defaultroute revision 86342 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/routing 86342 2001-11-14 06:35:43Z sheldonh $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Generate host.conf for compatibility
42	#
43	if [ -f "/etc/nsswitch.conf" ]; then
44		echo -n ' host.conf'
45		generate_host_conf /etc/nsswitch.conf /etc/host.conf
46	fi
47
48	# Convert host.conf to nsswitch.conf if necessary
49	#
50	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
51		echo ''
52		echo 'Warning: /etc/host.conf is no longer used'
53		echo '  /etc/nsswitch.conf will be created for you'
54		convert_host_conf /etc/host.conf /etc/nsswitch.conf
55	fi
56
57	# Set the host name if it is not already set
58	#
59	if [ -z "`hostname -s`" ]; then
60		hostname ${hostname}
61		echo -n ' hostname'
62	fi
63
64	# Establish ipfilter ruleset as early as possible (best in
65	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
66	#
67	if /sbin/ipfstat -i > /dev/null 2>&1; then
68		ipfilter_in_kernel=1
69	else
70		ipfilter_in_kernel=0
71	fi
72
73	case "${ipfilter_enable}" in
74	[Yy][Ee][Ss])
75		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
76			ipfilter_in_kernel=1
77			echo "Kernel ipfilter module loaded."
78		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
79			echo "Warning: ipfilter kernel module failed to load."
80		fi
81
82		if [ -r "${ipfilter_rules}" ]; then
83			echo -n ' ipfilter';
84			${ipfilter_program:-/sbin/ipf -Fa -f} \
85			    "${ipfilter_rules}" ${ipfilter_flags}
86			case "${ipmon_enable}" in
87			[Yy][Ee][Ss])
88				echo -n ' ipmon'
89				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
90				;;
91			esac
92			case "${ipfs_enable}" in
93			[Yy][Ee][Ss])
94				if [ -r "/var/db/ipf/ipstate.ipf" ]; then
95					echo -n ' ipfs';
96					eval ${ipfs_program:-/sbin/ipfs -R} \
97						${ipfs_flags}
98				fi
99				;;
100			esac
101		else
102			ipfilter_enable="NO"
103			echo -n ' NO IPF RULES'
104		fi
105	esac
106	case "${ipnat_enable}" in
107	[Yy][Ee][Ss])
108		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
109			ipfilter_in_kernel=1
110			echo "Kernel ipfilter module loaded."
111		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
112			echo "Warning: ipfilter kernel module failed to load."
113		fi
114		if [ -r "${ipnat_rules}" ]; then
115			echo -n ' ipnat';
116		eval ${ipnat_program:-/sbin/ipnat -CF -f} \
117			"${ipnat_rules}" ${ipnat_flags}
118		else
119			echo -n ' NO IPNAT RULES'
120		fi
121		;;
122	esac
123
124	# Set the domainname if we're using NIS
125	#
126	case ${nisdomainname} in
127	[Nn][Oo] | '')
128		;;
129	*)
130		domainname ${nisdomainname}
131		echo -n ' domain'
132		;;
133	esac
134
135	echo '.'
136
137	# Initial ATM interface configuration
138	#
139	case ${atm_enable} in
140	[Yy][Ee][Ss])
141		if [ -r /etc/rc.atm ]; then
142			. /etc/rc.atm
143			atm_pass1
144		fi
145		;;
146	esac
147
148	# Attempt to create cloned interfaces.
149	for ifn in ${cloned_interfaces}; do
150		ifconfig ${ifn} create
151	done
152
153	# Special options for sppp(4) interfaces go here.  These need
154	# to go _before_ the general ifconfig section, since in the case
155	# of hardwired (no link1 flag) but required authentication, you
156	# cannot pass auth parameters down to the already running interface.
157	#
158	for ifn in ${sppp_interfaces}; do
159		eval spppcontrol_args=\$spppconfig_${ifn}
160		if [ -n "${spppcontrol_args}" ]; then
161			# The auth secrets might contain spaces; in order
162			# to retain the quotation, we need to eval them
163			# here.
