head	1.165;
access;
symbols
	RELENG_8_4:1.163.0.2
	RELENG_9_1_0_RELEASE:1.156.2.3.2.2
	RELENG_9_1:1.156.2.3.0.2
	RELENG_9_1_BP:1.156.2.3
	RELENG_8_3_0_RELEASE:1.146.2.2.2.1
	RELENG_8_3:1.146.2.2.0.2
	RELENG_8_3_BP:1.146.2.2
	RELENG_9_0_0_RELEASE:1.156.2.1.2.1
	RELENG_9_0:1.156.2.1.0.2
	RELENG_9_0_BP:1.156.2.1
	RELENG_9:1.156.0.2
	RELENG_9_BP:1.156
	RELENG_7_4_0_RELEASE:1.143.12.1
	RELENG_8_2_0_RELEASE:1.146.2.1.6.1
	RELENG_7_4:1.143.0.12
	RELENG_7_4_BP:1.143
	RELENG_8_2:1.146.2.1.0.6
	RELENG_8_2_BP:1.146.2.1
	RELENG_8_1_0_RELEASE:1.146.2.1.4.1
	RELENG_8_1:1.146.2.1.0.4
	RELENG_8_1_BP:1.146.2.1
	RELENG_7_3_0_RELEASE:1.143.10.1
	RELENG_7_3:1.143.0.10
	RELENG_7_3_BP:1.143
	RELENG_8_0_0_RELEASE:1.146.2.1.2.1
	RELENG_8_0:1.146.2.1.0.2
	RELENG_8_0_BP:1.146.2.1
	RELENG_8:1.146.0.2
	RELENG_8_BP:1.146
	RELENG_7_2_0_RELEASE:1.143.8.1
	RELENG_7_2:1.143.0.8
	RELENG_7_2_BP:1.143
	RELENG_7_1_0_RELEASE:1.143.6.1
	RELENG_6_4_0_RELEASE:1.141.2.1.8.1
	RELENG_7_1:1.143.0.6
	RELENG_7_1_BP:1.143
	RELENG_6_4:1.141.2.1.0.8
	RELENG_6_4_BP:1.141.2.1
	RELENG_7_0_0_RELEASE:1.143
	RELENG_6_3_0_RELEASE:1.141.2.1
	RELENG_7_0:1.143.0.4
	RELENG_7_0_BP:1.143
	RELENG_6_3:1.141.2.1.0.6
	RELENG_6_3_BP:1.141.2.1
	RELENG_7:1.143.0.2
	RELENG_7_BP:1.143
	RELENG_6_2_0_RELEASE:1.141.2.1
	RELENG_6_2:1.141.2.1.0.4
	RELENG_6_2_BP:1.141.2.1
	RELENG_5_5_0_RELEASE:1.140.2.1
	RELENG_5_5:1.140.2.1.0.6
	RELENG_5_5_BP:1.140.2.1
	RELENG_6_1_0_RELEASE:1.141.2.1
	RELENG_6_1:1.141.2.1.0.2
	RELENG_6_1_BP:1.141.2.1
	RELENG_6_0_0_RELEASE:1.141
	RELENG_6_0:1.141.0.4
	RELENG_6_0_BP:1.141
	RELENG_6:1.141.0.2
	RELENG_6_BP:1.141
	RELENG_5_4_0_RELEASE:1.140.2.1
	RELENG_5_4:1.140.2.1.0.4
	RELENG_5_4_BP:1.140.2.1
	RELENG_5_3_0_RELEASE:1.140.2.1
	RELENG_5_3:1.140.2.1.0.2
	RELENG_5_3_BP:1.140.2.1
	RELENG_5:1.140.0.2
	RELENG_5_BP:1.140
	RELENG_5_2_1_RELEASE:1.139
	RELENG_5_2_0_RELEASE:1.139
	RELENG_5_2:1.139.0.2
	RELENG_5_2_BP:1.139
	old_RELENG_5_1_0_RELEASE:1.136
	old_RELENG_5_1:1.136.0.2
	old_RELENG_5_1_BP:1.136
	old_RELENG_5_0_0_RELEASE:1.135
	old_RELENG_5_0:1.135.0.2
	old_RELENG_5_0_BP:1.135
	old_old_RELENG_4_6_1_RELEASE:1.74.2.39.2.1
	old_old_RELENG_4_6_0_RELEASE:1.74.2.39
	old_old_RELENG_4_6:1.74.2.39.0.2
	old_old_RELENG_4_6_BP:1.74.2.39
	old_old_RELENG_4_5_0_RELEASE:1.74.2.28
	old_old_RELENG_4_5:1.74.2.28.0.2
	old_old_RELENG_4_5_BP:1.74.2.28
	old_old_RELENG_4_4_0_RELEASE:1.74.2.23
	old_old_RELENG_4_4:1.74.2.23.0.2
	old_old_RELENG_4_4_BP:1.74.2.23
	old_old_RELENG_4_3_0_RELEASE:1.74.2.14
	old_old_RELENG_4_3:1.74.2.14.0.2
	old_old_RELENG_4_3_BP:1.74.2.14
	old_old_RELENG_4_2_0_RELEASE:1.74.2.10
	old_old_RELENG_4_1_1_RELEASE:1.74.2.6
	old_old_PRE_SMPNG:1.84
	old_old_RELENG_4_1_0_RELEASE:1.74.2.3
	old_old_RELENG_3_5_0_RELEASE:1.39.2.14
	old_old_RELENG_4_0_0_RELEASE:1.74
	old_old_RELENG_4:1.74.0.2
	old_old_RELENG_4_BP:1.74
	old_old_RELENG_3_4_0_RELEASE:1.39.2.14
	old_old_RELENG_3_3_0_RELEASE:1.39.2.11
	old_old_RELENG_3_2_PAO:1.39.2.4.0.2
	old_old_RELENG_3_2_PAO_BP:1.39.2.4
	old_old_RELENG_3_2_0_RELEASE:1.39.2.4
	old_old_RELENG_3_1_0_RELEASE:1.39
	old_old_RELENG_3:1.39.0.2
	old_old_RELENG_3_BP:1.39
	old_old_RELENG_2_2_8_RELEASE:1.1.2.24
	old_old_RELENG_3_0_0_RELEASE:1.33
	old_old_RELENG_2_2_7_RELEASE:1.1.2.21
	old_old_RELENG_2_2_6_RELEASE:1.1.2.18
	old_old_RELENG_2_2_5_RELEASE:1.1.2.11
	old_old_RELENG_2_2_2_RELEASE:1.1.2.7
	old_old_RELENG_2_2:1.1.0.2;
locks; strict;
comment	@# @;


1.165
date	2013.06.10.00.33.47;	author svnexp;	state Exp;
branches;
next	1.164;

1.164
date	2013.05.20.00.28.17;	author svnexp;	state Exp;
branches;
next	1.163;

1.163
date	2012.11.18.11.26.24;	author svnexp;	state Exp;
branches
	1.163.2.1;
next	1.162;

1.162
date	2012.11.17.22.02.09;	author svnexp;	state Exp;
branches;
next	1.161;

1.161
date	2012.11.17.01.49.05;	author svnexp;	state Exp;
branches;
next	1.160;

1.160
date	2012.03.04.18.53.35;	author bz;	state Exp;
branches;
next	1.159;

1.159
date	2012.02.17.02.39.58;	author bz;	state Exp;
branches;
next	1.158;

1.158
date	2012.02.04.18.14.49;	author hrs;	state Exp;
branches;
next	1.157;

1.157
date	2011.11.08.23.02.32;	author jilles;	state Exp;
branches;
next	1.156;

1.156
date	2011.07.17.14.52.55;	author jilles;	state Exp;
branches
	1.156.2.1;
next	1.155;

1.155
date	2011.07.15.01.59.08;	author kevlo;	state Exp;
branches;
next	1.154;

1.154
date	2011.03.30.01.19.00;	author emaste;	state Exp;
branches;
next	1.153;

1.153
date	2010.04.26.15.31.58;	author ume;	state Exp;
branches;
next	1.152;

1.152
date	2009.10.02.20.19.53;	author hrs;	state Exp;
branches;
next	1.151;

1.151
date	2009.10.02.02.28.59;	author hrs;	state Exp;
branches;
next	1.150;

1.150
date	2009.09.30.14.58.10;	author ume;	state Exp;
branches;
next	1.149;

1.149
date	2009.09.26.19.00.20;	author hrs;	state Exp;
branches;
next	1.148;

1.148
date	2009.09.13.20.19.02;	author bz;	state Exp;
branches;
next	1.147;

1.147
date	2009.09.12.22.13.41;	author hrs;	state Exp;
branches;
next	1.146;

1.146
date	2008.06.23.04.00.45;	author mtm;	state Exp;
branches
	1.146.2.1;
next	1.145;

1.145
date	2008.06.05.17.26.47;	author brooks;	state Exp;
branches;
next	1.144;

1.144
date	2008.05.18.02.57.54;	author brooks;	state Exp;
branches;
next	1.143;

1.143
date	2007.05.02.15.49.30;	author mtm;	state Exp;
branches
	1.143.2.1
	1.143.6.1
	1.143.8.1
	1.143.10.1
	1.143.12.1;
next	1.142;

1.142
date	2005.10.28.16.07.52;	author yar;	state Exp;
branches;
next	1.141;

1.141
date	2004.10.07.13.55.26;	author mtm;	state Exp;
branches
	1.141.2.1;
next	1.140;

1.140
date	2004.03.08.12.25.05;	author pjd;	state Exp;
branches
	1.140.2.1;
next	1.139;

1.139
date	2003.08.14.15.27.32;	author harti;	state Exp;
branches;
next	1.138;

1.138
date	2003.06.29.17.59.09;	author mtm;	state Exp;
branches;
next	1.137;

1.137
date	2003.06.29.05.09.48;	author mtm;	state Exp;
branches;
next	1.136;

1.136
date	2003.04.18.17.55.05;	author mtm;	state Exp;
branches;
next	1.135;

1.135
date	2002.06.13.22.14.36;	author gordon;	state Exp;
branches;
next	1.134;

1.134
date	2002.04.11.22.06.27;	author des;	state Exp;
branches;
next	1.133;

1.133
date	2002.04.10.22.30.54;	author peter;	state Exp;
branches;
next	1.132;

1.132
date	2002.04.01.18.33.45;	author dougb;	state Exp;
branches;
next	1.131;

1.131
date	2002.03.19.03.45.02;	author des;	state Exp;
branches;
next	1.130;

1.130
date	2002.03.19.01.56.04;	author cjc;	state Exp;
branches;
next	1.129;

1.129
date	2002.03.17.07.35.51;	author dougb;	state Exp;
branches;
next	1.128;

1.128
date	2002.03.12.20.25.25;	author cjc;	state Exp;
branches;
next	1.127;

1.127
date	2002.03.12.01.04.35;	author obrien;	state Exp;
branches;
next	1.126;

1.126
date	2002.03.12.01.01.53;	author obrien;	state Exp;
branches;
next	1.125;

1.125
date	2002.03.04.10.30.24;	author dd;	state Exp;
branches;
next	1.124;

1.124
date	2002.02.20.10.30.47;	author cjc;	state Exp;
branches;
next	1.123;

1.123
date	2002.02.08.13.25.33;	author cjc;	state Exp;
branches;
next	1.122;

1.122
date	2002.01.28.11.06.02;	author sheldonh;	state Exp;
branches;
next	1.121;

1.121
date	2002.01.28.11.05.01;	author sheldonh;	state Exp;
branches;
next	1.120;

1.120
date	2002.01.26.09.04.58;	author cjc;	state Exp;
branches;
next	1.119;

1.119
date	2001.12.13.04.21.18;	author alfred;	state Exp;
branches;
next	1.118;

1.118
date	2001.12.11.08.21.45;	author ru;	state Exp;
branches;
next	1.117;

1.117
date	2001.12.07.17.03.14;	author rwatson;	state Exp;
branches;
next	1.116;

1.116
date	2001.12.06.09.34.44;	author cjc;	state Exp;
branches;
next	1.115;

1.115
date	2001.11.24.23.41.32;	author dd;	state Exp;
branches;
next	1.114;

1.114
date	2001.11.24.16.12.03;	author ru;	state Exp;
branches;
next	1.113;

1.113
date	2001.11.24.13.48.30;	author darrenr;	state Exp;
branches;
next	1.112;

1.112
date	2001.11.14.06.35.43;	author sheldonh;	state Exp;
branches;
next	1.111;

1.111
date	2001.11.07.00.33.56;	author fenner;	state Exp;
branches;
next	1.110;

1.110
date	2001.11.01.12.39.01;	author des;	state Exp;
branches;
next	1.109;

1.109
date	2001.10.20.04.46.32;	author darrenr;	state Exp;
branches;
next	1.108;

1.108
date	2001.10.20.04.41.47;	author darrenr;	state Exp;
branches;
next	1.107;

1.107
date	2001.10.20.04.32.57;	author darrenr;	state Exp;
branches;
next	1.106;

1.106
date	2001.10.19.06.50.52;	author dougb;	state Exp;
branches;
next	1.105;

1.105
date	2001.10.10.20.36.51;	author jhb;	state Exp;
branches;
next	1.104;

1.104
date	2001.09.19.21.27.18;	author brooks;	state Exp;
branches;
next	1.103;

1.103
date	2001.09.19.00.22.26;	author peter;	state Exp;
branches;
next	1.102;

1.102
date	2001.07.30.23.12.02;	author darrenr;	state Exp;
branches;
next	1.101;

1.101
date	2001.07.28.19.57.57;	author markm;	state Exp;
branches;
next	1.100;

1.100
date	2001.07.02.21.08.48;	author brooks;	state Exp;
branches;
next	1.99;

1.99
date	2001.06.16.15.48.43;	author schweikh;	state Exp;
branches;
next	1.98;

1.98
date	2001.06.11.12.38.40;	author ume;	state Exp;
branches;
next	1.97;

1.97
date	2001.06.10.16.21.56;	author brian;	state Exp;
branches;
next	1.96;

1.96
date	2001.06.03.12.26.56;	author brian;	state Exp;
branches;
next	1.95;

1.95
date	2001.05.18.18.10.02;	author obrien;	state Exp;
branches;
next	1.94;

1.94
date	2001.05.16.19.23.54;	author jesper;	state Exp;
branches;
next	1.93;

1.93
date	2001.05.09.07.46.44;	author peter;	state Exp;
branches;
next	1.92;

1.92
date	2001.03.19.22.07.30;	author des;	state Exp;
branches;
next	1.91;

1.91
date	2001.03.19.12.49.45;	author alfred;	state Exp;
branches;
next	1.90;

1.90
date	2000.12.17.22.14.49;	author dougb;	state Exp;
branches;
next	1.89;

1.89
date	2000.12.17.08.15.57;	author dougb;	state Exp;
branches;
next	1.88;

1.88
date	2000.10.12.11.25.57;	author ru;	state Exp;
branches;
next	1.87;

1.87
date	2000.10.08.19.18.24;	author obrien;	state Exp;
branches;
next	1.86;

1.86
date	2000.10.06.12.24.45;	author darrenr;	state Exp;
branches;
next	1.85;

1.85
date	2000.09.28.05.43.44;	author brian;	state Exp;
branches;
next	1.84;

1.84
date	2000.09.06.18.16.32;	author nectar;	state Exp;
branches;
next	1.83;

1.83
date	2000.08.16.23.08.28;	author jhb;	state Exp;
branches;
next	1.82;

1.82
date	2000.08.10.00.12.53;	author brian;	state Exp;
branches;
next	1.81;

1.81
date	2000.07.14.13.03.36;	author nbm;	state Exp;
branches;
next	1.80;

1.80
date	2000.06.22.17.40.52;	author dillon;	state Exp;
branches;
next	1.79;

1.79
date	2000.05.16.06.52.11;	author dillon;	state Exp;
branches;
next	1.78;

1.78
date	2000.05.15.19.56.59;	author kris;	state Exp;
branches;
next	1.77;

1.77
date	2000.05.15.05.40.26;	author kris;	state Exp;
branches;
next	1.76;

1.76
date	2000.05.06.17.18.14;	author ache;	state Exp;
branches;
next	1.75;

1.75
date	2000.03.27.21.38.32;	author dillon;	state Exp;
branches;
next	1.74;

1.74
date	2000.02.29.12.53.28;	author jkh;	state Exp;
branches
	1.74.2.1;
next	1.73;

1.73
date	2000.02.28.19.54.06;	author markm;	state Exp;
branches;
next	1.72;

1.72
date	2000.02.28.19.21.05;	author jkh;	state Exp;
branches;
next	1.71;

1.71
date	2000.02.24.23.12.04;	author markm;	state Exp;
branches;
next	1.70;

1.70
date	2000.02.06.16.33.54;	author hm;	state Exp;
branches;
next	1.69;

1.69
date	2000.01.15.14.28.05;	author green;	state Exp;
branches;
next	1.68;

1.68
date	99.12.17.13.36.40;	author roberto;	state Exp;
branches;
next	1.67;

1.67
date	99.12.12.01.58.30;	author obrien;	state Exp;
branches;
next	1.66;

1.66
date	99.11.23.00.26.03;	author brian;	state Exp;
branches;
next	1.65;

1.65
date	99.11.23.00.22.24;	author brian;	state Exp;
branches;
next	1.64;

1.64
date	99.11.17.22.38.02;	author ache;	state Exp;
branches;
next	1.63;

1.63
date	99.11.14.21.28.07;	author ache;	state Exp;
branches;
next	1.62;

1.62
date	99.09.19.21.32.42;	author green;	state Exp;
branches;
next	1.61;

1.61
date	99.09.13.15.44.18;	author sheldonh;	state Exp;
branches;
next	1.60;

1.60
date	99.09.12.17.22.05;	author des;	state Exp;
branches;
next	1.59;

1.59
date	99.09.01.08.57.01;	author peter;	state Exp;
branches;
next	1.58;

1.58
date	99.08.27.23.23.44;	author peter;	state Exp;
branches;
next	1.57;

1.57
date	99.08.27.22.15.15;	author jkh;	state Exp;
branches;
next	1.56;

1.56
date	99.08.25.16.01.37;	author sheldonh;	state Exp;
branches;
next	1.55;

1.55
date	99.08.22.23.26.03;	author brian;	state Exp;
branches;
next	1.54;

1.54
date	99.08.19.21.15.16;	author brian;	state Exp;
branches;
next	1.53;

1.53
date	99.08.10.09.45.31;	author des;	state Exp;
branches;
next	1.52;

1.52
date	99.07.26.15.17.23;	author brian;	state Exp;
branches;
next	1.51;

1.51
date	99.07.26.10.49.31;	author brian;	state Exp;
branches;
next	1.50;

1.50
date	99.07.16.09.26.52;	author jkh;	state Exp;
branches;
next	1.49;

1.49
date	99.07.08.18.56.02;	author peter;	state Exp;
branches;
next	1.48;

1.48
date	99.07.07.12.49.45;	author peter;	state Exp;
branches;
next	1.47;

1.47
date	99.06.08.13.00.30;	author brian;	state Exp;
branches;
next	1.46;

1.46
date	99.06.05.12.06.19;	author bde;	state Exp;
branches;
next	1.45;

1.45
date	99.06.05.05.45.47;	author phk;	state Exp;
branches;
next	1.44;

1.44
date	99.04.12.15.26.41;	author brian;	state Exp;
branches;
next	1.43;

1.43
date	99.04.10.10.56.58;	author des;	state Exp;
branches;
next	1.42;

1.42
date	99.03.28.20.36.03;	author imp;	state Exp;
branches;
next	1.41;

1.41
date	99.03.24.10.28.49;	author brian;	state Exp;
branches;
next	1.40;

1.40
date	99.03.11.16.17.24;	author jfitz;	state Exp;
branches;
next	1.39;

1.39
date	99.01.13.17.32.37;	author joerg;	state Exp;
branches
	1.39.2.1;
next	1.38;

1.38
date	99.01.13.08.20.55;	author hm;	state Exp;
branches;
next	1.37;

1.37
date	99.01.03.22.19.23;	author jkh;	state Exp;
branches;
next	1.36;

1.36
date	98.11.27.07.06.11;	author jkoshy;	state Exp;
branches;
next	1.35;

1.35
date	98.11.15.20.30.04;	author msmith;	state Exp;
branches;
next	1.34;

1.34
date	98.11.11.05.23.44;	author peter;	state Exp;
branches;
next	1.33;

1.33
date	98.10.06.19.24.14;	author phk;	state Exp;
branches;
next	1.32;

1.32
date	98.09.16.20.38.23;	author cracauer;	state Exp;
branches;
next	1.31;

1.31
date	98.09.15.10.49.02;	author jkoshy;	state Exp;
branches;
next	1.30;

1.30
date	98.09.06.08.20.11;	author phk;	state Exp;
branches;
next	1.29;

1.29
date	98.08.14.06.55.17;	author phk;	state Exp;
branches;
next	1.28;

1.28
date	98.07.08.15.40.53;	author nectar;	state Exp;
branches;
next	1.27;

1.27
date	98.06.14.16.31.03;	author steve;	state Exp;
branches;
next	1.26;

1.26
date	98.05.19.04.36.31;	author jkh;	state Exp;
branches;
next	1.25;

1.25
date	98.05.06.17.36.16;	author andreas;	state Exp;
branches;
next	1.24;

1.24
date	98.05.05.21.14.27;	author andreas;	state Exp;
branches;
next	1.23;

1.23
date	98.04.26.06.32.13;	author phk;	state Exp;
branches;
next	1.22;

1.22
date	98.04.18.10.27.06;	author brian;	state Exp;
branches;
next	1.21;

1.21
date	98.04.12.09.47.43;	author markm;	state Exp;
branches;
next	1.20;

1.20
date	98.03.09.08.50.30;	author jkh;	state Exp;
branches;
next	1.19;

1.19
date	98.02.20.14.45.06;	author brian;	state Exp;
branches;
next	1.18;

1.18
date	98.02.16.19.21.32;	author guido;	state Exp;
branches;
next	1.17;

1.17
date	98.02.14.04.12.23;	author alex;	state Exp;
branches;
next	1.16;

1.16
date	98.02.07.04.56.56;	author alex;	state Exp;
branches;
next	1.15;

1.15
date	98.02.01.00.20.56;	author wollman;	state Exp;
branches;
next	1.14;

1.14
date	98.01.10.03.33.39;	author alex;	state Exp;
branches;
next	1.13;

1.13
date	97.12.01.06.11.34;	author obrien;	state Exp;
branches;
next	1.12;

1.12
date	97.11.07.20.45.34;	author sef;	state Exp;
branches;
next	1.11;

1.11
date	97.09.18.22.43.48;	author danny;	state Exp;
branches;
next	1.10;

1.10
date	97.09.11.10.59.02;	author danny;	state Exp;
branches;
next	1.9;

1.9
date	97.07.06.00.33.34;	author pst;	state Exp;
branches;
next	1.8;

1.8
date	97.05.19.07.46.48;	author jkh;	state Exp;
branches;
next	1.7;

1.7
date	97.05.13.08.22.27;	author jkh;	state Exp;
branches;
next	1.6;

1.6
date	97.05.03.11.22.17;	author jkh;	state Exp;
branches;
next	1.5;

1.5
date	97.05.01.20.28.18;	author jkh;	state Exp;
branches;
next	1.4;

1.4
date	97.05.01.20.04.42;	author jkh;	state Exp;
branches;
next	1.3;

1.3
date	97.05.01.04.38.16;	author jkh;	state Exp;
branches;
next	1.2;

1.2
date	97.04.27.03.59.14;	author jkh;	state Exp;
branches;
next	1.1;

1.1
date	97.04.26.22.39.34;	author jkh;	state dead;
branches
	1.1.2.1;
next	;

1.163.2.1
date	2012.11.18.11.26.24;	author svnexp;	state dead;
branches;
next	1.163.2.2;

1.163.2.2
date	2013.03.28.13.02.44;	author svnexp;	state Exp;
branches;
next	;

1.156.2.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.156.2.1.2.1;
next	1.156.2.2;

1.156.2.2
date	2012.02.29.09.47.26;	author bz;	state Exp;
branches;
next	1.156.2.3;

1.156.2.3
date	2012.03.12.22.08.03;	author bz;	state Exp;
branches
	1.156.2.3.2.1;
next	1.156.2.4;

1.156.2.4
date	2012.11.17.11.36.11;	author svnexp;	state Exp;
branches;
next	1.156.2.5;

1.156.2.5
date	2013.05.22.19.01.43;	author svnexp;	state Exp;
branches;
next	1.156.2.6;

1.156.2.6
date	2013.07.12.02.05.08;	author svnexp;	state Exp;
branches;
next	1.156.2.7;

1.156.2.7
date	2013.07.12.02.08.23;	author svnexp;	state Exp;
branches;
next	;

1.156.2.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.156.2.1.2.2;

1.156.2.1.2.2
date	2012.11.17.08.36.11;	author svnexp;	state Exp;
branches;
next	;

1.156.2.3.2.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.156.2.3.2.2;

1.156.2.3.2.2
date	2012.11.17.08.47.01;	author svnexp;	state Exp;
branches;
next	;

1.146.2.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.146.2.1.2.1
	1.146.2.1.4.1
	1.146.2.1.6.1;
next	1.146.2.2;

1.146.2.2
date	2012.02.16.01.41.34;	author hrs;	state Exp;
branches
	1.146.2.2.2.1;
next	1.146.2.3;

1.146.2.3
date	2012.03.05.17.33.01;	author bz;	state Exp;
branches;
next	1.146.2.4;

1.146.2.4
date	2012.03.12.22.13.17;	author bz;	state Exp;
branches;
next	1.146.2.5;

1.146.2.5
date	2012.11.17.10.35.57;	author svnexp;	state Exp;
branches;
next	;

1.146.2.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.146.2.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.146.2.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.146.2.2.2.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.146.2.2.2.2;

1.146.2.2.2.2
date	2012.11.17.08.24.38;	author svnexp;	state Exp;
branches;
next	;

1.143.2.1
date	2012.11.17.08.01.22;	author svnexp;	state Exp;
branches;
next	;

1.143.6.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.143.8.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.143.10.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.143.12.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.143.12.2;

1.143.12.2
date	2012.11.17.08.16.37;	author svnexp;	state Exp;
branches;
next	;

1.141.2.1
date	2006.01.21.22.42.43;	author yar;	state Exp;
branches
	1.141.2.1.8.1;
next	1.141.2.2;

1.141.2.2
date	2012.11.17.07.39.09;	author svnexp;	state Exp;
branches;
next	;

1.141.2.1.8.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;

1.140.2.1
date	2004.10.10.09.50.54;	author mtm;	state Exp;
branches;
next	;

1.74.2.1
date	2000.03.27.21.39.49;	author dillon;	state Exp;
branches;
next	1.74.2.2;

1.74.2.2
date	2000.06.09.07.25.15;	author kris;	state Exp;
branches;
next	1.74.2.3;

1.74.2.3
date	2000.06.24.20.51.27;	author dillon;	state Exp;
branches;
next	1.74.2.4;

1.74.2.4
date	2000.08.06.16.58.30;	author nbm;	state Exp;
branches;
next	1.74.2.5;

1.74.2.5
date	2000.08.16.23.10.53;	author jhb;	state Exp;
branches;
next	1.74.2.6;

1.74.2.6
date	2000.08.17.06.55.34;	author jhb;	state Exp;
branches;
next	1.74.2.7;

1.74.2.7
date	2000.10.09.20.18.52;	author brian;	state Exp;
branches;
next	1.74.2.8;

1.74.2.8
date	2000.10.12.11.28.16;	author ru;	state Exp;
branches;
next	1.74.2.9;

1.74.2.9
date	2000.10.30.10.40.11;	author obrien;	state Exp;
branches;
next	1.74.2.10;

1.74.2.10
date	2000.11.11.20.33.39;	author jkh;	state Exp;
branches;
next	1.74.2.11;

1.74.2.11
date	2001.01.14.08.21.07;	author dougb;	state Exp;
branches;
next	1.74.2.12;

1.74.2.12
date	2001.01.14.09.47.48;	author dougb;	state Exp;
branches;
next	1.74.2.13;

1.74.2.13
date	2001.03.06.01.58.45;	author obrien;	state Exp;
branches;
next	1.74.2.14;

1.74.2.14
date	2001.03.06.02.21.59;	author obrien;	state Exp;
branches;
next	1.74.2.15;

1.74.2.15
date	2001.06.09.16.18.12;	author des;	state Exp;
branches;
next	1.74.2.16;

1.74.2.16
date	2001.06.17.11.40.59;	author brian;	state Exp;
branches;
next	1.74.2.17;

1.74.2.17
date	2001.06.23.23.33.14;	author brian;	state Exp;
branches;
next	1.74.2.18;

1.74.2.18
date	2001.06.24.18.14.59;	author ume;	state Exp;
branches;
next	1.74.2.19;

1.74.2.19
date	2001.07.03.11.01.11;	author ume;	state Exp;
branches;
next	1.74.2.20;

1.74.2.20
date	2001.07.24.19.10.15;	author brooks;	state Exp;
branches;
next	1.74.2.21;

1.74.2.21
date	2001.08.01.20.02.42;	author obrien;	state Exp;
branches;
next	1.74.2.22;

1.74.2.22
date	2001.08.01.20.07.55;	author obrien;	state Exp;
branches;
next	1.74.2.23;

1.74.2.23
date	2001.08.17.07.26.38;	author hm;	state Exp;
branches;
next	1.74.2.24;

1.74.2.24
date	2001.11.19.10.42.28;	author sheldonh;	state Exp;
branches;
next	1.74.2.25;

1.74.2.25
date	2001.12.05.10.50.07;	author guido;	state Exp;
branches;
next	1.74.2.26;

1.74.2.26
date	2001.12.07.08.32.37;	author cjc;	state Exp;
branches;
next	1.74.2.27;

1.74.2.27
date	2001.12.09.06.02.40;	author brooks;	state Exp;
branches;
next	1.74.2.28;

