diff options
| author | sjg <sjg@FreeBSD.org> | 2013-09-05 20:18:59 +0000 |
|---|---|---|
| committer | sjg <sjg@FreeBSD.org> | 2013-09-05 20:18:59 +0000 |
| commit | 62bb1062226d3ce6a2350808256a25508978352d (patch) | |
| tree | 22b131dceb13c3df96da594fbaadb693504797c7 /etc | |
| parent | 72ab90509b3a51ab361bf710338f2ef44a4e360d (diff) | |
| parent | 04932445481c2cb89ff69a83b961bdef3d64757e (diff) | |
| download | FreeBSD-src-62bb1062226d3ce6a2350808256a25508978352d.zip FreeBSD-src-62bb1062226d3ce6a2350808256a25508978352d.tar.gz | |
Merge from head
Diffstat (limited to 'etc')
63 files changed, 2004 insertions, 737 deletions
diff --git a/etc/Makefile b/etc/Makefile index 81ef45a..6e2a716 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -22,6 +22,7 @@ BIN1= crontab \ hosts.equiv \ inetd.conf \ libalias.conf \ + libmap.conf \ login.access \ login.conf \ mac.conf \ @@ -143,6 +144,9 @@ MTREE+= BIND.chroot.dist MTREE+= BIND.include.dist .endif .endif +.if ${MK_DEBUG_FILES} != "no" +MTREE+= BSD.debug.dist +.endif PPPCNF= ppp.conf @@ -312,6 +316,9 @@ MTREES= mtree/BSD.root.dist / \ mtree/BSD.var.dist /var \ mtree/BSD.usr.dist /usr \ mtree/BSD.include.dist /usr/include +.if ${MK_DEBUG_FILES} != "no" +MTREES+= mtree/BSD.debug.dist /usr/lib +.endif .if ${MK_BIND_LIBS} != "no" MTREES+= mtree/BIND.include.dist /usr/include .endif @@ -328,7 +335,7 @@ MTREES+= mtree/BSD.sendmail.dist / MTREES+= ../${mtree} / .endfor -distrib-dirs: +distrib-dirs: ${MTREES:N/*} @set ${MTREES}; \ while test $$# -ge 2; do \ m=${.CURDIR}/$$1; \ diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index e630e1d..9fb6859 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -128,7 +128,9 @@ daily_status_include_submit_mailq="YES" # Also submit queue # 450.status-security daily_status_security_enable="YES" # Security check -# See "Security options" below for more options +# See also "Security options" below for more options +daily_status_security_inline="NO" # Run inline ? +daily_status_security_output="root" # user or /file # 460.status-mail-rejects daily_status_mail_rejects_enable="YES" # Check mail rejects @@ -160,64 +162,6 @@ daily_scrub_zfs_default_threshold="35" # days between scrubs daily_local="/etc/daily.local" # Local scripts -# Security options - -# These options are used by the security periodic(8) scripts spawned in -# 450.status-security above. -daily_status_security_inline="NO" # Run inline ? -daily_status_security_output="root" # user or /file -daily_status_security_noamd="NO" # Don't check amd mounts -daily_status_security_logdir="/var/log" # Directory for logs -daily_status_security_diff_flags="-b -u" # flags for diff output - -# 100.chksetuid -daily_status_security_chksetuid_enable="YES" - -# 110.neggrpperm -daily_status_security_neggrpperm_enable="YES" - -# 200.chkmounts -daily_status_security_chkmounts_enable="YES" -#daily_status_security_chkmounts_ignore="^amd:" # Don't check matching - # FS types - -# 300.chkuid0 -daily_status_security_chkuid0_enable="YES" - -# 400.passwdless -daily_status_security_passwdless_enable="YES" - -# 410.logincheck -daily_status_security_logincheck_enable="YES" - -# 460.chkportsum -daily_status_security_chkportsum_enable="NO" # Check ports w/ wrong checksum - -# 500.ipfwdenied -daily_status_security_ipfwdenied_enable="YES" - -# 510.ipfdenied -daily_status_security_ipfdenied_enable="YES" - -# 520.pfdenied -daily_status_security_pfdenied_enable="YES" - -# 550.ipfwlimit -daily_status_security_ipfwlimit_enable="YES" - -# 610.ipf6denied -daily_status_security_ipf6denied_enable="YES" - -# 700.kernelmsg -daily_status_security_kernelmsg_enable="YES" - -# 800.loginfail -daily_status_security_loginfail_enable="YES" - -# 900.tcpwrap -daily_status_security_tcpwrap_enable="YES" - - # Weekly options # These options are used by periodic(8) itself to determine what to do @@ -248,6 +192,12 @@ weekly_status_pkg_enable="NO" # Find out-of-date pkgs pkg_version=pkg_version # Use this program pkg_version_index=/usr/ports/INDEX-10 # Use this index file +# 450.status-security +weekly_status_security_enable="YES" # Security check +# See also "Security options" above for more options +weekly_status_security_inline="NO" # Run inline ? +weekly_status_security_output="root" # user or /file + # 999.local weekly_local="/etc/weekly.local" # Local scripts @@ -267,15 +217,170 @@ monthly_show_badconfig="NO" # scripts returning 2 # 200.accounting monthly_accounting_enable="YES" # Login accounting +# 450.status-security +monthly_status_security_enable="YES" # Security check +# See also "Security options" above for more options +monthly_status_security_inline="NO" # Run inline ? +monthly_status_security_output="root" # user or /file + # 999.local monthly_local="/etc/monthly.local" # Local scripts +# Security options + +# These options are used by the security periodic(8) scripts spawned in +# daily and weekly 450.status-security. +security_status_logdir="/var/log" # Directory for logs +security_status_diff_flags="-b -u" # flags for diff output + +# Each of the security_status_*_period options below can have one of the +# following values: +# - NO: do not run at all +# - daily: only run during the daily security status +# - weekly: only run during the weekly security status +# - monthly: only run during the monthly security status +# Note that if periodic security scripts are run from crontab(5) directly, +# they will be run unless _enable or _period is set to "NO". + +# 100.chksetuid +security_status_chksetuid_enable="YES" +security_status_chksetuid_period="daily" + +# 110.neggrpperm +security_status_neggrpperm_enable="YES" +security_status_neggrpperm_period="daily" + +# 200.chkmounts +security_status_chkmounts_enable="YES" +security_status_chkmounts_period="daily" +#security_status_chkmounts_ignore="^amd:" # Don't check matching + # FS types +security_status_noamd="NO" # Don't check amd mounts + +# 300.chkuid0 +security_status_chkuid0_enable="YES" +security_status_chkuid0_period="daily" + +# 400.passwdless +security_status_passwdless_enable="YES" +security_status_passwdless_period="daily" + +# 410.logincheck +security_status_logincheck_enable="YES" +security_status_logincheck_period="daily" + +# 460.chkportsum +security_status_chkportsum_enable="NO" # Check ports w/ wrong checksum +security_status_chkportsum_period="daily" + +# 500.ipfwdenied +security_status_ipfwdenied_enable="YES" +security_status_ipfwdenied_period="daily" + +# 510.ipfdenied +security_status_ipfdenied_enable="YES" +security_status_ipfdenied_period="daily" + +# 520.pfdenied +security_status_pfdenied_enable="YES" +security_status_pfdenied_period="daily" + +# 550.ipfwlimit +security_status_ipfwlimit_enable="YES" +security_status_ipfwlimit_period="daily" + +# 610.ipf6denied +security_status_ipf6denied_enable="YES" +security_status_ipf6denied_period="daily" + +# 700.kernelmsg +security_status_kernelmsg_enable="YES" +security_status_kernelmsg_period="daily" + +# 800.loginfail +security_status_loginfail_enable="YES" +security_status_loginfail_period="daily" + +# 900.tcpwrap +security_status_tcpwrap_enable="YES" +security_status_tcpwrap_period="daily" + + + # Define source_periodic_confs, the mechanism used by /etc/periodic/*/* # scripts to source defaults/periodic.conf overrides safely. if [ -z "${source_periodic_confs_defined}" ]; then source_periodic_confs_defined=yes + + # Compatibility with old daily variable names. + # They can be removed in stable/11. + security_daily_compat_var() { + local var=$1 dailyvar value + + dailyvar=daily_status_security${#status_security} + periodvar=${var%enable}period + eval value=\"\$$dailyvar\" + [ -z "$value" ] && return + echo "Warning: Variable \$$dailyvar is deprecated," \ + "use \$$var instead." >&2 + case "$value" in + [Yy][Ee][Ss]) + $var=YES + $periodvar=daily + ;; + *) + $var="$value" + ;; + esac + } + + check_yesno_period() { + local var="$1" periodvar value period + + eval value=\"\$$var\" + case "$value" in + [Yy][Ee][Ss]) ;; + *) return 1 ;; + esac + + periodvar=${var%enable}period + eval period=\"\$$periodvar\" + case "$PERIODIC" in + "security daily") + case "$period" in + [Dd][Aa][Ii][Ll][Yy]) return 0 ;; + *) return 1 ;; + esac + ;; + "security weekly") + case "$period" in + [Ww][Ee][Ee][Kk][Ll][Yy]) return 0 ;; + *) return 1 ;; + esac + ;; + "security monthly") + case "$period" in + [Mm][Oo][Nn][Tt][Hh][Ll][Yy]) return 0 ;; + *) return 1 ;; + esac + ;; + security) + # Run directly from crontab(5). + case "$period" in + [Nn][Oo]) return 1 ;; + *) return 0 ;; + esac + ;; + *) + echo "ASSERTION FAILED: Unexpected value for " \ + "\$PERIODIC: '$PERIODIC'" >&2 + exit 127 + ;; + esac + } + source_periodic_confs() { local i sourced_files diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 3760fc0..47d5145 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -32,7 +32,6 @@ early_late_divider="FILESYSTEMS" # Script that separates early/late always_force_depends="NO" # Set to check that indicated dependencies are # running during boot (can increase boot time). -swapfile="NO" # Set to name of swapfile if aux swapfile desired. apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO). apmd_enable="NO" # Run apmd to handle APM event from userland. apmd_flags="" # Flags to apmd (if enabled). @@ -84,15 +83,12 @@ geli_autodetach="YES" # Automatically detach on last close. #geli_da1_autodetach="NO" #geli_mirror_home_flags="-k /etc/geli/home.keys" -geli_swap_flags="-e aes -l 256 -s 4096 -d" # Options for GELI-encrypted - # swap partitions. - root_rw_mount="YES" # Set to NO to inhibit remounting root read-write. fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails. fsck_y_flags="" # Additional flags for fsck -y background_fsck="YES" # Attempt to run fsck in the background where possible. background_fsck_delay="60" # Time to wait (seconds) before starting the fsck. -netfs_types="nfs:NFS oldnfs:OLDNFS" # Net filesystems. +netfs_types="nfs:NFS oldnfs:OLDNFS smbfs:SMB" # Net filesystems. extra_netfs_types="NO" # List of network extra filesystem types for delayed # mount at startup (or NO). diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf index b1dc797..449b20b 100644 --- a/etc/devd/usb.conf +++ b/etc/devd/usb.conf @@ -8,61 +8,6 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x1290"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x1292"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x1294"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x1297"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; - match "vendor" "0x05ac"; - match "product" "0x12a8"; - match "intclass" "0xff"; - match "intsubclass" "0xfd"; - match "intprotocol" "0x01"; - action "kldload -n if_ipheth"; -}; - -nomatch 32 { - match "bus" "uhub[0-9]+"; - match "mode" "host"; match "vendor" "0x0104"; match "product" "0x00be"; action "kldload -n uipaq"; @@ -184,7 +129,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0403"; - match "product" "(0x6001|0x6004|0x6006|0x6006|0x6010|0x6011|0x6014|0x8372|0x9378|0x9379|0x937a|0x937c|0x9868|0x9e90|0x9f80|0xa6d0|0xabb8|0xb810|0xb811|0xb812|0xbaf8|0xbbe2|0xbca0|0xbca1|0xbca2|0xbca4|0xbcd8|0xbcd9|0xbcda|0xbdc8|0xbfd8|0xbfd9|0xbfda|0xbfdb|0xbfdc|0xc7d0|0xc850|0xc991|0xcaa0|0xcc48|0xcc49|0xcc4a|0xd010|0xd011|0xd012|0xd013|0xd014|0xd015|0xd016|0xd017|0xd070|0xd071|0xd388|0xd389|0xd38a|0xd38b|0xd38c|0xd38d|0xd38e|0xd38f|0xd578|0xd678|0xd738|0xd780|0xdaf8|0xdaf9|0xdafa|0xdafb|0xdafc|0xdafd|0xdafe|0xdaff|0xdc00|0xdc01|0xdd20|0xdf28|0xdf30|0xdf31|0xdf32|0xdf33|0xdf35|0xe000|0xe001|0xe002|0xe004|0xe006|0xe008|0xe009|0xe00a|0xe050|0xe0e8|0xe0e9|0xe0ea|0xe0eb|0xe0ec|0xe0ed|0xe0ee|0xe0ef|0xe0f0|0xe0f1|0xe0f2|0xe0f3|0xe0f4|0xe0f5|0xe0f6|0xe0f7|0xe40b|0xe520|0xe548|0xe6c8|0xe700|0xe729|0xe808|0xe809|0xe80a|0xe80b|0xe80c|0xe80d|0xe80e|0xe80f|0xe888|0xe889|0xe88a|0xe88b|0xe88c|0xe88d|0xe88e|0xe88f|0xea90|0xebe0|0xec88|0xec89|0xed22|0xed71|0xed72|0xed73|0xed74|0xee18|0xeee8|0xeee9|0xeeea|0xeeeb|0xeeec|0xeeed|0xeeee|0xeeef|0xef50|0xef51|0xf068|0xf069|0xf06a|0xf06b|0xf06c|0xf06d|0xf06e|0xf06f|0xf070|0xf0c0|0xf0c8|0xf208|0xf2d0|0xf3c0|0xf3c1|0xf3c2|0xf448|0xf449|0xf44a|0xf44b|0xf44c|0xf460|0xf608|0xf60b|0xf680|0xf850|0xf857|0xf9d0|0xf9d1|0xf9d2|0xf9d3|0xf9d4|0xf9d5|0xfa00|0xfa01|0xfa02|0xfa03|0xfa04|0xfa05|0xfa06|0xfa10|0xfa33|0xfa88|0xfad0|0xfaf0|0xfb58|0xfb59|0xfb5a|0xfb5b|0xfb5c|0xfb5d|0xfb5e|0xfb5f|0xfb80|0xfb99|0xfbfa|0xfc08|0xfc09|0xfc0a|0xfc0b|0xfc0c|0xfc0d|0xfc0e|0xfc0f|0xfc60|0xfc70|0xfc71|0xfc72|0xfc73|0xfc82|0xfd60|0xfe38|0xff00|0xff18|0xff1c|0xff1d|0xff20|0xff38|0xff39|0xff3a|0xff3b|0xff3c|0xff3d|0xff3e|0xff3f|0xffa8)"; + match "product" "(0x6001|0x6004|0x6006|0x6006|0x6010|0x6011|0x6014|0x6015|0x8372|0x9378|0x9379|0x937a|0x937c|0x9868|0x9e90|0x9f80|0xa6d0|0xabb8|0xb810|0xb811|0xb812|0xbaf8|0xbbe2|0xbca0|0xbca1|0xbca2|0xbca4|0xbcd8|0xbcd9|0xbcda|0xbdc8|0xbfd8|0xbfd9|0xbfda|0xbfdb|0xbfdc|0xc7d0|0xc850|0xc991|0xcaa0|0xcc48|0xcc49|0xcc4a|0xd010|0xd011|0xd012|0xd013|0xd014|0xd015|0xd016|0xd017|0xd070|0xd071|0xd388|0xd389|0xd38a|0xd38b|0xd38c|0xd38d|0xd38e|0xd38f|0xd578|0xd678|0xd738|0xd780|0xdaf8|0xdaf9|0xdafa|0xdafb|0xdafc|0xdafd|0xdafe|0xdaff|0xdc00|0xdc01|0xdd20|0xdf28|0xdf30|0xdf31|0xdf32|0xdf33|0xdf35|0xe000|0xe001|0xe002|0xe004|0xe006|0xe008|0xe009|0xe00a|0xe050|0xe0e8|0xe0e9|0xe0ea|0xe0eb|0xe0ec|0xe0ed|0xe0ee|0xe0ef|0xe0f0|0xe0f1|0xe0f2|0xe0f3|0xe0f4|0xe0f5|0xe0f6|0xe0f7|0xe40b|0xe520|0xe548|0xe6c8|0xe700|0xe729|0xe808|0xe809|0xe80a|0xe80b|0xe80c|0xe80d|0xe80e|0xe80f|0xe888|0xe889|0xe88a|0xe88b|0xe88c|0xe88d|0xe88e|0xe88f|0xea90|0xebe0|0xec88|0xec89|0xed22|0xed71|0xed72|0xed73|0xed74|0xee18|0xeee8|0xeee9|0xeeea|0xeeeb|0xeeec|0xeeed|0xeeee|0xeeef|0xef50|0xef51|0xf068|0xf069|0xf06a|0xf06b|0xf06c|0xf06d|0xf06e|0xf06f|0xf070|0xf0c0|0xf0c8|0xf208|0xf2d0|0xf3c0|0xf3c1|0xf3c2|0xf448|0xf449|0xf44a|0xf44b|0xf44c|0xf460|0xf608|0xf60b|0xf680|0xf850|0xf857|0xf9d0|0xf9d1|0xf9d2|0xf9d3|0xf9d4|0xf9d5|0xfa00|0xfa01|0xfa02|0xfa03|0xfa04|0xfa05|0xfa06|0xfa10|0xfa33|0xfa88|0xfad0|0xfaf0|0xfb58|0xfb59|0xfb5a|0xfb5b|0xfb5c|0xfb5d|0xfb5e|0xfb5f|0xfb80|0xfb99|0xfbfa|0xfc08|0xfc09|0xfc0a|0xfc0b|0xfc0c|0xfc0d|0xfc0e|0xfc0f|0xfc60|0xfc70|0xfc71|0xfc72|0xfc73|0xfc82|0xfd60|0xfe38|0xff00|0xff18|0xff1c|0xff1d|0xff20|0xff38|0xff39|0xff3a|0xff3b|0xff3c|0xff3d|0xff3e|0xff3f|0xffa8)"; action "kldload -n uftdi"; }; @@ -351,6 +296,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x044e"; + match "product" "(0x3001|0x3002)"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0456"; match "product" "(0xf000|0xf001)"; action "kldload -n uftdi"; @@ -440,7 +393,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0489"; - match "product" "(0xe027|0xe02c|0xe036|0xe03c|0xe03d|0xe04e|0xe056|0xe057)"; + match "product" "(0xe027|0xe02c|0xe036|0xe03c|0xe03d|0xe042|0xe04e|0xe056|0xe057)"; action "kldload -n ng_ubt"; }; @@ -575,6 +528,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x04bf"; + match "product" "0x030a"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x04c5"; match "product" "(0x1058|0x1079)"; action "kldload -n uipaq"; @@ -584,7 +545,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x04ca"; - match "product" "(0x3005|0x3006|0x3008)"; + match "product" "(0x2003|0x3005|0x3006|0x3008)"; action "kldload -n ng_ubt"; }; @@ -679,6 +640,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x04f2"; + match "product" "(0xaff7|0xaff8|0xaff9|0xaffa|0xaffa)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0502"; match "product" "(0x1631|0x1632|0x16e1|0x16e2|0x16e3)"; action "kldload -n uipaq"; @@ -744,6 +713,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; + match "product" "0x1102"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; match "product" "0x1203"; action "kldload -n ubsa"; }; @@ -752,6 +729,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; + match "product" "(0x2102|0x2103)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; match "product" "0x4050"; action "kldload -n if_zyd"; }; @@ -808,7 +793,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; - match "product" "(0x8053|0x805c|0x815c|0x825a|0x825b)"; + match "product" "(0x8053|0x805c|0x815c)"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x815f"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; + match "product" "(0x825a|0x825b)"; action "kldload -n if_run"; }; @@ -816,6 +817,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x050d"; + match "product" "0x845a"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x050d"; match "product" "0x905b"; action "kldload -n if_rum"; }; @@ -831,6 +840,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x050d"; + match "product" "0x945a"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0525"; match "product" "(0x1080|0xa4a0)"; action "kldload -n udbp"; @@ -1039,6 +1056,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0586"; + match "product" "0x341f"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x058f"; match "product" "0x9720"; action "kldload -n uplcom"; @@ -1071,6 +1096,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x05ac"; + match "product" "(0x8213|0x8215|0x8218|0x821a|0x821b|0x821f|0x8281|0x828f)"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x05ad"; match "product" "0x0fba"; action "kldload -n uplcom"; @@ -1271,6 +1304,22 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x06f8"; + match "product" "(0xe031|0xe032)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x06f8"; + match "product" "0xe033"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0707"; match "product" "0x0100"; action "kldload -n if_kue"; @@ -1472,6 +1521,22 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x07aa"; + match "product" "0x0047"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; + match "product" "0x0056"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07aa"; match "product" "0x9601"; action "kldload -n if_udav"; }; @@ -1528,6 +1593,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x07b8"; + match "product" "(0x8178|0x8188|0x8189)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07b8"; match "product" "0xabc1"; action "kldload -n if_aue"; }; @@ -1560,6 +1633,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x07d1"; + match "product" "(0x3300|0x3302|0x3303)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x07d1"; match "product" "0x3a0c"; action "kldload -n if_uath"; }; @@ -1656,7 +1737,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x083a"; - match "product" "(0x6618|0x7511|0x7512|0x7522|0x8522|0xa512|0xa618|0xa701|0xa702|0xb522|0xc522|0xd522)"; + match "product" "(0x6618|0x7511|0x7512|0x7522|0x8522|0xa512|0xa618|0xa701|0xa702|0xb522)"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "0xc512"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x083a"; + match "product" "(0xc522|0xd522)"; action "kldload -n if_run"; }; @@ -1735,6 +1832,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0846"; + match "product" "(0x9021|0x9041)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0856"; match "product" "(0xac01|0xac02|0xac03|0xac11|0xac12|0xac16|0xac17|0xac18|0xac19|0xac25|0xac26|0xac27|0xac33|0xac34|0xac49|0xac50|0xba02)"; action "kldload -n uftdi"; @@ -1967,6 +2072,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0a5c"; + match "product" "0x21e1"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0acd"; match "product" "0x0300"; action "kldload -n uftdi"; @@ -2128,7 +2241,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0b05"; - match "product" "(0x1731|0x1732|0x1742|0x1760|0x1761|0x1784|0x1790|0x179d)"; + match "product" "(0x1731|0x1732|0x1742|0x1760|0x1761|0x1784)"; action "kldload -n if_run"; }; @@ -2136,6 +2249,54 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0b05"; + match "product" "0x1786"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x1790"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x1791"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x179d"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x17ab"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; + match "product" "0x17b5"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0b05"; match "product" "(0x4200|0x4201|0x4202|0x420f|0x9200|0x9202)"; action "kldload -n uipaq"; }; @@ -2240,6 +2401,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0bda"; + match "product" "(0x018a|0x317f)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; match "product" "0x8150"; action "kldload -n if_rue"; }; @@ -2248,13 +2417,85 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0bda"; - match "product" "(0x8187|0x8189|0x8197|0x8198)"; + match "product" "0x8170"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8171|0x8172|0x8173|0x8174)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8176|0x8177|0x8178|0x817a|0x817b|0x817c|0x817d|0x817e)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8187|0x8189)"; action "kldload -n if_urtw"; }; nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "0x818a"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8197|0x8198)"; + action "kldload -n if_urtw"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "(0x8712|0x8712)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "0x8754"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bda"; + match "product" "0xc512"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0bdb"; + match "product" "0x1002"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0bed"; match "product" "(0x1100|0x1101)"; action "kldload -n uslcom"; @@ -2279,6 +2520,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0c10"; + match "product" "0x0000"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0c26"; match "product" "(0x0004|0x0009|0x000a|0x000b|0x000c|0x000d|0x0010|0x0011|0x0012|0x0013|0x0018)"; action "kldload -n uftdi"; @@ -2552,7 +2801,7 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0df6"; - match "product" "(0x002b|0x002c|0x002d|0x0039|0x003b|0x003c|0x003d|0x003e|0x003f|0x0040|0x0041|0x0042|0x0047|0x0048|0x004a|0x004d)"; + match "product" "(0x002b|0x002c|0x002d|0x0039|0x003b|0x003c|0x003d|0x003e|0x003f|0x0040|0x0041|0x0042)"; action "kldload -n if_run"; }; @@ -2560,6 +2809,46 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0df6"; + match "product" "0x0045"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "(0x0047|0x0048|0x004a)"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x004b"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "0x004d"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; + match "product" "(0x0052|0x005c|0x0061)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0df6"; match "product" "0x061c"; action "kldload -n if_axe"; }; @@ -2616,6 +2905,22 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x0e66"; + match "product" "(0x0015|0x0016)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e66"; + match "product" "0x0019"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x0e66"; match "product" "0x400c"; action "kldload -n if_aue"; }; @@ -2639,6 +2944,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0e8d"; + match "product" "0x763f"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0ea0"; match "product" "0x6858"; action "kldload -n uplcom"; @@ -2671,6 +2984,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0eb0"; + match "product" "0x9071"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0eba"; match "product" "(0x1080|0x2080)"; action "kldload -n uplcom"; @@ -2791,6 +3112,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x1004"; + match "product" "0x618f"; + action "kldload -n u3g"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x100d"; match "product" "(0x9031|0x9032)"; action "kldload -n if_run"; @@ -2807,6 +3136,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x103c"; + match "product" "0x1629"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x103e"; match "product" "0x03e8"; action "kldload -n uftdi"; @@ -3304,6 +3641,22 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x13d3"; + match "product" "(0x3306|0x3309|0x3310|0x3311|0x3325)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13d3"; + match "product" "(0x3357|0x3358|0x3359)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x13d3"; match "product" "(0x3362|0x3375|0x3393)"; action "kldload -n ng_ubt"; }; @@ -3448,6 +3801,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x14b2"; + match "product" "(0x3300|0x3301|0x3302)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x14b2"; match "product" "0x3c02"; action "kldload -n if_ural"; }; @@ -3840,6 +4201,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x1740"; + match "product" "(0x9603|0x9605)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x1740"; match "product" "(0x9701|0x9702|0x9703|0x9705|0x9706|0x9707|0x9708|0x9709|0x9801)"; action "kldload -n if_run"; }; @@ -3856,7 +4225,23 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x177f"; - match "product" "(0x0153|0x0302|0x0313)"; + match "product" "0x0153"; + action "kldload -n if_run"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x177f"; + match "product" "0x0154"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x177f"; + match "product" "(0x0302|0x0313)"; action "kldload -n if_run"; }; @@ -3879,6 +4264,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x17ef"; + match "product" "0x7203"; + action "kldload -n if_axe"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x17f4"; match "product" "0xaaaa"; action "kldload -n uslcom"; @@ -4136,6 +4529,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2001"; + match "product" "(0x3307|0x3308|0x3309|0x330a|0x330d)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2001"; match "product" "(0x3a00|0x3a02|0x3a04)"; action "kldload -n if_uath"; }; @@ -4200,6 +4601,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2019"; + match "product" "(0x1201|0x4902)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; match "product" "0x5303"; action "kldload -n if_zyd"; }; @@ -4224,6 +4633,22 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x2019"; + match "product" "0xab28"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; + match "product" "(0xab2a|0xab2b|0xab2e)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x2019"; match "product" "0xab50"; action "kldload -n if_rum"; }; @@ -4255,6 +4680,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x2019"; + match "product" "0xed17"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x203d"; match "product" "(0x1480|0x14a1|0x14a9)"; action "kldload -n if_run"; @@ -4287,6 +4720,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x20f4"; + match "product" "(0x624d|0x648b)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x2100"; match "product" "(0x9e52|0x9e54)"; action "kldload -n uftdi"; @@ -4400,6 +4841,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x413c"; + match "product" "0x8197"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x413c"; match "product" "0x9500"; action "kldload -n uslcom"; }; @@ -4431,6 +4880,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x4855"; + match "product" "(0x0090|0x0091)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x5050"; match "product" "(0x0100|0x0101|0x0102|0x0103|0x0104|0x0105|0x0106|0x0107|0x0300|0x0301|0x0400|0x0500|0x0700|0x0800|0x0900|0x0a00|0x0b00|0x0c00|0x0d00|0x0e00|0x0f00|0x1000|0x8000|0x8001|0x8002|0x8003|0x8004|0x8005)"; action "kldload -n uftdi"; @@ -4520,6 +4977,14 @@ nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; match "vendor" "0x7392"; + match "product" "(0x7611|0x7612|0x7622)"; + action "kldload -n if_rsu"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x7392"; match "product" "(0x7711|0x7717|0x7718)"; action "kldload -n if_run"; }; @@ -4527,6 +4992,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x7392"; + match "product" "(0x7811|0x7822)"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x8516"; match "product" "(0x2070|0x2770|0x2870|0x3070|0x3071|0x3072|0x3572)"; action "kldload -n if_run"; @@ -4575,6 +5048,14 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x9846"; + match "product" "0x9041"; + action "kldload -n if_urtwn"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x9e88"; match "product" "0x9e8f"; action "kldload -n uftdi"; @@ -4599,6 +5080,36 @@ nomatch 32 { nomatch 32 { match "bus" "uhub[0-9]+"; match "mode" "host"; + match "vendor" "0x0489"; + match "intclass" "0xff"; + match "intsubclass" "0x01"; + match "intprotocol" "0x01"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "intclass" "0xff"; + match "intsubclass" "0x01"; + match "intprotocol" "0x01"; + action "kldload -n ng_ubt"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; + match "vendor" "0x05ac"; + match "intclass" "0xff"; + match "intsubclass" "0xfd"; + match "intprotocol" "0x01"; + action "kldload -n if_ipheth"; +}; + +nomatch 32 { + match "bus" "uhub[0-9]+"; + match "mode" "host"; match "vendor" "0x0a5c"; match "intclass" "0xff"; match "intsubclass" "0x01"; @@ -4749,5 +5260,5 @@ nomatch 32 { action "kldload -n umass"; }; -# 2422 USB entries processed +# 2537 USB entries processed diff --git a/etc/inetd.conf b/etc/inetd.conf index 8b8e604..77b4eda 100644 --- a/etc/inetd.conf +++ b/etc/inetd.conf @@ -58,8 +58,8 @@ # --allow-root path correctly or you open a trivial to exploit but # deadly security hole. # -#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here pserver -#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here kserver +#cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here pserver +#cvspserver stream tcp nowait root /usr/local/bin/cvs cvs --allow-root=/your/cvsroot/here kserver # # RPC based services (you MUST have rpcbind running to use these) # diff --git a/etc/libmap.conf b/etc/libmap.conf new file mode 100644 index 0000000..b2c91b2 --- /dev/null +++ b/etc/libmap.conf @@ -0,0 +1,2 @@ +# $FreeBSD$ +includedir /usr/local/etc/libmap.d diff --git a/etc/mtree/BSD.debug.dist b/etc/mtree/BSD.debug.dist new file mode 100644 index 0000000..ab75d0f --- /dev/null +++ b/etc/mtree/BSD.debug.dist @@ -0,0 +1,48 @@ +# $FreeBSD$ +# +# Please see the file src/etc/mtree/README before making changes to this file. +# + +/set type=dir uname=root gname=wheel mode=0755 +. + debug + bin + .. + boot + .. + lib + geom + .. + .. + libexec + .. + sbin + .. + usr + bin + .. + games + .. + lib + engines + .. + .. + lib32 + .. + libexec + bsdinstall + .. + lpr + ru + .. + .. + sendmail + .. + sm.bin + .. + .. + sbin + .. + .. + .. +.. diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist index 4ad7894..dbfbfc9 100644 --- a/etc/mtree/BSD.include.dist +++ b/etc/mtree/BSD.include.dist @@ -83,6 +83,8 @@ v1 ext .. + tr1 + .. .. .. cam @@ -92,7 +94,7 @@ .. .. clang - 3.2 + 3.3 .. .. crypto @@ -176,6 +178,8 @@ .. procfs .. + smbfs + .. udf .. unionfs diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist index 0064d10..636a5d2 100644 --- a/etc/mtree/BSD.usr.dist +++ b/etc/mtree/BSD.usr.dist @@ -38,8 +38,66 @@ .. lint .. + pkgconfig + .. .. libexec + bsdconfig + 020.docsinstall + include + .. + .. + 030.packages + include + .. + .. + 040.password + include + .. + .. + 050.diskmgmt + include + .. + .. + 070.usermgmt + include + .. + .. + 080.console + include + .. + .. + 090.timezone + include + .. + .. + 110.mouse + include + .. + .. + 120.networking + include + .. + .. + 130.security + include + .. + .. + 140.startup + include + .. + .. + 150.ttys + include + .. + .. + dot + include + .. + .. + include + .. + .. bsdinstall .. lpr @@ -60,7 +118,25 @@ share atf .. + bsdconfig + media + .. + networking + .. + packages + .. + password + .. + startup + .. + timezone + .. + usermgmt + .. + .. calendar + de_AT.ISO_8859-15 + .. de_DE.ISO8859-1 .. fr_FR.ISO8859-1 @@ -69,8 +145,14 @@ .. hu_HU.ISO8859-2 .. + pt_BR.ISO8859-1 + .. + pt_BR.UTF-8 + .. ru_RU.KOI8-R .. + ru_RU.UTF-8 + .. uk_UA.KOI8-U .. .. @@ -148,8 +230,6 @@ .. 27.nfsrfc .. - 28.cvs - .. .. smm 01.setup @@ -221,11 +301,9 @@ .. bootforth .. - csh + bsdconfig .. - cvs - contrib - .. + csh .. cvsup .. @@ -315,6 +393,10 @@ srcs .. .. + smbfs + print + .. + .. sunrpc dir .. diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist index 6a9a7f4..196ee42 100644 --- a/etc/mtree/BSD.var.dist +++ b/etc/mtree/BSD.var.dist @@ -23,6 +23,8 @@ remote uname=auditdistd gname=wheel mode=0700 .. .. + authpf uname=root gname=authpf mode=0770 + .. /set gname=wheel backups .. diff --git a/etc/mtree/Makefile b/etc/mtree/Makefile index 15da1bf..06aeb19 100644 --- a/etc/mtree/Makefile +++ b/etc/mtree/Makefile @@ -4,6 +4,7 @@ FILES= ${_BIND.chroot.dist} \ ${_BIND.include.dist} \ + ${_BSD.debug.dist} \ BSD.include.dist \ BSD.root.dist \ ${_BSD.sendmail.dist} \ @@ -16,6 +17,9 @@ _BIND.chroot.dist= BIND.chroot.dist _BIND.include.dist= BIND.include.dist .endif .endif +.if ${MK_DEBUG_FILES} != "no" +_BSD.debug.dist= BSD.debug.dist +.endif .if ${MK_GROFF} != "no" _BSD.groff.dist= BSD.groff.dist .endif diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf index 0b6d1ac..5f01106 100644 --- a/etc/namedb/named.conf +++ b/etc/namedb/named.conf @@ -153,6 +153,72 @@ zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +// Shared Address Space (RFC 6598) +zone "64.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "65.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "66.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "67.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "68.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "69.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "70.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "71.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "72.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "73.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "74.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "75.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "76.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "77.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "78.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "79.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "80.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "81.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "82.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "83.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "84.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "85.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "86.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "87.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "88.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "89.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "90.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "91.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "92.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "93.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "94.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "95.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "96.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "97.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "98.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "99.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "100.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "101.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "102.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "103.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "104.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "105.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "106.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "107.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "108.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "109.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "110.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "111.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "112.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "113.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "114.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "115.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "116.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "117.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "118.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "119.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "120.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "121.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "122.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "123.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "124.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "125.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "126.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; +zone "127.100.