164			eval spppcontrol ${ifn} ${spppcontrol_args}
165		fi
166	done
167
168	# gifconfig
169	network_gif_setup
170
171	# Set up all the network interfaces, calling startup scripts if needed
172	#
173	case ${network_interfaces} in
174	[Aa][Uu][Tt][Oo])
175		network_interfaces="`ifconfig -l`"
176		;;
177	*)
178		network_interfaces="${network_interfaces} ${cloned_interfaces}"
179		;;
180	esac
181
182	dhcp_interfaces=""
183	for ifn in ${network_interfaces}; do
184		if [ -r /etc/start_if.${ifn} ]; then
185			. /etc/start_if.${ifn}
186			eval showstat_$ifn=1
187		fi
188
189		# Do the primary ifconfig if specified
190		#
191		eval ifconfig_args=\$ifconfig_${ifn}
192
193		case ${ifconfig_args} in
194		'')
195			;;
196		[Dd][Hh][Cc][Pp])
197			# DHCP inits are done all in one go below
198			dhcp_interfaces="$dhcp_interfaces $ifn"
199			eval showstat_$ifn=1
200			;;
201		*)
202			ifconfig ${ifn} ${ifconfig_args}
203			eval showstat_$ifn=1
204			;;
205		esac
206	done
207
208	if [ ! -z "${dhcp_interfaces}" ]; then
209		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
210	fi
211
212	for ifn in ${network_interfaces}; do
213		# Check to see if aliases need to be added
214		#
215		alias=0
216		while : ; do
217			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
218			if [ -n "${ifconfig_args}" ]; then
219				ifconfig ${ifn} ${ifconfig_args} alias
220				eval showstat_$ifn=1
221				alias=$((${alias} + 1))
222			else
223				break;
224			fi
225		done
226
227		# Do ipx address if specified
228		#
229		eval ifconfig_args=\$ifconfig_${ifn}_ipx
230		if [ -n "${ifconfig_args}" ]; then
231			ifconfig ${ifn} ${ifconfig_args}
232			eval showstat_$ifn=1
233		fi
234	done
235
236	for ifn in ${network_interfaces}; do
237		eval showstat=\$showstat_${ifn}
238		if [ ! -z ${showstat} ]; then
239			ifconfig ${ifn}
240		fi
241	done
242
243	# ISDN subsystem startup
244	#
245	case ${isdn_enable} in
246	[Yy][Ee][Ss])
247		if [ -r /etc/rc.isdn ]; then
248			. /etc/rc.isdn
249		fi
250		;;
251	esac
252
253	# Start user ppp if required.  This must happen before natd.
254	#
255	case ${ppp_enable} in
256	[Yy][Ee][Ss])
257		# Establish ppp mode.
258		#
259		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
260			-a "${ppp_mode}" != "dedicated" \
261			-a "${ppp_mode}" != "background" ]; then
262			ppp_mode="auto"
263		fi
264
265		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
266
267		# Switch on NAT mode?