1.74.2.28
date	2001.12.19.17.52.17;	author ru;	state Exp;
branches;
next	1.74.2.29;

1.74.2.29
date	2002.02.04.22.29.02;	author cjc;	state Exp;
branches;
next	1.74.2.30;

1.74.2.30
date	2002.02.09.10.38.42;	author cjc;	state Exp;
branches;
next	1.74.2.31;

1.74.2.31
date	2002.02.23.15.48.21;	author cjc;	state Exp;
branches;
next	1.74.2.32;

1.74.2.32
date	2002.02.27.10.36.03;	author sheldonh;	state Exp;
branches;
next	1.74.2.33;

1.74.2.33
date	2002.03.04.08.37.33;	author sheldonh;	state Exp;
branches;
next	1.74.2.34;

1.74.2.34
date	2002.03.07.18.10.02;	author sheldonh;	state Exp;
branches;
next	1.74.2.35;

1.74.2.35
date	2002.03.09.03.54.10;	author dd;	state Exp;
branches;
next	1.74.2.36;

1.74.2.36
date	2002.03.15.10.20.54;	author cjc;	state Exp;
branches;
next	1.74.2.37;

1.74.2.37
date	2002.03.21.10.27.34;	author cjc;	state Exp;
branches;
next	1.74.2.38;

1.74.2.38
date	2002.04.15.02.12.55;	author dougb;	state Exp;
branches;
next	1.74.2.39;

1.74.2.39
date	2002.04.24.18.51.42;	author joerg;	state Exp;
branches
	1.74.2.39.2.1;
next	1.74.2.40;

1.74.2.40
date	2002.07.05.07.48.02;	author ru;	state Exp;
branches;
next	;

1.74.2.39.2.1
date	2002.07.16.12.33.21;	author des;	state Exp;
branches;
next	;

1.39.2.1
date	99.03.17.20.04.57;	author billf;	state Exp;
branches;
next	1.39.2.2;

1.39.2.2
date	99.03.24.17.25.26;	author brian;	state Exp;
branches;
next	1.39.2.3;

1.39.2.3
date	99.04.10.10.59.15;	author des;	state Exp;
branches;
next	1.39.2.4;

1.39.2.4
date	99.04.12.15.29.11;	author brian;	state Exp;
branches;
next	1.39.2.5;

1.39.2.5
date	99.06.09.08.56.11;	author brian;	state Exp;
branches;
next	1.39.2.6;

1.39.2.6
date	99.07.15.18.41.14;	author obrien;	state Exp;
branches;
next	1.39.2.7;

1.39.2.7
date	99.07.15.18.45.07;	author obrien;	state Exp;
branches;
next	1.39.2.8;

1.39.2.8
date	99.07.30.17.30.26;	author brian;	state Exp;
branches;
next	1.39.2.9;

1.39.2.9
date	99.08.23.23.32.26;	author brian;	state Exp;
branches;
next	1.39.2.10;

1.39.2.10
date	99.08.29.14.18.56;	author peter;	state Exp;
branches;
next	1.39.2.11;

1.39.2.11
date	99.09.03.08.57.26;	author jkh;	state Exp;
branches;
next	1.39.2.12;

1.39.2.12
date	99.09.19.21.35.18;	author green;	state Exp;
branches;
next	1.39.2.13;

1.39.2.13
date	99.10.14.11.49.32;	author des;	state Exp;
branches;
next	1.39.2.14;

1.39.2.14
date	99.11.28.16.09.07;	author brian;	state Exp;
branches;
next	;

1.1.2.1
date	97.04.26.22.39.34;	author jkh;	state Exp;
branches;
next	1.1.2.2;

1.1.2.2
date	97.04.27.11.13.39;	author jkh;	state Exp;
branches;
next	1.1.2.3;

1.1.2.3
date	97.05.01.04.37.10;	author jkh;	state Exp;
branches;
next	1.1.2.4;

1.1.2.4
date	97.05.01.20.02.58;	author jkh;	state Exp;
branches;
next	1.1.2.5;

1.1.2.5
date	97.05.01.20.28.48;	author jkh;	state Exp;
branches;
next	1.1.2.6;

1.1.2.6
date	97.05.01.23.42.19;	author jkh;	state Exp;
branches;
next	1.1.2.7;

1.1.2.7
date	97.05.13.08.27.49;	author jkh;	state Exp;
branches;
next	1.1.2.8;

1.1.2.8
date	97.05.19.08.02.37;	author jkh;	state Exp;
branches;
next	1.1.2.9;

1.1.2.9
date	97.07.06.00.32.00;	author pst;	state Exp;
branches;
next	1.1.2.10;

1.1.2.10
date	97.09.14.23.35.26;	author danny;	state Exp;
branches;
next	1.1.2.11;

1.1.2.11
date	97.09.18.22.47.12;	author danny;	state Exp;
branches;
next	1.1.2.12;

1.1.2.12
date	97.12.01.06.06.35;	author obrien;	state Exp;
branches;
next	1.1.2.13;

1.1.2.13
date	98.02.01.00.24.02;	author wollman;	state Exp;
branches;
next	1.1.2.14;

1.1.2.14
date	98.02.15.14.24.50;	author jkh;	state Exp;
branches;
next	1.1.2.15;

1.1.2.15
date	98.02.20.14.46.12;	author brian;	state Exp;
branches;
next	1.1.2.16;

1.1.2.16
date	98.02.23.20.21.07;	author guido;	state Exp;
branches;
next	1.1.2.17;

1.1.2.17
date	98.02.27.20.49.15;	author jkh;	state Exp;
branches;
next	1.1.2.18;

1.1.2.18
date	98.03.09.08.52.01;	author jkh;	state Exp;
branches;
next	1.1.2.19;

1.1.2.19
date	98.05.05.21.39.44;	author andreas;	state Exp;
branches;
next	1.1.2.20;

1.1.2.20
date	98.05.06.17.43.00;	author andreas;	state Exp;
branches;
next	1.1.2.21;

1.1.2.21
date	98.06.27.21.23.20;	author steve;	state Exp;
branches;
next	1.1.2.22;

1.1.2.22
date	98.09.30.01.08.12;	author jdp;	state Exp;
branches;
next	1.1.2.23;

1.1.2.23
date	98.11.25.21.51.34;	author msmith;	state Exp;
branches;
next	1.1.2.24;

1.1.2.24
date	98.11.28.22.04.20;	author jkh;	state Exp;
branches;
next	1.1.2.25;

1.1.2.25
date	99.09.05.11.01.58;	author peter;	state Exp;
branches;
next	;


desc
@@


1.165
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/251584
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@#!/bin/sh
#
# Configure routing and miscellaneous network tunables
#
# $FreeBSD: head/etc/rc.d/routing 251584 2013-06-09 18:11:36Z hrs $
#

# PROVIDE: routing
# REQUIRE: faith netif ppp stf
# KEYWORD: nojailvnet

. /etc/rc.subr
. /etc/network.subr

name="routing"
start_cmd="routing_start doall"
stop_cmd="routing_stop"
extra_commands="options static"
static_cmd="routing_start static"
options_cmd="routing_start options"

ROUTE_CMD="/sbin/route"

routing_start()
{
	local _cmd _af _if _a
	_cmd=$1
	_af=$2
	_if=$3

	case $_if in
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
	esac

	case $_af in
	inet|inet6|ipx|atm)
		if afexists $_af; then
			setroutes $_cmd $_af $_if
		else
			err 1 "Unsupported address family: $_af."
		fi
		;;
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
		for _a in inet inet6 ipx atm; do
			afexists $_a && setroutes $_cmd $_a $_if
		done
		;;
	*)
		err 1 "Unsupported address family: $_af."
		;;
	esac
}

routing_stop()
{
	local _af _if _a
	_af=$1
	_if=$2

	case $_if in
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
	esac

	case $_af in
	inet|inet6|ipx|atm)
		if afexists $_af; then
			eval static_${_af} delete $_if 
			# When $_if is specified, do not flush routes.
			if ! [ -n "$_if" ]; then
				eval routing_stop_${_af}
			fi
		else
			err 1 "Unsupported address family: $_af."
		fi
		;;
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
		for _a in inet inet6 ipx atm; do
			afexists $_a || continue
			eval static_${_a} delete $_if
			# When $_if is specified, do not flush routes.
			if ! [ -n "$_if" ]; then
				eval routing_stop_${_a}
			fi
		done
		;;
	*)
		err 1 "Unsupported address family: $_af."
		;;
	esac
}

setroutes()
{
	case $1 in
	static)
		static_$2 add $3
		;;
	options)
		options_$2
		;;
	doall)
		static_$2 add $3
		options_$2
		;;
	esac
}

routing_stop_inet()
{
	${ROUTE_CMD} -n flush -inet
}

routing_stop_inet6()
{
	local i

	${ROUTE_CMD} -n flush -inet6
	for i in `list_net_interfaces`; do
		if ipv6if $i; then
			ifconfig $i inet6 -defaultif
		fi
	done
}

routing_stop_atm()
{
	return 0
}

routing_stop_ipx()
{
	return 0
}

static_inet()
{
	local _action _if _skip
	_action=$1
	_if=$2

	# Add default route.
	case ${defaultrouter} in
	[Nn][Oo] | '')
		;;
	*)
		static_routes="_default ${static_routes}"
		route__default="default ${defaultrouter}"
		;;
	esac

	# Install configured routes.
	if [ -n "${static_routes}" ]; then
		for i in ${static_routes}; do
			_skip=0
			if [ -n "$_if" ]; then
				case $i in
				*:$_if)	;;
				*)	_skip=1 ;;
				esac
			fi
			if [ $_skip = 0 ]; then
				route_args=`get_if_var ${i%:*} route_IF`
				if [ -n "$route_args" ]; then
					${ROUTE_CMD} ${_action} ${route_args}
				else
					warn "route_${i%:*} not found."
				fi
			fi
		done
	fi
}

static_inet6()
{
	local _action _if _skip fibmod fibs
	_action=$1
	_if=$2

	# get the number of FIBs supported.
	fibs=$((`${SYSCTL_N} net.fibs` - 1))
	if [ "$fibs" -gt 0 ]; then
		fibmod="-fib 0-$fibs"
	else
		fibmod=
	fi

	# Add pre-defined static routes first.
	ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}"
	ipv6_static_routes="_lla _llma ${ipv6_static_routes}"

	# disallow "internal" addresses to appear on the wire
	ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
	ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"

	# Disallow link-local unicast packets without outgoing scope
	# identifiers.  However, if you set "ipv6_default_interface",
	# for the host case, you will allow to omit the identifiers.
	# Under this configuration, the packets will go to the default
	# interface.
	ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}"
	ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}"

	# Add default route.
	case ${ipv6_defaultrouter} in
	[Nn][Oo] | '')
		;;
	*)
		ipv6_static_routes="_default ${ipv6_static_routes}"
		ipv6_route__default="default ${ipv6_defaultrouter}"
		;;
	esac

	# Install configured routes.
	if [ -n "${ipv6_static_routes}" ]; then
		for i in ${ipv6_static_routes}; do
			_skip=0
			if [ -n "$_if" ]; then
				case $i in
				*:$_if)	;;
				*)	_skip=1 ;;
				esac
			fi
			if [ $_skip = 0 ]; then
				ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF`
				if [ -n "$ipv6_route_args" ]; then
					${ROUTE_CMD} ${_action} \
						-inet6 ${ipv6_route_args}
				else
					warn "route_${i%:*} not found"
				fi
			fi
		done
	fi

	# Install the "default interface" to kernel, which will be used
	# as the default route when there's no router.

	# Disable installing the default interface when we act
	# as router to avoid conflict between the default
	# router list and the manual configured default route.
	if checkyesno ipv6_gateway_enable; then
		return
	fi

	case "${ipv6_default_interface}" in
	[Nn][Oo] | [Nn][Oo][Nn][Ee])
		return
		;;
	[Aa][Uu][Tt][Oo] | "")
		for i in ${ipv6_network_interfaces}; do
			case $i in
			[Nn][Oo][Nn][Ee])
				return
				;;
			lo0|faith[0-9]*)
				continue
				;;
			esac
			laddr=`network6_getladdr $i exclude_tentative`
			case ${laddr} in
			'')
				;;
			*)
				ipv6_default_interface=$i
				break
				;;
			esac
		done
		;;
	esac

	ifconfig ${ipv6_default_interface} inet6 defaultif
	sysctl net.inet6.ip6.use_defaultzone=1
}

static_atm()
{
	local _action i route_args
	_action=$1

	if [ -n "${natm_static_routes}" ]; then
		for i in ${natm_static_routes}; do
			route_args=`get_if_var $i route_IF`
			if [ -n "$route_args" ]; then
				atmconfig natm ${_action} ${route_args}
			else
				warn "route_${i} not found."
			fi
		done
	fi
}

static_ipx()
{
	:
}

ropts_init()
{
	if [ -z "${_ropts_initdone}" ]; then
		echo -n "Additional $1 routing options:"
		_ropts_initdone=yes
	fi
}

options_inet()
{
	_ropts_initdone=
	if checkyesno icmp_bmcastecho; then
		ropts_init inet
		echo -n ' broadcast ping responses=YES'
		${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
	else
		${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
	fi

	if checkyesno icmp_drop_redirect; then
		ropts_init inet
		echo -n ' ignore ICMP redirect=YES'
		${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
	else
		${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
	fi

	if checkyesno icmp_log_redirect; then
		ropts_init inet
		echo -n ' log ICMP redirect=YES'
		${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
	else
		${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
	fi

	if checkyesno gateway_enable; then
		ropts_init inet
		echo -n ' gateway=YES'
		${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
	else
		${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
	fi

	if checkyesno forward_sourceroute; then
		ropts_init inet
		echo -n ' do source routing=YES'
		${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
	else
		${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
	fi

	if checkyesno accept_sourceroute; then
		ropts_init inet
		echo -n ' accept source routing=YES'
		${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
	else
		${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
	fi

	if checkyesno arpproxy_all; then
		ropts_init inet
		echo -n ' ARP proxyall=YES'
		${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
	else
		${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
	fi

	[ -n "${_ropts_initdone}" ] && echo '.'
}

options_inet6()
{
	_ropts_initdone=

	if checkyesno ipv6_gateway_enable; then
		ropts_init inet6
		echo -n ' gateway=YES'
		${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
	else
		${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
	fi

	[ -n "${_ropts_initdone}" ] && echo '.'
}

options_atm()
{
	_ropts_initdone=

	[ -n "${_ropts_initdone}" ] && echo '.'
}

options_ipx()
{
	_ropts_initdone=

	if checkyesno ipxgateway_enable; then
		ropts_init ipx
		echo -n ' gateway=YES'
		${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null
	else
		${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null
	fi

	[ -n "${_ropts_initdone}" ] && echo '.'
}

load_rc_config $name
run_rc_command "$@@"
@


1.164
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/250804
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d5 1
a5 1
# $FreeBSD: head/etc/rc.d/routing 250804 2013-05-19 04:10:34Z jamie $
d22 1
a22 10
afcheck()
{
	case $_af in
	""|inet|inet6|ipx|atm)
		;;
	*)
		err 1 "Unsupported address family: $_af."
		;;
	esac
}
d26 1
a26 1
	local _cmd _af _a
d29 1
d31 3
a33 1
	afcheck
d37 5
a41 1
		setroutes $_cmd $_af
d43 1
a43 1
	"")
d45 1
a45 1
			afexists $_a && setroutes $_cmd $_a
d48 3
d56 1
a56 1
	local _af _a
d58 1
d60 3
a62 1
	afcheck
d66 9
a74 2
		eval static_${_af} delete
		eval routing_stop_${_af}
d76 1
a76 1
	"")
d79 5
a83 2
			eval static_${_a} delete
			eval routing_stop_${_a}
d86 3
d96 1
a96 1
		static_$2 add
d102 1
a102 1
		static_$2 add
d110 1
a110 1
	route -n flush -inet
d117 1
a117 1
	route -n flush -inet6
d137 1
a137 1
	local _action
d139 1
d141 1
d146 2
a147 2
		static_routes="default ${static_routes}"
		route_default="default ${defaultrouter}"
d151 1
d154 15
a168 2
			route_args=`get_if_var $i route_IF`
			route ${_action} ${route_args}
d175 1
a175 1
	local _action fibmod fibs
d177 1
d187 4
d192 2
a193 2
	route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}
	route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}
d195 9
d208 2
a209 2
		ipv6_static_routes="default ${ipv6_static_routes}"
		ipv6_route_default="default ${ipv6_defaultrouter}"
d213 1
d216 16
a231 2
			ipv6_route_args=`get_if_var $i ipv6_route_IF`
			route ${_action} -inet6 ${ipv6_route_args}
d235 2
a236 6
	# Fixup $ipv6_network_interfaces
	case ${ipv6_network_interfaces} in
	[Nn][Oo][Nn][Ee])
		ipv6_network_interfaces=''
		;;
	esac
d238 3
d242 1
a242 13
		for i in ${ipv6_network_interfaces}; do

			laddr=`network6_getladdr $i exclude_tentative`
			case ${laddr} in
			'')
				;;
			*)
				ipv6_working_interfaces="$i \
				    ${ipv6_working_interfaces}"
				;;
			esac
		done
		ipv6_network_interfaces=${ipv6_working_interfaces}
a244 2
	# Install the "default interface" to kernel, which will be used
	# as the default route when there's no router.
d247 1
a247 1
		ipv6_default_interface=""
d252 3
d272 2
a273 21
	# Disallow link-local unicast packets without outgoing scope
	# identifiers.  However, if you set "ipv6_default_interface",
	# for the host case, you will allow to omit the identifiers.
	# Under this configuration, the packets will go to the default
	# interface.
	route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject ${fibmod}
	route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject ${fibmod}

	case ${ipv6_default_interface} in
	'')
		;;
	*)
		# Disable installing the default interface when we act
		# as router to avoid conflict between the default
		# router list and the manual configured default route.
		if ! checkyesno ipv6_gateway_enable; then
			ifconfig ${ipv6_default_interface} inet6 defaultif
			sysctl net.inet6.ip6.use_defaultzone=1
		fi
		;;
	esac
d284 5
a288 1
			atmconfig natm ${_action} ${route_args}
@


1.163
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 243212
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r243212 | hrs | 2012-11-18 11:22:15 +0000 (Sun, 18 Nov 2012) | 4 lines
## SVN ##
## SVN ## Fix condition to check if the maximum number of FIBs is greater than 0 or not.
## SVN ##
## SVN ## Spotted by:	zont
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d5 1
a5 1
# $FreeBSD: head/etc/rc.d/routing 243212 2012-11-18 11:22:15Z hrs $
d10 1
a10 1
# KEYWORD: nojail
@


1.163.2.1
log
@file routing was added on branch RELENG_8_4 on 2013-03-28 13:02:44 +0000
@
text
@d1 371
@


1.163.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 168
#!/bin/sh
#
# Configure routing and miscellaneous network tunables
#
# $FreeBSD: releng/8.4/etc/rc.d/routing 232906 2012-03-12 22:13:17Z bz $
#

# PROVIDE: routing
# REQUIRE: netif ppp
# KEYWORD: nojail

. /etc/rc.subr
. /etc/network.subr

name="routing"
start_cmd="routing_start"
stop_cmd="routing_stop"
extra_commands="options static"
static_cmd="static_start"
options_cmd="options_start"

routing_start()
{
	static_start
	options_start
}

routing_stop()
{
	route -n flush
}

static_start()
{
	case ${defaultrouter} in
	[Nn][Oo] | '')
		;;
	*)
		static_routes="default ${static_routes}"
		route_default="default ${defaultrouter}"
		;;
	esac

	# Setup static routes. This should be done before router discovery.
	#
	if [ -n "${static_routes}" ]; then
		for i in ${static_routes}; do
			eval route_args=\$route_${i}
			route add ${route_args}
		done
	fi
	# Now ATM static routes
	#
	if [ -n "${natm_static_routes}" ]; then
		for i in ${natm_static_routes}; do
			eval route_args=\$route_${i}
			atmconfig natm add ${route_args}
		done
	fi

	# Disallow "internal" addresses to appear on the wire if inet6
	# is enabled.
	if afexists inet6; then
		local fibs i

		# Get the number of FIBs supported.
		fibs=`sysctl -n net.fibs`
		: ${fibs:=1}

		# disallow "internal" addresses to appear on the wire
		route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
		route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
		i=1
		if test ${i} -lt ${fibs}; then
			printf "Also installing reject routes for FIBs"
			while test ${i} -lt ${fibs}; do
				setfib -F ${i} route -q add -inet6 \
				    ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
				setfib -F ${i} route -q add -inet6 \
				    ::0.0.0.0 -prefixlen 96 ::1 -reject
				printf " %d" ${i}
				i=$((i + 1))
			done
			printf "\n"
		fi
	fi
}

_ropts_initdone=
ropts_init()
{
	if [ -z "${_ropts_initdone}" ]; then
		echo -n 'Additional routing options:'
		_ropts_initdone=yes
	fi
}

options_start()
{
	case ${icmp_bmcastecho} in
	[Yy][Ee][Ss])
		ropts_init
		echo -n ' broadcast ping responses=YES'
		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
		;;
	esac

	case ${icmp_drop_redirect} in
	[Yy][Ee][Ss])
		ropts_init
		echo -n ' ignore ICMP redirect=YES'
		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
		;;
	esac

	case ${icmp_log_redirect} in
	[Yy][Ee][Ss])
		ropts_init
		echo -n ' log ICMP redirect=YES'
		sysctl net.inet.icmp.log_redirect=1 >/dev/null
		;;
	esac

	case ${gateway_enable} in
	[Yy][Ee][Ss])
		ropts_init
		echo -n ' IP gateway=YES'
		sysctl net.inet.ip.forwarding=1 >/dev/null
		;;
	esac

	case ${forward_sourceroute} in
	[Yy][Ee][Ss])
		ropts_init
		echo -n ' do source routing=YES'
		sysctl net.inet.ip.sourceroute=1 >/dev/null
		;;
	esac

	case ${accept_sourceroute} in
	[Yy][Ee][Ss])
		ropts_init
		echo -n ' accept source routing=YES'
		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
		;;
	esac

	case ${ipxgateway_enable} in
	[Yy][Ee][Ss])
		ropts_init
		echo -n ' IPX gateway=YES'
		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
		;;
	esac

	case ${arpproxy_all} in
	[Yy][Ee][Ss])
		ropts_init
		echo -n ' ARP proxyall=YES'
		sysctl net.link.ether.inet.proxyall=1 >/dev/null
		;;
	esac

	 [ -n "${_ropts_initdone}" ] && echo '.'
}

load_rc_config $name
run_rc_command "$1"
@


1.162
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 243188
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r243188 | hrs | 2012-11-17 21:44:02 +0000 (Sat, 17 Nov 2012) | 2 lines
## SVN ##
## SVN ## Use -fib N modifier to add/delete a route to/from multiple FIBs.
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d5 1
a5 1
# $FreeBSD: head/etc/rc.d/routing 243188 2012-11-17 21:44:02Z hrs $
d147 1
a147 1
	if [ -n "$fibs" ]; then
@


1.161
log
@Switching exporter and resync
@
text
@d5 1
a5 1
# $FreeBSD: head/etc/rc.d/routing 232515 2012-03-04 18:53:35Z bz $
d142 1
a142 1
	local _action i fibs
d146 6
a151 2
	fibs=`sysctl -n net.fibs`
	: ${fibs:=1}
d154 2
a155 15
	route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
	route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
	i=1
	if test ${i} -lt ${fibs}; then
		printf "Also installing reject routes for FIBs"
		while test ${i} -lt ${fibs}; do
			setfib -F ${i} route -q ${_action} \
			    -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
			setfib -F ${i} route -q ${_action} \
			    -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
			printf " %d" ${i}
			i=$((i + 1))
		done
		printf "\n"
	fi
d227 2
a228 15
	route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
	route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
	i=1
	if test ${i} -lt ${fibs}; then
		printf "Also installing reject routes for FIBs"
		while test ${i} -lt ${fibs}; do
			setfib -F ${i} route -q ${_action} \
			    -inet6 fe80:: -prefixlen 10 ::1 -reject
			setfib -F ${i} route -q ${_action} \
			    -inet6 ff02:: -prefixlen 16 ::1 -reject
			printf " %d" ${i}
			i=$((i + 1))
		done
		printf "\n"
	fi
@


1.160
log
@SVN rev 232515 on 2012-03-04 18:53:35Z by bz

Rather than printing the output from route add for all FIBs just print them
for the default FIB followed by a statement with a list of FIB numbers for
all the other FIBs we install the routes for.

Request by:	kib (to make it less noisy)
Tested by:	kib
MFC after:	3 days
@
text
@d5 1
a5 1
# $FreeBSD$
@


1.159
log
@SVN rev 231852 on 2012-02-17 02:39:58Z by bz

Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:

Extend the so far IPv4-only support for multiple routing tables (FIBs)
introduced in r178888 to IPv6 providing feature parity.

This includes an extended rtalloc(9) KPI for IPv6, the necessary
adjustments to the network stack, and user land support as in netstat.

Sponsored by:	Cisco Systems, Inc.
Reviewed by:	melifaro (basically)
MFC after:	10 days
@
text
@d150 15
a164 8
	i=0
	while test ${i} -lt ${fibs}; do
		setfib -F ${i} route ${_action} \
		    -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
		setfib -F ${i} route ${_action} \
		    -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
		i=$((i + 1))
	done
d236 15
a250 8
	i=0
	while test ${i} -lt ${fibs}; do
		setfib -F ${i} route ${_action} \
		    -inet6 fe80:: -prefixlen 10 ::1 -reject
		setfib -F ${i} route ${_action} \
		    -inet6 ff02:: -prefixlen 16 ::1 -reject
		i=$((i + 1))
	done
@


1.158
log
@SVN rev 230991 on 2012-02-04 18:14:49Z by hrs

Fix $ipv6_network_interfaces handling in rc.d/routing.  It could fail when
it was set to "auto", for example.

MFC after:	3 days
@
text
@d142 1
a142 1
	local _action i
d145 4
d150 8
a157 2
	route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
	route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
d229 8
a236 2
	route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
	route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
@


1.157
log
@SVN rev 227366 on 2011-11-08 23:02:32Z by jilles

rc.d: Eliminate some unnecessary non-POSIX constructs:

 * set - ...
 * empty braces
 * ^ in character class
@
text
@d101 4
a104 2
	for i in ${ipv6_network_interfaces}; do
		ifconfig $i inet6 -defaultif
@


1.156
log
@SVN rev 224132 on 2011-07-17 14:52:55Z by jilles

rc.d/routing: Fix ugly output with additional routing options.

Print a separate "Additional routing options" line for each address family
which has additional options, so that it does not get mixed up with the
output from adding routes.

This also reverts r224048 which added newlines to two arbitrary routing
options.
@
text
@d250 1
@


1.156.2.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.156.2.2
log
@SVN rev 232292 on 2012-02-29 09:47:26Z by bz

MFC r231852,232127:

 Merge multi-FIB IPv6 support.

 Extend the so far IPv4-only support for multiple routing tables (FIBs)
 introduced in r178888 to IPv6 providing feature parity.

 This includes an extended rtalloc(9) KPI for IPv6, the necessary
 adjustments to the network stack, and user land support as in netstat.

Sponsored by:	Cisco Systems, Inc.
@
text
@d140 1
a140 1
	local _action i fibs
a142 4
	# get the number of FIBs supported.
	fibs=`sysctl -n net.fibs`
	: ${fibs:=1}

d144 2
a145 8
	i=0
	while test ${i} -lt ${fibs}; do
		setfib -F ${i} route ${_action} \
		    -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
		setfib -F ${i} route ${_action} \
		    -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
		i=$((i + 1))
	done
d217 2
a218 8
	i=0
	while test ${i} -lt ${fibs}; do
		setfib -F ${i} route ${_action} \
		    -inet6 fe80:: -prefixlen 10 ::1 -reject
		setfib -F ${i} route ${_action} \
		    -inet6 ff02:: -prefixlen 16 ::1 -reject
		i=$((i + 1))
	done
@


1.156.2.3
log
@SVN rev 232904 on 2012-03-12 22:08:03Z by bz

MFC r232515:

 Rather than printing the output from route add for all FIBs just print them
 for the default FIB followed by a statement with a list of FIB numbers for
 all the other FIBs we install the routes for.

