defaultroute revision 66830 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/routing 66830 2000-10-08 19:20:36Z obrien $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Convert host.conf to nsswitch.conf if necessary
42	if [ -f "/etc/host.conf" ]; then
43		echo ""
44		echo "Warning: /etc/host.conf is no longer used"
45		if [ -f "/etc/nsswitch.conf" ]; then
46		    echo "  /etc/nsswitch.conf will be used instead"
47		else
48		    echo "  /etc/nsswitch.conf will be created for you"
49		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50		fi
51	fi
52
53	# Set the host name if it is not already set
54	#
55	if [ -z "`hostname -s`" ]; then
56		hostname ${hostname}
57		echo -n ' hostname'
58	fi
59
60	# Establish ipfilter ruleset as early as possible (best in
61	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62	#
63	case "${ipfilter_enable}" in
64	[Yy][Ee][Ss])
65		if [ -r "${ipfilter_rules}" ]; then
66			echo -n ' ipfilter';
67			${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags}
68			case "${ipmon_enable}" in
69			[Yy][Ee][Ss])
70				echo -n ' ipmon'
71				${ipmon_program:-ipmon} ${ipmon_flags}
72				;;
73			esac
74			case "${ipnat_enable}" in
75			[Yy][Ee][Ss])
76				if [ -r "${ipnat_rules}" ]; then
77					echo -n ' ipnat';
78					${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags}
79				else
80					echo -n ' NO IPNAT RULES'
81				fi
82				;;
83			esac
84		else
85			ipfilter_enable="NO"
86			echo -n ' NO IPF RULES'
87		fi
88		;;
89	esac
90
91	# Set the domainname if we're using NIS
92	#
93	case ${nisdomainname} in
94	[Nn][Oo] | '')
95		;;
96	*)
97		domainname ${nisdomainname}
98		echo -n ' domain'
99		;;
100	esac
101
102	echo '.'
103
104	# Initial ATM interface configuration
105	#
106	case ${atm_enable} in
107	[Yy][Ee][Ss])
108		if [ -r /etc/rc.atm ]; then
109			. /etc/rc.atm
110			atm_pass1
111		fi
112		;;
113	esac
114
115	# Special options for sppp(4) interfaces go here.  These need
116	# to go _before_ the general ifconfig section, since in the case
117	# of hardwired (no link1 flag) but required authentication, you
118	# cannot pass auth parameters down to the already running interface.
119	#
120	for ifn in ${sppp_interfaces}; do
121		eval spppcontrol_args=\$spppconfig_${ifn}
122		if [ -n "${spppcontrol_args}" ]; then
123			# The auth secrets might contain spaces; in order
124			# to retain the quotation, we need to eval them
125			# here.
126			eval spppcontrol ${ifn} ${spppcontrol_args}
127		fi
128	done
129
130	# Set up all the network interfaces, calling startup scripts if needed
131	#
132	case ${network_interfaces} in
133	[Aa][Uu][Tt][Oo])
134		network_interfaces="`ifconfig -l`"
135		;;
136	esac
137
138	dhcp_interfaces=""
139	for ifn in ${network_interfaces}; do
140		if [ -r /etc/start_if.${ifn} ]; then
141			. /etc/start_if.${ifn}
142			eval showstat_$ifn=1
143		fi
144
145		# Do the primary ifconfig if specified
146		#
147		eval ifconfig_args=\$ifconfig_${ifn}
148
149		case ${ifconfig_args} in
150		'')
151			;;
152		[Dd][Hh][Cc][Pp])
153			# DHCP inits are done all in one go below
154			dhcp_interfaces="$dhcp_interfaces $ifn"
155			eval showstat_$ifn=1
156			;;
157		*)
158			ifconfig ${ifn} ${ifconfig_args}
159			eval showstat_$ifn=1
160			;;
161		esac
162	done
163
164	if [ ! -z "${dhcp_interfaces}" ]; then
165		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
166	fi
167
168	for ifn in ${network_interfaces}; do
169		# Check to see if aliases need to be added
170		#
171		alias=0
172		while : ; do
173			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
174			if [ -n "${ifconfig_args}" ]; then
175				ifconfig ${ifn} ${ifconfig_args} alias
176				eval showstat_$ifn=1
177				alias=`expr ${alias} + 1`
178			else
179				break;
180			fi
181		done
182
183		# Do ipx address if specified
184		#
185		eval ifconfig_args=\$ifconfig_${ifn}_ipx
186		if [ -n "${ifconfig_args}" ]; then
187			ifconfig ${ifn} ${ifconfig_args}
188			eval showstat_$ifn=1
189		fi
190	done
191
192	for ifn in ${network_interfaces}; do
193		eval showstat=\$showstat_${ifn}
194		if [ ! -z ${showstat} ]; then
195			ifconfig ${ifn}
196		fi
197	done
198
199	# ISDN subsystem startup
200	#
201	case ${isdn_enable} in
202	[Yy][Ee][Ss])
203		if [ -r /etc/rc.isdn ]; then
204			. /etc/rc.isdn
205		fi
206		;;
207	esac
208
209	# Start user ppp if required.  This must happen before natd.