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; + // Link-local/APIPA (RFCs 3927, 5735 and 6303) zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; diff --git a/etc/network.subr b/etc/network.subr index f7a7241..7dfb328 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -24,6 +24,10 @@ # # $FreeBSD$ # +IFCONFIG_CMD="/sbin/ifconfig" + +# Maximum number of addresses expanded from a address range specification. +_IPEXPANDMAX=31 # # Subroutines commonly used from network startup scripts. @@ -94,7 +98,7 @@ ifconfig_up() # ifconfig_IF ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then - eval ifconfig $1 ${ifconfig_args} + eval ${IFCONFIG_CMD} $1 ${ifconfig_args} _cfg=0 fi @@ -109,9 +113,18 @@ ifconfig_up() # backward compatibility: $ipv6_enable case $ipv6_enable in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) - if ! checkyesno ipv6_gateway_enable; then - _ipv6_opts="${_ipv6_opts} accept_rtadv" - fi + case $1 in + bridge[0-9]*) + # No accept_rtadv by default on if_bridge(4) + # to avoid a conflict with the member + # interfaces. + ;; + *) + if ! checkyesno ipv6_gateway_enable; then + _ipv6_opts="${_ipv6_opts} accept_rtadv" + fi + ;; + esac ;; esac @@ -122,7 +135,7 @@ ifconfig_up() esac if [ -n "${_ipv6_opts}" ]; then - ifconfig $1 inet6 ${_ipv6_opts} + ${IFCONFIG_CMD} $1 inet6 ${_ipv6_opts} fi # ifconfig_IF_ipv6 @@ -136,8 +149,8 @@ ifconfig_up() ifconfig_args="inet6 ${ifconfig_args}" ;; esac - ifconfig $1 inet6 -ifdisabled - eval ifconfig $1 ${ifconfig_args} + ${IFCONFIG_CMD} $1 inet6 -ifdisabled + eval ${IFCONFIG_CMD} $1 ${ifconfig_args} _cfg=0 fi @@ -145,7 +158,7 @@ ifconfig_up() # ipv6_prefix_hostid_addr_common(). ifconfig_args=`get_if_var $1 ipv6_prefix_IF` if [ -n "${ifconfig_args}" ]; then - ifconfig $1 inet6 -ifdisabled + ${IFCONFIG_CMD} $1 inet6 -ifdisabled _cfg=0 fi @@ -154,24 +167,30 @@ ifconfig_up() if [ -n "${ifconfig_args}" ]; then warn "\$ipv6_ifconfig_$1 is obsolete." \ " Use ifconfig_$1_ipv6 instead." - ifconfig $1 inet6 -ifdisabled - eval ifconfig $1 inet6 ${ifconfig_args} + ${IFCONFIG_CMD} $1 inet6 -ifdisabled + eval ${IFCONFIG_CMD} $1 inet6 ${ifconfig_args} _cfg=0 fi fi + ifalias $1 link alias + ifalias $1 ether alias + if [ ${_cfg} -eq 0 ]; then - ifconfig $1 up + ${IFCONFIG_CMD} $1 up fi if wpaif $1; then /etc/rc.d/wpa_supplicant start $1 _cfg=0 # XXX: not sure this should count + elif hostapif $1; then + /etc/rc.d/hostapd start $1 + _cfg=0 fi if dhcpif $1; then if [ $_cfg -ne 0 ] ; then - ifconfig $1 up + ${IFCONFIG_CMD} $1 up fi if syncdhcpif $1; then /etc/rc.d/dhclient start $1 @@ -194,6 +213,9 @@ ifconfig_down() if wpaif $1; then /etc/rc.d/wpa_supplicant stop $1 _cfg=0 + elif hostapif $1; then + /etc/rc.d/hostapd stop $1 + _cfg=0 fi if dhcpif $1; then @@ -202,7 +224,7 @@ ifconfig_down() fi if ifexists $1; then - ifconfig $1 down + ${IFCONFIG_CMD} $1 down _cfg=0 fi @@ -272,6 +294,7 @@ ifconfig_getargs() [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ww][Pp][Aa]) ;; + [Hh][Oo][Ss][Tt][Aa][Pp]) ;; *) _args="$_args $_arg" ;; @@ -307,6 +330,15 @@ dhcpif() local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` + case $1 in + lo[0-9]*|\ + stf[0-9]*|\ + faith[0-9]*|\ + lp[0-9]*|\ + sl[0-9]*) + return 1 + ;; + esac if noafif $1; then return 1 fi @@ -372,6 +404,24 @@ wpaif() return 1 } +# hostapif if +# Returns 0 if the interface is a HOSTAP interface and 1 otherwise. +hostapif() +{ + local _tmpargs _arg + _tmpargs=`_ifconfig_getargs $1` + + for _arg in $_tmpargs; do + case $_arg in + [Hh][Oo][Ss][Tt][Aa][Pp]) + return 0 + ;; + esac + done + + return 1 +} + # afexists af # Returns 0 if the address family is enabled in the kernel # 1 otherwise. @@ -394,6 +444,9 @@ afexists() return 1 fi ;; + link|ether) + return 0 + ;; *) err 1 "afexists(): Unsupported address family: $_af" ;; @@ -480,7 +533,7 @@ ipv6_autoconfif() _if=$1 case $_if in - lo0|\ + lo[0-9]*|\ stf[0-9]*|\ faith[0-9]*|\ lp[0-9]*|\ @@ -506,9 +559,18 @@ ipv6_autoconfif() [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if checkyesno ipv6_gateway_enable; then return 1 - else - return 0 fi + case $1 in + bridge[0-9]*) + # No accept_rtadv by default on if_bridge(4) + # to avoid a conflict with the member + # interfaces. + return 1 + ;; + *) + return 0 + ;; + esac ;; esac @@ -539,7 +601,7 @@ ipv6_autoconfif() ifexists() { [ -z "$1" ] && return 1 - ifconfig -n $1 > /dev/null 2>&1 + ${IFCONFIG_CMD} -n $1 > /dev/null 2>&1 } # ipv4_up if @@ -554,11 +616,10 @@ ipv4_up() if [ "${_if}" = "lo0" ]; then ifconfig_args=`get_if_var ${_if} ifconfig_IF` if [ -z "${ifconfig_args}" ]; then - ifconfig ${_if} inet 127.0.0.1/8 alias + ${IFCONFIG_CMD} ${_if} inet 127.0.0.1/8 alias fi fi - ifalias_up ${_if} inet && _ret=0 - ipv4_addrs_common ${_if} alias && _ret=0 + ifalias ${_if} inet alias && _ret=0 return $_ret } @@ -575,7 +636,7 @@ ipv6_up() return 0 fi - ifalias_up ${_if} inet6 && _ret=0 + ifalias ${_if} inet6 alias && _ret=0 ipv6_prefix_hostid_addr_common ${_if} alias && _ret=0 ipv6_accept_rtadv_up ${_if} && _ret=0 @@ -591,26 +652,30 @@ ipv4_down() _ifs="^" _ret=1 - inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" + ifalias ${_if} inet -alias && _ret=0 + + inetList="`${IFCONFIG_CMD} ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" for _inet in $inetList ; do # get rid of extraneous line + case $_inet in + "") break ;; + \ inet\ *|inet\ *) ;; + *) continue ;; + esac [ -z "$_inet" ] && break _inet=`expr "$_inet" : '.*\(inet \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*'` IFS="$oldifs" - ifconfig ${_if} ${_inet} delete + ${IFCONFIG_CMD} ${_if} ${_inet} delete IFS="$_ifs" _ret=0 done IFS="$oldifs" - ifalias_down ${_if} inet && _ret=0 - ipv4_addrs_common ${_if} -alias && _ret=0 - return $_ret } @@ -629,9 +694,9 @@ ipv6_down() ipv6_accept_rtadv_down ${_if} && _ret=0 ipv6_prefix_hostid_addr_common ${_if} -alias && _ret=0 - ifalias_down ${_if} inet6 && _ret=0 + ifalias ${_if} inet6 -alias && _ret=0 - inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" + inetList="`${IFCONFIG_CMD} ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" @@ -642,7 +707,7 @@ ipv6_down() _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` IFS="$oldifs" - ifconfig ${_if} ${_inet6} -alias + ${IFCONFIG_CMD} ${_if} ${_inet6} -alias IFS="$_ifs" _ret=0 done @@ -651,234 +716,391 @@ ipv6_down() return $_ret } -# ipv4_addrs_common if action -# Evaluate the ifconfig_if_ipv4 arguments for interface $if and -# use $action to add or remove IPv4 addresses from $if. -ipv4_addrs_common() -{ - local _ret _if _action _cidr _cidr_addr - local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount - _ret=1 - _if=$1 - _action=$2 - - # get ipv4-addresses - cidr_addr=`get_if_var $_if ipv4_addrs_IF` - - for _cidr in ${cidr_addr}; do - _ipaddr=${_cidr%%/*} - _netmask="/"${_cidr##*/} - _range=${_ipaddr##*.} - _ipnet=${_ipaddr%.*} - _iplow=${_range%-*} - _iphigh=${_range#*-} - - # clear netmask when removing aliases - if [ "${_action}" = "-alias" ]; then - _netmask="" - fi - - _ipcount=${_iplow} - while [ "${_ipcount}" -le "${_iphigh}" ]; do - eval "ifconfig ${_if} ${_action} ${_ipnet}.${_ipcount}${_netmask}" - _ipcount=$((${_ipcount}+1)) - _ret=0 - - # only the first ipaddr in a subnet need the real netmask - if [ "${_action}" != "-alias" ]; then - _netmask="/32" - fi - done - done - - return $_ret -} - -# ifalias_up if af -# Configure aliases for network interface $if. +# ifalias if af action +# Configure or remove aliases for network interface $if. # It returns 0 if at least one alias was configured or -# 1 if there were none. +# removed, or 1 if there were none. # -ifalias_up() +ifalias() { local _ret _ret=1 + afexists $2 || return $_ret + case "$2" in - inet) - _ret=`ifalias_ipv4_up "$1"` - ;; - inet6) - _ret=`ifalias_ipv6_up "$1"` + inet|inet6|link|ether) + ifalias_af_common $1 $2 $3 && _ret=0 ;; esac return $_ret } -# ifalias_ipv4_up if -# Helper function for ifalias_up(). Handles IPv4. +# ifalias_expand_addr af action addr +# Expand address range ("N-M") specification in addr. +# "addr" must not include an address-family keyword. +# The results will include an address-family keyword. # -ifalias_ipv4_up() +ifalias_expand_addr() { - local _ret alias ifconfig_args - _ret=1 + local _af _action - # ifconfig_IF_aliasN which starts with "inet" - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - inet\ *) - ifconfig $1 ${ifconfig_args} alias && _ret=0 - ;; - inet6\ *) - ;; - "") - break - ;; - *) - warn "\$ifconfig_$1_alias${alias} needs " \ - "\"inet\" keyword for an IPv4 address." - ifconfig $1 ${ifconfig_args} alias && _ret=0 - ;; - esac - alias=$((${alias} + 1)) - done + _af=$1 + _action=$2 + shift 2 - return $_ret + afexists $_af || return + ifalias_expand_addr_$_af $_action $* } -# ifalias_ipv6_up if -# Helper function for ifalias_up(). Handles IPv6. +# ifalias_expand_addr_inet action addr +# Helper function for ifalias_expand_addr(). Handles IPv4. # -ifalias_ipv6_up() +ifalias_expand_addr_inet() { - local _ret alias ifconfig_args - _ret=1 + local _action _arg _cidr _cidr_addr _exargs + local _ipaddr _plen _range _iphead _iptail _iplow _iphigh _ipcount + local _retstr _c + _action=$1 + _arg=$2 + shift 2 + _exargs=$* + _retstr= + + case $_action:$_arg:$_exargs in + *:*--*) return ;; # invalid + tmp:*[0-9]-[0-9]*:*) # to be expanded + _action="alias" + ;; + *:*[0-9]-[0-9]*:*) # to be expanded + ;; + tmp:*:*netmask*) # already expanded w/ netmask option + echo ${_arg%/[0-9]*} $_exargs && return + ;; + tmp:*:*) # already expanded w/o netmask option + echo $_arg $_exargs && return + ;; + *:*:*netmask*) # already expanded w/ netmask option + echo inet ${_arg%/[0-9]*} $_exargs && return + ;; + *:*:*) # already expanded w/o netmask option + echo inet $_arg $_exargs && return + ;; + esac - # ifconfig_IF_aliasN which starts with "inet6" - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - inet6\ *) - ifconfig $1 ${ifconfig_args} alias && _ret=0 - ;; - "") - break - ;; + for _cidr in $_arg; do + _ipaddr=${_cidr%%/*} + _plen=${_cidr##*/} + # When subnet prefix length is not specified, use /32. + case $_plen in + $_ipaddr) _plen=32 ;; # "/" character not found esac - alias=$((${alias} + 1)) - done - # backward compatibility: ipv6_ifconfig_IF_aliasN. - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - "") - break + OIFS=$IFS + IFS=. set -- $_ipaddr + _range= + _iphead= + _iptail= + for _c in $@; do + case $_range:$_c in + :[0-9]*-[0-9]*) + _range=$_c ;; - *) - ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0 - warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ - " Use ifconfig_$1_aliasN instead." + :*) + _iphead="${_iphead}${_iphead:+.}${_c}" ;; - esac - alias=$((${alias} + 1)) + *:*) + _iptail="${_iptail}${_iptail:+.}${_c}" + ;; + esac + done + IFS=$OIFS + _iplow=${_range%-*} + _iphigh=${_range#*-} + + # clear netmask when removing aliases + if [ "$_action" = "-alias" ]; then + _plen="" + fi + + _ipcount=$_iplow + while [ "$_ipcount" -le "$_iphigh" ]; do + _retstr="${_retstr} ${_iphead}${_iphead:+.}${_ipcount}${_iptail:+.}${_iptail}${_plen:+/}${_plen}" + if [ $_ipcount -gt $(($_iplow + $_IPEXPANDMAX)) ]; then + warn "Range specification is too large (${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_iphigh}${_iptail:+.}${_iptail}). ${_iphead}${_iphead:+.}${_iplow}${_iptail:+.}${_iptail}-${_iphead}${_iphead:+.}${_ipcount}${_iptail:+.}${_iptail} was processed." + break + else + _ipcount=$(($_ipcount + 1)) + fi + # Forcibly set /32 for remaining aliases. + _plen=32 + done done - return $_ret + for _c in $_retstr; do + ifalias_expand_addr_inet $_action $_c $_exargs + done } -# ifalias_down if af -# Remove aliases for network interface $if. -# It returns 0 if at least one alias was removed or -# 1 if there were none. +# ifalias_expand_addr_inet6 action addr +# Helper function for ifalias_expand_addr(). Handles IPv6. # -ifalias_down() +ifalias_expand_addr_inet6() { - local _ret - _ret=1 - - case "$2" in - inet) - _ret=`ifalias_ipv4_down "$1"` - ;; - inet6) - _ret=`ifalias_ipv6_down "$1"` - ;; + local _action _arg _cidr _cidr_addr _exargs + local _ipaddr _plen _ipleft _ipright _iplow _iphigh _ipcount + local _ipv4part + local _retstr _c + _action=$1 + _arg=$2 + shift 2 + _exargs=$* + _retstr= + + case $_action:$_arg:$_exargs in + *:*--*:*) return ;; # invalid + tmp:*[0-9a-zA-Z]-[0-9a-zA-Z]*:*)# to be expanded + _action="alias" + ;; + *:*[0-9a-zA-Z]-[0-9a-zA-Z]*:*) # to be expanded + ;; + tmp:*:*prefixlen*) # already expanded w/ prefixlen option + echo ${_arg%/[0-9]*} $_exargs && return + ;; + tmp:*:*) # already expanded w/o prefixlen option + echo $_arg $_exargs && return + ;; + *:*:*prefixlen*) # already expanded w/ prefixlen option + echo inet6 ${_arg%/[0-9]*} $_exargs && return + ;; + *:*:*) # already expanded w/o prefixlen option + echo inet6 $_arg $_exargs && return + ;; esac - return $_ret + for _cidr in $_arg; do + _ipaddr="${_cidr%%/*}" + _plen="${_cidr##*/}" + + case $_action:$_ipaddr:$_cidr in + -alias:*:*) unset _plen ;; + *:$_cidr:$_ipaddr) unset _plen ;; + esac + + if [ "${_ipaddr%:*.*.*.