 Request by:	kib (to make it less noisy)
Tested by:	kib
@
text
@d148 8
a155 15
	route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
	route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
	i=1
	if test ${i} -lt ${fibs}; then
		printf "Also installing reject routes for FIBs"
		while test ${i} -lt ${fibs}; do
			setfib -F ${i} route -q ${_action} \
			    -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
			setfib -F ${i} route -q ${_action} \
			    -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
			printf " %d" ${i}
			i=$((i + 1))
		done
		printf "\n"
	fi
d227 8
a234 15
	route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
	route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
	i=1
	if test ${i} -lt ${fibs}; then
		printf "Also installing reject routes for FIBs"
		while test ${i} -lt ${fibs}; do
			setfib -F ${i} route -q ${_action} \
			    -inet6 fe80:: -prefixlen 10 ::1 -reject
			setfib -F ${i} route -q ${_action} \
			    -inet6 ff02:: -prefixlen 16 ::1 -reject
			printf " %d" ${i}
			i=$((i + 1))
		done
		printf "\n"
	fi
@


1.156.2.4
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d5 1
a5 1
# $FreeBSD: stable/9/etc/rc.d/routing 232904 2012-03-12 22:08:03Z bz $
@


1.156.2.5
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/250915
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d5 1
a5 1
# $FreeBSD: stable/9/etc/rc.d/routing 250915 2013-05-22 18:26:12Z jamie $
d10 1
a10 1
# KEYWORD: nojailvnet
@


1.156.2.6
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/253234
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d5 1
a5 1
# $FreeBSD: stable/9/etc/rc.d/routing 253234 2013-07-12 01:23:41Z hrs $
d140 1
a140 1
	local _action fibmod fibs
d144 2
a145 6
	fibs=$((`${SYSCTL_N} net.fibs` - 1))
	if [ "$fibs" -gt 0 ]; then
		fibmod="-fib 0-$fibs"
	else
		fibmod=
	fi
d148 15
a162 2
	route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}
	route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}
d234 15
a248 2
	route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject ${fibmod}
	route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject ${fibmod}
@


1.156.2.7
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/253238
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d5 1
a5 1
# $FreeBSD: stable/9/etc/rc.d/routing 253238 2013-07-12 01:34:24Z hrs $
d22 10
a31 1
ROUTE_CMD="/sbin/route"
d35 1
a35 1
	local _cmd _af _if _a
a37 1
	_if=$3
d39 1
a39 3
	case $_if in
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
	esac
d43 1
a43 5
		if afexists $_af; then
			setroutes $_cmd $_af $_if
		else
			err 1 "Unsupported address family: $_af."
		fi
d45 1
a45 1
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
d47 1
a47 1
			afexists $_a && setroutes $_cmd $_a $_if
a49 3
	*)
		err 1 "Unsupported address family: $_af."
		;;
d55 1
a55 1
	local _af _if _a
a56 1
	_if=$2
d58 1
a58 3
	case $_if in
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])	_if="" ;;
	esac
d62 2
a63 9
		if afexists $_af; then
			eval static_${_af} delete $_if 
			# When $_if is specified, do not flush routes.
			if ! [ -n "$_if" ]; then
				eval routing_stop_${_af}
			fi
		else
			err 1 "Unsupported address family: $_af."
		fi
d65 1
a65 1
	""|[Aa][Ll][Ll]|[Aa][Nn][Yy])
d68 2
a69 5
			eval static_${_a} delete $_if
			# When $_if is specified, do not flush routes.
			if ! [ -n "$_if" ]; then
				eval routing_stop_${_a}
			fi
a71 3
	*)
		err 1 "Unsupported address family: $_af."
		;;
d79 1
a79 1
		static_$2 add $3
d85 1
a85 1
		static_$2 add $3
d93 1
a93 1
	${ROUTE_CMD} -n flush -inet
d100 1
a100 1
	${ROUTE_CMD} -n flush -inet6
d118 1
a118 1
	local _action _if _skip
a119 1
	_if=$2
a120 1
	# Add default route.
d125 2
a126 2
		static_routes="_default ${static_routes}"
		route__default="default ${defaultrouter}"
a129 1
	# Install configured routes.
d132 2
a133 15
			_skip=0
			if [ -n "$_if" ]; then
				case $i in
				*:$_if)	;;
				*)	_skip=1 ;;
				esac
			fi
			if [ $_skip = 0 ]; then
				route_args=`get_if_var ${i%:*} route_IF`
				if [ -n "$route_args" ]; then
					${ROUTE_CMD} ${_action} ${route_args}
				else
					warn "route_${i%:*} not found."
				fi
			fi
d140 1
a140 1
	local _action _if _skip fibmod fibs
a141 1
	_if=$2
a150 4
	# Add pre-defined static routes first.
	ipv6_static_routes="_v4mapped _v4compat ${ipv6_static_routes}"
	ipv6_static_routes="_lla _llma ${ipv6_static_routes}"

d152 2
a153 2
	ipv6_route__v4mapped="::ffff:0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
	ipv6_route__v4compat="::0.0.0.0 -prefixlen 96 ::1 -reject ${fibmod}"
a154 9
	# Disallow link-local unicast packets without outgoing scope
	# identifiers.  However, if you set "ipv6_default_interface",
	# for the host case, you will allow to omit the identifiers.
	# Under this configuration, the packets will go to the default
	# interface.
	ipv6_route__lla="fe80:: -prefixlen 10 ::1 -reject ${fibmod}"
	ipv6_route__llma="ff02:: -prefixlen 16 ::1 -reject ${fibmod}"

	# Add default route.
d159 2
a160 2
		ipv6_static_routes="_default ${ipv6_static_routes}"
		ipv6_route__default="default ${ipv6_defaultrouter}"
a163 1
	# Install configured routes.
d166 2
a167 16
			_skip=0
			if [ -n "$_if" ]; then
				case $i in
				*:$_if)	;;
				*)	_skip=1 ;;
				esac
			fi
			if [ $_skip = 0 ]; then
				ipv6_route_args=`get_if_var ${i%:*} ipv6_route_IF`
				if [ -n "$ipv6_route_args" ]; then
					${ROUTE_CMD} ${_action} \
						-inet6 ${ipv6_route_args}
				else
					warn "route_${i%:*} not found"
				fi
			fi
d171 6
a176 2
	# Install the "default interface" to kernel, which will be used
	# as the default route when there's no router.
a177 3
	# Disable installing the default interface when we act
	# as router to avoid conflict between the default
	# router list and the manual configured default route.
d179 13
a191 1
		return
d194 2
d198 1
a198 1
		return
a202 3
			[Nn][Oo][Nn][Ee])
				return
				;;
d220 21
a240 2
	ifconfig ${ipv6_default_interface} inet6 defaultif
	sysctl net.inet6.ip6.use_defaultzone=1
d251 1
a251 5
			if [ -n "$route_args" ]; then
				atmconfig natm ${_action} ${route_args}
			else
				warn "route_${i} not found."
			fi
@


1.156.2.3.2.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.156.2.3.2.2
log
@Switch importer
@
text
@d5 1
a5 1
# $FreeBSD: releng/9.1/etc/rc.d/routing 232904 2012-03-12 22:08:03Z bz $
@


1.156.2.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.156.2.1.2.2
log
@Switch importer
@
text
@d5 1
a5 1
# $FreeBSD: releng/9.0/etc/rc.d/routing 224132 2011-07-17 14:52:55Z jilles $
@


1.155
log
@SVN rev 224048 on 2011-07-15 01:59:08Z by kevlo

Remove "-n" from echo

Reviewed by:	dougb
@
text
@a50 1
	[ -n "${_ropts_initdone}" ] && echo '.'
a251 1
_ropts_initdone=
d255 1
a255 1
		echo -n 'Additional routing options:'
d262 1
d264 1
a264 1
		ropts_init
d272 1
a272 1
		ropts_init
d280 1
a280 1
		ropts_init
d288 2
a289 2
		ropts_init
		echo ' IPv4 gateway=YES'
d296 1
a296 1
		ropts_init
d304 1
a304 1
		ropts_init
d312 1
a312 1
		ropts_init
d318 2
d324 2
d327 2
a328 2
		ropts_init
		echo ' IPv6 gateway=YES'
d333 2
d339 3
d346 2
d349 2
a350 2
		ropts_init
		echo -n ' IPX gateway=YES'
d355 2
@


1.154
log
@SVN rev 220153 on 2011-03-30 01:19:00Z by emaste

Replace ${SYSCTL_W} with ${SYSCTL} in rc.d scripts, as they are identical.
This is a further clean up after r202988.

SYSCTL_W is still initialized in rc.subr as some ports may still use it.
@
text
@d290 1
a290 1
		echo -n ' IPv4 gateway=YES'
d325 1
a325 1
		echo -n ' IPv6 gateway=YES'
@


1.153
log
@SVN rev 207225 on 2010-04-26 15:31:58Z by ume

Better handling of ipv6_default_interface using
net.inet6.ip6.use_defaultzone=1.  Now, it works IPv6 link-local
unicast addresses as well as IPv6 link-local multicast addresses.

MFC after:	1 week
@
text
@d267 1
a267 1
		${SYSCTL_W} net.inet.icmp.bmcastecho=1 > /dev/null
d269 1
a269 1
		${SYSCTL_W} net.inet.icmp.bmcastecho=0 > /dev/null
d275 1
a275 1
		${SYSCTL_W} net.inet.icmp.drop_redirect=1 > /dev/null
d277 1
a277 1
		${SYSCTL_W} net.inet.icmp.drop_redirect=0 > /dev/null
d283 1
a283 1
		${SYSCTL_W} net.inet.icmp.log_redirect=1 > /dev/null
d285 1
a285 1
		${SYSCTL_W} net.inet.icmp.log_redirect=0 > /dev/null
d291 1
a291 1
		${SYSCTL_W} net.inet.ip.forwarding=1 > /dev/null
d293 1
a293 1
		${SYSCTL_W} net.inet.ip.forwarding=0 > /dev/null
d299 1
a299 1
		${SYSCTL_W} net.inet.ip.sourceroute=1 > /dev/null
d301 1
a301 1
		${SYSCTL_W} net.inet.ip.sourceroute=0 > /dev/null
d307 1
a307 1
		${SYSCTL_W} net.inet.ip.accept_sourceroute=1 > /dev/null
d309 1
a309 1
		${SYSCTL_W} net.inet.ip.accept_sourceroute=0 > /dev/null
d315 1
a315 1
		${SYSCTL_W} net.link.ether.inet.proxyall=1 > /dev/null
d317 1
a317 1
		${SYSCTL_W} net.link.ether.inet.proxyall=0 > /dev/null
d326 1
a326 1
		${SYSCTL_W} net.inet6.ip6.forwarding=1 > /dev/null
d328 1
a328 1
		${SYSCTL_W} net.inet6.ip6.forwarding=0 > /dev/null
d341 1
a341 1
		${SYSCTL_W} net.ipx.ipx.ipxforwarding=1 > /dev/null
d343 1
a343 1
		${SYSCTL_W} net.ipx.ipx.ipxforwarding=0 > /dev/null
@


1.152
log
@SVN rev 197719 on 2009-10-02 20:19:53Z by hrs

- Enable an afexists() check only when no AF argument is specified.
- Simplify helper functions.

Discussed with:	ume
@
text
@d213 5
a217 2
	# Disallow unicast packets without outgoing scope identifiers,
	# or route such packets to a "default" interface, if it is specified.
d219 1
a222 1
		route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
d225 3
a227 8
		laddr=`network6_getladdr ${ipv6_default_interface}`
		route ${_action} -inet6 ff02:: ${laddr} -prefixlen 16 -interface

		# Disable installing the default interface with the
		# case net.inet6.ip6.forwarding=0 and
		# the interface with no ND6_IFF_ACCEPT_RTADV
		# to avoid conflict between the default router list and
		# the manual configured default route.
d229 2
a230 10
			ifconfig ${ipv6_default_interface} nd6 | \
			while read proto options
			do
				case "${proto}:${options}" in
				nd6:*ACCEPT_RTADV*)
					ifconfig ${ipv6_default_interface} inet6 defaultif
					break
				;;
				esac
			done
@


1.151
log
@SVN rev 197699 on 2009-10-02 02:28:59Z by hrs

- Split routing_*() and option_*() to *_AF() and add afexists() check
  for each address family.  Replace AF_static() with static_AF() for
  consistency.

- Display a message only if the user sets a non-default value, and set
  a sysctl explicitly even if it is the default value.
@
text
@d16 1
a16 1
start_cmd="routing_start"
d19 13
a31 2
static_cmd="static_start"
options_cmd="options_start"
d35 17
a51 2
	static_start "$@@"
	options_start "$@@"
d56 4
a59 1
	local _af
d61 29
a89 4
	static_stop "$@@"
	for _af in inet inet6; do
		afexists ${_af} && eval routing_stop_${_af}
	done
d107 1
a107 16
static_start()
{
	local _af
	_af=$1

	case ${_af} in
	inet|inet6|atm)
		do_static add ${_af}
		;;
	"")
		do_static add inet inet6 atm
		;;
	esac
}

static_stop()
d109 1
a109 11
	local _af
	_af=$1

	case ${_af} in
	inet|inet6|atm)
		do_static delete ${_af}
		;;
	"")
		do_static delete inet inet6 atm
		;;
	esac
d112 1
a112 1
do_static()
d114 1
a114 7
	local _af _action
	_action=$1

	shift
	for _af in "$@@"; do
		afexists ${_af} && eval static_${_af} ${_action}
	done
d259 4
a271 10
options_start()
{
	local _af

	for _af in inet inet6 ipx; do
		afexists ${_af} && eval options_${_af}
	done
	 [ -n "${_ropts_initdone}" ] && echo '.'
}

d342 4
@


1.150
log
@SVN rev 197646 on 2009-09-30 14:58:10Z by ume

Don't do an IPv6 operation when the kernel doesn't have
an IPv6 support.

Reported by:	Alexander Best <alexbestms__at__math.uni-muenster.de>
Confirmed by:	Paul B. Mahol <onemda__at__gmail.com>,
		Alexander Best <alexbestms__at__math.uni-muenster.de>
@
text
@d30 2
d33 15
a47 1
	route -n flush
d59 2
a60 2
	inet)
		do_static inet add
d62 2
a63 12
	inet6)
		do_static inet6 add
		;;
	atm)
		do_static atm add
		;;
	*)
		do_static inet add
		if afexists inet6; then
			do_static inet6 add
		fi
		do_static atm add
d74 2
a75 5
	inet)
		do_static inet delete
		;;
	inet6)
		do_static inet6 delete
d77 2
a78 9
	atm)
		do_static atm delete
		;;
	*)
		do_static inet delete
		if afexists inet6; then
			do_static inet6 delete
		fi
		do_static atm delete
d86 1
a86 2
	_af=$1
	_action=$2
d88 4
a91 1
	eval $1_static $2
d94 1
a94 1
inet_static()
d116 1
a116 1
inet6_static()
d223 1
a223 1
atm_static()
d225 1
a225 1
	local _action i
d247 10
d260 3
a262 1
		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
d268 3
a270 1
		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
d276 3
a278 1
		sysctl net.inet.icmp.log_redirect=1 >/dev/null
d284 3
a286 7
		sysctl net.inet.ip.forwarding=1 >/dev/null
	fi

	if checkyesno ipv6_gateway_enable; then
		ropts_init
		echo -n ' IPv6 gateway=YES'
		sysctl net.inet6.ip6.forwarding=1 >/dev/null
d292 3
a294 1
		sysctl net.inet.ip.sourceroute=1 >/dev/null
d300 3
a302 1
		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
d305 1
a305 1
	if checkyesno ipxgateway_enable; then
d307 4
a310 2
		echo -n ' IPX gateway=YES'
		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
d312 1
d314 3
a316 1
	if checkyesno arpproxy_all; then
d318 4
a321 2
		echo -n ' ARP proxyall=YES'
		sysctl net.link.ether.inet.proxyall=1 >/dev/null
d323 1
d325 9
a333 1
	 [ -n "${_ropts_initdone}" ] && echo '.'
@


1.149
log
@SVN rev 197527 on 2009-09-26 19:00:20Z by hrs

Move rc.d/{stf,faith} to just before rc.d/routing.

Pointed out by:	tegge
@
text
@d54 3
a56 1
		do_static inet6 add
d79 3
a81 1
		do_static inet6 delete
@


1.148
log
@SVN rev 197175 on 2009-09-13 20:19:02Z by bz

Correct a copy and paste error using the variable name from the
legacy IP handling rather than the IPv6 version.

Reported by:	Pegasus Mc Cleaft (ken mthelicon.com)
Tested by:	Pegasus Mc Cleaft (ken mthelicon.com)
MFC after:	2 days
X-MFX with:	r197139
@
text
@d9 1
a9 1
# REQUIRE: netif ppp
@


1.147
log
@SVN rev 197139 on 2009-09-12 22:13:41Z by hrs

Integrate rc.d/network_ipv6 into rc.d/netif:

- Add rc.d/stf and rc.d/faith for stf(4) and faith(4).
- Remove rc.d/auto_linklocal and rc.d/network_ipv6.
- Move rc.d/sysctl to just before FILESYSTEMS because rc.d/netif
  depends on some sysctl variables.

Reviewed by:	brooks
MFC after:	3 days
@
text
@d135 1
a135 1
			route ${_action} -inet6 ${route_args}
@


1.146
log
@SVN rev 179940 on 2008-06-23 04:00:45Z by mtm

Do not print anything unless one of the net/routing options is set.
@
text
@d24 2
a25 2
	static_start
	options_start
d30 1
d32 3
d39 58
a105 2
	# Setup static routes. This should be done before router discovery.
	#
d108 28
a135 2
			eval route_args=\$route_${i}
			route add ${route_args}
d138 88
a225 2
	# Now ATM static routes
	#
d228 2
a229 2
			eval route_args=\$route_${i}
			atmconfig natm add ${route_args}
d245 1
a245 2
	case ${icmp_bmcastecho} in
	[Yy][Ee][Ss])
d249 1
a249 2
		;;
	esac
d251 1
a251 2
	case ${icmp_drop_redirect} in
	[Yy][Ee][Ss])
d255 1
a255 2
		;;
	esac
d257 1
a257 2
	case ${icmp_log_redirect} in
	[Yy][Ee][Ss])
d261 1
a261 2
		;;
	esac
d263 1
a263 2
	case ${gateway_enable} in
	[Yy][Ee][Ss])
d265 1
a265 1
		echo -n ' IP gateway=YES'
d267 7
a273 2
		;;
	esac
d275 1
a275 2
	case ${forward_sourceroute} in
	[Yy][Ee][Ss])
d279 1
a279 2
		;;
	esac
d281 1
a281 2
	case ${accept_sourceroute} in
	[Yy][Ee][Ss])
d285 1
a285 2
		;;
	esac
d287 1
a287 2
	case ${ipxgateway_enable} in
	[Yy][Ee][Ss])
d291 1
a291 2
		;;
	esac
d293 1
a293 2
	case ${arpproxy_all} in
	[Yy][Ee][Ss])
d297 1
a297 2
		;;
	esac
d303 1
a303 1
run_rc_command "$1"
@


1.146.2.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.146.2.2
log
@SVN rev 231803 on 2012-02-16 01:41:34Z by hrs

Add static routes to ::ffff:0.0.0.0/96 and ::0.0.0.0/96 unconditionally when
the kernel supports PF_INET6.

PR:	kern/161899
@
text
@a59 8

	# Disallow "internal" addresses to appear on the wire if inet6
	# is enabled.
	if afexists inet6; then
		# disallow "internal" addresses to appear on the wire
		route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
		route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
	fi
@


1.146.2.3
log
@SVN rev 232552 on 2012-03-05 17:33:01Z by bz

MFC r231852,232127:

  Merge multi-FIB IPv6 support.

  Extend the so far IPv4-only support for multiple routing tables (FIBs)
  introduced in r178888 to IPv6 providing feature parity.

  This includes an extended rtalloc(9) KPI for IPv6, the necessary
  adjustments to the network stack, and user land support as in netstat.

Sponsored by:	Cisco Systems, Inc.
@
text
@a63 6
		local fibs i

		# Get the number of FIBs supported.
		fibs=`sysctl -n net.fibs`
		: ${fibs:=1}

d65 2
a66 8
		i=0
		while test ${i} -lt ${fibs}; do
			setfib -F ${i} route add -inet6 \
			    ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
			setfib -F ${i} route add -inet6 \
			    ::0.0.0.0 -prefixlen 96 ::1 -reject
			i=$((i + 1))
		done
@


1.146.2.4
log
@SVN rev 232906 on 2012-03-12 22:13:17Z by bz

MFC r232515:

 Rather than printing the output from route add for all FIBs just print them
 for the default FIB followed by a statement with a list of FIB numbers for
 all the other FIBs we install the routes for.
@
text
@d71 8
a78 15
		route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
		route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
		i=1
		if test ${i} -lt ${fibs}; then
			printf "Also installing reject routes for FIBs"
			while test ${i} -lt ${fibs}; do
				setfib -F ${i} route -q add -inet6 \
				    ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
				setfib -F ${i} route -q add -inet6 \
				    ::0.0.0.0 -prefixlen 96 ::1 -reject
				printf " %d" ${i}
				i=$((i + 1))
			done
			printf "\n"
		fi
@


1.146.2.5
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d5 1
a5 1
# $FreeBSD: stable/8/etc/rc.d/routing 232906 2012-03-12 22:13:17Z bz $
@


1.146.2.2.2.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.146.2.2.2.2
log
@Switch importer
@
text
@d5 1
a5 1
# $FreeBSD: releng/8.3/etc/rc.d/routing 231803 2012-02-16 01:41:34Z hrs $
@


1.146.2.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.146.2.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.146.2.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.145
log
@SVN rev 179566 on 2008-06-05 17:26:47Z by brooks

Fix the wait for default route change I made a few weeks ago by creating
a new defaultroute script that just does the wait.  The previous attempt
created a circular dependency through network_ipv6.

Pointy hat to:	brooks
@
text
@d62 9
a72 1
	echo -n 'Additional routing options:'
d75 1
d83 1
d91 1
d99 1
d107 1
d115 1
d123 1
d131 1
d137 1
a137 1
	echo '.'
@


1.144
log
@Move the wait for a default route to rc.d/routing.  Once we test for
non-dhcp interfaces to negotiate/associate this will make more sense.

This also correctly gets run after both devd and netif are run so it has
a chance of working.
@
text
@d9 1
a9 1
# REQUIRE: devd netif ppp
a25 25

	# Return without waiting if we don't have dhcp interfaces.
	# Once we can test that the link is actually up, we should
	# remove this test and always wait.
	dhcp_interfaces=`list_net_interfaces dhcp`
	[ -z "`list_net_interfaces dhcp`" ] && return

	# Wait for a default route
	delay=${if_up_delay}
	while [ ${delay} -gt 0 ]; do
		defif=`get_default_if -inet`
		if [ -n "${defif}" ]; then
			if [ ${delay} -ne ${if_up_delay} ]; then
				echo "($defif)"
			fi
			break
		fi
		if [ ${delay} -eq ${if_up_delay} ]; then
			echo -n "Waiting ${delay}s for an interface to come up: "
		else
			echo -n .
		fi
		sleep 1
		delay=`expr $delay - 1`
	done
@


1.143
log
@Move options that do not have anything to do with routing out of
rc.d/routing and in to rc.d/netoptions. Also instead of saying
"TCP options" say "IP options".
@
text
@d9 1
a9 1
# REQUIRE: netif ppp
d13 1
d26 25
@


1.143.2.1
log
@Switch importer
@
text
@d5 1
a5 1
# $FreeBSD: stable/7/etc/rc.d/routing 220110 2011-03-28 19:29:30Z dougb $
@


1.143.12.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.143.12.2
log
@Switch importer
@
text
@d5 1
a5 1
# $FreeBSD: releng/7.4/etc/rc.d/routing 169217 2007-05-02 15:49:30Z mtm $
@


1.143.10.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.143.8.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.143.6.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.142
log
@Transforming "ppp-user" into just "ppp", step 1:
The rcorder(8) condition PROVIDE'd by the script
and REQUIRE'd by the others becomes "ppp".

The ultimate goal of the transformation is to reduce
confusion resulting from the fact that $name has been
"ppp" already.

Discussed with: pjd, -rc
@
text
@a63 9
	case ${tcp_extensions} in
	[Yy][Ee][Ss] | '')
		;;
	*)
		echo -n ' tcp extensions=NO'
		sysctl net.inet.tcp.rfc1323=0 >/dev/null
		;;
	esac

a105 14
	case ${tcp_keepalive} in
	[Nn][Oo])
		echo -n ' TCP keepalive=NO'
		sysctl net.inet.tcp.always_keepalive=0 >/dev/null
		;;
	esac

	case ${tcp_drop_synfin} in
	[Yy][Ee][Ss])
		echo -n ' drop SYN+FIN packets=YES'
		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
		;;
	esac

a119 18
	case ${ip_portrange_first} in
	[Nn][Oo] | '')
		;;
	*)
		echo -n " ip_portrange_first=$ip_portrange_first"
		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
		;;
	esac

	case ${ip_portrange_last} in
	[Nn][Oo] | '')
		;;
	*)
		echo -n " ip_portrange_last=$ip_portrange_last"
		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
		;;
	esac

@


1.141
log
@Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
@
text
@d9 1
a9 1
# REQUIRE: netif ppp-user
@


1.141.2.1
log
@MFC:
Rename the rc.d script "ppp-user" to just "ppp".
@
text
@d9 1
a9 1
# REQUIRE: netif ppp
@


1.141.2.2
log
@Switch importer
@
text
@d5 1
a5 1
# $FreeBSD: stable/6/etc/rc.d/routing 154657 2006-01-21 22:42:43Z yar $
@


1.141.2.1.8.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.140
log
@Mark scripts as not usable inside a jail by adding keyword 'nojail'.

Some suggestions from:	rwatson, Ruben de Groot <mail25@@bzerk.org>
@
text
@d10 1
a10 1
# KEYWORD: FreeBSD nojail
@


1.140.2.1
log
@RCS file: /home/ncvs/src/etc/rc,v
----------------------------
revision 1.335
date: 2004/10/08 14:23:49;  author: mtm;  state: Exp;  lines: +0 -1
Remove an unused variable.

Submitted by: Pawel Worach <pawel.worach@@telia.com>
----------------------------
revision 1.334
date: 2004/10/07 13:55:25;  author: mtm;  state: Exp;  lines: +1 -1
Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
=============================================================================
RCS file: /home/ncvs/src/etc/rc.d/nsswitch,v
----------------------------
revision 1.4
date: 2004/09/16 17:03:12;  author: keramida;  state: Exp;  lines: +1 -1
Fix requirement of `network' to `NETWORK' because the former isn't
provided by any rc.d script.

Approved by:	mtm
=============================================================================
RCS file: /home/ncvs/src/etc/rc.d/pflog,v
----------------------------
revision 1.3
date: 2004/09/16 17:04:20;  author: keramida;  state: Exp;  lines: +1 -1
We don't have any providers of `beforenetlkm' in FreeBSD.  Remove the
dependency to it from our rc.d scripts.

Approved by:	mtm
=============================================================================

Approved by: re/scottl
@
text
@d10 1
a10 1
# KEYWORD: nojail
@


1.139
log
@Now that routes for IP over ATM may look much more complex than before,
use the atmconfig(8) utility instead of route(8) to install those routes.
For this we need a new rc.conf variable natm_static_routes that works
just like static_routes except that the referenced routes use the syntax
of atmconfig(8).

Okay'ed by:	mtm
@
text
@d10 1
a10 1
# KEYWORD: FreeBSD
@


1.138
log
@Ugh. Remove debugging echo.
@
text
@d51 8
@


1.137
log
@o Repocopied routing and netoptions from network2 and network3, respectively.
o Change the provider names.
o Separate routing into two parts: static routing and routing options. The
  start command will run both parts, but they can be run separately using
  the static and options command, respectively:
  (/etc/rc.d/routing static; /etc/rc.d/routing options)
@
text
@d48 1
a48 1
			echo route add ${route_args}
@


1.136
log
@o Hook the new files up to the build.
o Make sure all the scripts reference rc.d/netif and not rc.d/network1

Approved by:	markm (mentor)
@
text
@d8 1
a8 1
# PROVIDE: network2
d14 6
a19 3
name="network2"
start_cmd="network2_start"
stop_cmd=":"
d21 12
a32 1
network2_start()
d48 1
a48 1
			route add ${route_args}
d51 1
d53 2
@


1.135
log
@Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by:   Mike Makonnen <makonnen@@pacbell.net>
Reviewed by:    silence on -current and -hackers
Prodded by:     rwatson
@
text
@d9 1
a9 1
# REQUIRE: network1 ppp-user
@


1.134
log
@Cosmetic changes to the previous commit, bringing it closer to what I
already had in my tree but didn't want to commit.
@
text
@d1 1
a1 1
#!/bin/sh -
d3 1
a3 2
# Copyright (c) 1993  The FreeBSD Project
# All rights reserved.
d5 1
a5 8
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
a6 184
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD: src/etc/rc.network,v 1.133 2002/04/10 22:30:54 peter Exp $
#	From: @@(#)netstart	5.9 (Berkeley) 3/30/91
#

# Note that almost all of the user-configurable behavior is no longer in
# this file, but rather in /etc/defaults/rc.conf.  Please check that file
# first before contemplating any changes here.  If you do need to change
# this file for some reason, we would like to know about it.

# First pass startup stuff.
#
network_pass1() {
	echo -n 'Doing initial network setup:'

	# Generate host.conf for compatibility
	#
	if [ -f "/etc/nsswitch.conf" ]; then
		echo -n ' host.conf'
		generate_host_conf /etc/nsswitch.conf /etc/host.conf
	fi

	# Convert host.conf to nsswitch.conf if necessary
	#
	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
		echo ''
		echo 'Warning: /etc/host.conf is no longer used'
		echo '  /etc/nsswitch.conf will be created for you'
		convert_host_conf /etc/host.conf /etc/nsswitch.conf
	fi

	# Set the host name if it is not already set
	#
	if [ -z "`hostname -s`" ]; then
		hostname ${hostname}
		echo -n ' hostname'
	fi

	# Establish ipfilter ruleset as early as possible (best in
	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)

	# check whether ipfilter and/or ipnat is enabled
	ipfilter_active="NO"
	case ${ipfilter_enable} in
	[Yy][Ee][Ss])
		ipfilter_active="YES"
		;;
	esac
	case ${ipnat_enable} in
	[Yy][Ee][Ss])
		ipfilter_active="YES"
		;;
	esac
	case ${ipfilter_active} in
	[Yy][Ee][Ss])
		# load ipfilter kernel module if needed
		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
			if kldload ipl; then
				echo 'IP-filter module loaded.'
			else
				echo 'Warning: IP-filter module failed to load.'
				# avoid further errors
				ipfilter_active="NO"
				ipmon_enable="NO"
				ipfilter_enable="NO"
				ipnat_enable="NO"
				ipfs_enable="NO"
			fi
		fi
		# start ipmon before loading any rules
		case "${ipmon_enable}" in
		[Yy][Ee][Ss])
			echo -n ' ipmon'
			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
			;;
		esac
		case "${ipfilter_enable}" in
		[Yy][Ee][Ss])
			if [ -r "${ipfilter_rules}" ]; then
				echo -n ' ipfilter'
				${ipfilter_program:-/sbin/ipf} -Fa -f \
				    "${ipfilter_rules}" ${ipfilter_flags}
			else
				ipfilter_enable="NO"
				echo -n ' NO IPF RULES'
			fi
			;;
		esac
		case "${ipnat_enable}" in
		[Yy][Ee][Ss])
			if [ -r "${ipnat_rules}" ]; then
				echo -n ' ipnat'
				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
				    "${ipnat_rules}" ${ipnat_flags}
			else
				ipnat_enable="NO"
				echo -n ' NO IPNAT RULES'
			fi
			;;
		esac
		# restore filter/NAT state tables after loading the rules
		case "${ipfs_enable}" in
		[Yy][Ee][Ss])
			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
				echo -n ' ipfs'
				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
				# remove files to avoid reloading old state
				# after an ungraceful shutdown
				rm -f /var/db/ipf/ipstate.ipf
				rm -f /var/db/ipf/ipnat.ipf
			fi
			;;
		esac
		;;
	esac

	# Set the domainname if we're using NIS
	#
	case ${nisdomainname} in
	[Nn][Oo] | '')
		;;
	*)
		domainname ${nisdomainname}
		echo -n ' domain'
		;;
	esac

	echo '.'