210	#
211	case ${ppp_enable} in
212	[Yy][Ee][Ss])
213		# Establish ppp mode.
214		#
215		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
216			-a "${ppp_mode}" != "dedicated" \
217			-a "${ppp_mode}" != "background" ]; then
218			ppp_mode="auto"
219		fi
220
221		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
222
223		# Switch on NAT mode?
224		#
225		case ${ppp_nat} in
226		[Yy][Ee][Ss])
227			ppp_command="${ppp_command} -nat"
228			;;
229		esac
230
231		ppp_command="${ppp_command} ${ppp_profile}"
232
233		echo -n "Starting ppp as \"${ppp_user}\""
234		su -m ${ppp_user} -c "exec ${ppp_command}"
235		;;
236	esac
237
238	# Initialize IP filtering using ipfw
239	#
240	if /sbin/ipfw -q flush > /dev/null 2>&1; then
241		firewall_in_kernel=1
242	else
243		firewall_in_kernel=0
244	fi
245
246	case ${firewall_enable} in
247	[Yy][Ee][Ss])
248		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
249			firewall_in_kernel=1
250			echo "Kernel firewall module loaded."
251		elif [ "${firewall_in_kernel}" -eq 0 ]; then
252			echo "Warning: firewall kernel module failed to load."
253		fi
254		;;
255	esac
256
257	# Load the filters if required
258	#
259	case ${firewall_in_kernel} in
260	1)
261		if [ -z "${firewall_script}" ]; then
262			firewall_script=/etc/rc.firewall
263		fi
264
265		case ${firewall_enable} in
266		[Yy][Ee][Ss])
267			if [ -r "${firewall_script}" ]; then
268				. "${firewall_script}"
269				echo -n 'Firewall rules loaded, starting divert daemons:'
270
271				# Network Address Translation daemon
272				#
273				case ${natd_enable} in
274				[Yy][Ee][Ss])
275					if [ -n "${natd_interface}" ]; then
276						if echo ${natd_interface} | \
277							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
278							natd_ifarg="-a ${natd_interface}"
279						else
280							natd_ifarg="-n ${natd_interface}"
281						fi
282
283						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
284					fi
285					;;
286				esac
287
288				echo '.'
289
290			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
291				echo -n "Warning: kernel has firewall functionality, "
292				echo "but firewall rules are not enabled."
293				echo "		 All ip services are disabled."
294			fi
295
296			case ${firewall_logging} in
297			[Yy][Ee][Ss] | '')
298				echo 'Firewall logging=YES'
299				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
300				;;
301			*)
302				;;
303			esac
304
305			;;
306		esac
307		;;
308	esac
309
310	# Additional ATM interface configuration
311	#
312	if [ -n "${atm_pass1_done}" ]; then
313		atm_pass2
314	fi
315
316	# Configure routing
317	#
318	case ${defaultrouter} in
319	[Nn][Oo] | '')
320		;;
321	*)
322		static_routes="default ${static_routes}"
323		route_default="default ${defaultrouter}"
324		;;
325	esac
326
327	# Set up any static routes.  This should be done before router discovery.
