head	1.157;
access;
symbols
	RELENG_8_4:1.157.0.2
	RELENG_9_1_0_RELEASE:1.156.2.1.4.2
	RELENG_9_1:1.156.2.1.0.4
	RELENG_9_1_BP:1.156.2.1
	RELENG_8_3_0_RELEASE:1.146.2.1.8.1
	RELENG_8_3:1.146.2.1.0.8
	RELENG_8_3_BP:1.146.2.1
	RELENG_9_0_0_RELEASE:1.156.2.1.2.1
	RELENG_9_0:1.156.2.1.0.2
	RELENG_9_0_BP:1.156.2.1
	RELENG_9:1.156.0.2
	RELENG_9_BP:1.156
	RELENG_7_4_0_RELEASE:1.144.12.1
	RELENG_8_2_0_RELEASE:1.146.2.1.6.1
	RELENG_7_4:1.144.0.12
	RELENG_7_4_BP:1.144
	RELENG_8_2:1.146.2.1.0.6
	RELENG_8_2_BP:1.146.2.1
	RELENG_8_1_0_RELEASE:1.146.2.1.4.1
	RELENG_8_1:1.146.2.1.0.4
	RELENG_8_1_BP:1.146.2.1
	RELENG_7_3_0_RELEASE:1.144.10.1
	RELENG_7_3:1.144.0.10
	RELENG_7_3_BP:1.144
	RELENG_8_0_0_RELEASE:1.146.2.1.2.1
	RELENG_8_0:1.146.2.1.0.2
	RELENG_8_0_BP:1.146.2.1
	RELENG_8:1.146.0.2
	RELENG_8_BP:1.146
	RELENG_7_2_0_RELEASE:1.144.8.1
	RELENG_7_2:1.144.0.8
	RELENG_7_2_BP:1.144
	RELENG_7_1_0_RELEASE:1.144.6.1
	RELENG_6_4_0_RELEASE:1.141.2.2.4.1
	RELENG_7_1:1.144.0.6
	RELENG_7_1_BP:1.144
	RELENG_6_4:1.141.2.2.0.4
	RELENG_6_4_BP:1.141.2.2
	RELENG_7_0_0_RELEASE:1.144
	RELENG_6_3_0_RELEASE:1.141.2.2
	RELENG_7_0:1.144.0.4
	RELENG_7_0_BP:1.144
	RELENG_6_3:1.141.2.2.0.2
	RELENG_6_3_BP:1.141.2.2
	RELENG_7:1.144.0.2
	RELENG_7_BP:1.144
	RELENG_6_2_0_RELEASE:1.141
	RELENG_6_2:1.141.0.8
	RELENG_6_2_BP:1.141
	RELENG_5_5_0_RELEASE:1.140.2.1
	RELENG_5_5:1.140.2.1.0.6
	RELENG_5_5_BP:1.140.2.1
	RELENG_6_1_0_RELEASE:1.141
	RELENG_6_1:1.141.0.6
	RELENG_6_1_BP:1.141
	RELENG_6_0_0_RELEASE:1.141
	RELENG_6_0:1.141.0.4
	RELENG_6_0_BP:1.141
	RELENG_6:1.141.0.2
	RELENG_6_BP:1.141
	RELENG_5_4_0_RELEASE:1.140.2.1
	RELENG_5_4:1.140.2.1.0.4
	RELENG_5_4_BP:1.140.2.1
	RELENG_5_3_0_RELEASE:1.140.2.1
	RELENG_5_3:1.140.2.1.0.2
	RELENG_5_3_BP:1.140.2.1
	RELENG_5:1.140.0.2
	RELENG_5_BP:1.140
	RELENG_5_2_1_RELEASE:1.139
	RELENG_5_2_0_RELEASE:1.139
	RELENG_5_2:1.139.0.2
	RELENG_5_2_BP:1.139
	old_RELENG_5_1_0_RELEASE:1.137
	old_RELENG_5_1:1.137.0.2
	old_RELENG_5_1_BP:1.137
	old_RELENG_5_0_0_RELEASE:1.136
	old_RELENG_5_0:1.136.0.2
	old_RELENG_5_0_BP:1.136
	old_old_RELENG_4_6_1_RELEASE:1.74.2.39.2.1
	old_old_RELENG_4_6_0_RELEASE:1.74.2.39
	old_old_RELENG_4_6:1.74.2.39.0.2
	old_old_RELENG_4_6_BP:1.74.2.39
	old_old_RELENG_4_5_0_RELEASE:1.74.2.28
	old_old_RELENG_4_5:1.74.2.28.0.2
	old_old_RELENG_4_5_BP:1.74.2.28
	old_old_RELENG_4_4_0_RELEASE:1.74.2.23
	old_old_RELENG_4_4:1.74.2.23.0.2
	old_old_RELENG_4_4_BP:1.74.2.23
	old_old_RELENG_4_3_0_RELEASE:1.74.2.14
	old_old_RELENG_4_3:1.74.2.14.0.2
	old_old_RELENG_4_3_BP:1.74.2.14
	old_old_RELENG_4_2_0_RELEASE:1.74.2.10
	old_old_RELENG_4_1_1_RELEASE:1.74.2.6
	old_old_PRE_SMPNG:1.84
	old_old_RELENG_4_1_0_RELEASE:1.74.2.3
	old_old_RELENG_3_5_0_RELEASE:1.39.2.14
	old_old_RELENG_4_0_0_RELEASE:1.74
	old_old_RELENG_4:1.74.0.2
	old_old_RELENG_4_BP:1.74
	old_old_RELENG_3_4_0_RELEASE:1.39.2.14
	old_old_RELENG_3_3_0_RELEASE:1.39.2.11
	old_old_RELENG_3_2_PAO:1.39.2.4.0.2
	old_old_RELENG_3_2_PAO_BP:1.39.2.4
	old_old_RELENG_3_2_0_RELEASE:1.39.2.4
	old_old_RELENG_3_1_0_RELEASE:1.39
	old_old_RELENG_3:1.39.0.2
	old_old_RELENG_3_BP:1.39
	old_old_RELENG_2_2_8_RELEASE:1.1.2.24
	old_old_RELENG_3_0_0_RELEASE:1.33
	old_old_RELENG_2_2_7_RELEASE:1.1.2.21
	old_old_RELENG_2_2_6_RELEASE:1.1.2.18
	old_old_RELENG_2_2_5_RELEASE:1.1.2.11
	old_old_RELENG_2_2_2_RELEASE:1.1.2.7
	old_old_RELENG_2_2:1.1.0.2;
locks; strict;
comment	@# @;


