From 259601fa05ee9132dd014304b820ec38b47a67e4 Mon Sep 17 00:00:00 2001 From: gordon Date: Thu, 18 Jul 2002 05:00:17 +0000 Subject: Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen Reviewed by: silence on -current and -hackers Prodded by: rwatson --- etc/network.subr | 1023 ++++++++++--------------------------------------- etc/rc.d/atm1 | 105 +---- etc/rc.d/atm2 | 159 ++------ etc/rc.d/atm2.sh | 159 ++------ etc/rc.d/atm3 | 189 +-------- etc/rc.d/atm3.sh | 189 +-------- etc/rc.d/diskless | 9 +- etc/rc.d/initdiskless | 39 +- etc/rc.d/isdnd | 118 +++--- etc/rc.d/netoptions | 996 ++--------------------------------------------- etc/rc.d/network1 | 1023 ++++++++++--------------------------------------- etc/rc.d/network2 | 857 +---------------------------------------- etc/rc.d/network3 | 996 ++--------------------------------------------- etc/rc.d/network_ipv6 | 350 ++++++----------- etc/rc.d/pccard | 56 +-- etc/rc.d/resolv | 9 +- etc/rc.d/routing | 857 +---------------------------------------- etc/rc.d/serial | 4 + etc/rc.d/syscons | 29 +- etc/rc.d/sysctl | 119 +++--- etc/rc.d/tmp | 9 +- etc/rc.d/var | 9 +- etc/rc.initdiskless | 39 +- 23 files changed, 926 insertions(+), 6417 deletions(-) (limited to 'etc') diff --git a/etc/network.subr b/etc/network.subr index febaf83..b2c3ddb 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -1,42 +1,71 @@ -#!/bin/sh - -# -# Copyright (c) 1993 The FreeBSD Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. +#!/bin/sh -x # # $FreeBSD$ -# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # -# Note that almost all of the user-configurable behavior is no longer in -# this file, but rather in /etc/defaults/rc.conf. Please check that file -# first before contemplating any changes here. If you do need to change -# this file for some reason, we would like to know about it. +# PROVIDE: network1 +# REQUIRE: atm1 ipfilter mountcritlocal pccard serial sppp sysctl tty +# KEYWORD: FreeBSD -# First pass startup stuff. -# -network_pass1() { - echo -n 'Doing initial network setup:' +. /etc/rc.subr + +name="network1" +start_cmd="network_start" +stop_cmd="network_stop" + +convert_host_conf() +{ + host_conf=$1; shift; + nsswitch_conf=$1; shift; + awk ' \ + /^[:blank:]*#/ { next } \ + /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ + /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ + /nis/ { nsswitch[c] = "nis"; c++; next } \ + { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ + END { \ + printf "hosts: "; \ + for (i in nsswitch) printf "%s ", nsswitch[i]; \ + printf "\n"; \ + }' < $host_conf > $nsswitch_conf +} + +generate_host_conf() +{ + nsswitch_conf=$1; shift; + host_conf=$1; shift; + + awk ' +BEGIN { + xlat["files"] = "hosts"; + xlat["dns"] = "bind"; + xlat["nis"] = "nis"; + cont = 0; +} +sub(/^[\t ]*hosts:/, "") || cont { + if (!cont) + srcs = "" + sub(/#.*/, "") + gsub(/[][]/, " & ") + cont = sub(/\\$/, "") + srcs = srcs " " $0 +} +END { + print "# Auto-generated from nsswitch.conf, do not edit" + ns = split(srcs, s) + for (n = 1; n <= ns; ++n) { + if (s[n] in xlat) + print xlat[s[n]] + } +} +' <$nsswitch_conf >$host_conf +} + +network_start() +{ + # set hostname, turn on network + # + echo -n "Doing initial network setup:" # Generate host.conf for compatibility # @@ -61,131 +90,18 @@ network_pass1() { echo -n ' hostname' fi - # Establish ipfilter ruleset as early as possible (best in - # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) - - # check whether ipfilter and/or ipnat is enabled - ipfilter_active="NO" - case ${ipfilter_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipnat_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipfilter_active} in - [Yy][Ee][Ss]) - # load ipfilter kernel module if needed - if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then - if kldload ipl; then - echo 'IP-filter module loaded.' - else - echo 'Warning: IP-filter module failed to load.' - # avoid further errors - ipfilter_active="NO" - ipmon_enable="NO" - ipfilter_enable="NO" - ipnat_enable="NO" - ipfs_enable="NO" - fi - fi - # start ipmon before loading any rules - case "${ipmon_enable}" in - [Yy][Ee][Ss]) - echo -n ' ipmon' - ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} - ;; - esac - case "${ipfilter_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipfilter_rules}" ]; then - echo -n ' ipfilter' - ${ipfilter_program:-/sbin/ipf} -Fa -f \ - "${ipfilter_rules}" ${ipfilter_flags} - else - ipfilter_enable="NO" - echo -n ' NO IPF RULES' - fi - ;; - esac - case "${ipnat_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipnat_rules}" ]; then - echo -n ' ipnat' - eval ${ipnat_program:-/sbin/ipnat} -CF -f \ - "${ipnat_rules}" ${ipnat_flags} - else - ipnat_enable="NO" - echo -n ' NO IPNAT RULES' - fi - ;; - esac - # restore filter/NAT state tables after loading the rules - case "${ipfs_enable}" in - [Yy][Ee][Ss]) - if [ -r "/var/db/ipf/ipstate.ipf" ]; then - echo -n ' ipfs' - ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} - # remove files to avoid reloading old state - # after an ungraceful shutdown - rm -f /var/db/ipf/ipstate.ipf - rm -f /var/db/ipf/ipnat.ipf - fi - ;; - esac - ;; - esac - # Set the domainname if we're using NIS # - case ${nisdomainname} in - [Nn][Oo] | '') - ;; - *) + if checkyesno nisdomainname ; then domainname ${nisdomainname} echo -n ' domain' - ;; - esac - - echo '.' - - # Initial ATM interface configuration - # - case ${atm_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - ;; - esac + fi # Attempt to create cloned interfaces. for ifn in ${cloned_interfaces}; do ifconfig ${ifn} create done - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - # - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ]; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # gifconfig - network_gif_setup - # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in @@ -224,8 +140,7 @@ network_pass1() { done if [ ! -z "${dhcp_interfaces}" ]; then - ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} - fi + ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added @@ -251,6 +166,7 @@ network_pass1() { fi done + # catch-all for interfaces that haven't been 'ifconfig'ed so far for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then @@ -258,712 +174,165 @@ network_pass1() { fi done - # ISDN subsystem startup - # - case ${isdn_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - ;; - esac + - # Start user ppp if required. This must happen before natd. + # Check $defaultroute, then /etc/mygate, for the name of my gateway + # host. That name must be in /etc/hosts. # - case ${ppp_enable} in - [Yy][Ee][Ss]) - # Establish ppp mode. - # - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto" - fi - - ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" - - # Switch on NAT mode? - # - case ${ppp_nat} in - [Yy][Ee][Ss]) - ppp_command="${ppp_command} -nat" - ;; - esac - - ppp_command="${ppp_command} ${ppp_profile}" - - echo "Starting ppp as \"${ppp_user}\"" - su -m ${ppp_user} -c "exec ${ppp_command}" - ;; - esac + if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then + defaultroute=`cat /etc/mygate` + fi + if [ -n "$defaultroute" ]; then + route add default $defaultroute + fi - # Re-Sync ipfilter so it picks up any new network interfaces + # Check if each configured interface xxN has an $ifaliases_xxN variable + # associated, then configure additional IP addresses for that interface. + # The variable contains a list of "address netmask" pairs, with + # "netmask" set to "-" if the interface default netmask is to be used. # - case ${ipfilter_active} in - [Yy][Ee][Ss]) - ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null - ;; - esac - unset ipfilter_active - - # Initialize IP filtering using ipfw + # Note that $ifaliases_xxN works only with certain configurations and + # considered not recommended. Use /etc/ifconfig.xxN if possible. + # # - if /sbin/ipfw -q flush > /dev/null 2>&1; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 + if [ -n "$configured_interfaces" ]; then + echo "Adding interface aliases:" + done_aliases_message=yes fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then - firewall_in_kernel=1 - echo 'Kernel firewall module loaded' - elif [ "${firewall_in_kernel}" -eq 0 ]; then - echo 'Warning: firewall kernel module failed to load' + for int in $configured_interfaces; do + eval args=\$ifaliases_$int + if [ -n "$args" ]; then + set -- $args + while [ $# -ge 2 ]; do + addr=$1 ; net=$2 ; shift 2 + if [ "$net" = "-" ]; then + # for compatibility only, obsolete + ifconfig $int inet alias $addr + else + ifconfig $int inet alias $addr \ + netmask $net + fi + # Use loopback, not the wire + route add $addr 127.0.0.1 + done fi - ;; - esac + done - # Load the filters if required + # /etc/ifaliases, if it exists, contains the names of additional IP + # addresses for each interface. It is formatted as a series of lines + # that contain + # address interface netmask # - case ${firewall_in_kernel} in - 1) - if [ -z "${firewall_script}" ]; then - firewall_script=/etc/rc.firewall + # Note that /etc/ifaliases works only with certain cases only and its + # use is not recommended. Use /etc/ifconfig.xxN instead. + # + # + if [ -f /etc/ifaliases ]; then + if [ "$done_aliases_message" != yes ]; then + echo "Adding interface aliases:" fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ -r "${firewall_script}" ]; then - . "${firewall_script}" - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - # - case ${natd_enable} in - [Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then - natd_flags="$natd_flags -a ${natd_interface}" - else - natd_flags="$natd_flags -n ${natd_interface}" - fi - fi - echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} - ;; - esac - - echo '.' - - elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then - echo 'Warning: kernel has firewall functionality,' \ - 'but firewall rules are not enabled.' - echo ' All ip services are disabled.' + while read addr int net; do + if [ -z "$net" ]; then + # for compatibility only, obsolete + ifconfig $int inet alias $addr + else + ifconfig $int inet alias $addr netmask $net fi - - case ${firewall_logging} in - [Yy][Ee][Ss] | '') - echo 'Firewall logging=YES' - sysctl net.inet.ip.fw.verbose=1 >/dev/null - ;; - *) - ;; - esac - - ;; - esac - ;; - esac - - # Additional ATM interface configuration - # - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 + # use loopback, not the wire + route add $addr 127.0.0.1 + done < /etc/ifaliases fi - # Configure routing - # - case ${defaultrouter} in - [Nn][Oo] | '') - ;; - *) - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - ;; - esac - - # Set up any static routes. This should be done before router discovery. + # IPv6 interface autoconfiguration. # - if [ -n "${static_routes}" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done - fi - - echo -n 'Additional routing options:' - case ${tcp_extensions} in - [Yy][Ee][Ss] | '') - ;; - *) - echo -n ' tcp extensions=NO' - sysctl net.inet.tcp.rfc1323=0 >/dev/null - ;; - esac - - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) - echo -n ' broadcast ping responses=YES' - sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac - - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) - echo -n ' ignore ICMP redirect=YES' - sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac - - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) - echo -n ' log ICMP redirect=YES' - sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac - - case ${gateway_enable} in - [Yy][Ee][Ss]) - echo -n ' IP gateway=YES' - sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac - - case ${forward_sourceroute} in - [Yy][Ee][Ss]) - echo -n ' do source routing=YES' - sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac - - case ${accept_sourceroute} in - [Yy][Ee][Ss]) - echo -n ' accept source routing=YES' - sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac - - case ${tcp_keepalive} in - [Nn][Oo]) - echo -n ' TCP keepalive=NO' - sysctl net.inet.tcp.always_keepalive=0 >/dev/null - ;; - esac - - case ${tcp_drop_synfin} in - [Yy][Ee][Ss]) - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null - ;; - esac - - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) - echo -n ' IPX gateway=YES' - sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac - - case ${arpproxy_all} in - [Yy][Ee][Ss]) - echo -n ' ARP proxyall=YES' - sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac - - case ${ip_portrange_first} in - [Nn][Oo] | '') - ;; - *) - echo -n " ip_portrange_first=$ip_portrange_first" - sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null - ;; - esac - - case ${ip_portrange_last} in - [Nn][Oo] | '') - ;; - *) - echo -n " ip_portrange_last=$ip_portrange_last" - sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null - ;; - esac - - echo '.' + if ifconfig lo0 inet6 >/dev/null 2>&1; then + # wait till DAD is completed. always invoke it in case + # if are configured manually by ifconfig + # + dadcount=`sysctl -n net.inet6.ip6.dad_count 2>/dev/null` + sleep $dadcount + sleep 1 + + if checkyesno rtsol; then + if [ "$ip6mode" = "autohost" ]; then + echo 'Sending router solicitation...' + rtsol $rtsol_flags + else + echo + warn \ + "ip6mode must be set to 'autohost' to use rtsol." + fi - case ${ipsec_enable} in - [Yy][Ee][Ss]) - if [ -f ${ipsec_file} ]; then - echo ' ipsec: enabled' - setkey -f ${ipsec_file} - else - echo ' ipsec: file not found' + # wait till DAD is completed, for global addresses + # configured by router advert message. + # + sleep $dadcount + sleep 1 fi - ;; - esac - - echo -n 'Routing daemons:' - case ${router_enable} in - [Yy][Ee][Ss]) - echo -n " ${router}"; ${router} ${router_flags} - ;; - esac - - case ${ipxrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - ;; - esac - - case ${mrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' mrouted'; mrouted ${mrouted_flags} - ;; - esac + fi - case ${rarpd_enable} in - [Yy][Ee][Ss]) - echo -n ' rarpd'; rarpd ${rarpd_flags} - ;; - esac + # XXX this must die + if [ -s /etc/netstart.local ]; then + sh /etc/netstart.local start + fi + fi echo '.' - # Let future generations know we made it. - # - network_pass1_done=YES + # Resync ipfilter + /etc/rc.d/ipfilter resync } -network_pass2() { - echo -n 'Doing additional network setup:' - case ${named_enable} in - [Yy][Ee][Ss]) - echo -n ' named'; ${named_program:-named} ${named_flags} - ;; - esac - - case ${ntpdate_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpdate' - ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 - ;; - esac - - case ${xntpd_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} - ;; - esac - - case ${timed_enable} in - [Yy][Ee][Ss]) - echo -n ' timed'; timed ${timed_flags} - ;; - esac - - case ${portmap_enable} in - [Yy][Ee][Ss]) - echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ - ${portmap_flags} +network_stop() +{ + echo "Stopping network." - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - # - case ${nis_server_enable} in - [Yy][Ee][Ss]) - echo -n ' ypserv'; ypserv ${nis_server_flags} - - case ${nis_ypxfrd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypxfrd' - rpc.ypxfrd ${nis_ypxfrd_flags} - ;; - esac - - case ${nis_yppasswdd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.yppasswdd' - rpc.yppasswdd ${nis_yppasswdd_flags} - ;; - esac - ;; - esac - - # Start ypbind if we're an NIS client - # - case ${nis_client_enable} in - [Yy][Ee][Ss]) - echo -n ' ypbind'; ypbind ${nis_client_flags} - case ${nis_ypset_enable} in - [Yy][Ee][Ss]) - echo -n ' ypset'; ypset ${nis_ypset_flags} - ;; - esac - ;; - esac - - # Start keyserv if we are running Secure RPC - # - case ${keyserv_enable} in - [Yy][Ee][Ss]) - echo -n ' keyserv'; keyserv ${keyserv_flags} - ;; - esac - - # Start ypupdated if we are running Secure RPC - # and we are NIS master - # - case ${rpc_ypupdated_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypupdated'; rpc.ypupdated - ;; - esac - ;; - esac - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 + # XXX this must die + if [ -s /etc/netstart.local ]; then + sh /etc/netstart.local stop fi - echo '.' - network_pass2_done=YES -} - -network_pass3() { - echo -n 'Starting final network daemons:' - - case ${portmap_enable} in - [Yy][Ee][Ss]) - case ${nfs_server_enable} in - [Yy][Ee][Ss]) - # Handle absent nfs server support - nfsserver_in_kernel=0 - if sysctl vfs.nfsrv >/dev/null 2>&1; then - nfsserver_in_kernel=1 - else - kldload nfsserver && nfsserver_in_kernel=1 - fi - - if [ -r /etc/exports -a \ - ${nfsserver_in_kernel} -eq 1 ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="${mountd_flags} -n" - ;; - esac - - mountd ${mountd_flags} - - case ${nfs_reserved_port_only} in - [Yy][Ee][Ss]) - echo -n ' NFS on reserved port only=YES' - sysctl vfs.nfsrv.nfs_privport=1 > /dev/null - ;; - esac - - echo -n ' nfsd'; nfsd ${nfs_server_flags} - - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - else - echo -n ' Warning: nfs server failed' - fi - ;; - *) - case ${single_mountd_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/exports ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="-n" - ;; - esac - - mountd ${mountd_flags} - fi - ;; - esac - ;; - esac - - case ${nfs_client_enable} in - [Yy][Ee][Ss]) - nfsclient_in_kernel=0 - # Handle absent nfs client support - if sysctl vfs.nfs >/dev/null 2>&1; then - nfsclient_in_kernel=1 - else - kldload nfsclient && nfsclient_in_kernel=1 - fi - - if [ ${nfsclient_in_kernel} -eq 1 ] - then - if [ -n "${nfs_access_cache}" ]; then - echo -n " NFS access cache time=${nfs_access_cache}" - sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null - fi - if [ -n "${nfs_bufpackets}" ]; then - sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null - fi - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - - case ${amd_enable} in - [Yy][Ee][Ss]) - echo -n ' amd' - case ${amd_map_program} in - [Nn][Oo] | '') - ;; - *) - amd_flags="${amd_flags} `eval\ - ${amd_map_program}`" - ;; - esac - - case "${amd_flags}" in - '') - if [ -r /etc/amd.conf ]; then - amd & - else - echo '' - echo 'Warning: amd will not load without arguments' - fi - ;; - *) - amd -p ${amd_flags} \ - >/var/run/amd.pid \ - 2>/dev/null & - ;; - esac - ;; - esac - else - echo 'Warning: NFS client kernel module failed to load' - nfs_client_enable=NO - fi - ;; - esac + echo "Deleting aliases." + if [ -f /etc/ifaliases ]; then + while read addr int net; do + ifconfig $int inet delete $addr + done < /etc/ifaliases + fi - # If /var/db/mounttab exists, some nfs-server has not been - # successfully notified about a previous client shutdown. - # If there is no /var/db/mounttab, we do nothing. - if [ -f /var/db/mounttab ]; then - rpc.umntall -k + for int in `ifconfig -lu`; do + eval args=\$ifaliases_$int + if [ -n "$args" ]; then + set -- $args + while [ $# -ge 2 ]; do + addr=$1 ; net=$2 ; shift 2 + ifconfig $int inet delete $addr + done fi + done - ;; - esac - - case ${rwhod_enable} in - [Yy][Ee][Ss]) - echo -n ' rwhod'; rwhod ${rwhod_flags} - ;; - esac - - # Kerberos servers run ONLY on the Kerberos server machine - case ${kerberos4_server_enable} in - [Yy][Ee][Ss]) - case ${kerberos_stash} in - [Yy][Ee][Ss]) - stash=-n - ;; - *) - stash= - ;; - esac - - echo -n ' kerberosIV' - ${kerberos4_server} ${stash} >> /var/log/kerberos.log & - - case ${kadmind4_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmindIV' - ( - sleep 20; - ${kadmind4_server} ${stash} >/dev/null 2>&1 & - ) & - ;; - esac - unset stash_flag - ;; - esac - - case ${kerberos5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kerberos5' - ${kerberos5_server} & - - case ${kadmind5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmind5' - ${kadmind5_server} & - ;; - esac - ;; - esac - - case ${pppoed_enable} in - [Yy][Ee][Ss]) - if [ -n "${pppoed_provider}" ]; then - pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" + # down interfaces + # + echo -n 'Downing network interfaces:' + if [ "$net_interfaces" != NO ]; then + if checkyesno auto_ifconfig; then + tmp=`ifconfig -l` + else + tmp="$net_interfaces" fi - echo -n ' pppoed'; - _opts=$-; set -f - /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} - set +f; set -${_opts} - ;; - esac - - case ${sshd_enable} in - [Yy][Ee][Ss]) - if [ -x /usr/bin/ssh-keygen ]; then - if [ ! -f /etc/ssh/ssh_host_key ]; then - echo ' creating ssh1 RSA host key'; - /usr/bin/ssh-keygen -t rsa1 -N "" \ - -f /etc/ssh/ssh_host_key + for int in $tmp; do + eval args=\$ifconfig_$int + if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then + echo -n " $int" + ifconfig $int down fi - if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - echo ' creating ssh2 RSA host key'; - /usr/bin/ssh-keygen -t rsa -N "" \ - -f /etc/ssh/ssh_host_rsa_key - fi - if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then - echo ' creating ssh2 DSA host key'; - /usr/bin/ssh-keygen -t dsa -N "" \ - -f /etc/ssh/ssh_host_dsa_key - fi - fi - ;; - esac - - echo '.' - network_pass3_done=YES -} - -network_pass4() { - echo -n 'Additional TCP options:' - case ${log_in_vain} in - [Nn][Oo] | '') - log_in_vain=0 - ;; - [Yy][Ee][Ss]) - log_in_vain=1 - ;; - [0-9]*) - ;; - *) - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; - esac - - [ "${log_in_vain}" -ne 0 ] && ( - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null - ) - echo '.' - network_pass4_done=YES -} - -network_gif_setup() { - case ${gif_interfaces} in - [Nn][Oo] | '') - ;; - *) - for i in ${gif_interfaces}; do - eval peers=\$gifconfig_$i - case ${peers} in - '') - continue - ;; - *) - ifconfig $i create >/dev/null 2>&1 - ifconfig $i tunnel ${peers} - ;; - esac done - ;; - esac -} + echo "." + fi -convert_host_conf() { - host_conf=$1; shift; - nsswitch_conf=$1; shift; - awk ' \ - /^[:blank:]*#/ { next } \ - /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ - /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ - /nis/ { nsswitch[c] = "nis"; c++; next } \ - { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ - END { \ - printf "hosts: "; \ - for (i in nsswitch) printf "%s ", nsswitch[i]; \ - printf "\n"; \ - }' < $host_conf > $nsswitch_conf -} + # flush routes + # + route -n flush -generate_host_conf() { - nsswitch_conf=$1; shift; - host_conf=$1; shift; - - awk ' -BEGIN { - xlat["files"] = "hosts"; - xlat["dns"] = "bind"; - xlat["nis"] = "nis"; - cont = 0; -} -sub(/^[\t ]*hosts:/, "") || cont { - if (!cont) - srcs = "" - sub(/#.*/, "") - gsub(/[][]/, " & ") - cont = sub(/\\$/, "") - srcs = srcs " " $0 -} -END { - print "# Auto-generated from nsswitch.conf, do not edit" - ns = split(srcs, s) - for (n = 1; n <= ns; ++n) { - if (s[n] in xlat) - print xlat[s[n]] - } -} -' <$nsswitch_conf >$host_conf } + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/atm1 b/etc/rc.d/atm1 index 1c53c7f..0272642 100644 --- a/etc/rc.d/atm1 +++ b/etc/rc.d/atm1 @@ -27,13 +27,25 @@ # $FreeBSD$ # -# +# PROVIDE: atm1 +# REQUIRE: root +# BEFORE: network1 +# KEYWORD: FreeBSD + +. /etc/rc.subr + +name="atm" +rcvar="atm_enable" +start_cmd="atm_start" +stop_cmd=":" + # ATM networking startup script # # Initial interface configuration. # N.B. /usr is not mounted. # -atm_pass1() { +start_cmd() +{ # Locate all probed ATM adapters atmdev=`atm sh stat int | while read dev junk; do case ${dev} in @@ -126,92 +138,7 @@ atm_pass1() { esac echo '.' - atm_pass1_done=YES } -# -# Finish up configuration. -# N.B. /usr is not mounted. -# -atm_pass2() { - echo -n 'Configuring ATM network interfaces:' - - atm_scspd=0 - atm_atmarpd="" - - # Configure network interfaces - for phy in ${atm_phy}; do - eval netif_args=\$atm_netif_${phy} - set -- ${netif_args} - netname=$1 - netcnt=$2 - netindx=0 - while [ ${netindx} -lt ${netcnt} ]; do - net="${netname}${netindx}" - netindx=$((${netindx} + 1)) - echo -n " ${net}" - - # Configure atmarp server - eval atmarp_args=\$atm_arpserver_${net} - if [ -n "${atmarp_args}" ]; then - atm set arpserver ${net} ${atmarp_args} || - continue - fi - eval scsparp_args=\$atm_scsparp_${net} - - case ${scsparp_args} in - [Yy][Ee][Ss]) - case ${atmarp_args} in - local) - ;; - *) - echo ' local arpserver required for SCSP' - continue - ;; - esac - - atm_atmarpd="${atm_atmarpd} ${net}" - atm_scspd=1 - esac - done - done - echo '.' - - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi - - # Define any permanent ARP entries. - if [ -n "${atm_arps}" ]; then - for i in ${atm_arps}; do - eval arp_args=\$atm_arp_${i} - atm add arp ${arp_args} - done - fi - atm_pass2_done=YES -} - -# -# Start any necessary daemons. -# -atm_pass3() { - # Start SCSP daemon (if needed) - case ${atm_scspd} in - 1) - echo -n ' scspd' - scspd - ;; - esac - - # Start ATMARP daemon (if needed) - if [ -n "${atm_atmarpd}" ]; then - echo -n ' atmarpd' - atmarpd ${atm_atmarpd} - fi - - atm_pass3_done=YES -} +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/atm2 b/etc/rc.d/atm2 index 1c53c7f..8854605 100644 --- a/etc/rc.d/atm2 +++ b/etc/rc.d/atm2 @@ -27,118 +27,19 @@ # $FreeBSD$ # -# -# ATM networking startup script -# -# Initial interface configuration. -# N.B. /usr is not mounted. -# -atm_pass1() { - # Locate all probed ATM adapters - atmdev=`atm sh stat int | while read dev junk; do - case ${dev} in - hea[0-9] | hea[0-9][0-9]) - echo "${dev} " - ;; - hfa[0-9] | hfa[0-9][0-9]) - echo "${dev} " - ;; - *) - continue - ;; - esac - done` - - if [ -z "${atmdev}" ]; then - echo 'No ATM adapters found' - return 0 - fi - - # Load microcode into FORE adapters (if needed) - if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then - fore_dnld - fi - - # Configure physical interfaces - ilmid=0 - for phy in ${atmdev}; do - echo -n "Configuring ATM device ${phy}:" - - # Define network interfaces - eval netif_args=\$atm_netif_${phy} - if [ -n "${netif_args}" ]; then - atm set netif ${phy} ${netif_args} || continue - else - echo ' missing network interface definition' - continue - fi - - # Override physical MAC address - eval macaddr_args=\$atm_macaddr_${phy} - if [ -n "${macaddr_args}" ]; then - case ${macaddr_args} in - [Nn][Oo] | '') - ;; - *) - atm set mac ${phy} ${macaddr_args} || continue - ;; - esac - fi - - # Configure signalling manager - eval sigmgr_args=\$atm_sigmgr_${phy} - if [ -n "${sigmgr_args}" ]; then - atm attach ${phy} ${sigmgr_args} || continue - else - echo ' missing signalling manager definition' - continue - fi - - # Configure UNI NSAP prefix - eval prefix_args=\$atm_prefix_${phy} - if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then - if [ -z "${prefix_args}" ]; then - echo ' missing NSAP prefix for UNI interface' - continue - fi - - case ${prefix_args} in - ILMI) - ilmid=1 - ;; - *) - atm set prefix ${phy} ${prefix_args} || continue - ;; - esac - fi - - atm_phy="${atm_phy} ${phy}" - echo '.' - done - - echo -n 'Starting initial ATM daemons:' - # Start ILMI daemon (if needed) - case ${ilmid} in - 1) - echo -n ' ilmid' - ilmid - ;; - esac - - echo '.' - atm_pass1_done=YES -} +# PROVIDE: atm2 +# REQUIRE: atm1 network1 +# BEFORE: network2 +# KEYWORD: FreeBSD # -# Finish up configuration. -# N.B. /usr is not mounted. +# Additional ATM interface configuration # -atm_pass2() { - echo -n 'Configuring ATM network interfaces:' - atm_scspd=0 - atm_atmarpd="" +. /etc/rc.subr +atm2_start() +{ # Configure network interfaces for phy in ${atm_phy}; do eval netif_args=\$atm_netif_${phy} @@ -155,7 +56,7 @@ atm_pass2() { eval atmarp_args=\$atm_arpserver_${net} if [ -n "${atmarp_args}" ]; then atm set arpserver ${net} ${atmarp_args} || - continue + continue fi eval scsparp_args=\$atm_scsparp_${net} @@ -172,19 +73,12 @@ atm_pass2() { atm_atmarpd="${atm_atmarpd} ${net}" atm_scspd=1 + ;; esac done done echo '.' - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi - # Define any permanent ARP entries. if [ -n "${atm_arps}" ]; then for i in ${atm_arps}; do @@ -192,26 +86,19 @@ atm_pass2() { atm add arp ${arp_args} done fi - atm_pass2_done=YES -} -# -# Start any necessary daemons. -# -atm_pass3() { - # Start SCSP daemon (if needed) - case ${atm_scspd} in - 1) - echo -n ' scspd' - scspd - ;; - esac + # XXX - required by atm3.sh. I don't like having one script depend + # on variables in another script (especially in a dynamic + # ordered system like this), but it's necessary for the moment. + # + export atm_atmarpd + export atm_scspd +} - # Start ATMARP daemon (if needed) - if [ -n "${atm_atmarpd}" ]; then - echo -n ' atmarpd' - atmarpd ${atm_atmarpd} - fi +load_rc_config "XXX" - atm_pass3_done=YES -} +case ${atm_enable} in +[Yy][Ee][Ss]) + atm2_start + ;; +esac diff --git a/etc/rc.d/atm2.sh b/etc/rc.d/atm2.sh index 1c53c7f..8854605 100644 --- a/etc/rc.d/atm2.sh +++ b/etc/rc.d/atm2.sh @@ -27,118 +27,19 @@ # $FreeBSD$ # -# -# ATM networking startup script -# -# Initial interface configuration. -# N.B. /usr is not mounted. -# -atm_pass1() { - # Locate all probed ATM adapters - atmdev=`atm sh stat int | while read dev junk; do - case ${dev} in - hea[0-9] | hea[0-9][0-9]) - echo "${dev} " - ;; - hfa[0-9] | hfa[0-9][0-9]) - echo "${dev} " - ;; - *) - continue - ;; - esac - done` - - if [ -z "${atmdev}" ]; then - echo 'No ATM adapters found' - return 0 - fi - - # Load microcode into FORE adapters (if needed) - if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then - fore_dnld - fi - - # Configure physical interfaces - ilmid=0 - for phy in ${atmdev}; do - echo -n "Configuring ATM device ${phy}:" - - # Define network interfaces - eval netif_args=\$atm_netif_${phy} - if [ -n "${netif_args}" ]; then - atm set netif ${phy} ${netif_args} || continue - else - echo ' missing network interface definition' - continue - fi - - # Override physical MAC address - eval macaddr_args=\$atm_macaddr_${phy} - if [ -n "${macaddr_args}" ]; then - case ${macaddr_args} in - [Nn][Oo] | '') - ;; - *) - atm set mac ${phy} ${macaddr_args} || continue - ;; - esac - fi - - # Configure signalling manager - eval sigmgr_args=\$atm_sigmgr_${phy} - if [ -n "${sigmgr_args}" ]; then - atm attach ${phy} ${sigmgr_args} || continue - else - echo ' missing signalling manager definition' - continue - fi - - # Configure UNI NSAP prefix - eval prefix_args=\$atm_prefix_${phy} - if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then - if [ -z "${prefix_args}" ]; then - echo ' missing NSAP prefix for UNI interface' - continue - fi - - case ${prefix_args} in - ILMI) - ilmid=1 - ;; - *) - atm set prefix ${phy} ${prefix_args} || continue - ;; - esac - fi - - atm_phy="${atm_phy} ${phy}" - echo '.' - done - - echo -n 'Starting initial ATM daemons:' - # Start ILMI daemon (if needed) - case ${ilmid} in - 1) - echo -n ' ilmid' - ilmid - ;; - esac - - echo '.' - atm_pass1_done=YES -} +# PROVIDE: atm2 +# REQUIRE: atm1 network1 +# BEFORE: network2 +# KEYWORD: FreeBSD # -# Finish up configuration. -# N.B. /usr is not mounted. +# Additional ATM interface configuration # -atm_pass2() { - echo -n 'Configuring ATM network interfaces:' - atm_scspd=0 - atm_atmarpd="" +. /etc/rc.subr +atm2_start() +{ # Configure network interfaces for phy in ${atm_phy}; do eval netif_args=\$atm_netif_${phy} @@ -155,7 +56,7 @@ atm_pass2() { eval atmarp_args=\$atm_arpserver_${net} if [ -n "${atmarp_args}" ]; then atm set arpserver ${net} ${atmarp_args} || - continue + continue fi eval scsparp_args=\$atm_scsparp_${net} @@ -172,19 +73,12 @@ atm_pass2() { atm_atmarpd="${atm_atmarpd} ${net}" atm_scspd=1 + ;; esac done done echo '.' - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi - # Define any permanent ARP entries. if [ -n "${atm_arps}" ]; then for i in ${atm_arps}; do @@ -192,26 +86,19 @@ atm_pass2() { atm add arp ${arp_args} done fi - atm_pass2_done=YES -} -# -# Start any necessary daemons. -# -atm_pass3() { - # Start SCSP daemon (if needed) - case ${atm_scspd} in - 1) - echo -n ' scspd' - scspd - ;; - esac + # XXX - required by atm3.sh. I don't like having one script depend + # on variables in another script (especially in a dynamic + # ordered system like this), but it's necessary for the moment. + # + export atm_atmarpd + export atm_scspd +} - # Start ATMARP daemon (if needed) - if [ -n "${atm_atmarpd}" ]; then - echo -n ' atmarpd' - atmarpd ${atm_atmarpd} - fi +load_rc_config "XXX" - atm_pass3_done=YES -} +case ${atm_enable} in +[Yy][Ee][Ss]) + atm2_start + ;; +esac diff --git a/etc/rc.d/atm3 b/etc/rc.d/atm3 index 1c53c7f..6cbb206 100644 --- a/etc/rc.d/atm3 +++ b/etc/rc.d/atm3 @@ -27,178 +27,22 @@ # $FreeBSD$ # +# Start ATM daemons +# XXX - This script uses global variables set by scripts atm1 and atm2. +# Ideally this shouldn't be the case. # -# ATM networking startup script -# -# Initial interface configuration. -# N.B. /usr is not mounted. -# -atm_pass1() { - # Locate all probed ATM adapters - atmdev=`atm sh stat int | while read dev junk; do - case ${dev} in - hea[0-9] | hea[0-9][0-9]) - echo "${dev} " - ;; - hfa[0-9] | hfa[0-9][0-9]) - echo "${dev} " - ;; - *) - continue - ;; - esac - done` - - if [ -z "${atmdev}" ]; then - echo 'No ATM adapters found' - return 0 - fi - - # Load microcode into FORE adapters (if needed) - if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then - fore_dnld - fi - - # Configure physical interfaces - ilmid=0 - for phy in ${atmdev}; do - echo -n "Configuring ATM device ${phy}:" - - # Define network interfaces - eval netif_args=\$atm_netif_${phy} - if [ -n "${netif_args}" ]; then - atm set netif ${phy} ${netif_args} || continue - else - echo ' missing network interface definition' - continue - fi - - # Override physical MAC address - eval macaddr_args=\$atm_macaddr_${phy} - if [ -n "${macaddr_args}" ]; then - case ${macaddr_args} in - [Nn][Oo] | '') - ;; - *) - atm set mac ${phy} ${macaddr_args} || continue - ;; - esac - fi - - # Configure signalling manager - eval sigmgr_args=\$atm_sigmgr_${phy} - if [ -n "${sigmgr_args}" ]; then - atm attach ${phy} ${sigmgr_args} || continue - else - echo ' missing signalling manager definition' - continue - fi - # Configure UNI NSAP prefix - eval prefix_args=\$atm_prefix_${phy} - if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then - if [ -z "${prefix_args}" ]; then - echo ' missing NSAP prefix for UNI interface' - continue - fi +# PROVIDE: atm3 +# REQUIRE: atm2 +# BEFORE: DAEMON +# KEYWORD: FreeBSD - case ${prefix_args} in - ILMI) - ilmid=1 - ;; - *) - atm set prefix ${phy} ${prefix_args} || continue - ;; - esac - fi +. /etc/rc.subr - atm_phy="${atm_phy} ${phy}" - echo '.' - done +atm3_start() +{ + echo -n 'Starting ATM daemons:' - echo -n 'Starting initial ATM daemons:' - # Start ILMI daemon (if needed) - case ${ilmid} in - 1) - echo -n ' ilmid' - ilmid - ;; - esac - - echo '.' - atm_pass1_done=YES -} - -# -# Finish up configuration. -# N.B. /usr is not mounted. -# -atm_pass2() { - echo -n 'Configuring ATM network interfaces:' - - atm_scspd=0 - atm_atmarpd="" - - # Configure network interfaces - for phy in ${atm_phy}; do - eval netif_args=\$atm_netif_${phy} - set -- ${netif_args} - netname=$1 - netcnt=$2 - netindx=0 - while [ ${netindx} -lt ${netcnt} ]; do - net="${netname}${netindx}" - netindx=$((${netindx} + 1)) - echo -n " ${net}" - - # Configure atmarp server - eval atmarp_args=\$atm_arpserver_${net} - if [ -n "${atmarp_args}" ]; then - atm set arpserver ${net} ${atmarp_args} || - continue - fi - eval scsparp_args=\$atm_scsparp_${net} - - case ${scsparp_args} in - [Yy][Ee][Ss]) - case ${atmarp_args} in - local) - ;; - *) - echo ' local arpserver required for SCSP' - continue - ;; - esac - - atm_atmarpd="${atm_atmarpd} ${net}" - atm_scspd=1 - esac - done - done - echo '.' - - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi - - # Define any permanent ARP entries. - if [ -n "${atm_arps}" ]; then - for i in ${atm_arps}; do - eval arp_args=\$atm_arp_${i} - atm add arp ${arp_args} - done - fi - atm_pass2_done=YES -} - -# -# Start any necessary daemons. -# -atm_pass3() { # Start SCSP daemon (if needed) case ${atm_scspd} in 1) @@ -212,6 +56,13 @@ atm_pass3() { echo -n ' atmarpd' atmarpd ${atm_atmarpd} fi - - atm_pass3_done=YES + echo '.' } + +load_rc_config "XXX" + +case ${atm_enable} in +[Yy][Ee][Ss]) + atm3_start + ;; +esac diff --git a/etc/rc.d/atm3.sh b/etc/rc.d/atm3.sh index 1c53c7f..6cbb206 100644 --- a/etc/rc.d/atm3.sh +++ b/etc/rc.d/atm3.sh @@ -27,178 +27,22 @@ # $FreeBSD$ # +# Start ATM daemons +# XXX - This script uses global variables set by scripts atm1 and atm2. +# Ideally this shouldn't be the case. # -# ATM networking startup script -# -# Initial interface configuration. -# N.B. /usr is not mounted. -# -atm_pass1() { - # Locate all probed ATM adapters - atmdev=`atm sh stat int | while read dev junk; do - case ${dev} in - hea[0-9] | hea[0-9][0-9]) - echo "${dev} " - ;; - hfa[0-9] | hfa[0-9][0-9]) - echo "${dev} " - ;; - *) - continue - ;; - esac - done` - - if [ -z "${atmdev}" ]; then - echo 'No ATM adapters found' - return 0 - fi - - # Load microcode into FORE adapters (if needed) - if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then - fore_dnld - fi - - # Configure physical interfaces - ilmid=0 - for phy in ${atmdev}; do - echo -n "Configuring ATM device ${phy}:" - - # Define network interfaces - eval netif_args=\$atm_netif_${phy} - if [ -n "${netif_args}" ]; then - atm set netif ${phy} ${netif_args} || continue - else - echo ' missing network interface definition' - continue - fi - - # Override physical MAC address - eval macaddr_args=\$atm_macaddr_${phy} - if [ -n "${macaddr_args}" ]; then - case ${macaddr_args} in - [Nn][Oo] | '') - ;; - *) - atm set mac ${phy} ${macaddr_args} || continue - ;; - esac - fi - - # Configure signalling manager - eval sigmgr_args=\$atm_sigmgr_${phy} - if [ -n "${sigmgr_args}" ]; then - atm attach ${phy} ${sigmgr_args} || continue - else - echo ' missing signalling manager definition' - continue - fi - # Configure UNI NSAP prefix - eval prefix_args=\$atm_prefix_${phy} - if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then - if [ -z "${prefix_args}" ]; then - echo ' missing NSAP prefix for UNI interface' - continue - fi +# PROVIDE: atm3 +# REQUIRE: atm2 +# BEFORE: DAEMON +# KEYWORD: FreeBSD - case ${prefix_args} in - ILMI) - ilmid=1 - ;; - *) - atm set prefix ${phy} ${prefix_args} || continue - ;; - esac - fi +. /etc/rc.subr - atm_phy="${atm_phy} ${phy}" - echo '.' - done +atm3_start() +{ + echo -n 'Starting ATM daemons:' - echo -n 'Starting initial ATM daemons:' - # Start ILMI daemon (if needed) - case ${ilmid} in - 1) - echo -n ' ilmid' - ilmid - ;; - esac - - echo '.' - atm_pass1_done=YES -} - -# -# Finish up configuration. -# N.B. /usr is not mounted. -# -atm_pass2() { - echo -n 'Configuring ATM network interfaces:' - - atm_scspd=0 - atm_atmarpd="" - - # Configure network interfaces - for phy in ${atm_phy}; do - eval netif_args=\$atm_netif_${phy} - set -- ${netif_args} - netname=$1 - netcnt=$2 - netindx=0 - while [ ${netindx} -lt ${netcnt} ]; do - net="${netname}${netindx}" - netindx=$((${netindx} + 1)) - echo -n " ${net}" - - # Configure atmarp server - eval atmarp_args=\$atm_arpserver_${net} - if [ -n "${atmarp_args}" ]; then - atm set arpserver ${net} ${atmarp_args} || - continue - fi - eval scsparp_args=\$atm_scsparp_${net} - - case ${scsparp_args} in - [Yy][Ee][Ss]) - case ${atmarp_args} in - local) - ;; - *) - echo ' local arpserver required for SCSP' - continue - ;; - esac - - atm_atmarpd="${atm_atmarpd} ${net}" - atm_scspd=1 - esac - done - done - echo '.' - - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi - - # Define any permanent ARP entries. - if [ -n "${atm_arps}" ]; then - for i in ${atm_arps}; do - eval arp_args=\$atm_arp_${i} - atm add arp ${arp_args} - done - fi - atm_pass2_done=YES -} - -# -# Start any necessary daemons. -# -atm_pass3() { # Start SCSP daemon (if needed) case ${atm_scspd} in 1) @@ -212,6 +56,13 @@ atm_pass3() { echo -n ' atmarpd' atmarpd ${atm_atmarpd} fi - - atm_pass3_done=YES + echo '.' } + +load_rc_config "XXX" + +case ${atm_enable} in +[Yy][Ee][Ss]) + atm3_start + ;; +esac diff --git a/etc/rc.d/diskless b/etc/rc.d/diskless index b897d44..fc851316 100644 --- a/etc/rc.d/diskless +++ b/etc/rc.d/diskless @@ -22,7 +22,7 @@ # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# $FreeBSD$ +# SUCH DAMAGE. # # $FreeBSD$ # @@ -60,6 +60,13 @@ mount_md() if [ -r /etc/rc.subr ]; then . /etc/rc.subr load_rc_config $name +elif [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs +elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf +fi + echo "+++ mount_md of /var" mount_md ${varsize:=32m} /var 1 diff --git a/etc/rc.d/initdiskless b/etc/rc.d/initdiskless index 4eb37fa..1b72009 100644 --- a/etc/rc.d/initdiskless +++ b/etc/rc.d/initdiskless @@ -1,3 +1,5 @@ +#!