	# Initial ATM interface configuration
	#
	case ${atm_enable} in
	[Yy][Ee][Ss])
		if [ -r /etc/rc.atm ]; then
			. /etc/rc.atm
			atm_pass1
		fi
		;;
	esac

	# Attempt to create cloned interfaces.
	for ifn in ${cloned_interfaces}; do
		ifconfig ${ifn} create
	done

	# Special options for sppp(4) interfaces go here.  These need
	# to go _before_ the general ifconfig section, since in the case
	# of hardwired (no link1 flag) but required authentication, you
	# cannot pass auth parameters down to the already running interface.
	#
	for ifn in ${sppp_interfaces}; do
		eval spppcontrol_args=\$spppconfig_${ifn}
		if [ -n "${spppcontrol_args}" ]; then
			# The auth secrets might contain spaces; in order
			# to retain the quotation, we need to eval them
			# here.
			eval spppcontrol ${ifn} ${spppcontrol_args}
		fi
	done

	# gifconfig
	network_gif_setup

	# Set up all the network interfaces, calling startup scripts if needed
	#
	case ${network_interfaces} in
	[Aa][Uu][Tt][Oo])
		network_interfaces="`ifconfig -l`"
		;;
	*)
		network_interfaces="${network_interfaces} ${cloned_interfaces}"
		;;
	esac
d8 3
a10 25
	dhcp_interfaces=""
	for ifn in ${network_interfaces}; do
		if [ -r /etc/start_if.${ifn} ]; then
			. /etc/start_if.${ifn}
			eval showstat_$ifn=1
		fi

		# Do the primary ifconfig if specified
		#
		eval ifconfig_args=\$ifconfig_${ifn}

		case ${ifconfig_args} in
		'')
			;;
		[Dd][Hh][Cc][Pp])
			# DHCP inits are done all in one go below
			dhcp_interfaces="$dhcp_interfaces $ifn"
			eval showstat_$ifn=1
			;;
		*)
			ifconfig ${ifn} ${ifconfig_args}
			eval showstat_$ifn=1
			;;
		esac
	done
d12 1
a12 101
	if [ ! -z "${dhcp_interfaces}" ]; then
		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
	fi

	for ifn in ${network_interfaces}; do
		# Check to see if aliases need to be added
		#
		alias=0
		while : ; do
			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
			if [ -n "${ifconfig_args}" ]; then
				ifconfig ${ifn} ${ifconfig_args} alias
				eval showstat_$ifn=1
				alias=$((${alias} + 1))
			else
				break;
			fi
		done

		# Do ipx address if specified
		#
		eval ifconfig_args=\$ifconfig_${ifn}_ipx
		if [ -n "${ifconfig_args}" ]; then
			ifconfig ${ifn} ${ifconfig_args}
			eval showstat_$ifn=1
		fi
	done

	for ifn in ${network_interfaces}; do
		eval showstat=\$showstat_${ifn}
		if [ ! -z ${showstat} ]; then
			ifconfig ${ifn}
		fi
	done

	# ISDN subsystem startup
	#
	case ${isdn_enable} in
	[Yy][Ee][Ss])
		if [ -r /etc/rc.isdn ]; then
			. /etc/rc.isdn
		fi
		;;
	esac

	# Start user ppp if required.  This must happen before natd.
	#
	case ${ppp_enable} in
	[Yy][Ee][Ss])
		# Establish ppp mode.
		#
		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
			-a "${ppp_mode}" != "dedicated" \
			-a "${ppp_mode}" != "background" ]; then
			ppp_mode="auto"
		fi

		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"

		# Switch on NAT mode?
		#
		case ${ppp_nat} in
		[Yy][Ee][Ss])
			ppp_command="${ppp_command} -nat"
			;;
		esac

		ppp_command="${ppp_command} ${ppp_profile}"

		echo "Starting ppp as \"${ppp_user}\""
		su -m ${ppp_user} -c "exec ${ppp_command}"
		;;
	esac

	# Re-Sync ipfilter so it picks up any new network interfaces
	#
	case ${ipfilter_active} in
	[Yy][Ee][Ss])
		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
		;;
	esac
	unset ipfilter_active

	# Initialize IP filtering using ipfw
	#
	if /sbin/ipfw -q flush > /dev/null 2>&1; then
		firewall_in_kernel=1
	else
		firewall_in_kernel=0
	fi

	case ${firewall_enable} in
	[Yy][Ee][Ss])
		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
			firewall_in_kernel=1
			echo 'Kernel firewall module loaded'
		elif [ "${firewall_in_kernel}" -eq 0 ]; then
			echo 'Warning: firewall kernel module failed to load'
		fi
		;;
	esac
d14 3
a16 57
	# Load the filters if required
	#
	case ${firewall_in_kernel} in
	1)
		if [ -z "${firewall_script}" ]; then
			firewall_script=/etc/rc.firewall
		fi

		case ${firewall_enable} in
		[Yy][Ee][Ss])
			if [ -r "${firewall_script}" ]; then
				. "${firewall_script}"
				echo -n 'Firewall rules loaded, starting divert daemons:'

				# Network Address Translation daemon
				#
				case ${natd_enable} in
				[Yy][Ee][Ss])
					if [ -n "${natd_interface}" ]; then
						if echo ${natd_interface} | \
							grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
							natd_flags="$natd_flags -a ${natd_interface}"
						else
							natd_flags="$natd_flags -n ${natd_interface}"
						fi
					fi
					echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
					;;
				esac

				echo '.'

			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
				echo 'Warning: kernel has firewall functionality,' \
				     'but firewall rules are not enabled.'
				echo '		 All ip services are disabled.'
			fi

			case ${firewall_logging} in
			[Yy][Ee][Ss] | '')
				echo 'Firewall logging=YES'
				sysctl net.inet.ip.fw.verbose=1 >/dev/null
				;;
			*)
				;;
			esac

			;;
		esac
		;;
	esac

	# Additional ATM interface configuration
	#
	if [ -n "${atm_pass1_done}" ]; then
		atm_pass2
	fi
d18 2
a19 2
	# Configure routing
	#
d29 1
a29 1
	# Set up any static routes.  This should be done before router discovery.
a136 138

	case ${ipsec_enable} in
	[Yy][Ee][Ss])
		if [ -f ${ipsec_file} ]; then
		    echo ' ipsec: enabled'
		    setkey -f ${ipsec_file}
		else
		    echo ' ipsec: file not found'
		fi
		;;
	esac

	echo -n 'Routing daemons:'
	case ${router_enable} in
	[Yy][Ee][Ss])
		echo -n " ${router}";	${router} ${router_flags}
		;;
	esac

	case ${ipxrouted_enable} in
	[Yy][Ee][Ss])
		echo -n ' IPXrouted'
		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
		;;
	esac

	case ${mrouted_enable} in
	[Yy][Ee][Ss])
		echo -n ' mrouted';	mrouted ${mrouted_flags}
		;;
	esac

	case ${rarpd_enable} in
	[Yy][Ee][Ss])
		echo -n ' rarpd';	rarpd ${rarpd_flags}
		;;
	esac
	echo '.'

	# Let future generations know we made it.
	#
	network_pass1_done=YES
}

network_pass2() {
	echo -n 'Doing additional network setup:'
	case ${named_enable} in
	[Yy][Ee][Ss])
		echo -n ' named';	${named_program:-named} ${named_flags}
		;;
	esac

	case ${ntpdate_enable} in
	[Yy][Ee][Ss])
		echo -n ' ntpdate'
		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
		;;
	esac

	case ${xntpd_enable} in
	[Yy][Ee][Ss])
		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
		;;
	esac

	case ${timed_enable} in
	[Yy][Ee][Ss])
		echo -n ' timed';	timed ${timed_flags}
		;;
	esac

	case ${portmap_enable} in
	[Yy][Ee][Ss])
		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
			${portmap_flags}

		# Start ypserv if we're an NIS server.
		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
		#
		case ${nis_server_enable} in
		[Yy][Ee][Ss])
			echo -n ' ypserv'; ypserv ${nis_server_flags}

			case ${nis_ypxfrd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.ypxfrd'
				rpc.ypxfrd ${nis_ypxfrd_flags}
				;;
			esac

			case ${nis_yppasswdd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.yppasswdd'
				rpc.yppasswdd ${nis_yppasswdd_flags}
				;;
			esac
			;;
		esac

		# Start ypbind if we're an NIS client
		#
		case ${nis_client_enable} in
		[Yy][Ee][Ss])
			echo -n ' ypbind'; ypbind ${nis_client_flags}
			case ${nis_ypset_enable} in
			[Yy][Ee][Ss])
				echo -n ' ypset';	ypset ${nis_ypset_flags}
				;;
			esac
			;;
		esac

		# Start keyserv if we are running Secure RPC
		#
		case ${keyserv_enable} in
		[Yy][Ee][Ss])
			echo -n ' keyserv';	keyserv ${keyserv_flags}
			;;
		esac

		# Start ypupdated if we are running Secure RPC
		# and we are NIS master
		#
		case ${rpc_ypupdated_enable} in
		[Yy][Ee][Ss])
			echo -n ' rpc.ypupdated';	rpc.ypupdated
			;;
		esac
		;;
	esac

	# Start ATM daemons
	if [ -n "${atm_pass2_done}" ]; then
		atm_pass3
	fi

	echo '.'
	network_pass2_done=YES
d139 2
a140 325
network_pass3() {
	echo -n 'Starting final network daemons:'

	case ${portmap_enable} in
	[Yy][Ee][Ss])
		case ${nfs_server_enable} in
		[Yy][Ee][Ss])
			# Handle absent nfs server support
			nfsserver_in_kernel=0
			if sysctl vfs.nfsrv >/dev/null 2>&1; then
				nfsserver_in_kernel=1
			else
				kldload nfsserver && nfsserver_in_kernel=1
			fi

			if [ -r /etc/exports -a \
			    ${nfsserver_in_kernel} -eq 1 ]; then
				echo -n ' mountd'

				case ${weak_mountd_authentication} in
				[Yy][Ee][Ss])
					mountd_flags="${mountd_flags} -n"
					;;
				esac

				mountd ${mountd_flags}

				case ${nfs_reserved_port_only} in
				[Yy][Ee][Ss])
					echo -n ' NFS on reserved port only=YES'
					sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
					;;
				esac

				echo -n ' nfsd';	nfsd ${nfs_server_flags}

				case ${rpc_statd_enable} in
				[Yy][Ee][Ss])
					echo -n ' rpc.statd';	rpc.statd
					;;
				esac

				case ${rpc_lockd_enable} in
				[Yy][Ee][Ss])
					echo -n ' rpc.lockd';	rpc.lockd
					;;
				esac
			else
				echo -n ' Warning: nfs server failed'
			fi
			;;
		*)
			case ${single_mountd_enable} in
			[Yy][Ee][Ss])
				if [ -r /etc/exports ]; then
					echo -n ' mountd'

					case ${weak_mountd_authentication} in
					[Yy][Ee][Ss])
						mountd_flags="-n"
						;;
					esac

					mountd ${mountd_flags}
				fi
				;;
			esac
			;;
		esac

		case ${nfs_client_enable} in
		[Yy][Ee][Ss])
			nfsclient_in_kernel=0
			# Handle absent nfs client support
			if sysctl vfs.nfs >/dev/null 2>&1; then
				nfsclient_in_kernel=1
			else
				kldload nfsclient && nfsclient_in_kernel=1
			fi

			if [ ${nfsclient_in_kernel} -eq 1 ]
			then
				if [ -n "${nfs_access_cache}" ]; then
					echo -n " NFS access cache time=${nfs_access_cache}"
					sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
				fi
				if [ -n "${nfs_bufpackets}" ]; then
					sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
				fi
				case ${rpc_statd_enable} in
				[Yy][Ee][Ss])
					echo -n ' rpc.statd';	rpc.statd
					;;
				esac

				case ${rpc_lockd_enable} in
				[Yy][Ee][Ss])
					echo -n ' rpc.lockd';	rpc.lockd
					;;
				esac

				case ${amd_enable} in
				[Yy][Ee][Ss])
					echo -n ' amd'
					case ${amd_map_program} in
					[Nn][Oo] | '')
						;;
					*)
						amd_flags="${amd_flags} `eval\
							${amd_map_program}`"
						;;
					esac

					case "${amd_flags}" in
					'')
						if [ -r /etc/amd.conf ]; then
							amd &
						else
							echo ''
			echo 'Warning: amd will not load without arguments'
						fi
						;;
					*)
						amd -p ${amd_flags} \
							 >/var/run/amd.pid \
							2>/dev/null &
						;;
					esac
					;;
				esac
			else
				echo 'Warning: NFS client kernel module failed to load'
				nfs_client_enable=NO
			fi
			;;
		esac

		# If /var/db/mounttab exists, some nfs-server has not been
		# successfully notified about a previous client shutdown.
		# If there is no /var/db/mounttab, we do nothing.
		if [ -f /var/db/mounttab ]; then
			rpc.umntall -k
		fi

		;;
	esac

	case ${rwhod_enable} in
	[Yy][Ee][Ss])
		echo -n ' rwhod';	rwhod ${rwhod_flags}
		;;
	esac

	# Kerberos servers run ONLY on the Kerberos server machine
	case ${kerberos4_server_enable} in
	[Yy][Ee][Ss])
		case ${kerberos_stash} in
		[Yy][Ee][Ss])
			stash=-n
			;;
		*)
			stash=
			;;
		esac

		echo -n ' kerberosIV'
		${kerberos4_server} ${stash} >> /var/log/kerberos.log &

		case ${kadmind4_server_enable} in
		[Yy][Ee][Ss])
			echo -n ' kadmindIV'
			(
				sleep 20;
				${kadmind4_server} ${stash} >/dev/null 2>&1 &
			) &
			;;
		esac
		unset stash_flag
		;;
	esac

	case ${kerberos5_server_enable} in
	[Yy][Ee][Ss])
		echo -n ' kerberos5'
		${kerberos5_server} &

		case ${kadmind5_server_enable} in
		[Yy][Ee][Ss])
			echo -n ' kadmind5'
			${kadmind5_server} &
			;;
		esac
		;;
	esac

	case ${pppoed_enable} in
	[Yy][Ee][Ss])
		if [ -n "${pppoed_provider}" ]; then
			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
		fi
		echo -n ' pppoed';
		_opts=$-; set -f
		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
		set +f; set -${_opts}
		;;
	esac

	case ${sshd_enable} in
	[Yy][Ee][Ss])
		if [ -x /usr/bin/ssh-keygen ]; then
			if [ ! -f /etc/ssh/ssh_host_key ]; then
				echo ' creating ssh1 RSA host key';
				/usr/bin/ssh-keygen -t rsa1 -N "" \
					-f /etc/ssh/ssh_host_key
			fi
			if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
				echo ' creating ssh2 RSA host key';
				/usr/bin/ssh-keygen -t rsa -N "" \
					-f /etc/ssh/ssh_host_rsa_key
			fi
			if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
				echo ' creating ssh2 DSA host key';
				/usr/bin/ssh-keygen -t dsa -N "" \
					-f /etc/ssh/ssh_host_dsa_key
			fi
		fi
		;;
	esac

	echo '.'
	network_pass3_done=YES
}

network_pass4() {
	echo -n 'Additional TCP options:'
	case ${log_in_vain} in
	[Nn][Oo] | '')
		log_in_vain=0
		;;
	[Yy][Ee][Ss])
		log_in_vain=1
		;;
	[0-9]*)
		;;
	*)
		echo " invalid log_in_vain setting: ${log_in_vain}"
		log_in_vain=0
		;;
	esac

	[ "${log_in_vain}" -ne 0 ] && (
	    echo -n " log_in_vain=${log_in_vain}"
	    sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
	    sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
	)
	echo '.'
	network_pass4_done=YES
}

network_gif_setup() {
	case ${gif_interfaces} in
	[Nn][Oo] | '')
		;;
	*)
		for i in ${gif_interfaces}; do
			eval peers=\$gifconfig_$i
			case ${peers} in
			'')
				continue
				;;
			*)
				ifconfig $i create >/dev/null 2>&1
				ifconfig $i tunnel ${peers}
				;;
			esac
		done
		;;
	esac
}

convert_host_conf() {
    host_conf=$1; shift;
    nsswitch_conf=$1; shift;
    awk '                                                                   \
        /^[:blank:]*#/       { next }                                       \
        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
        /nis/                { nsswitch[c] = "nis";   c++; next }           \
        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
        END {                                                               \
                printf "hosts: ";                                           \
                for (i in nsswitch) printf "%s ", nsswitch[i];              \
                printf "\n";                                                \
        }' < $host_conf > $nsswitch_conf
}

generate_host_conf() {
    nsswitch_conf=$1; shift;
    host_conf=$1; shift;
    
    awk '
BEGIN {
    xlat["files"] = "hosts";
    xlat["dns"] = "bind";
    xlat["nis"] = "nis";
    cont = 0;
}
sub(/^[\t ]*hosts:/, "") || cont {
    if (!cont)
	srcs = ""
    sub(/#.*/, "")
    gsub(/[][]/, " & ")
    cont = sub(/\\$/, "")
    srcs = srcs " " $0
}
END {
    print "# Auto-generated from nsswitch.conf, do not edit"
    ns = split(srcs, s)
    for (n = 1; n <= ns; ++n) {
        if (s[n] in xlat)
            print xlat[s[n]]
    }
}
' <$nsswitch_conf >$host_conf
}
@


1.133
log
@Since sshd expects /etc/ssh/ssh_host_rsa_key to exist, we had better
create it.  Also specify protocol v1/v2 in case people wonder why we
generate two RSA keys.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.132 2002/04/01 18:33:45 dougb Exp $
d856 1
a856 1
				echo ' creating ssh protocol v1 RSA host key';
d860 5
d866 1
a866 1
				echo ' creating ssh protocol v2 DSA host key';
a868 5
			fi
			if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
				echo ' creating ssh protocol v2 RSA host key';
				/usr/bin/ssh-keygen -t rsa -N "" \
					-f /etc/ssh/ssh_host_rsa_key
@


1.132
log
@The good news is that my initial PR was correct... the bad news is that I
was apparently smoking something when I committed the last fix, because as
ume was kindly enough to set me straight on, amd *will* start with no
arguments at all, as long as there is an /etc/amd.conf file for it to
read. What it won't do is start with *just* -p.

In any case, now it's fixed.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.131 2002/03/19 03:45:02 des Exp $
d856 2
a857 2
				echo ' creating ssh RSA host key';
				/usr/bin/ssh-keygen -trsa1 -N "" \
d861 2
a862 2
				echo ' creating ssh DSA host key';
				/usr/bin/ssh-keygen -tdsa -N "" \
d864 5
@


1.131
log
@Don't try to generate ssh keys if ssh isn't installed.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.130 2002/03/19 01:56:04 cjc Exp $
d760 4
a763 1
						echo ''
d765 1
@


1.130
log
@IPFilter may need to be re-sync'ed even if we are not filtering, but
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.

Submitted by:	devet@@devet.org (Arjan de Vet)
MFC after:	3 days
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.129 2002/03/17 07:35:51 dougb Exp $
d850 11
a860 7
		if [ ! -f /etc/ssh/ssh_host_key ]; then
			echo ' creating ssh RSA host key';
			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
		fi
		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
			echo ' creating ssh DSA host key';
			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
@


1.129
log
@Answer the question posed in 1.126. amd won't start without either a
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)

PR:		conf/12432
Submitted by:	Me
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.128 2002/03/12 20:25:25 cjc Exp $
d88 1
d302 1
a302 1
	case ${ipfilter_enable} in
d307 1
@


1.128
log
@The reload of ipf(8) rules should depend on $ipfilter_enable, not
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).

MFC after:	3 days
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.127 2002/03/12 01:04:35 obrien Exp $
d756 11
a766 2
					amd -p ${amd_flags} > /var/run/amd.pid \
						2> /dev/null &
@


1.127
log
@Background the startup of `Amd', it often blocks on startup.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.126 2002/03/12 01:01:53 obrien Exp $
d301 1
a301 1
	case ${ipfilter_active} in
a305 1
	unset ipfilter_active
@


1.126
log
@Why shouldn't amd always write its PID to a file?
Since I cannot answer that question, make it.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.125 2002/03/04 10:30:24 dd Exp $
d757 2
a758 2
					amd -p ${amd_flags}\
						> /var/run/amd.pid 2> /dev/null
@


1.125
log
@Redirect stdout of `ipf -y' to /dev/null.  This removes a stray
"filter sync'd" in the middle of the boot output if IPFilter is
enabled, but does not hide any potential errors, which go to stderr.
@
text
@d27 1
a27 1
# $FreeBSD$
d757 2
a758 6
					if [ -n "${amd_flags}" ]; then
						amd -p ${amd_flags}\
							> /var/run/amd.pid 2> /dev/null
					else
						amd 2> /dev/null
					fi
@


1.124
log
@There is no reason to demand the administrator set 'natd_interface'
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'

Fix the documentation, rc.conf(5), to reflect this change.

Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.

MFC after:	3 days
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.123 2002/02/08 13:25:33 cjc Exp $
d303 1
a303 1
		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
@


1.123
log
@peter points out that we probably should not mess with the sysctl(8)
values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.

If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.122 2002/01/28 11:06:02 sheldonh Exp $
d347 2
a348 2
							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
							natd_ifarg="-a ${natd_interface}"
d350 1
a350 1
							natd_ifarg="-n ${natd_interface}"
a351 2

						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
d353 1
@


1.122
log
@(forced commit)

The previous change is subject to:

MFC after:	1 month
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.121 2002/01/28 11:05:01 sheldonh Exp $
d877 5
a881 4
	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null

@


1.121
log
@Register amd's dependency on NFS.

This change was submitted to the freebsd-audit mailing list for review
but received no feedback.  Hindsight-enabled reviews are welcome.

PR:		conf/31358
Submitted:	Thomas Quinot <thomas@@cuivre.fr.eu.org>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.120 2002/01/26 09:04:58 cjc Exp $
@


1.120
log
@Make the rc.conf(5) 'log_in_vain' knob an integer.

Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).

PR:		bin/32953
Reviewed by:	-bugs discussion
MFC after:	1 week
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.119 2001/12/13 04:21:18 alfred Exp $
d717 6
a722 3
			if [ -n "${nfs_access_cache}" ]; then
				echo -n " NFS access cache time=${nfs_access_cache}"
				sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
d724 45
a768 2
			if [ -n "${nfs_bufpackets}" ]; then
				sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
a769 11
			case ${rpc_statd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.statd';	rpc.statd
				;;
			esac

			case ${rpc_lockd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.lockd';	rpc.lockd
				;;
			esac
a779 20
		case ${amd_enable} in
		[Yy][Ee][Ss])
			echo -n ' amd'
			case ${amd_map_program} in
			[Nn][Oo] | '')
				;;
			*)
				amd_flags="${amd_flags} `eval\
					${amd_map_program}`"
				;;
			esac

			if [ -n "${amd_flags}" ]; then
				amd -p ${amd_flags}\
					> /var/run/amd.pid 2> /dev/null
			else
				amd 2> /dev/null
			fi
			;;
		esac
@


1.119
log
@rpc.lockd needs rpc.statd to be running for it to start up properly.
so swap the order.

Also allow rpc.lockd and rpc.statd to be turned on if nfsclient is
enabled.  They are needed to provide client side locking support.

PR: conf/27811
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.118 2001/12/11 08:21:45 ru Exp $
d849 6
d857 2
a858 3
		echo -n ' log_in_vain=YES'
		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
		sysctl net.inet.udp.log_in_vain=1 >/dev/null
d861 4
@


1.118
log
@s/sysctl -w/sysctl/
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.117 2001/12/07 17:03:14 rwatson Exp $
d681 1
a681 1
				case ${rpc_lockd_enable} in
d683 1
a683 1
					echo -n ' rpc.lockd';	rpc.lockd
d687 1
a687 1
				case ${rpc_statd_enable} in
d689 1
a689 1
					echo -n ' rpc.statd';	rpc.statd
d724 11
@


1.117
log
@o Update rc.network to reflect the recent change of default in the
  kernel TCP timer code: rather than checking for tcp_keepalive being
  set to "YES", check for "NO" and turn off keepalives if the variable
  is set in that manner.

o Note: eventually, it would make sense to remove this variable from
  rc.conf management, and instead rely on sysctl.conf.  In fact, this
  is probably true of a number of rc.conf variables whose sole aim
  is to drive the setting of sysctls at boot time.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.116 2001/12/06 09:34:44 cjc Exp $
d369 1
a369 1
				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
d412 1
a412 1
		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
d419 1
a419 1
		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
d426 1
a426 1
		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
d433 1
a433 1
		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
d440 1
a440 1
		sysctl -w net.inet.ip.forwarding=1 >/dev/null
d447 1
a447 1
		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
d454 1
a454 1
		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
d461 1
a461 1
		sysctl -w net.inet.tcp.always_keepalive=0 >/dev/null
d468 1
a468 1
		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
d475 1
a475 1
		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
d482 1
a482 1
		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
d491 1
a491 1
		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
d500 1
a500 1
		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
d675 1
a675 1
					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
d719 1
a719 1
				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
d722 1
a722 1
				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
d841 2
a842 2
		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
@


1.116
log
@Protect the '*' in pppoed_provider (the default) from metacharacter
expansion in the rc-scripts.

PR:		32552
Submitted by:	Gleb Smirnoff <glebius@@rinet.ru>
Approved by:	ru
Obtained from:	ru
MFC after:	1 day
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.115 2001/11/24 23:41:32 dd Exp $
d459 3
a461 3
	[Yy][Ee][Ss])
		echo -n ' TCP keepalive=YES'
		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
@


1.115
log
@Spelling police: sucessful -> successful.
@
text
@d27 1
a27 1
# $FreeBSD$
d811 1
d813 1
@


1.114
log
@(Forced commit to list actual problems fixed / PRs affected).

Overview of problems fixed:

- fix support for saving and restoring filter/NAT state information
  (across reboots for example);

- ipmon(8) is started before loading any filter/NAT rules;

- ipmon(8) and ipfs(8) do not solely depend on ipfilter_enable anymore,
  they now also work when only ipnat_enable is true;

- the multiple occurrences of code loading the ipfilter kernel module
  have been removed;

- the options have been removed from the _program variables in
  defaults/rc.conf and the comments in that file have been updated to
  reflect (possibly new) reality;

- the rc.conf.5 manual page has been updated to reflect the changes.

Submitted by:	Arjan de Vet <devet@@devet.org>
PR:		conf/25223, kern/25344, conf/25809,
		conf/26275, bin/27016, conf/31482
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.113 2001/11/24 13:48:30 darrenr Exp $
d728 1
a728 1
		# sucessfully notified about a previous client shutdown.
@


1.113
log
@Resolve all the ipfilter startup issues in rc.network with one big patch
to get it all right, allowing ipnat to be enabled independantly of ipfilter
in rc.conf (among other things).

PR:		multiple
Submitted by:	Arjan de Vet <devet@@devet.org>
Reviewed by:	Giorgos Keramidas <keramida@@FreeBSD.org>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.112 2001/11/14 06:35:43 sheldonh Exp $
@


1.112
log
@Avoid unnecessary calls to expr(1) by using standard shell arithmetic
expansion instead.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.111 2001/11/07 00:33:56 fenner Exp $
a65 6
	#
	if /sbin/ipfstat -i > /dev/null 2>&1; then
		ipfilter_in_kernel=1
	else
		ipfilter_in_kernel=0
	fi
d67 3
a69 1
	case "${ipfilter_enable}" in
d71 7
a77 30
		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
			ipfilter_in_kernel=1
			echo "Kernel ipfilter module loaded."
		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
			echo "Warning: ipfilter kernel module failed to load."
		fi

		if [ -r "${ipfilter_rules}" ]; then
			echo -n ' ipfilter';
			${ipfilter_program:-/sbin/ipf -Fa -f} \
			    "${ipfilter_rules}" ${ipfilter_flags}
			case "${ipmon_enable}" in
			[Yy][Ee][Ss])
				echo -n ' ipmon'
				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
				;;
			esac
			case "${ipfs_enable}" in
			[Yy][Ee][Ss])
				if [ -r "/var/db/ipf/ipstate.ipf" ]; then
					echo -n ' ipfs';
					eval ${ipfs_program:-/sbin/ipfs -R} \
						${ipfs_flags}
				fi
				;;
			esac
		else
			ipfilter_enable="NO"
			echo -n ' NO IPF RULES'
		fi
d79 1
a79 1
	case "${ipnat_enable}" in
d81 12
a92 12
		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
			ipfilter_in_kernel=1
			echo "Kernel ipfilter module loaded."
		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
			echo "Warning: ipfilter kernel module failed to load."
		fi
		if [ -r "${ipnat_rules}" ]; then
			echo -n ' ipnat';
		eval ${ipnat_program:-/sbin/ipnat -CF -f} \
			"${ipnat_rules}" ${ipnat_flags}
		else
			echo -n ' NO IPNAT RULES'
d94 44
d299 1
a299 1
	# Re-Sync ipfilter
d301 1
a301 1
	case ${ipfilter_enable} in
d303 1
a303 1
		${ipfilter_program:-/sbin/ipf -y}
a304 6
	*)
		case ${ipnat_enable} in
		[Yy][Ee][Ss])
			${ipfilter_program:-/sbin/ipf -y}
			;;
		esac
d306 1
@


1.111
log
@Update the nsswitch.conf -> host.conf generator to handle criteria,
 continuation lines, extra whitespace, and to use the last matching
 line in the file.  This syncs the host.conf generation with how
 the nsswitch.conf is parsed.
Only print " host.conf" instead of a multi-line message, since this
 happens on every boot.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.110 2001/11/01 12:39:01 des Exp $
d221 1
a221 1
				alias=`expr ${alias} + 1`
@


1.110
log
@Modify the way host.conf and nsswitch.conf are treated at boot time:

 - if nsswitch.conf exists, host.conf is auto-generated for compatibility
   with legacy applications and libraries.

