projects / dragonfly.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Preliminary syscall messaging work. Adjust all <syscall>_args structures
[dragonfly.git] / etc / rc.network
... / ...
CommitLineData
1#!/bin/sh -
2#
3# Copyright (c) 1993 The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10# notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12# notice, this list of conditions and the following disclaimer in the
13# documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: src/etc/rc.network,v 1.74.2.43 2003/02/08 21:10:25 gshapiro Exp $
28# $DragonFly: src/etc/Attic/rc.network,v 1.2 2003/06/17 04:24:45 dillon Exp $
29# From: @(#)netstart 5.9 (Berkeley) 3/30/91
30#
31
32# Note that almost all of the user-configurable behavior is no longer in
33# this file, but rather in /etc/defaults/rc.conf. Please check that file
34# first before contemplating any changes here. If you do need to change
35# this file for some reason, we would like to know about it.
36
37# First pass startup stuff.
38#
39network_pass1() {
40 echo -n 'Doing initial network setup:'
41
42 # Set the host name if it is not already set
43 #
44 if [ -z "`hostname -s`" ]; then
45 hostname ${hostname}
46 echo -n ' hostname'
47 fi
48
49 # Establish ipfilter ruleset as early as possible (best in
50 # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
51
52 # check whether ipfilter and/or ipnat is enabled
53 ipfilter_active="NO"
54 case ${ipfilter_enable} in
55 [Yy][Ee][Ss])
56 ipfilter_active="YES"
57 ;;
58 esac
59 case ${ipnat_enable} in
60 [Yy][Ee][Ss])
61 ipfilter_active="YES"
62 ;;
63 esac
64 case ${ipfilter_active} in
65 [Yy][Ee][Ss])
66 # load ipfilter kernel module if needed
67 if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
68 if kldload ipl; then
69 echo 'IP-filter module loaded.'
70 else
71 echo 'Warning: IP-filter module failed to load.'
72 # avoid further errors
73 ipfilter_active="NO"
74 ipmon_enable="NO"
75 ipfilter_enable="NO"
76 ipnat_enable="NO"
77 ipfs_enable="NO"
78 fi
79 fi
80 # start ipmon before loading any rules
81 case "${ipmon_enable}" in
82 [Yy][Ee][Ss])
83 echo -n ' ipmon'
84 ${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
85 ;;
86 esac
87 case "${ipfilter_enable}" in
88 [Yy][Ee][Ss])
89 if [ -r "${ipfilter_rules}" -o \
90 -r "${ipv6_ipfilter_rules}" ]; then
91 echo -n ' ipfilter'
92 ${ipfilter_program:-/sbin/ipf} -Fa
93 if [ -r "${ipfilter_rules}" ]; then
94 ${ipfilter_program:-/sbin/ipf} \
95 -f "${ipfilter_rules}" \
96 ${ipfilter_flags}
97 fi
98 if [ -r "${ipv6_ipfilter_rules}" ]; then
99 ${ipfilter_program:-/sbin/ipf} -6 \
100 -f "${ipv6_ipfilter_rules}" \
101 ${ipfilter_flags}
102 fi
103 else
104 ipfilter_enable="NO"
105 echo -n ' NO IPF RULES'
106 fi
107 ;;
108 esac
109 case "${ipnat_enable}" in
110 [Yy][Ee][Ss])
111 if [ -r "${ipnat_rules}" ]; then
112 echo -n ' ipnat'
113 eval ${ipnat_program:-/sbin/ipnat} -CF -f \
114 "${ipnat_rules}" ${ipnat_flags}
115 else
116 ipnat_enable="NO"
117 echo -n ' NO IPNAT RULES'
118 fi
119 ;;
120 esac
121 # restore filter/NAT state tables after loading the rules
122 case "${ipfs_enable}" in
123 [Yy][Ee][Ss])
124 if [ -r "/var/db/ipf/ipstate.ipf" ]; then
125 echo -n ' ipfs'
126 ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
127 # remove files to avoid reloading old state
128 # after an ungraceful shutdown
129 rm -f /var/db/ipf/ipstate.ipf
130 rm -f /var/db/ipf/ipnat.ipf
131 fi
132 ;;
133 esac
134 ;;
135 esac
136
137 # Set the domainname if we're using NIS
138 #
139 case ${nisdomainname} in
140 [Nn][Oo] | '')
141 ;;
142 *)
143 domainname ${nisdomainname}
144 echo -n ' domain'
145 ;;
146 esac
147
148 echo '.'
