defaultroute revision 92184 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/routing 92184 2002-03-12 20:25:25Z cjc $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Generate host.conf for compatibility
42	#
43	if [ -f "/etc/nsswitch.conf" ]; then
44		echo -n ' host.conf'
45		generate_host_conf /etc/nsswitch.conf /etc/host.conf
46	fi
47
48	# Convert host.conf to nsswitch.conf if necessary
49	#
50	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
51		echo ''
52		echo 'Warning: /etc/host.conf is no longer used'
53		echo '  /etc/nsswitch.conf will be created for you'
54		convert_host_conf /etc/host.conf /etc/nsswitch.conf
55	fi
56
57	# Set the host name if it is not already set
58	#
59	if [ -z "`hostname -s`" ]; then
60		hostname ${hostname}
61		echo -n ' hostname'
62	fi
63
64	# Establish ipfilter ruleset as early as possible (best in
65	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
66
67	# check whether ipfilter and/or ipnat is enabled
68	ipfilter_active="NO"
69	case ${ipfilter_enable} in
70	[Yy][Ee][Ss])
71		ipfilter_active="YES"
72		;;
73	esac
74	case ${ipnat_enable} in
75	[Yy][Ee][Ss])
76		ipfilter_active="YES"
77		;;
78	esac
79	case ${ipfilter_active} in
80	[Yy][Ee][Ss])
81		# load ipfilter kernel module if needed
82		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
83			if kldload ipl; then
84				echo 'IP-filter module loaded.'
85			else
86				echo 'Warning: IP-filter module failed to load.'
87				# avoid further errors
88				ipmon_enable="NO"
89				ipfilter_enable="NO"
90				ipnat_enable="NO"
91				ipfs_enable="NO"
92			fi
93		fi
94		# start ipmon before loading any rules
95		case "${ipmon_enable}" in
96		[Yy][Ee][Ss])
97			echo -n ' ipmon'
98			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
99			;;
100		esac
101		case "${ipfilter_enable}" in
102		[Yy][Ee][Ss])
103			if [ -r "${ipfilter_rules}" ]; then
104				echo -n ' ipfilter'
105				${ipfilter_program:-/sbin/ipf} -Fa -f \
106				    "${ipfilter_rules}" ${ipfilter_flags}
107			else
108				ipfilter_enable="NO"
109				echo -n ' NO IPF RULES'
110			fi
111			;;
112		esac
113		case "${ipnat_enable}" in
114		[Yy][Ee][Ss])
115			if [ -r "${ipnat_rules}" ]; then
116				echo -n ' ipnat'
117				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
118				    "${ipnat_rules}" ${ipnat_flags}
119			else
120				ipnat_enable="NO"
121				echo -n ' NO IPNAT RULES'
122			fi
123			;;
124		esac
125		# restore filter/NAT state tables after loading the rules
126		case "${ipfs_enable}" in
127		[Yy][Ee][Ss])
128			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
129				echo -n ' ipfs'
130				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
131				# remove files to avoid reloading old state
132				# after an ungraceful shutdown
133				rm -f /var/db/ipf/ipstate.ipf
134				rm -f /var/db/ipf/ipnat.ipf
135			fi
136			;;
137		esac
138		;;
139	esac
140
141	# Set the domainname if we're using NIS
142	#
143	case ${nisdomainname} in
144	[Nn][Oo] | '')
145		;;
146	*)
147		domainname ${nisdomainname}
148		echo -n ' domain'
149		;;
150	esac
151
152	echo '.'
153
154	# Initial ATM interface configuration
155	#
156	case ${atm_enable} in
157	[Yy][Ee][Ss])
158		if [ -r /etc/rc.atm ]; then
159			. /etc/rc.atm
160			atm_pass1
161		fi
162		;;
163	esac
164
165	# Attempt to create cloned interfaces.
166	for ifn in ${cloned_interfaces}; do
167		ifconfig ${ifn} create
168	done
169
170	# Special options for sppp(4) interfaces go here.  These need
171	# to go _before_ the general ifconfig section, since in the case
172	# of hardwired (no link1 flag) but required authentication, you
173	# cannot pass auth parameters down to the already running interface.