 - if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto-
   generated as usual.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.109 2001/10/20 04:46:32 darrenr Exp $
d44 1
a44 2
	        echo ''
		echo 'Generating /etc/host.conf for compatibility'
d882 1
d884 7
a890 6
/^hosts:/ {
    print "# Auto-generated, do not edit";
    for (n = 2; n <= NF; ++n)
        if ($n in xlat)
            print xlat[$n];
    quit;
d892 7
a898 2
// {
    next;
@


1.109
log
@Do an ipf -y after bringing up ppp to ensure rules which mention ppp get
matched.  Moification on PR to handle ipnat not being dependant on
ipfilter_enable

PR:	22859
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.108 2001/10/20 04:41:47 darrenr Exp $
d41 8
d50 2
a51 1
	if [ -f "/etc/host.conf" ]; then
d54 2
a55 6
		if [ -f "/etc/nsswitch.conf" ]; then
		    echo '  /etc/nsswitch.conf will be used instead'
		else
		    echo '  /etc/nsswitch.conf will be created for you'
		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
		fi
d874 22
@


1.108
log
@Allow ipnat_enable to be set to "yes" without requiring ipfiltre_enable to
be set to "yes"

PR:		25223
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.107 2001/10/20 04:32:57 darrenr Exp $
d276 14
@


1.107
log
@Put in place for using ipfs use on shutdown and startup.

PR:		27070
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.106 2001/10/19 06:50:52 dougb Exp $
a87 11
			case "${ipnat_enable}" in
			[Yy][Ee][Ss])
				if [ -r "${ipnat_rules}" ]; then
					echo -n ' ipnat';
				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
					"${ipnat_rules}" ${ipnat_flags}
				else
					echo -n ' NO IPNAT RULES'
				fi
				;;
			esac
d100 16
@


1.106
log
@Handle the lack of nfs server or client support in the kernel by
kldload'ing the appropriate modules before enabling the service.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.105 2001/10/10 20:36:51 jhb Exp $
d96 9
@


1.105
log
@Remove references to nfsiod and nfs_client_flags now that they are
obsolete.

Submitted by:	Gordon Tetlow <gordont@@gnf.org>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.104 2001/09/19 21:27:18 brooks Exp $
d608 10
a617 1
			if [ -r /etc/exports ]; then
d648 2
@


1.104
log
@Add a new rc.conf variable, cloned_interfaces, to create cloned
interfaces at boot.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.103 2001/09/19 00:22:26 peter Exp $
a661 1
			#echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
@


1.103
log
@The vfs.nfs.bufpackets sysctl is in the client, not the server.  Move it
to the client section.  Turn off nfsiod, it no longer exists (now just
kthreads).  I need revisit nfsiod so that we have an argument passthrough.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.102 2001/07/30 23:12:02 darrenr Exp $
d130 5
d159 3
d806 2
a807 1
				ifconfig $i create tunnel ${peers}
@


1.102
log
@Merge in patch to automagically decide whether or not a kldload of ipfilter
is required into rc.network.

Person failed to use a real name so both email addresses from PR included
(Sent was different to From).

PR:		22998
Submitted by:	dl@@leo.org/spock@@empire.trek.org
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.101 2001/07/28 19:57:57 markm Exp $
d614 1
a614 1
					sysctl -w vfs.nfs.nfs_privport=1 > /dev/null
a619 4
				if [ -n "${nfs_bufpackets}" ]; then
					sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
				fi

d654 7
a660 4
			echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
				if [ -n "${nfs_access_cache}" ]; then
			echo -n " NFS access cache time=${nfs_access_cache}"
			sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
@


1.101
log
@Upgraded launchpad for kerberos. Noe kerberos IV OR kerberos 5
may be started at boot for kerberos servers.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.100 2001/07/02 21:08:48 brooks Exp $
d63 6
d71 7
@


1.100
log
@Create gif devices in the "gifconfig" stage while configuring them.

Reviewed by:	ru, ume
Obtained from:	NetBSD
MFC after:	1 week
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.99 2001/06/16 15:48:43 schweikh Exp $
d689 2
a690 2
	# Kerberos runs ONLY on the Kerberos server machine
	case ${kerberos_server_enable} in
d694 1
a694 1
			stash_flag=-n
d697 1
a697 1
			stash_flag=
d701 2
a702 2
		echo -n ' kerberos'
		kerberos ${stash_flag} >> /var/log/kerberos.log &
d704 1
a704 1
		case ${kadmind_server_enable} in
d706 5
a710 2
			echo -n ' kadmind'
			(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
d714 14
@


1.99
log
@Fix misindented esac.

MFC after:	1 week
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.98 2001/06/11 12:38:40 ume Exp $
d769 1
a769 1
				ifconfig $i tunnel ${peers}
@


1.98
log
@Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.97 2001/06/10 16:21:56 brian Exp $
d670 1
a670 1
		esac
@


1.97
log
@Add a missing \n

Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
PR:		28014
MFC after:	1 week
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.96 2001/06/03 12:26:56 brian Exp $
d769 1
a769 1
				gifconfig $i ${peers}
@


1.96
log
@Move gif_interfaces from an IP6 option to a regular IP option.

PR:		26543
Submitted by:	Brooks Davis <brooks@@one-eyed-alien.net>
MFC after:	3 weeks
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.95 2001/05/18 18:10:02 obrien Exp $
d238 1
a238 1
		echo -n "Starting ppp as \"${ppp_user}\""
@


1.95
log
@Restore the RSA host key to /etc/ssh/ssh_host_key.
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.94 2001/05/16 19:23:54 jesper Exp $
d132 3
d755 20
@


1.94
log
@Link /etc/ssh/ssh_host_key to /etc/ssh/ssh_host_rsa_key to deal with
gratutious changes in the latest SSH

Reviewed by:	obrien
Approved by:	obrien
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.93 2001/05/09 07:46:44 peter Exp $
d723 3
a725 8
		if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
			if [ -f /etc/ssh/ssh_host_key ]; then
				/bin/ln -s /etc/ssh/ssh_host_key /etc/ssh/ssh_host_rsa_key
				/bin/ln -s /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_rsa_key.pub
			else
				echo ' creating ssh RSA host key';
				/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_rsa_key
			fi
@


1.93
log
@s/ssh_host_key/ssh_host_rsa_key/ since that is what openssh uses now
after a mergemaster.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.92 2001/03/19 22:07:30 des Exp $
d724 7
a730 2
			echo ' creating ssh RSA host key';
			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_rsa_key
@


1.92
log
@Axe TCP_RESTRICT_RST. It was never a particularly good idea except for a few
very specific scenarios, and now that we have had net.inet.tcp.blackhole for
quite some time there is really no reason to use it any more.

(second of three commits)
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.91 2001/03/19 12:49:45 alfred Exp $
d723 1
a723 1
		if [ ! -f /etc/ssh/ssh_host_key ]; then
d725 1
a725 1
			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
@


1.91
log
@Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

  Bring in required TLI library routines to support this.

  Since we don't support TLI we've essentially copied what NetBSD
  has done, adding a thin layer to emulate direct the TLI calls
  into BSD socket calls.

  This is mostly from Sun's tirpc release that was made in 1994,
  however some fixes were backported from the 1999 release (supposedly
  only made available after this porting effort was underway).

  The submitter has agreed to continue on and bring us up to the
  1999 release.

  Several key features are introduced with this update:
    Client calls are thread safe. (1999 code has server side thread
    safe)
    Updated, a more modern interface.

  Many userland updates were done to bring the code up to par with
  the recent RPC API.

  There is an update to the pthreads library, a function
  pthread_main_np() was added to emulate a function of Sun's threads
  library.

  While we're at it, bring in NetBSD's lockd, it's been far too
  long of a wait.

  New rpcbind(8) replaces portmap(8) (supporting communication over
  an authenticated Unix-domain socket, and by default only allowing
  set and unset requests over that channel). It's much more secure
  than the old portmapper.

  Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
  to support TI-RPC and to support IPV6.

  Umount(8) is also fixed to unmount pathnames longer than 80 chars,
  which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.90 2000/12/17 22:14:49 dougb Exp $
a393 7
		;;
	esac

	case ${tcp_restrict_rst} in
	[Yy][Ee][Ss])
		echo -n ' restrict TCP reset=YES'
		sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
@


1.90
log
@* Add an eval so that ipnat_flags=">/dev/null" works, per the PR
* Do some line length and specify full path cleanups while I'm here

PR:				conf/22937
Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.89 2000/12/17 08:15:57 dougb Exp $
d517 16
a532 3
		echo -n ' portmap';	${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
		;;
	esac
d534 8
a541 6
	# Start ypserv if we're an NIS server.
	# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
	#
	case ${nis_server_enable} in
	[Yy][Ee][Ss])
		echo -n ' ypserv'; ypserv ${nis_server_flags}
d543 3
a545 1
		case ${nis_ypxfrd_enable} in
d547 6
a552 2
			echo -n ' rpc.ypxfrd'
			rpc.ypxfrd ${nis_ypxfrd_flags}
d556 3
a558 1
		case ${nis_yppasswdd_enable} in
d560 1
a560 2
			echo -n ' rpc.yppasswdd'
			rpc.yppasswdd ${nis_yppasswdd_flags}
a562 2
		;;
	esac
d564 4
a567 6
	# Start ypbind if we're an NIS client
	#
	case ${nis_client_enable} in
	[Yy][Ee][Ss])
		echo -n ' ypbind'; ypbind ${nis_client_flags}
		case ${nis_ypset_enable} in
d569 1
a569 1
			echo -n ' ypset';	ypset ${nis_ypset_flags}
a574 16
	# Start keyserv if we are running Secure RPC
	#
	case ${keyserv_enable} in
	[Yy][Ee][Ss])
		echo -n ' keyserv';	keyserv ${keyserv_flags}
		;;
	esac

	# Start ypupdated if we are running Secure RPC and we are NIS master
	#
	case ${rpc_ypupdated_enable} in
	[Yy][Ee][Ss])
		echo -n ' rpc.ypupdated';	rpc.ypupdated
		;;
	esac

d587 1
a587 1
	case ${nfs_server_enable} in
d589 4
a592 2
		if [ -r /etc/exports ]; then
			echo -n ' mountd'
d594 14
a607 5
			case ${weak_mountd_authentication} in
			[Yy][Ee][Ss])
				mountd_flags="${mountd_flags} -n"
				;;
			esac
d609 1
a609 1
			mountd ${mountd_flags}
d611 3
a613 6
			case ${nfs_reserved_port_only} in
			[Yy][Ee][Ss])
				echo -n ' NFS on reserved port only=YES'
				sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
				;;
			esac
d615 5
a619 1
			echo -n ' nfsd';	nfsd ${nfs_server_flags}
d621 5
a625 3
			if [ -n "${nfs_bufpackets}" ]; then
				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
					> /dev/null
d627 6
d634 8
a641 3
			case ${rpc_lockd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.lockd';	rpc.lockd
d644 2
d647 1
a647 9
			case ${rpc_statd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.statd';	rpc.statd
				;;
			esac
		fi
		;;
	*)
		case ${single_mountd_enable} in
d649 4
a652 10
			if [ -r /etc/exports ]; then
				echo -n ' mountd'

				case ${weak_mountd_authentication} in
				[Yy][Ee][Ss])
					mountd_flags="-n"
					;;
				esac

				mountd ${mountd_flags}
a655 2
		;;
	esac
d657 5
a661 7
	case ${nfs_client_enable} in
	[Yy][Ee][Ss])
		echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
		if [ -n "${nfs_access_cache}" ]; then
		echo -n " NFS access cache time=${nfs_access_cache}"
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
			>/dev/null
a662 2
		;;
	esac
d664 11
a674 6
	# If /var/db/mounttab exists, some nfs-server has not been
	# sucessfully notified about a previous client shutdown.
	# If there is no /var/db/mounttab, we do nothing.
	if [ -f /var/db/mounttab ]; then
		rpc.umntall -k
	fi
d676 6
a681 8
	case ${amd_enable} in
	[Yy][Ee][Ss])
		echo -n ' amd'
		case ${amd_map_program} in
		[Nn][Oo] | '')
			;;
		*)
			amd_flags="${amd_flags} `eval ${amd_map_program}`"
a683 6

		if [ -n "${amd_flags}" ]; then
			amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
		else
			amd 2> /dev/null
		fi
@


1.89
log
@Apply a more consistent style to the echo statements in /etc/ scripts.
* Put quotes around each line
* Single quotes for lines with no variable interpolation
* Double quotes if there is
* Capitalize each word that begins a line
* Make echo -n 'Doing foo:' ... echo '.' more of a standard

No functionality changes
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.88 2000/10/12 11:25:57 ru Exp $
d67 2
a68 1
			${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags}
d72 1
a72 1
				${ipmon_program:-ipmon} ${ipmon_flags}
d79 2
a80 1
					${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags}
@


1.88
log
@Fixed the reporting of ip_portrange_{first|last}.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.87 2000/10/08 19:18:24 obrien Exp $
d43 2
a44 2
		echo ""
		echo "Warning: /etc/host.conf is no longer used"
d46 1
a46 1
		    echo "  /etc/nsswitch.conf will be used instead"
d48 1
a48 1
		    echo "  /etc/nsswitch.conf will be created for you"
d250 1
a250 1
			echo "Kernel firewall module loaded."
d252 1
a252 1
			echo "Warning: firewall kernel module failed to load."
d291 3
a293 3
				echo -n "Warning: kernel has firewall functionality, "
				echo "but firewall rules are not enabled."
				echo "		 All ip services are disabled."
d454 1
a454 1
	echo -n 'routing daemons:'
@


1.87
log
@Add copyright notices.  Other systems have been barrowing our /etc files
w/o giving any credit.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.86 2000/10/06 12:24:45 darrenr Exp $
d427 1
a427 1
		echo -n ' ip_portrange_first=$ip_portrange_first'
d436 1
a436 1
		echo -n ' ip_portrange_last=$ip_portrange_last'
@


1.86
log
@This brings support for IP Filter into rc.network and rc.conf with
the appropriate documentation added to rc.conf(5).  If all goes well
with this over the next few weeks, the PR will be closed with the
pullup of patches back to 4-STABLE.

PR:		20202
Submitted by:	Gerhard Sittig <Gerhard.Sittig@@gmx.net>
Reviewed by:	Darren Reed <darrenr@@freebsd.org>
Approved by:	Darren Reed <darrenr@@freebsd.org>
Obtained from:	Gerhard Sittig <Gerhard.Sittig@@gmx.net>
@
text
@d3 25
a27 1
# $FreeBSD: src/etc/rc.network,v 1.85 2000/09/28 05:43:44 brian Exp $
d29 1
@


1.85
log
@Use su -m instead of just su to avoid reading the users login profile
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.84 2000/09/06 18:16:32 nectar Exp $
d34 31
@


1.84
log
@Add nsswitch support.  By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.

= Hesiod has been added to libc (see hesiod(3)).

= A library routine for parsing nsswitch.conf and invoking callback
  functions as specified has been added to libc (see nsdispatch(3)).

= The following C library functions have been modified to use nsdispatch:
    . getgrent, getgrnam, getgrgid
    . getpwent, getpwnam, getpwuid
    . getusershell
    . getaddrinfo
    . gethostbyname, gethostbyname2, gethostbyaddr
    . getnetbyname, getnetbyaddr
    . getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr

= host.conf has been removed from src/etc.  rc.network has been modified
  to warn that host.conf is no longer used at boot time.  In addition, if
  there is a host.conf but no nsswitch.conf, the latter is created at boot
  time from the former.

Obtained from:	NetBSD
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.83 2000/08/16 23:08:28 jhb Exp $
d178 1
a178 1
		su ${ppp_user} -c "exec ${ppp_command}"
@


1.83
log
@Fix a whitespace bogon.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.82 2000/08/10 00:12:53 brian Exp $
d16 12
d696 17
@


1.82
log
@Allow a ppp_user specification to run ppp at startup

PR:		20258
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.81 2000/07/14 13:03:36 nbm Exp $
d366 1
a366 1
	    ;;
@


1.81
log
@Add to, don't overwrite, user-settable mountd_flags.

PR:		conf/15745
Submitted by:	Vivek Khera <khera@@kciLink.com>
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.80 2000/06/22 17:40:52 dillon Exp $
d141 1
a141 1
	# Warm up user ppp if required, must happen before natd.
d150 1
a150 1
			ppp_mode="auto";
d153 1
a153 1
		ppp_command="-${ppp_mode} ";
d155 1
a155 1
		# Switch on alias mode?
d159 1
a159 1
			ppp_command="${ppp_command} -nat";
d163 4
a166 1
		echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
a171 2
	echo ''

@


1.80
log
@    Add ip_portrange_first and ip_portrange_last rc.conf/rc.network
    options.  This allows you to set the standard dynamic port
    assignment range prior to any network daemons (like named) starting
    up, necessary if you are also using a firewall to restrict lower ports.
    will be MFC'd in a few days
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.79 2000/05/16 06:52:11 dillon Exp $
d521 1
a521 1
				mountd_flags="-n"
@


1.79
log
@    Add ipsec_enable and ipsec_file options to run IPSEC's setkey program
    with the specified configuration file at the appropriate time.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.78 2000/05/15 19:56:59 kris Exp $
d353 19
@


1.78
log
@Remove extraneous ";;" in previous commit

Submitted by:	jedgar
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.77 2000/05/15 05:40:26 kris Exp $
d354 11
@


1.77
log
@Create a DSA host key if one does not already exist, and teach sshd_config
about it.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.76 2000/05/06 17:18:14 ache Exp $
a626 1
		;;
@


1.76
log
@Add firewall_logging knob to enable/disablle events logging, disabled
by default. Needed mainly for ipfw kernel module to enable logging
disabled there.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.75 2000/03/27 21:38:32 dillon Exp $
d624 1
a624 1
			echo ' creating ssh host key';
d626 5
@


1.75
log
@    Add a sysctl to specify the amount of UDP receive space NFS should
    reserve, in maximal NFS packets.  Originally only 2 packets worth of
    space was reserved.  The default is now 4, which appears to greatly
    improve performance for slow to mid-speed machines on gigabit networks.

    Add documentation and correct some prior documentation.

Problem Researched by: Andrew Gallatin <gallatin@@cs.duke.edu>
Approved by: jkh
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74 2000/02/29 12:53:28 jkh Exp $
d226 10
@


1.74
log
@cosmetic fix - add a space.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.73 2000/02/28 19:54:06 markm Exp $
d495 5
@


1.74.2.1
log
@    MFC rc.network 1.75, rc.conf 1.55, rc.conf.5 1.65, nfs_socket.c 1.61.
    Add sysctl and increase default receive udp buffer size from 2 to 4
    packets to improve client-side gigabit network performance.

Approved by: jkh
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74 2000/02/29 12:53:28 jkh Exp $
a494 5

			if [ -n "${nfs_bufpackets}" ]; then
				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
					> /dev/null
			fi
@


1.74.2.2
log
@MFC: Create DSA key at boot if it doesn't exist
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.1 2000/03/27 21:39:49 dillon Exp $
d614 1
a614 1
			echo ' creating ssh RSA host key';
a615 4
		fi
		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
			echo ' creating ssh DSA host key';
			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
@


1.74.2.3
log
@    MFC from -current

    Add rc.conf variables for ip_portraneg_first, ip_portrange_last, and
    ipsec_enable (specifies file).  These items must be handled before
    any daemons are started or, for example, named might use too low
    a port for your fireall.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.2 2000/06/09 07:25:15 kris Exp $
a342 19

	case ${ip_portrange_first} in
	[Nn][Oo] | '')
		;;
	*)
		echo -n ' ip_portrange_first=$ip_portrange_first'
		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
		;;
	esac

	case ${ip_portrange_last} in
	[Nn][Oo] | '')
	    ;;
	*)
	    echo -n ' ip_portrange_last=$ip_portrange_last'
	    sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
	    ;;
	esac

a343 11

	case ${ipsec_enable} in
	[Yy][Ee][Ss])
		if [ -f ${ipsec_file} ]; then
		    echo ' ipsec: enabled'
		    setkey -f ${ipsec_file}
		else
		    echo ' ipsec: file not found'
		fi
		;;
	esac
@


1.74.2.4
log
@MFC (1.81): Add to, don't overwrite, user-settable mountd_flags.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.3 2000/06/24 20:51:27 dillon Exp $
d511 1
a511 1
				mountd_flags="${mountd_flags} -n"
@


1.74.2.5
log
@MFC:
- firewall_enable knob
- ppp_user knob for ppp startup at boot
- cleanup whitespace bogons to minimize diff from current
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.4 2000/08/06 16:58:30 nbm Exp $
d141 1
a141 1
	# Start user ppp if required.  This must happen before natd.
d150 1
a150 1
			ppp_mode="auto"
d153 1
a153 1
		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
d155 1
a155 1
		# Switch on NAT mode?
d159 1
a159 1
			ppp_command="${ppp_command} -nat"
d163 1
a163 4
		ppp_command="${ppp_command} ${ppp_profile}"

		echo -n "Starting ppp as \"${ppp_user}\""
		su ${ppp_user} -c "exec ${ppp_command}"
d169 2
a225 10

			case ${firewall_logging} in
			[Yy][Ee][Ss] | '')
				echo 'Firewall logging=YES'
				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
				;;
			*)
				;;
			esac

d355 1
a355 1
		;;
d357 3
a359 3
		echo -n ' ip_portrange_last=$ip_portrange_last'
		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
		;;
@


1.74.2.6
log
@Note that in my previous commit, I MFC'd the firewall_logging option,
not the firewall_enable option.

Noticed by:	ru
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.5 2000/08/16 23:10:53 jhb Exp $
@


1.74.2.7
log
@MFC: Use ``su -m'' instead of just ``su'' when starting ppp.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.6 2000/08/17 06:55:34 jhb Exp $
d166 1
a166 1
		su -m ${ppp_user} -c "exec ${ppp_command}"
@


1.74.2.8
log
@MFC: (rev 1.88) fixed the reporting of ip_portrange_XXX settings.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.7 2000/10/09 20:18:52 brian Exp $
d359 1
a359 1
		echo -n " ip_portrange_first=$ip_portrange_first"
d368 1
a368 1
		echo -n " ip_portrange_last=$ip_portrange_last"
@


1.74.2.9
log
@MFC: Add copyright.
@
text
@d3 1
a3 25
# Copyright (c) 1993  The FreeBSD Project
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
a4 1
#
@


1.74.2.10
log
@MFC: This brings support for IP Filter into rc.network and rc.conf with
the appropriate documentation added to rc.conf(5).  This has been tested
in -current since Oct 6th.

Requested by:	Gerhard Sittig <Gerhard.Sittig@@gmx.net>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.9 2000/10/30 10:40:11 obrien Exp $
a46 31

	# Establish ipfilter ruleset as early as possible (best in
	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
	#
	case "${ipfilter_enable}" in
	[Yy][Ee][Ss])
		if [ -r "${ipfilter_rules}" ]; then
			echo -n ' ipfilter';
			${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags}
			case "${ipmon_enable}" in
			[Yy][Ee][Ss])
				echo -n ' ipmon'
				${ipmon_program:-ipmon} ${ipmon_flags}
				;;
			esac
			case "${ipnat_enable}" in
			[Yy][Ee][Ss])
				if [ -r "${ipnat_rules}" ]; then
					echo -n ' ipnat';
					${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags}
				else
					echo -n ' NO IPNAT RULES'
				fi
				;;
			esac
		else
			ipfilter_enable="NO"
			echo -n ' NO IPF RULES'
		fi
		;;
	esac
@


1.74.2.11
log
@MFC 1.90, ipf/ipnat related cleanups

PR:		conf/22937
Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.10 2000/11/11 20:33:39 jkh Exp $
d55 1
a55 2
			${ipfilter_program:-/sbin/ipf -Fa -f} \
			    "${ipfilter_rules}" ${ipfilter_flags}
d59 1
a59 1
				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
d66 1
a66 2
				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
					"${ipnat_rules}" ${ipnat_flags}
@


1.74.2.12
log
@MFC, Apply a more consistent style to the echo statements in /etc/ scripts.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.11 2001/01/14 08:21:07 dougb Exp $
d240 1
a240 1
			echo 'Kernel firewall module loaded'
d242 1
a242 1
			echo 'Warning: firewall kernel module failed to load'
d281 3
a283 3
				echo 'Warning: kernel has firewall functionality,' \
				     'but firewall rules are not enabled.'
				echo '		 All ip services are disabled.'
d444 1
a444 1
	echo -n 'Routing daemons:'
@


1.74.2.13
log
@MFC: add copyright notices
@
text
@d27 1
a27 26
# Copyright (c) 1993  The FreeBSD Project
# All rights reserved.
#
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD: src/etc/rc.network,v 1.74.2.12 2001/01/14 09:47:48 dougb Exp $
@


1.74.2.14
log
@I really did a number on adding the copyrights...
@
text
@d27 26
a52 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.13 2001/03/06 01:58:45 obrien Exp $
@


1.74.2.15
log
@MFC: Nuke the TCP_RESTRICT_RST option.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.14 2001/03/06 02:21:59 obrien Exp $
d382 7
@


1.74.2.16
log
@MFC: Add a missing \n
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.15 2001/06/09 16:18:12 des Exp $
d223 1
a223 1
		echo "Starting ppp as \"${ppp_user}\""
@


1.74.2.17
log
@MFC: Configure gif interfaces without requiring ipv6
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.16 2001/06/17 11:40:59 brian Exp $
a119 3
	# gifconfig
	network_gif_setup

a733 20
}

network_gif_setup() {
	case ${gif_interfaces} in
	[Nn][Oo] | '')
		;;
	*)
		for i in ${gif_interfaces}; do
			eval peers=\$gifconfig_$i
			case ${peers} in
			'')
				continue
				;;
			*)
				ifconfig $i tunnel ${peers}
				;;
			esac
		done
		;;
	esac
@


1.74.2.18
log
@ifconfig doesn't understand tunnel under 4-STABLE, yet.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.17 2001/06/23 23:33:14 brian Exp $
d751 1
a751 1
				gifconfig $i ${peers}
@


