network.subr revision 80515 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/network.subr 80515 2001-07-28 19:57:57Z markm $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Convert host.conf to nsswitch.conf if necessary
42	if [ -f "/etc/host.conf" ]; then
43		echo ''
44		echo 'Warning: /etc/host.conf is no longer used'
45		if [ -f "/etc/nsswitch.conf" ]; then
46		    echo '  /etc/nsswitch.conf will be used instead'
47		else
48		    echo '  /etc/nsswitch.conf will be created for you'
49		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50		fi
51	fi
52
53	# Set the host name if it is not already set
54	#
55	if [ -z "`hostname -s`" ]; then
56		hostname ${hostname}
57		echo -n ' hostname'
58	fi
59
60	# Establish ipfilter ruleset as early as possible (best in
61	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62	#
63	case "${ipfilter_enable}" in
64	[Yy][Ee][Ss])
65		if [ -r "${ipfilter_rules}" ]; then
66			echo -n ' ipfilter';
67			${ipfilter_program:-/sbin/ipf -Fa -f} \
68			    "${ipfilter_rules}" ${ipfilter_flags}
69			case "${ipmon_enable}" in
70			[Yy][Ee][Ss])
71				echo -n ' ipmon'
72				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
73				;;
74			esac
75			case "${ipnat_enable}" in
76			[Yy][Ee][Ss])
77				if [ -r "${ipnat_rules}" ]; then
78					echo -n ' ipnat';
79				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
80					"${ipnat_rules}" ${ipnat_flags}
81				else
82					echo -n ' NO IPNAT RULES'
83				fi
84				;;
85			esac
86		else
87			ipfilter_enable="NO"
88			echo -n ' NO IPF RULES'
89		fi
90		;;
91	esac
92
93	# Set the domainname if we're using NIS
94	#
95	case ${nisdomainname} in
96	[Nn][Oo] | '')
97		;;
98	*)
99		domainname ${nisdomainname}
100		echo -n ' domain'
101		;;
102	esac
103
104	echo '.'
105
106	# Initial ATM interface configuration
107	#
108	case ${atm_enable} in
109	[Yy][Ee][Ss])
110		if [ -r /etc/rc.atm ]; then
111			. /etc/rc.atm
112			atm_pass1
113		fi
114		;;
115	esac
116
117	# Special options for sppp(4) interfaces go here.  These need
118	# to go _before_ the general ifconfig section, since in the case
119	# of hardwired (no link1 flag) but required authentication, you
120	# cannot pass auth parameters down to the already running interface.
121	#
122	for ifn in ${sppp_interfaces}; do
123		eval spppcontrol_args=\$spppconfig_${ifn}
124		if [ -n "${spppcontrol_args}" ]; then
125			# The auth secrets might contain spaces; in order
126			# to retain the quotation, we need to eval them
127			# here.
128			eval spppcontrol ${ifn} ${spppcontrol_args}
129		fi
130	done
131
132	# gifconfig
133	network_gif_setup
134
135	# Set up all the network interfaces, calling startup scripts if needed
136	#
137	case ${network_interfaces} in
138	[Aa][Uu][Tt][Oo])
139		network_interfaces="`ifconfig -l`"
140		;;
141	esac
142
143	dhcp_interfaces=""
144	for ifn in ${network_interfaces}; do
145		if [ -r /etc/start_if.${ifn} ]; then
146			. /etc/start_if.${ifn}
147			eval showstat_$ifn=1
148		fi
149
150		# Do the primary ifconfig if specified
151		#
152		eval ifconfig_args=\$ifconfig_${ifn}
153
154		case ${ifconfig_args} in
155		'')
156			;;
157		[Dd][Hh][Cc][Pp])
158			# DHCP inits are done all in one go below
159			dhcp_interfaces="$dhcp_interfaces $ifn"
160			eval showstat_$ifn=1
161			;;
162		*)
163			ifconfig ${ifn} ${ifconfig_args}
164			eval showstat_$ifn=1
165			;;
166		esac
167	done
168
169	if [ ! -z "${dhcp_interfaces}" ]; then
170		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
171	fi
172
173	for ifn in ${network_interfaces}; do
174		# Check to see if aliases need to be added
175		#
176		alias=0
177		while : ; do
178			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
179			if [ -n "${ifconfig_args}" ]; then
180				ifconfig ${ifn} ${ifconfig_args} alias
181				eval showstat_$ifn=1
182				alias=`expr ${alias} + 1`
183			else
184				break;
185			fi
186		done
187
188		# Do ipx address if specified
189		#
190		eval ifconfig_args=\$ifconfig_${ifn}_ipx
191		if [ -n "${ifconfig_args}" ]; then
192			ifconfig ${ifn} ${ifconfig_args}
193			eval showstat_$ifn=1
194		fi
195	done
196
197	for ifn in ${network_interfaces}; do
198		eval showstat=\$showstat_${ifn}
199		if [ ! -z ${showstat} ]; then
200			ifconfig ${ifn}
201		fi
202	done
203
204	# ISDN subsystem startup
205	#
206	case ${isdn_enable} in
207	[Yy][Ee][Ss])
208		if [ -r /etc/rc.isdn ]; then
209			. /etc/rc.isdn
210		fi
211		;;
212	esac
213
214	# Start user ppp if required.  This must happen before natd.