/bin/sh +# # Copyright (c) 1999 Matt Dillion # All rights reserved. # @@ -25,8 +27,12 @@ # $FreeBSD$ # -# -# /etc/rc.diskless1 - general BOOTP startup +# PROVIDE: initdiskless +# KEYWORD: FreeBSD + +dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` +[ ${dlv:=0} -eq 0 ] && exit 0 + # # BOOTP has mounted / for us. Assume a read-only mount. We must then # - figure out our IP by querying the interface @@ -46,7 +52,8 @@ # checks error code and drops into shell on failure. # if shell exits, terminates script as well as /etc/rc. # -chkerr() { +chkerr() +{ case $1 in 0) ;; @@ -58,7 +65,8 @@ chkerr() { esac } -mount_md() { +mount_md() +{ /sbin/mdconfig -a -t malloc -s $1 -u $3 /sbin/disklabel -r -w md$3 auto /sbin/newfs /dev/md$3c @@ -93,8 +101,8 @@ done echo "Interface ${bootp_ifc} IP-Address ${bootp_ipa} Broadcast ${bootp_ipbca}" if [ -z "`hostname -s`" ]; then - hostname=`kenv dhcp.host-name` - hostname $hostname + hostname=`kenv dhcp.host-name` + hostname $hostname echo "Hostname is $hostname" fi @@ -126,19 +134,10 @@ done # build the resolv.conf # if [ ! -e /etc/resolv.conf ]; then - echo domain `kenv dhcp.domain-name` > /etc/resolv.conf + echo domain `kenv dhcp.domain-name` > /etc/resolv.conf - set `kenv dhcp.domain-name-servers` - for ns in `IFS=','; echo $*`; do - echo nameserver $ns >> /etc/resolv.conf; - done + set `kenv dhcp.domain-name-servers` + for ns in `IFS=','; echo $*`; do + echo nameserver $ns >> /etc/resolv.conf; + done fi - -# Tell /etc/rc to run the specified script after it does its mounts but -# before it does anything else. -# -# This script is responsible for setting up the diskless mount environment. -# This can be overriden by /conf/ME/rc.conf.local if, for example, you do not -# want to run the standard system /etc/rc.diskless2 - -diskless_mount="/etc/rc.diskless2" diff --git a/etc/rc.d/isdnd b/etc/rc.d/isdnd index a3d3e54..4983256 100644 --- a/etc/rc.d/isdnd +++ b/etc/rc.d/isdnd @@ -1,41 +1,34 @@ #!/bin/sh # -# Copyright (c) 1999 Hellmuth Michaelis -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# +# $NetBSD: isdnd,v 1.9 2002/04/10 23:37:13 martin Exp $ # $FreeBSD$ # - -#--------------------------------------------------------------------------- +# Mostly based on original script (/etc/rc.isdn) written by Hellmuth Michaelis # -# /etc/rc.isdn - isdn4bsd startup script -# -------------------------------------- -# -#--------------------------------------------------------------------------- -case ${isdn_enable} in -[Yy][Ee][Ss]) +# PROVIDE: isdnd +# REQUIRE: NETWORKING syslogd mountcritremote +# BEFORE: SERVERS +# KEYWORD: FreeBSD NetBSD + +. /etc/rc.subr + +name="isdnd" +rcvar=`set_rcvar isdn` +pidfile="/var/run/${name}.pid" + +case `${CMD_OSTYPE}` in +FreeBSD) + start_cmd="isdnd_start" + ;; +NetBSD) + command="/usr/sbin/${name}" + required_files="/etc/isdn/${name}.rc" + ;; +esac + +isdnd_start() +{ echo -n 'ISDN subsystem setup:' # Check for pcvt driver (VT100/VT220 emulator) @@ -48,49 +41,36 @@ case ${isdn_enable} in fi fi - case ${isdn_flags} in - [Nn][Oo]) - isdn_flags='' - ;; - esac - - # Start the isdn daemon + # Start isdnd # - if [ -x /usr/sbin/isdnd ]; then - echo -n ' isdnd' - case ${isdn_fsdev} in - [Nn][Oo] | '') - /usr/sbin/isdnd ${isdn_flags} + echo -n ' isdnd' + case ${isdn_fsdev} in + [Nn][Oo] | '') + /usr/sbin/isdnd ${isdn_flags} + ;; + *) + # Change vidmode of ${isdn_fsdev} + # + case ${isdn_screenflags} in + [Nn][Oo]) ;; *) - # Change vidmode of ${isdn_fsdev} - # - case ${isdn_screenflags} in - [Nn][Oo]) - ;; - *) - if [ -x /usr/sbin/vidcontrol ]; then - /usr/sbin/vidcontrol < ${isdn_fsdev} > ${isdn_fsdev} 2>&1 ${isdn_screenflags} - fi - ;; - esac - - /usr/sbin/isdnd ${isdn_flags} -f -r ${isdn_fsdev} -t ${isdn_ttype} + /usr/sbin/vidcontrol < ${isdn_fsdev} > ${isdn_fsdev} 2>&1 ${isdn_screenflags} ;; esac - fi - # Start isdntrace - # - case ${isdn_trace} in - [Yy][Ee][Ss]) - if [ -x /usr/sbin/isdntrace ]; then - echo -n ' isdntrace' - nohup /usr/sbin/isdntrace ${isdn_traceflags} >/dev/null 2>&1 & - fi + /usr/sbin/isdnd ${isdn_flags} -f -r ${isdn_fsdev} -t ${isdn_ttype} ;; esac - echo '.' - ;; -esac + # Start isdntrace + # + if checkyesno isdn_trace ; then + echo -n ' isdntrace' + nohup /usr/sbin/isdntrace ${isdn_traceflags} >/dev/null 2>&1 & + echo '.' + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index febaf83..a79aa5f 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -1,969 +1,35 @@ -#!/bin/sh - -# -# Copyright (c) 1993 The FreeBSD Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. +#!/bin/sh # # $FreeBSD$ -# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # -# Note that almost all of the user-configurable behavior is no longer in -# this file, but rather in /etc/defaults/rc.conf. Please check that file -# first before contemplating any changes here. If you do need to change -# this file for some reason, we would like to know about it. - -# First pass startup stuff. -# -network_pass1() { - echo -n 'Doing initial network setup:' - - # Generate host.conf for compatibility - # - if [ -f "/etc/nsswitch.conf" ]; then - echo -n ' host.conf' - generate_host_conf /etc/nsswitch.conf /etc/host.conf - fi - - # Convert host.conf to nsswitch.conf if necessary - # - if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then - echo '' - echo 'Warning: /etc/host.conf is no longer used' - echo ' /etc/nsswitch.conf will be created for you' - convert_host_conf /etc/host.conf /etc/nsswitch.conf - fi - - # Set the host name if it is not already set - # - if [ -z "`hostname -s`" ]; then - hostname ${hostname} - echo -n ' hostname' - fi - - # Establish ipfilter ruleset as early as possible (best in - # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) - - # check whether ipfilter and/or ipnat is enabled - ipfilter_active="NO" - case ${ipfilter_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipnat_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipfilter_active} in - [Yy][Ee][Ss]) - # load ipfilter kernel module if needed - if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then - if kldload ipl; then - echo 'IP-filter module loaded.' - else - echo 'Warning: IP-filter module failed to load.' - # avoid further errors - ipfilter_active="NO" - ipmon_enable="NO" - ipfilter_enable="NO" - ipnat_enable="NO" - ipfs_enable="NO" - fi - fi - # start ipmon before loading any rules - case "${ipmon_enable}" in - [Yy][Ee][Ss]) - echo -n ' ipmon' - ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} - ;; - esac - case "${ipfilter_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipfilter_rules}" ]; then - echo -n ' ipfilter' - ${ipfilter_program:-/sbin/ipf} -Fa -f \ - "${ipfilter_rules}" ${ipfilter_flags} - else - ipfilter_enable="NO" - echo -n ' NO IPF RULES' - fi - ;; - esac - case "${ipnat_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipnat_rules}" ]; then - echo -n ' ipnat' - eval ${ipnat_program:-/sbin/ipnat} -CF -f \ - "${ipnat_rules}" ${ipnat_flags} - else - ipnat_enable="NO" - echo -n ' NO IPNAT RULES' - fi - ;; - esac - # restore filter/NAT state tables after loading the rules - case "${ipfs_enable}" in - [Yy][Ee][Ss]) - if [ -r "/var/db/ipf/ipstate.ipf" ]; then - echo -n ' ipfs' - ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} - # remove files to avoid reloading old state - # after an ungraceful shutdown - rm -f /var/db/ipf/ipstate.ipf - rm -f /var/db/ipf/ipnat.ipf - fi - ;; - esac - ;; - esac - - # Set the domainname if we're using NIS - # - case ${nisdomainname} in - [Nn][Oo] | '') - ;; - *) - domainname ${nisdomainname} - echo -n ' domain' - ;; - esac - - echo '.' - - # Initial ATM interface configuration - # - case ${atm_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - ;; - esac - - # Attempt to create cloned interfaces. - for ifn in ${cloned_interfaces}; do - ifconfig ${ifn} create - done - - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - # - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ]; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # gifconfig - network_gif_setup - - # Set up all the network interfaces, calling startup scripts if needed - # - case ${network_interfaces} in - [Aa][Uu][Tt][Oo]) - network_interfaces="`ifconfig -l`" - ;; - *) - network_interfaces="${network_interfaces} ${cloned_interfaces}" - ;; - esac - - dhcp_interfaces="" - for ifn in ${network_interfaces}; do - if [ -r /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - eval showstat_$ifn=1 - fi - - # Do the primary ifconfig if specified - # - eval ifconfig_args=\$ifconfig_${ifn} - - case ${ifconfig_args} in - '') - ;; - [Dd][Hh][Cc][Pp]) - # DHCP inits are done all in one go below - dhcp_interfaces="$dhcp_interfaces $ifn" - eval showstat_$ifn=1 - ;; - *) - ifconfig ${ifn} ${ifconfig_args} - eval showstat_$ifn=1 - ;; - esac - done - - if [ ! -z "${dhcp_interfaces}" ]; then - ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} - fi - - for ifn in ${network_interfaces}; do - # Check to see if aliases need to be added - # - alias=0 - while : ; do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - eval showstat_$ifn=1 - alias=$((${alias} + 1)) - else - break; - fi - done - - # Do ipx address if specified - # - eval ifconfig_args=\$ifconfig_${ifn}_ipx - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} - eval showstat_$ifn=1 - fi - done - - for ifn in ${network_interfaces}; do - eval showstat=\$showstat_${ifn} - if [ ! -z ${showstat} ]; then - ifconfig ${ifn} - fi - done - - # ISDN subsystem startup - # - case ${isdn_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - ;; - esac - - # Start user ppp if required. This must happen before natd. - # - case ${ppp_enable} in - [Yy][Ee][Ss]) - # Establish ppp mode. - # - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto" - fi - - ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" - - # Switch on NAT mode? - # - case ${ppp_nat} in - [Yy][Ee][Ss]) - ppp_command="${ppp_command} -nat" - ;; - esac - - ppp_command="${ppp_command} ${ppp_profile}" - - echo "Starting ppp as \"${ppp_user}\"" - su -m ${ppp_user} -c "exec ${ppp_command}" - ;; - esac - - # Re-Sync ipfilter so it picks up any new network interfaces - # - case ${ipfilter_active} in - [Yy][Ee][Ss]) - ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null - ;; - esac - unset ipfilter_active - - # Initialize IP filtering using ipfw - # - if /sbin/ipfw -q flush > /dev/null 2>&1; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 - fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then - firewall_in_kernel=1 - echo 'Kernel firewall module loaded' - elif [ "${firewall_in_kernel}" -eq 0 ]; then - echo 'Warning: firewall kernel module failed to load' - fi - ;; - esac - - # Load the filters if required - # - case ${firewall_in_kernel} in - 1) - if [ -z "${firewall_script}" ]; then - firewall_script=/etc/rc.firewall - fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ -r "${firewall_script}" ]; then - . "${firewall_script}" - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - # - case ${natd_enable} in - [Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then - natd_flags="$natd_flags -a ${natd_interface}" - else - natd_flags="$natd_flags -n ${natd_interface}" - fi - fi - echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} - ;; - esac - - echo '.' - - elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then - echo 'Warning: kernel has firewall functionality,' \ - 'but firewall rules are not enabled.' - echo ' All ip services are disabled.' - fi - - case ${firewall_logging} in - [Yy][Ee][Ss] | '') - echo 'Firewall logging=YES' - sysctl net.inet.ip.fw.verbose=1 >/dev/null - ;; - *) - ;; - esac - - ;; - esac - ;; - esac - - # Additional ATM interface configuration - # - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 - fi - - # Configure routing - # - case ${defaultrouter} in - [Nn][Oo] | '') - ;; - *) - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - ;; - esac - - # Set up any static routes. This should be done before router discovery. - # - if [ -n "${static_routes}" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done - fi - - echo -n 'Additional routing options:' - case ${tcp_extensions} in - [Yy][Ee][Ss] | '') - ;; - *) - echo -n ' tcp extensions=NO' - sysctl net.inet.tcp.rfc1323=0 >/dev/null - ;; - esac - - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) - echo -n ' broadcast ping responses=YES' - sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac - - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) - echo -n ' ignore ICMP redirect=YES' - sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac - - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) - echo -n ' log ICMP redirect=YES' - sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac - - case ${gateway_enable} in - [Yy][Ee][Ss]) - echo -n ' IP gateway=YES' - sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac - - case ${forward_sourceroute} in - [Yy][Ee][Ss]) - echo -n ' do source routing=YES' - sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac - - case ${accept_sourceroute} in - [Yy][Ee][Ss]) - echo -n ' accept source routing=YES' - sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac - - case ${tcp_keepalive} in - [Nn][Oo]) - echo -n ' TCP keepalive=NO' - sysctl net.inet.tcp.always_keepalive=0 >/dev/null - ;; - esac - - case ${tcp_drop_synfin} in - [Yy][Ee][Ss]) - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null - ;; - esac - - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) - echo -n ' IPX gateway=YES' - sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac - - case ${arpproxy_all} in - [Yy][Ee][Ss]) - echo -n ' ARP proxyall=YES' - sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac - - case ${ip_portrange_first} in - [Nn][Oo] | '') - ;; - *) - echo -n " ip_portrange_first=$ip_portrange_first" - sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null - ;; - esac - - case ${ip_portrange_last} in - [Nn][Oo] | '') - ;; - *) - echo -n " ip_portrange_last=$ip_portrange_last" - sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null - ;; - esac - - echo '.' - - case ${ipsec_enable} in - [Yy][Ee][Ss]) - if [ -f ${ipsec_file} ]; then - echo ' ipsec: enabled' - setkey -f ${ipsec_file} - else - echo ' ipsec: file not found' - fi - ;; - esac - - echo -n 'Routing daemons:' - case ${router_enable} in - [Yy][Ee][Ss]) - echo -n " ${router}"; ${router} ${router_flags} - ;; - esac - - case ${ipxrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - ;; - esac - - case ${mrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' mrouted'; mrouted ${mrouted_flags} - ;; - esac - - case ${rarpd_enable} in - [Yy][Ee][Ss]) - echo -n ' rarpd'; rarpd ${rarpd_flags} - ;; - esac - echo '.' - - # Let future generations know we made it. - # - network_pass1_done=YES -} - -network_pass2() { - echo -n 'Doing additional network setup:' - case ${named_enable} in - [Yy][Ee][Ss]) - echo -n ' named'; ${named_program:-named} ${named_flags} - ;; - esac - - case ${ntpdate_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpdate' - ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 - ;; - esac - - case ${xntpd_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} - ;; - esac - - case ${timed_enable} in - [Yy][Ee][Ss]) - echo -n ' timed'; timed ${timed_flags} - ;; - esac - - case ${portmap_enable} in - [Yy][Ee][Ss]) - echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ - ${portmap_flags} - - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - # - case ${nis_server_enable} in - [Yy][Ee][Ss]) - echo -n ' ypserv'; ypserv ${nis_server_flags} - - case ${nis_ypxfrd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypxfrd' - rpc.ypxfrd ${nis_ypxfrd_flags} - ;; - esac - - case ${nis_yppasswdd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.yppasswdd' - rpc.yppasswdd ${nis_yppasswdd_flags} - ;; - esac - ;; - esac - - # Start ypbind if we're an NIS client - # - case ${nis_client_enable} in - [Yy][Ee][Ss]) - echo -n ' ypbind'; ypbind ${nis_client_flags} - case ${nis_ypset_enable} in - [Yy][Ee][Ss]) - echo -n ' ypset'; ypset ${nis_ypset_flags} - ;; - esac - ;; - esac - - # Start keyserv if we are running Secure RPC - # - case ${keyserv_enable} in - [Yy][Ee][Ss]) - echo -n ' keyserv'; keyserv ${keyserv_flags} - ;; - esac - - # Start ypupdated if we are running Secure RPC - # and we are NIS master - # - case ${rpc_ypupdated_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypupdated'; rpc.ypupdated - ;; - esac - ;; - esac - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 - fi - - echo '.' - network_pass2_done=YES -} - -network_pass3() { - echo -n 'Starting final network daemons:' - - case ${portmap_enable} in - [Yy][Ee][Ss]) - case ${nfs_server_enable} in - [Yy][Ee][Ss]) - # Handle absent nfs server support - nfsserver_in_kernel=0 - if sysctl vfs.nfsrv >/dev/null 2>&1; then - nfsserver_in_kernel=1 - else - kldload nfsserver && nfsserver_in_kernel=1 - fi - - if [ -r /etc/exports -a \ - ${nfsserver_in_kernel} -eq 1 ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="${mountd_flags} -n" - ;; - esac - - mountd ${mountd_flags} - - case ${nfs_reserved_port_only} in - [Yy][Ee][Ss]) - echo -n ' NFS on reserved port only=YES' - sysctl vfs.nfsrv.nfs_privport=1 > /dev/null - ;; - esac - - echo -n ' nfsd'; nfsd ${nfs_server_flags} - - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - else - echo -n ' Warning: nfs server failed' - fi - ;; - *) - case ${single_mountd_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/exports ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="-n" - ;; - esac - - mountd ${mountd_flags} - fi - ;; - esac - ;; - esac - - case ${nfs_client_enable} in - [Yy][Ee][Ss]) - nfsclient_in_kernel=0 - # Handle absent nfs client support - if sysctl vfs.nfs >/dev/null 2>&1; then - nfsclient_in_kernel=1 - else - kldload nfsclient && nfsclient_in_kernel=1 - fi - - if [ ${nfsclient_in_kernel} -eq 1 ] - then - if [ -n "${nfs_access_cache}" ]; then - echo -n " NFS access cache time=${nfs_access_cache}" - sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null - fi - if [ -n "${nfs_bufpackets}" ]; then - sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null - fi - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - - case ${amd_enable} in - [Yy][Ee][Ss]) - echo -n ' amd' - case ${amd_map_program} in - [Nn][Oo] | '') - ;; - *) - amd_flags="${amd_flags} `eval\ - ${amd_map_program}`" - ;; - esac - - case "${amd_flags}" in - '') - if [ -r /etc/amd.conf ]; then - amd & - else - echo '' - echo 'Warning: amd will not load without arguments' - fi - ;; - *) - amd -p ${amd_flags} \ - >/var/run/amd.pid \ - 2>/dev/null & - ;; - esac - ;; - esac - else - echo 'Warning: NFS client kernel module failed to load' - nfs_client_enable=NO - fi - ;; - esac - - # If /var/db/mounttab exists, some nfs-server has not been - # successfully notified about a previous client shutdown. - # If there is no /var/db/mounttab, we do nothing. - if [ -f /var/db/mounttab ]; then - rpc.umntall -k - fi - - ;; - esac - - case ${rwhod_enable} in - [Yy][Ee][Ss]) - echo -n ' rwhod'; rwhod ${rwhod_flags} - ;; - esac - - # Kerberos servers run ONLY on the Kerberos server machine - case ${kerberos4_server_enable} in - [Yy][Ee][Ss]) - case ${kerberos_stash} in - [Yy][Ee][Ss]) - stash=-n - ;; - *) - stash= - ;; - esac - - echo -n ' kerberosIV' - ${kerberos4_server} ${stash} >> /var/log/kerberos.log & - - case ${kadmind4_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmindIV' - ( - sleep 20; - ${kadmind4_server} ${stash} >/dev/null 2>&1 & - ) & - ;; - esac - unset stash_flag - ;; - esac - - case ${kerberos5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kerberos5' - ${kerberos5_server} & - - case ${kadmind5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmind5' - ${kadmind5_server} & - ;; - esac - ;; - esac - - case ${pppoed_enable} in - [Yy][Ee][Ss]) - if [ -n "${pppoed_provider}" ]; then - pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" - fi - echo -n ' pppoed'; - _opts=$-; set -f - /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} - set +f; set -${_opts} - ;; - esac - - case ${sshd_enable} in - [Yy][Ee][Ss]) - if [ -x /usr/bin/ssh-keygen ]; then - if [ ! -f /etc/ssh/ssh_host_key ]; then - echo ' creating ssh1 RSA host key'; - /usr/bin/ssh-keygen -t rsa1 -N "" \ - -f /etc/ssh/ssh_host_key - fi - if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - echo ' creating ssh2 RSA host key'; - /usr/bin/ssh-keygen -t rsa -N "" \ - -f /etc/ssh/ssh_host_rsa_key - fi - if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then - echo ' creating ssh2 DSA host key'; - /usr/bin/ssh-keygen -t dsa -N "" \ - -f /etc/ssh/ssh_host_dsa_key - fi - fi - ;; - esac - - echo '.' - network_pass3_done=YES -} - -network_pass4() { - echo -n 'Additional TCP options:' - case ${log_in_vain} in - [Nn][Oo] | '') - log_in_vain=0 - ;; - [Yy][Ee][Ss]) - log_in_vain=1 - ;; - [0-9]*) - ;; - *) - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; - esac - - [ "${log_in_vain}" -ne 0 ] && ( - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null - ) - echo '.' - network_pass4_done=YES -} - -network_gif_setup() { - case ${gif_interfaces} in - [Nn][Oo] | '') - ;; - *) - for i in ${gif_interfaces}; do - eval peers=\$gifconfig_$i - case ${peers} in - '') - continue - ;; - *) - ifconfig $i create >/dev/null 2>&1 - ifconfig $i tunnel ${peers} - ;; - esac - done - ;; - esac -} - -convert_host_conf() { - host_conf=$1; shift; - nsswitch_conf=$1; shift; - awk ' \ - /^[:blank:]*#/ { next } \ - /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ - /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ - /nis/ { nsswitch[c] = "nis"; c++; next } \ - { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ - END { \ - printf "hosts: "; \ - for (i in nsswitch) printf "%s ", nsswitch[i]; \ - printf "\n"; \ - }' < $host_conf > $nsswitch_conf -} - -generate_host_conf() { - nsswitch_conf=$1; shift; - host_conf=$1; shift; - - awk ' -BEGIN { - xlat["files"] = "hosts"; - xlat["dns"] = "bind"; - xlat["nis"] = "nis"; - cont = 0; -} -sub(/^[\t ]*hosts:/, "") || cont { - if (!cont) - srcs = "" - sub(/#.*/, "") - gsub(/[][]/, " & ") - cont = sub(/\\$/, "") - srcs = srcs " " $0 -} -END { - print "# Auto-generated from nsswitch.conf, do not edit" - ns = split(srcs, s) - for (n = 1; n <= ns; ++n) { - if (s[n] in xlat) - print xlat[s[n]] - } -} -' <$nsswitch_conf >$host_conf -} +# PROVIDE: network3 +# REQUIRE: localdaemons +# KEYWORD: FreeBSD + +. /etc/rc.subr + +load_rc_config 'XXX' + +echo -n 'Additional TCP options:' +case ${log_in_vain} in +[Nn][Oo] | '') + log_in_vain=0 + ;; +[Yy][Ee][Ss]) + log_in_vain=1 + ;; +[0-9]*) + ;; +*) + echo " invalid log_in_vain setting: ${log_in_vain}" + log_in_vain=0 + ;; +esac + +[ "${log_in_vain}" -ne 0 ] && ( + echo -n " log_in_vain=${log_in_vain}" + sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null + sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null +) +echo '.' diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index febaf83..b2c3ddb 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -1,42 +1,71 @@ -#!/bin/sh - -# -# Copyright (c) 1993 The FreeBSD Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. +#!/bin/sh -x # # $FreeBSD$ -# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # -# Note that almost all of the user-configurable behavior is no longer in -# this file, but rather in /etc/defaults/rc.conf. Please check that file -# first before contemplating any changes here. If you do need to change -# this file for some reason, we would like to know about it. +# PROVIDE: network1 +# REQUIRE: atm1 ipfilter mountcritlocal pccard serial sppp sysctl tty +# KEYWORD: FreeBSD -# First pass startup stuff. -# -network_pass1() { - echo -n 'Doing initial network setup:' +. /etc/rc.subr + +name="network1" +start_cmd="network_start" +stop_cmd="network_stop" + +convert_host_conf() +{ + host_conf=$1; shift; + nsswitch_conf=$1; shift; + awk ' \ + /^[:blank:]*#/ { next } \ + /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ + /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ + /nis/ { nsswitch[c] = "nis"; c++; next } \ + { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ + END { \ + printf "hosts: "; \ + for (i in nsswitch) printf "%s ", nsswitch[i]; \ + printf "\n"; \ + }' < $host_conf > $nsswitch_conf +} + +generate_host_conf() +{ + nsswitch_conf=$1; shift; + host_conf=$1; shift; + + awk ' +BEGIN { + xlat["files"] = "hosts"; + xlat["dns"] = "bind"; + xlat["nis"] = "nis"; + cont = 0; +} +sub(/^[\t ]*hosts:/, "") || cont { + if (!cont) + srcs = "" + sub(/#.*/, "") + gsub(/[][]/, " & ") + cont = sub(/\\$/, "") + srcs = srcs " " $0 +} +END { + print "# Auto-generated from nsswitch.conf, do not edit" + ns = split(srcs, s) + for (n = 1; n <= ns; ++n) { + if (s[n] in xlat) + print xlat[s[n]] + } +} +' <$nsswitch_conf >$host_conf +} + +network_start() +{ + # set hostname, turn on network + # + echo -n "Doing initial network setup:" # Generate host.conf for compatibility # @@ -61,131 +90,18 @@ network_pass1() { echo -n ' hostname' fi - # Establish ipfilter ruleset as early as possible (best in - # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) - - # check whether ipfilter and/or ipnat is enabled - ipfilter_active="NO" - case ${ipfilter_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipnat_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipfilter_active} in - [Yy][Ee][Ss]) - # load ipfilter kernel module if needed - if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then - if kldload ipl; then - echo 'IP-filter module loaded.' - else - echo 'Warning: IP-filter module failed to load.' - # avoid further errors - ipfilter_active="NO" - ipmon_enable="NO" - ipfilter_enable="NO" - ipnat_enable="NO" - ipfs_enable="NO" - fi - fi - # start ipmon before loading any rules - case "${ipmon_enable}" in - [Yy][Ee][Ss]) - echo -n ' ipmon' - ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} - ;; - esac - case "${ipfilter_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipfilter_rules}" ]; then - echo -n ' ipfilter' - ${ipfilter_program:-/sbin/ipf} -Fa -f \ - "${ipfilter_rules}" ${ipfilter_flags} - else - ipfilter_enable="NO" - echo -n ' NO IPF RULES' - fi - ;; - esac - case "${ipnat_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipnat_rules}" ]; then - echo -n ' ipnat' - eval ${ipnat_program:-/sbin/ipnat} -CF -f \ - "${ipnat_rules}" ${ipnat_flags} - else - ipnat_enable="NO" - echo -n ' NO IPNAT RULES' - fi - ;; - esac - # restore filter/NAT state tables after loading the rules - case "${ipfs_enable}" in - [Yy][Ee][Ss]) - if [ -r "/var/db/ipf/ipstate.ipf" ]; then - echo -n ' ipfs' - ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} - # remove files to avoid reloading old state - # after an ungraceful shutdown - rm -f /var/db/ipf/ipstate.ipf - rm -f /var/db/ipf/ipnat.ipf - fi - ;; - esac - ;; - esac - # Set the domainname if we're using NIS # - case ${nisdomainname} in - [Nn][Oo] | '') - ;; - *) + if checkyesno nisdomainname ; then domainname ${nisdomainname} echo -n ' domain' - ;; - esac - - echo '.' - - # Initial ATM interface configuration - # - case ${atm_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - ;; - esac + fi # Attempt to create cloned interfaces. for ifn in ${cloned_interfaces}; do ifconfig ${ifn} create done - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - # - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ]; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # gifconfig - network_gif_setup - # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in @@ -224,8 +140,7 @@ network_pass1() { done if [ ! -z "${dhcp_interfaces}" ]; then - ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} - fi + ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added @@ -251,6 +166,7 @@ network_pass1() { fi done + # catch-all for interfaces that haven't been 'ifconfig'ed so far for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then @@ -258,712 +174,165 @@ network_pass1() { fi done - # ISDN subsystem startup - # - case ${isdn_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - ;; - esac + - # Start user ppp if required. This must happen before natd. + # Check $defaultroute, then /etc/mygate, for the name of my gateway + # host. That name must be in /etc/hosts. # - case ${ppp_enable} in - [Yy][Ee][Ss]) - # Establish ppp mode. - # - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto" - fi - - ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" - - # Switch on NAT mode? - # - case ${ppp_nat} in - [Yy][Ee][Ss]) - ppp_command="${ppp_command} -nat" - ;; - esac - - ppp_command="${ppp_command} ${ppp_profile}" - - echo "Starting ppp as \"${ppp_user}\"" - su -m ${ppp_user} -c "exec ${ppp_command}" - ;; - esac + if [ -z "$defaultroute" ] && [ -f /etc/mygate ]; then + defaultroute=`cat /etc/mygate` + fi + if [ -n "$defaultroute" ]; then + route add default $defaultroute + fi - # Re-Sync ipfilter so it picks up any new network interfaces + # Check if each configured interface xxN has an $ifaliases_xxN variable + # associated, then configure additional IP addresses for that interface. + # The variable contains a list of "address netmask" pairs, with + # "netmask" set to "-" if the interface default netmask is to be used. # - case ${ipfilter_active} in - [Yy][Ee][Ss]) - ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null - ;; - esac - unset ipfilter_active - - # Initialize IP filtering using ipfw + # Note that $ifaliases_xxN works only with certain configurations and + # considered not recommended. Use /etc/ifconfig.xxN if possible. + # # - if /sbin/ipfw -q flush > /dev/null 2>&1; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 + if [ -n "$configured_interfaces" ]; then + echo "Adding interface aliases:" + done_aliases_message=yes fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then - firewall_in_kernel=1 - echo 'Kernel firewall module loaded' - elif [ "${firewall_in_kernel}" -eq 0 ]; then - echo 'Warning: firewall kernel module failed to load' + for int in $configured_interfaces; do + eval args=\$ifaliases_$int + if [ -n "$args" ]; then + set -- $args + while [ $# -ge 2 ]; do + addr=$1 ; net=$2 ; shift 2 + if [ "$net" = "-" ]; then + # for compatibility only, obsolete + ifconfig $int inet alias $addr + else + ifconfig $int inet alias $addr \ + netmask $net + fi + # Use loopback, not the wire + route add $addr 127.0.0.1 + done fi - ;; - esac + done - # Load the filters if required + # /etc/ifaliases, if it exists, contains the names of additional IP + # addresses for each interface. It is formatted as a series of lines + # that contain + # address interface netmask # - case ${firewall_in_kernel} in - 1) - if [ -z "${firewall_script}" ]; then - firewall_script=/etc/rc.firewall + # Note that /etc/ifaliases works only with certain cases only and its + # use is not recommended. Use /etc/ifconfig.xxN instead. + # + # + if [ -f /etc/ifaliases ]; then + if [ "$done_aliases_message" != yes ]; then + echo "Adding interface aliases:" fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ -r "${firewall_script}" ]; then - . "${firewall_script}" - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - # - case ${natd_enable} in - [Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then - natd_flags="$natd_flags -a ${natd_interface}" - else - natd_flags="$natd_flags -n ${natd_interface}" - fi - fi - echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} - ;; - esac - - echo '.' - - elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then - echo 'Warning: kernel has firewall functionality,' \ - 'but firewall rules are not enabled.' - echo ' All ip services are disabled.' + while read addr int net; do + if [ -z "$net" ]; then + # for compatibility only, obsolete + ifconfig $int inet alias $addr + else + ifconfig $int inet alias $addr netmask $net fi - - case ${firewall_logging} in - [Yy][Ee][Ss] | '') - echo 'Firewall logging=YES' - sysctl net.inet.ip.fw.verbose=1 >/dev/null - ;; - *) - ;; - esac - - ;; - esac - ;; - esac - - # Additional ATM interface configuration - # - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 + # use loopback, not the wire + route add $addr 127.0.0.1 + done < /etc/ifaliases fi - # Configure routing - # - case ${defaultrouter} in - [Nn][Oo] | '') - ;; - *) - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - ;; - esac - - # Set up any static routes. This should be done before router discovery. + # IPv6 interface autoconfiguration. # - if [ -n "${static_routes}" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done - fi - - echo -n 'Additional routing options:' - case ${tcp_extensions} in - [Yy][Ee][Ss] | '') - ;; - *) - echo -n ' tcp extensions=NO' - sysctl net.inet.tcp.rfc1323=0 >/dev/null - ;; - esac - - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) - echo -n ' broadcast ping responses=YES' - sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac - - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) - echo -n ' ignore ICMP redirect=YES' - sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac - - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) - echo -n ' log ICMP redirect=YES' - sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac - - case ${gateway_enable} in - [Yy][Ee][Ss]) - echo -n ' IP gateway=YES' - sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac - - case ${forward_sourceroute} in - [Yy][Ee][Ss]) - echo -n ' do source routing=YES' - sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac - - case ${accept_sourceroute} in - [Yy][Ee][Ss]) - echo -n ' accept source routing=YES' - sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac - - case ${tcp_keepalive} in - [Nn][Oo]) - echo -n ' TCP keepalive=NO' - sysctl net.inet.tcp.always_keepalive=0 >/dev/null - ;; - esac - - case ${tcp_drop_synfin} in - [Yy][Ee][Ss]) - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null - ;; - esac - - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) - echo -n ' IPX gateway=YES' - sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac - - case ${arpproxy_all} in - [Yy][Ee][Ss]) - echo -n ' ARP proxyall=YES' - sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac - - case ${ip_portrange_first} in - [Nn][Oo] | '') - ;; - *) - echo -n " ip_portrange_first=$ip_portrange_first" - sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null - ;; - esac - - case ${ip_portrange_last} in - [Nn][Oo] | '') - ;; - *) - echo -n " ip_portrange_last=$ip_portrange_last" - sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null - ;; - esac - - echo '.' + if ifconfig lo0 inet6 >/dev/null 2>&1; then + # wait till DAD is completed. always invoke it in case + # if are configured manually by ifconfig + # + dadcount=`sysctl -n net.inet6.ip6.dad_count 2>/dev/null` + sleep $dadcount + sleep 1 + + if checkyesno rtsol; then + if [ "$ip6mode" = "autohost" ]; then + echo 'Sending router solicitation...' + rtsol $rtsol_flags + else + echo + warn \ + "ip6mode must be set to 'autohost' to use rtsol." + fi - case ${ipsec_enable} in - [Yy][Ee][Ss]) - if [ -f ${ipsec_file} ]; then - echo ' ipsec: enabled' - setkey -f ${ipsec_file} - else - echo ' ipsec: file not found' + # wait till DAD is completed, for global addresses + # configured by router advert message. + # + sleep $dadcount + sleep 1 fi - ;; - esac - - echo -n 'Routing daemons:' - case ${router_enable} in - [Yy][Ee][Ss]) - echo -n " ${router}"; ${router} ${router_flags} - ;; - esac - - case ${ipxrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - ;; - esac - - case ${mrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' mrouted'; mrouted ${mrouted_flags} - ;; - esac + fi - case ${rarpd_enable} in - [Yy][Ee][Ss]) - echo -n ' rarpd'; rarpd ${rarpd_flags} - ;; - esac + # XXX this must die + if [ -s /etc/netstart.local ]; then + sh /etc/netstart.local start + fi + fi echo '.' - # Let future generations know we made it. - # - network_pass1_done=YES + # Resync ipfilter + /etc/rc.d/ipfilter resync } -network_pass2() { - echo -n 'Doing additional network setup:' - case ${named_enable} in - [Yy][Ee][Ss]) - echo -n ' named'; ${named_program:-named} ${named_flags} - ;; - esac - - case ${ntpdate_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpdate' - ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 - ;; - esac - - case ${xntpd_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} - ;; - esac - - case ${timed_enable} in - [Yy][Ee][Ss]) - echo -n ' timed'; timed ${timed_flags} - ;; - esac - - case ${portmap_enable} in - [Yy][Ee][Ss]) - echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ - ${portmap_flags} +network_stop() +{ + echo "Stopping network." - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - # - case ${nis_server_enable} in - [Yy][Ee][Ss]) - echo -n ' ypserv'; ypserv ${nis_server_flags} - - case ${nis_ypxfrd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypxfrd' - rpc.ypxfrd ${nis_ypxfrd_flags} - ;; - esac - - case ${nis_yppasswdd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.yppasswdd' - rpc.yppasswdd ${nis_yppasswdd_flags} - ;; - esac - ;; - esac - - # Start ypbind if we're an NIS client - # - case ${nis_client_enable} in - [Yy][Ee][Ss]) - echo -n ' ypbind'; ypbind ${nis_client_flags} - case ${nis_ypset_enable} in - [Yy][Ee][Ss]) - echo -n ' ypset'; ypset ${nis_ypset_flags} - ;; - esac - ;; - esac - - # Start keyserv if we are running Secure RPC - # - case ${keyserv_enable} in - [Yy][Ee][Ss]) - echo -n ' keyserv'; keyserv ${keyserv_flags} - ;; - esac - - # Start ypupdated if we are running Secure RPC - # and we are NIS master - # - case ${rpc_ypupdated_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypupdated'; rpc.ypupdated - ;; - esac - ;; - esac - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 + # XXX this must die + if [ -s /etc/netstart.local ]; then + sh /etc/netstart.local stop fi - echo '.' - network_pass2_done=YES -} - -network_pass3() { - echo -n 'Starting final network daemons:' - - case ${portmap_enable} in - [Yy][Ee][Ss]) - case ${nfs_server_enable} in - [Yy][Ee][Ss]) - # Handle absent nfs server support - nfsserver_in_kernel=0 - if sysctl vfs.nfsrv >/dev/null 2>&1; then - nfsserver_in_kernel=1 - else - kldload nfsserver && nfsserver_in_kernel=1 - fi - - if [ -r /etc/exports -a \ - ${nfsserver_in_kernel} -eq 1 ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="${mountd_flags} -n" - ;; - esac - - mountd ${mountd_flags} - - case ${nfs_reserved_port_only} in - [Yy][Ee][Ss]) - echo -n ' NFS on reserved port only=YES' - sysctl vfs.nfsrv.nfs_privport=1 > /dev/null - ;; - esac - - echo -n ' nfsd'; nfsd ${nfs_server_flags} - - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - else - echo -n ' Warning: nfs server failed' - fi - ;; - *) - case ${single_mountd_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/exports ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="-n" - ;; - esac - - mountd ${mountd_flags} - fi - ;; - esac - ;; - esac - - case ${nfs_client_enable} in - [Yy][Ee][Ss]) - nfsclient_in_kernel=0 - # Handle absent nfs client support - if sysctl vfs.nfs >/dev/null 2>&1; then - nfsclient_in_kernel=1 - else - kldload nfsclient && nfsclient_in_kernel=1 - fi - - if [ ${nfsclient_in_kernel} -eq 1 ] - then - if [ -n "${nfs_access_cache}" ]; then - echo -n " NFS access cache time=${nfs_access_cache}" - sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null - fi - if [ -n "${nfs_bufpackets}" ]; then - sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null - fi - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - - case ${amd_enable} in - [Yy][Ee][Ss]) - echo -n ' amd' - case ${amd_map_program} in - [Nn][Oo] | '') - ;; - *) - amd_flags="${amd_flags} `eval\ - ${amd_map_program}`" - ;; - esac - - case "${amd_flags}" in - '') - if [ -r /etc/amd.conf ]; then - amd & - else - echo '' - echo 'Warning: amd will not load without arguments' - fi - ;; - *) - amd -p ${amd_flags} \ - >/var/run/amd.pid \ - 2>/dev/null & - ;; - esac - ;; - esac - else - echo 'Warning: NFS client kernel module failed to load' - nfs_client_enable=NO - fi - ;; - esac + echo "Deleting aliases." + if [ -f /etc/ifaliases ]; then + while read addr int net; do + ifconfig $int inet delete $addr + done < /etc/ifaliases + fi - # If /var/db/mounttab exists, some nfs-server has not been - # successfully notified about a previous client shutdown. - # If there is no /var/db/mounttab, we do nothing. - if [ -f /var/db/mounttab ]; then - rpc.umntall -k + for int in `ifconfig -lu`; do + eval args=\$ifaliases_$int + if [ -n "$args" ]; then + set -- $args + while [ $# -ge 2 ]; do + addr=$1 ; net=$2 ; shift 2 + ifconfig $int inet delete $addr + done fi + done - ;; - esac - - case ${rwhod_enable} in - [Yy][Ee][Ss]) - echo -n ' rwhod'; rwhod ${rwhod_flags} - ;; - esac - - # Kerberos servers run ONLY on the Kerberos server machine - case ${kerberos4_server_enable} in - [Yy][Ee][Ss]) - case ${kerberos_stash} in - [Yy][Ee][Ss]) - stash=-n - ;; - *) - stash= - ;; - esac - - echo -n ' kerberosIV' - ${kerberos4_server} ${stash} >> /var/log/kerberos.log & - - case ${kadmind4_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmindIV' - ( - sleep 20; - ${kadmind4_server} ${stash} >/dev/null 2>&1 & - ) & - ;; - esac - unset stash_flag - ;; - esac - - case ${kerberos5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kerberos5' - ${kerberos5_server} & - - case ${kadmind5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmind5' - ${kadmind5_server} & - ;; - esac - ;; - esac - - case ${pppoed_enable} in - [Yy][Ee][Ss]) - if [ -n "${pppoed_provider}" ]; then - pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" + # down interfaces + # + echo -n 'Downing network interfaces:' + if [ "$net_interfaces" != NO ]; then + if checkyesno auto_ifconfig; then + tmp=`ifconfig -l` + else + tmp="$net_interfaces" fi - echo -n ' pppoed'; - _opts=$-; set -f - /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} - set +f; set -${_opts} - ;; - esac - - case ${sshd_enable} in - [Yy][Ee][Ss]) - if [ -x /usr/bin/ssh-keygen ]; then - if [ ! -f /etc/ssh/ssh_host_key ]; then - echo ' creating ssh1 RSA host key'; - /usr/bin/ssh-keygen -t rsa1 -N "" \ - -f /etc/ssh/ssh_host_key + for int in $tmp; do + eval args=\$ifconfig_$int + if [ -n "$args" ] || [ -f /etc/ifconfig.$int ]; then + echo -n " $int" + ifconfig $int down fi - if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - echo ' creating ssh2 RSA host key'; - /usr/bin/ssh-keygen -t rsa -N "" \ - -f /etc/ssh/ssh_host_rsa_key - fi - if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then - echo ' creating ssh2 DSA host key'; - /usr/bin/ssh-keygen -t dsa -N "" \ - -f /etc/ssh/ssh_host_dsa_key - fi - fi - ;; - esac - - echo '.' - network_pass3_done=YES -} - -network_pass4() { - echo -n 'Additional TCP options:' - case ${log_in_vain} in - [Nn][Oo] | '') - log_in_vain=0 - ;; - [Yy][Ee][Ss]) - log_in_vain=1 - ;; - [0-9]*) - ;; - *) - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; - esac - - [ "${log_in_vain}" -ne 0 ] && ( - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null - ) - echo '.' - network_pass4_done=YES -} - -network_gif_setup() { - case ${gif_interfaces} in - [Nn][Oo] | '') - ;; - *) - for i in ${gif_interfaces}; do - eval peers=\$gifconfig_$i - case ${peers} in - '') - continue - ;; - *) - ifconfig $i create >/dev/null 2>&1 - ifconfig $i tunnel ${peers} - ;; - esac done - ;; - esac -} + echo "." + fi -convert_host_conf() { - host_conf=$1; shift; - nsswitch_conf=$1; shift; - awk ' \ - /^[:blank:]*#/ { next } \ - /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ - /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ - /nis/ { nsswitch[c] = "nis"; c++; next } \ - { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ - END { \ - printf "hosts: "; \ - for (i in nsswitch) printf "%s ", nsswitch[i]; \ - printf "\n"; \ - }' < $host_conf > $nsswitch_conf -} + # flush routes + # + route -n flush -generate_host_conf() { - nsswitch_conf=$1; shift; - host_conf=$1; shift; - - awk ' -BEGIN { - xlat["files"] = "hosts"; - xlat["dns"] = "bind"; - xlat["nis"] = "nis"; - cont = 0; -} -sub(/^[\t ]*hosts:/, "") || cont { - if (!cont) - srcs = "" - sub(/#.*/, "") - gsub(/[][]/, " & ") - cont = sub(/\\$/, "") - srcs = srcs " " $0 -} -END { - print "# Auto-generated from nsswitch.conf, do not edit" - ns = split(srcs, s) - for (n = 1; n <= ns; ++n) { - if (s[n] in xlat) - print xlat[s[n]] - } -} -' <$nsswitch_conf >$host_conf } + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index febaf83..abeea16 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -1,390 +1,22 @@ -#!/bin/sh - +#!/bin/sh # -# Copyright (c) 1993 The FreeBSD Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. +# Configure routing and miscellaneous network tunables # # $FreeBSD$ -# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # -# Note that almost all of the user-configurable behavior is no longer in -# this file, but rather in /etc/defaults/rc.conf. Please check that file -# first before contemplating any changes here. If you do need to change -# this file for some reason, we would like to know about it. - -# First pass startup stuff. -# -network_pass1() { - echo -n 'Doing initial network setup:' - - # Generate host.conf for compatibility - # - if [ -f "/etc/nsswitch.conf" ]; then - echo -n ' host.conf' - generate_host_conf /etc/nsswitch.conf /etc/host.conf - fi - - # Convert host.conf to nsswitch.conf if necessary - # - if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then - echo '' - echo 'Warning: /etc/host.conf is no longer used' - echo ' /etc/nsswitch.conf will be created for you' - convert_host_conf /etc/host.conf /etc/nsswitch.conf - fi - - # Set the host name if it is not already set - # - if [ -z "`hostname -s`" ]; then - hostname ${hostname} - echo -n ' hostname' - fi - - # Establish ipfilter ruleset as early as possible (best in - # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) - - # check whether ipfilter and/or ipnat is enabled - ipfilter_active="NO" - case ${ipfilter_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipnat_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipfilter_active} in - [Yy][Ee][Ss]) - # load ipfilter kernel module if needed - if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then - if kldload ipl; then - echo 'IP-filter module loaded.' - else - echo 'Warning: IP-filter module failed to load.' - # avoid further errors - ipfilter_active="NO" - ipmon_enable="NO" - ipfilter_enable="NO" - ipnat_enable="NO" - ipfs_enable="NO" - fi - fi - # start ipmon before loading any rules - case "${ipmon_enable}" in - [Yy][Ee][Ss]) - echo -n ' ipmon' - ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} - ;; - esac - case "${ipfilter_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipfilter_rules}" ]; then - echo -n ' ipfilter' - ${ipfilter_program:-/sbin/ipf} -Fa -f \ - "${ipfilter_rules}" ${ipfilter_flags} - else - ipfilter_enable="NO" - echo -n ' NO IPF RULES' - fi - ;; - esac - case "${ipnat_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipnat_rules}" ]; then - echo -n ' ipnat' - eval ${ipnat_program:-/sbin/ipnat} -CF -f \ - "${ipnat_rules}" ${ipnat_flags} - else - ipnat_enable="NO" - echo -n ' NO IPNAT RULES' - fi - ;; - esac - # restore filter/NAT state tables after loading the rules - case "${ipfs_enable}" in - [Yy][Ee][Ss]) - if [ -r "/var/db/ipf/ipstate.ipf" ]; then - echo -n ' ipfs' - ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} - # remove files to avoid reloading old state - # after an ungraceful shutdown - rm -f /var/db/ipf/ipstate.ipf - rm -f /var/db/ipf/ipnat.ipf - fi - ;; - esac - ;; - esac - - # Set the domainname if we're using NIS - # - case ${nisdomainname} in - [Nn][Oo] | '') - ;; - *) - domainname ${nisdomainname} - echo -n ' domain' - ;; - esac - - echo '.' - - # Initial ATM interface configuration - # - case ${atm_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - ;; - esac - - # Attempt to create cloned interfaces. - for ifn in ${cloned_interfaces}; do - ifconfig ${ifn} create - done - - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - # - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ]; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # gifconfig - network_gif_setup +# PROVIDE: network2 +# REQUIRE: network1 ppp-user +# KEYWORD: FreeBSD - # Set up all the network interfaces, calling startup scripts if needed - # - case ${network_interfaces} in - [Aa][Uu][Tt][Oo]) - network_interfaces="`ifconfig -l`" - ;; - *) - network_interfaces="${network_interfaces} ${cloned_interfaces}" - ;; - esac - - dhcp_interfaces="" - for ifn in ${network_interfaces}; do - if [ -r /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - eval showstat_$ifn=1 - fi - - # Do the primary ifconfig if specified - # - eval ifconfig_args=\$ifconfig_${ifn} +. /etc/rc.subr - case ${ifconfig_args} in - '') - ;; - [Dd][Hh][Cc][Pp]) - # DHCP inits are done all in one go below - dhcp_interfaces="$dhcp_interfaces $ifn" - eval showstat_$ifn=1 - ;; - *) - ifconfig ${ifn} ${ifconfig_args} - eval showstat_$ifn=1 - ;; - esac - done +name="network2" +start_cmd="network2_start" +stop_cmd=":" - if [ ! -z "${dhcp_interfaces}" ]; then - ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} - fi - - for ifn in ${network_interfaces}; do - # Check to see if aliases need to be added - # - alias=0 - while : ; do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - eval showstat_$ifn=1 - alias=$((${alias} + 1)) - else - break; - fi - done - - # Do ipx address if specified - # - eval ifconfig_args=\$ifconfig_${ifn}_ipx - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} - eval showstat_$ifn=1 - fi - done - - for ifn in ${network_interfaces}; do - eval showstat=\$showstat_${ifn} - if [ ! -z ${showstat} ]; then - ifconfig ${ifn} - fi - done - - # ISDN subsystem startup - # - case ${isdn_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - ;; - esac - - # Start user ppp if required. This must happen before natd. - # - case ${ppp_enable} in - [Yy][Ee][Ss]) - # Establish ppp mode. - # - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto" - fi - - ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" - - # Switch on NAT mode? - # - case ${ppp_nat} in - [Yy][Ee][Ss]) - ppp_command="${ppp_command} -nat" - ;; - esac - - ppp_command="${ppp_command} ${ppp_profile}" - - echo "Starting ppp as \"${ppp_user}\"" - su -m ${ppp_user} -c "exec ${ppp_command}" - ;; - esac - - # Re-Sync ipfilter so it picks up any new network interfaces - # - case ${ipfilter_active} in - [Yy][Ee][Ss]) - ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null - ;; - esac - unset ipfilter_active - - # Initialize IP filtering using ipfw - # - if /sbin/ipfw -q flush > /dev/null 2>&1; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 - fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then - firewall_in_kernel=1 - echo 'Kernel firewall module loaded' - elif [ "${firewall_in_kernel}" -eq 0 ]; then - echo 'Warning: firewall kernel module failed to load' - fi - ;; - esac - - # Load the filters if required - # - case ${firewall_in_kernel} in - 1) - if [ -z "${firewall_script}" ]; then - firewall_script=/etc/rc.firewall - fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ -r "${firewall_script}" ]; then - . "${firewall_script}" - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - # - case ${natd_enable} in - [Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then - natd_flags="$natd_flags -a ${natd_interface}" - else - natd_flags="$natd_flags -n ${natd_interface}" - fi - fi - echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} - ;; - esac - - echo '.' - - elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then - echo 'Warning: kernel has firewall functionality,' \ - 'but firewall rules are not enabled.' - echo ' All ip services are disabled.' - fi - - case ${firewall_logging} in - [Yy][Ee][Ss] | '') - echo 'Firewall logging=YES' - sysctl net.inet.ip.fw.verbose=1 >/dev/null - ;; - *) - ;; - esac - - ;; - esac - ;; - esac - - # Additional ATM interface configuration - # - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 - fi - - # Configure routing - # +network2_start() +{ case ${defaultrouter} in [Nn][Oo] | '') ;; @@ -394,7 +26,7 @@ network_pass1() { ;; esac - # Set up any static routes. This should be done before router discovery. + # Setup static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do @@ -502,468 +134,7 @@ network_pass1() { esac echo '.' - - case ${ipsec_enable} in - [Yy][Ee][Ss]) - if [ -f ${ipsec_file} ]; then - echo ' ipsec: enabled' - setkey -f ${ipsec_file} - else - echo ' ipsec: file not found' - fi - ;; - esac - - echo -n 'Routing daemons:' - case ${router_enable} in - [Yy][Ee][Ss]) - echo -n " ${router}"; ${router} ${router_flags} - ;; - esac - - case ${ipxrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - ;; - esac - - case ${mrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' mrouted'; mrouted ${mrouted_flags} - ;; - esac - - case ${rarpd_enable} in - [Yy][Ee][Ss]) - echo -n ' rarpd'; rarpd ${rarpd_flags} - ;; - esac - echo '.' - - # Let future generations know we made it. - # - network_pass1_done=YES -} - -network_pass2() { - echo -n 'Doing additional network setup:' - case ${named_enable} in - [Yy][Ee][Ss]) - echo -n ' named'; ${named_program:-named} ${named_flags} - ;; - esac - - case ${ntpdate_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpdate' - ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 - ;; - esac - - case ${xntpd_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} - ;; - esac - - case ${timed_enable} in - [Yy][Ee][Ss]) - echo -n ' timed'; timed ${timed_flags} - ;; - esac - - case ${portmap_enable} in - [Yy][Ee][Ss]) - echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ - ${portmap_flags} - - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - # - case ${nis_server_enable} in - [Yy][Ee][Ss]) - echo -n ' ypserv'; ypserv ${nis_server_flags} - - case ${nis_ypxfrd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypxfrd' - rpc.ypxfrd ${nis_ypxfrd_flags} - ;; - esac - - case ${nis_yppasswdd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.yppasswdd' - rpc.yppasswdd ${nis_yppasswdd_flags} - ;; - esac - ;; - esac - - # Start ypbind if we're an NIS client - # - case ${nis_client_enable} in - [Yy][Ee][Ss]) - echo -n ' ypbind'; ypbind ${nis_client_flags} - case ${nis_ypset_enable} in - [Yy][Ee][Ss]) - echo -n ' ypset'; ypset ${nis_ypset_flags} - ;; - esac - ;; - esac - - # Start keyserv if we are running Secure RPC - # - case ${keyserv_enable} in - [Yy][Ee][Ss]) - echo -n ' keyserv'; keyserv ${keyserv_flags} - ;; - esac - - # Start ypupdated if we are running Secure RPC - # and we are NIS master - # - case ${rpc_ypupdated_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypupdated'; rpc.ypupdated - ;; - esac - ;; - esac - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 - fi - - echo '.' - network_pass2_done=YES } -network_pass3() { - echo -n 'Starting final network daemons:' - - case ${portmap_enable} in - [Yy][Ee][Ss]) - case ${nfs_server_enable} in - [Yy][Ee][Ss]) - # Handle absent nfs server support - nfsserver_in_kernel=0 - if sysctl vfs.nfsrv >/dev/null 2>&1; then - nfsserver_in_kernel=1 - else - kldload nfsserver && nfsserver_in_kernel=1 - fi - - if [ -r /etc/exports -a \ - ${nfsserver_in_kernel} -eq 1 ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="${mountd_flags} -n" - ;; - esac - - mountd ${mountd_flags} - - case ${nfs_reserved_port_only} in - [Yy][Ee][Ss]) - echo -n ' NFS on reserved port only=YES' - sysctl vfs.nfsrv.nfs_privport=1 > /dev/null - ;; - esac - - echo -n ' nfsd'; nfsd ${nfs_server_flags} - - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - else - echo -n ' Warning: nfs server failed' - fi - ;; - *) - case ${single_mountd_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/exports ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="-n" - ;; - esac - - mountd ${mountd_flags} - fi - ;; - esac - ;; - esac - - case ${nfs_client_enable} in - [Yy][Ee][Ss]) - nfsclient_in_kernel=0 - # Handle absent nfs client support - if sysctl vfs.nfs >/dev/null 2>&1; then - nfsclient_in_kernel=1 - else - kldload nfsclient && nfsclient_in_kernel=1 - fi - - if [ ${nfsclient_in_kernel} -eq 1 ] - then - if [ -n "${nfs_access_cache}" ]; then - echo -n " NFS access cache time=${nfs_access_cache}" - sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null - fi - if [ -n "${nfs_bufpackets}" ]; then - sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null - fi - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - - case ${amd_enable} in - [Yy][Ee][Ss]) - echo -n ' amd' - case ${amd_map_program} in - [Nn][Oo] | '') - ;; - *) - amd_flags="${amd_flags} `eval\ - ${amd_map_program}`" - ;; - esac - - case "${amd_flags}" in - '') - if [ -r /etc/amd.conf ]; then - amd & - else - echo '' - echo 'Warning: amd will not load without arguments' - fi - ;; - *) - amd -p ${amd_flags} \ - >/var/run/amd.pid \ - 2>/dev/null & - ;; - esac - ;; - esac - else - echo 'Warning: NFS client kernel module failed to load' - nfs_client_enable=NO - fi - ;; - esac - - # If /var/db/mounttab exists, some nfs-server has not been - # successfully notified about a previous client shutdown. - # If there is no /var/db/mounttab, we do nothing. - if [ -f /var/db/mounttab ]; then - rpc.umntall -k - fi - - ;; - esac - - case ${rwhod_enable} in - [Yy][Ee][Ss]) - echo -n ' rwhod'; rwhod ${rwhod_flags} - ;; - esac - - # Kerberos servers run ONLY on the Kerberos server machine - case ${kerberos4_server_enable} in - [Yy][Ee][Ss]) - case ${kerberos_stash} in - [Yy][Ee][Ss]) - stash=-n - ;; - *) - stash= - ;; - esac - - echo -n ' kerberosIV' - ${kerberos4_server} ${stash} >> /var/log/kerberos.log & - - case ${kadmind4_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmindIV' - ( - sleep 20; - ${kadmind4_server} ${stash} >/dev/null 2>&1 & - ) & - ;; - esac - unset stash_flag - ;; - esac - - case ${kerberos5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kerberos5' - ${kerberos5_server} & - - case ${kadmind5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmind5' - ${kadmind5_server} & - ;; - esac - ;; - esac - - case ${pppoed_enable} in - [Yy][Ee][Ss]) - if [ -n "${pppoed_provider}" ]; then - pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" - fi - echo -n ' pppoed'; - _opts=$-; set -f - /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} - set +f; set -${_opts} - ;; - esac - - case ${sshd_enable} in - [Yy][Ee][Ss]) - if [ -x /usr/bin/ssh-keygen ]; then - if [ ! -f /etc/ssh/ssh_host_key ]; then - echo ' creating ssh1 RSA host key'; - /usr/bin/ssh-keygen -t rsa1 -N "" \ - -f /etc/ssh/ssh_host_key - fi - if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - echo ' creating ssh2 RSA host key'; - /usr/bin/ssh-keygen -t rsa -N "" \ - -f /etc/ssh/ssh_host_rsa_key - fi - if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then - echo ' creating ssh2 DSA host key'; - /usr/bin/ssh-keygen -t dsa -N "" \ - -f /etc/ssh/ssh_host_dsa_key - fi - fi - ;; - esac - - echo '.' - network_pass3_done=YES -} - -network_pass4() { - echo -n 'Additional TCP options:' - case ${log_in_vain} in - [Nn][Oo] | '') - log_in_vain=0 - ;; - [Yy][Ee][Ss]) - log_in_vain=1 - ;; - [0-9]*) - ;; - *) - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; - esac - - [ "${log_in_vain}" -ne 0 ] && ( - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null - ) - echo '.' - network_pass4_done=YES -} - -network_gif_setup() { - case ${gif_interfaces} in - [Nn][Oo] | '') - ;; - *) - for i in ${gif_interfaces}; do - eval peers=\$gifconfig_$i - case ${peers} in - '') - continue - ;; - *) - ifconfig $i create >/dev/null 2>&1 - ifconfig $i tunnel ${peers} - ;; - esac - done - ;; - esac -} - -convert_host_conf() { - host_conf=$1; shift; - nsswitch_conf=$1; shift; - awk ' \ - /^[:blank:]*#/ { next } \ - /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ - /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ - /nis/ { nsswitch[c] = "nis"; c++; next } \ - { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ - END { \ - printf "hosts: "; \ - for (i in nsswitch) printf "%s ", nsswitch[i]; \ - printf "\n"; \ - }' < $host_conf > $nsswitch_conf -} - -generate_host_conf() { - nsswitch_conf=$1; shift; - host_conf=$1; shift; - - awk ' -BEGIN { - xlat["files"] = "hosts"; - xlat["dns"] = "bind"; - xlat["nis"] = "nis"; - cont = 0; -} -sub(/^[\t ]*hosts:/, "") || cont { - if (!cont) - srcs = "" - sub(/#.*/, "") - gsub(/[][]/, " & ") - cont = sub(/\\$/, "") - srcs = srcs " " $0 -} -END { - print "# Auto-generated from nsswitch.conf, do not edit" - ns = split(srcs, s) - for (n = 1; n <= ns; ++n) { - if (s[n] in xlat) - print xlat[s[n]] - } -} -' <$nsswitch_conf >$host_conf -} +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index febaf83..a79aa5f 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -1,969 +1,35 @@ -#!/bin/sh - -# -# Copyright (c) 1993 The FreeBSD Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. +#!/bin/sh # # $FreeBSD$ -# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # -# Note that almost all of the user-configurable behavior is no longer in -# this file, but rather in /etc/defaults/rc.conf. Please check that file -# first before contemplating any changes here. If you do need to change -# this file for some reason, we would like to know about it. - -# First pass startup stuff. -# -network_pass1() { - echo -n 'Doing initial network setup:' - - # Generate host.conf for compatibility - # - if [ -f "/etc/nsswitch.conf" ]; then - echo -n ' host.conf' - generate_host_conf /etc/nsswitch.conf /etc/host.conf - fi - - # Convert host.conf to nsswitch.conf if necessary - # - if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then - echo '' - echo 'Warning: /etc/host.conf is no longer used' - echo ' /etc/nsswitch.conf will be created for you' - convert_host_conf /etc/host.conf /etc/nsswitch.conf - fi - - # Set the host name if it is not already set - # - if [ -z "`hostname -s`" ]; then - hostname ${hostname} - echo -n ' hostname' - fi - - # Establish ipfilter ruleset as early as possible (best in - # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) - - # check whether ipfilter and/or ipnat is enabled - ipfilter_active="NO" - case ${ipfilter_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipnat_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipfilter_active} in - [Yy][Ee][Ss]) - # load ipfilter kernel module if needed - if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then - if kldload ipl; then - echo 'IP-filter module loaded.' - else - echo 'Warning: IP-filter module failed to load.' - # avoid further errors - ipfilter_active="NO" - ipmon_enable="NO" - ipfilter_enable="NO" - ipnat_enable="NO" - ipfs_enable="NO" - fi - fi - # start ipmon before loading any rules - case "${ipmon_enable}" in - [Yy][Ee][Ss]) - echo -n ' ipmon' - ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} - ;; - esac - case "${ipfilter_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipfilter_rules}" ]; then - echo -n ' ipfilter' - ${ipfilter_program:-/sbin/ipf} -Fa -f \ - "${ipfilter_rules}" ${ipfilter_flags} - else - ipfilter_enable="NO" - echo -n ' NO IPF RULES' - fi - ;; - esac - case "${ipnat_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipnat_rules}" ]; then - echo -n ' ipnat' - eval ${ipnat_program:-/sbin/ipnat} -CF -f \ - "${ipnat_rules}" ${ipnat_flags} - else - ipnat_enable="NO" - echo -n ' NO IPNAT RULES' - fi - ;; - esac - # restore filter/NAT state tables after loading the rules - case "${ipfs_enable}" in - [Yy][Ee][Ss]) - if [ -r "/var/db/ipf/ipstate.ipf" ]; then - echo -n ' ipfs' - ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} - # remove files to avoid reloading old state - # after an ungraceful shutdown - rm -f /var/db/ipf/ipstate.ipf - rm -f /var/db/ipf/ipnat.ipf - fi - ;; - esac - ;; - esac - - # Set the domainname if we're using NIS - # - case ${nisdomainname} in - [Nn][Oo] | '') - ;; - *) - domainname ${nisdomainname} - echo -n ' domain' - ;; - esac - - echo '.' - - # Initial ATM interface configuration - # - case ${atm_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - ;; - esac - - # Attempt to create cloned interfaces. - for ifn in ${cloned_interfaces}; do - ifconfig ${ifn} create - done - - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - # - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ]; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # gifconfig - network_gif_setup - - # Set up all the network interfaces, calling startup scripts if needed - # - case ${network_interfaces} in - [Aa][Uu][Tt][Oo]) - network_interfaces="`ifconfig -l`" - ;; - *) - network_interfaces="${network_interfaces} ${cloned_interfaces}" - ;; - esac - - dhcp_interfaces="" - for ifn in ${network_interfaces}; do - if [ -r /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - eval showstat_$ifn=1 - fi - - # Do the primary ifconfig if specified - # - eval ifconfig_args=\$ifconfig_${ifn} - - case ${ifconfig_args} in - '') - ;; - [Dd][Hh][Cc][Pp]) - # DHCP inits are done all in one go below - dhcp_interfaces="$dhcp_interfaces $ifn" - eval showstat_$ifn=1 - ;; - *) - ifconfig ${ifn} ${ifconfig_args} - eval showstat_$ifn=1 - ;; - esac - done - - if [ ! -z "${dhcp_interfaces}" ]; then - ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} - fi - - for ifn in ${network_interfaces}; do - # Check to see if aliases need to be added - # - alias=0 - while : ; do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - eval showstat_$ifn=1 - alias=$((${alias} + 1)) - else - break; - fi - done - - # Do ipx address if specified - # - eval ifconfig_args=\$ifconfig_${ifn}_ipx - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} - eval showstat_$ifn=1 - fi - done - - for ifn in ${network_interfaces}; do - eval showstat=\$showstat_${ifn} - if [ ! -z ${showstat} ]; then - ifconfig ${ifn} - fi - done - - # ISDN subsystem startup - # - case ${isdn_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - ;; - esac - - # Start user ppp if required. This must happen before natd. - # - case ${ppp_enable} in - [Yy][Ee][Ss]) - # Establish ppp mode. - # - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto" - fi - - ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" - - # Switch on NAT mode? - # - case ${ppp_nat} in - [Yy][Ee][Ss]) - ppp_command="${ppp_command} -nat" - ;; - esac - - ppp_command="${ppp_command} ${ppp_profile}" - - echo "Starting ppp as \"${ppp_user}\"" - su -m ${ppp_user} -c "exec ${ppp_command}" - ;; - esac - - # Re-Sync ipfilter so it picks up any new network interfaces - # - case ${ipfilter_active} in - [Yy][Ee][Ss]) - ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null - ;; - esac - unset ipfilter_active - - # Initialize IP filtering using ipfw - # - if /sbin/ipfw -q flush > /dev/null 2>&1; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 - fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then - firewall_in_kernel=1 - echo 'Kernel firewall module loaded' - elif [ "${firewall_in_kernel}" -eq 0 ]; then - echo 'Warning: firewall kernel module failed to load' - fi - ;; - esac - - # Load the filters if required - # - case ${firewall_in_kernel} in - 1) - if [ -z "${firewall_script}" ]; then - firewall_script=/etc/rc.firewall - fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ -r "${firewall_script}" ]; then - . "${firewall_script}" - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - # - case ${natd_enable} in - [Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then - natd_flags="$natd_flags -a ${natd_interface}" - else - natd_flags="$natd_flags -n ${natd_interface}" - fi - fi - echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} - ;; - esac - - echo '.' - - elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then - echo 'Warning: kernel has firewall functionality,' \ - 'but firewall rules are not enabled.' - echo ' All ip services are disabled.' - fi - - case ${firewall_logging} in - [Yy][Ee][Ss] | '') - echo 'Firewall logging=YES' - sysctl net.inet.ip.fw.verbose=1 >/dev/null - ;; - *) - ;; - esac - - ;; - esac - ;; - esac - - # Additional ATM interface configuration - # - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 - fi - - # Configure routing - # - case ${defaultrouter} in - [Nn][Oo] | '') - ;; - *) - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - ;; - esac - - # Set up any static routes. This should be done before router discovery. - # - if [ -n "${static_routes}" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done - fi - - echo -n 'Additional routing options:' - case ${tcp_extensions} in - [Yy][Ee][Ss] | '') - ;; - *) - echo -n ' tcp extensions=NO' - sysctl net.inet.tcp.rfc1323=0 >/dev/null - ;; - esac - - case ${icmp_bmcastecho} in - [Yy][Ee][Ss]) - echo -n ' broadcast ping responses=YES' - sysctl net.inet.icmp.bmcastecho=1 >/dev/null - ;; - esac - - case ${icmp_drop_redirect} in - [Yy][Ee][Ss]) - echo -n ' ignore ICMP redirect=YES' - sysctl net.inet.icmp.drop_redirect=1 >/dev/null - ;; - esac - - case ${icmp_log_redirect} in - [Yy][Ee][Ss]) - echo -n ' log ICMP redirect=YES' - sysctl net.inet.icmp.log_redirect=1 >/dev/null - ;; - esac - - case ${gateway_enable} in - [Yy][Ee][Ss]) - echo -n ' IP gateway=YES' - sysctl net.inet.ip.forwarding=1 >/dev/null - ;; - esac - - case ${forward_sourceroute} in - [Yy][Ee][Ss]) - echo -n ' do source routing=YES' - sysctl net.inet.ip.sourceroute=1 >/dev/null - ;; - esac - - case ${accept_sourceroute} in - [Yy][Ee][Ss]) - echo -n ' accept source routing=YES' - sysctl net.inet.ip.accept_sourceroute=1 >/dev/null - ;; - esac - - case ${tcp_keepalive} in - [Nn][Oo]) - echo -n ' TCP keepalive=NO' - sysctl net.inet.tcp.always_keepalive=0 >/dev/null - ;; - esac - - case ${tcp_drop_synfin} in - [Yy][Ee][Ss]) - echo -n ' drop SYN+FIN packets=YES' - sysctl net.inet.tcp.drop_synfin=1 >/dev/null - ;; - esac - - case ${ipxgateway_enable} in - [Yy][Ee][Ss]) - echo -n ' IPX gateway=YES' - sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null - ;; - esac - - case ${arpproxy_all} in - [Yy][Ee][Ss]) - echo -n ' ARP proxyall=YES' - sysctl net.link.ether.inet.proxyall=1 >/dev/null - ;; - esac - - case ${ip_portrange_first} in - [Nn][Oo] | '') - ;; - *) - echo -n " ip_portrange_first=$ip_portrange_first" - sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null - ;; - esac - - case ${ip_portrange_last} in - [Nn][Oo] | '') - ;; - *) - echo -n " ip_portrange_last=$ip_portrange_last" - sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null - ;; - esac - - echo '.' - - case ${ipsec_enable} in - [Yy][Ee][Ss]) - if [ -f ${ipsec_file} ]; then - echo ' ipsec: enabled' - setkey -f ${ipsec_file} - else - echo ' ipsec: file not found' - fi - ;; - esac - - echo -n 'Routing daemons:' - case ${router_enable} in - [Yy][Ee][Ss]) - echo -n " ${router}"; ${router} ${router_flags} - ;; - esac - - case ${ipxrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - ;; - esac - - case ${mrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' mrouted'; mrouted ${mrouted_flags} - ;; - esac - - case ${rarpd_enable} in - [Yy][Ee][Ss]) - echo -n ' rarpd'; rarpd ${rarpd_flags} - ;; - esac - echo '.' - - # Let future generations know we made it. - # - network_pass1_done=YES -} - -network_pass2() { - echo -n 'Doing additional network setup:' - case ${named_enable} in - [Yy][Ee][Ss]) - echo -n ' named'; ${named_program:-named} ${named_flags} - ;; - esac - - case ${ntpdate_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpdate' - ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 - ;; - esac - - case ${xntpd_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} - ;; - esac - - case ${timed_enable} in - [Yy][Ee][Ss]) - echo -n ' timed'; timed ${timed_flags} - ;; - esac - - case ${portmap_enable} in - [Yy][Ee][Ss]) - echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ - ${portmap_flags} - - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - # - case ${nis_server_enable} in - [Yy][Ee][Ss]) - echo -n ' ypserv'; ypserv ${nis_server_flags} - - case ${nis_ypxfrd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypxfrd' - rpc.ypxfrd ${nis_ypxfrd_flags} - ;; - esac - - case ${nis_yppasswdd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.yppasswdd' - rpc.yppasswdd ${nis_yppasswdd_flags} - ;; - esac - ;; - esac - - # Start ypbind if we're an NIS client - # - case ${nis_client_enable} in - [Yy][Ee][Ss]) - echo -n ' ypbind'; ypbind ${nis_client_flags} - case ${nis_ypset_enable} in - [Yy][Ee][Ss]) - echo -n ' ypset'; ypset ${nis_ypset_flags} - ;; - esac - ;; - esac - - # Start keyserv if we are running Secure RPC - # - case ${keyserv_enable} in - [Yy][Ee][Ss]) - echo -n ' keyserv'; keyserv ${keyserv_flags} - ;; - esac - - # Start ypupdated if we are running Secure RPC - # and we are NIS master - # - case ${rpc_ypupdated_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypupdated'; rpc.ypupdated - ;; - esac - ;; - esac - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 - fi - - echo '.' - network_pass2_done=YES -} - -network_pass3() { - echo -n 'Starting final network daemons:' - - case ${portmap_enable} in - [Yy][Ee][Ss]) - case ${nfs_server_enable} in - [Yy][Ee][Ss]) - # Handle absent nfs server support - nfsserver_in_kernel=0 - if sysctl vfs.nfsrv >/dev/null 2>&1; then - nfsserver_in_kernel=1 - else - kldload nfsserver && nfsserver_in_kernel=1 - fi - - if [ -r /etc/exports -a \ - ${nfsserver_in_kernel} -eq 1 ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="${mountd_flags} -n" - ;; - esac - - mountd ${mountd_flags} - - case ${nfs_reserved_port_only} in - [Yy][Ee][Ss]) - echo -n ' NFS on reserved port only=YES' - sysctl vfs.nfsrv.nfs_privport=1 > /dev/null - ;; - esac - - echo -n ' nfsd'; nfsd ${nfs_server_flags} - - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - else - echo -n ' Warning: nfs server failed' - fi - ;; - *) - case ${single_mountd_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/exports ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="-n" - ;; - esac - - mountd ${mountd_flags} - fi - ;; - esac - ;; - esac - - case ${nfs_client_enable} in - [Yy][Ee][Ss]) - nfsclient_in_kernel=0 - # Handle absent nfs client support - if sysctl vfs.nfs >/dev/null 2>&1; then - nfsclient_in_kernel=1 - else - kldload nfsclient && nfsclient_in_kernel=1 - fi - - if [ ${nfsclient_in_kernel} -eq 1 ] - then - if [ -n "${nfs_access_cache}" ]; then - echo -n " NFS access cache time=${nfs_access_cache}" - sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null - fi - if [ -n "${nfs_bufpackets}" ]; then - sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null - fi - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - - case ${amd_enable} in - [Yy][Ee][Ss]) - echo -n ' amd' - case ${amd_map_program} in - [Nn][Oo] | '') - ;; - *) - amd_flags="${amd_flags} `eval\ - ${amd_map_program}`" - ;; - esac - - case "${amd_flags}" in - '') - if [ -r /etc/amd.conf ]; then - amd & - else - echo '' - echo 'Warning: amd will not load without arguments' - fi - ;; - *) - amd -p ${amd_flags} \ - >/var/run/amd.pid \ - 2>/dev/null & - ;; - esac - ;; - esac - else - echo 'Warning: NFS client kernel module failed to load' - nfs_client_enable=NO - fi - ;; - esac - - # If /var/db/mounttab exists, some nfs-server has not been - # successfully notified about a previous client shutdown. - # If there is no /var/db/mounttab, we do nothing. - if [ -f /var/db/mounttab ]; then - rpc.umntall -k - fi - - ;; - esac - - case ${rwhod_enable} in - [Yy][Ee][Ss]) - echo -n ' rwhod'; rwhod ${rwhod_flags} - ;; - esac - - # Kerberos servers run ONLY on the Kerberos server machine - case ${kerberos4_server_enable} in - [Yy][Ee][Ss]) - case ${kerberos_stash} in - [Yy][Ee][Ss]) - stash=-n - ;; - *) - stash= - ;; - esac - - echo -n ' kerberosIV' - ${kerberos4_server} ${stash} >> /var/log/kerberos.log & - - case ${kadmind4_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmindIV' - ( - sleep 20; - ${kadmind4_server} ${stash} >/dev/null 2>&1 & - ) & - ;; - esac - unset stash_flag - ;; - esac - - case ${kerberos5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kerberos5' - ${kerberos5_server} & - - case ${kadmind5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmind5' - ${kadmind5_server} & - ;; - esac - ;; - esac - - case ${pppoed_enable} in - [Yy][Ee][Ss]) - if [ -n "${pppoed_provider}" ]; then - pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" - fi - echo -n ' pppoed'; - _opts=$-; set -f - /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} - set +f; set -${_opts} - ;; - esac - - case ${sshd_enable} in - [Yy][Ee][Ss]) - if [ -x /usr/bin/ssh-keygen ]; then - if [ ! -f /etc/ssh/ssh_host_key ]; then - echo ' creating ssh1 RSA host key'; - /usr/bin/ssh-keygen -t rsa1 -N "" \ - -f /etc/ssh/ssh_host_key - fi - if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - echo ' creating ssh2 RSA host key'; - /usr/bin/ssh-keygen -t rsa -N "" \ - -f /etc/ssh/ssh_host_rsa_key - fi - if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then - echo ' creating ssh2 DSA host key'; - /usr/bin/ssh-keygen -t dsa -N "" \ - -f /etc/ssh/ssh_host_dsa_key - fi - fi - ;; - esac - - echo '.' - network_pass3_done=YES -} - -network_pass4() { - echo -n 'Additional TCP options:' - case ${log_in_vain} in - [Nn][Oo] | '') - log_in_vain=0 - ;; - [Yy][Ee][Ss]) - log_in_vain=1 - ;; - [0-9]*) - ;; - *) - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; - esac - - [ "${log_in_vain}" -ne 0 ] && ( - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null - ) - echo '.' - network_pass4_done=YES -} - -network_gif_setup() { - case ${gif_interfaces} in - [Nn][Oo] | '') - ;; - *) - for i in ${gif_interfaces}; do - eval peers=\$gifconfig_$i - case ${peers} in - '') - continue - ;; - *) - ifconfig $i create >/dev/null 2>&1 - ifconfig $i tunnel ${peers} - ;; - esac - done - ;; - esac -} - -convert_host_conf() { - host_conf=$1; shift; - nsswitch_conf=$1; shift; - awk ' \ - /^[:blank:]*#/ { next } \ - /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ - /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ - /nis/ { nsswitch[c] = "nis"; c++; next } \ - { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ - END { \ - printf "hosts: "; \ - for (i in nsswitch) printf "%s ", nsswitch[i]; \ - printf "\n"; \ - }' < $host_conf > $nsswitch_conf -} - -generate_host_conf() { - nsswitch_conf=$1; shift; - host_conf=$1; shift; - - awk ' -BEGIN { - xlat["files"] = "hosts"; - xlat["dns"] = "bind"; - xlat["nis"] = "nis"; - cont = 0; -} -sub(/^[\t ]*hosts:/, "") || cont { - if (!cont) - srcs = "" - sub(/#.*/, "") - gsub(/[][]/, " & ") - cont = sub(/\\$/, "") - srcs = srcs " " $0 -} -END { - print "# Auto-generated from nsswitch.conf, do not edit" - ns = split(srcs, s) - for (n = 1; n <= ns; ++n) { - if (s[n] in xlat) - print xlat[s[n]] - } -} -' <$nsswitch_conf >$host_conf -} +# PROVIDE: network3 +# REQUIRE: localdaemons +# KEYWORD: FreeBSD + +. /etc/rc.subr + +load_rc_config 'XXX' + +echo -n 'Additional TCP options:' +case ${log_in_vain} in +[Nn][Oo] | '') + log_in_vain=0 + ;; +[Yy][Ee][Ss]) + log_in_vain=1 + ;; +[0-9]*) + ;; +*) + echo " invalid log_in_vain setting: ${log_in_vain}" + log_in_vain=0 + ;; +esac + +[ "${log_in_vain}" -ne 0 ] && ( + echo -n " log_in_vain=${log_in_vain}" + sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null + sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null +) +echo '.' diff --git a/etc/rc.d/network_ipv6 b/etc/rc.d/network_ipv6 index 3e9a7c3..31ed76d 100644 --- a/etc/rc.d/network_ipv6 +++ b/etc/rc.d/network_ipv6 @@ -1,4 +1,4 @@ -#! /bin/sh +#!/bin/sh # # Copyright (c) 2000 The KAME Project # All rights reserved. @@ -25,14 +25,20 @@ # SUCH DAMAGE. # # $FreeBSD$ +# From: src/etc/rc.network6,v 1.29 2002/04/06 15:15:43 # -# Note that almost all of the user-configurable behavior is not in this -# file, but rather in /etc/defaults/rc.conf. Please check that file -# first before contemplating any changes here. If you do need to change -# this file for some reason, we would like to know about it. +# PROVIDE: network_ipv6 +# REQUIRE: network2 +# KEYWORD: FreeBSD -hexdigit () { +name="network_ipv6" +rcvar=`set_rcvar ipv6` +start_cmd="network_ipv6_start" +#required_files="/etc/rc.network6" + +hexdigit() +{ if [ $1 -lt 10 ]; then echo $1 else @@ -47,7 +53,8 @@ hexdigit () { fi } -hexprint () { +hexprint() +{ val=$1 str='' @@ -63,232 +70,8 @@ hexprint () { echo ${str} } -# IPv6 startup - -network6_pass1() { - echo -n 'Doing IPv6 network setup:' - - # Initialize IP filtering using ip6fw - # - if /sbin/ip6fw -q flush > /dev/null 2>&1; then - ipv6_firewall_in_kernel=1 - else - ipv6_firewall_in_kernel=0 - fi - - case ${ipv6_firewall_enable} in - [Yy][Ee][Ss]) - if [ "${ipv6_firewall_in_kernel}" -eq 0 ] && kldload ip6fw; then - ipv6_firewall_in_kernel=1 - echo "Kernel IPv6 firewall module loaded." - elif [ "${ipv6_firewall_in_kernel}" -eq 0 ]; then - echo "Warning: IPv6 firewall kernel module failed to load." - fi - ;; - esac - - # Load the filters if required - # - case ${ipv6_firewall_in_kernel} in - 1) - if [ -z "${ipv6_firewall_script}" ]; then - ipv6_firewall_script=/etc/rc.firewall6 - fi - - case ${ipv6_firewall_enable} in - [Yy][Ee][Ss]) - if [ -r "${ipv6_firewall_script}" ]; then - . "${ipv6_firewall_script}" - echo -n 'IPv6 Firewall rules loaded.' - elif [ "`ip6fw l 65535`" = "65535 deny ipv6 from any to any" ]; then - echo -n "Warning: kernel has IPv6 firewall functionality, " - echo "but IPv6 firewall rules are not enabled." - echo " All ipv6 services are disabled." - fi - - case ${ipv6_firewall_logging} in - [Yy][Ee][Ss] | '') - echo 'IPv6 Firewall logging=YES' - sysctl net.inet6.ip6.fw.verbose=1 >/dev/null - ;; - *) - ;; - esac - - ;; - esac - ;; - esac - - case ${ipv6_network_interfaces} in - [Aa][Uu][Tt][Oo]) - # - # list of interfaces, and prefix for interfaces - # - ipv6_network_interfaces="`ifconfig -l`" - ;; - [Nn][Oo][Nn][Ee]) - ipv6_network_interfaces='' - ;; - esac - - # just to make sure - ifconfig lo0 up - - # disallow "internal" addresses to appear on the wire - route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject - route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject - - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - # act as a router - sysctl net.inet6.ip6.forwarding=1 - sysctl net.inet6.ip6.accept_rtadv=0 - - # wait for DAD - for i in $ipv6_network_interfaces; do - ifconfig $i up - done - sleep `sysctl -n net.inet6.ip6.dad_count` - sleep 1 - ;; - *) - # act as endhost - start with manual configuration - # Setup of net.inet6.ip6.accept_rtadv is done later by - # network6_interface_setup. - sysctl net.inet6.ip6.forwarding=0 - ;; - esac - - if [ -n "${ipv6_network_interfaces}" ]; then - # setting up interfaces - network6_interface_setup $ipv6_network_interfaces - - # wait for DAD's completion (for global addrs) - sleep `sysctl -n net.inet6.ip6.dad_count` - sleep 1 - fi - - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - # Filter out interfaces on which IPv6 addr init failed. - ipv6_working_interfaces="" - for i in ${ipv6_network_interfaces}; do - laddr=`network6_getladdr $i exclude_tentative` - case ${laddr} in - '') - ;; - *) - ipv6_working_interfaces="$i \ - ${ipv6_working_interfaces}" - ;; - esac - done - ipv6_network_interfaces=${ipv6_working_interfaces} - ;; - esac - - # 6to4 setup - network6_stf_setup - - # install the "default interface" to kernel, which will be used - # as the default route when there's no router. - network6_default_interface_setup - - # setup static routes - network6_static_routes_setup - - # setup faith - network6_faith_setup - - # ipv6_router - case ${ipv6_router_enable} in - [Yy][Ee][Ss]) - if [ -x ${ipv6_router} ]; then - echo -n " ${ipv6_router}" - ${ipv6_router} ${ipv6_router_flags} - fi - ;; - esac - - - case ${ipv6_gateway_enable} in - [Yy][Ee][Ss]) - # rtadvd - # This should enabled with a great care. - # You may want to fine-tune /etc/rtadvd.conf. - # - # And if you wish your rtadvd to receive and process - # router renumbering messages, specify your Router Renumbering - # security policy by -R option. - # - # See `man 3 ipsec_set_policy` for IPsec policy specification - # details. - # (CAUTION: This enables your routers prefix renumbering - # from another machine, so if you enable this, do it with - # enough care.) - # - case ${rtadvd_enable} in - [Yy][Ee][Ss]) - # default - case ${rtadvd_interfaces} in - '') - for i in ${ipv6_network_interfaces}; do - case $i in - lo0|gif[0-9]*|stf[0-9]*|faith[0-9]*|lp[0-9]*|sl[0-9]*|tun[0-9]*) - continue - ;; - *) - rtadvd_interfaces="${rtadvd_interfaces} ${i}" - ;; - esac - done - ;; - esac - rtadvd ${rtadvd_interfaces} - # - # Enable Router Renumbering, unicast case - # (use correct src/dst addr) - # rtadvd -R "in ipsec ah/transport/fec0:0:0:1::1-fec0:0:0:10::1/require" \ - # ${ipv6_network_interfaces} - # Enable Router Renumbering, multicast case - # (use correct src addr) - # rtadvd -R "in ipsec ah/transport/ff05::2-fec0:0:0:10::1/require" \ - # ${ipv6_network_interfaces} - ;; - esac - - # mroute6d - case ${mroute6d_enable} in - [Yy][Ee][Ss]) - if [ -x ${mroute6d_program} ]; then - echo -n " ${mroute6d_program}" - ${mroute6d_program} ${mroute6d_flags} - fi - ;; - esac - ;; - esac - - case ${ipv6_ipv4mapping} in - [Yy][Ee][Ss]) - echo -n ' IPv4 mapped IPv6 address support=YES' - sysctl net.inet6.ip6.v6only=0 >/dev/null - ;; - '' | *) - echo -n ' IPv4 mapped IPv6 address support=NO' - sysctl net.inet6.ip6.v6only=1 >/dev/null - ;; - esac - - echo '.' - - # Let future generations know we made it. - # - network6_pass1_done=YES -} - -network6_interface_setup() { +network6_interface_setup() +{ interfaces=$* rtsol_interfaces='' case ${ipv6_gateway_enable} in @@ -366,7 +149,8 @@ network6_interface_setup() { done } -network6_stf_setup() { +network6_stf_setup() +{ case ${stf_interface_ipv4addr} in [Nn][Oo] | '') ;; @@ -413,7 +197,8 @@ network6_stf_setup() { esac } -network6_static_routes_setup() { +network6_static_routes_setup() +{ # Set up any static routes. case ${ipv6_defaultrouter} in [Nn][Oo] | '') @@ -435,7 +220,8 @@ network6_static_routes_setup() { esac } -network6_faith_setup() { +network6_faith_setup() +{ case ${ipv6_faith_prefix} in [Nn][Oo] | '') ;; @@ -462,7 +248,8 @@ network6_faith_setup() { esac } -network6_default_interface_setup() { +network6_default_interface_setup() +{ # Choose IPv6 default interface if it is not clearly specified. case ${ipv6_default_interface} in '') @@ -516,7 +303,8 @@ network6_default_interface_setup() { esac } -network6_getladdr() { +network6_getladdr() +{ ifconfig $1 2>/dev/null | while read proto addr rest; do case ${proto} in inet6) @@ -538,3 +326,89 @@ network6_getladdr() { esac done } + +network_ipv6_start() +{ + # disallow "internal" addresses to appear on the wire + route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject + route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject + + case ${ipv6_network_interfaces} in + [Aa][Uu][Tt][Oo]) + # Get a list of network interfaces + ipv6_network_interfaces="`ifconfig -l`" + ;; + [Nn][Oo][Nn][Ee]) + ipv6_network_interfaces='' + ;; + esac + + if checkyesno ipv6_gateway_enable ; then + # act as a router + ${SYSCTL_W} net.inet6.ip6.forwarding=1 + ${SYSCTL_W} net.inet6.ip6.accept_rtadv=0 + + # wait for DAD + for i in $ipv6_network_interfaces; do + ifconfig $i up + done + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + sleep 1 + else + # act as endhost - start with manual configuration + # Setup of net.inet6.ip6.accept_rtadv is done later by + # network6_interface_setup. + ${SYSCTL_W} net.inet6.ip6.forwarding=0 + fi + + if [ -n "${ipv6_network_interfaces}" ]; then + # Setup the interfaces + network6_interface_setup $ipv6_network_interfaces + + # wait for DAD's completion (for global addrs) + sleep `${SYSCTL_N} net.inet6.ip6.dad_count` + sleep 1 + fi + + # Filter out interfaces on which IPv6 initialization failed. + if checkyesno ipv6_gateway_enable ; then + ipv6_working_interfaces="" + for i in ${ipv6_network_interfaces}; do + laddr=`network6_getladdr $i exclude_tentative` + case ${laddr} in + '') + ;; + *) + ipv6_working_interfaces="$i \ + ${ipv6_working_interfaces}" + ;; + esac + done + ipv6_network_interfaces=${ipv6_working_interfaces} + fi + + # Setup IPv6 to IPv4 mapping + network6_stf_setup + + # Install the "default interface" to kernel, which will be used + # as the default route when there's no router. + network6_default_interface_setup + + # Setup static routes + network6_static_routes_setup + + # Setup faith + network6_faith_setup + + # Support for IPv4 address tacked onto an IPv6 address + if checkyesno ipv6_ipv4mapping ; then + echo 'IPv4 mapped IPv6 address support=YES' + ${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null + else + echo 'IPv4 mapped IPv6 address support=NO' + ${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null + fi +} + +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/pccard b/etc/rc.d/pccard index 9152e82..92e052c 100644 --- a/etc/rc.d/pccard +++ b/etc/rc.d/pccard @@ -1,4 +1,4 @@ -#!/bin/sh - +#!/bin/sh # # Copyright (c) 1996 The FreeBSD Project # All rights reserved. @@ -27,30 +27,42 @@ # $FreeBSD$ # -# PC-card startup script +# PROVIDE: pccard +# REQUIRE: mountcritlocal +# KEYWORD: FreeBSD -case ${pccard_enable} in -[Yy][Ee][Ss]) - echo -n 'Setup PC-CARD:' +. /etc/rc.subr - case ${pccard_mem} in - [Dd][Ee][Ff][Aa][Uu][Ll][Tt]) - pccardc pccardmem 0xd0000 1>/dev/null && echo -n ' memory' - ;; - *) - pccardc pccardmem ${pccard_mem} 1>/dev/null && echo -n ' memory' - ;; - esac +name="pccard" +start_cmd="pccard_start" +stop_cmd=":" - if [ -n "${pccard_beep}" ] ; then - pccardc beep ${pccard_beep} && echo -n ' beep' - fi +pccard_start() +{ + if checkyesno pccard_enable ; then + echo -n 'Setup PC-CARD:' + + case ${pccard_mem} in + [Dd][Ee][Ff][Aa][Uu][Ll][Tt]) + pccardc pccardmem 0xd0000 1>/dev/null && echo -n ' memory' + ;; + *) + pccardc pccardmem ${pccard_mem} 1>/dev/null && echo -n ' memory' + ;; + esac + + if [ -n "${pccard_beep}" ] ; then + pccardc beep ${pccard_beep} && echo -n ' beep' + fi + + if [ -n "${pccard_conf}" ]; then + pccardd_flags="${pccardd_flags} -f ${pccard_conf}" + fi - if [ -n "${pccard_conf}" ]; then - pccardd_flags="${pccardd_flags} -f ${pccard_conf}" + pccardd ${pccardd_flags} && echo -n ' pccardd' + echo '.' fi +} - pccardd ${pccardd_flags} && echo -n ' pccardd' - echo '.' - ;; -esac +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/resolv b/etc/rc.d/resolv index b897d44..fc851316 100644 --- a/etc/rc.d/resolv +++ b/etc/rc.d/resolv @@ -22,7 +22,7 @@ # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# $FreeBSD$ +# SUCH DAMAGE. # # $FreeBSD$ # @@ -60,6 +60,13 @@ mount_md() if [ -r /etc/rc.subr ]; then . /etc/rc.subr load_rc_config $name +elif [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs +elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf +fi + echo "+++ mount_md of /var" mount_md ${varsize:=32m} /var 1 diff --git a/etc/rc.d/routing b/etc/rc.d/routing index febaf83..abeea16 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -1,390 +1,22 @@ -#!/bin/sh - +#!/bin/sh # -# Copyright (c) 1993 The FreeBSD Project -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. +# Configure routing and miscellaneous network tunables # # $FreeBSD$ -# From: @(#)netstart 5.9 (Berkeley) 3/30/91 # -# Note that almost all of the user-configurable behavior is no longer in -# this file, but rather in /etc/defaults/rc.conf. Please check that file -# first before contemplating any changes here. If you do need to change -# this file for some reason, we would like to know about it. - -# First pass startup stuff. -# -network_pass1() { - echo -n 'Doing initial network setup:' - - # Generate host.conf for compatibility - # - if [ -f "/etc/nsswitch.conf" ]; then - echo -n ' host.conf' - generate_host_conf /etc/nsswitch.conf /etc/host.conf - fi - - # Convert host.conf to nsswitch.conf if necessary - # - if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then - echo '' - echo 'Warning: /etc/host.conf is no longer used' - echo ' /etc/nsswitch.conf will be created for you' - convert_host_conf /etc/host.conf /etc/nsswitch.conf - fi - - # Set the host name if it is not already set - # - if [ -z "`hostname -s`" ]; then - hostname ${hostname} - echo -n ' hostname' - fi - - # Establish ipfilter ruleset as early as possible (best in - # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) - - # check whether ipfilter and/or ipnat is enabled - ipfilter_active="NO" - case ${ipfilter_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipnat_enable} in - [Yy][Ee][Ss]) - ipfilter_active="YES" - ;; - esac - case ${ipfilter_active} in - [Yy][Ee][Ss]) - # load ipfilter kernel module if needed - if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then - if kldload ipl; then - echo 'IP-filter module loaded.' - else - echo 'Warning: IP-filter module failed to load.' - # avoid further errors - ipfilter_active="NO" - ipmon_enable="NO" - ipfilter_enable="NO" - ipnat_enable="NO" - ipfs_enable="NO" - fi - fi - # start ipmon before loading any rules - case "${ipmon_enable}" in - [Yy][Ee][Ss]) - echo -n ' ipmon' - ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} - ;; - esac - case "${ipfilter_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipfilter_rules}" ]; then - echo -n ' ipfilter' - ${ipfilter_program:-/sbin/ipf} -Fa -f \ - "${ipfilter_rules}" ${ipfilter_flags} - else - ipfilter_enable="NO" - echo -n ' NO IPF RULES' - fi - ;; - esac - case "${ipnat_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipnat_rules}" ]; then - echo -n ' ipnat' - eval ${ipnat_program:-/sbin/ipnat} -CF -f \ - "${ipnat_rules}" ${ipnat_flags} - else - ipnat_enable="NO" - echo -n ' NO IPNAT RULES' - fi - ;; - esac - # restore filter/NAT state tables after loading the rules - case "${ipfs_enable}" in - [Yy][Ee][Ss]) - if [ -r "/var/db/ipf/ipstate.ipf" ]; then - echo -n ' ipfs' - ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} - # remove files to avoid reloading old state - # after an ungraceful shutdown - rm -f /var/db/ipf/ipstate.ipf - rm -f /var/db/ipf/ipnat.ipf - fi - ;; - esac - ;; - esac - - # Set the domainname if we're using NIS - # - case ${nisdomainname} in - [Nn][Oo] | '') - ;; - *) - domainname ${nisdomainname} - echo -n ' domain' - ;; - esac - - echo '.' - - # Initial ATM interface configuration - # - case ${atm_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - ;; - esac - - # Attempt to create