328	#
329	if [ -n "${static_routes}" ]; then
330		for i in ${static_routes}; do
331			eval route_args=\$route_${i}
332			route add ${route_args}
333		done
334	fi
335
336	echo -n 'Additional routing options:'
337	case ${tcp_extensions} in
338	[Yy][Ee][Ss] | '')
339		;;
340	*)
341		echo -n ' tcp extensions=NO'
342		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
343		;;
344	esac
345
346	case ${icmp_bmcastecho} in
347	[Yy][Ee][Ss])
348		echo -n ' broadcast ping responses=YES'
349		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
350		;;
351	esac
352
353	case ${icmp_drop_redirect} in
354	[Yy][Ee][Ss])
355		echo -n ' ignore ICMP redirect=YES'
356		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
357		;;
358	esac
359
360	case ${icmp_log_redirect} in
361	[Yy][Ee][Ss])
362		echo -n ' log ICMP redirect=YES'
363		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
364		;;
365	esac
366
367	case ${gateway_enable} in
368	[Yy][Ee][Ss])
369		echo -n ' IP gateway=YES'
370		sysctl -w net.inet.ip.forwarding=1 >/dev/null
371		;;
372	esac
373
374	case ${forward_sourceroute} in
375	[Yy][Ee][Ss])
376		echo -n ' do source routing=YES'
377		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
378		;;
379	esac
380
381	case ${accept_sourceroute} in
382	[Yy][Ee][Ss])
383		echo -n ' accept source routing=YES'
384		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
385		;;
386	esac
387
388	case ${tcp_keepalive} in
389	[Yy][Ee][Ss])
390		echo -n ' TCP keepalive=YES'
391		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
392		;;
393	esac
394
395	case ${tcp_restrict_rst} in
396	[Yy][Ee][Ss])
397		echo -n ' restrict TCP reset=YES'
398		sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
399		;;
400	esac
401
402	case ${tcp_drop_synfin} in
403	[Yy][Ee][Ss])
404		echo -n ' drop SYN+FIN packets=YES'
405		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
406		;;
407	esac
408
409	case ${ipxgateway_enable} in
410	[Yy][Ee][Ss])
411		echo -n ' IPX gateway=YES'
412		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
413		;;
414	esac
415
416	case ${arpproxy_all} in
417	[Yy][Ee][Ss])
418		echo -n ' ARP proxyall=YES'
419		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
420		;;
421	esac
422
423	case ${ip_portrange_first} in
424	[Nn][Oo] | '')
425		;;
426	*)
427		echo -n ' ip_portrange_first=$ip_portrange_first'
428		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
429		;;
430	esac
431
432	case ${ip_portrange_last} in
433	[Nn][Oo] | '')
434		;;
435	*)
436		echo -n ' ip_portrange_last=$ip_portrange_last'
437		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
438		;;
439	esac
440
441	echo '.'
442
443	case ${ipsec_enable} in
444	[Yy][Ee][Ss])
445		if [ -f ${ipsec_file} ]; then
446		    echo ' ipsec: enabled'
447		    setkey -f ${ipsec_file}
448		else
449		    echo ' ipsec: file not found'
450		fi
451		;;
452	esac
453
454	echo -n 'routing daemons:'
455	case ${router_enable} in
456	[Yy][Ee][Ss])
457		echo -n " ${router}";	${router} ${router_flags}
458		;;
459	esac
460
461	case ${ipxrouted_enable} in
462	[Yy][Ee][Ss])
463		echo -n ' IPXrouted'
464		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
465		;;
466	esac
467
468	case ${mrouted_enable} in
469	[Yy][Ee][Ss])
470		echo -n ' mrouted';	mrouted ${mrouted_flags}
471		;;
472	esac
473
474	case ${rarpd_enable} in
475	[Yy][Ee][Ss])
476		echo -n ' rarpd';	rarpd ${rarpd_flags}
477		;;
478	esac
479	echo '.'
