defaultroute revision 92478 
11983Swollman#!/bin/sh -
250476Speter#
31983Swollman# Copyright (c) 1993  The FreeBSD Project
4156813Sru# All rights reserved.
5156813Sru#
6146956Sru# Redistribution and use in source and binary forms, with or without
71983Swollman# modification, are permitted provided that the following conditions
81983Swollman# are met:
91983Swollman# 1. Redistributions of source code must retain the above copyright
101983Swollman#    notice, this list of conditions and the following disclaimer.
1126215Swpaul# 2. Redistributions in binary form must reproduce the above copyright
1226215Swpaul#    notice, this list of conditions and the following disclaimer in the
131983Swollman#    documentation and/or other materials provided with the distribution.
14137675Sbz#
1536166Swpaul# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
161983Swollman# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17156813Sru# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18137675Sbz# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19137675Sbz# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20137675Sbz# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21231118Sdim# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
221983Swollman# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2396573Sru# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
241983Swollman# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2526215Swpaul# SUCH DAMAGE.
261983Swollman#
2726215Swpaul# $FreeBSD: head/etc/rc.d/routing 92478 2002-03-17 07:35:51Z dougb $
2826215Swpaul#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
2926215Swpaul#
3033800Sbde
3126215Swpaul# Note that almost all of the user-configurable behavior is no longer in
32176006Smatteo# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33175965Smatteo# first before contemplating any changes here.  If you do need to change
341983Swollman# this file for some reason, we would like to know about it.
351983Swollman
361983Swollman# First pass startup stuff.
371983Swollman#
381983Swollmannetwork_pass1() {
3917934Speter	echo -n 'Doing initial network setup:'
401983Swollman
4126215Swpaul	# Generate host.conf for compatibility
4226215Swpaul	#
43	if [ -f "/etc/nsswitch.conf" ]; then
44		echo -n ' host.conf'
45		generate_host_conf /etc/nsswitch.conf /etc/host.conf
46	fi
47
48	# Convert host.conf to nsswitch.conf if necessary
49	#
50	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
51		echo ''
52		echo 'Warning: /etc/host.conf is no longer used'
53		echo '  /etc/nsswitch.conf will be created for you'
54		convert_host_conf /etc/host.conf /etc/nsswitch.conf
55	fi
56
57	# Set the host name if it is not already set
58	#
59	if [ -z "`hostname -s`" ]; then
60		hostname ${hostname}
61		echo -n ' hostname'
62	fi
63
64	# Establish ipfilter ruleset as early as possible (best in
65	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
66
67	# check whether ipfilter and/or ipnat is enabled
68	ipfilter_active="NO"
69	case ${ipfilter_enable} in
70	[Yy][Ee][Ss])
71		ipfilter_active="YES"
72		;;
73	esac
74	case ${ipnat_enable} in
75	[Yy][Ee][Ss])
76		ipfilter_active="YES"
77		;;
78	esac
79	case ${ipfilter_active} in
80	[Yy][Ee][Ss])
81		# load ipfilter kernel module if needed
82		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
83			if kldload ipl; then
84				echo 'IP-filter module loaded.'
85			else
86				echo 'Warning: IP-filter module failed to load.'
