network.subr revision 65532
125184Sjkh#!/bin/sh - 225184Sjkh# 350472Speter# $FreeBSD: head/etc/network.subr 65532 2000-09-06 18:16:48Z nectar $ 425184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 525184Sjkh 651231Ssheldonh# Note that almost all of the user-configurable behavior is no longer in 751231Ssheldonh# this file, but rather in /etc/defaults/rc.conf. Please check that file 825184Sjkh# first before contemplating any changes here. If you do need to change 925184Sjkh# this file for some reason, we would like to know about it. 1025184Sjkh 1125184Sjkh# First pass startup stuff. 1251231Ssheldonh# 1325184Sjkhnetwork_pass1() { 1451231Ssheldonh echo -n 'Doing initial network setup:' 1525184Sjkh 1665532Snectar # Convert host.conf to nsswitch.conf if necessary 1765532Snectar if [ -f "/etc/host.conf" ]; then 1865532Snectar echo "" 1965532Snectar echo "Warning: /etc/host.conf is no longer used" 2065532Snectar if [ -f "/etc/nsswitch.conf" ]; then 2165532Snectar echo " /etc/nsswitch.conf will be used instead" 2265532Snectar else 2365532Snectar echo " /etc/nsswitch.conf will be created for you" 2465532Snectar convert_host_conf /etc/host.conf /etc/nsswitch.conf 2565532Snectar fi 2665532Snectar fi 2765532Snectar 2851231Ssheldonh # Set the host name if it is not already set 2951231Ssheldonh # 3051231Ssheldonh if [ -z "`hostname -s`" ]; then 3151231Ssheldonh hostname ${hostname} 3251231Ssheldonh echo -n ' hostname' 3351231Ssheldonh fi 3425184Sjkh 3551231Ssheldonh # Set the domainname if we're using NIS 3651231Ssheldonh # 3751231Ssheldonh case ${nisdomainname} in 3851231Ssheldonh [Nn][Oo] | '') 3951231Ssheldonh ;; 4051231Ssheldonh *) 4151231Ssheldonh domainname ${nisdomainname} 4251231Ssheldonh echo -n ' domain' 4351231Ssheldonh ;; 4451231Ssheldonh esac 4540006Sphk 4651231Ssheldonh echo '.' 4742621Shm 4851231Ssheldonh # Initial ATM interface configuration 4951231Ssheldonh # 5051231Ssheldonh case ${atm_enable} in 5151231Ssheldonh [Yy][Ee][Ss]) 5251231Ssheldonh if [ -r /etc/rc.atm ]; then 5351231Ssheldonh . /etc/rc.atm 5451231Ssheldonh atm_pass1 5551231Ssheldonh fi 5651231Ssheldonh ;; 5751231Ssheldonh esac 5842627Sjoerg 5951231Ssheldonh # Special options for sppp(4) interfaces go here. These need 6051231Ssheldonh # to go _before_ the general ifconfig section, since in the case 6151231Ssheldonh # of hardwired (no link1 flag) but required authentication, you 6251231Ssheldonh # cannot pass auth parameters down to the already running interface. 6351231Ssheldonh # 6451231Ssheldonh for ifn in ${sppp_interfaces}; do 6551231Ssheldonh eval spppcontrol_args=\$spppconfig_${ifn} 6651231Ssheldonh if [ -n "${spppcontrol_args}" ]; then 6751231Ssheldonh # The auth secrets might contain spaces; in order 6851231Ssheldonh # to retain the quotation, we need to eval them 6951231Ssheldonh # here. 7051231Ssheldonh eval spppcontrol ${ifn} ${spppcontrol_args} 7151231Ssheldonh fi 7251231Ssheldonh done 7349122Sbrian 7451231Ssheldonh # Set up all the network interfaces, calling startup scripts if needed 7551231Ssheldonh # 7651231Ssheldonh case ${network_interfaces} in 7751231Ssheldonh [Aa][Uu][Tt][Oo]) 7851231Ssheldonh network_interfaces="`ifconfig -l`" 7951231Ssheldonh ;; 8051231Ssheldonh esac 8149122Sbrian 8254458Sobrien dhcp_interfaces="" 8351231Ssheldonh for ifn in ${network_interfaces}; do 8451231Ssheldonh if [ -r /etc/start_if.