*}" = "$_ipaddr" ]; then + # Handle !v4mapped && !v4compat addresses. + + # The default prefix length is 64. + case $_ipaddr:$_cidr in + $_cidr:$_ipaddr) _plen="64" ;; + esac + _ipleft=${_ipaddr%-*} + _ipright=${_ipaddr#*-} + _iplow=${_ipleft##*:} + _iphigh=${_ipright%%:*} + _ipleft=${_ipleft%:*} + _ipright=${_ipright#*:} + + if [ "$_iphigh" = "$_ipright" ]; then + unset _ipright + else + _ipright=:$_ipright + fi + + if [ -n "$_iplow" -a -n "$_iphigh" ]; then + _iplow=$((0x$_iplow)) + _iphigh=$((0x$_iphigh)) + _ipcount=$_iplow + while [ $_ipcount -le $_iphigh ]; do + _r=`printf "%s:%04x%s%s" \ + $_ipleft $_ipcount $_ipright \ + ${_plen:+/}$_plen` + _retstr="$_retstr $_r" + if [ $_ipcount -gt $(($_iplow + $_IPEXPANDMAX)) ] + then + warn "Range specification is too large $(printf '(%s:%04x%s-%s:%04x%s)' $_ipleft $_iplow $_ipright $_ipleft $_iphigh $_ipright). $(printf '%s:%04x%s-%s:%04x%s' $_ipleft $_iplow $_ipright $_ipleft $_ipcount $_ipright) was processed." + break + else + _ipcount=$(($_ipcount + 1)) + fi + done + else + _retstr="${_ipaddr}${_plen:+/}${_plen}" + fi + + for _c in $_retstr; do + ifalias_expand_addr_inet6 $_action $_c $_exargs + done + else + # v4mapped/v4compat should handle as an IPv4 alias + _ipv4part=${_ipaddr##*:} + + # Adjust prefix length if any. If not, set the + # default prefix length as 32. + case $_ipaddr:$_cidr in + $_cidr:$_ipaddr) _plen=32 ;; + *) _plen=$(($_plen - 96)) ;; + esac + + _retstr=`ifalias_expand_addr_inet \ + tmp ${_ipv4part}${_plen:+/}${_plen}` + for _c in $_retstr; do + ifalias_expand_addr_inet $_action $_c $_exargs + done + fi + done } -# ifalias_ipv4_down if -# Helper function for ifalias_down(). Handles IPv4. +# ifalias_af_common_handler if af action args +# Helper function for ifalias_af_common(). # -ifalias_ipv4_down() +ifalias_af_common_handler() { - local _ret alias ifconfig_args + local _ret _if _af _action _args _c _tmpargs + _ret=1 + _if=$1 + _af=$2 + _action=$3 + shift 3 + _args=$* + + case $_args in + ${_af}\ *) ;; + *) return ;; + esac - # ifconfig_IF_aliasN which starts with "inet" - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - inet\ *) - ifconfig $1 ${ifconfig_args} -alias && _ret=0 + # link(ether) does not support address removal. + case $_af:$_action in + link:-alias|ether:-alias) return ;; + esac + + _tmpargs= + for _c in $_args; do + case $_c in + ${_af}) + case $_tmpargs in + ${_af}\ *-*) + ifalias_af_common_handler $_if $_af $_action \ + `ifalias_expand_addr $_af $_action ${_tmpargs#${_af}\ }` ;; - "") - break + ${_af}\ *) + ${IFCONFIG_CMD} $_if $_tmpargs $_action && _ret=0 ;; + esac + _tmpargs=$_af + ;; + *) + _tmpargs="$_tmpargs $_c" + ;; esac - alias=$((${alias} + 1)) done + # Process the last component if any. + if [ -n "$_tmpargs}" ]; then + case $_tmpargs in + ${_af}\ *-*) + ifalias_af_common_handler $_if $_af $_action \ + `ifalias_expand_addr $_af $_action ${_tmpargs#${_af}\ }` + ;; + ${_af}\ *) + ${IFCONFIG_CMD} $_if $_tmpargs $_action && _ret=0 + ;; + esac + fi return $_ret } -# ifalias_ipv6_down if -# Helper function for ifalias_down(). Handles IPv6. +# ifalias_af_common if af action +# Helper function for ifalias(). # -ifalias_ipv6_down() +ifalias_af_common() { - local _ret alias ifconfig_args + local _ret _if _af _action alias ifconfig_args _aliasn _c _tmpargs _iaf + _ret=1 + _aliasn= + _if=$1 + _af=$2 + _action=$3 - # ifconfig_IF_aliasN which starts with "inet6" + # ifconfig_IF_aliasN which starts with $_af alias=0 while : ; do - ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - inet6\ *) - ifconfig $1 ${ifconfig_args} -alias && _ret=0 + ifconfig_args=`get_if_var $_if ifconfig_IF_alias${alias}` + _iaf= + case $ifconfig_args in + inet\ *) _iaf=inet ;; + inet6\ *) _iaf=inet6 ;; + ipx\ *) _iaf=ipx ;; + link\ *) _iaf=link ;; + ether\ *) _iaf=ether ;; + esac + + case ${_af}:${_action}:${_iaf}:"${ifconfig_args}" in + ${_af}:*:${_af}:*) + _aliasn="$_aliasn $ifconfig_args" ;; - "") + ${_af}:*:"":"") break ;; + inet:alias:"":*) + _aliasn="$_aliasn inet $ifconfig_args" + warn "\$ifconfig_${_if}_alias${alias} needs " \ + "\"inet\" keyword for an IPv4 address." esac - alias=$((${alias} + 1)) + alias=$(($alias + 1)) done # backward compatibility: ipv6_ifconfig_IF_aliasN. - alias=0 - while : ; do - ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` - case "${ifconfig_args}" in - "") - break + case $_af in + inet6) + alias=0 + while : ; do + ifconfig_args=`get_if_var $_if ipv6_ifconfig_IF_alias${alias}` + case ${_action}:"${ifconfig_args}" in + *:"") + break ;; - *) - ifconfig $1 inet6 ${ifconfig_args} -alias && _ret=0 - warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ - " Use ifconfig_$1_aliasN instead." + alias:*) + _aliasn="${_aliasn} inet6 ${ifconfig_args}" + warn "\$ipv6_ifconfig_${_if}_alias${alias} " \ + "is obsolete. Use ifconfig_$1_aliasN " \ + "instead." + ;; + esac + alias=$(($alias + 1)) + done + esac + + # backward compatibility: ipv4_addrs_IF. + for _tmpargs in `get_if_var $_if ipv4_addrs_IF`; do + _aliasn="$_aliasn inet $_tmpargs" + done + + # Handle ifconfig_IF_aliases, ifconfig_IF_aliasN, and the others. + _tmpargs= + for _c in `get_if_var $_if ifconfig_IF_aliases` $_aliasn; do + case $_c in + inet|inet6|ipx|link|ether) + case $_tmpargs in + ${_af}\ *) + eval ifalias_af_common_handler $_if $_af $_action $_tmpargs && _ret=0 ;; + esac + _tmpargs=$_c + ;; + *) + _tmpargs="$_tmpargs $_c" esac - alias=$((${alias} + 1)) done + # Process the last component + case $_tmpargs in + ${_af}\ *) + ifalias_af_common_handler $_if $_af $_action $_tmpargs && _ret=0 + ;; + esac return $_ret } @@ -888,25 +1110,31 @@ ifalias_ipv6_down() # ipv6_prefix_hostid_addr_common() { - local _if _action prefix laddr hostid j address + local _if _action prefix j _if=$1 _action=$2 prefix=`get_if_var ${_if} ipv6_prefix_IF` if [ -n "${prefix}" ]; then - laddr=`network6_getladdr ${_if}` - hostid=${laddr#fe80::} - hostid=${hostid%\%*} - for j in ${prefix}; do - address=$j\:${hostid} - ifconfig ${_if} inet6 ${address} prefixlen 64 ${_action} + # The default prefixlen is 64. + plen=${j#*/} + case $j:$plen in + $plen:$j) plen=64 ;; + *) j=${j%/*} ;; + esac + + # Normalize the last part by removing ":" + j=${j%::*} + j=${j%:} + ${IFCONFIG_CMD} ${_if} inet6 $j:: \ + prefixlen $plen eui64 ${_action} # if I am a router, add subnet router # anycast address (RFC 2373). if checkyesno ipv6_gateway_enable; then - ifconfig ${_if} inet6 $j:: prefixlen 64 \ - ${_action} anycast + ${IFCONFIG_CMD} ${_if} inet6 $j:: \ + prefixlen $plen ${_action} anycast fi done fi @@ -918,7 +1146,7 @@ ipv6_prefix_hostid_addr_common() ipv6_accept_rtadv_up() { if ipv6_autoconfif $1; then - ifconfig $1 inet6 accept_rtadv up + ${IFCONFIG_CMD} $1 inet6 accept_rtadv up if ! checkyesno rtsold_enable; then rtsol ${rtsol_flags} $1 fi @@ -930,7 +1158,7 @@ ipv6_accept_rtadv_up() ipv6_accept_rtadv_down() { if ipv6_autoconfif $1; then - ifconfig $1 inet6 -accept_rtadv + ${IFCONFIG_CMD} $1 inet6 -accept_rtadv fi } @@ -969,18 +1197,62 @@ ifscript_down() # clone_up() { - local _prefix _list ifn + local _prefix _list ifn ifopt _iflist _n tmpargs _prefix= _list= + _iflist=$* # create_args_IF for ifn in ${cloned_interfaces}; do - ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF` + # Parse ifn:ifopt. + OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS + case $_iflist in + ""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;; + *) continue ;; + esac + # Skip if ifn already exists. + if ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + continue + fi + ${IFCONFIG_CMD} ${ifn} create `get_if_var ${ifn} create_args_IF` + if [ $? -eq 0 ]; then + _list="${_list}${_prefix}${ifn}" + [ -z "$_prefix" ] && _prefix=' ' + fi + done + if [ -n "$gif_interfaces" ]; then + warn "\$gif_interfaces is obsolete. Use \$cloned_interfaces instead." + fi + for ifn in ${gif_interfaces}; do + # Parse ifn:ifopt. + OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS + case $_iflist in + ""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;; + *) continue ;; + esac + # Skip if ifn already exists. + if ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + continue + fi + case $ifn in + gif[0-9]*) + ${IFCONFIG_CMD} $ifn create + ;; + *) + _n=$(${IFCONFIG_CMD} gif create) + ${IFCONFIG_CMD} $_n name $ifn + ;; + esac if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' fi + tmpargs=$(get_if_var $ifn gifconfig_IF) + eval ifconfig_${ifn}=\"tunnel \$tmpargs\" done + if [ -n "${_list}" ]; then + echo "Created clone interfaces: ${_list}." + fi debug "Cloned: ${_list}" } @@ -990,17 +1262,42 @@ clone_up() # clone_down() { - local _prefix _list ifn + local _prefix _list ifn ifopt _iflist _sticky _prefix= _list= + _iflist=$* - for ifn in ${cloned_interfaces}; do - ifconfig -n ${ifn} destroy + : ${cloned_interfaces_sticky:=NO} + if checkyesno cloned_interfaces_sticky; then + _sticky=1 + else + _sticky=0 + fi + for ifn in ${cloned_interfaces} ${gif_interfaces}; do + # Parse ifn:ifopt. + OIFS=$IFS; IFS=:; set -- $ifn; ifn=$1; ifopt=$2; IFS=$OIFS + case $ifopt:$_sticky in + sticky:*) continue ;; # :sticky => not destroy + nosticky:*) ;; # :nosticky => destroy + *:1) continue ;; # global sticky knob == 1 + esac + case $_iflist in + ""|$ifn|$ifn\ *|*\ $ifn\ *|*\ $ifn) ;; + *) continue ;; + esac + # Skip if ifn does not exist. + if ! ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + continue + fi + ${IFCONFIG_CMD} -n ${ifn} destroy if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' fi done + if [ -n "${_list}" ]; then + echo "Destroyed clone interfaces: ${_list}." + fi debug "Destroyed clones: ${_list}" } @@ -1022,16 +1319,16 @@ childif_create() debug_flags="`get_if_var $child wlandebug_IF`" if expr $child : 'wlan[0-9][0-9]*$' >/dev/null 2>&1; then - ifconfig $child create ${create_args} && cfg=0 + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 if [ -n "${debug_flags}" ]; then wlandebug -i $child ${debug_flags} fi else - i=`ifconfig wlan create ${create_args}` + i=`${IFCONFIG_CMD} wlan create ${create_args}` if [ -n "${debug_flags}" ]; then wlandebug -i $i ${debug_flags} fi - ifconfig $i name $child && cfg=0 + ${IFCONFIG_CMD} $i name $child && cfg=0 fi if autoif $child; then ifn_start $child @@ -1049,14 +1346,14 @@ childif_create() if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then child="${ifn}.${child}" create_args=`get_if_var $child create_args_IF` - ifconfig $child create ${create_args} && cfg=0 + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 else create_args="vlandev $ifn `get_if_var $child create_args_IF`" if expr $child : 'vlan[0-9][0-9]*$' >/dev/null 2>&1; then - ifconfig $child create ${create_args} && cfg=0 + ${IFCONFIG_CMD} $child create ${create_args} && cfg=0 else - i=`ifconfig vlan create ${create_args}` - ifconfig $i name $child && cfg=0 + i=`${IFCONFIG_CMD} vlan create ${create_args}` + ${IFCONFIG_CMD} $i name $child && cfg=0 fi fi if autoif $child; then @@ -1080,7 +1377,7 @@ childif_destroy() if ! ifexists $child; then continue fi - ifconfig -n $child destroy && cfg=0 + ${IFCONFIG_CMD} -n $child destroy && cfg=0 done child_vlans=`get_if_var $ifn vlans_IF` @@ -1091,7 +1388,7 @@ childif_destroy() if ! ifexists $child; then continue fi - ifconfig -n $child destroy && cfg=0 + ${IFCONFIG_CMD} -n $child destroy && cfg=0 done return ${cfg} @@ -1124,32 +1421,6 @@ ng_create_one() done } -# gif_up -# Create gif(4) tunnel interfaces. -gif_up() -{ - local i peers - - for i in ${gif_interfaces}; do - peers=`get_if_var $i gifconfig_IF` - case ${peers} in - '') - continue - ;; - *) - if expr $i : 'gif[0-9][0-9]*$' >/dev/null 2>&1; then - ifconfig $i create >/dev/null 2>&1 - else - gif=`ifconfig gif create` - ifconfig $gif name $i - fi - ifconfig $i tunnel ${peers} - ifconfig $i up - ;; - esac - done -} - # ng_fec_create ifn # Configure Fast EtherChannel for interface $ifn. Returns 0 if # FEC arguments were found and configured; returns !0 otherwise. @@ -1210,7 +1481,7 @@ ipx_up() # ifconfig_IF_ipx ifconfig_args=`_ifconfig_getargs $ifn ipx` if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} + ${IFCONFIG_CMD} ${ifn} ${ifconfig_args} return 0 fi @@ -1227,7 +1498,7 @@ ipx_down() _if=$1 _ifs="^" _ret=1 - ipxList="`ifconfig ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`" + ipxList="`${IFCONFIG_CMD} ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" @@ -1238,7 +1509,7 @@ ipx_down() _ipx=`expr "$_ipx" : '.*\(ipx [0-9a-h]\{1,8\}H*\.[0-9a-h]\{1,12\}\).*'` IFS="$oldifs" - ifconfig ${_if} ${_ipx} delete + ${IFCONFIG_CMD} ${_if} ${_ipx} delete IFS="$_ifs" _ret=0 done @@ -1247,18 +1518,18 @@ ipx_down() return $_ret } -# ifnet_rename -# Rename all requested interfaces. +# ifnet_rename [ifname] +# Rename interfaces if ifconfig_IF_name is defined. # ifnet_rename() { local _if _ifname # ifconfig_IF_name - for _if in `ifconfig -l`; do + for _if in ${*:-$(${IFCONFIG_CMD} -l)}; do _ifname=`get_if_var $_if ifconfig_IF_name` if [ ! -z "$_ifname" ]; then - ifconfig $_if name $_ifname + ${IFCONFIG_CMD} $_if name $_ifname fi done @@ -1290,7 +1561,7 @@ list_net_interfaces() _tmplist= case ${network_interfaces} in [Aa][Uu][Tt][Oo]) - _autolist="`ifconfig -l`" + _autolist="`${IFCONFIG_CMD} -l`" _lo= for _if in ${_autolist} ; do if autoif $_if; then @@ -1398,7 +1669,7 @@ is_wired_interface() { local media - case `ifconfig $1 2>/dev/null` in + case `${IFCONFIG_CMD} $1 2>/dev/null` in *media:?Ethernet*) media=Ethernet ;; esac @@ -1410,25 +1681,27 @@ is_wired_interface() # If flag is defined, tentative ones will be excluded. network6_getladdr() { - local proto addr rest - ifconfig $1 2>/dev/null | while read proto addr rest; do - case ${proto} in - inet6) - case ${addr} in - fe80::*) - if [ -z "$2" ]; then - echo ${addr} - return - fi - case ${rest} in - *tentative*) - continue - ;; - *) - echo ${addr} - return - esac - esac + local _if _flag proto addr rest + _if=$1 + _flag=$2 + + ${IFCONFIG_CMD} $_if 2>/dev/null | while read proto addr rest; do + case "${proto}/${addr}/${_flag}/${rest}" in + inet6/fe80::*//*) + echo ${addr} + ;; + inet6/fe80:://*tentative*) # w/o flag + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + network6_getladdr $_if $_flags + ;; + inet6/fe80::/*/*tentative*) # w/ flag + echo ${addr} + ;; + *) + continue + ;; esac + + return done } diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index 76e0707..9572f84 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -32,6 +32,7 @@ /var/log/monthly.log 640 12 * $M1D0 JN /var/log/pflog 600 