1.157
date	2012.11.17.01.49.05;	author svnexp;	state Exp;
branches
	1.157.2.1;
next	1.156;

1.156
date	2011.09.13.00.06.11;	author hrs;	state Exp;
branches
	1.156.2.1;
next	1.155;

1.155
date	2011.03.30.01.19.00;	author emaste;	state Exp;
branches;
next	1.154;

1.154
date	2010.09.13.19.52.46;	author hrs;	state Exp;
branches;
next	1.153;

1.153
date	2010.09.13.19.51.15;	author hrs;	state Exp;
branches;
next	1.152;

1.152
date	2010.04.09.01.35.09;	author dougb;	state Exp;
branches;
next	1.151;

1.151
date	2009.10.23.09.30.19;	author hrs;	state Exp;
branches;
next	1.150;

1.150
date	2009.10.02.06.51.39;	author hrs;	state Exp;
branches;
next	1.149;

1.149
date	2009.10.02.02.27.49;	author hrs;	state Exp;
branches;
next	1.148;

1.148
date	2009.09.30.14.58.10;	author ume;	state Exp;
branches;
next	1.147;

1.147
date	2009.09.12.22.17.52;	author hrs;	state Exp;
branches;
next	1.146;

1.146
date	2008.06.23.12.06.35;	author mtm;	state Exp;
branches
	1.146.2.1;
next	1.145;

1.145
date	2008.06.23.04.00.45;	author mtm;	state Exp;
branches;
next	1.144;

1.144
date	2007.05.02.15.49.30;	author mtm;	state Exp;
branches
	1.144.2.1
	1.144.6.1
	1.144.8.1
	1.144.10.1
	1.144.12.1;
next	1.143;

1.143
date	2007.05.02.15.32.05;	author mtm;	state Exp;
branches;
next	1.142;

1.142
date	2007.04.09.10.09.39;	author des;	state Exp;
branches;
next	1.141;

1.141
date	2004.10.07.13.55.26;	author mtm;	state Exp;
branches
	1.141.2.1;
next	1.140;