87				# avoid further errors
88				ipmon_enable="NO"
89				ipfilter_enable="NO"
90				ipnat_enable="NO"
91				ipfs_enable="NO"
92			fi
93		fi
94		# start ipmon before loading any rules
95		case "${ipmon_enable}" in
96		[Yy][Ee][Ss])
97			echo -n ' ipmon'
98			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
99			;;
100		esac
101		case "${ipfilter_enable}" in
102		[Yy][Ee][Ss])
103			if [ -r "${ipfilter_rules}" ]; then
104				echo -n ' ipfilter'
105				${ipfilter_program:-/sbin/ipf} -Fa -f \
106				    "${ipfilter_rules}" ${ipfilter_flags}
107			else
108				ipfilter_enable="NO"
109				echo -n ' NO IPF RULES'
110			fi
111			;;
112		esac
113		case "${ipnat_enable}" in
114		[Yy][Ee][Ss])
115			if [ -r "${ipnat_rules}" ]; then
116				echo -n ' ipnat'
117				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
118				    "${ipnat_rules}" ${ipnat_flags}
119			else
120				ipnat_enable="NO"
121				echo -n ' NO IPNAT RULES'
122			fi
123			;;
124		esac
125		# restore filter/NAT state tables after loading the rules
126		case "${ipfs_enable}" in
127		[Yy][Ee][Ss])
128			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
129				echo -n ' ipfs'
130				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
131				# remove files to avoid reloading old state
132				# after an ungraceful shutdown
133				rm -f /var/db/ipf/ipstate.ipf
134				rm -f /var/db/ipf/ipnat.ipf
135			fi
136			;;
137		esac
138		;;
139	esac
140
141	# Set the domainname if we're using NIS
142	#
143	case ${nisdomainname} in
144	[Nn][Oo] | '')
145		;;
146	*)
147		domainname ${nisdomainname}
148		echo -n ' domain'
149		;;
150	esac
151
152	echo '.'
153
154	# Initial ATM interface configuration
155	#
156	case ${atm_enable} in
157	[Yy][Ee][Ss])
158		if [ -r /etc/rc.atm ]; then
159			. /etc/rc.atm
160			atm_pass1
161		fi
162		;;
163	esac
164
165	# Attempt to create cloned interfaces.
166	for ifn in ${cloned_interfaces}; do
167		ifconfig ${ifn} create
168	done
169
170	# Special options for sppp(4) interfaces go here.  These need
171	# to go _before_ the general ifconfig section, since in the case
172	# of hardwired (no link1 flag) but required authentication, you
173	# cannot pass auth parameters down to the already running interface.
174	#
175	for ifn in ${sppp_interfaces}; do
176		eval spppcontrol_args=\$spppconfig_${ifn}
177		if [ -n "${spppcontrol_args}" ]; then
178			# The auth secrets might contain spaces; in order
179			# to retain the quotation, we need to eval them
180			# here.
181			eval spppcontrol ${ifn} ${spppcontrol_args}
182		fi
183	done
184
185	# gifconfig
186	network_gif_setup
187
188	# Set up all the network interfaces, calling startup scripts if needed
189	#
190	case ${network_interfaces} in
191	[Aa][Uu][Tt][Oo])
192		network_interfaces="`ifconfig -l`"
193		;;
194	*)
195		network_interfaces="${network_interfaces} ${cloned_interfaces}"
196		;;
197	esac
198
199	dhcp_interfaces=""
200	for ifn in ${network_interfaces}; do
201		if [ -r /etc/start_if.${ifn} ]; then
202			. /etc/start_if.${ifn}
203			eval showstat_$ifn=1
204		fi
205
206		# Do the primary ifconfig if specified
207		#
208		eval ifconfig_args=\$ifconfig_${ifn}
209
210		case ${ifconfig_args} in
211		'')
212			;;
213		[Dd][Hh][Cc][Pp])
214			# DHCP inits are done all in one go below
215			dhcp_interfaces="$dhcp_interfaces $ifn"
216			eval showstat_$ifn=1
217			;;
218		*)
219			ifconfig ${ifn} ${ifconfig_args}
220			eval showstat_$ifn=1
221			;;
222		esac
223	done
224
225	if [ ! -z "${dhcp_interfaces}" ]; then
226		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
227	fi
228
229	for ifn in ${network_interfaces}; do
230		# Check to see if aliases need to be added
231		#
232		alias=0
233		while : ; do
234			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
235			if [ -n "${ifconfig_args}" ]; then
236				ifconfig ${ifn} ${ifconfig_args} alias
237				eval showstat_$ifn=1
238				alias=$((${alias} + 1))
239			else
240				break;
241			fi
242		done
243
244		# Do ipx address if specified
245		#
246		eval ifconfig_args=\$ifconfig_${ifn}_ipx
247		if [ -n "${ifconfig_args}" ]; then
248			ifconfig ${ifn} ${ifconfig_args}
249			eval showstat_$ifn=1
250		fi
251	done
252
253	for ifn in ${network_interfaces}; do
254		eval showstat=\$showstat_${ifn}
255		if [ ! -z ${showstat} ]; then
256			ifconfig ${ifn}
257		fi
258	done
259
260	# ISDN subsystem startup
261	#
262	case ${isdn_enable} in
263	[Yy][Ee][Ss])
264		if [ -r /etc/rc.isdn ]; then
265			. /etc/rc.isdn
266		fi
267		;;
268	esac
269
270	# Start user ppp if required.  This must happen before natd.