149
150 # Initial ATM interface configuration
151 #
152 case ${atm_enable} in
153 [Yy][Ee][Ss])
154 if [ -r /etc/rc.atm ]; then
155 . /etc/rc.atm
156 atm_pass1
157 fi
158 ;;
159 esac
160
161 # Attempt to create cloned interfaces.
162 for ifn in ${cloned_interfaces}; do
163 ifconfig ${ifn} create
164 done
165
166 # Special options for sppp(4) interfaces go here. These need
167 # to go _before_ the general ifconfig section, since in the case
168 # of hardwired (no link1 flag) but required authentication, you
169 # cannot pass auth parameters down to the already running interface.
170 #
171 for ifn in ${sppp_interfaces}; do
172 eval spppcontrol_args=\$spppconfig_${ifn}
173 if [ -n "${spppcontrol_args}" ]; then
174 # The auth secrets might contain spaces; in order
175 # to retain the quotation, we need to eval them
176 # here.
177 eval spppcontrol ${ifn} ${spppcontrol_args}
178 fi
179 done
180
181 # gifconfig
182 network_gif_setup
183
184 # Set up all the network interfaces, calling startup scripts if needed
185 #
186 case ${network_interfaces} in
187 [Aa][Uu][Tt][Oo])
188 network_interfaces="`ifconfig -l`"
189 ;;
190 *)
191 network_interfaces="${network_interfaces} ${cloned_interfaces}"
192 ;;
193 esac
194
195 dhcp_interfaces=""
196 for ifn in ${network_interfaces}; do
197 if [ -r /etc/start_if.${ifn} ]; then
198 . /etc/start_if.${ifn}
199 eval showstat_$ifn=1
200 fi
201
202 # Do the primary ifconfig if specified
203 #
204 eval ifconfig_args=\$ifconfig_${ifn}
205
206 case ${ifconfig_args} in
207 '')
208 ;;
209 [Dd][Hh][Cc][Pp])
210 # DHCP inits are done all in one go below
211 dhcp_interfaces="$dhcp_interfaces $ifn"
212 eval showstat_$ifn=1
213 ;;
214 *)
215 ifconfig ${ifn} ${ifconfig_args}
216 eval showstat_$ifn=1
217 ;;
218 esac
219 done
220
221 if [ ! -z "${dhcp_interfaces}" ]; then
222 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
223 fi
224
225 for ifn in ${network_interfaces}; do
226 # Check to see if aliases need to be added
227 #
228 alias=0
229 while : ; do
230 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
231 if [ -n "${ifconfig_args}" ]; then
232 ifconfig ${ifn} ${ifconfig_args} alias
233 eval showstat_$ifn=1
234 alias=$((${alias} + 1))
235 else
236 break;
237 fi
238 done
239
240 # Do ipx address if specified
241 #
242 eval ifconfig_args=\$ifconfig_${ifn}_ipx
243 if [ -n "${ifconfig_args}" ]; then
244 ifconfig ${ifn} ${ifconfig_args}
245 eval showstat_$ifn=1
246 fi
247 done
248
249 for ifn in ${network_interfaces}; do
250 eval showstat=\$showstat_${ifn}
251 if [ ! -z ${showstat} ]; then
252 ifconfig ${ifn}
253 fi
254 done
255
256 # ISDN subsystem startup
257 #
258 case ${isdn_enable} in
259 [Yy][Ee][Ss])
260 if [ -r /etc/rc.isdn ]; then
261 . /etc/rc.isdn
262 fi
263 ;;
264 esac
265
266 # Start user ppp if required. This must happen before natd.
267 #
268 case ${ppp_enable} in
269 [Yy][Ee][Ss])
270 # Establish ppp mode.
271 #
272 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
273 -a "${ppp_mode}" != "dedicated" \
274 -a "${ppp_mode}" != "background" ]; then
275 ppp_mode="auto"
276 fi
277
278 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
279
280 # Switch on NAT mode?