268		#
269		case ${ppp_nat} in
270		[Yy][Ee][Ss])
271			ppp_command="${ppp_command} -nat"
272			;;
273		esac
274
275		ppp_command="${ppp_command} ${ppp_profile}"
276
277		echo "Starting ppp as \"${ppp_user}\""
278		su -m ${ppp_user} -c "exec ${ppp_command}"
279		;;
280	esac
281
282	# Re-Sync ipfilter
283	#
284	case ${ipfilter_enable} in
285	[Yy][Ee][Ss])
286		${ipfilter_program:-/sbin/ipf -y}
287		;;
288	*)
289		case ${ipnat_enable} in
290		[Yy][Ee][Ss])
291			${ipfilter_program:-/sbin/ipf -y}
292			;;
293		esac
294	esac
295
296	# Initialize IP filtering using ipfw
297	#
298	if /sbin/ipfw -q flush > /dev/null 2>&1; then
299		firewall_in_kernel=1
300	else
301		firewall_in_kernel=0
302	fi
303
304	case ${firewall_enable} in
305	[Yy][Ee][Ss])
306		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
307			firewall_in_kernel=1
308			echo 'Kernel firewall module loaded'
309		elif [ "${firewall_in_kernel}" -eq 0 ]; then
310			echo 'Warning: firewall kernel module failed to load'
311		fi
312		;;
313	esac
314
315	# Load the filters if required
316	#
317	case ${firewall_in_kernel} in
318	1)
319		if [ -z "${firewall_script}" ]; then
320			firewall_script=/etc/rc.firewall
321		fi
322
323		case ${firewall_enable} in
324		[Yy][Ee][Ss])
325			if [ -r "${firewall_script}" ]; then
326				. "${firewall_script}"
327				echo -n 'Firewall rules loaded, starting divert daemons:'
328
329				# Network Address Translation daemon
330				#
331				case ${natd_enable} in
332				[Yy][Ee][Ss])
333					if [ -n "${natd_interface}" ]; then
334						if echo ${natd_interface} | \
335							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
336							natd_ifarg="-a ${natd_interface}"
337						else
338							natd_ifarg="-n ${natd_interface}"
339						fi
340
341						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
342					fi
343					;;
344				esac
345
346				echo '.'
347
348			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
349				echo 'Warning: kernel has firewall functionality,' \
350				     'but firewall rules are not enabled.'
351				echo '		 All ip services are disabled.'
352			fi
353
354			case ${firewall_logging} in
355			[Yy][Ee][Ss] | '')
356				echo 'Firewall logging=YES'
357				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
358				;;
359			*)
360				;;
361			esac
362
363			;;
364		esac
365		;;
366	esac
367
368	# Additional ATM interface configuration
369	#
370	if [ -n "${atm_pass1_done}" ]; then
371		atm_pass2
372	fi
373
374	# Configure routing
375	#
376	case ${defaultrouter} in
377	[Nn][Oo] | '')
378		;;
379	*)
380		static_routes="default ${static_routes}"
381		route_default="default ${defaultrouter}"
382		;;
383	esac
384
385	# Set up any static routes.  This should be done before router discovery.
386	#
387	if [ -n "${static_routes}" ]; then
388		for i in ${static_routes}; do
389			eval route_args=\$route_${i}
390			route add ${route_args}
391		done
392	fi
393
394	echo -n 'Additional routing options:'
395	case ${tcp_extensions} in
396	[Yy][Ee][Ss] | '')
397		;;
398	*)
399		echo -n ' tcp extensions=NO'
400		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
401		;;
402	esac
403
404	case ${icmp_bmcastecho} in
405	[Yy][Ee][Ss])
406		echo -n ' broadcast ping responses=YES'
407		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
408		;;
409	esac
410
411	case ${icmp_drop_redirect} in
412	[Yy][Ee][Ss])
413		echo -n ' ignore ICMP redirect=YES'
414		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
415		;;
416	esac
417
418	case ${icmp_log_redirect} in
419	[Yy][Ee][Ss])
420		echo -n ' log ICMP redirect=YES'
421		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
422		;;
423	esac
424
425	case ${gateway_enable} in
426	[Yy][Ee][Ss])
427		echo -n ' IP gateway=YES'
428		sysctl -w net.inet.ip.forwarding=1 >/dev/null
429		;;
430	esac
431
432	case ${forward_sourceroute} in
433	[Yy][Ee][Ss])
434		echo -n ' do source routing=YES'
435		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
436		;;
437	esac
438
439	case ${accept_sourceroute} in
440	[Yy][Ee][Ss])
441		echo -n ' accept source routing=YES'
442		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
443		;;
444	esac
445
446	case ${tcp_keepalive} in
447	[Yy][Ee][Ss])
448		echo -n ' TCP keepalive=YES'
449		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
450		;;
451	esac
452
453	case ${tcp_drop_synfin} in
454	[Yy][Ee][Ss])
455		echo -n ' drop SYN+FIN packets=YES'
456		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
457		;;
458	esac
459
460	case ${ipxgateway_enable} in
461	[Yy][Ee][Ss])
462		echo -n ' IPX gateway=YES'
463		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
464		;;
465	esac
466
467	case ${arpproxy_all} in
468	[Yy][Ee][Ss])
469		echo -n ' ARP proxyall=YES'
470		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
471		;;
472	esac
473
474	case ${ip_portrange_first} in
475	[Nn][Oo] | '')
476		;;
477	*)
478		echo -n " ip_portrange_first=$ip_portrange_first"
479		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
480		;;
481	esac
482
483	case ${ip_portrange_last} in
484	[Nn][Oo] | '')
485		;;
486	*)
487		echo -n " ip_portrange_last=$ip_portrange_last"
488		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
489		;;
490	esac
491
492	echo '.'