271	#
272	case ${ppp_enable} in
273	[Yy][Ee][Ss])
274		# Establish ppp mode.
275		#
276		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
277			-a "${ppp_mode}" != "dedicated" \
278			-a "${ppp_mode}" != "background" ]; then
279			ppp_mode="auto"
280		fi
281
282		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
283
284		# Switch on NAT mode?
285		#
286		case ${ppp_nat} in
287		[Yy][Ee][Ss])
288			ppp_command="${ppp_command} -nat"
289			;;
290		esac
291
292		ppp_command="${ppp_command} ${ppp_profile}"
293
294		echo "Starting ppp as \"${ppp_user}\""
295		su -m ${ppp_user} -c "exec ${ppp_command}"
296		;;
297	esac
298
299	# Re-Sync ipfilter so it picks up any new network interfaces
300	#
301	case ${ipfilter_enable} in
302	[Yy][Ee][Ss])
303		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
304		;;
305	esac
306
307	# Initialize IP filtering using ipfw
308	#
309	if /sbin/ipfw -q flush > /dev/null 2>&1; then
310		firewall_in_kernel=1
311	else
312		firewall_in_kernel=0
313	fi
314
315	case ${firewall_enable} in
316	[Yy][Ee][Ss])
317		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
318			firewall_in_kernel=1
319			echo 'Kernel firewall module loaded'
320		elif [ "${firewall_in_kernel}" -eq 0 ]; then
321			echo 'Warning: firewall kernel module failed to load'
322		fi
323		;;
324	esac
325
326	# Load the filters if required
327	#
328	case ${firewall_in_kernel} in
329	1)
330		if [ -z "${firewall_script}" ]; then
331			firewall_script=/etc/rc.firewall
332		fi
333
334		case ${firewall_enable} in
335		[Yy][Ee][Ss])
336			if [ -r "${firewall_script}" ]; then
337				. "${firewall_script}"
338				echo -n 'Firewall rules loaded, starting divert daemons:'
339
340				# Network Address Translation daemon
341				#
342				case ${natd_enable} in
343				[Yy][Ee][Ss])
344					if [ -n "${natd_interface}" ]; then
345						if echo ${natd_interface} | \
346							grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
347							natd_flags="$natd_flags -a ${natd_interface}"
348						else
349							natd_flags="$natd_flags -n ${natd_interface}"
350						fi
351					fi
352					echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
353					;;
354				esac
355
356				echo '.'
357
358			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
359				echo 'Warning: kernel has firewall functionality,' \
360				     'but firewall rules are not enabled.'
361				echo '		 All ip services are disabled.'
362			fi
363
364			case ${firewall_logging} in
365			[Yy][Ee][Ss] | '')
366				echo 'Firewall logging=YES'
367				sysctl net.inet.ip.fw.verbose=1 >/dev/null
368				;;
369			*)
370				;;
371			esac
372
373			;;
374		esac
375		;;
376	esac
377
378	# Additional ATM interface configuration
379	#
380	if [ -n "${atm_pass1_done}" ]; then
381		atm_pass2
382	fi
383
384	# Configure routing
385	#
386	case ${defaultrouter} in
387	[Nn][Oo] | '')
388		;;
389	*)
390		static_routes="default ${static_routes}"
391		route_default="default ${defaultrouter}"
392		;;
393	esac
394
395	# Set up any static routes.  This should be done before router discovery.