215	#
216	case ${ppp_enable} in
217	[Yy][Ee][Ss])
218		# Establish ppp mode.
219		#
220		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
221			-a "${ppp_mode}" != "dedicated" \
222			-a "${ppp_mode}" != "background" ]; then
223			ppp_mode="auto"
224		fi
225
226		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
227
228		# Switch on NAT mode?
229		#
230		case ${ppp_nat} in
231		[Yy][Ee][Ss])
232			ppp_command="${ppp_command} -nat"
233			;;
234		esac
235
236		ppp_command="${ppp_command} ${ppp_profile}"
237
238		echo "Starting ppp as \"${ppp_user}\""
239		su -m ${ppp_user} -c "exec ${ppp_command}"
240		;;
241	esac
242
243	# Initialize IP filtering using ipfw
244	#
245	if /sbin/ipfw -q flush > /dev/null 2>&1; then
246		firewall_in_kernel=1
247	else
248		firewall_in_kernel=0
249	fi
250
251	case ${firewall_enable} in
252	[Yy][Ee][Ss])
253		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
254			firewall_in_kernel=1
255			echo 'Kernel firewall module loaded'
256		elif [ "${firewall_in_kernel}" -eq 0 ]; then
257			echo 'Warning: firewall kernel module failed to load'
258		fi
259		;;
260	esac
261
262	# Load the filters if required
263	#
264	case ${firewall_in_kernel} in
265	1)
266		if [ -z "${firewall_script}" ]; then
267			firewall_script=/etc/rc.firewall
268		fi
269
270		case ${firewall_enable} in
271		[Yy][Ee][Ss])
272			if [ -r "${firewall_script}" ]; then
273				. "${firewall_script}"
274				echo -n 'Firewall rules loaded, starting divert daemons:'
275
276				# Network Address Translation daemon
277				#
278				case ${natd_enable} in
279				[Yy][Ee][Ss])
280					if [ -n "${natd_interface}" ]; then
281						if echo ${natd_interface} | \
282							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
283							natd_ifarg="-a ${natd_interface}"
284						else
285							natd_ifarg="-n ${natd_interface}"
286						fi
287
288						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
289					fi
290					;;
291				esac
292
293				echo '.'
294
295			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
296				echo 'Warning: kernel has firewall functionality,' \
297				     'but firewall rules are not enabled.'
298				echo '		 All ip services are disabled.'
299			fi
300
301			case ${firewall_logging} in
302			[Yy][Ee][Ss] | '')
303				echo 'Firewall logging=YES'
304				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
305				;;
306			*)
307				;;
308			esac
309
310			;;
311		esac
312		;;
313	esac
314
315	# Additional ATM interface configuration
316	#
317	if [ -n "${atm_pass1_done}" ]; then
318		atm_pass2
319	fi
320
321	# Configure routing
322	#
323	case ${defaultrouter} in
324	[Nn][Oo] | '')
325		;;
326	*)
327		static_routes="default ${static_routes}"
328		route_default="default ${defaultrouter}"
329		;;
330	esac
331
332	# Set up any static routes.  This should be done before router discovery.