493
494	case ${ipsec_enable} in
495	[Yy][Ee][Ss])
496		if [ -f ${ipsec_file} ]; then
497		    echo ' ipsec: enabled'
498		    setkey -f ${ipsec_file}
499		else
500		    echo ' ipsec: file not found'
501		fi
502		;;
503	esac
504
505	echo -n 'Routing daemons:'
506	case ${router_enable} in
507	[Yy][Ee][Ss])
508		echo -n " ${router}";	${router} ${router_flags}
509		;;
510	esac
511
512	case ${ipxrouted_enable} in
513	[Yy][Ee][Ss])
514		echo -n ' IPXrouted'
515		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
516		;;
517	esac
518
519	case ${mrouted_enable} in
520	[Yy][Ee][Ss])
521		echo -n ' mrouted';	mrouted ${mrouted_flags}
522		;;
523	esac
524
525	case ${rarpd_enable} in
526	[Yy][Ee][Ss])
527		echo -n ' rarpd';	rarpd ${rarpd_flags}
528		;;
529	esac
530	echo '.'
531
532	# Let future generations know we made it.
533	#
534	network_pass1_done=YES
535}
536
537network_pass2() {
538	echo -n 'Doing additional network setup:'
539	case ${named_enable} in
540	[Yy][Ee][Ss])
541		echo -n ' named';	${named_program:-named} ${named_flags}
542		;;
543	esac
544
545	case ${ntpdate_enable} in
546	[Yy][Ee][Ss])
547		echo -n ' ntpdate'
548		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
549		;;
550	esac
551
552	case ${xntpd_enable} in
553	[Yy][Ee][Ss])
554		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
555		;;
556	esac
557
558	case ${timed_enable} in
559	[Yy][Ee][Ss])
560		echo -n ' timed';	timed ${timed_flags}
561		;;
562	esac
563
564	case ${portmap_enable} in
565	[Yy][Ee][Ss])
566		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
567			${portmap_flags}
568
569		# Start ypserv if we're an NIS server.
570		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
571		#
572		case ${nis_server_enable} in
573		[Yy][Ee][Ss])
574			echo -n ' ypserv'; ypserv ${nis_server_flags}
575
576			case ${nis_ypxfrd_enable} in
577			[Yy][Ee][Ss])
578				echo -n ' rpc.ypxfrd'
579				rpc.ypxfrd ${nis_ypxfrd_flags}
580				;;
581			esac
582
583			case ${nis_yppasswdd_enable} in
584			[Yy][Ee][Ss])
585				echo -n ' rpc.yppasswdd'
586				rpc.yppasswdd ${nis_yppasswdd_flags}
587				;;
588			esac
589			;;
590		esac
591
592		# Start ypbind if we're an NIS client
593		#
594		case ${nis_client_enable} in
595		[Yy][Ee][Ss])
596			echo -n ' ypbind'; ypbind ${nis_client_flags}
597			case ${nis_ypset_enable} in
598			[Yy][Ee][Ss])
599				echo -n ' ypset';	ypset ${nis_ypset_flags}
600				;;
601			esac
602			;;
603		esac
604
605		# Start keyserv if we are running Secure RPC
606		#
607		case ${keyserv_enable} in
608		[Yy][Ee][Ss])
609			echo -n ' keyserv';	keyserv ${keyserv_flags}
610			;;
611		esac
612
613		# Start ypupdated if we are running Secure RPC
614		# and we are NIS master
615		#
616		case ${rpc_ypupdated_enable} in
617		[Yy][Ee][Ss])
618			echo -n ' rpc.ypupdated';	rpc.ypupdated
619			;;
620		esac
621		;;
622	esac
623
624	# Start ATM daemons
625	if [ -n "${atm_pass2_done}" ]; then
626		atm_pass3
627	fi
628
629	echo '.'