396	#
397	if [ -n "${static_routes}" ]; then
398		for i in ${static_routes}; do
399			eval route_args=\$route_${i}
400			route add ${route_args}
401		done
402	fi
403
404	echo -n 'Additional routing options:'
405	case ${tcp_extensions} in
406	[Yy][Ee][Ss] | '')
407		;;
408	*)
409		echo -n ' tcp extensions=NO'
410		sysctl net.inet.tcp.rfc1323=0 >/dev/null
411		;;
412	esac
413
414	case ${icmp_bmcastecho} in
415	[Yy][Ee][Ss])
416		echo -n ' broadcast ping responses=YES'
417		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
418		;;
419	esac
420
421	case ${icmp_drop_redirect} in
422	[Yy][Ee][Ss])
423		echo -n ' ignore ICMP redirect=YES'
424		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
425		;;
426	esac
427
428	case ${icmp_log_redirect} in
429	[Yy][Ee][Ss])
430		echo -n ' log ICMP redirect=YES'
431		sysctl net.inet.icmp.log_redirect=1 >/dev/null
432		;;
433	esac
434
435	case ${gateway_enable} in
436	[Yy][Ee][Ss])
437		echo -n ' IP gateway=YES'
438		sysctl net.inet.ip.forwarding=1 >/dev/null
439		;;
440	esac
441
442	case ${forward_sourceroute} in
443	[Yy][Ee][Ss])
444		echo -n ' do source routing=YES'
445		sysctl net.inet.ip.sourceroute=1 >/dev/null
446		;;
447	esac
448
449	case ${accept_sourceroute} in
450	[Yy][Ee][Ss])
451		echo -n ' accept source routing=YES'
452		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
453		;;
454	esac
455
456	case ${tcp_keepalive} in
457	[Nn][Oo])
458		echo -n ' TCP keepalive=NO'
459		sysctl net.inet.tcp.always_keepalive=0 >/dev/null
460		;;
461	esac
462
463	case ${tcp_drop_synfin} in
464	[Yy][Ee][Ss])
465		echo -n ' drop SYN+FIN packets=YES'
466		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
467		;;
468	esac
469
470	case ${ipxgateway_enable} in
471	[Yy][Ee][Ss])
472		echo -n ' IPX gateway=YES'
473		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
474		;;
475	esac
476
477	case ${arpproxy_all} in
478	[Yy][Ee][Ss])
479		echo -n ' ARP proxyall=YES'
480		sysctl net.link.ether.inet.proxyall=1 >/dev/null
481		;;
482	esac
483
484	case ${ip_portrange_first} in
485	[Nn][Oo] | '')
486		;;
487	*)
488		echo -n " ip_portrange_first=$ip_portrange_first"
489		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
490		;;
491	esac
492
493	case ${ip_portrange_last} in
494	[Nn][Oo] | '')
495		;;
496	*)
497		echo -n " ip_portrange_last=$ip_portrange_last"
498		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
499		;;
500	esac
501
502	echo '.'
503
504	case ${ipsec_enable} in
505	[Yy][Ee][Ss])
506		if [ -f ${ipsec_file} ]; then
507		    echo ' ipsec: enabled'
508		    setkey -f ${ipsec_file}
509		else
510		    echo ' ipsec: file not found'
511		fi
512		;;
513	esac
514
515	echo -n 'Routing daemons:'
516	case ${router_enable} in
517	[Yy][Ee][Ss])
518		echo -n " ${router}";	${router} ${router_flags}
519		;;
520	esac
521
522	case ${ipxrouted_enable} in
523	[Yy][Ee][Ss])
524		echo -n ' IPXrouted'
525		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
526		;;
527	esac
528
529	case ${mrouted_enable} in
530	[Yy][Ee][Ss])
531		echo -n ' mrouted';	mrouted ${mrouted_flags}
532		;;
533	esac
534
535	case ${rarpd_enable} in
536	[Yy][Ee][Ss])
537		echo -n ' rarpd';	rarpd ${rarpd_flags}
538		;;
539	esac
540	echo '.'