281 #
282 case ${ppp_nat} in
283 [Yy][Ee][Ss])
284 ppp_command="${ppp_command} -nat"
285 ;;
286 esac
287
288 ppp_command="${ppp_command} ${ppp_profile}"
289
290 echo "Starting ppp as \"${ppp_user}\""
291 su -m ${ppp_user} -c "exec ${ppp_command}"
292 ;;
293 esac
294
295 # Re-Sync ipfilter so it picks up any new network interfaces
296 #
297 case ${ipfilter_active} in
298 [Yy][Ee][Ss])
299 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
300 ;;
301 esac
302 unset ipfilter_active
303
304 # Initialize IP filtering using ipfw
305 #
306 if /sbin/ipfw -q flush > /dev/null 2>&1; then
307 firewall_in_kernel=1
308 else
309 firewall_in_kernel=0
310 fi
311
312 case ${firewall_enable} in
313 [Yy][Ee][Ss])
314 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
315 firewall_in_kernel=1
316 echo 'Kernel firewall module loaded'
317 elif [ "${firewall_in_kernel}" -eq 0 ]; then
318 echo 'Warning: firewall kernel module failed to load'
319 fi
320 ;;
321 esac
322
323 # Load the filters if required
324 #
325 case ${firewall_in_kernel} in
326 1)
327 if [ -z "${firewall_script}" ]; then
328 firewall_script=/etc/rc.firewall
329 fi
330
331 case ${firewall_enable} in
332 [Yy][Ee][Ss])
333 if [ -r "${firewall_script}" ]; then
334 . "${firewall_script}"
335 echo -n 'Firewall rules loaded, starting divert daemons:'
336
337 # Network Address Translation daemon
338 #
339 case ${natd_enable} in
340 [Yy][Ee][Ss])
341 if [ -n "${natd_interface}" ]; then
342 if echo ${natd_interface} | \
343 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
344 natd_flags="$natd_flags -a ${natd_interface}"
345 else
346 natd_flags="$natd_flags -n ${natd_interface}"
347 fi
348 fi
349 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
350 ;;
351 esac
352
353 echo '.'
354
355 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
356 echo 'Warning: kernel has firewall functionality,' \
357 'but firewall rules are not enabled.'
358 echo ' All ip services are disabled.'
359 fi
360
361 case ${firewall_logging} in
362 [Yy][Ee][Ss] | '')
363 echo 'Firewall logging=YES'
364 sysctl net.inet.ip.fw.verbose=1 >/dev/null
365 ;;
366 *)
367 ;;
368 esac
369
370 ;;
371 esac
372 ;;
373 esac
374
375 # Additional ATM interface configuration
376 #
377 if [ -n "${atm_pass1_done}" ]; then
378 atm_pass2
379 fi
380
381 # Configure routing
382 #
383 case ${defaultrouter} in
384 [Nn][Oo] | '')
385 ;;
386 *)
387 static_routes="default ${static_routes}"
388 route_default="default ${defaultrouter}"
389 ;;
390 esac
391
392 # Set up any static routes. This should be done before router discovery.
393 #
394 if [ -n "${static_routes}" ]; then
395 for i in ${static_routes}; do
396 eval route_args=\$route_${i}
397 route add ${route_args}
398 done
399 fi
400
401 echo -n 'Additional routing options:'
402 case ${tcp_extensions} in
403 [Yy][Ee][Ss] | '')
404 ;;
405 *)
406 echo -n ' tcp extensions=NO'
407 sysctl net.inet.tcp.rfc1323=0 >/dev/null
408 ;;
409 esac
410
411 case ${icmp_bmcastecho} in
412 [Yy][Ee][Ss])
413 echo -n ' broadcast ping responses=YES'
414 sysctl net.inet.icmp.bmcastecho=1 >/dev/null
415 ;;
416 esac
417
418 case ${icmp_drop_redirect} in
419 [Yy][Ee][Ss])
420 echo -n ' ignore ICMP redirect=YES'
421 sysctl net.inet.icmp.drop_redirect=1 >/dev/null
422 ;;
423 esac