630	network_pass2_done=YES
631}
632
633network_pass3() {
634	echo -n 'Starting final network daemons:'
635
636	case ${portmap_enable} in
637	[Yy][Ee][Ss])
638		case ${nfs_server_enable} in
639		[Yy][Ee][Ss])
640			# Handle absent nfs server support
641			nfsserver_in_kernel=0
642			if sysctl vfs.nfsrv >/dev/null 2>&1; then
643				nfsserver_in_kernel=1
644			else
645				kldload nfsserver && nfsserver_in_kernel=1
646			fi
647
648			if [ -r /etc/exports -a \
649			    ${nfsserver_in_kernel} -eq 1 ]; then
650				echo -n ' mountd'
651
652				case ${weak_mountd_authentication} in
653				[Yy][Ee][Ss])
654					mountd_flags="${mountd_flags} -n"
655					;;
656				esac
657
658				mountd ${mountd_flags}
659
660				case ${nfs_reserved_port_only} in
661				[Yy][Ee][Ss])
662					echo -n ' NFS on reserved port only=YES'
663					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
664					;;
665				esac
666
667				echo -n ' nfsd';	nfsd ${nfs_server_flags}
668
669				case ${rpc_lockd_enable} in
670				[Yy][Ee][Ss])
671					echo -n ' rpc.lockd';	rpc.lockd
672					;;
673				esac
674
675				case ${rpc_statd_enable} in
676				[Yy][Ee][Ss])
677					echo -n ' rpc.statd';	rpc.statd
678					;;
679				esac
680			else
681				echo -n ' Warning: nfs server failed'
682			fi
683			;;
684		*)
685			case ${single_mountd_enable} in
686			[Yy][Ee][Ss])
687				if [ -r /etc/exports ]; then
688					echo -n ' mountd'
689
690					case ${weak_mountd_authentication} in
691					[Yy][Ee][Ss])
692						mountd_flags="-n"
693						;;
694					esac
695
696					mountd ${mountd_flags}
697				fi
698				;;
699			esac
700			;;
701		esac
702
703		case ${nfs_client_enable} in
704		[Yy][Ee][Ss])
705			if [ -n "${nfs_access_cache}" ]; then
706				echo -n " NFS access cache time=${nfs_access_cache}"
707				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
708			fi
709			if [ -n "${nfs_bufpackets}" ]; then
710				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
711			fi
712			;;
713		esac
714
715		# If /var/db/mounttab exists, some nfs-server has not been
716		# sucessfully notified about a previous client shutdown.
717		# If there is no /var/db/mounttab, we do nothing.