${ifn} ]; then 8551231Ssheldonh . /etc/start_if.${ifn} 8654458Sobrien eval showstat_$ifn=1 8751231Ssheldonh fi 8849122Sbrian 8951231Ssheldonh # Do the primary ifconfig if specified 9051231Ssheldonh # 9151231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn} 9229300Sdanny 9351231Ssheldonh case ${ifconfig_args} in 9451231Ssheldonh '') 9551231Ssheldonh ;; 9651231Ssheldonh [Dd][Hh][Cc][Pp]) 9754458Sobrien # DHCP inits are done all in one go below 9854458Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 9954458Sobrien eval showstat_$ifn=1 10051231Ssheldonh ;; 10151231Ssheldonh *) 10251231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 10354458Sobrien eval showstat_$ifn=1 10451231Ssheldonh ;; 10551231Ssheldonh esac 10654458Sobrien done 10751231Ssheldonh 10854458Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 10954458Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 11054458Sobrien fi 11154458Sobrien 11254458Sobrien for ifn in ${network_interfaces}; do 11351231Ssheldonh # Check to see if aliases need to be added 11451231Ssheldonh # 11551231Ssheldonh alias=0 11651231Ssheldonh while : ; do 11751231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 11851231Ssheldonh if [ -n "${ifconfig_args}" ]; then 11951231Ssheldonh ifconfig ${ifn} ${ifconfig_args} alias 12054458Sobrien eval showstat_$ifn=1 12151231Ssheldonh alias=`expr ${alias} + 1` 12251231Ssheldonh else 12351231Ssheldonh break; 12451231Ssheldonh fi 12551231Ssheldonh done 12651231Ssheldonh 12751231Ssheldonh # Do ipx address if specified 12851231Ssheldonh # 12951231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_ipx 13051231Ssheldonh if [ -n "${ifconfig_args}" ]; then 13151231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 13254458Sobrien eval showstat_$ifn=1 13351231Ssheldonh fi 13454458Sobrien done 13551231Ssheldonh 13654458Sobrien for ifn in ${network_interfaces}; do 13754458Sobrien eval showstat=\$showstat_${ifn} 13854458Sobrien if [ ! -z ${showstat} ]; then 13951231Ssheldonh ifconfig ${ifn} 14054458Sobrien fi 14151231Ssheldonh done 14251231Ssheldonh 14357012Shm # ISDN subsystem startup 14457012Shm # 14557012Shm case ${isdn_enable} in 14657012Shm [Yy][Ee][Ss]) 14757012Shm if [ -r /etc/rc.isdn ]; then 14857012Shm . /etc/rc.isdn 14957012Shm fi 15057012Shm ;; 15157012Shm esac 15257012Shm 15364471Sbrian # Start user ppp if required. This must happen before natd. 15451231Ssheldonh # 15551231Ssheldonh case ${ppp_enable} in 15651231Ssheldonh [Yy][Ee][Ss]) 15751231Ssheldonh # Establish ppp mode. 15851231Ssheldonh # 15951231Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 16051231Ssheldonh -a "${ppp_mode}" != "dedicated" \ 16151231Ssheldonh -a "${ppp_mode}" != "background" ]; then 16264471Sbrian ppp_mode="auto" 16351231Ssheldonh fi 16451231Ssheldonh 16564471Sbrian ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 16651231Ssheldonh 16764471Sbrian # Switch on NAT mode? 16851231Ssheldonh # 16951231Ssheldonh case ${ppp_nat} in 17051231Ssheldonh [Yy][Ee][Ss]) 17164471Sbrian ppp_command="${ppp_command} -nat" 17251231Ssheldonh ;; 17351231Ssheldonh esac 17451231Ssheldonh 17564471Sbrian ppp_command="${ppp_command} ${ppp_profile}" 17664471Sbrian 17764471Sbrian echo -n "Starting ppp as \"${ppp_user}\"" 17864471Sbrian su ${ppp_user} -c "exec ${ppp_command}" 17951231Ssheldonh ;; 18051231Ssheldonh esac 18151231Ssheldonh 18251231Ssheldonh # Initialize IP filtering using ipfw 18351231Ssheldonh # 18451231Ssheldonh if /sbin/ipfw -q flush > /dev/null 2>&1; then 18551231Ssheldonh firewall_in_kernel=1 18629300Sdanny else 18751231Ssheldonh firewall_in_kernel=0 18829300Sdanny fi 18929300Sdanny 19051231Ssheldonh case ${firewall_enable} in 19151231Ssheldonh [Yy][Ee][Ss]) 19251231Ssheldonh if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 19351231Ssheldonh firewall_in_kernel=1 19451231Ssheldonh echo "Kernel firewall module loaded." 19551231Ssheldonh elif [ "${firewall_in_kernel}" -eq 0 ]; then 19651231Ssheldonh echo "Warning: firewall kernel module failed to load." 19751231Ssheldonh fi 19851231Ssheldonh ;; 19951231Ssheldonh esac 20044992Sbrian 20151231Ssheldonh # Load the filters if required 20251231Ssheldonh # 20351231Ssheldonh case ${firewall_in_kernel} in 20451231Ssheldonh 1) 20551231Ssheldonh if [ -z "${firewall_script}" ]; then 20651231Ssheldonh firewall_script=/etc/rc.firewall 20744992Sbrian fi 20851231Ssheldonh 20951231Ssheldonh case ${firewall_enable} in 21051231Ssheldonh [Yy][Ee][Ss]) 21151426Sgreen if [ -r "${firewall_script}" ]; then 21251426Sgreen . "${firewall_script}" 21351231Ssheldonh echo -n 'Firewall rules loaded, starting divert daemons:' 21451231Ssheldonh 21551231Ssheldonh # Network Address Translation daemon 21651231Ssheldonh # 21751231Ssheldonh case ${natd_enable} in 21851231Ssheldonh [Yy][Ee][Ss]) 21951231Ssheldonh if [ -n "${natd_interface}" ]; then 22051231Ssheldonh if echo ${natd_interface} | \ 22151231Ssheldonh grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 22251231Ssheldonh natd_ifarg="-a ${natd_interface}" 22351231Ssheldonh else 22451231Ssheldonh natd_ifarg="-n ${natd_interface}" 22551231Ssheldonh fi 22651231Ssheldonh 22751231Ssheldonh echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 22851231Ssheldonh fi 22951231Ssheldonh ;; 23051231Ssheldonh esac 23151231Ssheldonh 23251231Ssheldonh echo '.' 23351231Ssheldonh 23451231Ssheldonh elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 23551231Ssheldonh echo -n "Warning: kernel has firewall functionality, " 23651231Ssheldonh echo "but firewall rules are not enabled." 23751231Ssheldonh echo " All ip services are disabled." 23851231Ssheldonh fi 23960103Sache 24060103Sache case ${firewall_logging} in 24160103Sache [Yy][Ee][Ss] | '') 24260103Sache echo 'Firewall logging=YES' 24360103Sache sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 24460103Sache ;; 24560103Sache *) 24660103Sache ;; 24760103Sache esac 24860103Sache 24951231Ssheldonh ;; 25051231Ssheldonh esac 25151231Ssheldonh ;; 25251231Ssheldonh esac 25351231Ssheldonh 25451231Ssheldonh # Additional ATM interface configuration 25551231Ssheldonh # 25651231Ssheldonh if [ -n "${atm_pass1_done}" ]; then 25751231Ssheldonh