1.140
date	2004.03.08.12.25.05;	author pjd;	state Exp;
branches
	1.140.2.1;
next	1.139;

1.139
date	2003.08.06.00.35.13;	author mtm;	state Exp;
branches;
next	1.138;

1.138
date	2003.06.29.05.09.48;	author mtm;	state Exp;
branches;
next	1.137;

1.137
date	2003.05.05.15.38.41;	author mtm;	state Exp;
branches;
next	1.136;

1.136
date	2002.10.12.10.31.31;	author schweikh;	state Exp;
branches;
next	1.135;

1.135
date	2002.06.13.22.14.36;	author gordon;	state Exp;
branches;
next	1.134;

1.134
date	2002.04.11.22.06.27;	author des;	state Exp;
branches;
next	1.133;

1.133
date	2002.04.10.22.30.54;	author peter;	state Exp;
branches;
next	1.132;

1.132
date	2002.04.01.18.33.45;	author dougb;	state Exp;
branches;
next	1.131;

1.131
date	2002.03.19.03.45.02;	author des;	state Exp;
branches;
next	1.130;

1.130
date	2002.03.19.01.56.04;	author cjc;	state Exp;
branches;
next	1.129;

1.129
date	2002.03.17.07.35.51;	author dougb;	state Exp;
branches;
next	1.128;

1.128
date	2002.03.12.20.25.25;	author cjc;	state Exp;
branches;
next	1.127;

1.127
date	2002.03.12.01.04.35;	author obrien;	state Exp;
branches;
next	1.126;

1.126
date	2002.03.12.01.01.53;	author obrien;	state Exp;
branches;
next	1.125;

1.125
date	2002.03.04.10.30.24;	author dd;	state Exp;
branches;
next	1.124;

1.124
date	2002.02.20.10.30.47;	author cjc;	state Exp;
branches;
next	1.123;

1.123
date	2002.02.08.13.25.33;	author cjc;	state Exp;
branches;
next	1.122;

1.122
date	2002.01.28.11.06.02;	author sheldonh;	state Exp;
branches;
next	1.121;

1.121
date	2002.01.28.11.05.01;	author sheldonh;	state Exp;
branches;
next	1.120;

1.120
date	2002.01.26.09.04.58;	author cjc;	state Exp;
branches;
next	1.119;

1.119
date	2001.12.13.04.21.18;	author alfred;	state Exp;
branches;
next	1.118;

1.118
date	2001.12.11.08.21.45;	author ru;	state Exp;
branches;
next	1.117;

1.117
date	2001.12.07.17.03.14;	author rwatson;	state Exp;
branches;
next	1.116;

1.116
date	2001.12.06.09.34.44;	author cjc;	state Exp;
branches;
next	1.115;

1.115
date	2001.11.24.23.41.32;	author dd;	state Exp;
branches;
next	1.114;

1.114
date	2001.11.24.16.12.03;	author ru;	state Exp;
branches;
next	1.113;

1.113
date	2001.11.24.13.48.30;	author darrenr;	state Exp;
branches;
next	1.112;

1.112
date	2001.11.14.06.35.43;	author sheldonh;	state Exp;
branches;
next	1.111;

1.111
date	2001.11.07.00.33.56;	author fenner;	state Exp;
branches;
next	1.110;

1.110
date	2001.11.01.12.39.01;	author des;	state Exp;
branches;
next	1.109;

1.109
date	2001.10.20.04.46.32;	author darrenr;	state Exp;
branches;
next	1.108;

1.108
date	2001.10.20.04.41.47;	author darrenr;	state Exp;
branches;
next	1.107;

1.107
date	2001.10.20.04.32.57;	author darrenr;	state Exp;
branches;
next	1.106;

1.106
date	2001.10.19.06.50.52;	author dougb;	state Exp;
branches;
next	1.105;

1.105
date	2001.10.10.20.36.51;	author jhb;	state Exp;
branches;
next	1.104;

1.104
date	2001.09.19.21.27.18;	author brooks;	state Exp;
branches;
next	1.103;

1.103
date	2001.09.19.00.22.26;	author peter;	state Exp;
branches;
next	1.102;

1.102
date	2001.07.30.23.12.02;	author darrenr;	state Exp;
branches;
next	1.101;

1.101
date	2001.07.28.19.57.57;	author markm;	state Exp;
branches;
next	1.100;