541
542	# Let future generations know we made it.
543	#
544	network_pass1_done=YES
545}
546
547network_pass2() {
548	echo -n 'Doing additional network setup:'
549	case ${named_enable} in
550	[Yy][Ee][Ss])
551		echo -n ' named';	${named_program:-named} ${named_flags}
552		;;
553	esac
554
555	case ${ntpdate_enable} in
556	[Yy][Ee][Ss])
557		echo -n ' ntpdate'
558		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
559		;;
560	esac
561
562	case ${xntpd_enable} in
563	[Yy][Ee][Ss])
564		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
565		;;
566	esac
567
568	case ${timed_enable} in
569	[Yy][Ee][Ss])
570		echo -n ' timed';	timed ${timed_flags}
571		;;
572	esac
573
574	case ${portmap_enable} in
575	[Yy][Ee][Ss])
576		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
577			${portmap_flags}
578
579		# Start ypserv if we're an NIS server.
580		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
581		#
582		case ${nis_server_enable} in
583		[Yy][Ee][Ss])
584			echo -n ' ypserv'; ypserv ${nis_server_flags}
585
586			case ${nis_ypxfrd_enable} in
587			[Yy][Ee][Ss])
588				echo -n ' rpc.ypxfrd'
589				rpc.ypxfrd ${nis_ypxfrd_flags}
590				;;
591			esac
592
593			case ${nis_yppasswdd_enable} in
594			[Yy][Ee][Ss])
595				echo -n ' rpc.yppasswdd'
596				rpc.yppasswdd ${nis_yppasswdd_flags}
597				;;
598			esac
599			;;
600		esac
601
602		# Start ypbind if we're an NIS client
603		#
604		case ${nis_client_enable} in
605		[Yy][Ee][Ss])
606			echo -n ' ypbind'; ypbind ${nis_client_flags}
607			case ${nis_ypset_enable} in
608			[Yy][Ee][Ss])
609				echo -n ' ypset';	ypset ${nis_ypset_flags}
610				;;
611			esac
612			;;
613		esac
614
615		# Start keyserv if we are running Secure RPC
616		#
617		case ${keyserv_enable} in
618		[Yy][Ee][Ss])
619			echo -n ' keyserv';	keyserv ${keyserv_flags}
620			;;
621		esac
622
623		# Start ypupdated if we are running Secure RPC
624		# and we are NIS master
625		#
626		case ${rpc_ypupdated_enable} in
627		[Yy][Ee][Ss])
628			echo -n ' rpc.ypupdated';	rpc.ypupdated
629			;;
630		esac
631		;;
632	esac
633
634	# Start ATM daemons
635	if [ -n "${atm_pass2_done}" ]; then
636		atm_pass3
637	fi
638
639	echo '.'