atm_pass2 25829300Sdanny fi 25925184Sjkh 26051231Ssheldonh # Configure routing 26151231Ssheldonh # 26251231Ssheldonh case ${defaultrouter} in 26351231Ssheldonh [Nn][Oo] | '') 26451231Ssheldonh ;; 26551231Ssheldonh *) 26651231Ssheldonh static_routes="default ${static_routes}" 26751231Ssheldonh route_default="default ${defaultrouter}" 26851231Ssheldonh ;; 26951231Ssheldonh esac 27040006Sphk 27151231Ssheldonh # Set up any static routes. This should be done before router discovery. 27251231Ssheldonh # 27351231Ssheldonh if [ -n "${static_routes}" ]; then 27451231Ssheldonh for i in ${static_routes}; do 27551231Ssheldonh eval route_args=\$route_${i} 27651231Ssheldonh route add ${route_args} 27751231Ssheldonh done 27851231Ssheldonh fi 27929300Sdanny 28051231Ssheldonh echo -n 'Additional routing options:' 28151231Ssheldonh case ${tcp_extensions} in 28251231Ssheldonh [Yy][Ee][Ss] | '') 28351231Ssheldonh ;; 28451231Ssheldonh *) 28551231Ssheldonh echo -n ' tcp extensions=NO' 28651231Ssheldonh sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 28751231Ssheldonh ;; 28851231Ssheldonh esac 28925184Sjkh 29051231Ssheldonh case ${icmp_bmcastecho} in 29151231Ssheldonh [Yy][Ee][Ss]) 29251231Ssheldonh echo -n ' broadcast ping responses=YES' 29351231Ssheldonh sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 29451231Ssheldonh ;; 29551231Ssheldonh esac 29645096Simp 29751231Ssheldonh case ${icmp_drop_redirect} in 29851231Ssheldonh [Yy][Ee][Ss]) 29951231Ssheldonh echo -n ' ignore ICMP redirect=YES' 30051231Ssheldonh sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 30151231Ssheldonh ;; 30251231Ssheldonh esac 30339267Sjkoshy 30451231Ssheldonh case ${icmp_log_redirect} in 30551231Ssheldonh [Yy][Ee][Ss]) 30651231Ssheldonh echo -n ' log ICMP redirect=YES' 30751231Ssheldonh sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 30851231Ssheldonh ;; 30951231Ssheldonh esac 31033439Sguido 31151231Ssheldonh case ${gateway_enable} in 31251231Ssheldonh [Yy][Ee][Ss]) 31351231Ssheldonh echo -n ' IP gateway=YES' 31451231Ssheldonh sysctl -w net.inet.ip.forwarding=1 >/dev/null 31551231Ssheldonh ;; 31651231Ssheldonh esac 31733439Sguido 31851231Ssheldonh case ${forward_sourceroute} in 31951231Ssheldonh [Yy][Ee][Ss]) 32051231Ssheldonh echo -n ' do source routing=YES' 32151231Ssheldonh sysctl -w net.inet.ip.sourceroute=1 >/dev/null 32251231Ssheldonh ;; 32351231Ssheldonh esac 32447752Sphk 32551231Ssheldonh case ${accept_sourceroute} in 32651231Ssheldonh [Yy][Ee][Ss]) 32751231Ssheldonh echo -n ' accept source routing=YES' 32851231Ssheldonh sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 32951231Ssheldonh ;; 33051231Ssheldonh esac 33151209Sdes 33251231Ssheldonh case ${tcp_keepalive} in 33351231Ssheldonh [Yy][Ee][Ss]) 33451231Ssheldonh echo -n ' TCP keepalive=YES' 33551231Ssheldonh sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 33651231Ssheldonh ;; 33751231Ssheldonh esac 33851209Sdes 33951231Ssheldonh case ${tcp_restrict_rst} in 34051231Ssheldonh [Yy][Ee][Ss]) 34151231Ssheldonh echo -n ' restrict TCP reset=YES' 34251231Ssheldonh sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 34351231Ssheldonh ;; 34451231Ssheldonh esac 