718		if [ -f /var/db/mounttab ]; then
719			rpc.umntall -k
720		fi
721
722		case ${amd_enable} in
723		[Yy][Ee][Ss])
724			echo -n ' amd'
725			case ${amd_map_program} in
726			[Nn][Oo] | '')
727				;;
728			*)
729				amd_flags="${amd_flags} `eval\
730					${amd_map_program}`"
731				;;
732			esac
733
734			if [ -n "${amd_flags}" ]; then
735				amd -p ${amd_flags}\
736					> /var/run/amd.pid 2> /dev/null
737			else
738				amd 2> /dev/null
739			fi
740			;;
741		esac
742		;;
743	esac
744
745	case ${rwhod_enable} in
746	[Yy][Ee][Ss])
747		echo -n ' rwhod';	rwhod ${rwhod_flags}
748		;;
749	esac
750
751	# Kerberos servers run ONLY on the Kerberos server machine
752	case ${kerberos4_server_enable} in
753	[Yy][Ee][Ss])
754		case ${kerberos_stash} in
755		[Yy][Ee][Ss])
756			stash=-n
757			;;
758		*)
759			stash=
760			;;
761		esac
762
763		echo -n ' kerberosIV'
764		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
765
766		case ${kadmind4_server_enable} in
767		[Yy][Ee][Ss])
768			echo -n ' kadmindIV'
769			(
770				sleep 20;
771				${kadmind4_server} ${stash} >/dev/null 2>&1 &
772			) &
773			;;
774		esac
775		unset stash_flag
776		;;
777	esac
778
779	case ${kerberos5_server_enable} in
780	[Yy][Ee][Ss])
781		echo -n ' kerberos5'
782		${kerberos5_server} &
783
784		case ${kadmind5_server_enable} in
785		[Yy][Ee][Ss])
786			echo -n ' kadmind5'
787			${kadmind5_server} &
788			;;
789		esac
790		;;
791	esac
792
793	case ${pppoed_enable} in
794	[Yy][Ee][Ss])
795		if [ -n "${pppoed_provider}" ]; then
796			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
797		fi
798		echo -n ' pppoed';
799		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
800		;;
801	esac
802
803	case ${sshd_enable} in
804	[Yy][Ee][Ss])
805		if [ ! -f /etc/ssh/ssh_host_key ]; then
806			echo ' creating ssh RSA host key';
807			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
808		fi
809		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
810			echo ' creating ssh DSA host key';
811			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
812		fi
813		;;
814	esac
815
816	echo '.'
817	network_pass3_done=YES
818}
819
820network_pass4() {
821	echo -n 'Additional TCP options:'
822	case ${log_in_vain} in
823	[Nn][Oo] | '')
824		;;
825	*)
826		echo -n ' log_in_vain=YES'
827		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
828		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
829		;;
830	esac
831
832	echo '.'
833	network_pass4_done=YES
834}
835
836network_gif_setup() {
837	case ${gif_interfaces} in
838	[Nn][Oo] | '')
839		;;
840	*)
841		for i in ${gif_interfaces}; do
842			eval peers=\$gifconfig_$i
843			case ${peers} in
844			'')
845				continue
846				;;
847			*)
848				ifconfig $i create >/dev/null 2>&1
849				ifconfig $i tunnel ${peers}
850				;;
851			esac
852		done
853		;;
854	esac
855}
856
857convert_host_conf() {
858    host_conf=$1; shift;
859    nsswitch_conf=$1; shift;
860    awk '                                                                   \
861        /^[:blank:]*#/       { next }                                       \
862        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
863        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
864        /nis/                { nsswitch[c] = "nis";   c++; next }           \
865        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
866        END {                                                               \
867                printf "hosts: ";                                           \
868                for (i in nsswitch) printf "%s ", nsswitch[i];              \
869                printf "\n";                                                \
870        }' < $host_conf > $nsswitch_conf
871}
872
873generate_host_conf() {
874    nsswitch_conf=$1; shift;
875    host_conf=$1; shift;
876    
877    awk '
878BEGIN {
879    xlat["files"] = "hosts";
880    xlat["dns"] = "bind";
881    xlat["nis"] = "nis";
882    cont = 0;
883}
884sub(/^[\t ]*hosts:/, "") || cont {
885    if (!cont)
886	srcs = ""
887    sub(/#.*/, "")
888    gsub(/[][]/, " & ")
889    cont = sub(/\\$/, "")
890    srcs = srcs " " $0
891}
892END {
893    print "# Auto-generated from nsswitch.conf, do not edit"
894    ns = split(srcs, s)
895    for (n = 1; n <= ns; ++n) {
896        if (s[n] in xlat)
897            print xlat[s[n]]
898    }
899}
900' <$nsswitch_conf >$host_conf
901}
902