cloned interfaces. - for ifn in ${cloned_interfaces}; do - ifconfig ${ifn} create - done - - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - # - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ]; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # gifconfig - network_gif_setup +# PROVIDE: network2 +# REQUIRE: network1 ppp-user +# KEYWORD: FreeBSD - # Set up all the network interfaces, calling startup scripts if needed - # - case ${network_interfaces} in - [Aa][Uu][Tt][Oo]) - network_interfaces="`ifconfig -l`" - ;; - *) - network_interfaces="${network_interfaces} ${cloned_interfaces}" - ;; - esac - - dhcp_interfaces="" - for ifn in ${network_interfaces}; do - if [ -r /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - eval showstat_$ifn=1 - fi - - # Do the primary ifconfig if specified - # - eval ifconfig_args=\$ifconfig_${ifn} +. /etc/rc.subr - case ${ifconfig_args} in - '') - ;; - [Dd][Hh][Cc][Pp]) - # DHCP inits are done all in one go below - dhcp_interfaces="$dhcp_interfaces $ifn" - eval showstat_$ifn=1 - ;; - *) - ifconfig ${ifn} ${ifconfig_args} - eval showstat_$ifn=1 - ;; - esac - done +name="network2" +start_cmd="network2_start" +stop_cmd=":" - if [ ! -z "${dhcp_interfaces}" ]; then - ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} - fi - - for ifn in ${network_interfaces}; do - # Check to see if aliases need to be added - # - alias=0 - while : ; do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - eval showstat_$ifn=1 - alias=$((${alias} + 1)) - else - break; - fi - done - - # Do ipx address if specified - # - eval ifconfig_args=\$ifconfig_${ifn}_ipx - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} - eval showstat_$ifn=1 - fi - done - - for ifn in ${network_interfaces}; do - eval showstat=\$showstat_${ifn} - if [ ! -z ${showstat} ]; then - ifconfig ${ifn} - fi - done - - # ISDN subsystem startup - # - case ${isdn_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - ;; - esac - - # Start user ppp if required. This must happen before natd. - # - case ${ppp_enable} in - [Yy][Ee][Ss]) - # Establish ppp mode. - # - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto" - fi - - ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" - - # Switch on NAT mode? - # - case ${ppp_nat} in - [Yy][Ee][Ss]) - ppp_command="${ppp_command} -nat" - ;; - esac - - ppp_command="${ppp_command} ${ppp_profile}" - - echo "Starting ppp as \"${ppp_user}\"" - su -m ${ppp_user} -c "exec ${ppp_command}" - ;; - esac - - # Re-Sync ipfilter so it picks up any new network interfaces - # - case ${ipfilter_active} in - [Yy][Ee][Ss]) - ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null - ;; - esac - unset ipfilter_active - - # Initialize IP filtering using ipfw - # - if /sbin/ipfw -q flush > /dev/null 2>&1; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 - fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then - firewall_in_kernel=1 - echo 'Kernel firewall module loaded' - elif [ "${firewall_in_kernel}" -eq 0 ]; then - echo 'Warning: firewall kernel module failed to load' - fi - ;; - esac - - # Load the filters if required - # - case ${firewall_in_kernel} in - 1) - if [ -z "${firewall_script}" ]; then - firewall_script=/etc/rc.firewall - fi - - case ${firewall_enable} in - [Yy][Ee][Ss]) - if [ -r "${firewall_script}" ]; then - . "${firewall_script}" - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - # - case ${natd_enable} in - [Yy][Ee][Ss]) - if [ -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then - natd_flags="$natd_flags -a ${natd_interface}" - else - natd_flags="$natd_flags -n ${natd_interface}" - fi - fi - echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} - ;; - esac - - echo '.' - - elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then - echo 'Warning: kernel has firewall functionality,' \ - 'but firewall rules are not enabled.' - echo ' All ip services are disabled.' - fi - - case ${firewall_logging} in - [Yy][Ee][Ss] | '') - echo 'Firewall logging=YES' - sysctl net.inet.ip.fw.verbose=1 >/dev/null - ;; - *) - ;; - esac - - ;; - esac - ;; - esac - - # Additional ATM interface configuration - # - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 - fi - - # Configure routing - # +network2_start() +{ case ${defaultrouter} in [Nn][Oo] | '') ;; @@ -394,7 +26,7 @@ network_pass1() { ;; esac - # Set up any static routes. This should be done before router discovery. + # Setup static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do @@ -502,468 +134,7 @@ network_pass1() { esac echo '.' - - case ${ipsec_enable} in - [Yy][Ee][Ss]) - if [ -f ${ipsec_file} ]; then - echo ' ipsec: enabled' - setkey -f ${ipsec_file} - else - echo ' ipsec: file not found' - fi - ;; - esac - - echo -n 'Routing daemons:' - case ${router_enable} in - [Yy][Ee][Ss]) - echo -n " ${router}"; ${router} ${router_flags} - ;; - esac - - case ${ipxrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - ;; - esac - - case ${mrouted_enable} in - [Yy][Ee][Ss]) - echo -n ' mrouted'; mrouted ${mrouted_flags} - ;; - esac - - case ${rarpd_enable} in - [Yy][Ee][Ss]) - echo -n ' rarpd'; rarpd ${rarpd_flags} - ;; - esac - echo '.' - - # Let future generations know we made it. - # - network_pass1_done=YES -} - -network_pass2() { - echo -n 'Doing additional network setup:' - case ${named_enable} in - [Yy][Ee][Ss]) - echo -n ' named'; ${named_program:-named} ${named_flags} - ;; - esac - - case ${ntpdate_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpdate' - ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 - ;; - esac - - case ${xntpd_enable} in - [Yy][Ee][Ss]) - echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} - ;; - esac - - case ${timed_enable} in - [Yy][Ee][Ss]) - echo -n ' timed'; timed ${timed_flags} - ;; - esac - - case ${portmap_enable} in - [Yy][Ee][Ss]) - echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ - ${portmap_flags} - - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - # - case ${nis_server_enable} in - [Yy][Ee][Ss]) - echo -n ' ypserv'; ypserv ${nis_server_flags} - - case ${nis_ypxfrd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypxfrd' - rpc.ypxfrd ${nis_ypxfrd_flags} - ;; - esac - - case ${nis_yppasswdd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.yppasswdd' - rpc.yppasswdd ${nis_yppasswdd_flags} - ;; - esac - ;; - esac - - # Start ypbind if we're an NIS client - # - case ${nis_client_enable} in - [Yy][Ee][Ss]) - echo -n ' ypbind'; ypbind ${nis_client_flags} - case ${nis_ypset_enable} in - [Yy][Ee][Ss]) - echo -n ' ypset'; ypset ${nis_ypset_flags} - ;; - esac - ;; - esac - - # Start keyserv if we are running Secure RPC - # - case ${keyserv_enable} in - [Yy][Ee][Ss]) - echo -n ' keyserv'; keyserv ${keyserv_flags} - ;; - esac - - # Start ypupdated if we are running Secure RPC - # and we are NIS master - # - case ${rpc_ypupdated_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.ypupdated'; rpc.ypupdated - ;; - esac - ;; - esac - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 - fi - - echo '.' - network_pass2_done=YES } -network_pass3() { - echo -n 'Starting final network daemons:' - - case ${portmap_enable} in - [Yy][Ee][Ss]) - case ${nfs_server_enable} in - [Yy][Ee][Ss]) - # Handle absent nfs server support - nfsserver_in_kernel=0 - if sysctl vfs.nfsrv >/dev/null 2>&1; then - nfsserver_in_kernel=1 - else - kldload nfsserver && nfsserver_in_kernel=1 - fi - - if [ -r /etc/exports -a \ - ${nfsserver_in_kernel} -eq 1 ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="${mountd_flags} -n" - ;; - esac - - mountd ${mountd_flags} - - case ${nfs_reserved_port_only} in - [Yy][Ee][Ss]) - echo -n ' NFS on reserved port only=YES' - sysctl vfs.nfsrv.nfs_privport=1 > /dev/null - ;; - esac - - echo -n ' nfsd'; nfsd ${nfs_server_flags} - - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - else - echo -n ' Warning: nfs server failed' - fi - ;; - *) - case ${single_mountd_enable} in - [Yy][Ee][Ss]) - if [ -r /etc/exports ]; then - echo -n ' mountd' - - case ${weak_mountd_authentication} in - [Yy][Ee][Ss]) - mountd_flags="-n" - ;; - esac - - mountd ${mountd_flags} - fi - ;; - esac - ;; - esac - - case ${nfs_client_enable} in - [Yy][Ee][Ss]) - nfsclient_in_kernel=0 - # Handle absent nfs client support - if sysctl vfs.nfs >/dev/null 2>&1; then - nfsclient_in_kernel=1 - else - kldload nfsclient && nfsclient_in_kernel=1 - fi - - if [ ${nfsclient_in_kernel} -eq 1 ] - then - if [ -n "${nfs_access_cache}" ]; then - echo -n " NFS access cache time=${nfs_access_cache}" - sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null - fi - if [ -n "${nfs_bufpackets}" ]; then - sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null - fi - case ${rpc_statd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.statd'; rpc.statd - ;; - esac - - case ${rpc_lockd_enable} in - [Yy][Ee][Ss]) - echo -n ' rpc.lockd'; rpc.lockd - ;; - esac - - case ${amd_enable} in - [Yy][Ee][Ss]) - echo -n ' amd' - case ${amd_map_program} in - [Nn][Oo] | '') - ;; - *) - amd_flags="${amd_flags} `eval\ - ${amd_map_program}`" - ;; - esac - - case "${amd_flags}" in - '') - if [ -r /etc/amd.conf ]; then - amd & - else - echo '' - echo 'Warning: amd will not load without arguments' - fi - ;; - *) - amd -p ${amd_flags} \ - >/var/run/amd.pid \ - 2>/dev/null & - ;; - esac - ;; - esac - else - echo 'Warning: NFS client kernel module failed to load' - nfs_client_enable=NO - fi - ;; - esac - - # If /var/db/mounttab exists, some nfs-server has not been - # successfully notified about a previous client shutdown. - # If there is no /var/db/mounttab, we do nothing. - if [ -f /var/db/mounttab ]; then - rpc.umntall -k - fi - - ;; - esac - - case ${rwhod_enable} in - [Yy][Ee][Ss]) - echo -n ' rwhod'; rwhod ${rwhod_flags} - ;; - esac - - # Kerberos servers run ONLY on the Kerberos server machine - case ${kerberos4_server_enable} in - [Yy][Ee][Ss]) - case ${kerberos_stash} in - [Yy][Ee][Ss]) - stash=-n - ;; - *) - stash= - ;; - esac - - echo -n ' kerberosIV' - ${kerberos4_server} ${stash} >> /var/log/kerberos.log & - - case ${kadmind4_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmindIV' - ( - sleep 20; - ${kadmind4_server} ${stash} >/dev/null 2>&1 & - ) & - ;; - esac - unset stash_flag - ;; - esac - - case ${kerberos5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kerberos5' - ${kerberos5_server} & - - case ${kadmind5_server_enable} in - [Yy][Ee][Ss]) - echo -n ' kadmind5' - ${kadmind5_server} & - ;; - esac - ;; - esac - - case ${pppoed_enable} in - [Yy][Ee][Ss]) - if [ -n "${pppoed_provider}" ]; then - pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" - fi - echo -n ' pppoed'; - _opts=$-; set -f - /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} - set +f; set -${_opts} - ;; - esac - - case ${sshd_enable} in - [Yy][Ee][Ss]) - if [ -x /usr/bin/ssh-keygen ]; then - if [ ! -f /etc/ssh/ssh_host_key ]; then - echo ' creating ssh1 RSA host key'; - /usr/bin/ssh-keygen -t rsa1 -N "" \ - -f /etc/ssh/ssh_host_key - fi - if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - echo ' creating ssh2 RSA host key'; - /usr/bin/ssh-keygen -t rsa -N "" \ - -f /etc/ssh/ssh_host_rsa_key - fi - if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then - echo ' creating ssh2 DSA host key'; - /usr/bin/ssh-keygen -t dsa -N "" \ - -f /etc/ssh/ssh_host_dsa_key - fi - fi - ;; - esac - - echo '.' - network_pass3_done=YES -} - -network_pass4() { - echo -n 'Additional TCP options:' - case ${log_in_vain} in - [Nn][Oo] | '') - log_in_vain=0 - ;; - [Yy][Ee][Ss]) - log_in_vain=1 - ;; - [0-9]*) - ;; - *) - echo " invalid log_in_vain setting: ${log_in_vain}" - log_in_vain=0 - ;; - esac - - [ "${log_in_vain}" -ne 0 ] && ( - echo -n " log_in_vain=${log_in_vain}" - sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null - sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null - ) - echo '.' - network_pass4_done=YES -} - -network_gif_setup() { - case ${gif_interfaces} in - [Nn][Oo] | '') - ;; - *) - for i in ${gif_interfaces}; do - eval peers=\$gifconfig_$i - case ${peers} in - '') - continue - ;; - *) - ifconfig $i create >/dev/null 2>&1 - ifconfig $i tunnel ${peers} - ;; - esac - done - ;; - esac -} - -convert_host_conf() { - host_conf=$1; shift; - nsswitch_conf=$1; shift; - awk ' \ - /^[:blank:]*#/ { next } \ - /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ - /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ - /nis/ { nsswitch[c] = "nis"; c++; next } \ - { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ - END { \ - printf "hosts: "; \ - for (i in nsswitch) printf "%s ", nsswitch[i]; \ - printf "\n"; \ - }' < $host_conf > $nsswitch_conf -} - -generate_host_conf() { - nsswitch_conf=$1; shift; - host_conf=$1; shift; - - awk ' -BEGIN { - xlat["files"] = "hosts"; - xlat["dns"] = "bind"; - xlat["nis"] = "nis"; - cont = 0; -} -sub(/^[\t ]*hosts:/, "") || cont { - if (!cont) - srcs = "" - sub(/#.*/, "") - gsub(/[][]/, " & ") - cont = sub(/\\$/, "") - srcs = srcs " " $0 -} -END { - print "# Auto-generated from nsswitch.conf, do not edit" - ns = split(srcs, s) - for (n = 1; n <= ns; ++n) { - if (s[n] in xlat) - print xlat[s[n]] - } -} -' <$nsswitch_conf >$host_conf -} +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/serial b/etc/rc.d/serial index 13edd2a..8b030d6 100644 --- a/etc/rc.d/serial +++ b/etc/rc.d/serial @@ -27,6 +27,10 @@ # $FreeBSD$ # +# PROVIDE: serial +# REQUIRE: root +# KEYWORD: FreeBSD + # Change some defaults for serial devices. # Standard defaults are: # dtrwait 300 drainwait 0 diff --git a/etc/rc.d/syscons b/etc/rc.d/syscons index faae7d4..d3ebed8 100644 --- a/etc/rc.d/syscons +++ b/etc/rc.d/syscons @@ -25,9 +25,17 @@ # SUCH DAMAGE. # # $FreeBSD$ -# Do syscons configuration # +# PROVIDE: syscons +# REQUIRE: LOGIN usbd +# KEYWORD: FreeBSD + +. /etc/rc.subr + +name="syscons" +load_rc_config $name + # stdin must be redirected because it might be for a serial console # kbddev=/dev/ttyv0 @@ -154,23 +162,6 @@ case ${saver} in ;; esac -# mouse daemon -# -case ${moused_enable} in -[Yy][Ee][Ss]) - echo -n ' moused' - moused ${moused_flags} -p ${moused_port} -t ${moused_type} - case ${mousechar_start} in - [Nn][Oo] | '') - ;; - *) - echo -n ' mousechar_start'; vidcontrol < ${viddev} -M ${mousechar_start} - ;; - esac - vidcontrol < ${viddev} -m on - ;; -esac - # set this mode for all virtual screens # if [ -n "${allscreens_flags}" ]; then @@ -188,5 +179,3 @@ if [ -n "${allscreens_kbdflags}" ]; then kbdcontrol ${allscreens_kbdflags} < ${ttyv} > ${ttyv} 2>&1 done fi - -echo '.' diff --git a/etc/rc.d/sysctl b/etc/rc.d/sysctl index 1e315f2..c478828 100644 --- a/etc/rc.d/sysctl +++ b/etc/rc.d/sysctl @@ -1,61 +1,70 @@ #!/bin/sh # -# Copyright (c) 1999 Warner Losh -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# +# $NetBSD: sysctl,v 1.12 2002/04/29 12:10:23 lukem Exp $ # $FreeBSD$ # -# -# Read in /etc/sysctl.conf and set things accordingly -# +# PROVIDE: sysctl +# REQUIRE: root ipfilter ipsec +# BEFORE: DAEMON +# KEYWORD: FreeBSD NetBSD + +. /etc/rc.subr + +name="sysctl" +stop_cmd=":" + +case `${CMD_OSTYPE}` in +FreeBSD) + start_cmd="FreeBSD_start" + extra_commands="reload lastload" + reload_cmd="FreeBSD_start" + lastload_cmd="FreeBSD_start last" + ;; +NetBSD) + start_cmd="NetBSD_start" + ;; +esac + +FreeBSD_start() +{ + # + # Read in /etc/sysctl.conf and set things accordingly + # + if [ -f /etc/sysctl.conf ]; then + while read var comments + do + case ${var} in + \#*|'') + ;; + *) + mib=${var%=*} + val=${var#*=} + + if current_value=`${SYSCTL} -n ${mib} 2>/dev/null`; then + case ${current_value} in + ${val}) + ;; + *) + sysctl ${var} + ;; + esac + elif [ "$1" -eq "last" ]; then + warn "sysctl ${mib} does not exits." + fi + ;; + esac + done < /etc/sysctl.conf + fi +} + +NetBSD_start() +{ + if [ -r /etc/sysctl.conf ]; then + echo "Setting sysctl variables:" + ${SYSCTL} -f /etc/sysctl.conf + fi +} -if [ -f /etc/sysctl.conf ]; then - while read var comments - do - case ${var} in - \#*|'') - ;; - *) - mib=${var%=*} - val=${var#*=} - - if current_value=`sysctl -n ${mib} 2>/dev/null`; then - case ${current_value} in - ${val}) ;; - *) - sysctl ${var} - ;; - esac - else - case ${1} in - last) - echo "Warning: sysctl ${mib} does not exist" - ;; - esac - fi - ;; - esac - done < /etc/sysctl.conf -fi +load_rc_config $name +run_rc_command "$1" diff --git a/etc/rc.d/tmp b/etc/rc.d/tmp index b897d44..fc851316 100644 --- a/etc/rc.d/tmp +++ b/etc/rc.d/tmp @@ -22,7 +22,7 @@ # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# $FreeBSD$ +# SUCH DAMAGE. # # $FreeBSD$ # @@ -60,6 +60,13 @@ mount_md() if [ -r /etc/rc.subr ]; then . /etc/rc.subr load_rc_config $name +elif [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs +elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf +fi + echo "+++ mount_md of /var" mount_md ${varsize:=32m} /var 1 diff --git a/etc/rc.d/var b/etc/rc.d/var index b897d44..fc851316 100644 --- a/etc/rc.d/var +++ b/etc/rc.d/var @@ -22,7 +22,7 @@ # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# $FreeBSD$ +# SUCH DAMAGE. # # $FreeBSD$ # @@ -60,6 +60,13 @@ mount_md() if [ -r /etc/rc.subr ]; then . /etc/rc.subr load_rc_config $name +elif [ -r /etc/defaults/rc.conf ]; then + . /etc/defaults/rc.conf + source_rc_confs +elif [ -r /etc/rc.conf ]; then + . /etc/rc.conf +fi + echo "+++ mount_md of /var" mount_md ${varsize:=32m} /var 1 diff --git a/etc/rc.initdiskless b/etc/rc.initdiskless index 4eb37fa..1b72009 100644 --- a/etc/rc.initdiskless +++ b/etc/rc.initdiskless @@ -1,3 +1,5 @@ +#!/bin/sh +# # Copyright (c) 1999 Matt Dillion # All rights reserved. # @@ -25,8 +27,12 @@ # $FreeBSD$ # -# -# /etc/rc.diskless1 - general BOOTP startup +# PROVIDE: initdiskless +# KEYWORD: FreeBSD + +dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` +[ ${dlv:=0} -eq 0 ] && exit 0 + # # BOOTP has mounted / for us. Assume a read-only mount. We must then # - figure out our IP by querying the interface @@ -46,7 +52,8 @@ # checks error code and drops into shell on failure. # if shell exits, terminates script as well as /etc/rc. # -chkerr() { +chkerr() +{ case $1 in 0) ;; @@ -58,7 +65,8 @@ chkerr() { esac } -mount_md() { +mount_md() +{ /sbin/mdconfig -a -t malloc -s $1 -u $3 /sbin/disklabel -r -w md$3 auto /sbin/newfs /dev/md$3c @@ -93,8 +101,8 @@ done echo "Interface ${bootp_ifc} IP-Address ${bootp_ipa} Broadcast ${bootp_ipbca}" if [ -z "`hostname -s`" ]; then - hostname=`kenv dhcp.host-name` - hostname $hostname + hostname=`kenv dhcp.host-name` + hostname $hostname echo "Hostname is $hostname" fi @@ -126,19 +134,10 @@ done # build the resolv.conf # if [ ! -e /etc/resolv.conf ]; then - echo domain `kenv dhcp.domain-name` > /etc/resolv.conf + echo domain `kenv dhcp.domain-name` > /etc/resolv.conf - set `kenv dhcp.domain-name-servers` - for ns in `IFS=','; echo $*`; do - echo nameserver $ns >> /etc/resolv.conf; - done + set `kenv dhcp.domain-name-servers` + for ns in `IFS=','; echo $*`; do + echo nameserver $ns >> /etc/resolv.conf; + done fi - -# Tell /etc/rc to run the specified script after it does its mounts but -# before it does anything else. -# -# This script is responsible for setting up the diskless mount environment. -# This can be overriden by /conf/ME/rc.conf.local if, for example, you do not -# want to run the standard system /etc/rc.diskless2 - -diskless_mount="/etc/rc.diskless2" -- cgit v1.1