34536174Sjkh 34651231Ssheldonh case ${tcp_drop_synfin} in 34751231Ssheldonh [Yy][Ee][Ss]) 34851231Ssheldonh echo -n ' drop SYN+FIN packets=YES' 34951231Ssheldonh sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 35051231Ssheldonh ;; 35151231Ssheldonh esac 35236174Sjkh 35351231Ssheldonh case ${ipxgateway_enable} in 35451231Ssheldonh [Yy][Ee][Ss]) 35551231Ssheldonh echo -n ' IPX gateway=YES' 35651231Ssheldonh sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 35751231Ssheldonh ;; 35851231Ssheldonh esac 35951231Ssheldonh 36051231Ssheldonh case ${arpproxy_all} in 36151231Ssheldonh [Yy][Ee][Ss]) 36251231Ssheldonh echo -n ' ARP proxyall=YES' 36351231Ssheldonh sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 36451231Ssheldonh ;; 36551231Ssheldonh esac 36661961Sdillon 36761961Sdillon case ${ip_portrange_first} in 36861961Sdillon [Nn][Oo] | '') 36961961Sdillon ;; 37061961Sdillon *) 37161961Sdillon echo -n ' ip_portrange_first=$ip_portrange_first' 37261961Sdillon sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 37361961Sdillon ;; 37461961Sdillon esac 37561961Sdillon 37661961Sdillon case ${ip_portrange_last} in 37761961Sdillon [Nn][Oo] | '') 37864731Sjhb ;; 37961961Sdillon *) 38061961Sdillon echo -n ' ip_portrange_last=$ip_portrange_last' 38161961Sdillon sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 38261961Sdillon ;; 38361961Sdillon esac 38461961Sdillon 38551231Ssheldonh echo '.' 38651231Ssheldonh 38760628Sdillon case ${ipsec_enable} in 38860628Sdillon [Yy][Ee][Ss]) 38960628Sdillon if [ -f ${ipsec_file} ]; then 39060628Sdillon echo ' ipsec: enabled' 39160628Sdillon setkey -f ${ipsec_file} 39260628Sdillon else 39360628Sdillon echo ' ipsec: file not found' 39460628Sdillon fi 39560628Sdillon ;; 39660628Sdillon esac 39760628Sdillon 39851231Ssheldonh echo -n 'routing daemons:' 39951231Ssheldonh case ${router_enable} in 40051231Ssheldonh [Yy][Ee][Ss]) 40151231Ssheldonh echo -n " ${router}"; ${router} ${router_flags} 40251231Ssheldonh ;; 40351231Ssheldonh esac 40451231Ssheldonh 40551231Ssheldonh case ${ipxrouted_enable} in 40651231Ssheldonh [Yy][Ee][Ss]) 40751231Ssheldonh echo -n ' IPXrouted' 40851231Ssheldonh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 40951231Ssheldonh ;; 41051231Ssheldonh esac 41151231Ssheldonh 41251231Ssheldonh case ${mrouted_enable} in 41351231Ssheldonh [Yy][Ee][Ss]) 41451231Ssheldonh echo -n ' mrouted'; mrouted ${mrouted_flags} 41551231Ssheldonh ;; 41651231Ssheldonh esac 41751231Ssheldonh 41851231Ssheldonh case ${rarpd_enable} in 41951231Ssheldonh [Yy][Ee][Ss]) 42051231Ssheldonh echo -n ' rarpd'; rarpd ${rarpd_flags} 42151231Ssheldonh ;; 42251231Ssheldonh esac 42351231Ssheldonh echo '.' 42451231Ssheldonh 42551231Ssheldonh # Let future generations know we made it. 42651231Ssheldonh # 42751231Ssheldonh network_pass1_done=YES 42825184Sjkh} 42925184Sjkh 43025184Sjkhnetwork_pass2() { 43151231Ssheldonh echo -n 'Doing additional network setup:' 43251231Ssheldonh case ${named_enable} in 43351231Ssheldonh [Yy][Ee][Ss]) 43451231Ssheldonh echo -n ' named'; ${named_program:-named} ${named_flags} 43551231Ssheldonh ;; 43651231Ssheldonh esac 43725184Sjkh 43851231Ssheldonh case ${ntpdate_enable} in 43951231Ssheldonh [Yy][Ee][Ss]) 44051231Ssheldonh echo -n ' ntpdate' 44151231Ssheldonh ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 44251231Ssheldonh ;; 44351231Ssheldonh esac 44425184Sjkh 44551231Ssheldonh case ${xntpd_enable} in 44651231Ssheldonh [Yy][Ee][Ss]) 44754739Sroberto echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 44851231Ssheldonh ;; 44951231Ssheldonh esac 45025184Sjkh 45151231Ssheldonh case ${timed_enable} in 45251231Ssheldonh [Yy][Ee][Ss]) 45351231Ssheldonh echo -n ' timed'; timed ${timed_flags} 45451231Ssheldonh ;; 45551231Ssheldonh esac 45625184Sjkh 45751231Ssheldonh case ${portmap_enable} in 45851231Ssheldonh [Yy][Ee][Ss]) 45951231Ssheldonh echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 46051231Ssheldonh ;; 46151231Ssheldonh esac 46225184Sjkh 46351231Ssheldonh # Start ypserv if we're an NIS server. 46451231Ssheldonh # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 46551231Ssheldonh # 46651231Ssheldonh case ${nis_server_enable} in 46751231Ssheldonh [Yy][Ee][Ss]) 46851231Ssheldonh echo -n ' ypserv'; ypserv ${nis_server_flags} 46925184Sjkh 47051231Ssheldonh case ${nis_ypxfrd_enable} in 47151231Ssheldonh [Yy][Ee][Ss]) 47251231Ssheldonh echo -n ' rpc.ypxfrd' 47351231Ssheldonh rpc.ypxfrd ${nis_ypxfrd_flags} 47451231Ssheldonh ;; 47551231Ssheldonh esac 47625184Sjkh 47751231Ssheldonh case ${nis_yppasswdd_enable} in 47851231Ssheldonh [Yy][Ee][Ss]) 47951231Ssheldonh echo -n ' rpc.yppasswdd' 48051231Ssheldonh rpc.yppasswdd ${nis_yppasswdd_flags} 48151231Ssheldonh ;; 48251231Ssheldonh esac 48351231Ssheldonh ;; 48451231Ssheldonh esac 48535149Smarkm 48651231Ssheldonh # Start ypbind if we're an NIS client 48751231Ssheldonh # 48851231Ssheldonh case ${nis_client_enable} in 48951231Ssheldonh [Yy][Ee][Ss]) 49051231Ssheldonh echo -n ' ypbind'; ypbind ${nis_client_flags} 49151231Ssheldonh case ${nis_ypset_enable} in 49251231Ssheldonh [Yy][Ee][Ss]) 49351231Ssheldonh echo -n ' ypset'; ypset ${nis_ypset_flags} 49451231Ssheldonh ;; 49551231Ssheldonh esac 49651231Ssheldonh ;; 49751231Ssheldonh esac 49840006Sphk 49951231Ssheldonh # Start keyserv if we are running Secure RPC 50051231Ssheldonh # 50151231Ssheldonh case ${keyserv_enable} in 50251231Ssheldonh [Yy][Ee][Ss]) 50351231Ssheldonh echo -n ' keyserv'; keyserv ${keyserv_flags} 50451231Ssheldonh ;; 50551231Ssheldonh esac 50651231Ssheldonh 50751231Ssheldonh # Start ypupdated if we are running Secure RPC and we are NIS master 50851231Ssheldonh # 50951231Ssheldonh case ${rpc_ypupdated_enable} in 51051231Ssheldonh [Yy][Ee][Ss]) 51151231Ssheldonh echo -n ' rpc.ypupdated'; rpc.ypupdated 51251231Ssheldonh ;; 51351231Ssheldonh esac 51451231Ssheldonh 51551231Ssheldonh # Start ATM daemons 51651231Ssheldonh if [ -n "${atm_pass2_done}" ]; then 51751231Ssheldonh atm_pass3 51851231Ssheldonh fi 51951231Ssheldonh 52051231Ssheldonh echo '.' 