174	#
175	for ifn in ${sppp_interfaces}; do
176		eval spppcontrol_args=\$spppconfig_${ifn}
177		if [ -n "${spppcontrol_args}" ]; then
178			# The auth secrets might contain spaces; in order
179			# to retain the quotation, we need to eval them
180			# here.
181			eval spppcontrol ${ifn} ${spppcontrol_args}
182		fi
183	done
184
185	# gifconfig
186	network_gif_setup
187
188	# Set up all the network interfaces, calling startup scripts if needed
189	#
190	case ${network_interfaces} in
191	[Aa][Uu][Tt][Oo])
192		network_interfaces="`ifconfig -l`"
193		;;
194	*)
195		network_interfaces="${network_interfaces} ${cloned_interfaces}"
196		;;
197	esac
198
199	dhcp_interfaces=""
200	for ifn in ${network_interfaces}; do
201		if [ -r /etc/start_if.${ifn} ]; then
202			. /etc/start_if.${ifn}
203			eval showstat_$ifn=1
204		fi
205
206		# Do the primary ifconfig if specified
207		#
208		eval ifconfig_args=\$ifconfig_${ifn}
209
210		case ${ifconfig_args} in
211		'')
212			;;
213		[Dd][Hh][Cc][Pp])
214			# DHCP inits are done all in one go below
215			dhcp_interfaces="$dhcp_interfaces $ifn"
216			eval showstat_$ifn=1
217			;;
218		*)
219			ifconfig ${ifn} ${ifconfig_args}
220			eval showstat_$ifn=1
221			;;
222		esac
223	done
224
225	if [ ! -z "${dhcp_interfaces}" ]; then
226		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
227	fi
228
229	for ifn in ${network_interfaces}; do
230		# Check to see if aliases need to be added
231		#
232		alias=0
233		while : ; do
234			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
235			if [ -n "${ifconfig_args}" ]; then
236				ifconfig ${ifn} ${ifconfig_args} alias
237				eval showstat_$ifn=1
238				alias=$((${alias} + 1))
239			else
240				break;
241			fi
242		done
243
244		# Do ipx address if specified
245		#
246		eval ifconfig_args=\$ifconfig_${ifn}_ipx
247		if [ -n "${ifconfig_args}" ]; then
248			ifconfig ${ifn} ${ifconfig_args}
249			eval showstat_$ifn=1
250		fi
251	done
252
253	for ifn in ${network_interfaces}; do
254		eval showstat=\$showstat_${ifn}
255		if [ ! -z ${showstat} ]; then
256			ifconfig ${ifn}
257		fi
258	done
259
260	# ISDN subsystem startup
261	#
262	case ${isdn_enable} in
263	[Yy][Ee][Ss])
264		if [ -r /etc/rc.isdn ]; then
265			. /etc/rc.isdn
266		fi
267		;;
268	esac
269
270	# Start user ppp if required.  This must happen before natd.
271	#
272	case ${ppp_enable} in
273	[Yy][Ee][Ss])
274		# Establish ppp mode.
275		#
276		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
277			-a "${ppp_mode}" != "dedicated" \
278			-a "${ppp_mode}" != "background" ]; then
279			ppp_mode="auto"
280		fi
281
282		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
283
284		# Switch on NAT mode?
285		#
286		case ${ppp_nat} in
287		[Yy][Ee][Ss])
288			ppp_command="${ppp_command} -nat"
289			;;
290		esac
291
292		ppp_command="${ppp_command} ${ppp_profile}"
293
294		echo "Starting ppp as \"${ppp_user}\""
295		su -m ${ppp_user} -c "exec ${ppp_command}"
296		;;
297	esac
298
299	# Re-Sync ipfilter so it picks up any new network interfaces
300	#
301	case ${ipfilter_enable} in
302	[Yy][Ee][Ss])
303		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
304		;;
305	esac
306
307	# Initialize IP filtering using ipfw
308	#
309	if /sbin/ipfw -q flush > /dev/null 2>&1; then
310		firewall_in_kernel=1
311	else
312		firewall_in_kernel=0
313	fi
314
315	case ${firewall_enable} in
316	[Yy][Ee][Ss])
317		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
318			firewall_in_kernel=1
319			echo 'Kernel firewall module loaded'
320		elif [ "${firewall_in_kernel}" -eq 0 ]; then
321			echo 'Warning: firewall kernel module failed to load'
322		fi
323		;;
324	esac
325
326	# Load the filters if required
327	#
328	case ${firewall_in_kernel} in
329	1)
330		if [ -z "${firewall_script}" ]; then
331			firewall_script=/etc/rc.firewall
332		fi
333
334		case ${firewall_enable} in
335		[Yy][Ee][Ss])
336			if [ -r "${firewall_script}" ]; then
337				. "${firewall_script}"
338				echo -n 'Firewall rules loaded, starting divert daemons:'
339
340				# Network Address Translation daemon
341				#
342				case ${natd_enable} in
343				[Yy][Ee][Ss])
344					if [ -n "${natd_interface}" ]; then
345						if echo ${natd_interface} | \
346							grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
347							natd_flags="$natd_flags -a ${natd_interface}"
348						else
349							natd_flags="$natd_flags -n ${natd_interface}"
350						fi
351					fi
352					echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
353					;;
354				esac
355
356				echo '.'