1.74.2.19
log
@MFC: Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

	etc/defaults/rc.conf:			1.111
	etc/rc.network:				1.98
	etc/rc.network6:			1.20
	lib/libipsec/ipsec_set_policy.3:	1.8
	lib/libipsec/ipsec_strerror.3:		1.7
	lib/libipsec/ipsec_strerror.c:		1.3
	lib/libipsec/ipsec_strerror.h:		1.3
	lib/libipsec/libpfkey.h:		1.2
	lib/libipsec/pfkey.c:			1.3
	lib/libipsec/pfkey_dump.c:		1.3
	lib/libipsec/policy_token.l:		1.5
	lib/libipsec/test-policy.c:		1.4
	sbin/ifconfig/ifconfig.8:		1.42
	sbin/ifconfig/ifconfig.c:		1.63
	sbin/ping6/ping6.8:			1.10
	sbin/ping6/ping6.c:			1.9
	sbin/route/route.c:			1.48, 1.50
	sbin/rtsol/Makefile:			1.4
	share/doc/IPv6/IMPLEMENTATION:		1.3
	share/examples/IPv6/USAGE:		1.3
	share/man/man4/faith.4:			1.10
	share/man/man4/gif.4:			1.9
	share/man/man4/inet6.4:			1.8
	share/man/man4/ip6.4:			1.8
	share/man/man4/ipsec.4:			1.9
	share/man/man4/kame.4:			1.8
	share/man/man4/stf.4:			1.8
	sys/conf/files:				1.534
	sys/crypto/md5.c:			1.4
	sys/crypto/sha1.c:			1.7
	sys/crypto/blowfish/bf_enc.c:		1.4
	sys/crypto/blowfish/bf_locl.h:		1.4
	sys/crypto/blowfish/bf_skey.c:		1.4
	sys/crypto/blowfish/blowfish.h:		1.4
	sys/crypto/cast128/cast128.c:		1.4
	sys/crypto/cast128/cast128.h:		1.4
	sys/crypto/des/des.h:			1.4
	sys/crypto/des/des_ecb.c:		1.4
	sys/crypto/des/des_locl.h:		1.5
	sys/crypto/des/des_setkey.c:		1.4
	sys/crypto/rijndael/boxes-fst.dat:	1.2
	sys/crypto/rijndael/rijndael-alg-fst.c:	1.2, 1.3
	sys/crypto/rijndael/rijndael-alg-fst.h:	1.2
	sys/crypto/rijndael/rijndael-api-fst.c:	1.2
	sys/crypto/rijndael/rijndael-api-fst.h:	1.2
	sys/crypto/rijndael/rijndael_local.h:	1.3
	sys/kern/uipc_domain.c:			1.24
	sys/kern/uipc_mbuf.c:			1.82
	sys/kern/uipc_mbuf2.c:			1.8
	sys/net/if.c:				1.109
	sys/net/if_faith.c:			1.4, 1.5
	sys/net/if_gif.c:			1.10
	sys/net/if_gif.h:			1.4
	sys/net/if_loop.c:			1.61
	sys/net/if_sppp.h:			1.17
	sys/net/if_spppsubr.c:			1.68, 1.69
	sys/net/net_osdep.c:			1.4
	sys/net/net_osdep.h:			1.5
	sys/net/pfkeyv2.h:			1.6
	sys/net/ppp_defs.h:			1.7
	sys/net/rtsock.c:			1.52
	sys/netinet/icmp6.h:			1.4
	sys/netinet/in.c:			1.54
	sys/netinet/in_gif.c:			1.10
	sys/netinet/in_pcb.c:			1.84
	sys/netinet/in_pcb.h:			1.38
	sys/netinet/in_proto.c:			1.56
	sys/netinet/ip6.h:			1.5
	sys/netinet/ip_ecn.c:			1.4
	sys/netinet/ip_ecn.h:			1.4
	sys/netinet/ip_encap.c:			1.4
	sys/netinet/ip_icmp.c:			1.57
	sys/netinet/ip_input.c:			1.171
	sys/netinet/ip_output.c:		1.126
	sys/netinet/ip_var.h:			1.56
	sys/netinet/raw_ip.c:			1.78
	sys/netinet/tcp_input.c:		1.132
	sys/netinet/tcp_output.c:		1.50
	sys/netinet/tcp_subr.c:			1.103
	sys/netinet/tcp_usrreq.c:		1.60
	sys/netinet/udp_usrreq.c:		1.89
	sys/netinet6/ah.h:			1.5
	sys/netinet6/ah6.h:			1.4
	sys/netinet6/ah_core.c:			1.8
	sys/netinet6/ah_input.c:		1.7
	sys/netinet6/ah_output.c:		1.7
	sys/netinet6/dest6.c:			1.6
	sys/netinet6/esp.h:			1.4
	sys/netinet6/esp6.h:			1.4
	sys/netinet6/esp_core.c:		1.5
	sys/netinet6/esp_input.c:		1.7
	sys/netinet6/esp_output.c:		1.5
	sys/netinet6/frag6.c:			1.8
	sys/netinet6/icmp6.c:			1.11
	sys/netinet6/in6.c:			1.12
	sys/netinet6/in6.h:			1.13
	sys/netinet6/in6_cksum.c:		1.4
	sys/netinet6/in6_gif.c:			1.5
	sys/netinet6/in6_ifattach.c:		1.6
	sys/netinet6/in6_ifattach.h:		1.3
	sys/netinet6/in6_pcb.c:			1.15
	sys/netinet6/in6_pcb.h:			1.4
	sys/netinet6/in6_prefix.c:		1.7
	sys/netinet6/in6_prefix.h:		1.5
	sys/netinet6/in6_proto.c:		1.14
	sys/netinet6/in6_rmx.c:			1.4
	sys/netinet6/in6_src.c:			1.4
	sys/netinet6/in6_var.h:			1.8
	sys/netinet6/ip6_ecn.h:			1.4
	sys/netinet6/ip6_forward.c:		1.11
	sys/netinet6/ip6_fw.c:			1.11
	sys/netinet6/ip6_fw.h:			1.11
	sys/netinet6/ip6_input.c:		1.27
	sys/netinet6/ip6_mroute.c:		1.7
	sys/netinet6/ip6_mroute.h:		1.4
	sys/netinet6/ip6_output.c:		1.25
	sys/netinet6/ip6_var.h:			1.7
	sys/netinet6/ip6protosw.h:		1.6
	sys/netinet6/ipcomp.h:			1.2
	sys/netinet6/ipcomp6.h:			1.2
	sys/netinet6/ipcomp_core.c:		1.2
	sys/netinet6/ipcomp_input.c:		1.2
	sys/netinet6/ipcomp_output.c:		1.2
	sys/netinet6/ipsec.c:			1.12
	sys/netinet6/ipsec.h:			1.8
	sys/netinet6/ipsec6.h:			1.5
	sys/netinet6/mld6.c:			1.7
	sys/netinet6/nd6.c:			1.9
	sys/netinet6/nd6.h:			1.7
	sys/netinet6/nd6_nbr.c:			1.9
	sys/netinet6/nd6_rtr.c:			1.7, 1.8
	sys/netinet6/raw_ip6.c:			1.11
	sys/netinet6/route6.c:			1.4
	sys/netinet6/scope6.c:			1.2
	sys/netinet6/udp6_output.c:		1.3
	sys/netinet6/udp6_usrreq.c:		1.15
	sys/netkey/key.c:			1.25
	sys/netkey/key.h:			1.7
	sys/netkey/key_debug.c:			1.14
	sys/netkey/key_debug.h:			1.7
	sys/netkey/key_var.h:			1.4
	sys/netkey/keydb.h:			1.6
	sys/netkey/keysock.c:			1.6
	sys/netsmb/smb_crypt.c:			1.2
	sys/sys/mbuf.h:				1.79, 1.80
	sys/sys/protosw.h:			1.33
	sys/sys/socket.h:			1.54, 1.56
	sys/sys/sockio.h:			1.17
	usr.bin/netstat/inet.c:			1.42
	usr.bin/netstat/inet6.c:		1.10
	usr.bin/netstat/ipsec.c:		1.2
	usr.bin/netstat/main.c:			1.40
	usr.bin/netstat/mroute6.c:		1.5
	usr.bin/netstat/netstat.1:		1.29
	usr.bin/netstat/netstat.h:		1.21
	usr.bin/netstat/route.c:		1.50, 1.51, 1.55
	usr.sbin/faithd/Makefile:		1.6
	usr.sbin/faithd/README:			1.4
	usr.sbin/faithd/faithd.8:		1.9
	usr.sbin/faithd/faithd.c:		1.7
	usr.sbin/faithd/faithd.h:		1.3
	usr.sbin/faithd/ftp.c:			1.5
	usr.sbin/faithd/rsh.c:			1.5
	usr.sbin/faithd/tcp.c:			1.3
	usr.sbin/gifconfig/gifconfig.8:		1.6
	usr.sbin/gifconfig/gifconfig.c:		1.4
	usr.sbin/ifmcstat/ifmcstat.8:		1.3
	usr.sbin/ifmcstat/ifmcstat.c:		1.7
	usr.sbin/mld6query/mld6.c:		1.2
	usr.sbin/mld6query/mld6query.8:		1.2
	usr.sbin/ndp/ndp.8:			1.6
	usr.sbin/ndp/ndp.c:			1.6
	usr.sbin/prefix/Makefile:		1.4
	usr.sbin/rip6query/rip6query.8:		1.4
	usr.sbin/rip6query/rip6query.c:		1.5
	usr.sbin/route6d/route6d.8:		1.6
	usr.sbin/route6d/route6d.c:		1.9
	usr.sbin/route6d/route6d.h:		1.3
	usr.sbin/rrenumd/lexer.l:		1.3
	usr.sbin/rrenumd/parser.y:		1.3
	usr.sbin/rrenumd/rrenumd.8:		1.6
	usr.sbin/rrenumd/rrenumd.c:		1.4
	usr.sbin/rrenumd/rrenumd.conf.5:	1.10
	usr.sbin/rrenumd/rrenumd.h:		1.3
	usr.sbin/rtadvd/advcap.c:		1.4
	usr.sbin/rtadvd/advcap.h:		1.4
	usr.sbin/rtadvd/config.c:		1.7
	usr.sbin/rtadvd/config.h:		1.4
	usr.sbin/rtadvd/dump.c:			1.3
	usr.sbin/rtadvd/dump.h:			1.3
	usr.sbin/rtadvd/if.c:			1.6
	usr.sbin/rtadvd/if.h:			1.4
	usr.sbin/rtadvd/pathnames.h:		1.5
	usr.sbin/rtadvd/rrenum.c:		1.5
	usr.sbin/rtadvd/rrenum.h:		1.4
	usr.sbin/rtadvd/rtadvd.8:		1.8
	usr.sbin/rtadvd/rtadvd.c:		1.6
	usr.sbin/rtadvd/rtadvd.conf.5:		1.6
	usr.sbin/rtadvd/rtadvd.h:		1.4
	usr.sbin/rtadvd/timer.c:		1.4
	usr.sbin/rtadvd/timer.h:		1.4
	usr.sbin/rtsold/Makefile:		1.6
	usr.sbin/rtsold/dump.c:			1.4
	usr.sbin/rtsold/if.c:			1.5
	usr.sbin/rtsold/probe.c:		1.5
	usr.sbin/rtsold/rtsol.c:		1.4
	usr.sbin/rtsold/rtsold.8:		1.5
	usr.sbin/rtsold/rtsold.c:		1.4
	usr.sbin/rtsold/rtsold.h:		1.4
	usr.sbin/setkey/parse.y:		1.3
	usr.sbin/setkey/scriptdump.pl:		1.3
	usr.sbin/setkey/setkey.8:		1.14
	usr.sbin/setkey/setkey.c:		1.3
	usr.sbin/setkey/token.l:		1.5
	usr.sbin/traceroute6/traceroute6.8:	1.7
	usr.sbin/traceroute6/traceroute6.c:	1.8
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.18 2001/06/24 18:14:59 ume Exp $
d751 1
a751 1
				ifconfig $i tunnel ${peers}
@


1.74.2.20
log
@MFC: Interface cloning support.  gif modularity and cloning.
stf modularity and removal of gif dependence.

Reviewed by:	brian
@
text
@d27 1
a27 1
# $FreeBSD$
d751 1
a751 1
				ifconfig $i create tunnel ${peers}
@


1.74.2.21
log
@MFC: rev 1.102 -- merge in patch to automagically decide whether or not
a kldload of ipfilter is required into rc.network.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.20 2001/07/24 19:10:15 brooks Exp $
a50 6
	if /sbin/ipfstat -i > /dev/null 2>&1; then
		ipfilter_in_kernel=1
	else
		ipfilter_in_kernel=0
	fi

a52 7
		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
			ipfilter_in_kernel=1
			echo "Kernel ipfilter module loaded."
		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
			echo "Warning: ipfilter kernel module failed to load."
		fi

@


1.74.2.22
log
@MFC: Kerberos5 startup support (off by default of course)
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.21 2001/08/01 20:02:42 obrien Exp $
d684 1
a684 1
	# Kerberos servers run ONLY on the Kerberos server machine
d696 1
a696 1
		echo -n ' kerberosIV'
d701 2
a702 5
			echo -n ' kadmindIV'
			(
				sleep 20;
				kadmind ${stash_flag} >/dev/null 2>&1 &
			) &
a705 14
		;;
	esac

	case ${kerberos5_server_enable} in
	[Yy][Ee][Ss])
		echo -n ' kerberos5'
		${kerberos5_server} &

		case ${kadmind5_server_enable} in
		[Yy][Ee][Ss])
			echo -n ' kadmind5'
			${kadmind5_server} &
			;;
		esac
@


1.74.2.23
log
@back out my previous commit to rc.conf restoring the original state with
respect to configuring sppp interfaces.

modify rc.network to make the change (ISDN users must not use spppcontrol
anymore but ispppcontrol to configure the isp<N> interfaces since the
MFC of i4b 1.001) in isp-interface configuration transparent to ISDN users
of the sppp-configuration mechanism in rc.conf.

Reviewed by:	sheldonh and joerg
Approved by:	murray
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.22 2001/08/01 20:07:55 obrien Exp $
d129 1
a129 8
			case "${ifn}" in
			isp*)
				eval ispppcontrol ${ifn} ${spppcontrol_args}
				;;
			*)
				eval spppcontrol ${ifn} ${spppcontrol_args}
				;;
			esac
@


1.74.2.24
log
@MFC: use shell arithmetic expansion instead of expr(1) where appropriate
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.23 2001/08/17 07:26:38 hm Exp $
d190 1
a190 1
				alias=$((${alias} + 1))
@


1.74.2.25
log
@MFC: IP Filter rc.* reorganisation plus documentation of it.
While this adds functionaility to save state and nat tables across
reboots, saving nat tables will still cause a panic. The fix will
be MFC-ed in 3 days
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.24 2001/11/19 10:42:28 sheldonh Exp $
d50 6
d57 1
a57 3
	# check whether ipfilter and/or ipnat is enabled
	ipfilter_active="NO"
	case ${ipfilter_enable} in
d59 31
a89 22
		ipfilter_active="YES"
		;;
	esac
	case ${ipnat_enable} in
	[Yy][Ee][Ss])
		ipfilter_active="YES"
		;;
	esac
	case ${ipfilter_active} in
	[Yy][Ee][Ss])
		# load ipfilter kernel module if needed
		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
			if kldload ipl; then
				echo 'IP-filter module loaded.'
			else
				echo 'Warning: IP-filter module failed to load.'
				# avoid further errors
				ipmon_enable="NO"
				ipfilter_enable="NO"
				ipnat_enable="NO"
				ipfs_enable="NO"
			fi
a90 44
		# start ipmon before loading any rules
		case "${ipmon_enable}" in
		[Yy][Ee][Ss])
			echo -n ' ipmon'
			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
			;;
		esac
		case "${ipfilter_enable}" in
		[Yy][Ee][Ss])
			if [ -r "${ipfilter_rules}" ]; then
				echo -n ' ipfilter'
				${ipfilter_program:-/sbin/ipf} -Fa -f \
				    "${ipfilter_rules}" ${ipfilter_flags}
			else
				ipfilter_enable="NO"
				echo -n ' NO IPF RULES'
			fi
			;;
		esac
		case "${ipnat_enable}" in
		[Yy][Ee][Ss])
			if [ -r "${ipnat_rules}" ]; then
				echo -n ' ipnat'
				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
				    "${ipnat_rules}" ${ipnat_flags}
			else
				ipnat_enable="NO"
				echo -n ' NO IPNAT RULES'
			fi
			;;
		esac
		# restore filter/NAT state tables after loading the rules
		case "${ipfs_enable}" in
		[Yy][Ee][Ss])
			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
				echo -n ' ipfs'
				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
				# remove files to avoid reloading old state
				# after an ungraceful shutdown
				rm -f /var/db/ipf/ipstate.ipf
				rm -f /var/db/ipf/ipnat.ipf
			fi
			;;
		esac
a249 9

	# Re-Sync ipfilter so it picks up any new network interfaces
	#
	case ${ipfilter_active} in
	[Yy][Ee][Ss])
		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
		;;
	esac
	unset ipfilter_active
@


1.74.2.26
log
@MFC: 1.116. Protect the '*' in pppoed_provider (the default) from
metacharacter expansion in the rc-scripts.

PR:		32552
Submitted by:	ru
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.25 2001/12/05 10:50:07 guido Exp $
a778 1
		_opts=$-; set -f
a779 1
		set +f; set -${_opts}
@


1.74.2.27
log
@MFC: New rc.conf variable, cloned_interfaces, for creating cloned
network devices at startup.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.26 2001/12/07 08:32:37 cjc Exp $
a148 5
	# Attempt to create cloned interfaces.
	for ifn in ${cloned_interfaces}; do
		ifconfig ${ifn} create
	done

a179 3
	*)
		network_interfaces="${network_interfaces} ${cloned_interfaces}"
		;;
d830 1
a830 2
				ifconfig $i create >/dev/null 2>&1
				ifconfig $i tunnel ${peers}
@


1.74.2.28
log
@MFC: s/sysctl -w/sysctl/
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.27 2001/12/09 06:02:40 brooks Exp $
d360 1
a360 1
				sysctl net.inet.ip.fw.verbose=1 >/dev/null
d403 1
a403 1
		sysctl net.inet.tcp.rfc1323=0 >/dev/null
d410 1
a410 1
		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
d417 1
a417 1
		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
d424 1
a424 1
		sysctl net.inet.icmp.log_redirect=1 >/dev/null
d431 1
a431 1
		sysctl net.inet.ip.forwarding=1 >/dev/null
d438 1
a438 1
		sysctl net.inet.ip.sourceroute=1 >/dev/null
d445 1
a445 1
		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
d452 1
a452 1
		sysctl net.inet.tcp.always_keepalive=1 >/dev/null
d459 1
a459 1
		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
d466 1
a466 1
		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
d473 1
a473 1
		sysctl net.link.ether.inet.proxyall=1 >/dev/null
d482 1
a482 1
		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
d491 1
a491 1
		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
d653 1
a653 1
				sysctl vfs.nfs.nfs_privport=1 >/dev/null
d660 1
a660 1
				sysctl vfs.nfs.bufpackets=${nfs_bufpackets} \
d701 1
a701 1
		sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} \
d817 2
a818 2
		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
		sysctl net.inet.udp.log_in_vain=1 >/dev/null
@


1.74.2.29
log
@MFC: Make the rc.conf(5) 'log_in_vain' knob an integer.

PR:		bin/32953
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.28 2001/12/19 17:52:17 ru Exp $
a813 6
		log_in_vain=0
		;;
	[Yy][Ee][Ss])
		log_in_vain=1
		;;
	[0-9]*)
d816 3
a818 2
		echo " invalid log_in_vain setting: ${log_in_vain}"
		log_in_vain=0
a820 4

	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
@


1.74.2.30
log
@MFC 1.123: peter points out that we probably should not mess with the
sysctl(8) values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.

If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.29 2002/02/04 22:29:02 cjc Exp $
d827 3
a829 5
	if [ "${log_in_vain}" -ne 0 ]; then
		echo -n " log_in_vain=${log_in_vain}"
		sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
		sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
	fi
@


1.74.2.31
log
@MFC: There is no reason to demand the administrator set
'natd_interface' when running natd(8) out of the rc-files.

  src/etc/defaults/rc.conf	1.139
  src/etc/rc.network		1.124
  src/share/man/man5/rc.conf.5	1.152
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.30 2002/02/09 10:38:42 cjc Exp $
d338 2
a339 2
							grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
							natd_flags="$natd_flags -a ${natd_interface}"
d341 1
a341 1
							natd_flags="$natd_flags -n ${natd_interface}"
d343 2
a345 1
					echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
@


1.74.2.32
log
@MFC: register amd's dependency on NFS

	rc		rev 1.292
	rc.network	rev 1.121
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.31 2002/02/23 15:48:21 cjc Exp $
d697 5
a701 33
		nfsclient_in_kernel=0
		# Handle absent nfs client support
		if sysctl vfs.nfs >/dev/null 2>&1; then
			nfsclient_in_kernel=1
		else
			kldload nfsclient && nfsclient_in_kernel=1
		fi
		if [ ${nfsclient_in_kernel} -eq 1 ]
		then
			echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
			if [ -n "${nfs_access_cache}" ]; then
				echo -n " NFS access cache time=${nfs_access_cache}"
				sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
			fi

			case ${amd_enable} in
			[Yy][Ee][Ss])
				echo -n ' amd'
				case ${amd_map_program} in
				[Nn][Oo] | '')
					;;
				*)
					amd_flags="${amd_flags} `eval ${amd_map_program}`"
					;;
				esac
		
				if [ -n "${amd_flags}" ]; then
					amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
				else
					amd 2> /dev/null
				fi
				;;
			esac
d712 19
@


1.74.2.33
log
@Revert previous delta.  The patch wasn't properly tailored to -STABLE,
where nfcslient.ko does not exist.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.32 2002/02/27 10:36:03 sheldonh Exp $
d697 33
a729 5
		echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
		if [ -n "${nfs_access_cache}" ]; then
		echo -n " NFS access cache time=${nfs_access_cache}"
		sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} \
			>/dev/null
a739 19

	case ${amd_enable} in
	[Yy][Ee][Ss])
		echo -n ' amd'
		case ${amd_map_program} in
		[Nn][Oo] | '')
			;;
		*)
			amd_flags="${amd_flags} `eval ${amd_map_program}`"
			;;
		esac

		if [ -n "${amd_flags}" ]; then
			amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
		else
			amd 2> /dev/null
		fi
		;;
	esac
@


1.74.2.34
log
@Re-introduce registration of amd's dependency on nfs.  This time,
load nfs.ko, not nfsclient.ko.  The change has been tested for
kernels with and without NFS support wired in.

This change was originally MFC'd as

	rev 1.212.2.41 of src/etc/rc
	rev 1.74.2.32 of src/etc/rc.network
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.33 2002/03/04 08:37:33 sheldonh Exp $
d697 5
a701 33
		nfs_in_kernel=0
		# Handle absent nfs client support
		if sysctl vfs.nfs >/dev/null 2>&1; then
			nfs_in_kernel=1
		else
			kldload nfs && nfs_in_kernel=1
		fi
		if [ ${nfs_in_kernel} -eq 1 ]
		then
			echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
			if [ -n "${nfs_access_cache}" ]; then
				echo -n " NFS access cache time=${nfs_access_cache}"
				sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
			fi

			case ${amd_enable} in
			[Yy][Ee][Ss])
				echo -n ' amd'
				case ${amd_map_program} in
				[Nn][Oo] | '')
					;;
				*)
					amd_flags="${amd_flags} `eval ${amd_map_program}`"
					;;
				esac
		
				if [ -n "${amd_flags}" ]; then
					amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
				else
					amd 2> /dev/null
				fi
				;;
			esac
d712 19
@


1.74.2.35
log
@MFC 1.125: redirect stdout of `ipf -y' to /dev/null.
@
text
@d27 1
a27 1
# $FreeBSD$
d294 1
a294 1
		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
@


1.74.2.36
log
@MFC 1.128: The reload of ipf(8) rules should depend on
$ipfilter_enable, not $ipfilter_active. $ipfilter_enable is set to
"NO" if modules fail to load, and $ipfilter_active can be "YES" when
we are not using ipf(8).
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.35 2002/03/09 03:54:10 dd Exp $
d292 1
a292 1
	case ${ipfilter_enable} in
d297 1
@


1.74.2.37
log
@MFC 1.130: IPFilter may need to be re-sync'ed even if we are not
filtering, but only doing ipnat(8). Go back to using $ipfilter_active,
but turn off $ipfilter_active when loading ipl.ko has failed.

Submitted by:	devet@@devet.org (Arjan de Vet)
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.36 2002/03/15 10:20:54 cjc Exp $
a71 1
				ipfilter_active="NO"
d292 1
a292 1
	case ${ipfilter_active} in
a296 1
	unset ipfilter_active
@


1.74.2.38
log
@MFC my changes from 1.129 and 1.132, which gives amd a better chance
of starting successfully when amd_flags="".
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.37 2002/03/21 10:27:34 cjc Exp $
d720 1
a720 2
					amd_flags="${amd_flags} `eval \
						${amd_map_program}`"
d724 5
a728 14
				case "${amd_flags}" in
				'')
					if [ -r /etc/amd.conf ]; then
						amd &
					else
						echo ''
			echo 'Warning: amd will not load without arguments'
					fi
					;;
				*)
					amd -p ${amd_flags} >/var/run/amd.pid \
						2>/dev/null &
					;;
				esac
@


1.74.2.39
log
@Back out rev. 1.74.2.23 that used to be necessary to support i4b's
offspring version of sppp(4).  Now that all their functionality has
been merged back into the main version, there's no need for this hack
anymore.

(This is not an MFC, since the hack never emerged into -current at all.
It has only been there to support -stable users.)
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.38 2002/04/15 02:12:55 dougb Exp $
d166 8
a173 1
			eval spppcontrol ${ifn} ${spppcontrol_args}
@


1.74.2.39.2.1
log
@Merge OpenSSH, OPIE, PAM and a number of dependencies from -STABLE.
@
text
@d27 1
a27 1
# $FreeBSD$
d807 7
a813 16
		if [ -x /usr/bin/ssh-keygen ]; then
			if [ ! -f /etc/ssh/ssh_host_key ]; then
				echo ' creating ssh1 RSA host key';
				/usr/bin/ssh-keygen -t rsa1 -N "" \
					-f /etc/ssh/ssh_host_key
			fi
			if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
				echo ' creating ssh2 RSA host key';
				/usr/bin/ssh-keygen -t rsa -N "" \
					-f /etc/ssh/ssh_host_rsa_key
			fi
			if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
				echo ' creating ssh2 DSA host key';
				/usr/bin/ssh-keygen -t dsa -N "" \
					-f /etc/ssh/ssh_host_dsa_key
			fi
@


1.74.2.40
log
@MFC: 1.131, 1.133, 1.134 (ssh-keygen(8) now requires -t).
@
text
@d27 1
a27 1
# $FreeBSD$
d807 7
a813 16
		if [ -x /usr/bin/ssh-keygen ]; then
			if [ ! -f /etc/ssh/ssh_host_key ]; then
				echo ' creating ssh1 RSA host key';
				/usr/bin/ssh-keygen -t rsa1 -N "" \
					-f /etc/ssh/ssh_host_key
			fi
			if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
				echo ' creating ssh2 RSA host key';
				/usr/bin/ssh-keygen -t rsa -N "" \
					-f /etc/ssh/ssh_host_rsa_key
			fi
			if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
				echo ' creating ssh2 DSA host key';
				/usr/bin/ssh-keygen -t dsa -N "" \
					-f /etc/ssh/ssh_host_dsa_key
			fi
@


1.73
log
@Get the order of things right; the keys need to be generated
early to allow entropy to replenish.
sshd must start late to catch the full effects of ldconfig.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.72 2000/02/28 19:21:05 jkh Exp $
d609 1
a609 1
			echo creating ssh host key
@


1.72
log
@Generate new sshd host key when necessary.  I'm tired of
waiting for someone to commit this. :)
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.71 2000/02/24 23:12:04 markm Exp $
a610 3
			echo now starting sshd
		else
			echo -n ' sshd';
a611 1
		${sshd_program:-/usr/sbin/sshd} ${sshd_flags}
@


1.71
log
@Run sshd at boot time if the sysadmin wants it. Also install
ssh[d] config files in the right place.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.70 2000/02/06 16:33:54 hm Exp $
d608 7
a614 1
		echo -n ' sshd';
@


1.70
log
@Approved by: jkh
Reviewed by: joerg

The isdnd is able to listen on a socket for isdnmonitor to connect to
it to remotely control it (similar to ppp and pppctl). When this is
enabled in the isdnd config file, it will fail currently because isdnd
is started before the network interfaces are configured.
It is necessary to move the isdnd start after the ifconfig of the network
interfaces, then this problem will not occur.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.69 2000/01/15 14:28:05 green Exp $
d603 7
@


1.69
log
@This is another in Martin Blapp's N-series of mount-related cleanups :)
Changes are:
 - rpc.umntall is called at the right places now in /etc/rc*
 - rpc.umntall timeout has been lowered from two days (too high) to one
 - verbose messages in rpc.umntall have been clarified
 - kill double entries in /var/db/mounttab when rpc.umntall is invoked
 - ${early_nfs_mounts} has been removed from /etc/rc
 - patched mount(8) -p to print different pass/dump values for ufs filesystems.
   (last patch recieved from dan <bugg@@bugg.strangled.net>)

Submitted by:	Martin Blapp <mbr@@imp.ch>, dan <bugg@@bugg.strangled.net>
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.68 1999/12/17 13:36:40 roberto Exp $
a46 10
	# ISDN subsystem startup
	#
	case ${isdn_enable} in
	[Yy][Ee][Ss])
		if [ -r /etc/rc.isdn ]; then
			. /etc/rc.isdn
		fi
		;;
	esac

d130 10
@


1.68
log
@xntpd -> ntpd.

Submitted by:	ru
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.67 1999/12/12 01:58:30 obrien Exp $
d538 7
@


1.67
log
@Suport multiple ``ifconfig_*?="DHCP"'' configurations.

Currently we have a problem in that `dhclient' bails when configuring the
second interface as port 68 is already in use (by the `dhclient' started
for the first interface).

PR:		14810
Submitted by:	n_hibma
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.66 1999/11/23 00:26:03 brian Exp $
d394 1
a394 1
		echo -n ' xntpd';	${xntpd_program:-xntpd} ${xntpd_flags}
@


1.66
log
@Oops, typo
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.65 1999/11/23 00:22:24 brian Exp $
d80 1
a81 1
		showstat=false
d84 1
a84 1
			showstat=true
d95 3
a97 2
			${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn}
			showstat=true
d101 1
a101 1
			showstat=true
d104 5
d110 1
d118 1
a118 1
				showstat=true
d130 1
a130 1
			showstat=true
d132 1
d134 3
a136 2
		case ${showstat} in
		true)
d138 1
a138 2
			;;
		esac
@


1.65
log
@Add pppoed startup options
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.64 1999/11/17 22:38:02 ache Exp $
d583 1
a583 1
		if [ -n "$pppoed_provider ]; then
@


1.64
log
@Add network pass4 - after all local (/usr/local/etc/rc.d f.e.)
daemons started. Move log_in_vain option there. It is needed to avoid
lot of connections to port 80 logged on production WWW server prior
Apache started from /usr/local/etc/rc.d
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.63 1999/11/14 21:28:07 ache Exp $
d578 10
@


1.63
log
@Add single_mountd_enable hook to run mountd but not NFS server
Needed for machine with CFS but without real NFS
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.62 1999/09/19 21:32:42 green Exp $
a258 10
	case ${log_in_vain} in
	[Nn][Oo] | '')
		;;
	*)
		echo -n ' log_in_vain=YES'
		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
		;;
	esac

d583 16
@


1.62
log
@Make the firewall file variable space-safe.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.61 1999/09/13 15:44:18 sheldonh Exp $
d510 17
@


1.61
log
@Apply a consistent style to most of the etc scripts.  Particularly, use
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.

Changes discussed on freebsd-hackers.

Submitted by:	Doug Barton <Doug@@gorean.org>
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.60 1999/09/12 17:22:05 des Exp $
d190 2
a191 2
			if [ -r ${firewall_script} ]; then
				. ${firewall_script}
@


1.60
log
@Add the net.inet.tcp.restrict_rst and net.inet.tcp.drop_synfin sysctl
variables, conditional on the TCP_RESTRICT_RST and TCP_DROP_SYNFIN kernel
options, respectively. See the comments in LINT for details.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.59 1999/09/01 08:57:01 peter Exp $
d6 2
a7 2
# Note that almost all the user-configurable behavior is no longer in
# this file, but rather in /etc/rc.conf.  Please check that file
d12 34
d47 118
a164 117
network_pass1() {
    echo -n 'Doing initial network setup:'
    # Set the host name if it is not already set
    if [ -z "`hostname -s`" ] ; then
	    hostname ${hostname}
	    echo -n ' hostname'
    fi

    # Set the domainname if we're using NIS
    if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then
	    domainname ${nisdomainname}
	    echo -n ' domain'
    fi
    echo '.'