52151231Ssheldonh network_pass2_done=YES 52225184Sjkh} 52325184Sjkh 52425184Sjkhnetwork_pass3() { 52551231Ssheldonh echo -n 'Starting final network daemons:' 52625184Sjkh 52751231Ssheldonh case ${nfs_server_enable} in 52851231Ssheldonh [Yy][Ee][Ss]) 52951231Ssheldonh if [ -r /etc/exports ]; then 53051231Ssheldonh echo -n ' mountd' 53151231Ssheldonh 53251231Ssheldonh case ${weak_mountd_authentication} in 53351231Ssheldonh [Yy][Ee][Ss]) 53463147Snbm mountd_flags="${mountd_flags} -n" 53551231Ssheldonh ;; 53651231Ssheldonh esac 53751231Ssheldonh 53851231Ssheldonh mountd ${mountd_flags} 53951231Ssheldonh 54051231Ssheldonh case ${nfs_reserved_port_only} in 54151231Ssheldonh [Yy][Ee][Ss]) 54251231Ssheldonh echo -n ' NFS on reserved port only=YES' 54351231Ssheldonh sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 54451231Ssheldonh ;; 54551231Ssheldonh esac 54651231Ssheldonh 54751231Ssheldonh echo -n ' nfsd'; nfsd ${nfs_server_flags} 54851231Ssheldonh 54958710Sdillon if [ -n "${nfs_bufpackets}" ]; then 55058710Sdillon sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \ 55158710Sdillon > /dev/null 55258710Sdillon fi 55358710Sdillon 55451231Ssheldonh case ${rpc_lockd_enable} in 55551231Ssheldonh [Yy][Ee][Ss]) 55651231Ssheldonh echo -n ' rpc.lockd'; rpc.lockd 55751231Ssheldonh ;; 55851231Ssheldonh esac 55951231Ssheldonh 56051231Ssheldonh case ${rpc_statd_enable} in 56151231Ssheldonh [Yy][Ee][Ss]) 56251231Ssheldonh echo -n ' rpc.statd'; rpc.statd 56351231Ssheldonh ;; 56451231Ssheldonh esac 56551231Ssheldonh fi 56651231Ssheldonh ;; 56753158Sache *) 56853158Sache case ${single_mountd_enable} in 56953158Sache [Yy][Ee][Ss]) 57053158Sache if [ -r /etc/exports ]; then 57153158Sache echo -n ' mountd' 57253158Sache 57353158Sache case ${weak_mountd_authentication} in 57453158Sache [Yy][Ee][Ss]) 57553158Sache mountd_flags="-n" 57653158Sache ;; 57753158Sache esac 57853158Sache 57953158Sache mountd ${mountd_flags} 58053158Sache fi 58153158Sache ;; 58253158Sache esac 58353158Sache ;; 58451231Ssheldonh esac 58551231Ssheldonh 58651231Ssheldonh case ${nfs_client_enable} in 58751231Ssheldonh [Yy][Ee][Ss]) 58851231Ssheldonh echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 58951231Ssheldonh if [ -n "${nfs_access_cache}" ]; then 59047755Sbde echo -n " NFS access cache time=${nfs_access_cache}" 59141371Sjkoshy sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 59251231Ssheldonh >/dev/null 59351231Ssheldonh fi 59451231Ssheldonh ;; 59551231Ssheldonh esac 59625184Sjkh 59756038Sgreen # If /var/db/mounttab exists, some nfs-server has not been 59856038Sgreen # sucessfully notified about a previous client shutdown. 59956038Sgreen # If there is no /var/db/mounttab, we do nothing. 60056038Sgreen if [ -f /var/db/mounttab ]; then 60156038Sgreen rpc.umntall -k 60256038Sgreen fi 60356038Sgreen 60451231Ssheldonh case ${amd_enable} in 60551231Ssheldonh [Yy][Ee][Ss]) 60651231Ssheldonh echo -n ' amd' 60751231Ssheldonh case ${amd_map_program} in 60851231Ssheldonh [Nn][Oo] | '') 60951231Ssheldonh ;; 61051231Ssheldonh *) 61151231Ssheldonh amd_flags="${amd_flags} `eval ${amd_map_program}`" 61251231Ssheldonh ;; 61351231Ssheldonh esac 61425184Sjkh 61551231Ssheldonh if [ -n "${amd_flags}" ]; then 61651231Ssheldonh amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 61751231Ssheldonh else 61851231Ssheldonh amd 2> /dev/null 61951231Ssheldonh fi 62051231Ssheldonh ;; 62151231Ssheldonh esac 62225184Sjkh 62351231Ssheldonh case ${rwhod_enable} in 