357
358			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
359				echo 'Warning: kernel has firewall functionality,' \
360				     'but firewall rules are not enabled.'
361				echo '		 All ip services are disabled.'
362			fi
363
364			case ${firewall_logging} in
365			[Yy][Ee][Ss] | '')
366				echo 'Firewall logging=YES'
367				sysctl net.inet.ip.fw.verbose=1 >/dev/null
368				;;
369			*)
370				;;
371			esac
372
373			;;
374		esac
375		;;
376	esac
377
378	# Additional ATM interface configuration
379	#
380	if [ -n "${atm_pass1_done}" ]; then
381		atm_pass2
382	fi
383
384	# Configure routing
385	#
386	case ${defaultrouter} in
387	[Nn][Oo] | '')
388		;;
389	*)
390		static_routes="default ${static_routes}"
391		route_default="default ${defaultrouter}"
392		;;
393	esac
394
395	# Set up any static routes.  This should be done before router discovery.
396	#
397	if [ -n "${static_routes}" ]; then
398		for i in ${static_routes}; do
399			eval route_args=\$route_${i}
400			route add ${route_args}
401		done
402	fi
403
404	echo -n 'Additional routing options:'
405	case ${tcp_extensions} in
406	[Yy][Ee][Ss] | '')
407		;;
408	*)
409		echo -n ' tcp extensions=NO'
410		sysctl net.inet.tcp.rfc1323=0 >/dev/null
411		;;
412	esac
413
414	case ${icmp_bmcastecho} in
415	[Yy][Ee][Ss])
416		echo -n ' broadcast ping responses=YES'
417		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
418		;;
419	esac
420
421	case ${icmp_drop_redirect} in
422	[Yy][Ee][Ss])
423		echo -n ' ignore ICMP redirect=YES'
424		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
425		;;
426	esac
427
428	case ${icmp_log_redirect} in
429	[Yy][Ee][Ss])
430		echo -n ' log ICMP redirect=YES'
431		sysctl net.inet.icmp.log_redirect=1 >/dev/null
432		;;
433	esac
434
435	case ${gateway_enable} in
436	[Yy][Ee][Ss])
437		echo -n ' IP gateway=YES'
438		sysctl net.inet.ip.forwarding=1 >/dev/null
439		;;
440	esac
441
442	case ${forward_sourceroute} in
443	[Yy][Ee][Ss])
444		echo -n ' do source routing=YES'
445		sysctl net.inet.ip.sourceroute=1 >/dev/null
446		;;
447	esac
448
449	case ${accept_sourceroute} in
450	[Yy][Ee][Ss])
451		echo -n ' accept source routing=YES'
452		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
453		;;
454	esac
455
456	case ${tcp_keepalive} in
457	[Nn][Oo])
458		echo -n ' TCP keepalive=NO'
459		sysctl net.inet.tcp.always_keepalive=0 >/dev/null
460		;;
461	esac
462
463	case ${tcp_drop_synfin} in
464	[Yy][Ee][Ss])
465		echo -n ' drop SYN+FIN packets=YES'
466		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
467		;;
468	esac
469
470	case ${ipxgateway_enable} in
471	[Yy][Ee][Ss])
472		echo -n ' IPX gateway=YES'
473		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
474		;;
475	esac
476
477	case ${arpproxy_all} in
478	[Yy][Ee][Ss])
479		echo -n ' ARP proxyall=YES'
480		sysctl net.link.ether.inet.proxyall=1 >/dev/null
481		;;
482	esac
483
484	case ${ip_portrange_first} in
485	[Nn][Oo] | '')
486		;;
487	*)
488		echo -n " ip_portrange_first=$ip_portrange_first"
489		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
490		;;
491	esac
492
493	case ${ip_portrange_last} in
494	[Nn][Oo] | '')
495		;;
496	*)
497		echo -n " ip_portrange_last=$ip_portrange_last"
498		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
499		;;
500	esac
501
502	echo '.'