    # Initial ATM interface configuration
    if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then
	    . /etc/rc.atm
	    atm_pass1
    fi

    # ISDN subsystem startup
    if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then
	    . /etc/rc.isdn
    fi

    # Special options for sppp(4) interfaces go here.  These need
    # to go _before_ the general ifconfig section, since in the case
    # of hardwired (no link1 flag) but required authentication, you
    # cannot pass auth parameters down to the already running interface.
    for ifn in ${sppp_interfaces}; do
	    eval spppcontrol_args=\$spppconfig_${ifn}
	    if [ -n "${spppcontrol_args}" ] ; then
		    # The auth secrets might contain spaces; in order
		    # to retain the quotation, we need to eval them
		    # here.
		    eval spppcontrol ${ifn} ${spppcontrol_args}
	    fi
    done

    # Set up all the network interfaces, calling startup scripts if needed
    if [ "${network_interfaces}" = "auto" ]; then
	    network_interfaces="`ifconfig -l`"
    fi
    for ifn in ${network_interfaces}; do
	    showstat=false
	    if [ -e /etc/start_if.${ifn} ]; then
		    . /etc/start_if.${ifn}
		    showstat=true
	    fi
	    # Do the primary ifconfig if specified
	    eval ifconfig_args=\$ifconfig_${ifn}
	    if [ -n "${ifconfig_args}" ] ; then
		    # See if we are using DHCP
		    if [ "${ifconfig_args}" = "DHCP" ]; then
			     ${dhcp_program} ${dhcp_flags} ${ifn}
		    else
			     ifconfig ${ifn} ${ifconfig_args}
		    fi
		    showstat=true
	    fi
	    # Check to see if aliases need to be added
	    alias=0
	    while :
	    do
		    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
		    if [ -n "${ifconfig_args}" ]; then
			    ifconfig ${ifn} ${ifconfig_args} alias
			    showstat=true
			    alias=`expr ${alias} + 1`
		    else
			    break;
		    fi
	    done
	    # Do ipx address if specified
	    eval ifconfig_args=\$ifconfig_${ifn}_ipx
	    if [ -n "${ifconfig_args}" ]; then
		    ifconfig ${ifn} ${ifconfig_args}
		    showstat=true
	    fi
	    if [ "${showstat}" = "true" ]
	    then
		    ifconfig ${ifn}
	    fi
    done

    # Warm up user ppp if required, must happen before natd.
    if [ "${ppp_enable}" = "YES" ]; then
	    # Establish ppp mode.
	    if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
		-a "${ppp_mode}" != "dedicated" \
		-a "${ppp_mode}" != "background" ]; then
	        ppp_mode="auto";
	    fi
	    ppp_command="-${ppp_mode} ";

	    # Switch on alias mode?
	    if [ "${ppp_nat}" = "YES" ]; then
		ppp_command="${ppp_command} -nat";
	    fi

	    echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
    fi

    # Initialize IP filtering using ipfw
    echo ""
    /sbin/ipfw -q flush > /dev/null 2>&1
    if [ $? = 0 ] ; then
	firewall_in_kernel=1
    else 
	firewall_in_kernel=0
    fi

    if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}"  = "YES" ] ; then
	if kldload ipfw; then
		firewall_in_kernel=1		# module loaded successfully
		echo "Kernel firewall module loaded."
d166 1
a166 1
		echo "Warning: firewall kernel module failed to load."
a167 1
    fi
d169 58
a226 4
    # Load the filters if required
    if [ ${firewall_in_kernel} = 1 ]; then
	if [ -z "${firewall_script}" ] ; then
	    firewall_script="/etc/rc.firewall"
d228 19
a246 22
	if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then
	    . ${firewall_script}
	    echo -n 'Firewall rules loaded, starting divert daemons:'

	    # Network Address Translation daemon
	    if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then
		if echo ${natd_interface} | \
		    grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
		    natd_ifarg="-a ${natd_interface}"
		else
		    natd_ifarg="-n ${natd_interface}"
		fi
		echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg}
	    fi
	    echo '.'
	else
	    IPFW_DEFAULT=`ipfw l 65535`
	    if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then
		echo -n "Warning: kernel has firewall functionality, "
		echo "but firewall rules are not enabled."
		echo "         All ip services are disabled."
	    fi
a247 1
    fi
d249 128
a376 107
    # Additional ATM interface configuration
    if [ -n "${atm_pass1_done}" ]; then
	    atm_pass2
    fi

    # Configure routing

    if [ "${defaultrouter}" != "NO" ] ; then
	    static_routes="default ${static_routes}"
	    route_default="default ${defaultrouter}"
    fi
    
    # Set up any static routes.  This should be done before router discovery.
    if [ -n "${static_routes}" ]; then
	    for i in ${static_routes}; do
		    eval route_args=\$route_${i}
		    route add ${route_args}
	    done
    fi

    echo -n 'Additional routing options:'
    if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then
	    echo -n ' tcp extensions=NO'
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
    fi

    if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then
	    echo -n ' log_in_vain=YES'
	    sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
	    sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
    fi

    if [ "${icmp_bmcastecho}" = "YES" ]; then
	    echo -n ' broadcast ping responses=YES'
	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
    fi
    
    if [ "${icmp_drop_redirect}" = "YES" ]; then
	    echo -n ' ignore ICMP redirect=YES'
	    sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
    fi
    
    if [ "${icmp_log_redirect}" = "YES" ]; then
	    echo -n ' log ICMP redirect=YES'
	    sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
    fi

    if [ "${gateway_enable}" = "YES" ]; then
	    echo -n ' IP gateway=YES'
	    sysctl -w net.inet.ip.forwarding=1 >/dev/null
    fi
    
    if [ "${forward_sourceroute}" = "YES" ]; then
	    echo -n ' do source routing=YES'
	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null
    fi

    if [ "${accept_sourceroute}" = "YES" ]; then
	    echo -n ' accept source routing=YES'
	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
    fi

    if [ "${tcp_keepalive}" = "YES" ]; then
	    echo -n ' TCP keepalive=YES'
	    sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
    fi

    if [ "X$tcp_restrict_rst" = X"YES" ]; then
	    echo -n ' restrict TCP reset=YES'
	    sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
    fi

    if [ "X$tcp_drop_synfin" = X"YES" ]; then
	    echo -n ' drop SYN+FIN packets=YES'
	    sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
    fi

    if [ "${ipxgateway_enable}" = "YES" ]; then
	    echo -n ' IPX gateway=YES'
	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
    fi
    
    if [ "${arpproxy_all}" = "YES" ]; then
	    echo -n ' ARP proxyall=YES'
	    sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
    fi
    echo '.'

    echo -n 'routing daemons:'
    if [ "${router_enable}" = "YES" ]; then
	    echo -n " ${router}";	${router} ${router_flags}
    fi
    
    if [ "${ipxrouted_enable}" = "YES" ]; then
	    echo -n ' IPXrouted'
	    IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
    fi
    
    if [ "${mrouted_enable}" = "YES" ]; then
	    echo -n ' mrouted'; mrouted ${mrouted_flags}
    fi

    if [ "${rarpd_enable}" = "YES" ]; then
	    echo -n ' rarpd';     rarpd ${rarpd_flags}
    fi
    echo '.'
    network_pass1_done=YES	# Let future generations know we made it.
d380 88
a467 56
    echo -n 'Doing additional network setup:'
    if [ "${named_enable}" = "YES" ]; then
	    echo -n ' named';		${named_program-"named"} ${named_flags}
    fi

    if [ "${ntpdate_enable}" = "YES" ]; then
	    echo -n ' ntpdate';	${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1
    fi

    if [ "${xntpd_enable}" = "YES" ]; then
	    echo -n ' xntpd';	${xntpd_program} ${xntpd_flags}
    fi

    if [ "${timed_enable}" = "YES" ]; then
	    echo -n ' timed';		timed ${timed_flags}
    fi

    if [ "${portmap_enable}" = "YES" ]; then
	    echo -n ' portmap';		${portmap_program} ${portmap_flags}
    fi

    # Start ypserv if we're an NIS server.
    # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
    if [ "${nis_server_enable}" = "YES" ]; then
	    echo -n ' ypserv'; ypserv ${nis_server_flags}
	    
	    if [ "${nis_ypxfrd_enable}" = "YES" ]; then
		    echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags}
	    fi
	    
	    if [ "${nis_yppasswdd_enable}" = "YES" ]; then
		    echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags}
	    fi
    fi

    # Start ypbind if we're an NIS client
    if [ "${nis_client_enable}" = "YES" ]; then
	    echo -n ' ypbind'; ypbind ${nis_client_flags}
	    if [ "${nis_ypset_enable}" = "YES" ]; then
		    echo -n ' ypset'; ypset ${nis_ypset_flags}
	    fi
    fi

    # Start keyserv if we are running Secure RPC
    if [ "${keyserv_enable}" = "YES" ]; then
	    echo -n ' keyserv';		keyserv ${keyserv_flags}
    fi
    # Start ypupdated if we are running Secure RPC and we are NIS master
    if [ "${rpc_ypupdated_enable}" = "YES" ]; then
	    echo -n ' rpc.ypupdated';	rpc.ypupdated
    fi

    # Start ATM daemons
    if [ -n "${atm_pass2_done}" ]; then
	    atm_pass3
    fi
d469 2
a470 2
    echo '.'
    network_pass2_done=YES
d474 38
a511 1
    echo -n 'Starting final network daemons:'
d513 4
a516 22
    if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then
	    echo -n ' mountd'
	    if [ "${weak_mountd_authentication}" = "YES" ]; then
		    mountd_flags="-n"
	    fi
	    mountd ${mountd_flags}
	    if [ "${nfs_reserved_port_only}" = "YES" ]; then
		    echo -n ' NFS on reserved port only=YES'
		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
	    fi
	    echo -n ' nfsd';		nfsd ${nfs_server_flags}
	    if [ "${rpc_lockd_enable}" = "YES" ]; then
		echo -n ' rpc.lockd';		rpc.lockd
	    fi
	    if [ "${rpc_statd_enable}" = "YES" ]; then
		echo -n ' rpc.statd';		rpc.statd
	    fi
    fi
    
    if [ "${nfs_client_enable}" = "YES" ]; then
	    echo -n ' nfsiod';		nfsiod ${nfs_client_flags}
	    if [ "${nfs_access_cache}" != "X" ]; then
d519 43
a561 29
		    >/dev/null
	    fi
    fi

    if [ "${amd_enable}" = "YES" ]; then
	    echo -n ' amd'
	    if [ "${amd_map_program}" != "NO" ]; then
		amd_flags="${amd_flags} `eval ${amd_map_program}`"
	    fi
	    if [ -n "${amd_flags}" ]
	    then
	      amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
	    else
	      amd 2> /dev/null
	    fi
    fi

    if [ "${rwhod_enable}" = "YES" ]; then
	    echo -n ' rwhod';	rwhod ${rwhod_flags}
    fi

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "${kerberos_server_enable}" = "YES" ]; then
	    if [ "${kerberos_stash}" = "YES" ]; then
		stash_flag=-n
	    else
		stash_flag=
	    fi
	    echo -n ' kerberos'; \
d563 13
a575 9
	    if [ "${kadmind_server_enable}" = "YES" ]; then
		echo -n ' kadmind'; \
		(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
	    fi
	    unset stash_flag
    fi
    
    echo '.'
    network_pass3_done=YES
@


1.59
log
@-background is also a legitimate ppp mode.  Don't change it to -auto.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.58 1999/08/27 23:23:44 peter Exp $
d230 10
@


1.58
log
@$Id$ -> $FreeBSD$
@
text
@d3 1
a3 1
# $FreeBSD$
d103 2
a104 1
		-a "${ppp_mode}" != "dedicated" ]; then \
@


1.57
log
@Catch an extra X on DHCP.

Spotted by the eagle eyes of:	Pierre DAVID <Pierre.David@@prism.uvsq.fr>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.56 1999/08/25 16:01:37 sheldonh Exp $
@


1.56
log
@Style clean-up:

	* All variables are now embraced: ${foo}

	* All comparisons against some value now take the form:
	  [ "${foo}" ? "value" ]
	  where ? is a comparison operator

	* All empty string tests now take the form:
	  [ -z "${foo}" ]

	* All non-empty string tests now take the form:
	  [ -n "${foo}" ]

Submitted by:	jkh
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.55 1999/08/22 23:26:03 brian Exp $
d67 1
a67 1
		    if [ "${ifconfig_args}" = "XDHCP" ]; then
@


1.55
log
@ppp_alias -> ppp_nat

Submitted by: Josef L. Karthauser <joe@@FreeBSD.org.uk>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.54 1999/08/19 21:15:16 brian Exp $
d17 1
a17 1
	    hostname $hostname
d22 2
a23 2
    if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then
	    domainname $nisdomainname
d29 1
a29 1
    if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then
d35 1
a35 1
    if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then
d54 1
a54 1
    if [ "x${network_interfaces}" = "xauto" ]; then
d67 1
a67 1
		    if [ X"${ifconfig_args}" = X"DHCP" ]; then
d100 1
a100 1
    if [ "X$ppp_enable" = X"YES" ]; then
d102 2
a103 2
	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
		-a "X$ppp_mode" != X"dedicated" ]; then \
d109 1
a109 1
	    if [ "X$ppp_nat" = X"YES" ]; then
d125 1
a125 1
    if [ $firewall_in_kernel = 0 -a "x$firewall_enable"  = "xYES" ] ; then
d135 1
a135 1
    if [ $firewall_in_kernel = 1 ]; then
d139 1
a139 1
	if [ -f ${firewall_script} -a X"$firewall_enable" = X"YES" ]; then
d144 1
a144 1
	    if [ X"${natd_enable}" = X"YES" -a -n "${natd_interface}" ]; then
d156 1
a156 1
	    if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then
d171 1
a171 1
    if [ "x$defaultrouter" != "xNO" ] ; then
d177 1
a177 1
    if [ "x${static_routes}" != "x" ]; then
d185 1
a185 1
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
d190 1
a190 1
    if [ -n "$log_in_vain" -a "x$log_in_vain" != "xNO" ] ; then
d196 1
a196 1
    if [ X"$icmp_bmcastecho" = X"YES" ]; then
d201 1
a201 1
    if [ "X$icmp_drop_redirect" = X"YES" ]; then
d206 1
a206 1
    if [ "X$icmp_log_redirect" = X"YES" ]; then
d211 1
a211 1
    if [ "X$gateway_enable" = X"YES" ]; then
d216 1
a216 1
    if [ "X$forward_sourceroute" = X"YES" ]; then
d221 1
a221 1
    if [ "X$accept_sourceroute" = X"YES" ]; then
d226 1
a226 1
    if [ "X$tcp_keepalive" = X"YES" ]; then
d231 1
a231 1
    if [ "X$ipxgateway_enable" = X"YES" ]; then
d236 1
a236 1
    if [ "X$arpproxy_all" = X"YES" ]; then
d243 1
a243 1
    if [ "X$router_enable" = X"YES" ]; then
d247 1
a247 1
    if [ "X$ipxrouted_enable" = X"YES" ]; then
d252 1
a252 1
    if [ "X${mrouted_enable}" = X"YES" ]; then
d256 1
a256 1
    if [ "X$rarpd_enable" = X"YES" ]; then
d265 1
a265 1
    if [ "X${named_enable}" = X"YES" ]; then
d269 1
a269 1
    if [ "X${ntpdate_enable}" = X"YES" ]; then
d273 1
a273 1
    if [ "X${xntpd_enable}" = X"YES" ]; then
d277 1
a277 1
    if [ "X${timed_enable}" = X"YES" ]; then
d281 1
a281 1
    if [ "X${portmap_enable}" = X"YES" ]; then
d287 1
a287 1
    if [ "X${nis_server_enable}" = X"YES" ]; then
d290 1
a290 1
	    if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then
d294 1
a294 1
	    if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then
d300 1
a300 1
    if [ "X${nis_client_enable}" = X"YES" ]; then
d302 1
a302 1
	    if [ "X${nis_ypset_enable}" = X"YES" ]; then
d308 1
a308 1
    if [ "X${keyserv_enable}" = X"YES" ]; then
d312 1
a312 1
    if [ "X$rpc_ypupdated_enable" = X"YES" ]; then
d328 1
a328 1
    if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then
d330 1
a330 1
	    if [ "X${weak_mountd_authentication}" = X"YES" ]; then
d334 1
a334 1
	    if [ "X${nfs_reserved_port_only}" = X"YES" ]; then
d339 1
a339 1
	    if [ "X$rpc_lockd_enable" = X"YES" ]; then
d342 1
a342 1
	    if [ "X$rpc_statd_enable" = X"YES" ]; then
d347 1
a347 1
    if [ "X${nfs_client_enable}" = X"YES" ]; then
d349 1
a349 1
	    if [ "X${nfs_access_cache}" != X ]; then
d356 1
a356 1
    if [ "X${amd_enable}" = X"YES" ]; then
d358 1
a358 1
	    if [ "X${amd_map_program}" != X"NO" ]; then
d361 1
a361 1
	    if [ -n "$amd_flags" ]
d369 1
a369 1
    if [ "X${rwhod_enable}" = X"YES" ]; then
d374 2
a375 2
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
	    if [ "X${kerberos_stash}" = "XYES" ]; then
d382 1
a382 1
	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
@


1.54
log
@Quieten ppp at startup.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.53 1999/08/10 09:45:31 des Exp $
d109 2
a110 2
	    if [ "X$ppp_alias" = X"YES" ]; then
		ppp_command="${ppp_command} -alias";
@


1.53
log
@Add net.inet.icmp.log_redirect and net.inet.icmp.drop_redirect, for
respectively logging and dropping ICMP REDIRECT packets.

Note that there is no rate limiting on the log messages, so log_redirect
should be used with caution (preferrably only for debugging purposes).
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.52 1999/07/26 15:17:23 brian Exp $
d113 1
a113 1
	    echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile}
@


1.52
log
@Start ppp before natd, not afterwards.

Submitted by: Josef L. Karthauser <joe@@uk.FreeBSD.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $
d199 10
@


1.51
log
@Add a default ppp.conf (mode 600).

Originally submitted by: Wayne Self <wself@@cdrom.com>

Allow a ppp startup option in rc.conf.

Adjust sysinstall so that it appends to the end of ppp.conf
and uses the generated profile to start ppp in auto mode on
boot.

Submitted by: Josef L. Karthauser <joe@@uk.FreeBSD.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.50 1999/07/16 09:26:52 jkh Exp $
d99 17
a161 17
    fi

    # Warm up user ppp if required.
    if [ "X$ppp_enable" = X"YES" ]; then
	    # Establish ppp mode.
	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
		-a "X$ppp_mode" != X"dedicated" ]; then \
	        ppp_mode="auto";
	    fi
	    ppp_command="-${ppp_mode} ";

	    # Switch on alias mode?
	    if [ "X$ppp_alias" = X"YES" ]; then
		ppp_command="${ppp_command} -alias";
	    fi

	    echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile}
@


1.50
log
@Allow DHCP to be used in an ifconfig variable instead of the usual
address information, producing the obvious effect (dhcp configuration).

Submitted by:   "Sean O'Connell" <sean@@stat.Duke.EDU>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.49 1999/07/08 18:56:02 peter Exp $
d145 17
@


1.49
log
@Tweak previous commit.  Only sense the configuration if network_interfaces
is set to "auto".  Any network_interfaces settings will be treated as
before.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.48 1999/07/07 12:49:45 peter Exp $
d66 6
a71 1
		    ifconfig ${ifn} ${ifconfig_args}
@


1.48
log
@Do away with ${network_interfaces} in rc.conf.  Just use `ifconfig -l` to
get a list of interfaces, and then automatically configure them if
${ifconfig_${ifn}} or /etc/start_if.${ifn} exists.

This makes it a lot easier to deal with machines that constantly change
their network configuration as you can leave ifconfig settings for all
the possible cards - just the ones that are present will be configured.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.47 1999/06/08 13:00:30 brian Exp $
d54 4
a57 2
    interfaces="`ifconfig -l`"
    for ifn in ${interfaces}; do
@


1.47
log
@If amd_flags is empty, don't add -p as it makes amd abend.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.46 1999/06/05 12:06:19 bde Exp $
d54 3
a56 1
    for ifn in ${network_interfaces}; do
d59 1
d65 1
d74 1
d84 5
a89 1
	    ifconfig ${ifn}
@


1.46
log
@Don't discard error output from sysctl(8).

Do discard standard output from the sysctl for approxy_all, and echo
what this sysctl is doing in the usual way.  This fix is probably
backwards.  We should probably just use the standard sysctl output
in all cases (it needs to have a newline filtered out).

Echo what the sysctls for nfs_reserved_port_only and nfs_access_cache
are doing.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.45 1999/06/05 05:45:47 phk Exp $
d318 6
a323 1
	    amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
@


1.45
log
@Add handle to control global TCP keepalives and turn them on as
default.

Despite their name it doesn't keep TCP sessions alive, it kills
them if the other end has gone AWOL.  This happens a lot with
clients which use NAT, dynamic IP assignment or which has a 2^32
* 10^-3 seconds upper bound on their uptime.

There is no detectable increase in network trafic because of this:
two minimal TCP packets every two hours for a live TCP connection.

Many servers already enable keepalives themselves.

The host requirements RFC is 10 years old, and doesn't know about
the loosing clients of todays InterNet.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.44 1999/04/12 15:26:41 brian Exp $
d154 1
a154 1
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
d159 2
a160 2
	    sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 2>&1
	    sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 2>&1
d165 1
a165 1
	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
d170 1
a170 1
	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1
d175 1
a175 1
	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1
d180 1
a180 1
	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1
d185 1
a185 1
	    sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 2>&1
d190 1
a190 1
	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1
d194 2
a195 2
	    echo -n ' enabling ARP_PROXY_ALL: '
	    sysctl -w net.link.ether.inet.proxyall=1 2>&1
d292 2
a293 1
		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1
d307 1
d309 1
a309 1
			>/dev/null 2>&1
@


1.44
log
@Remove extraneous space
PR:		11096
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.43 1999/04/10 10:56:58 des Exp $
d181 5
@


1.43
log
@Allow the user to specify a different firewall script than /etc/rc.firewall.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.42 1999/03/28 20:36:03 imp Exp $
d108 1
a108 1
	    echo -n 'Firewall rules loaded, starting divert daemons: '
@


1.42
log
@Add two features:
    log_in_vain:
	log_in_vain turns on logging for packets to ports for which
	there is no listener.
    rc.sysctl:
	A generic way to set sysctl values.  It reads /etc/syslog.conf
	and sets values based on that.  No /etc/syslog.conf has been
	checked in yet, and I've not added this to the makefile yet
	until I get more feedback.

Reviewed by: -current, -hackers and bde especially
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.41 1999/03/24 10:28:49 brian Exp $
d103 5
a107 2
	if [ -f /etc/rc.firewall -a X"$firewall_enable" = X"YES" ]; then
	    . /etc/rc.firewall
@


1.41
log
@Move natd from network_pass3 to network_pass1
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.40 1999/03/11 16:17:24 jfitz Exp $
d152 6
@


1.40
log
@Add ${lpd_program} and ${portmap_program} as variables in rc.conf, with
suitable defaults pointing to the FreeBSD-shipped versions.  This will allow
for easier integration of third-party replacements for these daemons.
Reviewed by: Several members of -committers
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $
d103 1
a103 2
	if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \
		"x$firewall_enable" = "xYES" ] ; then
d105 13
a117 1
	    echo "Firewall rules loaded."
a324 12
    # Network Address Translation daemon
       if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \
               -a X"${firewall_enable}" = X"YES" ]; then
               if echo ${natd_interface} | \
                       grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
                       natd_ifarg="-a ${natd_interface}"
               else
                       natd_ifarg="-n ${natd_interface}"
               fi
               echo -n ' natd'; natd ${natd_flags} ${natd_ifarg}
       fi

@


1.39
log
@Add some special hooks for sppp(4) interfaces.  In addition to the
normal ifconfig stuff, one might need to pass down authentication
parameters for them.

This is closely tied to Hellmuth's impending rc patches for ISDN, but
sppp can also be used separately (thus it doesn't go directly into the
planned ISDN section of rc.conf).

Reviewed by:	hm
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.38 1999/01/13 08:20:55 hm Exp $
d214 1
a214 1
	    echo -n ' portmap';		portmap ${portmap_flags}
@


1.39.2.1
log
@MFC: portmap_program, lpd_program, sendmail comments, check_quota, enable_quotas

	rc.conf 	1.1 -> 1.4
	rc.network 	1.39 -> 1.40
	rc 		1.179 -> 1.180
			1.182 -> 1.183
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.40 1999/03/11 16:17:24 jfitz Exp $
d214 1
a214 1
	    echo -n ' portmap';		${portmap_program} ${portmap_flags}
@


1.39.2.2
log
@MFC: Move natd to network_pass1
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.41 1999/03/24 10:28:49 brian Exp $
d103 2
a104 1
	if [ -f /etc/rc.firewall -a X"$firewall_enable" = X"YES" ]; then
d106 1
a106 13
	    echo -n 'Firewall rules loaded, starting divert daemons: '

	    # Network Address Translation daemon
	    if [ X"${natd_enable}" = X"YES" -a -n "${natd_interface}" ]; then
		if echo ${natd_interface} | \
		    grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
		    natd_ifarg="-a ${natd_interface}"
		else
		    natd_ifarg="-n ${natd_interface}"
		fi
		echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg}
	    fi
	    echo '.'
d314 12
@


1.39.2.3
log
@MFC: Allow the user to specify a firewall script.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.2 1999/03/24 17:25:26 brian Exp $
d103 2
a104 5
	if [ -z "${firewall_script}" ] ; then
	    firewall_script="/etc/rc.firewall"
	fi
	if [ -f ${firewall_script} -a X"$firewall_enable" = X"YES" ]; then
	    . ${firewall_script}
@


1.39.2.4
log
@MFC: remove extraneous space
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.3 1999/04/10 10:59:15 des Exp $
d108 1
a108 1
	    echo -n 'Firewall rules loaded, starting divert daemons:'
@


1.39.2.5
log
@MFC: Don't add the -p flag if amd_args is empty.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.4 1999/04/12 15:29:11 brian Exp $
d305 1
a305 6
	    if [ -n "$amd_flags" ]
	    then
	      amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
	    else
	      amd 2> /dev/null
	    fi
@


1.39.2.6
log
@MFC: revs 1.4{2,5,9}
     * log_in_vain
     * TCP keepalives
     * network_interfaces=auto processing
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.5 1999/06/09 08:56:11 brian Exp $
a53 3
    if [ "x${network_interfaces}" = "xauto" ]; then
	    network_interfaces="`ifconfig -l`"
    fi
a54 1
	    showstat=false
a56 1
		    showstat=true
a61 1
		    showstat=true
a69 1
			    showstat=true
a78 5
		    showstat=true
	    fi
	    if [ "${showstat}" = "true" ]
	    then
		    ifconfig ${ifn}
d80 1
a156 6
    if [ -n "$log_in_vain" -a "x$log_in_vain" != "xNO" ] ; then
	    echo -n ' log_in_vain=YES'
	    sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
	    sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
    fi

a176 5
    if [ "X$tcp_keepalive" = X"YES" ]; then
	    echo -n ' TCP keepalive=YES'
	    sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
    fi

d183 1
a183 1
	    echo -n ' ARP proxyall=YES'
a280 1
		    echo -n ' NFS on reserved port only=YES'
@


1.39.2.7
log
@MFC: rev 1.46 (don't discard error output from sysctl(8))
	 + echo "NFS access cache time" setting
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.6 1999/07/15 18:41:14 obrien Exp $
d165 1
a165 1
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
d176 1
a176 1
	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
d181 1
a181 1
	    sysctl -w net.inet.ip.forwarding=1 >/dev/null
d186 1
a186 1
	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null
d191 1
a191 1
	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
d201 1
a201 1
	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
d206 1
a206 1
	    sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
d304 1
a304 1
		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
d318 2
a319 2
		echo -n " NFS access cache time=${nfs_access_cache}"
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
@


1.39.2.8
log
@MFC: Add a default ppp.conf (mode 600).

     Originally submitted by: Wayne Self <wself@@cdrom.com>

     Allow a ppp startup option in rc.conf.

     Adjust sysinstall so that it appends to the end of ppp.conf
     and uses the generated profile to start ppp in auto mode on
     boot.

     Submitted by: Josef L. Karthauser <joe@@uk.FreeBSD.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.7 1999/07/15 18:45:07 obrien Exp $
a139 17
    fi

    # Warm up user ppp if required.
    if [ "X$ppp_enable" = X"YES" ]; then
	    # Establish ppp mode.
	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
		-a "X$ppp_mode" != X"dedicated" ]; then \
	        ppp_mode="auto";
	    fi
	    ppp_command="-${ppp_mode} ";

	    # Switch on alias mode?
	    if [ "X$ppp_alias" = X"YES" ]; then
		ppp_command="${ppp_command} -alias";
	    fi

	    echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile}
@


1.39.2.9
log
@MFC: ppp_alias -> ppp_nat
     Shuffle ppp startup location
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.8 1999/07/30 17:30:26 brian Exp $
a93 17
    # Warm up user ppp if required, must happen before natd.
    if [ "X$ppp_enable" = X"YES" ]; then
	    # Establish ppp mode.
	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
		-a "X$ppp_mode" != X"dedicated" ]; then \
	        ppp_mode="auto";
	    fi
	    ppp_command="-${ppp_mode} ";

	    # Switch on alias mode?
	    if [ "X$ppp_nat" = X"YES" ]; then
		ppp_command="${ppp_command} -nat";
	    fi

	    echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
    fi

d140 17
@


1.39.2.10
log
@$Id$ -> $FreeBSD$
@
text
@d3 1
a3 1
# $FreeBSD$
@


1.39.2.11
log
@MFC: Enable DHCP support
PR:	13548
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.39.2.10 1999/08/29 14:18:56 peter Exp $
d66 1
a66 6
		    # See if we are using DHCP
		    if [ X"${ifconfig_args}" = X"DHCP" ]; then
			     ${dhcp_program} ${dhcp_flags} ${ifn}
		    else
			     ifconfig ${ifn} ${ifconfig_args}
		    fi
@


1.39.2.12
log
@Put "${firewall_script}" in quotes.