333	#
334	if [ -n "${static_routes}" ]; then
335		for i in ${static_routes}; do
336			eval route_args=\$route_${i}
337			route add ${route_args}
338		done
339	fi
340
341	echo -n 'Additional routing options:'
342	case ${tcp_extensions} in
343	[Yy][Ee][Ss] | '')
344		;;
345	*)
346		echo -n ' tcp extensions=NO'
347		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
348		;;
349	esac
350
351	case ${icmp_bmcastecho} in
352	[Yy][Ee][Ss])
353		echo -n ' broadcast ping responses=YES'
354		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
355		;;
356	esac
357
358	case ${icmp_drop_redirect} in
359	[Yy][Ee][Ss])
360		echo -n ' ignore ICMP redirect=YES'
361		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
362		;;
363	esac
364
365	case ${icmp_log_redirect} in
366	[Yy][Ee][Ss])
367		echo -n ' log ICMP redirect=YES'
368		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
369		;;
370	esac
371
372	case ${gateway_enable} in
373	[Yy][Ee][Ss])
374		echo -n ' IP gateway=YES'
375		sysctl -w net.inet.ip.forwarding=1 >/dev/null
376		;;
377	esac
378
379	case ${forward_sourceroute} in
380	[Yy][Ee][Ss])
381		echo -n ' do source routing=YES'
382		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
383		;;
384	esac
385
386	case ${accept_sourceroute} in
387	[Yy][Ee][Ss])
388		echo -n ' accept source routing=YES'
389		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
390		;;
391	esac
392
393	case ${tcp_keepalive} in
394	[Yy][Ee][Ss])
395		echo -n ' TCP keepalive=YES'
396		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
397		;;
398	esac
399
400	case ${tcp_drop_synfin} in
401	[Yy][Ee][Ss])
402		echo -n ' drop SYN+FIN packets=YES'
403		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
404		;;
405	esac
406
407	case ${ipxgateway_enable} in
408	[Yy][Ee][Ss])
409		echo -n ' IPX gateway=YES'
410		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
411		;;
412	esac
413
414	case ${arpproxy_all} in
415	[Yy][Ee][Ss])
416		echo -n ' ARP proxyall=YES'
417		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
418		;;
419	esac
420
421	case ${ip_portrange_first} in
422	[Nn][Oo] | '')
423		;;
424	*)
425		echo -n " ip_portrange_first=$ip_portrange_first"
426		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
427		;;
428	esac
429
430	case ${ip_portrange_last} in
431	[Nn][Oo] | '')
432		;;
433	*)
434		echo -n " ip_portrange_last=$ip_portrange_last"
435		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
436		;;
437	esac
438
439	echo '.'
440
441	case ${ipsec_enable} in
442	[Yy][Ee][Ss])
443		if [ -f ${ipsec_file} ]; then
444		    echo ' ipsec: enabled'
445		    setkey -f ${ipsec_file}
446		else
447		    echo ' ipsec: file not found'
448		fi
449		;;
450	esac
451
452	echo -n 'Routing daemons:'
453	case ${router_enable} in
454	[Yy][Ee][Ss])
455		echo -n " ${router}";	${router} ${router_flags}
456		;;
457	esac
458
459	case ${ipxrouted_enable} in
460	[Yy][Ee][Ss])
461		echo -n ' IPXrouted'
462		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
463		;;
464	esac
465
466	case ${mrouted_enable} in
467	[Yy][Ee][Ss])
468		echo -n ' mrouted';	mrouted ${mrouted_flags}
469		;;
470	esac
471
472	case ${rarpd_enable} in
473	[Yy][Ee][Ss])
474		echo -n ' rarpd';	rarpd ${rarpd_flags}
475		;;
476	esac
477	echo '.'
478
479	# Let future generations know we made it.