503
504	case ${ipsec_enable} in
505	[Yy][Ee][Ss])
506		if [ -f ${ipsec_file} ]; then
507		    echo ' ipsec: enabled'
508		    setkey -f ${ipsec_file}
509		else
510		    echo ' ipsec: file not found'
511		fi
512		;;
513	esac
514
515	echo -n 'Routing daemons:'
516	case ${router_enable} in
517	[Yy][Ee][Ss])
518		echo -n " ${router}";	${router} ${router_flags}
519		;;
520	esac
521
522	case ${ipxrouted_enable} in
523	[Yy][Ee][Ss])
524		echo -n ' IPXrouted'
525		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
526		;;
527	esac
528
529	case ${mrouted_enable} in
530	[Yy][Ee][Ss])
531		echo -n ' mrouted';	mrouted ${mrouted_flags}
532		;;
533	esac
534
535	case ${rarpd_enable} in
536	[Yy][Ee][Ss])
537		echo -n ' rarpd';	rarpd ${rarpd_flags}
538		;;
539	esac
540	echo '.'
541
542	# Let future generations know we made it.
543	#
544	network_pass1_done=YES
545}
546
547network_pass2() {
548	echo -n 'Doing additional network setup:'
549	case ${named_enable} in
550	[Yy][Ee][Ss])
551		echo -n ' named';	${named_program:-named} ${named_flags}
552		;;
553	esac
554
555	case ${ntpdate_enable} in
556	[Yy][Ee][Ss])
557		echo -n ' ntpdate'
558		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
559		;;
560	esac
561
562	case ${xntpd_enable} in
563	[Yy][Ee][Ss])
564		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
565		;;
566	esac
567
568	case ${timed_enable} in
569	[Yy][Ee][Ss])
570		echo -n ' timed';	timed ${timed_flags}
571		;;
572	esac
573
574	case ${portmap_enable} in
575	[Yy][Ee][Ss])
576		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
577			${portmap_flags}
578
579		# Start ypserv if we're an NIS server.
580		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
581		#
582		case ${nis_server_enable} in
583		[Yy][Ee][Ss])
584			echo -n ' ypserv'; ypserv ${nis_server_flags}
585
586			case ${nis_ypxfrd_enable} in
587			[Yy][Ee][Ss])
588				echo -n ' rpc.ypxfrd'
589				rpc.ypxfrd ${nis_ypxfrd_flags}
590				;;
591			esac
592
593			case ${nis_yppasswdd_enable} in
594			[Yy][Ee][Ss])
595				echo -n ' rpc.yppasswdd'
596				rpc.yppasswdd ${nis_yppasswdd_flags}
597				;;
598			esac
599			;;
600		esac
601
602		# Start ypbind if we're an NIS client
603		#
604		case ${nis_client_enable} in
605		[Yy][Ee][Ss])
606			echo -n ' ypbind'; ypbind ${nis_client_flags}
607			case ${nis_ypset_enable} in
608			[Yy][Ee][Ss])
609				echo -n ' ypset';	ypset ${nis_ypset_flags}
610				;;
611			esac
612			;;
613		esac
614
615		# Start keyserv if we are running Secure RPC
616		#
617		case ${keyserv_enable} in
618		[Yy][Ee][Ss])
619			echo -n ' keyserv';	keyserv ${keyserv_flags}
620			;;
621		esac
622
623		# Start ypupdated if we are running Secure RPC
624		# and we are NIS master
625		#
626		case ${rpc_ypupdated_enable} in
627		[Yy][Ee][Ss])
628			echo -n ' rpc.ypupdated';	rpc.ypupdated
629			;;
630		esac
631		;;
632	esac
633
634	# Start ATM daemons
635	if [ -n "${atm_pass2_done}" ]; then
636		atm_pass3
637	fi
638
639	echo '.'