3 100 * JB /var/run/pflogd.pid /var/log/ppp.log root:network 640 3 100 * JC +/var/log/devd.log 644 3 100 * JC /var/log/security 600 10 100 * JC /var/log/sendmail.st 640 10 * 168 BN /var/log/utx.log 644 3 * @01T05 B diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security index 362bf3d..38a1c3c 100755 --- a/etc/periodic/daily/450.status-security +++ b/etc/periodic/daily/450.status-security @@ -18,19 +18,19 @@ case "$daily_status_security_enable" in case "$daily_status_security_inline" in [Yy][Ee][Ss]) - export security_output="";; + daily_status_security_output="";; + esac + + export security_output="${daily_status_security_output}" + case "${daily_status_security_output}" in + "") + rc=3;; + /*) + echo " (output logged separately)" + rc=0;; *) - export security_output="${daily_status_security_output}" - case "${daily_status_security_output}" in - "") - rc=3;; - /*) - echo " (output logged separately)" - rc=0;; - *) - echo " (output mailed separately)" - rc=0;; - esac;; + echo " (output mailed separately)" + rc=0;; esac periodic security || rc=3;; diff --git a/etc/periodic/daily/Makefile b/etc/periodic/daily/Makefile index b377be9..5a4e2d2 100644 --- a/etc/periodic/daily/Makefile +++ b/etc/periodic/daily/Makefile @@ -6,6 +6,7 @@ FILES= 100.clean-disks \ 110.clean-tmps \ 120.clean-preserve \ 200.backup-passwd \ + 210.backup-aliases \ 330.news \ 400.status-disks \ 401.status-graid \ @@ -51,7 +52,6 @@ FILES+= 140.clean-rwho \ .if ${MK_SENDMAIL} != "no" FILES+= 150.clean-hoststat \ - 210.backup-aliases \ 440.status-mailq \ 460.status-mail-rejects \ 500.queuerun diff --git a/etc/periodic/monthly/450.status-security b/etc/periodic/monthly/450.status-security new file mode 100755 index 0000000..027c896 --- /dev/null +++ b/etc/periodic/monthly/450.status-security @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$monthly_status_security_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Security check:" + + case "$monthly_status_security_inline" in + [Yy][Ee][Ss]) + monthly_status_security_output="";; + esac + + export security_output="${monthly_status_security_output}" + case "${monthly_status_security_output}" in + "") + rc=3;; + /*) + echo " (output logged separately)" + rc=0;; + *) + echo " (output mailed separately)" + rc=0;; + esac + + periodic security || rc=3;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/monthly/Makefile b/etc/periodic/monthly/Makefile index 77c1d66..d9e4969 100644 --- a/etc/periodic/monthly/Makefile +++ b/etc/periodic/monthly/Makefile @@ -2,7 +2,8 @@ .include <bsd.own.mk> -FILES= 999.local +FILES= 450.status-security \ + 999.local # NB: keep these sorted by MK_* knobs diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid index 5b93b20..95920a6 100755 --- a/etc/periodic/security/100.chksetuid +++ b/etc/periodic/security/100.chksetuid @@ -37,10 +37,12 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_chksetuid_enable + rc=0 -case "$daily_status_security_chksetuid_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_chksetuid_enable +then echo "" echo 'Checking setuid files and devices:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` @@ -49,10 +51,6 @@ case "$daily_status_security_chksetuid_enable" in \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ | check_diff setuid - "${host} setuid diffs:" rc=$? - ;; - *) - rc=0 - ;; -esac +fi exit $rc diff --git a/etc/periodic/security/110.neggrpperm b/etc/periodic/security/110.neggrpperm index 68d1e7b..1d545ac 100755 --- a/etc/periodic/security/110.neggrpperm +++ b/etc/periodic/security/110.neggrpperm @@ -35,10 +35,12 @@ then source_periodic_confs fi +security_daily_compat_var security_status_neggrpperm_enable + rc=0 -case "$daily_status_security_neggrpperm_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_neggrpperm_enable +then echo "" echo 'Checking negative group permissions:' MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` @@ -48,7 +50,6 @@ case "$daily_status_security_neggrpperm_enable" in \( ! -perm +040 -and -perm +004 \) \) \ -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0 - ;; -esac +fi exit $rc diff --git a/etc/periodic/security/200.chkmounts b/etc/periodic/security/200.chkmounts index 17b114e..7b14866 100755 --- a/etc/periodic/security/200.chkmounts +++ b/etc/periodic/security/200.chkmounts @@ -40,12 +40,16 @@ fi . /etc/periodic/security/security.functions -ignore="${daily_status_security_chkmounts_ignore}" +security_daily_compat_var security_status_chkmounts_enable +security_daily_compat_var security_status_chkmounts_ignore +security_daily_compat_var security_status_noamd + +ignore="${security_status_chkmounts_ignore}" rc=0 -case "$daily_status_security_chkmounts_enable" in - [Yy][Ee][Ss]) - case "$daily_status_security_noamd" in +if check_yesno_period security_status_chkmounts_enable +then + case "$security_status_noamd" in [Yy][Ee][Ss]) ignore="${ignore}|^amd:" esac @@ -55,8 +59,7 @@ case "$daily_status_security_chkmounts_enable" in fi mount -p | sort | ${cmd} | check_diff mount - "${host} changes in mounted filesystems:" - rc=$?;; - *) rc=0;; -esac + rc=$? +fi exit "$rc" diff --git a/etc/periodic/security/300.chkuid0 b/etc/periodic/security/300.chkuid0 index 32cc16c..73578e2 100755 --- a/etc/periodic/security/300.chkuid0 +++ b/etc/periodic/security/300.chkuid0 @@ -36,16 +36,19 @@ then source_periodic_confs fi -case "$daily_status_security_chkuid0_enable" in - [Yy][Ee][Ss]) +security_daily_compat_var security_status_chkuid0_enable + +rc=0 + +if check_yesno_period security_status_chkuid0_enable +then echo "" echo 'Checking for uids of 0:' n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd | tee /dev/stderr | sed -e '/^root 0$/d' -e '/^toor 0$/d' | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit "$rc" diff --git a/etc/periodic/security/400.passwdless b/etc/periodic/security/400.passwdless index 42ece04..5e851ac 100755 --- a/etc/periodic/security/400.passwdless +++ b/etc/periodic/security/400.passwdless @@ -35,14 +35,17 @@ then source_periodic_confs fi -case "$daily_status_security_passwdless_enable" in - [Yy][Ee][Ss]) +security_daily_compat_var security_status_passwdless_enable + +rc=0 + +if check_yesno_period security_status_passwdless_enable +then echo "" echo 'Checking for passwordless accounts:' n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd | tee /dev/stderr | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit "$rc" diff --git a/etc/periodic/security/410.logincheck b/etc/periodic/security/410.logincheck index f6cf405..41e7f65 100755 --- a/etc/periodic/security/410.logincheck +++ b/etc/periodic/security/410.logincheck @@ -35,8 +35,12 @@ then source_periodic_confs fi -case "$daily_status_security_logincheck_enable" in - [Yy][Ee][Ss]) +security_daily_compat_var security_status_logincheck_enable + +rc=0 + +if check_yesno_period security_status_logincheck_enable +then echo "" echo 'Checking login.conf permissions:' if [ -G /etc/login.conf -a -O /etc/login.conf ]; then @@ -45,8 +49,7 @@ case "$daily_status_security_logincheck_enable" in echo "Bad ownership of /etc/login.conf" n=1 fi - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit "$rc" diff --git a/etc/periodic/security/460.chkportsum b/etc/periodic/security/460.chkportsum index 3a39c84..18a12ec 100755 --- a/etc/periodic/security/460.chkportsum +++ b/etc/periodic/security/460.chkportsum @@ -35,13 +35,15 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_chkportsum_enable + rc=0 echo "" echo 'Checking for ports with mismatched checksums:' -case "${daily_status_security_chkportsum_enable}" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_chkportsum_enable +then set -f pkg_info -ga 2>/dev/null | \ while IFS= read -r line; do @@ -59,10 +61,6 @@ case "${daily_status_security_chkportsum_enable}" in ;; esac done - ;; - *) - rc=0 - ;; -esac +fi exit $rc diff --git a/etc/periodic/security/500.ipfwdenied b/etc/periodic/security/500.ipfwdenied index 6a6fb8b4..f39ca0e 100755 --- a/etc/periodic/security/500.ipfwdenied +++ b/etc/periodic/security/500.ipfwdenied @@ -37,17 +37,18 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_ipfwdenied_enable + rc=0 -case "$daily_status_security_ipfwdenied_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_ipfwdenied_enable +then TMP=`mktemp -t security` if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:" fi rc=$? - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/510.ipfdenied b/etc/periodic/security/510.ipfdenied index 2058d2b..bed75e6 100755 --- a/etc/periodic/security/510.ipfdenied +++ b/etc/periodic/security/510.ipfdenied @@ -37,17 +37,18 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_ipfdenied_enable + rc=0 -case "$daily_status_security_ipfdenied_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_ipfdenied_enable +then TMP=`mktemp -t security` if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then check_diff new_only ipf ${TMP} "${host} ipf denied packets:" fi rc=$? - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/520.pfdenied b/etc/periodic/security/520.pfdenied index 5e51393..7a32bf2 100755 --- a/etc/periodic/security/520.pfdenied +++ b/etc/periodic/security/520.pfdenied @@ -37,17 +37,18 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_pfdenied_enable + rc=0 -case "$daily_status_security_pfdenied_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_pfdenied_enable +then TMP=`mktemp -t security` if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then check_diff new_only pf ${TMP} "${host} pf denied packets:" fi rc=$? - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit index daa0f86..86932c6 100755 --- a/etc/periodic/security/550.ipfwlimit +++ b/etc/periodic/security/550.ipfwlimit @@ -38,10 +38,12 @@ then source_periodic_confs fi +security_daily_compat_var security_status_ipfwlimit_enable + rc=0 -case "$daily_status_security_ipfwlimit_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_ipfwlimit_enable +then IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null` if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then exit 0 @@ -61,8 +63,7 @@ case "$daily_status_security_ipfwlimit_enable" in echo 'ipfw log limit reached:' cat ${TMP} fi - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/610.ipf6denied b/etc/periodic/security/610.ipf6denied index 6c64d92..7e02cfc 100755 --- a/etc/periodic/security/610.ipf6denied +++ b/etc/periodic/security/610.ipf6denied @@ -37,17 +37,18 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_ipf6denied_enable + rc=0 -case "$daily_status_security_ipf6denied_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_ipf6denied_enable +then TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` if ipfstat -nhio6 2>/dev/null | grep block > ${TMP}; then check_diff new_only ipf6 ${TMP} "${host} ipf6 denied packets:" fi rc=$? - rm -f ${TMP};; - *) rc=0;; -esac + rm -f ${TMP} +fi exit $rc diff --git a/etc/periodic/security/700.kernelmsg b/etc/periodic/security/700.kernelmsg index fb5ed63..8bf6491 100755 --- a/etc/periodic/security/700.kernelmsg +++ b/etc/periodic/security/700.kernelmsg @@ -40,14 +40,15 @@ fi . /etc/periodic/security/security.functions +security_daily_compat_var security_status_kernelmsg_enable + rc=0 -case "$daily_status_security_kernelmsg_enable" in - [Yy][Ee][Ss]) +if check_yesno_period security_status_kernelmsg_enable +then dmesg 2>/dev/null | check_diff new_only dmesg - "${host} kernel log messages:" - rc=$?;; - *) rc=0;; -esac + rc=$? +fi exit $rc diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail index 767b959..a0de96d 100755 --- a/etc/periodic/security/800.loginfail +++ b/etc/periodic/security/800.loginfail @@ -38,7 +38,10 @@ then source_periodic_confs fi -LOG="${daily_status_security_logdir}" +security_daily_compat_var security_status_logdir +security_daily_compat_var security_status_loginfail_enable + +LOG="${security_status_logdir}" yesterday=`date -v-1d "+%b %e "` @@ -55,14 +58,15 @@ catmsgs() { [ -f ${LOG}/auth.log ] && cat $LOG/auth.log } -case "$daily_status_security_loginfail_enable" in - [Yy][Ee][Ss]) +rc=0 + +if check_yesno_period security_status_loginfail_enable +then echo "" echo "${host} login failures:" n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" | tee /dev/stderr | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit $rc diff --git a/etc/periodic/security/900.tcpwrap b/etc/periodic/security/900.tcpwrap index 55f7709..10b02e9 100755 --- a/etc/periodic/security/900.tcpwrap +++ b/etc/periodic/security/900.tcpwrap @@ -38,7 +38,10 @@ then source_periodic_confs fi -LOG="${daily_status_security_logdir}" +security_daily_compat_var security_status_logdir +security_daily_compat_var security_status_tcpwrap_enable + +LOG="${security_status_logdir}" yesterday=`date -v-1d "+%b %e "` @@ -55,14 +58,15 @@ catmsgs() { [ -f ${LOG}/messages ] && cat $LOG/messages } -case "$daily_status_security_tcpwrap_enable" in - [Yy][Ee][Ss]) +rc=0 + +if check_yesno_period security_status_tcpwrap_enable +then echo "" echo "${host} refused connections:" n=$(catmsgs | grep -i "^$yesterday.