424
425 case ${icmp_log_redirect} in
426 [Yy][Ee][Ss])
427 echo -n ' log ICMP redirect=YES'
428 sysctl net.inet.icmp.log_redirect=1 >/dev/null
429 ;;
430 esac
431
432 case ${gateway_enable} in
433 [Yy][Ee][Ss])
434 echo -n ' IP gateway=YES'
435 sysctl net.inet.ip.forwarding=1 >/dev/null
436 ;;
437 esac
438
439 case ${forward_sourceroute} in
440 [Yy][Ee][Ss])
441 echo -n ' do source routing=YES'
442 sysctl net.inet.ip.sourceroute=1 >/dev/null
443 ;;
444 esac
445
446 case ${accept_sourceroute} in
447 [Yy][Ee][Ss])
448 echo -n ' accept source routing=YES'
449 sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
450 ;;
451 esac
452
453 case ${tcp_keepalive} in
454 [Yy][Ee][Ss])
455 echo -n ' TCP keepalive=YES'
456 sysctl net.inet.tcp.always_keepalive=1 >/dev/null
457 ;;
458 esac
459
460 case ${tcp_drop_synfin} in
461 [Yy][Ee][Ss])
462 echo -n ' drop SYN+FIN packets=YES'
463 sysctl net.inet.tcp.drop_synfin=1 >/dev/null
464 ;;
465 esac
466
467 case ${ipxgateway_enable} in
468 [Yy][Ee][Ss])
469 echo -n ' IPX gateway=YES'
470 sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
471 ;;
472 esac
473
474 case ${arpproxy_all} in
475 [Yy][Ee][Ss])
476 echo -n ' ARP proxyall=YES'
477 sysctl net.link.ether.inet.proxyall=1 >/dev/null
478 ;;
479 esac
480
481 case ${ip_portrange_first} in
482 [Nn][Oo] | '')
483 ;;
484 *)
485 echo -n " ip_portrange_first=$ip_portrange_first"
486 sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
487 ;;
488 esac
489
490 case ${ip_portrange_last} in
491 [Nn][Oo] | '')
492 ;;
493 *)
494 echo -n " ip_portrange_last=$ip_portrange_last"
495 sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
496 ;;
497 esac
498
499 echo '.'
500
501 case ${ipsec_enable} in
502 [Yy][Ee][Ss])
503 if [ -f ${ipsec_file} ]; then
504 echo ' ipsec: enabled'
505 setkey -f ${ipsec_file}
506 else
507 echo ' ipsec: file not found'
508 fi
509 ;;
510 esac
511
512 echo -n 'Routing daemons:'
513 case ${router_enable} in
514 [Yy][Ee][Ss])
515 echo -n " ${router}"; ${router} ${router_flags}
516 ;;
517 esac
518
519 case ${ipxrouted_enable} in
520 [Yy][Ee][Ss])
521 echo -n ' IPXrouted'
522 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
523 ;;
524 esac
525
526 case ${mrouted_enable} in
527 [Yy][Ee][Ss])
528 echo -n ' mrouted'; mrouted ${mrouted_flags}
529 ;;
530 esac
531
532 case ${rarpd_enable} in
533 [Yy][Ee][Ss])
534 echo -n ' rarpd'; rarpd ${rarpd_flags}
535 ;;
536 esac
537 echo '.'
538
539 # Let future generations know we made it.
540 #
541 network_pass1_done=YES
542}
543
544network_pass2() {
545 echo -n 'Doing additional network setup:'
546 case ${named_enable} in
547 [Yy][Ee][Ss])
548 echo -n ' named'; ${named_program:-named} ${named_flags}
549 ;;
550 esac
551
552 case ${ntpdate_enable} in
553 [Yy][Ee][Ss])
554 echo -n ' ntpdate'
555 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
556 ;;
557 esac
558
559 case ${xntpd_enable} in
560 [Yy][Ee][Ss])
561 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags}
562 ;;
563 esac
564
565 case ${timed_enable} in
566 [Yy][Ee][Ss])
567 echo -n ' timed'; timed ${timed_flags}
568 ;;
569 esac
570
571 case ${portmap_enable} in
572 [Yy][Ee][Ss])
573 echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
574 ;;
575 esac
576
577 # Start ypserv if we're an NIS server.