480	#
481	network_pass1_done=YES
482}
483
484network_pass2() {
485	echo -n 'Doing additional network setup:'
486	case ${named_enable} in
487	[Yy][Ee][Ss])
488		echo -n ' named';	${named_program:-named} ${named_flags}
489		;;
490	esac
491
492	case ${ntpdate_enable} in
493	[Yy][Ee][Ss])
494		echo -n ' ntpdate'
495		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
496		;;
497	esac
498
499	case ${xntpd_enable} in
500	[Yy][Ee][Ss])
501		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
502		;;
503	esac
504
505	case ${timed_enable} in
506	[Yy][Ee][Ss])
507		echo -n ' timed';	timed ${timed_flags}
508		;;
509	esac
510
511	case ${portmap_enable} in
512	[Yy][Ee][Ss])
513		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
514			${portmap_flags}
515
516		# Start ypserv if we're an NIS server.
517		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
518		#
519		case ${nis_server_enable} in
520		[Yy][Ee][Ss])
521			echo -n ' ypserv'; ypserv ${nis_server_flags}
522
523			case ${nis_ypxfrd_enable} in
524			[Yy][Ee][Ss])
525				echo -n ' rpc.ypxfrd'
526				rpc.ypxfrd ${nis_ypxfrd_flags}
527				;;
528			esac
529
530			case ${nis_yppasswdd_enable} in
531			[Yy][Ee][Ss])
532				echo -n ' rpc.yppasswdd'
533				rpc.yppasswdd ${nis_yppasswdd_flags}
534				;;
535			esac
536			;;
537		esac
538
539		# Start ypbind if we're an NIS client
540		#
541		case ${nis_client_enable} in
542		[Yy][Ee][Ss])
543			echo -n ' ypbind'; ypbind ${nis_client_flags}
544			case ${nis_ypset_enable} in
545			[Yy][Ee][Ss])
546				echo -n ' ypset';	ypset ${nis_ypset_flags}
547				;;
548			esac
549			;;
550		esac
551
552		# Start keyserv if we are running Secure RPC
553		#
554		case ${keyserv_enable} in
555		[Yy][Ee][Ss])
556			echo -n ' keyserv';	keyserv ${keyserv_flags}
557			;;
558		esac
559
560		# Start ypupdated if we are running Secure RPC
561		# and we are NIS master
562		#
563		case ${rpc_ypupdated_enable} in
564		[Yy][Ee][Ss])
565			echo -n ' rpc.ypupdated';	rpc.ypupdated
566			;;
567		esac
568		;;
569	esac
570
571	# Start ATM daemons
572	if [ -n "${atm_pass2_done}" ]; then
573		atm_pass3
574	fi
575
576	echo '.'
577	network_pass2_done=YES
578}
579
580network_pass3() {
581	echo -n 'Starting final network daemons:'
582
583	case ${portmap_enable} in
584	[Yy][Ee][Ss])
585		case ${nfs_server_enable} in
586		[Yy][Ee][Ss])
587			if [ -r /etc/exports ]; then
588				echo -n ' mountd'
589
590				case ${weak_mountd_authentication} in
591				[Yy][Ee][Ss])
592					mountd_flags="${mountd_flags} -n"
593					;;
594				esac
595
596				mountd ${mountd_flags}
597
598				case ${nfs_reserved_port_only} in
599				[Yy][Ee][Ss])
600					echo -n ' NFS on reserved port only=YES'
601					sysctl -w vfs.nfs.nfs_privport=1 > /dev/null
602					;;
603				esac
604
605				echo -n ' nfsd';	nfsd ${nfs_server_flags}
606
607				if [ -n "${nfs_bufpackets}" ]; then
608					sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
609				fi
610
611				case ${rpc_lockd_enable} in
612				[Yy][Ee][Ss])
613					echo -n ' rpc.lockd';	rpc.lockd
614					;;
615				esac
616
617				case ${rpc_statd_enable} in
618				[Yy][Ee][Ss])
619					echo -n ' rpc.statd';	rpc.statd
620					;;
621				esac
622			fi
623			;;
624		*)
625			case ${single_mountd_enable} in
626			[Yy][Ee][Ss])
627				if [ -r /etc/exports ]; then
628					echo -n ' mountd'
629
630					case ${weak_mountd_authentication} in
631					[Yy][Ee][Ss])
632						mountd_flags="-n"
633						;;
634					esac
635
636					mountd ${mountd_flags}
637				fi
638				;;
639			esac
640			;;
641		esac
642
643		case ${nfs_client_enable} in
644		[Yy][Ee][Ss])
645			echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
646				if [ -n "${nfs_access_cache}" ]; then
647			echo -n " NFS access cache time=${nfs_access_cache}"
648			sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
649			fi
650			;;
651		esac
652
653		# If /var/db/mounttab exists, some nfs-server has not been
654		# sucessfully notified about a previous client shutdown.