Submitted by:	rox@@fearme.com
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.39.2.11 1999/09/03 08:57:26 jkh Exp $
d139 2
a140 2
	if [ -f "${firewall_script}" -a X"$firewall_enable" = X"YES" ]; then
	    . "${firewall_script}"
@


1.39.2.13
log
@MFC: Add the net.inet.icmp.drop_redirect, net.inet.icmp.log_redirect,
net.inet.tcp.drop_synfin and net.inet.tcp.restrict_rst sysctls.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.39.2.12 1999/09/19 21:35:18 green Exp $
a199 10
    
    if [ "X$icmp_drop_redirect" = X"YES" ]; then
	    echo -n ' ignore ICMP redirect=YES'
	    sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
    fi
    
    if [ "X$icmp_log_redirect" = X"YES" ]; then
	    echo -n ' log ICMP redirect=YES'
	    sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
    fi
a218 10
    fi

    if [ "X$tcp_drop_synfin" = X"YES" ]; then
	    echo -n ' drop SYN+FIN packets=YES'
	    sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
    fi

    if [ "X$tcp_restrict_rst" = X"YES" ]; then
	    echo -n ' restrict TCP reset=YES'
	    sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
@


1.39.2.14
log
@MFC (with whitespace changes): start pppoed
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.39.2.13 1999/10/14 11:49:32 des Exp $
a396 10

    case ${pppoed_enable} in
    [Yy][Ee][Ss])
	if [ -n "${pppoed_provider}" ]; then
	    pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
	fi
	echo -n ' pppoed';
	/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
	;;
    esac
@


1.38
log
@Integrate the ISDN subsystem into the /etc/rc framework
Reviewed by: Joerg Wunsch
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.37 1999/01/03 22:19:23 jkh Exp $
d38 14
@


1.37
log
@Allow rwhod to take flags.

PR:		7705
Submitted by:	Johan Karlsson <k@@numeri.campus.luth.se>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.36 1998/11/27 07:06:11 jkoshy Exp $
d32 5
@


1.36
log
@Direct std{err,out} to /dev/null when invoking sysctl(8) for setting
`nfs_access_cache_timeout'.

Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.35 1998/11/15 20:30:04 msmith Exp $
d276 1
a276 1
	    echo -n ' rwhod';	rwhod
@


1.35
log
@Implement the nfs_access_cache variable, allowing us to set the timeout for
the NFS client's ACCESS cache.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.34 1998/11/11 05:23:44 peter Exp $
d261 3
a263 2
	    if [ ! "X${nfs_access_cache}" = X ]; then
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache}
@


1.34
log
@kldload ipfw, it's installed always and works on both kernel formats
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.33 1998/10/06 19:24:14 phk Exp $
d261 3
@


1.33
log
@Here are some scripts and man pages for configuring HARP ATM
interfaces.

Reviewed by:	phk
Submitted by:	Mike Spengler <mks@@networkcs.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.32 1998/09/16 20:38:23 cracauer Exp $
d74 1
a74 1
	if modload /lkm/ipfw_mod.o; then
@


1.32
log
@rc.conf variable $amd_map_program needs to be eval'ed.
PR:		misc/7435
Submitted by:	David Wolfskill <dhw@@whistle.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.31 1998/09/15 10:49:02 jkoshy Exp $
d28 6
d98 5
d227 5
@


1.31
log
@Turn off replies to ICMP echo requests for broadcast and multicast
addresses by default.

Add a knob "icmp_bmcastecho" to "rc.network" to allow this
behaviour to be controlled from "rc.conf".

Document the controlling sysctl variable "net.inet.icmp.bmcastecho"
in sysctl(3).

Reviewed by: dg, jkh
Reminded on -hackers by: Steinar Haug <sthaug@@nethelp.no>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $
d250 1
a250 1
		amd_flags="${amd_flags} `${amd_map_program}`"
@


1.30
log
@tcp_extensions now only applies to RFC1323
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $
d111 5
@


1.29
log
@In /etc/rc.network, near line 242, setting up Kerberos,
variable "stash_flag" is set.  A few lines later, it is evaluated
as "stash_flags" with a trailing "s", and then a bit later the
singular version is unset.

PR:		7609
Reviewed by:	phk
Submitted by:	Walt Howard <howard@@ee.utah.edu>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.28 1998/07/08 15:40:53 nectar Exp $
a110 1
	    sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
@


1.28
log
@Allow either an IP address or an interface to be specified in
the rc.conf variable ``natd_interface''.  rc.network will
determine whether it is an IP address or an interface name,
and invoke natd with the -a or -n flag as appropriate.

PR:				6947
Reviewed by:	jkh@@FreeBSD.ORG
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.27 1998/06/14 16:31:03 steve Exp $
d263 1
a263 1
		kerberos ${stash_flags} >> /var/log/kerberos.log &
d266 1
a266 1
		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
@


1.27
log
@Cleanup natd startup test.

PR:		6946
Submitted by:	Jacques Vidrine <n@@nectar.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.26 1998/05/19 04:36:31 jkh Exp $
d272 10
a281 4
    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" \
	-a "X${firewall_enable}" = X"YES" ]; then
	    echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
    fi
@


1.26
log
@cosmetic: clean up startup messages and rearrange some options
to go in a more proper order.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.25 1998/05/06 17:36:16 andreas Exp $
d272 3
a274 4
    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
	    if [ -a "X${firewall_enable}" = X"YES" ]; then
	            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
	    fi
@


1.25
log
@Overlooked, that newer naming convention is xxx_program instead of xxx_prog.
So changed it to ntpdate_program and xntpd_program.
Backout last change, now we have again named_program, sorry.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.24 1998/05/05 21:14:27 andreas Exp $
d68 1
a68 2
	modload /lkm/ipfw_mod.o
	if [ $? = 0 ]; then
a128 4
    if [ "X$router_enable" = X"YES" ]; then
	    echo -n " ${router}";	${router} ${router_flags}
    fi
    
d134 11
d146 1
a146 1
	    echo -n ' IPXrouted: '
d150 2
a151 3
    if [ "X$arpproxy_all" = X"YES" ]; then
	    echo -n ' enabling ARP_PROXY_ALL: '
	    sysctl -w net.link.ether.inet.proxyall=1 2>&1
d153 1
a156 1

a227 1
		    echo -n ' nfsprivport=YES'
a270 5
    # IP multicast routing daemon
    if [ "X${mrouted_enable}" = X"YES" ]; then
	    echo -n ' mrouted'; mrouted ${mrouted_flags}
    fi

@


1.24
log
@Add variables for the ntpdate and xntpd program, you might want
to run the binaries from the new ntp v4 port.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.23 1998/04/26 06:32:13 phk Exp $
d163 1
a163 1
	    echo -n ' ntpdate';	${ntpdate_prog} ${ntpdate_flags} >/dev/null 2>&1
d167 1
a167 1
	    echo -n ' xntpd';	${xntpd_prog} ${xntpd_flags}
@


1.23
log
@Jean-Simon Pendry's paper on  amd refers to the use of "ypcat -k"
against the "master map" to get the list of mount point/amd map
correspondences, and using that list as command-line arguments to start
amd.

When I tried to do this with the existing /etc/rc* scripts, I found that
I couldn't do this by modifying only /etc/rc.conf:  that file gets
sourced very early by /etc/rc, well before any networking functionality
is present, let alone NIS.  Further, I wasn't able to figure out a way
to use various levels & types of quoting to defer evaluation of the
string to a point subsequent to NIS initialization.

As a result, I resorted to hacking /etc/rc.network -- but I did it in a
way that ought to be reasonably general, and avoid breakage for anyone
else.

PR:		6387
Reviewed by:	phk
Submitted by:	David Wolfskill <dhw@@whistle.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.22 1998/04/18 10:27:06 brian Exp $
d163 1
a163 1
	    echo -n ' ntpdate';	ntpdate ${ntpdate_flags} >/dev/null 2>&1
d167 1
a167 1
	    echo -n ' xntpd';	xntpd ${xntpd_flags}
@


1.22
log
@Add natd support.
PR:		6339
Submitted by:	cdillon@@wolves.k12.mo.us
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
d241 3
@


1.21
log
@Enable the SecureRPC bits in rc.conf, if the Administrator wants them.
@
text
@d3 1
a3 1
#	$Id$
d268 8
@


1.20
log
@Allow rarpd to be started from rc.conf
PR:		5457
Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.19 1998/02/20 14:45:06 brian Exp $
d198 9
@


1.19
log
@Remove useless argument to ``. start_if.$ifn''
Pointed out by: Tim Tsai <tim@@futuresouth.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.18 1998/02/16 19:21:32 guido Exp $
d148 4
@


1.18
log
@Add 2 new rc.conf variables:
forward_sourceroute : controls setting of existing net.inet.ip.sourceroute
accept_sourceroute : control setting of new net.inet.ip.accept_sourceroute
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.17 1998/02/14 04:12:23 alex Exp $
d31 1
a31 1
		    . /etc/start_if.${ifn} ${ifn}
@


1.17
log
@Avoid using grep when determining ipfw's default policy -- it may not
be available at this stage of the boot if /usr is NFS mounted.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.16 1998/02/07 04:56:56 alex Exp $
d120 10
@


1.16
log
@Don't assume that IP services are disabled just because firewall_enable
is not set to YES in rc.conf.

Noticed by:	Mikael Karpberg <karpen@@ocean.campus.luth.se>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.15 1998/02/01 00:20:56 wollman Exp $
d84 2
a85 1
	    if ipfw l 65535 | grep deny; then
@


1.15
log
@Add an additional `named_program' variable so that we can easily choose
between 4.9.6 and the port of 8.x.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.14 1998/01/10 03:33:39 alex Exp $
d84 5
a88 2
	    echo "Warning: kernel has firewall functionality, but firewall rules are not enabled."
	    echo "         All ip services are disabled."
@


1.14
log
@Compare return code from ipfw against 0 for success instead of == 1
for error.

Pointed out by:	Matthew Thyer <thyerm@@camtech.net.au>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.13 1997/12/01 06:11:34 obrien Exp $
d141 1
a141 1
	    echo -n ' named';		named ${named_flags}
@


1.13
log
@MF 22s
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.12 1997/11/07 20:45:34 sef Exp $
d61 3
a63 1
    if [ $? = 1 ] ; then
a64 2
    else 
	firewall_in_kernel=1
@


1.12
log
@Allow the system to be configured to pass "-n" to kerberos and
kadmind or not; also, only run kadmind on a non-slave server.  Man
page for rc.conf is also updated.

Reviewed by:	Mark Murray
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $
d144 3
a146 4
    if [ "X${ntpdate_enable}" = X"YES" -o "X${xntpd_enable}" = X"YES" ]; then
	    if [ "X${ntpdate_enable}" = X"YES" ]; then
		    echo -n ' ntpdate';	ntpdate ${ntpdate_flags} >/dev/null 2>&1
	    fi
d148 2
a149 3
	    if [ "X${xntpd_enable}" = X"YES" ]; then
		    echo -n ' xntpd';	xntpd ${xntpd_flags}
	    fi
@


1.11
log
@Fix some problems in the rules file loading and need for modload detection.

Found by: "James E. Housley" <housley@@pr-comm.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $
d225 12
a236 3
	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
	    echo -n ' kadmind'; \
		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
@


1.10
log
@Reviewed by:	msmith, alex
Cosmetic changes to the loading of firewall rules and lkm.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.9 1997/07/06 00:33:34 pst Exp $
d61 1
a61 1
    if [ $? ] ; then
@


1.9
log
@Merge from 2.2 (tcp extensions in phase 1)
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.8 1997/05/19 07:46:48 jkh Exp $
d57 24
a80 4
    
    # If IP filtering
    if [ -n "$firewall" -a "x$firewall" != "xNO" -a -f /etc/rc.firewall ] ; then
	    echo -n ' firewall'
d82 5
d88 2
@


1.8
log
@Neaten up some things which were inconsistent, add a few more flags
to things which need them, general cleanup.
Submitted by:	Brian Somers <brian@@awfulhak.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.7 1997/05/13 08:22:27 jkh Exp $
d78 6
a112 5
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echo -n ' tcp extensions=NO'
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
	    sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
    fi
@


1.7
log
@Add arp_proxyall knob.
Submitted by:	Christoph Kukulies <kuku@@gilberto.physik.RWTH-Aachen.DE>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.6 1997/05/03 11:22:17 jkh Exp $
d173 1
a173 1
	    echo -n ' nfsd';		nfsd -u -t 4
d183 1
a183 1
	    echo -n ' nfsiod';		nfsiod -n 4
@


1.6
log
@Update the etc world from RELENG_2_2 which is now more up-to-date
(gotta get myself -current again, this is a drag).

Also-fixes-problems-noted-by: Wolfgang Helbig & Joerg Wunsch
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.6 1997/05/01 23:42:19 jkh Exp $
d95 5
@


1.5
log
@Ack, learn to spell "extentions" the same way in the same file.
Also make the output a little less cryptic for sysctl settings.

Suggested by:	bde
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.4 1997/05/01 20:04:42 jkh Exp $
d102 2
a103 2
    if [ -n "$tcp_extentions" -a "x$tcp_extentions" != "xYES" ] ; then
	    echo -n ' tcp extentions=NO'
a111 4
	    if [ "X${tickadj_enable}" = X"YES" ]; then
		    echo -n ' tickadj';	tickadj ${tickadj_flags--Aq}
	    fi

@


1.4
log
@YAMF22
PR:		3456
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.3 1997/05/01 04:38:16 jkh Exp $
d79 1
a79 1
	    echo -n ' IP gateway=1'
d88 1
a88 1
	    echo -n ' IPX gateway=1'
d102 2
a103 2
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echo -n ' tcp extentions=0'
d169 1
a169 1
		    echo -n ' nfsprivport=1'
@


1.3
log
@YAMF22
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.2 1997/04/27 03:59:14 jkh Exp $
d61 1
a61 1
	    sh /etc/rc.firewall
@


1.2
log
@Bring in rc file changes from -current.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.1 1997/04/26 22:39:34 jkh Exp $
d103 1
a103 1
	    echon -n ' tcp extentions=0'
@


1.1
log
@file rc.network was initially added on branch RELENG_2_2.
@
text
@d1 207
@


1.1.2.1
log
@Bring in rc reorganizational changes.  I'm bringing them into 2.2
first rather than 3.0 because, ironically, I have every confidence that
they run in 2.2 but not in 3.0 yet.  3.0 commits will follow just as I've
finished an inventory for any new knobs in -current which need accomodation.
In any case, it's good to get them into 2.2 early because there is going
to be a doc hit for this (all the references to sysconfig) and I'd just
as soon start getting people used to the new files ASAP rather than
prolonging the pain any more than necessary.
@
text
@a0 207
#!/bin/sh -
#
#	$Id$
#	From: @@(#)netstart	5.9 (Berkeley) 3/30/91

# Note that almost all the user-configurable behavior is no longer in
# this file, but rather in /etc/rc.conf.  Please check that file
# first before contemplating any changes here.  If you do need to change
# this file for some reason, we would like to know about it.

# First pass startup stuff.

network_pass1() {
    echo -n 'Doing initial network setup:'
    # Set the host name if it is not already set
    if [ -z "`hostname -s`" ] ; then
	    hostname $hostname
	    echo -n ' hostname'
    fi

    # Set the domainname if we're using NIS
    if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then
	    domainname $nisdomainname
	    echo -n ' domain'
    fi
    echo '.'

    # Set up all the network interfaces, calling startup scripts if needed
    for ifn in ${network_interfaces}; do
	    if [ -e /etc/start_if.${ifn} ]; then
		    . /etc/start_if.${ifn} ${ifn}
	    fi
	    # Do the primary ifconfig if specified
	    eval ifconfig_args=\$ifconfig_${ifn}
	    if [ -n "${ifconfig_args}" ] ; then
		    ifconfig ${ifn} ${ifconfig_args}
	    fi
	    # Check to see if aliases need to be added
	    alias=0
	    while :
	    do
		    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
		    if [ -n "${ifconfig_args}" ]; then
			    ifconfig ${ifn} ${ifconfig_args} alias
			    alias=`expr ${alias} + 1`
		    else
			    break;
		    fi
	    done
	    # Do ipx address if specified
	    eval ifconfig_args=\$ifconfig_${ifn}_ipx
	    if [ -n "${ifconfig_args}" ]; then
		    ifconfig ${ifn} ${ifconfig_args}
	    fi
	    ifconfig ${ifn}
    done
    
    # If IP filtering
    if [ -n "$firewall" -a "x$firewall" != "xNO" -a -f /etc/rc.firewall ] ; then
	    echo -n ' firewall'
	    sh /etc/rc.firewall
    fi

    if [ "x$defaultrouter" != "xNO" ] ; then
	    static_routes="default ${static_routes}"
	    route_default="default ${defaultrouter}"
    fi
    
    # Set up any static routes.  This should be done before router discovery.
    if [ "x${static_routes}" != "x" ]; then
	    for i in ${static_routes}; do
		    eval route_args=\$route_${i}
		    route add ${route_args}
	    done
    fi

    echo -n 'Additional routing options:'
    if [ "X$gateway_enable" = X"YES" ]; then
	    echo -n ' IP gateway=1'
	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1
    fi
    
    if [ "X$router_enable" = X"YES" ]; then
	    echo -n " ${router}";	${router} ${router_flags}
    fi
    
    if [ "X$ipxgateway_enable" = X"YES" ]; then
	    echo -n ' IPX gateway=1'
	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1
    fi
    
    if [ "X$ipxrouted_enable" = X"YES" ]; then
	    echo -n ' IPXrouted: '
	    IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
    fi
    echo '.'
    network_pass1_done=YES	# Let future generations know we made it.
}

network_pass2() {
    echo -n 'Doing additional network setup:'
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echon -n ' tcp extentions=0'
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
	    sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
    fi
    if [ "X${named_enable}" = X"YES" ]; then
	    echo -n ' named';		named ${named_flags}
    fi

    if [ "X${ntpdate_enable}" = X"YES" -o "X${xntpd_enable}" = X"YES" ]; then
	    if [ "X${tickadj_enable}" = X"YES" ]; then
		    echo -n ' tickadj';	tickadj ${tickadj_flags--Aq}
	    fi

	    if [ "X${ntpdate_enable}" = X"YES" ]; then
		    echo -n ' ntpdate';	ntpdate ${ntpdate_flags} >/dev/null 2>&1
	    fi

	    if [ "X${xntpd_enable}" = X"YES" ]; then
		    echo -n ' xntpd';	xntpd ${xntpd_flags}
	    fi
    fi

    if [ "X${timed_enable}" = X"YES" ]; then
	    echo -n ' timed';		timed ${timed_flags}
    fi

    if [ "X${portmap_enable}" = X"YES" ]; then
	    echo -n ' portmap';		portmap ${portmap_flags}
    fi

    # Start ypserv if we're an NIS server.
    # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
    if [ "X${nis_server_enable}" = X"YES" ]; then
	    echo -n ' ypserv'; ypserv ${nis_server_flags}
	    
	    if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then
		    echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags}
	    fi
	    
	    if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then
		    echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags}
	    fi
    fi

    # Start ypbind if we're an NIS client
    if [ "X${nis_client_enable}" = X"YES" ]; then
	    echo -n ' ypbind'; ypbind ${nis_client_flags}
	    if [ "X${nis_ypset_enable}" = X"YES" ]; then
		    echo -n ' ypset'; ypset ${nis_ypset_flags}
	    fi
    fi

    echo '.'
    network_pass2_done=YES
}

network_pass3() {
    echo -n 'Starting final network daemons:'

    if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then
	    echo -n ' mountd'
	    if [ "X${weak_mountd_authentication}" = X"YES" ]; then
		    mountd_flags="-n"
	    fi
	    mountd ${mountd_flags}
	    if [ "X${nfs_reserved_port_only}" = X"YES" ]; then
		    echo -n ' nfsprivport=1'
		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1
	    fi
	    echo -n ' nfsd';		nfsd -u -t 4
	    if [ "X$rpc_lockd_enable" = X"YES" ]; then
		echo -n ' rpc.lockd';		rpc.lockd
	    fi
	    if [ "X$rpc_statd_enable" = X"YES" ]; then
		echo -n ' rpc.statd';		rpc.statd
	    fi
    fi
    
    if [ "X${nfs_client_enable}" = X"YES" ]; then
	    echo -n ' nfsiod';		nfsiod -n 4
    fi

    if [ "X${amd_enable}" = X"YES" ]; then
	    echo -n ' amd'
	    amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
    fi

    if [ "X${rwhod_enable}" = X"YES" ]; then
	    echo -n ' rwhod';	rwhod
    fi

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
	    echo -n ' kadmind'; \
		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
    fi
    
    # IP multicast routing daemon
    if [ "X${mrouted_enable}" = X"YES" ]; then
	    echo -n ' mrouted'; mrouted ${mrouted_flags}
    fi
    echo '.'
    network_pass3_done=YES
}
@


1.1.2.2
log
@tickadj is useful even if ntpdate isn't selected (clock drift isn't
isolated to network time users) so make it a fully independant knob.
Suggested-By: Richard Crook <richard@@sj.co.uk>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.1 1997/04/26 22:39:34 jkh Exp $
d112 4
@


1.1.2.3
log
@Correct bogosity with tcp_extensions clause.
Submitted-By: "Philippe Charnier" <charnier@@xp11.frmug.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.2 1997/04/27 11:13:39 jkh Exp $
d103 1
a103 1
	    echo -n ' tcp extentions=0'
@


1.1.2.4
log
@Source rc.firewall, don't execute it (so that variables get passed in
properly).  Closes PR#3456

Submitted-By: Christopher Masto <chris@@netmonger.net>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.3 1997/05/01 04:37:10 jkh Exp $
d61 1
a61 1
	    . /etc/rc.firewall
@


1.1.2.5
log
@YAMFC
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.4 1997/05/01 20:02:58 jkh Exp $
d79 1
a79 1
	    echo -n ' IP gateway=YES'
d88 1
a88 1
	    echo -n ' IPX gateway=YES'
d102 2
a103 2
    if [ -n "$tcp_extentions" -a "x$tcp_extentions" != "xYES" ] ; then
	    echo -n ' tcp extentions=NO'
d165 1
a165 1
		    echo -n ' nfsprivport=YES'
@


1.1.2.6
log
@DOH!  I "corrected" the spelling in exactly the opposite way
I meant to.  Urk.  Fix.
Reminded by:	wollman
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.5 1997/05/01 20:28:48 jkh Exp $
d102 2
a103 2
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echo -n ' tcp extensions=NO'
@


1.1.2.7
log
@Merge arp_proxyall knob from -current.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.6 1997/05/01 23:42:19 jkh Exp $
a94 5
    fi
    
    if [ "X$arpproxy_all" = X"YES" ]; then
	    echo -n ' enabling ARP_PROXY_ALL: '
	    sysctl -w net.link.ether.inet.proxyall=1 2>&1
@


1.1.2.8
log
@YAMFC
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.7 1997/05/13 08:27:49 jkh Exp $
d173 1
a173 1
	    echo -n ' nfsd';		nfsd ${nfs_server_flags}
d183 1
a183 1
	    echo -n ' nfsiod';		nfsiod ${nfs_client_flags}
@


1.1.2.9
log
@Move TCP extensions into phase 1.
Submitted by:	bde
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.8 1997/05/19 08:02:37 jkh Exp $
a77 6
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echo -n ' tcp extensions=NO'
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
	    sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
    fi

d107 5
@


1.1.2.10
log
@MFC - firewall initialization cosmetics.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.9 1997/07/06 00:32:00 pst Exp $
d57 4
a60 24

    # Initialize IP filtering using ipfw
    echo ""
    /sbin/ipfw -q flush > /dev/null 2>&1
    if [ $? ] ; then
	firewall_in_kernel=0
    else 
	firewall_in_kernel=1
    fi

    if [ $firewall_in_kernel = 0 -a "x$firewall_enable"  = "xYES" ] ; then
	modload /lkm/ipfw_mod.o
	if [ $? = 0 ]; then
		firewall_in_kernel=1		# module loaded successfully
		echo "Kernel firewall module loaded."
	else
		echo "Warning: firewall kernel module failed to load."
	fi
    fi

    # Load the filters if required
    if [ $firewall_in_kernel = 1 ]; then
	if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \
		"x$firewall_enable" = "xYES" ] ; then
a61 5
	    echo "Firewall rules loaded."
	else
	    echo "Warning: kernel has firewall functionality, but firewall rules are not enabled."
	    echo "         All ip services are disabled."
	fi
a62 2

    # Configure routing
@


1.1.2.11
log
@Fix problems with rules file loading and need-modload detection.
Found by: "James E. Housley" <housley@@pr-comm.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.10 1997/09/14 23:35:26 danny Exp $
d61 1
a61 1
    if [ $? = 1 ] ; then
@


1.1.2.12
log
@Remove useless double test.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.11 1997/09/18 22:47:12 danny Exp $
d144 4
a147 3
    if [ "X${ntpdate_enable}" = X"YES" ]; then
	    echo -n ' ntpdate';	ntpdate ${ntpdate_flags} >/dev/null 2>&1
    fi
d149 3
a151 2
    if [ "X${xntpd_enable}" = X"YES" ]; then
	    echo -n ' xntpd';	xntpd ${xntpd_flags}
@


1.1.2.13
log
@MFC: allow an alternate named to be specified.
Revs: rc.conf 1.37, rc.network 1.15
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.12 1997/12/01 06:06:35 obrien Exp $
d141 1
a141 1
	    echo -n ' named';		${named_program-"named"} ${named_flags}
@


1.1.2.14
log
@MFC: selected improvements for etc files *not* including periodic changes,
     security tweaks or other kerberbos related stuff.  I expect that
     stuff to occur as a side-effect of what others will be doing in etc,
     if at all.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.13 1998/02/01 00:24:02 wollman Exp $
d61 3
a63 1
    if [ $? = 0 ] ; then
a64 2
    else 
	firewall_in_kernel=0
d84 2
a85 6
	    IPFW_DEFAULT=`ipfw l 65535`
	    if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then
		echo -n "Warning: kernel has firewall functionality, "
		echo "but firewall rules are not enabled."
		echo "         All ip services are disabled."
	    fi
@


1.1.2.15
log
@MFC: Remove useless argument to ``. start_if.$ifn''
     Pointed out by: Tim Tsai <tim@@futuresouth.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.14 1998/02/15 14:24:50 jkh Exp $
d31 1
a31 1
		    . /etc/start_if.${ifn}
@


1.1.2.16
log
@MFC: Addition of forward_sourceroute and accept_sourceroute variables
in rc.conf and the implementation of the latter.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.15 1998/02/20 14:46:12 brian Exp $
a119 10
    if [ "X$forward_sourceroute" = X"YES" ]; then
	    echo -n ' do source routing=YES'
	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1
    fi

    if [ "X$accept_sourceroute" = X"YES" ]; then
	    echo -n ' accept source routing=YES'
	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1
    fi

@


1.1.2.17
log
@MFC: cosmetic tweaks, merge in new kerberos vars for rc.conf.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.16 1998/02/23 20:21:07 guido Exp $
d237 3
a239 12
	    if [ "X${kerberos_stash}" = "XYES" ]; then
		stash_flag=-n
	    else
		stash_flag=
	    fi
	    echo -n ' kerberos'; \
		kerberos ${stash_flags} >> /var/log/kerberos.log &
	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
		echo -n ' kadmind'; \
		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
	    fi
	    unset stash_flag
@


1.1.2.18
log
@MFC: rarpd flags.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.17 1998/02/27 20:49:15 jkh Exp $
a147 4
    if [ "X$rarpd_enable" = X"YES" ]; then
	    echo -n ' rarpd';     rarpd ${rarpd_flags}
    fi

@


1.1.2.19
log
@Merged in changes from current
config option to specify the path for ntpdate and xntpd program
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.18 1998/03/09 08:52:01 jkh Exp $
d163 1
a163 1
	    echo -n ' ntpdate';	${ntpdate_prog} ${ntpdate_flags} >/dev/null 2>&1
d167 1
a167 1
	    echo -n ' xntpd';	${xntpd_prog} ${xntpd_flags}
@


1.1.2.20
log
@MFC: xxx_prog -> xxx_program, overlooked this new style of var names.
     backout last change "named_prog"
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.19 1998/05/05 21:39:44 andreas Exp $
d163 1
a163 1
	    echo -n ' ntpdate';	${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1
d167 1
a167 1
	    echo -n ' xntpd';	${xntpd_program} ${xntpd_flags}
@


1.1.2.21
log
@MFC: natd support
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.20 1998/05/06 17:43:00 andreas Exp $
a258 6

    # Network Address Translation daemon
    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then
            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
    fi

@


1.1.2.22
log
@MFC 1.28 -> 1.29: Fix misspelling of "stash_flag".
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.21 1998/06/27 21:23:20 steve Exp $
d247 1
a247 1
		kerberos ${stash_flag} >> /var/log/kerberos.log &
d250 1
a250 1
		(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
@


1.1.2.23
log
@Add hooks for configuring the NFS ACCESS cache, defaulting it to disabled.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.22 1998/09/30 01:08:12 jdp Exp $
a227 3
	    if [ ! "X${nfs_access_cache}" = X ]; then
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache}
	    fi
@


1.1.2.24
log
@MFC: redirect sysctl output properly to /dev/null

Requested by:	jkoshy
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.23 1998/11/25 21:51:34 msmith Exp $
d228 2
a229 3
	    if [ "X${nfs_access_cache}" != X ]; then
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
			>/dev/null 2>&1
@


1.1.2.25
log
@$Id$ -> $FreeBSD$
@
text
@d3 1
a3 1
# $FreeBSD$
@