640	network_pass2_done=YES
641}
642
643network_pass3() {
644	echo -n 'Starting final network daemons:'
645
646	case ${portmap_enable} in
647	[Yy][Ee][Ss])
648		case ${nfs_server_enable} in
649		[Yy][Ee][Ss])
650			# Handle absent nfs server support
651			nfsserver_in_kernel=0
652			if sysctl vfs.nfsrv >/dev/null 2>&1; then
653				nfsserver_in_kernel=1
654			else
655				kldload nfsserver && nfsserver_in_kernel=1
656			fi
657
658			if [ -r /etc/exports -a \
659			    ${nfsserver_in_kernel} -eq 1 ]; then
660				echo -n ' mountd'
661
662				case ${weak_mountd_authentication} in
663				[Yy][Ee][Ss])
664					mountd_flags="${mountd_flags} -n"
665					;;
666				esac
667
668				mountd ${mountd_flags}
669
670				case ${nfs_reserved_port_only} in
671				[Yy][Ee][Ss])
672					echo -n ' NFS on reserved port only=YES'
673					sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
674					;;
675				esac
676
677				echo -n ' nfsd';	nfsd ${nfs_server_flags}
678
679				case ${rpc_statd_enable} in
680				[Yy][Ee][Ss])
681					echo -n ' rpc.statd';	rpc.statd
682					;;
683				esac
684
685				case ${rpc_lockd_enable} in
686				[Yy][Ee][Ss])
687					echo -n ' rpc.lockd';	rpc.lockd
688					;;
689				esac
690			else
691				echo -n ' Warning: nfs server failed'
692			fi
693			;;
694		*)
695			case ${single_mountd_enable} in
696			[Yy][Ee][Ss])
697				if [ -r /etc/exports ]; then
698					echo -n ' mountd'
699
700					case ${weak_mountd_authentication} in
701					[Yy][Ee][Ss])
702						mountd_flags="-n"
703						;;
704					esac
705
706					mountd ${mountd_flags}
707				fi
708				;;
709			esac
710			;;
711		esac
712
713		case ${nfs_client_enable} in
714		[Yy][Ee][Ss])
715			nfsclient_in_kernel=0
716			# Handle absent nfs client support
717			if sysctl vfs.nfs >/dev/null 2>&1; then
718				nfsclient_in_kernel=1
719			else
720				kldload nfsclient && nfsclient_in_kernel=1
721			fi
722
723			if [ ${nfsclient_in_kernel} -eq 1 ]
724			then
725				if [ -n "${nfs_access_cache}" ]; then
726					echo -n " NFS access cache time=${nfs_access_cache}"
727					sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
728				fi
729				if [ -n "${nfs_bufpackets}" ]; then
730					sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
731				fi
732				case ${rpc_statd_enable} in
733				[Yy][Ee][Ss])
734					echo -n ' rpc.statd';	rpc.statd
735					;;
736				esac
737
738				case ${rpc_lockd_enable} in
739				[Yy][Ee][Ss])
740					echo -n ' rpc.lockd';	rpc.lockd
741					;;
742				esac
743
744				case ${amd_enable} in
745				[Yy][Ee][Ss])
746					echo -n ' amd'
747					case ${amd_map_program} in
748					[Nn][Oo] | '')
749						;;
750					*)
751						amd_flags="${amd_flags} `eval\
752							${amd_map_program}`"
753						;;
754					esac
755
756					amd -p ${amd_flags} > /var/run/amd.pid \
757						2> /dev/null &
758					;;
759				esac
760			else
761				echo 'Warning: NFS client kernel module failed to load'
762				nfs_client_enable=NO
763			fi
764			;;
765		esac
766
767		# If /var/db/mounttab exists, some nfs-server has not been
768		# successfully notified about a previous client shutdown.
769		# If there is no /var/db/mounttab, we do nothing.
