starting ppp as \"${ppp_user}\""
295		su -m ${ppp_user} -c "exec ${ppp_command}"
296		;;
297	esac
298
299	# Re-Sync ipfilter so it picks up any new network interfaces
300	#
301	case ${ipfilter_active} in
302	[Yy][Ee][Ss])
303		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
304		;;
305	esac
306	unset ipfilter_active
307
308	# Initialize IP filtering using ipfw
309	#
310	if /sbin/ipfw -q flush > /dev/null 2>&1; then
311		firewall_in_kernel=1
312	else
313		firewall_in_kernel=0
314	fi
315
316	case ${firewall_enable} in
317	[Yy][Ee][Ss])
318		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
319			firewall_in_kernel=1
320			echo 'Kernel firewall module loaded'
321		elif [ "${firewall_in_kernel}" -eq 0 ]; then
322			echo 'Warning: firewall kernel module failed to load'
323		fi
324		;;
325	esac
326
327	# Load the filters if required
328	#
329	case ${firewall_in_kernel} in
330	1)
331		if [ -z "${firewall_script}" ]; then
332			firewall_script=/etc/rc.firewall
333		fi
334
335		case ${firewall_enable} in
336		[Yy][Ee][Ss])
337			if [ -r "${firewall_script}" ]; then
338				. "${firewall_script}"
339				echo -n 'Firewall rules loaded, starting divert daemons:'
340
341				# Network Address Translation daemon
342				#
343				case ${natd_enable} in
344				[Yy][Ee][Ss])
345					if [ -n "${natd_interface}" ]; then
346						if echo ${natd_interface} | \
347							grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
348							natd_flags="$natd_flags -a ${natd_interface}"
349						else
350							natd_flags="$natd_flags -n ${natd_interface}"
351						fi
352					fi
353					echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
354					;;
355				esac
356
357				echo '.'
358
359			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
360				echo 'Warning: kernel has firewall functionality,' \
361				     'but firewall rules are not enabled.'
362				echo '		 All ip services are disabled.'
363			fi
364
365			case ${firewall_logging} in
366			[Yy][Ee][Ss] | '')
367				echo 'Firewall logging=YES'
368				sysctl net.inet.ip.fw.verbose=1 >/dev/null
369				;;
370			*)
371				;;
372			esac
373
374			;;
375		esac
376		;;
377	esac
378
379	# Additional ATM interface configuration
380	#
381	if [ -n "${atm_pass1_done}" ]; then
382		atm_pass2
383	fi
384
385	# Configure routing
386	#
387	case ${defaultrouter} in
388	[Nn][Oo] | '')
389		;;
390	*)
391		static_routes="default ${static_routes}"
392		route_default="default ${defaultrouter}"
393		;;
394	esac
395
396	# Set up any static routes.  This should be done before router discovery.
397	#
398	if [ -n "${static_routes}" ]; then
399		for i in ${static_routes}; do
400			eval route_args=\$route_${i}
401			route add ${route_args}
402		done
403	fi
404
405	echo -n 'Additional routing options:'
406	case ${tcp_extensions} in
407	[Yy][Ee][Ss] | '')
408		;;
409	*)
410		echo -n ' tcp extensions=NO'
411		sysctl net.inet.tcp.rfc1323=0 >/dev/null
412		;;
413	esac
414
415	case ${icmp_bmcastecho} in
416	[Yy][Ee][Ss])
417		echo -n ' broadcast ping responses=YES'
418		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
419		;;
420	esac
421
422	case ${icmp_drop_redirect} in
423	[Yy][Ee][Ss])
424		echo -n ' ignore ICMP redirect=YES'
425		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
426		;;
427	esac
428
429	case ${icmp_log_redirect} in
430	[Yy][Ee][Ss])
431		echo -n ' log ICMP redirect=YES'
432		sysctl net.inet.icmp.log_redirect=1 >/dev/null
433		;;
434	esac
435
436	case ${gateway_enable} in
437	[Yy][Ee][Ss])
438		echo -n ' IP gateway=YES'
439		sysctl net.inet.ip.forwarding=1 >/dev/null
440		;;
441	esac
442
443	case ${forward_sourceroute} in
444	[Yy][Ee][Ss])
445		echo -n ' do source routing=YES'
446		sysctl net.inet.ip.sourceroute=1 >/dev/null
447		;;
448	esac
449
450	case ${accept_sourceroute} in
451	[Yy][Ee][Ss])
452		echo -n ' accept source routing=YES'
453		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
454		;;
455	esac
456
457	case ${tcp_keepalive} in
458	[Nn][Oo])
459		echo -n ' TCP keepalive=NO'
460		sysctl net.inet.tcp.always_keepalive=0 >/dev/null
461		;;
462	esac
463
464	case ${tcp_drop_synfin} in
465	[Yy][Ee][Ss])
466		echo -n ' drop SYN+FIN packets=YES'
467		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
468		;;
469	esac
470
471	case ${ipxgateway_enable} in
472	[Yy][Ee][Ss])
473		echo -n ' IPX gateway=YES'
474		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
475		;;
476	esac
477
478	case ${arpproxy_all} in
479	[Yy][Ee][Ss])
480		echo -n ' ARP proxyall=YES'
481		sysctl net.link.ether.inet.proxyall=1 >/dev/null
482		;;
483	esac
484
485	case ${ip_portrange_first} in
486	[Nn][Oo] | '')
487		;;
488	*)
489		echo -n " ip_portrange_first=$ip_portrange_first"
490		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
491		;;
492	esac
493
494	case ${ip_portrange_last} in
495	[Nn][Oo] | '')
496		;;
497	*)
498		echo -n " ip_portrange_last=$ip_portrange_last"
499		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
500		;;
501	esac
502
503	echo '.'