480
481	# Let future generations know we made it.
482	#
483	network_pass1_done=YES
484}
485
486network_pass2() {
487	echo -n 'Doing additional network setup:'
488	case ${named_enable} in
489	[Yy][Ee][Ss])
490		echo -n ' named';	${named_program:-named} ${named_flags}
491		;;
492	esac
493
494	case ${ntpdate_enable} in
495	[Yy][Ee][Ss])
496		echo -n ' ntpdate'
497		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
498		;;
499	esac
500
501	case ${xntpd_enable} in
502	[Yy][Ee][Ss])
503		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
504		;;
505	esac
506
507	case ${timed_enable} in
508	[Yy][Ee][Ss])
509		echo -n ' timed';	timed ${timed_flags}
510		;;
511	esac
512
513	case ${portmap_enable} in
514	[Yy][Ee][Ss])
515		echo -n ' portmap';	${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
516		;;
517	esac
518
519	# Start ypserv if we're an NIS server.
520	# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
521	#
522	case ${nis_server_enable} in
523	[Yy][Ee][Ss])
524		echo -n ' ypserv'; ypserv ${nis_server_flags}
525
526		case ${nis_ypxfrd_enable} in
527		[Yy][Ee][Ss])
528			echo -n ' rpc.ypxfrd'
529			rpc.ypxfrd ${nis_ypxfrd_flags}
530			;;
531		esac
532
533		case ${nis_yppasswdd_enable} in
534		[Yy][Ee][Ss])
535			echo -n ' rpc.yppasswdd'
536			rpc.yppasswdd ${nis_yppasswdd_flags}
537			;;
538		esac
539		;;
540	esac
541
542	# Start ypbind if we're an NIS client
543	#
544	case ${nis_client_enable} in
545	[Yy][Ee][Ss])
546		echo -n ' ypbind'; ypbind ${nis_client_flags}
547		case ${nis_ypset_enable} in
548		[Yy][Ee][Ss])
549			echo -n ' ypset';	ypset ${nis_ypset_flags}
550			;;
551		esac
552		;;
553	esac
554
555	# Start keyserv if we are running Secure RPC
556	#
557	case ${keyserv_enable} in
558	[Yy][Ee][Ss])
559		echo -n ' keyserv';	keyserv ${keyserv_flags}
560		;;
561	esac
562
563	# Start ypupdated if we are running Secure RPC and we are NIS master
564	#
565	case ${rpc_ypupdated_enable} in
566	[Yy][Ee][Ss])
567		echo -n ' rpc.ypupdated';	rpc.ypupdated
568		;;
569	esac
570
571	# Start ATM daemons
572	if [ -n "${atm_pass2_done}" ]; then
573		atm_pass3
574	fi
575
576	echo '.'
577	network_pass2_done=YES
578}
579
580network_pass3() {
581	echo -n 'Starting final network daemons:'
582
583	case ${nfs_server_enable} in
584	[Yy][Ee][Ss])
585		if [ -r /etc/exports ]; then
586			echo -n ' mountd'
587
588			case ${weak_mountd_authentication} in
589			[Yy][Ee][Ss])
590				mountd_flags="${mountd_flags} -n"
591				;;
592			esac
593
594			mountd ${mountd_flags}
595
596			case ${nfs_reserved_port_only} in
597			[Yy][Ee][Ss])
598				echo -n ' NFS on reserved port only=YES'
599				sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
600				;;
601			esac
602
603			echo -n ' nfsd';	nfsd ${nfs_server_flags}
604
605			if [ -n "${nfs_bufpackets}" ]; then
606				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
607					> /dev/null
608			fi
609
610			case ${rpc_lockd_enable} in
611			[Yy][Ee][Ss])
612				echo -n ' rpc.lockd';	rpc.lockd
613				;;
614			esac
615
616			case ${rpc_statd_enable} in
617			[Yy][Ee][Ss])
618				echo -n ' rpc.statd';	rpc.statd
619				;;
620			esac
621		fi
622		;;
623	*)
624		case ${single_mountd_enable} in
625		[Yy][Ee][Ss])
626			if [ -r /etc/exports ]; then
627				echo -n ' mountd'
628
629				case ${weak_mountd_authentication} in
630				[Yy][Ee][Ss])
631					mountd_flags="-n"
632					;;
633				esac
634
635				mountd ${mountd_flags}
636			fi
637			;;
638		esac
639		;;
640	esac
641
642	case ${nfs_client_enable} in
643	[Yy][Ee][Ss])
644		echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
645		if [ -n "${nfs_access_cache}" ]; then
646		echo -n " NFS access cache time=${nfs_access_cache}"
647		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
648			>/dev/null
649		fi
650		;;
651	esac
652
653	# If /var/db/mounttab exists, some nfs-server has not been
654	# sucessfully notified about a previous client shutdown.