62451231Ssheldonh [Yy][Ee][Ss]) 62551231Ssheldonh echo -n ' rwhod'; rwhod ${rwhod_flags} 62651231Ssheldonh ;; 62751231Ssheldonh esac 62851231Ssheldonh 62951231Ssheldonh # Kerberos runs ONLY on the Kerberos server machine 63051231Ssheldonh case ${kerberos_server_enable} in 63151231Ssheldonh [Yy][Ee][Ss]) 63251231Ssheldonh case ${kerberos_stash} in 63351231Ssheldonh [Yy][Ee][Ss]) 63451231Ssheldonh stash_flag=-n 63551231Ssheldonh ;; 63651231Ssheldonh *) 63751231Ssheldonh stash_flag= 63851231Ssheldonh ;; 63951231Ssheldonh esac 64051231Ssheldonh 64151231Ssheldonh echo -n ' kerberos' 64238316Sphk kerberos ${stash_flag} >> /var/log/kerberos.log & 64351231Ssheldonh 64451231Ssheldonh case ${kadmind_server_enable} in 64551231Ssheldonh [Yy][Ee][Ss]) 64651231Ssheldonh echo -n ' kadmind' 64751231Ssheldonh (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 64851231Ssheldonh ;; 64951231Ssheldonh esac 65051231Ssheldonh unset stash_flag 65151231Ssheldonh ;; 65251231Ssheldonh esac 65351231Ssheldonh 65453611Sbrian case ${pppoed_enable} in 65553611Sbrian [Yy][Ee][Ss]) 65653613Sbrian if [ -n "${pppoed_provider}" ]; then 65753611Sbrian pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 65853611Sbrian fi 65953611Sbrian echo -n ' pppoed'; 66053611Sbrian /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 66153611Sbrian ;; 66253611Sbrian esac 66353611Sbrian 66457459Smarkm case ${sshd_enable} in 66557459Smarkm [Yy][Ee][Ss]) 66657567Sjkh if [ ! -f /etc/ssh/ssh_host_key ]; then 66760578Skris echo ' creating ssh RSA host key'; 66857567Sjkh /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 66957567Sjkh fi 67060578Skris if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 67160578Skris echo ' creating ssh DSA host key'; 67260578Skris /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 67360578Skris fi 67460578Skris ;; 67557459Smarkm esac 67657459Smarkm 67751231Ssheldonh echo '.' 67851231Ssheldonh network_pass3_done=YES 67925184Sjkh} 68053314Sache 68153314Sachenetwork_pass4() { 68253314Sache echo -n 'Additional TCP options:' 68353314Sache case ${log_in_vain} in 68453314Sache [Nn][Oo] | '') 68553314Sache ;; 68653314Sache *) 68753314Sache echo -n ' log_in_vain=YES' 68853314Sache sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 68953314Sache sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 69053314Sache ;; 69153314Sache esac 69253314Sache 69353314Sache echo '.' 69453314Sache network_pass4_done=YES 69553314Sache} 69665532Snectar 69765532Snectarconvert_host_conf() { 69865532Snectar host_conf=$1; shift; 69965532Snectar nsswitch_conf=$1; shift; 70065532Snectar awk ' \ 70165532Snectar /^[:blank:]*#/ { next } \ 70265532Snectar /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 70365532Snectar /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 70465532Snectar /nis/ { nsswitch[c] = "nis"; c++; next } \ 70565532Snectar { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 70665532Snectar END { \ 70765532Snectar printf "hosts: "; \ 70865532Snectar for (i in nsswitch) printf "%s ", nsswitch[i]; \ 70965532Snectar printf "\n"; \ 71065532Snectar }' < $host_conf > $nsswitch_conf 71165532Snectar} 71265532Snectar 713