504
505	case ${ipsec_enable} in
506	[Yy][Ee][Ss])
507		if [ -f ${ipsec_file} ]; then
508		    echo ' ipsec: enabled'
509		    setkey -f ${ipsec_file}
510		else
511		    echo ' ipsec: file not found'
512		fi
513		;;
514	esac
515
516	echo -n 'Routing daemons:'
517	case ${router_enable} in
518	[Yy][Ee][Ss])
519		echo -n " ${router}";	${router} ${router_flags}
520		;;
521	esac
522
523	case ${ipxrouted_enable} in
524	[Yy][Ee][Ss])
525		echo -n ' IPXrouted'
526		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
527		;;
528	esac
529
530	case ${mrouted_enable} in
531	[Yy][Ee][Ss])
532		echo -n ' mrouted';	mrouted ${mrouted_flags}
533		;;
534	esac
535
536	case ${rarpd_enable} in
537	[Yy][Ee][Ss])
538		echo -n ' rarpd';	rarpd ${rarpd_flags}
539		;;
540	esac
541	echo '.'
542
543	# Let future generations know we made it.
544	#
545	network_pass1_done=YES
546}
547
548network_pass2() {
549	echo -n 'Doing additional network setup:'
550	case ${named_enable} in
551	[Yy][Ee][Ss])
552		echo -n ' named';	${named_program:-named} ${named_flags}
553		;;
554	esac
555
556	case ${ntpdate_enable} in
557	[Yy][Ee][Ss])
558		echo -n ' ntpdate'
559		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
560		;;
561	esac
562
563	case ${xntpd_enable} in
564	[Yy][Ee][Ss])
565		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
566		;;
567	esac
568
569	case ${timed_enable} in
570	[Yy][Ee][Ss])
571		echo -n ' timed';	timed ${timed_flags}
572		;;
573	esac
574
575	case ${portmap_enable} in
576	[Yy][Ee][Ss])
577		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
578			${portmap_flags}
579
580		# Start ypserv if we're an NIS server.
581		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
582		#
583		case ${nis_server_enable} in
584		[Yy][Ee][Ss])
585			echo -n ' ypserv'; ypserv ${nis_server_flags}
586
587			case ${nis_ypxfrd_enable} in
588			[Yy][Ee][Ss])
589				echo -n ' rpc.ypxfrd'
590				rpc.ypxfrd ${nis_ypxfrd_flags}
591				;;
592			esac
593
594			case ${nis_yppasswdd_enable} in
595			[Yy][Ee][Ss])
596				echo -n ' rpc.yppasswdd'
597				rpc.yppasswdd ${nis_yppasswdd_flags}
598				;;
599			esac
600			;;
601		esac
602
603		# Start ypbind if we're an NIS client
604		#
605		case ${nis_client_enable} in
606		[Yy][Ee][Ss])
607			echo -n ' ypbind'; ypbind ${nis_client_flags}
608			case ${nis_ypset_enable} in
609			[Yy][Ee][Ss])
610				echo -n ' ypset';	ypset ${nis_ypset_flags}
611				;;
612			esac
613			;;
614		esac
615
616		# Start keyserv if we are running Secure RPC
617		#
618		case ${keyserv_enable} in
619		[Yy][Ee][Ss])
620			echo -n ' keyserv';	keyserv ${keyserv_flags}
621			;;
622		esac
623
624		# Start ypupdated if we are running Secure RPC
625		# and we are NIS master
626		#
627		case ${rpc_ypupdated_enable} in
628		[Yy][Ee][Ss])
629			echo -n ' rpc.ypupdated';	rpc.ypupdated
630			;;
631		esac
632		;;
633	esac
634
635	# Start ATM daemons
636	if [ -n "${atm_pass2_done}" ]; then
637		atm_pass3
638	fi
639
640	echo '.'