655	# If there is no /var/db/mounttab, we do nothing.
656	if [ -f /var/db/mounttab ]; then
657		rpc.umntall -k
658	fi
659
660	case ${amd_enable} in
661	[Yy][Ee][Ss])
662		echo -n ' amd'
663		case ${amd_map_program} in
664		[Nn][Oo] | '')
665			;;
666		*)
667			amd_flags="${amd_flags} `eval ${amd_map_program}`"
668			;;
669		esac
670
671		if [ -n "${amd_flags}" ]; then
672			amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
673		else
674			amd 2> /dev/null
675		fi
676		;;
677	esac
678
679	case ${rwhod_enable} in
680	[Yy][Ee][Ss])
681		echo -n ' rwhod';	rwhod ${rwhod_flags}
682		;;
683	esac
684
685	# Kerberos runs ONLY on the Kerberos server machine
686	case ${kerberos_server_enable} in
687	[Yy][Ee][Ss])
688		case ${kerberos_stash} in
689		[Yy][Ee][Ss])
690			stash_flag=-n
691			;;
692		*)
693			stash_flag=
694			;;
695		esac
696
697		echo -n ' kerberos'
698		kerberos ${stash_flag} >> /var/log/kerberos.log &
699
700		case ${kadmind_server_enable} in
701		[Yy][Ee][Ss])
702			echo -n ' kadmind'
703			(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
704			;;
705		esac
706		unset stash_flag
707		;;
708	esac
709
710	case ${pppoed_enable} in
711	[Yy][Ee][Ss])
712		if [ -n "${pppoed_provider}" ]; then
713			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
714		fi
715		echo -n ' pppoed';
716		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
717		;;
718	esac
719
720	case ${sshd_enable} in
721	[Yy][Ee][Ss])
722		if [ ! -f /etc/ssh/ssh_host_key ]; then
723			echo ' creating ssh RSA host key';
724			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
725		fi
726		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
727			echo ' creating ssh DSA host key';
728			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
729		fi
730		;;
731	esac
732
733	echo '.'
734	network_pass3_done=YES
735}
736
737network_pass4() {
738	echo -n 'Additional TCP options:'
739	case ${log_in_vain} in
740	[Nn][Oo] | '')
741		;;
742	*)
743		echo -n ' log_in_vain=YES'
744		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
745		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
746		;;
747	esac
748
749	echo '.'
750	network_pass4_done=YES
751}
752
753convert_host_conf() {
754    host_conf=$1; shift;
755    nsswitch_conf=$1; shift;
756    awk '                                                                   \
757        /^[:blank:]*#/       { next }                                       \
758        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
759        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
760        /nis/                { nsswitch[c] = "nis";   c++; next }           \
761        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
762        END {                                                               \
763                printf "hosts: ";                                           \
764                for (i in nsswitch) printf "%s ", nsswitch[i];              \
765                printf "\n";                                                \
766        }' < $host_conf > $nsswitch_conf
767}
768
769