1.100
date	2001.07.02.21.08.48;	author brooks;	state Exp;
branches;
next	1.99;

1.99
date	2001.06.16.15.48.43;	author schweikh;	state Exp;
branches;
next	1.98;

1.98
date	2001.06.11.12.38.40;	author ume;	state Exp;
branches;
next	1.97;

1.97
date	2001.06.10.16.21.56;	author brian;	state Exp;
branches;
next	1.96;

1.96
date	2001.06.03.12.26.56;	author brian;	state Exp;
branches;
next	1.95;

1.95
date	2001.05.18.18.10.02;	author obrien;	state Exp;
branches;
next	1.94;

1.94
date	2001.05.16.19.23.54;	author jesper;	state Exp;
branches;
next	1.93;

1.93
date	2001.05.09.07.46.44;	author peter;	state Exp;
branches;
next	1.92;

1.92
date	2001.03.19.22.07.30;	author des;	state Exp;
branches;
next	1.91;

1.91
date	2001.03.19.12.49.45;	author alfred;	state Exp;
branches;
next	1.90;

1.90
date	2000.12.17.22.14.49;	author dougb;	state Exp;
branches;
next	1.89;

1.89
date	2000.12.17.08.15.57;	author dougb;	state Exp;
branches;
next	1.88;

1.88
date	2000.10.12.11.25.57;	author ru;	state Exp;
branches;
next	1.87;

1.87
date	2000.10.08.19.18.24;	author obrien;	state Exp;
branches;
next	1.86;

1.86
date	2000.10.06.12.24.45;	author darrenr;	state Exp;
branches;
next	1.85;

1.85
date	2000.09.28.05.43.44;	author brian;	state Exp;
branches;
next	1.84;

1.84
date	2000.09.06.18.16.32;	author nectar;	state Exp;
branches;
next	1.83;

1.83
date	2000.08.16.23.08.28;	author jhb;	state Exp;
branches;
next	1.82;

1.82
date	2000.08.10.00.12.53;	author brian;	state Exp;
branches;
next	1.81;

1.81
date	2000.07.14.13.03.36;	author nbm;	state Exp;
branches;
next	1.80;

1.80
date	2000.06.22.17.40.52;	author dillon;	state Exp;
branches;
next	1.79;

1.79
date	2000.05.16.06.52.11;	author dillon;	state Exp;
branches;
next	1.78;

1.78
date	2000.05.15.19.56.59;	author kris;	state Exp;
branches;
next	1.77;

1.77
date	2000.05.15.05.40.26;	author kris;	state Exp;
branches;
next	1.76;

1.76
date	2000.05.06.17.18.14;	author ache;	state Exp;
branches;
next	1.75;

1.75
date	2000.03.27.21.38.32;	author dillon;	state Exp;
branches;
next	1.74;

1.74
date	2000.02.29.12.53.28;	author jkh;	state Exp;
branches
	1.74.2.1;
next	1.73;

1.73
date	2000.02.28.19.54.06;	author markm;	state Exp;
branches;
next	1.72;

1.72
date	2000.02.28.19.21.05;	author jkh;	state Exp;
branches;
next	1.71;

1.71
date	2000.02.24.23.12.04;	author markm;	state Exp;
branches;
next	1.70;

1.70
date	2000.02.06.16.33.54;	author hm;	state Exp;
branches;
next	1.69;

1.69
date	2000.01.15.14.28.05;	author green;	state Exp;
branches;
next	1.68;

1.68
date	99.12.17.13.36.40;	author roberto;	state Exp;
branches;
next	1.67;

1.67
date	99.12.12.01.58.30;	author obrien;	state Exp;
branches;
next	1.66;

1.66
date	99.11.23.00.26.03;	author brian;	state Exp;
branches;
next	1.65;

1.65
date	99.11.23.00.22.24;	author brian;	state Exp;
branches;
next	1.64;

1.64
date	99.11.17.22.38.02;	author ache;	state Exp;
branches;
next	1.63;

1.63
date	99.11.14.21.28.07;	author ache;	state Exp;
branches;
next	1.62;

1.62
date	99.09.19.21.32.42;	author green;	state Exp;
branches;
next	1.61;

1.61
date	99.09.13.15.44.18;	author sheldonh;	state Exp;
branches;
next	1.60;