641	network_pass2_done=YES
642}
643
644network_pass3() {
645	echo -n 'Starting final network daemons:'
646
647	case ${portmap_enable} in
648	[Yy][Ee][Ss])
649		case ${nfs_server_enable} in
650		[Yy][Ee][Ss])
651			# Handle absent nfs server support
652			nfsserver_in_kernel=0
653			if sysctl vfs.nfsrv >/dev/null 2>&1; then
654				nfsserver_in_kernel=1
655			else
656				kldload nfsserver && nfsserver_in_kernel=1
657			fi
658
659			if [ -r /etc/exports -a \
660			    ${nfsserver_in_kernel} -eq 1 ]; then
661				echo -n ' mountd'
662
663				case ${weak_mountd_authentication} in
664				[Yy][Ee][Ss])
665					mountd_flags="${mountd_flags} -n"
666					;;
667				esac
668
669				mountd ${mountd_flags}
670
671				case ${nfs_reserved_port_only} in
672				[Yy][Ee][Ss])
673					echo -n ' NFS on reserved port only=YES'
674					sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
675					;;
676				esac
677
678				echo -n ' nfsd';	nfsd ${nfs_server_flags}
679
680				case ${rpc_statd_enable} in
681				[Yy][Ee][Ss])
682					echo -n ' rpc.statd';	rpc.statd
683					;;
684				esac
685
686				case ${rpc_lockd_enable} in
687				[Yy][Ee][Ss])
688					echo -n ' rpc.lockd';	rpc.lockd
689					;;
690				esac
691			else
692				echo -n ' Warning: nfs server failed'
693			fi
694			;;
695		*)
696			case ${single_mountd_enable} in
697			[Yy][Ee][Ss])
698				if [ -r /etc/exports ]; then
699					echo -n ' mountd'
700
701					case ${weak_mountd_authentication} in
702					[Yy][Ee][Ss])
703						mountd_flags="-n"
704						;;
705					esac
706
707					mountd ${mountd_flags}
708				fi
709				;;
710			esac
711			;;
712		esac
713
714		case ${nfs_client_enable} in
715		[Yy][Ee][Ss])
716			nfsclient_in_kernel=0
717			# Handle absent nfs client support
718			if sysctl vfs.nfs >/dev/null 2>&1; then
719				nfsclient_in_kernel=1
720			else
721				kldload nfsclient && nfsclient_in_kernel=1
722			fi
723
724			if [ ${nfsclient_in_kernel} -eq 1 ]
725			then
726				if [ -n "${nfs_access_cache}" ]; then
727					echo -n " NFS access cache time=${nfs_access_cache}"
728					sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
729				fi
730				if [ -n "${nfs_bufpackets}" ]; then
731					sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
732				fi
733				case ${rpc_statd_enable} in
734				[Yy][Ee][Ss])
735					echo -n ' rpc.statd';	rpc.statd
736					;;
737				esac
738
739				case ${rpc_lockd_enable} in
740				[Yy][Ee][Ss])
741					echo -n ' rpc.lockd';	rpc.lockd
742					;;
743				esac
744
745				case ${amd_enable} in
746				[Yy][Ee][Ss])
747					echo -n ' amd'
748					case ${amd_map_program} in
749					[Nn][Oo] | '')
750						;;
751					*)
752						amd_flags="${amd_flags} `eval\
753							${amd_map_program}`"
754						;;
755					esac
756
757					if [ -n "${amd_flags}" ]; then
758						amd -p ${amd_flags}\
759							> /var/run/amd.pid 2> /dev/null
760					else
761						amd 2> /dev/null
762					fi
763					;;
764				esac
765			else
766				echo 'Warning: NFS client kernel module failed to load'
767				nfs_client_enable=NO
768			fi
769			;;
770		esac
771
772		# If /var/db/mounttab exists, some nfs-server has not been
773		# successfully notified about a previous client shutdown.
774		# If there is no /var/db/mounttab, we do nothing.