640	network_pass2_done=YES
641}
642
643network_pass3() {
644	echo -n 'Starting final network daemons:'
645
646	case ${portmap_enable} in
647	[Yy][Ee][Ss])
648		case ${nfs_server_enable} in
649		[Yy][Ee][Ss])
650			# Handle absent nfs server support
651			nfsserver_in_kernel=0
652			if sysctl vfs.nfsrv >/dev/null 2>&1; then
653				nfsserver_in_kernel=1
654			else
655				kldload nfsserver && nfsserver_in_kernel=1
656			fi
657
658			if [ -r /etc/exports -a \
659			    ${nfsserver_in_kernel} -eq 1 ]; then
660				echo -n ' mountd'
661
662				case ${weak_mountd_authentication} in
663				[Yy][Ee][Ss])
664					mountd_flags="${mountd_flags} -n"
665					;;
666				esac
667
668				mountd ${mountd_flags}
669
670				case ${nfs_reserved_port_only} in
671				[Yy][Ee][Ss])
672					echo -n ' NFS on reserved port only=YES'
673					sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
674					;;
675				esac
676
677				echo -n ' nfsd';	nfsd ${nfs_server_flags}
678
679				case ${rpc_statd_enable} in
680				[Yy][Ee][Ss])
681					echo -n ' rpc.statd';	rpc.statd
682					;;
683				esac
684
685				case ${rpc_lockd_enable} in
686				[Yy][Ee][Ss])
687					echo -n ' rpc.lockd';	rpc.lockd
688					;;
689				esac
690			else
691				echo -n ' Warning: nfs server failed'
692			fi
693			;;
694		*)
695			case ${single_mountd_enable} in
696			[Yy][Ee][Ss])
697				if [ -r /etc/exports ]; then
698					echo -n ' mountd'
699
700					case ${weak_mountd_authentication} in
701					[Yy][Ee][Ss])
702						mountd_flags="-n"
703						;;
704					esac
705
706					mountd ${mountd_flags}
707				fi
708				;;
709			esac
710			;;
711		esac
712
713		case ${nfs_client_enable} in
714		[Yy][Ee][Ss])
715			nfsclient_in_kernel=0
716			# Handle absent nfs client support
717			if sysctl vfs.nfs >/dev/null 2>&1; then
718				nfsclient_in_kernel=1
719			else
720				kldload nfsclient && nfsclient_in_kernel=1
721			fi
722
723			if [ ${nfsclient_in_kernel} -eq 1 ]
724			then
725				if [ -n "${nfs_access_cache}" ]; then
726					echo -n " NFS access cache time=${nfs_access_cache}"
727					sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
728				fi
729				if [ -n "${nfs_bufpackets}" ]; then
730					sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
731				fi
732				case ${rpc_statd_enable} in
733				[Yy][Ee][Ss])
734					echo -n ' rpc.statd';	rpc.statd
735					;;
736				esac
737
738				case ${rpc_lockd_enable} in
739				[Yy][Ee][Ss])
740					echo -n ' rpc.lockd';	rpc.lockd
741					;;
742				esac
743
744				case ${amd_enable} in
745				[Yy][Ee][Ss])
746					echo -n ' amd'
747					case ${amd_map_program} in
748					[Nn][Oo] | '')
749						;;
750					*)
751						amd_flags="${amd_flags} `eval\
752							${amd_map_program}`"
753						;;
754					esac
755
756					case "${amd_flags}" in
757					'')
758						echo ''
759			echo 'Warning: amd will not load without arguments'
760						;;
761					*)
762						amd -p ${amd_flags} \
763							 >/var/run/amd.pid \
764							2>/dev/null &
765						;;
766					esac
767					;;
768				esac
769			else
770				echo 'Warning: NFS client kernel module failed to load'
771				nfs_client_enable=NO
772			fi
773			;;
774		esac
775
776		# If /var/db/mounttab exists, some nfs-server has not been
777		# successfully notified about a previous client shutdown.
778		# If there is no /var/db/mounttab, we do nothing.