1.60
date	99.09.12.17.22.05;	author des;	state Exp;
branches;
next	1.59;

1.59
date	99.09.01.08.57.01;	author peter;	state Exp;
branches;
next	1.58;

1.58
date	99.08.27.23.23.44;	author peter;	state Exp;
branches;
next	1.57;

1.57
date	99.08.27.22.15.15;	author jkh;	state Exp;
branches;
next	1.56;

1.56
date	99.08.25.16.01.37;	author sheldonh;	state Exp;
branches;
next	1.55;

1.55
date	99.08.22.23.26.03;	author brian;	state Exp;
branches;
next	1.54;

1.54
date	99.08.19.21.15.16;	author brian;	state Exp;
branches;
next	1.53;

1.53
date	99.08.10.09.45.31;	author des;	state Exp;
branches;
next	1.52;

1.52
date	99.07.26.15.17.23;	author brian;	state Exp;
branches;
next	1.51;

1.51
date	99.07.26.10.49.31;	author brian;	state Exp;
branches;
next	1.50;

1.50
date	99.07.16.09.26.52;	author jkh;	state Exp;
branches;
next	1.49;

1.49
date	99.07.08.18.56.02;	author peter;	state Exp;
branches;
next	1.48;

1.48
date	99.07.07.12.49.45;	author peter;	state Exp;
branches;
next	1.47;

1.47
date	99.06.08.13.00.30;	author brian;	state Exp;
branches;
next	1.46;

1.46
date	99.06.05.12.06.19;	author bde;	state Exp;
branches;
next	1.45;

1.45
date	99.06.05.05.45.47;	author phk;	state Exp;
branches;
next	1.44;

1.44
date	99.04.12.15.26.41;	author brian;	state Exp;
branches;
next	1.43;

1.43
date	99.04.10.10.56.58;	author des;	state Exp;
branches;
next	1.42;

1.42
date	99.03.28.20.36.03;	author imp;	state Exp;
branches;
next	1.41;

1.41
date	99.03.24.10.28.49;	author brian;	state Exp;
branches;
next	1.40;

1.40
date	99.03.11.16.17.24;	author jfitz;	state Exp;
branches;
next	1.39;

1.39
date	99.01.13.17.32.37;	author joerg;	state Exp;
branches
	1.39.2.1;
next	1.38;

1.38
date	99.01.13.08.20.55;	author hm;	state Exp;
branches;
next	1.37;

1.37
date	99.01.03.22.19.23;	author jkh;	state Exp;
branches;
next	1.36;

1.36
date	98.11.27.07.06.11;	author jkoshy;	state Exp;
branches;
next	1.35;

1.35
date	98.11.15.20.30.04;	author msmith;	state Exp;
branches;
next	1.34;

1.34
date	98.11.11.05.23.44;	author peter;	state Exp;
branches;
next	1.33;

1.33
date	98.10.06.19.24.14;	author phk;	state Exp;
branches;
next	1.32;

1.32
date	98.09.16.20.38.23;	author cracauer;	state Exp;
branches;
next	1.31;

1.31
date	98.09.15.10.49.02;	author jkoshy;	state Exp;
branches;
next	1.30;

1.30
date	98.09.06.08.20.11;	author phk;	state Exp;
branches;
next	1.29;

1.29
date	98.08.14.06.55.17;	author phk;	state Exp;
branches;
next	1.28;

1.28
date	98.07.08.15.40.53;	author nectar;	state Exp;
branches;
next	1.27;

1.27
date	98.06.14.16.31.03;	author steve;	state Exp;
branches;
next	1.26;

1.26
date	98.05.19.04.36.31;	author jkh;	state Exp;
branches;
next	1.25;

1.25
date	98.05.06.17.36.16;	author andreas;	state Exp;
branches;
next	1.24;

1.24
date	98.05.05.21.14.27;	author andreas;	state Exp;
branches;
next	1.23;

1.23
date	98.04.26.06.32.13;	author phk;	state Exp;
branches;
next	1.22;

1.22
date	98.04.18.10.27.06;	author brian;	state Exp;
branches;
next	1.21;

1.21
date	98.04.12.09.47.43;	author markm;	state Exp;
branches;
next	1.20;

1.20
date	98.03.09.08.50.30;	author jkh;	state Exp;
branches;
next	1.19;