578 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
579 #
580 case ${nis_server_enable} in
581 [Yy][Ee][Ss])
582 echo -n ' ypserv'; ypserv ${nis_server_flags}
583
584 case ${nis_ypxfrd_enable} in
585 [Yy][Ee][Ss])
586 echo -n ' rpc.ypxfrd'
587 rpc.ypxfrd ${nis_ypxfrd_flags}
588 ;;
589 esac
590
591 case ${nis_yppasswdd_enable} in
592 [Yy][Ee][Ss])
593 echo -n ' rpc.yppasswdd'
594 rpc.yppasswdd ${nis_yppasswdd_flags}
595 ;;
596 esac
597 ;;
598 esac
599
600 # Start ypbind if we're an NIS client
601 #
602 case ${nis_client_enable} in
603 [Yy][Ee][Ss])
604 echo -n ' ypbind'; ypbind ${nis_client_flags}
605 case ${nis_ypset_enable} in
606 [Yy][Ee][Ss])
607 echo -n ' ypset'; ypset ${nis_ypset_flags}
608 ;;
609 esac
610 ;;
611 esac
612
613 # Start keyserv if we are running Secure RPC
614 #
615 case ${keyserv_enable} in
616 [Yy][Ee][Ss])
617 echo -n ' keyserv'; keyserv ${keyserv_flags}
618 ;;
619 esac
620
621 # Start ypupdated if we are running Secure RPC and we are NIS master
622 #
623 case ${rpc_ypupdated_enable} in
624 [Yy][Ee][Ss])
625 echo -n ' rpc.ypupdated'; rpc.ypupdated
626 ;;
627 esac
628
629 # Start ATM daemons
630 if [ -n "${atm_pass2_done}" ]; then
631 atm_pass3
632 fi
633
634 echo '.'
635 network_pass2_done=YES
636}
637
638network_pass3() {
639 echo -n 'Starting final network daemons:'
640
641 case ${nfs_server_enable} in
642 [Yy][Ee][Ss])
643 if [ -r /etc/exports ]; then
644 echo -n ' mountd'
645
646 case ${weak_mountd_authentication} in
647 [Yy][Ee][Ss])
648 mountd_flags="${mountd_flags} -n"
649 ;;
650 esac
651
652 mountd ${mountd_flags}
653
654 case ${nfs_reserved_port_only} in
655 [Yy][Ee][Ss])
656 echo -n ' NFS on reserved port only=YES'
657 sysctl vfs.nfs.nfs_privport=1 >/dev/null
658 ;;
659 esac
660
661 echo -n ' nfsd'; nfsd ${nfs_server_flags}
662
663 case ${rpc_lockd_enable} in
664 [Yy][Ee][Ss])
665 echo -n ' rpc.lockd'; rpc.lockd
666 ;;
667 esac
668
669 case ${rpc_statd_enable} in
670 [Yy][Ee][Ss])
671 echo -n ' rpc.statd'; rpc.statd
672 ;;
673 esac
674 fi
675 ;;
676 *)
677 case ${single_mountd_enable} in
678 [Yy][Ee][Ss])
679 if [ -r /etc/exports ]; then
680 echo -n ' mountd'
681
682 case ${weak_mountd_authentication} in
683 [Yy][Ee][Ss])
684 mountd_flags="-n"
685 ;;
686 esac
687
688 mountd ${mountd_flags}
689 fi
690 ;;
691 esac
692 ;;
693 esac
694
695 case ${nfs_client_enable} in
696 [Yy][Ee][Ss])
697 nfs_in_kernel=0
698 # Handle absent nfs client support
699 if sysctl vfs.nfs >/dev/null 2>&1; then
700 nfs_in_kernel=1
701 else
702 kldload nfs && nfs_in_kernel=1
703 fi
704 if [ ${nfs_in_kernel} -eq 1 ]
705 then
706 echo -n ' nfsiod'; nfsiod ${nfs_client_flags}
707 if [ -n "${nfs_access_cache}" ]; then
708 echo -n " NFS access cache time=${nfs_access_cache}"
709 sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
710 fi
711
712 if [ -n "${nfs_bufpackets}" ]; then
713 sysctl vfs.nfs.bufpackets=${nfs_bufpackets} \
714 > /dev/null
715 fi
716
717 case ${amd_enable} in
718 [Yy][Ee][Ss])
719 echo -n ' amd'
720 case ${amd_map_program} in
721 [Nn][Oo] | '')
722 ;;
723 *)
724 amd_flags="${amd_flags} `eval \
725 ${amd_map_program}`"
726 ;;
727 esac
728
729 case "${amd_flags}" in
730 '')
731 if [ -r /etc/amd.conf ]; then
732 amd &
733 else
734 echo ''
735 echo 'Warning: amd will not load without arguments'
736 fi
737 ;;
738 *)
739 amd -p ${amd_flags} >/var/run/amd.pid \
740 2>/dev/null &
741 ;;
742 esac
743 ;;
744 esac
745 fi
746 ;;
747 esac
748
749 # If /var/db/mounttab exists, some nfs-server has not been
750 # sucessfully notified about a previous client shutdown.