655		# If there is no /var/db/mounttab, we do nothing.
656		if [ -f /var/db/mounttab ]; then
657			rpc.umntall -k
658		fi
659
660		case ${amd_enable} in
661		[Yy][Ee][Ss])
662			echo -n ' amd'
663			case ${amd_map_program} in
664			[Nn][Oo] | '')
665				;;
666			*)
667				amd_flags="${amd_flags} `eval\
668					${amd_map_program}`"
669				;;
670			esac
671
672			if [ -n "${amd_flags}" ]; then
673				amd -p ${amd_flags}\
674					> /var/run/amd.pid 2> /dev/null
675			else
676				amd 2> /dev/null
677			fi
678			;;
679		esac
680		;;
681	esac
682
683	case ${rwhod_enable} in
684	[Yy][Ee][Ss])
685		echo -n ' rwhod';	rwhod ${rwhod_flags}
686		;;
687	esac
688
689	# Kerberos servers run ONLY on the Kerberos server machine
690	case ${kerberos4_server_enable} in
691	[Yy][Ee][Ss])
692		case ${kerberos_stash} in
693		[Yy][Ee][Ss])
694			stash=-n
695			;;
696		*)
697			stash=
698			;;
699		esac
700
701		echo -n ' kerberosIV'
702		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
703
704		case ${kadmind4_server_enable} in
705		[Yy][Ee][Ss])
706			echo -n ' kadmindIV'
707			(
708				sleep 20;
709				${kadmind4_server} ${stash} >/dev/null 2>&1 &
710			) &
711			;;
712		esac
713		unset stash_flag
714		;;
715	esac
716
717	case ${kerberos5_server_enable} in
718	[Yy][Ee][Ss])
719		echo -n ' kerberos5'
720		${kerberos5_server} &
721
722		case ${kadmind5_server_enable} in
723		[Yy][Ee][Ss])
724			echo -n ' kadmind5'
725			${kadmind5_server} &
726			;;
727		esac
728		;;
729	esac
730
731	case ${pppoed_enable} in
732	[Yy][Ee][Ss])
733		if [ -n "${pppoed_provider}" ]; then
734			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
735		fi
736		echo -n ' pppoed';
737		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
738		;;
739	esac
740
741	case ${sshd_enable} in
742	[Yy][Ee][Ss])
743		if [ ! -f /etc/ssh/ssh_host_key ]; then
744			echo ' creating ssh RSA host key';
745			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
746		fi
747		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
748			echo ' creating ssh DSA host key';
749			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
750		fi
751		;;
752	esac
753
754	echo '.'
755	network_pass3_done=YES
756}
757
758network_pass4() {
759	echo -n 'Additional TCP options:'
760	case ${log_in_vain} in
761	[Nn][Oo] | '')
762		;;
763	*)
764		echo -n ' log_in_vain=YES'
765		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
766		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
767		;;
768	esac
769
770	echo '.'
771	network_pass4_done=YES
772}
773
774network_gif_setup() {
775	case ${gif_interfaces} in
776	[Nn][Oo] | '')
777		;;
778	*)
779		for i in ${gif_interfaces}; do
780			eval peers=\$gifconfig_$i
781			case ${peers} in
782			'')
783				continue
784				;;
785			*)
786				ifconfig $i create tunnel ${peers}
787				;;
788			esac
789		done
790		;;
791	esac
792}
793
794convert_host_conf() {
795    host_conf=$1; shift;
796    nsswitch_conf=$1; shift;
797    awk '                                                                   \
798        /^[:blank:]*#/       { next }                                       \
799        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
800        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
801        /nis/                { nsswitch[c] = "nis";   c++; next }           \
802        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
803        END {                                                               \
804                printf "hosts: ";                                           \
805                for (i in nsswitch) printf "%s ", nsswitch[i];              \
806                printf "\n";                                                \
807        }' < $host_conf > $nsswitch_conf
808}
809
810