775		if [ -f /var/db/mounttab ]; then
776			rpc.umntall -k
777		fi
778
779		;;
780	esac
781
782	case ${rwhod_enable} in
783	[Yy][Ee][Ss])
784		echo -n ' rwhod';	rwhod ${rwhod_flags}
785		;;
786	esac
787
788	# Kerberos servers run ONLY on the Kerberos server machine
789	case ${kerberos4_server_enable} in
790	[Yy][Ee][Ss])
791		case ${kerberos_stash} in
792		[Yy][Ee][Ss])
793			stash=-n
794			;;
795		*)
796			stash=
797			;;
798		esac
799
800		echo -n ' kerberosIV'
801		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
802
803		case ${kadmind4_server_enable} in
804		[Yy][Ee][Ss])
805			echo -n ' kadmindIV'
806			(
807				sleep 20;
808				${kadmind4_server} ${stash} >/dev/null 2>&1 &
809			) &
810			;;
811		esac
812		unset stash_flag
813		;;
814	esac
815
816	case ${kerberos5_server_enable} in
817	[Yy][Ee][Ss])
818		echo -n ' kerberos5'
819		${kerberos5_server} &
820
821		case ${kadmind5_server_enable} in
822		[Yy][Ee][Ss])
823			echo -n ' kadmind5'
824			${kadmind5_server} &
825			;;
826		esac
827		;;
828	esac
829
830	case ${pppoed_enable} in
831	[Yy][Ee][Ss])
832		if [ -n "${pppoed_provider}" ]; then
833			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
834		fi
835		echo -n ' pppoed';
836		_opts=$-; set -f
837		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
838		set +f; set -${_opts}
839		;;
840	esac
841
842	case ${sshd_enable} in
843	[Yy][Ee][Ss])
844		if [ ! -f /etc/ssh/ssh_host_key ]; then
845			echo ' creating ssh RSA host key';
846			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
847		fi
848		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
849			echo ' creating ssh DSA host key';
850			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
851		fi
852		;;
853	esac
854
855	echo '.'
856	network_pass3_done=YES
857}
858
859network_pass4() {
860	echo -n 'Additional TCP options:'
861	case ${log_in_vain} in
862	[Nn][Oo] | '')
863		log_in_vain=0
864		;;
865	[Yy][Ee][Ss])
866		log_in_vain=1
867		;;
868	[0-9]*)
869		;;
870	*)
871		echo " invalid log_in_vain setting: ${log_in_vain}"
872		log_in_vain=0
873		;;
874	esac
875
876	[ "${log_in_vain}" -ne 0 ] && (
877	    echo -n " log_in_vain=${log_in_vain}"
878	    sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
879	    sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
880	)
881	echo '.'
882	network_pass4_done=YES
883}
884
885network_gif_setup() {
886	case ${gif_interfaces} in
887	[Nn][Oo] | '')
888		;;
889	*)
890		for i in ${gif_interfaces}; do
891			eval peers=\$gifconfig_$i
892			case ${peers} in
893			'')
894				continue
895				;;
896			*)
897				ifconfig $i create >/dev/null 2>&1
898				ifconfig $i tunnel ${peers}
899				;;
900			esac
901		done
902		;;
903	esac
904}
905
906convert_host_conf() {
907    host_conf=$1; shift;
908    nsswitch_conf=$1; shift;
909    awk '                                                                   \
910        /^[:blank:]*#/       { next }                                       \
911        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
912        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
913        /nis/                { nsswitch[c] = "nis";   c++; next }           \
914        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
915        END {                                                               \
916                printf "hosts: ";                                           \
917                for (i in nsswitch) printf "%s ", nsswitch[i];              \
918                printf "\n";                                                \
919        }' < $host_conf > $nsswitch_conf
920}
921
922generate_host_conf() {
923    nsswitch_conf=$1; shift;
924    host_conf=$1; shift;
925    
926    awk '
927BEGIN {
928    xlat["files"] = "hosts";
929    xlat["dns"] = "bind";
930    xlat["nis"] = "nis";
931    cont = 0;
932}
933sub(/^[\t ]*hosts:/, "") || cont {
934    if (!cont)
935	srcs = ""
936    sub(/#.*/, "")
937    gsub(/[][]/, " & ")
938    cont = sub(/\\$/, "")
939    srcs = srcs " " $0
940}
941END {
942    print "# Auto-generated from nsswitch.conf, do not edit"
943    ns = split(srcs, s)
944    for (n = 1; n <= ns; ++n) {
945        if (s[n] in xlat)
946            print xlat[s[n]]
947    }
948}
949' <$nsswitch_conf >$host_conf
950}
951