751 # If there is no /var/db/mounttab, we do nothing.
752 if [ -f /var/db/mounttab ]; then
753 rpc.umntall -k
754 fi
755
756 case ${rwhod_enable} in
757 [Yy][Ee][Ss])
758 echo -n ' rwhod'; rwhod ${rwhod_flags}
759 ;;
760 esac
761
762 # Kerberos servers run ONLY on the Kerberos server machine
763 case ${kerberos_server_enable} in
764 [Yy][Ee][Ss])
765 case ${kerberos_stash} in
766 [Yy][Ee][Ss])
767 stash_flag=-n
768 ;;
769 *)
770 stash_flag=
771 ;;
772 esac
773
774 echo -n ' kerberosIV'
775 kerberos ${stash_flag} >> /var/log/kerberos.log &
776
777 case ${kadmind_server_enable} in
778 [Yy][Ee][Ss])
779 echo -n ' kadmindIV'
780 (
781 sleep 20;
782 kadmind ${stash_flag} >/dev/null 2>&1 &
783 ) &
784 ;;
785 esac
786 unset stash_flag
787 ;;
788 esac
789
790 case ${kerberos5_server_enable} in
791 [Yy][Ee][Ss])
792 echo -n ' kerberos5'
793 ${kerberos5_server} &
794
795 case ${kadmind5_server_enable} in
796 [Yy][Ee][Ss])
797 echo -n ' kadmind5'
798 ${kadmind5_server} &
799 ;;
800 esac
801 ;;
802 esac
803
804 case ${pppoed_enable} in
805 [Yy][Ee][Ss])
806 if [ -n "${pppoed_provider}" ]; then
807 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
808 fi
809 echo -n ' pppoed';
810 _opts=$-; set -f
811 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
812 set +f; set -${_opts}
813 ;;
814 esac
815
816 case ${sshd_enable} in
817 [Yy][Ee][Ss])
818 if [ -x /usr/bin/ssh-keygen ]; then
819 if [ ! -f /etc/ssh/ssh_host_key ]; then
820 echo ' creating ssh1 RSA host key';
821 /usr/bin/ssh-keygen -t rsa1 -N "" \
822 -f /etc/ssh/ssh_host_key
823 fi
824 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
825 echo ' creating ssh2 RSA host key';
826 /usr/bin/ssh-keygen -t rsa -N "" \
827 -f /etc/ssh/ssh_host_rsa_key
828 fi
829 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
830 echo ' creating ssh2 DSA host key';
831 /usr/bin/ssh-keygen -t dsa -N "" \
832 -f /etc/ssh/ssh_host_dsa_key
833 fi
834 fi
835 ;;
836 esac
837
838 echo '.'
839 network_pass3_done=YES
840}
841
842network_pass4() {
843 echo -n 'Additional TCP options:'
844 case ${log_in_vain} in
845 [Nn][Oo] | '')
846 log_in_vain=0
847 ;;
848 [Yy][Ee][Ss])
849 log_in_vain=1
850 ;;
851 [0-9]*)
852 ;;
853 *)
854 echo " invalid log_in_vain setting: ${log_in_vain}"
855 log_in_vain=0
856 ;;
857 esac
858
859 if [ "${log_in_vain}" -ne 0 ]; then
860 echo -n " log_in_vain=${log_in_vain}"
861 sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
862 sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
863 fi
864
865 echo '.'
866 network_pass4_done=YES
867}
868
869network_gif_setup() {
870 case ${gif_interfaces} in
871 [Nn][Oo] | '')
872 ;;
873 *)
874 for i in ${gif_interfaces}; do
875 eval peers=\$gifconfig_$i
876 case ${peers} in
877 '')
878 continue
879 ;;
880 *)
881 ifconfig $i create >/dev/null 2>&1
882 ifconfig $i tunnel ${peers}
883 ifconfig $i up
884 ;;
885 esac
886 done
887 ;;
888 esac
889}
DragonFly Project Source