*refused connect" | tee /dev/stderr | wc -l) - [ $n -gt 0 ] && rc=1 || rc=0;; - *) rc=0;; -esac + [ $n -gt 0 ] && rc=1 || rc=0 +fi exit $rc diff --git a/etc/periodic/security/security.functions b/etc/periodic/security/security.functions index f5b8dcd..bc2bcba 100644 --- a/etc/periodic/security/security.functions +++ b/etc/periodic/security/security.functions @@ -27,11 +27,19 @@ # $FreeBSD$ # +# This is a library file, so we only try to do something when sourced. +case "$0" in +*/security.functions) exit 0 ;; +esac + +security_daily_compat_var security_status_logdir +security_daily_compat_var security_status_diff_flags + # # Show differences in the output of an audit command # -LOG="${daily_status_security_logdir}" +LOG="${security_status_logdir}" rc=0 # Usage: COMMAND | check_diff [new_only] LABEL - MSG @@ -67,7 +75,7 @@ check_diff() { [ $rc -lt 1 ] && rc=1 echo "" echo "${msg}" - diff ${daily_status_security_diff_flags} ${LOG}/${label}.today \ + diff ${security_status_diff_flags} ${LOG}/${label}.today \ ${tmpf} | eval "${filter}" mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3 mv ${tmpf} ${LOG}/${label}.today || rc=3 diff --git a/etc/periodic/weekly/450.status-security b/etc/periodic/weekly/450.status-security new file mode 100755 index 0000000..513fbda --- /dev/null +++ b/etc/periodic/weekly/450.status-security @@ -0,0 +1,41 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_status_security_enable" in + [Yy][Ee][Ss]) + echo "" + echo "Security check:" + + case "$weekly_status_security_inline" in + [Yy][Ee][Ss]) + weekly_status_security_output="";; + esac + + export security_output="${weekly_status_security_output}" + case "${weekly_status_security_output}" in + "") + rc=3;; + /*) + echo " (output logged separately)" + rc=0;; + *) + echo " (output mailed separately)" + rc=0;; + esac + + periodic security || rc=3;; + + *) rc=0;; +esac + +exit $rc diff --git a/etc/periodic/weekly/Makefile b/etc/periodic/weekly/Makefile index 7f2eae2..057653d 100644 --- a/etc/periodic/weekly/Makefile +++ b/etc/periodic/weekly/Makefile @@ -3,6 +3,7 @@ .include <bsd.own.mk> FILES= 340.noid \ + 450.status-security \ 999.local # NB: keep these sorted by MK_* knobs diff --git a/etc/protocols b/etc/protocols index a27b226..20dd889 100644 --- a/etc/protocols +++ b/etc/protocols @@ -92,6 +92,7 @@ vmtp 81 VMTP # Versatile Message Transport secure-vmtp 82 SECURE-VMTP # SECURE-VMTP vines 83 VINES # VINES ttp 84 TTP # TTP +#iptm 84 IPTM # Protocol Internet Protocol Traffic nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP dgp 86 DGP # Dissimilar Gateway Protocol tcf 87 TCF # TCF @@ -145,7 +146,13 @@ rsvp-e2e-ignore 134 RSVP-E2E-IGNORE # Aggregation of RSVP for IP reservations mobility-header 135 Mobility-Header # Mobility Support in IPv6 udplite 136 UDPLite # The UDP-Lite Protocol mpls-in-ip 137 MPLS-IN-IP # Encapsulating MPLS in IP +manet 138 MANET # MANET Protocols (RFC5498) +hip 139 HIP # Host Identity Protocol (RFC5201) +shim6 140 SHIM6 # Shim6 Protocol (RFC5533) +wesp 141 WESP # Wrapped Encapsulating Security Payload (RFC5840) +rohc 142 ROHC # Robust Header Compression (RFC5858) # 138-254 # Unassigned pfsync 240 PFSYNC # PF Synchronization +# 253-254 # Use for experimentation and testing (RFC3692) # 255 # Reserved divert 258 DIVERT # Divert pseudo-protocol [non IANA] @@ -77,6 +77,9 @@ if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then if [ "$early_late_divider" = "FILESYSTEMS" ]; then early_late_divider=NETWORKING fi + if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + skip="$skip -s nojailvnet" + fi fi # Do a first pass to get everything up to $early_late_divider so that diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile index aace4b1..3defd97 100644 --- a/etc/rc.d/Makefile +++ b/etc/rc.d/Makefile @@ -37,7 +37,6 @@ FILES= DAEMON \ dhclient \ dmesg \ dumpon \ - encswap \ faith \ fsck \ ftp-proxy \ @@ -139,7 +138,8 @@ FILES= DAEMON \ static_arp \ static_ndp \ stf \ - swap1 \ + swap \ + swaplate \ syscons \ sysctl \ syslogd \ diff --git a/etc/rc.d/addswap b/etc/rc.d/addswap index 8dec456..1758df8 100755 --- a/etc/rc.d/addswap +++ b/etc/rc.d/addswap @@ -8,27 +8,17 @@ # PROVIDE: addswap # REQUIRE: FILESYSTEMS kld # BEFORE: netif -# KEYWORD: nojail +# KEYWORD: nojail shutdown . /etc/rc.subr name="addswap" -start_cmd="addswap_start" +start_cmd=":" stop_cmd=":" +rcvar= -addswap_start() -{ - case ${swapfile} in - [Nn][Oo] | '') - ;; - *) - if [ -w "${swapfile}" ]; then - echo "Adding ${swapfile} as additional swap" - mdev=`mdconfig -a -t vnode -f ${swapfile}` && swapon /dev/${mdev} - fi - ;; - esac -} +set_rcvar_obsolete swapfile +set_rcvar_obsolete geli_swap_flags load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/bsnmpd b/etc/rc.d/bsnmpd index 2aad72e..7700b39 100755 --- a/etc/rc.d/bsnmpd +++ b/etc/rc.d/bsnmpd @@ -12,7 +12,8 @@ name="bsnmpd" rcvar="bsnmpd_enable" command="/usr/sbin/${name}" -pidfile="/var/run/snmpd.pid" load_rc_config $name +pidfile="${bsnmpd_pidfile:-/var/run/snmpd.pid}" +command_args="-p ${pidfile}" run_rc_command "$1" diff --git a/etc/rc.d/encswap b/etc/rc.d/encswap deleted file mode 100755 index 6221998..0000000 --- a/etc/rc.d/encswap +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -# PROVIDE: disks -# REQUIRE: initrandom -# KEYWORD: nojail - -. /etc/rc.subr - -name="encswap" -start_cmd="encswap_attach" -stop_cmd="encswap_detach" - -encswap_attach() -{ - while read device mountpoint type options rest ; do - case ":${device}:${type}:${options}" in - :#*) - continue - ;; - *.bde:swap:sw) - passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q` - device="${device%.bde}" - gbde init "${device}" -P "${passphrase}" || return 1 - gbde attach "${device}" -p "${passphrase}" || return 1 - ;; - *.eli:swap:sw) - device="${device%.eli}" - geli onetime ${geli_swap_flags} "${device}" || return 1 - ;; - esac - done < /etc/fstab -} - -encswap_detach() -{ - while read device mountpoint type options rest ; do - case ":${device}:${type}:${options}" in - :#*) - continue - ;; - *.bde:swap:sw) - device="${device%.bde}" - gbde detach "${device}" - ;; - *.eli:swap:sw) - # Nothing here, because geli swap devices should be - # created with the auto-detach-on-last-close option. - ;; - esac - done < /etc/fstab -} - -load_rc_config $name -run_rc_command "$1" diff --git a/etc/rc.d/fsck b/etc/rc.d/fsck index c1fe155..ad06106 100755 --- a/etc/rc.d/fsck +++ b/etc/rc.d/fsck @@ -4,7 +4,7 @@ # # PROVIDE: fsck -# REQUIRE: localswap +# REQUIRE: swap # KEYWORD: nojail . /etc/rc.subr diff --git a/etc/rc.d/hostapd b/etc/rc.d/hostapd index f65fcde..95d315b 100755 --- a/etc/rc.d/hostapd +++ b/etc/rc.d/hostapd @@ -10,11 +10,18 @@ . /etc/rc.subr name="hostapd" -rcvar="hostapd_enable" command="/usr/sbin/${name}" -conf_file="/etc/${name}.conf" -pidfile="/var/run/${name}.pid" +ifn="$2" +if [ -z "$ifn" ]; then + rcvar="hostapd_enable" + conf_file="/etc/${name}.conf" + pidfile="/var/run/${name}.pid" +else + rcvar= + conf_file="/etc/${name}-${ifn}.conf" + pidfile="/var/run/${name}-${ifn}.pid" +fi command_args="-P ${pidfile} -B ${conf_file}" required_files="${conf_file}" diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl index 914ca8c..a7aa90c 100755 --- a/etc/rc.d/ip6addrctl +++ b/etc/rc.d/ip6addrctl @@ -24,38 +24,42 @@ config_file="/etc/ip6addrctl.conf" set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces set_rcvar_obsolete ipv6_prefer ip6addrctl_policy +IP6ADDRCTL_CMD="/usr/sbin/ip6addrctl" + ip6addrctl_prefer_ipv6() { afexists inet6 || return 0 - ip6addrctl flush >/dev/null 2>&1 - ip6addrctl add ::1/128 50 0 - ip6addrctl add ::/0 40 1 - ip6addrctl add ::ffff:0:0/96 35 4 - ip6addrctl add 2002::/16 30 2 - ip6addrctl add 2001::/32 5 5 - ip6addrctl add fc00::/7 3 13 - ip6addrctl add ::/96 1 3 - ip6addrctl add fec0::/10 1 11 - ip6addrctl add 3ffe::/16 1 12 - checkyesno ip6addrctl_verbose && ip6addrctl + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + cat <<EOT | ${IP6ADDRCTL_CMD} install /dev/stdin + ::1/128 50 0 + ::/0 40 1 + ::ffff:0:0/96 35 4 + 2002::/16 30 2 + 2001::/32 5 5 + fc00::/7 3 13 + ::/96 1 3 + fec0::/10 1 11 + 3ffe::/16 1 12 +EOT } ip6addrctl_prefer_ipv4() { afexists inet6 || return 0 - ip6addrctl flush >/dev/null 2>&1 - ip6addrctl add ::1/128 50 0 - ip6addrctl add ::/0 40 1 - ip6addrctl add ::ffff:0:0/96 100 4 - ip6addrctl add 2002::/16 30 2 - ip6addrctl add 2001::/32 5 5 - ip6addrctl add fc00::/7 3 13 - ip6addrctl add ::/96 1 3 - ip6addrctl add fec0::/10 1 11 - ip6addrctl add 3ffe::/16 1 12 - checkyesno ip6addrctl_verbose && ip6addrctl + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + cat <<EOT | ${IP6ADDRCTL_CMD} install /dev/stdin + ::1/128 50 0 + ::/0 40 1 + ::ffff:0:0/96 100 4 + 2002::/16 30 2 + 2001::/32 5 5 + fc00::/7 3 13 + ::/96 1 3 + fec0::/10 1 11 + 3ffe::/16 1 12 +EOT } ip6addrctl_start() @@ -66,9 +70,8 @@ ip6addrctl_start() case "${ip6addrctl_policy}" in [Aa][Uu][Tt][Oo]) if [ -r "${config_file}" -a -s "${config_file}" ]; then - ip6addrctl flush >/dev/null 2>&1 - ip6addrctl install "${config_file}" - checkyesno ip6addrctl_verbose && ip6addrctl + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 + ${IP6ADDRCTL_CMD} install "${config_file}" else if checkyesno ipv6_activate_all_interfaces; then ip6addrctl_prefer_ipv6 @@ -92,7 +95,7 @@ ip6addrctl_start() ip6addrctl_prefer_ipv4 ;; [Nn][Oo][Nn][Ee]) - ip6addrctl flush >/dev/null 2>&1 + ${IP6ADDRCTL_CMD} flush >/dev/null 2>&1 ;; *) warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \ @@ -100,6 +103,11 @@ ip6addrctl_start() ip6addrctl_prefer_ipv4 ;; esac + + if checkyesno ip6addrctl_verbose; then + echo 'Address selection policy table for IPv4 and IPv6:' + ${IP6ADDRCTL_CMD} + fi } ip6addrctl_stop() diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw index f405832..e84445c 100755 --- a/etc/rc.d/ipfw +++ b/etc/rc.d/ipfw @@ -5,7 +5,7 @@ # PROVIDE: ipfw # REQUIRE: ppp -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr diff --git a/etc/rc.d/mdconfig b/etc/rc.d/mdconfig index c697c35..7b9ddf8 100755 --- a/etc/rc.d/mdconfig +++ b/etc/rc.d/mdconfig @@ -28,7 +28,7 @@ # # PROVIDE: mdconfig -# REQUIRE: localswap root +# REQUIRE: swap root . /etc/rc.subr diff --git a/etc/rc.d/mountlate b/etc/rc.d/mountlate index 5b8ff73..34defc5 100755 --- a/etc/rc.d/mountlate +++ b/etc/rc.d/mountlate @@ -21,19 +21,10 @@ mountlate_start() # Mount "late" filesystems. # err=0 - latefs= - # / (root) fs is always remounted, so remove from list - latefs="`/sbin/mount -d -a -l | grep -v ' /$'`" - case ${latefs} in - '') - ;; - *) - echo -n 'Mounting late file systems:' - mount -a -l - err=$? - echo '.' - ;; - esac + echo -n 'Mounting late file systems:' + mount -a -L + err=$? + echo '.' case ${err} in 0) diff --git a/etc/rc.d/netif b/etc/rc.d/netif index 19b857f..7aac42d 100755 --- a/etc/rc.d/netif +++ b/etc/rc.d/netif @@ -28,7 +28,7 @@ # PROVIDE: netif # REQUIRE: atm1 FILESYSTEMS serial sppp sysctl # REQUIRE: ipfilter ipfs -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr @@ -38,7 +38,8 @@ start_cmd="network_start" stop_cmd="network_stop" cloneup_cmd="clone_up" clonedown_cmd="clone_down" -extra_commands="cloneup clonedown" +clear_cmd="doclear" +extra_commands="cloneup clonedown clear" cmdifn= set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces @@ -46,6 +47,8 @@ set_rcvar_obsolete ipv6_prefer network_start() { + local _if + # Set the list of interfaces to work on. # cmdifn=$* @@ -58,18 +61,15 @@ network_start() # disable SIGINT (Ctrl-c) when running at startup trap : 2 - # Create cloned interfaces - clone_up - # Create Fast EtherChannel interfaces fec_up + fi - # Create IPv6<-->IPv4 tunnels - gif_up + # Create cloned interfaces + clone_up $cmdifn - # Rename interfaces. - ifnet_rename - fi + # Rename interfaces. + ifnet_rename $cmdifn # Configure the interface(s). network_common ifn_start @@ -81,16 +81,46 @@ network_start() if [ -f /etc/rc.d/bridge -a -n "$cmdifn" ] ; then /etc/rc.d/bridge start $cmdifn fi + if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then + for _if in $cmdifn; do + /etc/rc.d/routing start any $_if + done + fi } network_stop() { + _clone_down=1 + network_stop0 $* +} + +doclear() +{ + _clone_down= + network_stop0 $* +} + +network_stop0() +{ + local _if + # Set the list of interfaces to work on. # cmdifn=$* # Deconfigure the interface(s) network_common ifn_stop + + # Destroy cloned interfaces + if [ -n "$_clone_down" ]; then + clone_down $cmdifn + fi + + if [ -f /etc/rc.d/routing -a -n "$cmdifn" ] ; then + for _if in $cmdifn; do + /etc/rc.d/routing stop any $_if + done + fi } # network_common routine @@ -127,6 +157,16 @@ network_common() _fail= _ok= for ifn in ${_cooked_list}; do + # Skip if ifn