779		if [ -f /var/db/mounttab ]; then
780			rpc.umntall -k
781		fi
782
783		;;
784	esac
785
786	case ${rwhod_enable} in
787	[Yy][Ee][Ss])
788		echo -n ' rwhod';	rwhod ${rwhod_flags}
789		;;
790	esac
791
792	# Kerberos servers run ONLY on the Kerberos server machine
793	case ${kerberos4_server_enable} in
794	[Yy][Ee][Ss])
795		case ${kerberos_stash} in
796		[Yy][Ee][Ss])
797			stash=-n
798			;;
799		*)
800			stash=
801			;;
802		esac
803
804		echo -n ' kerberosIV'
805		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
806
807		case ${kadmind4_server_enable} in
808		[Yy][Ee][Ss])
809			echo -n ' kadmindIV'
810			(
811				sleep 20;
812				${kadmind4_server} ${stash} >/dev/null 2>&1 &
813			) &
814			;;
815		esac
816		unset stash_flag
817		;;
818	esac
819
820	case ${kerberos5_server_enable} in
821	[Yy][Ee][Ss])
822		echo -n ' kerberos5'
823		${kerberos5_server} &
824
825		case ${kadmind5_server_enable} in
826		[Yy][Ee][Ss])
827			echo -n ' kadmind5'
828			${kadmind5_server} &
829			;;
830		esac
831		;;
832	esac
833
834	case ${pppoed_enable} in
835	[Yy][Ee][Ss])
836		if [ -n "${pppoed_provider}" ]; then
837			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
838		fi
839		echo -n ' pppoed';
840		_opts=$-; set -f
841		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
842		set +f; set -${_opts}
843		;;
844	esac
845
846	case ${sshd_enable} in
847	[Yy][Ee][Ss])
848		if [ ! -f /etc/ssh/ssh_host_key ]; then
849			echo ' creating ssh RSA host key';
850			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
851		fi
852		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
853			echo ' creating ssh DSA host key';
854			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
855		fi
856		;;
857	esac
858
859	echo '.'
860	network_pass3_done=YES
861}
862
863network_pass4() {
864	echo -n 'Additional TCP options:'
865	case ${log_in_vain} in
866	[Nn][Oo] | '')
867		log_in_vain=0
868		;;
869	[Yy][Ee][Ss])
870		log_in_vain=1
871		;;
872	[0-9]*)
873		;;
874	*)
875		echo " invalid log_in_vain setting: ${log_in_vain}"
876		log_in_vain=0
877		;;
878	esac
879
880	[ "${log_in_vain}" -ne 0 ] && (
881	    echo -n " log_in_vain=${log_in_vain}"
882	    sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
883	    sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
884	)
885	echo '.'
886	network_pass4_done=YES
887}
888
889network_gif_setup() {
890	case ${gif_interfaces} in
891	[Nn][Oo] | '')
892		;;
893	*)
894		for i in ${gif_interfaces}; do
895			eval peers=\$gifconfig_$i
896			case ${peers} in
897			'')
898				continue
899				;;
900			*)
901				ifconfig $i create >/dev/null 2>&1
902				ifconfig $i tunnel ${peers}
903				;;
904			esac
905		done
906		;;
907	esac
908}
909
910convert_host_conf() {
911    host_conf=$1; shift;
912    nsswitch_conf=$1; shift;
913    awk '                                                                   \
914        /^[:blank:]*#/       { next }                                       \
915        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
916        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
917        /nis/                { nsswitch[c] = "nis";   c++; next }           \
918        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
919        END {                                                               \
920                printf "hosts: ";                                           \
921                for (i in nsswitch) printf "%s ", nsswitch[i];              \
922                printf "\n";                                                \
923        }' < $host_conf > $nsswitch_conf
924}
925
926generate_host_conf() {
927    nsswitch_conf=$1; shift;
928    host_conf=$1; shift;
929    
930    awk '
931BEGIN {
932    xlat["files"] = "hosts";
933    xlat["dns"] = "bind";
934    xlat["nis"] = "nis";
935    cont = 0;
936}
937sub(/^[\t ]*hosts:/, "") || cont {
938    if (!cont)
939	srcs = ""
940    sub(/#.*/, "")
941    gsub(/[][]/, " & ")
942    cont = sub(/\\$/, "")
943    srcs = srcs " " $0
944}
945END {
946    print "# Auto-generated from nsswitch.conf, do not edit"
947    ns = split(srcs, s)
948    for (n = 1; n <= ns; ++n) {
949        if (s[n] in xlat)
950            print xlat[s[n]]
951    }
952}
953' <$nsswitch_conf >$host_conf
954}
955