770		if [ -f /var/db/mounttab ]; then
771			rpc.umntall -k
772		fi
773
774		;;
775	esac
776
777	case ${rwhod_enable} in
778	[Yy][Ee][Ss])
779		echo -n ' rwhod';	rwhod ${rwhod_flags}
780		;;
781	esac
782
783	# Kerberos servers run ONLY on the Kerberos server machine
784	case ${kerberos4_server_enable} in
785	[Yy][Ee][Ss])
786		case ${kerberos_stash} in
787		[Yy][Ee][Ss])
788			stash=-n
789			;;
790		*)
791			stash=
792			;;
793		esac
794
795		echo -n ' kerberosIV'
796		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
797
798		case ${kadmind4_server_enable} in
799		[Yy][Ee][Ss])
800			echo -n ' kadmindIV'
801			(
802				sleep 20;
803				${kadmind4_server} ${stash} >/dev/null 2>&1 &
804			) &
805			;;
806		esac
807		unset stash_flag
808		;;
809	esac
810
811	case ${kerberos5_server_enable} in
812	[Yy][Ee][Ss])
813		echo -n ' kerberos5'
814		${kerberos5_server} &
815
816		case ${kadmind5_server_enable} in
817		[Yy][Ee][Ss])
818			echo -n ' kadmind5'
819			${kadmind5_server} &
820			;;
821		esac
822		;;
823	esac
824
825	case ${pppoed_enable} in
826	[Yy][Ee][Ss])
827		if [ -n "${pppoed_provider}" ]; then
828			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
829		fi
830		echo -n ' pppoed';
831		_opts=$-; set -f
832		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
833		set +f; set -${_opts}
834		;;
835	esac
836
837	case ${sshd_enable} in
838	[Yy][Ee][Ss])
839		if [ ! -f /etc/ssh/ssh_host_key ]; then
840			echo ' creating ssh RSA host key';
841			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
842		fi
843		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
844			echo ' creating ssh DSA host key';
845			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
846		fi
847		;;
848	esac
849
850	echo '.'
851	network_pass3_done=YES
852}
853
854network_pass4() {
855	echo -n 'Additional TCP options:'
856	case ${log_in_vain} in
857	[Nn][Oo] | '')
858		log_in_vain=0
859		;;
860	[Yy][Ee][Ss])
861		log_in_vain=1
862		;;
863	[0-9]*)
864		;;
865	*)
866		echo " invalid log_in_vain setting: ${log_in_vain}"
867		log_in_vain=0
868		;;
869	esac
870
871	[ "${log_in_vain}" -ne 0 ] && (
872	    echo -n " log_in_vain=${log_in_vain}"
873	    sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
874	    sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
875	)
876	echo '.'
877	network_pass4_done=YES
878}
879
880network_gif_setup() {
881	case ${gif_interfaces} in
882	[Nn][Oo] | '')
883		;;
884	*)
885		for i in ${gif_interfaces}; do
886			eval peers=\$gifconfig_$i
887			case ${peers} in
888			'')
889				continue
890				;;
891			*)
892				ifconfig $i create >/dev/null 2>&1
893				ifconfig $i tunnel ${peers}
894				;;
895			esac
896		done
897		;;
898	esac
899}
900
901convert_host_conf() {
902    host_conf=$1; shift;
903    nsswitch_conf=$1; shift;
904    awk '                                                                   \
905        /^[:blank:]*#/       { next }                                       \
906        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
907        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
908        /nis/                { nsswitch[c] = "nis";   c++; next }           \
909        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
910        END {                                                               \
911                printf "hosts: ";                                           \
912                for (i in nsswitch) printf "%s ", nsswitch[i];              \
913                printf "\n";                                                \
914        }' < $host_conf > $nsswitch_conf
915}
916
917generate_host_conf() {
918    nsswitch_conf=$1; shift;
919    host_conf=$1; shift;
920    
921    awk '
922BEGIN {
923    xlat["files"] = "hosts";
924    xlat["dns"] = "bind";
925    xlat["nis"] = "nis";
926    cont = 0;
927}
928sub(/^[\t ]*hosts:/, "") || cont {
929    if (!cont)
930	srcs = ""
931    sub(/#.*/, "")
932    gsub(/[][]/, " & ")
933    cont = sub(/\\$/, "")
934    srcs = srcs " " $0
935}
936END {
937    print "# Auto-generated from nsswitch.conf, do not edit"
938    ns = split(srcs, s)
939    for (n = 1; n <= ns; ++n) {
940        if (s[n] in xlat)
941            print xlat[s[n]]
942    }
943}
944' <$nsswitch_conf >$host_conf
945}
946