does not exist. + case $_func in + ifn_stop) + if ! ${IFCONFIG_CMD} $ifn > /dev/null 2>&1; then + warn "$ifn does not exist. Skipped." + _fail="${_fail} ${ifn}" + continue + fi + ;; + esac if ${_func} ${ifn} $2; then _ok="${_ok} ${ifn}" if ipv6if ${ifn}; then diff --git a/etc/rc.d/ntpdate b/etc/rc.d/ntpdate index 4a8b845..235e6c0 100755 --- a/etc/rc.d/ntpdate +++ b/etc/rc.d/ntpdate @@ -16,13 +16,13 @@ start_cmd="ntpdate_start" ntpdate_start() { - if [ -z "$ntpdate_hosts" -a -f ${ntpdate_config} ]; then + if [ -z "$ntpdate_hosts" -a -f "$ntpdate_config" ]; then ntpdate_hosts=`awk ' /^server[ \t]*127.127/ {next} /^(server|peer)/ { if ($2 ~/^-/) {print $3} else {print $2}} - ' < ${ntpdate_config}` + ' < "$ntpdate_config"` fi if [ -n "$ntpdate_hosts" -o -n "$rc_flags" ]; then echo "Setting date via ntp." diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync index 3dab3a8..3c46575 100755 --- a/etc/rc.d/pfsync +++ b/etc/rc.d/pfsync @@ -42,7 +42,7 @@ pfsync_start() pfsync_stop() { echo "Disabling pfsync." - ifconfig pfsync0 -syncdev down + ifconfig pfsync0 -syncdev -syncpeer down } load_rc_config $name diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 0fe86c7..284aa7d 100755 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -7,7 +7,7 @@ # PROVIDE: routing # REQUIRE: faith netif ppp stf -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr @@ -19,56 +19,73 @@ extra_commands="options static" static_cmd="routing_start static" options_cmd="routing_start options" -afcheck() -{ - case $_af in - ""|inet|inet6|ipx|atm) - ;; - *) - err 1 "Unsupported address family: $_af." - ;; - esac -} +ROUTE_CMD="/sbin/route" routing_start() { - local _cmd _af _a + local _cmd _af _if _a _cmd=$1 _af=$2 + _if=$3 - afcheck + case $_if in + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; + esac case $_af in inet|inet6|ipx|atm) - setroutes $_cmd $_af + if afexists $_af; then + setroutes $_cmd $_af $_if + else + err 1 "Unsupported address family: $_af." + fi ;; - "") + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) for _a in inet inet6 ipx atm; do - afexists $_a && setroutes $_cmd $_a + afexists $_a && setroutes $_cmd $_a $_if done ;; + *) + err 1 "Unsupported address family: $_af." + ;; esac } routing_stop() { - local _af _a + local _af _if _a _af=$1 + _if=$2 - afcheck + case $_if in + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) _if="" ;; + esac case $_af in inet|inet6|ipx|atm) - eval static_${_af} delete - eval routing_stop_${_af} + if afexists $_af; then + eval static_${_af} delete $_if + # When $_if is specified, do not flush routes. + if ! [ -n "$_if" ]; then + eval routing_stop_${_af} + fi + else + err 1 "Unsupported address family: $_af." + fi ;; - "") + ""|[Aa][Ll][Ll]|[Aa][Nn][Yy]) for _a in inet inet6 ipx atm; do afexists $_a || continue - eval static_${_a} delete - eval routing_stop_${_a} + eval static_${_a} delete $_if + # When $_if is specified, do not flush routes. + if ! [ -n "$_if" ]; then + eval routing_stop_${_a} + fi done ;; + *) + err 1 "Unsupported address family: $_af." + ;; esac } @@ -76,13 +93,13 @@ setroutes() { case $1 in static) - static_$2 add + static_$2 add $3 ;; options) options_$2 ;; doall) - static_$2 add + static_$2 add $3 options_$2 ;; esac @@ -90,14 +107,14 @@ setroutes() routing_stop_inet() { - route -n flush -inet + ${ROUTE_CMD} -n flush -inet } routing_stop_inet6() { local i - route -n flush -inet6 + ${ROUTE_CMD} -n flush -inet6 for i in `list_net_interfaces`; do if ipv6if $i; then ifconfig $i inet6 -defaultif @@ -117,30 +134,47 @@ routing_stop_ipx() static_inet() { - local _action + local _action _if _skip _action=$1 + _if=$2 + # Add default route. case ${defaultrouter} in [Nn][Oo] | '') ;; *) - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" + static_routes="${static_routes} _default" + route__default="default ${defaultrouter}" ;; esac + # Install configured routes. if [ -n "${static_routes}" ]; then for i in ${static_routes}; do - route_args=`get_if_var $i route_IF` - route ${_action} ${route_args} + _skip=0 + if [ -n "$_if" ]; then + case $i in + *:$_if) ;; + *) _skip=1 ;; + esac + fi + if [ $_skip = 0 ]; then + route_args=`get_if_var ${i%:*} route_IF` + if [ -n "$route_args" ]; then + ${ROUTE_CMD} ${_action} ${route_args} + else + warn "route_${i%:*} not found." + fi + fi done fi } static_inet6() { - local _action fibmod fibs + local _action _if _skip fibmod fibs _action=$1 + _if=$2 # get the number of FIBs supported. fibs=$((`${SYSCTL_N} net.fibs` - 1)) @@ -150,58 +184,74 @@ static_inet6() fibmod= fi + # Add pre-defined static routes first. + ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}" + ipv6_static_routes="_lla _llma ${ipv6_static_routes}" + # disallow "internal" addresses to appear on the wire - route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod} - route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod} + ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" + ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}" + # Disallow link-local unicast packets without outgoing scope + # identifiers. However, if you set "ipv6_default_interface", + # for the host case, you will allow to omit the identifiers. + # Under this configuration, the packets will go to the default + # interface. + ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}" + ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}" + + # Add default route. case ${ipv6_defaultrouter} in [Nn][Oo] | '') ;; *) - ipv6_static_routes="default ${ipv6_static_routes}" - ipv6_route_default="default ${ipv6_defaultrouter}" + ipv6_static_routes="${ipv6_static_routes} _default" + ipv6_route__default="default ${ipv6_defaultrouter}" ;; esac + # Install configured routes. if [ -n "${ipv6_static_routes}" ]; then for i in ${ipv6_static_routes}; do - ipv6_route_args=`get_if_var $i ipv6_route_IF` - route ${_action} -inet6 ${ipv6_route_args} + _skip=0 + if [ -n "$_if" ]; then + case $i in + *:$_if) ;; + *) _skip=1 ;; + esac + fi + if [ $_skip = 0 ]; then + ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF` + if [ -n "$ipv6_route_args" ]; then + ${ROUTE_CMD} ${_action} \ + -inet6 ${ipv6_route_args} + else + warn "route_${i%:*} not found" + fi + fi done fi - # Fixup $ipv6_network_interfaces - case ${ipv6_network_interfaces} in - [Nn][Oo][Nn][Ee]) - ipv6_network_interfaces='' - ;; - esac + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + # Disable installing the default interface when we act + # as router to avoid conflict between the default + # router list and the manual configured default route. if checkyesno ipv6_gateway_enable; then - for i in ${ipv6_network_interfaces}; do - - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_working_interfaces="$i \ - ${ipv6_working_interfaces}" - ;; - esac - done - ipv6_network_interfaces=${ipv6_working_interfaces} + return fi - # Install the "default interface" to kernel, which will be used - # as the default route when there's no router. case "${ipv6_default_interface}" in [Nn][Oo] | [Nn][Oo][Nn][Ee]) - ipv6_default_interface="" + return ;; [Aa][Uu][Tt][Oo] | "") for i in ${ipv6_network_interfaces}; do case $i in + [Nn][Oo][Nn][Ee]) + return + ;; lo0|faith[0-9]*) continue ;; @@ -219,27 +269,8 @@ static_inet6() ;; esac - # Disallow link-local unicast packets without outgoing scope - # identifiers. However, if you set "ipv6_default_interface", - # for the host case, you will allow to omit the identifiers. - # Under this configuration, the packets will go to the default - # interface. - route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject ${fibmod} - route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject ${fibmod} - - case ${ipv6_default_interface} in - '') - ;; - *) - # Disable installing the default interface when we act - # as router to avoid conflict between the default - # router list and the manual configured default route. - if ! checkyesno ipv6_gateway_enable; then - ifconfig ${ipv6_default_interface} inet6 defaultif - sysctl net.inet6.ip6.use_defaultzone=1 - fi - ;; - esac + ifconfig ${ipv6_default_interface} inet6 defaultif + sysctl net.inet6.ip6.use_defaultzone=1 } static_atm() @@ -250,7 +281,11 @@ static_atm() if [ -n "${natm_static_routes}" ]; then for i in ${natm_static_routes}; do route_args=`get_if_var $i route_IF` - atmconfig natm ${_action} ${route_args} + if [ -n "$route_args" ]; then + atmconfig natm ${_action} ${route_args} + else + warn "route_${i} not found." + fi done fi } diff --git a/etc/rc.d/savecore b/etc/rc.d/savecore index a39d5ba..2176be9 100755 --- a/etc/rc.d/savecore +++ b/etc/rc.d/savecore @@ -70,6 +70,7 @@ savecore_start() if checkyesno crashinfo_enable; then ${crashinfo_program} -d ${dumpdir} fi + sync else check_startmsgs && echo 'No core dumps found.' fi diff --git a/etc/rc.d/sshd b/etc/rc.d/sshd index 19b47d8..490a1c7 100755 --- a/etc/rc.d/sshd +++ b/etc/rc.d/sshd @@ -14,6 +14,8 @@ rcvar="sshd_enable" command="/usr/sbin/${name}" keygen_cmd="sshd_keygen" start_precmd="sshd_precmd" +reload_precmd="sshd_precmd" +restart_precmd="sshd_precmd" configtest_cmd="sshd_configtest" pidfile="/var/run/${name}.pid" extra_commands="configtest keygen reload" diff --git a/etc/rc.d/swap1 b/etc/rc.d/swap index 71a1908..4122e61 100755 --- a/etc/rc.d/swap1 +++ b/etc/rc.d/swap @@ -3,15 +3,15 @@ # $FreeBSD$ # -# PROVIDE: localswap +# PROVIDE: swap # REQUIRE: disks # KEYWORD: nojail shutdown . /etc/rc.subr -name="swap1" -start_cmd='swapon -aq' +name="swap" +start_cmd='/sbin/swapon -aq' stop_cmd=':' -load_rc_config swap +load_rc_config $name run_rc_command "$1" diff --git a/etc/rc.d/swaplate b/etc/rc.d/swaplate new file mode 100755 index 0000000..64fa989 --- /dev/null +++ b/etc/rc.d/swaplate @@ -0,0 +1,17 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# PROVIDE: swaplate +# REQUIRE: mountlate +# KEYWORD: nojail shutdown + +. /etc/rc.subr + +name="swaplate" +start_cmd='/sbin/swapon -aLq' +stop_cmd='/sbin/swapoff -aq' + +load_rc_config swap +run_rc_command "$1" diff --git a/etc/rc.d/syslogd b/etc/rc.d/syslogd index e68e506..87f7de2 100755 --- a/etc/rc.d/syslogd +++ b/etc/rc.d/syslogd @@ -3,8 +3,10 @@ # $FreeBSD$ # +# netif is required for lo0 because syslogd tries to open a local socket +# # PROVIDE: syslogd -# REQUIRE: mountcritremote FILESYSTEMS newsyslog +# REQUIRE: mountcritremote FILESYSTEMS newsyslog netif # BEFORE: SERVERS . /etc/rc.subr diff --git a/etc/rc.d/zfs b/etc/rc.d/zfs index cabbcf6..598723a 100755 --- a/etc/rc.d/zfs +++ b/etc/rc.d/zfs @@ -23,7 +23,7 @@ zfs_start_jail() zfs_start_main() { - zfs mount -a + zfs mount -va zfs share -a if [ ! -r /etc/zfs/exports ]; then touch /etc/zfs/exports diff --git a/etc/rc.resume b/etc/rc.resume index 4d17190..cce6161 100755 --- a/etc/rc.resume +++ b/etc/rc.resume @@ -52,10 +52,6 @@ fi # suspend and reloading it on resume. Example: # kldload usb -# wpa_supplicant(8) doesn't seem to reassociate during resume. Uncomment -# the following to signal it to reassociate. -# /usr/sbin/wpa_cli reassociate - /usr/bin/logger -t $subsystem resumed at `/bin/date +'%Y%m%d %H:%M:%S'` /bin/sync && /bin/sync && /bin/sync diff --git a/etc/rc.shutdown b/etc/rc.shutdown index 81cc994..a0dd698 100644 --- a/etc/rc.shutdown +++ b/etc/rc.shutdown @@ -81,7 +81,12 @@ fi # and perform the operation # rcorder_opts="-k shutdown" -[ `/sbin/sysctl -n security.jail.jailed` -eq 1 ] && rcorder_opts="$rcorder_opts -s nojail" +if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then + rcorder_opts="$rcorder_opts -s nojail" + if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + rcorder_opts="$rcorder_opts -s nojailvnet" + fi +fi case ${local_startup} in [Nn][Oo] | '') ;; diff --git a/etc/sendmail/freebsd.mc b/etc/sendmail/freebsd.mc index 92efee1..6d75636 100644 --- a/etc/sendmail/freebsd.mc +++ b/etc/sendmail/freebsd.mc @@ -41,7 +41,7 @@ divert(-1) # The best documentation for this .mc file is: # /usr/share/sendmail/cf/README or # /usr/src/contrib/sendmail/cf/README -# +# divert(0) VERSIONID(`$FreeBSD$') diff --git a/etc/sendmail/freebsd.submit.mc b/etc/sendmail/freebsd.submit.mc index fbb036c..c6ec655 100644 --- a/etc/sendmail/freebsd.submit.mc +++ b/etc/sendmail/freebsd.submit.mc @@ -9,7 +9,6 @@ divert(-1) # # - # # This is the FreeBSD configuration for a set-group-ID sm-msp sendmail # that acts as a initial mail submission program. diff --git a/etc/syslog.conf b/etc/syslog.conf index 242d27a..702bd66 100644 --- a/etc/syslog.conf +++ b/etc/syslog.conf @@ -13,6 +13,7 @@ mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron +!-devd *.=debug /var/log/debug.log *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log @@ -27,6 +28,9 @@ cron.* /var/log/cron # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice +# Uncomment this if you wish to see messages produced by devd +# !devd +# *.>=info /var/log/devd.log !ppp *.* /var/log/ppp.log !* |