1.19
date	98.02.20.14.45.06;	author brian;	state Exp;
branches;
next	1.18;

1.18
date	98.02.16.19.21.32;	author guido;	state Exp;
branches;
next	1.17;

1.17
date	98.02.14.04.12.23;	author alex;	state Exp;
branches;
next	1.16;

1.16
date	98.02.07.04.56.56;	author alex;	state Exp;
branches;
next	1.15;

1.15
date	98.02.01.00.20.56;	author wollman;	state Exp;
branches;
next	1.14;

1.14
date	98.01.10.03.33.39;	author alex;	state Exp;
branches;
next	1.13;

1.13
date	97.12.01.06.11.34;	author obrien;	state Exp;
branches;
next	1.12;

1.12
date	97.11.07.20.45.34;	author sef;	state Exp;
branches;
next	1.11;

1.11
date	97.09.18.22.43.48;	author danny;	state Exp;
branches;
next	1.10;

1.10
date	97.09.11.10.59.02;	author danny;	state Exp;
branches;
next	1.9;

1.9
date	97.07.06.00.33.34;	author pst;	state Exp;
branches;
next	1.8;

1.8
date	97.05.19.07.46.48;	author jkh;	state Exp;
branches;
next	1.7;

1.7
date	97.05.13.08.22.27;	author jkh;	state Exp;
branches;
next	1.6;

1.6
date	97.05.03.11.22.17;	author jkh;	state Exp;
branches;
next	1.5;

1.5
date	97.05.01.20.28.18;	author jkh;	state Exp;
branches;
next	1.4;

1.4
date	97.05.01.20.04.42;	author jkh;	state Exp;
branches;
next	1.3;

1.3
date	97.05.01.04.38.16;	author jkh;	state Exp;
branches;
next	1.2;

1.2
date	97.04.27.03.59.14;	author jkh;	state Exp;
branches;
next	1.1;

1.1
date	97.04.26.22.39.34;	author jkh;	state dead;
branches
	1.1.2.1;
next	;

1.157.2.1
date	2012.11.17.01.49.05;	author svnexp;	state dead;
branches;
next	1.157.2.2;

1.157.2.2
date	2013.03.28.13.02.44;	author svnexp;	state Exp;
branches;
next	;

1.156.2.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.156.2.1.2.1
	1.156.2.1.4.1;
next	1.156.2.2;

1.156.2.2
date	2012.11.17.11.36.11;	author svnexp;	state Exp;
branches;
next	;

1.156.2.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.156.2.1.2.2;

1.156.2.1.2.2
date	2012.11.17.08.36.11;	author svnexp;	state Exp;
branches;
next	;

1.156.2.1.4.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.156.2.1.4.2;

1.156.2.1.4.2
date	2012.11.17.08.47.01;	author svnexp;	state Exp;
branches;
next	;

1.146.2.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.146.2.1.2.1
	1.146.2.1.4.1
	1.146.2.1.6.1
	1.146.2.1.8.1;
next	1.146.2.2;

1.146.2.2
date	2012.11.17.10.35.57;	author svnexp;	state Exp;
branches;
next	;

1.146.2.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.146.2.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.146.2.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.146.2.1.8.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.146.2.1.8.2;

1.146.2.1.8.2
date	2012.11.17.08.24.38;	author svnexp;	state Exp;
branches;
next	;

1.144.2.1
date	2012.11.17.08.01.21;	author svnexp;	state Exp;
branches;
next	;

1.144.6.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.144.8.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.144.10.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.144.12.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.144.12.2;

1.144.12.2
date	2012.11.17.08.16.37;	author svnexp;	state Exp;
branches;
next	;

1.141.2.1
date	2007.05.24.16.10.52;	author des;	state Exp;
branches;
next	1.141.2.2;

1.141.2.2
date	2007.05.29.09.28.10;	author des;	state Exp;
branches
	1.141.2.2.4.1;
next	1.141.2.3;

1.141.2.3
date	2012.11.17.07.39.08;	author svnexp;	state Exp;
branches;
next	;

1.141.2.2.4.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;

1.140.2.1
date	2004.10.10.09.50.53;	author mtm;	state Exp;
branches;
next	;

1.74.2.1
date	2000.03.27.21.39.49;	author dillon;	state Exp;
branches;
next	1.74.2.2;

1.74.2.2
date	2000.06.09.07.25.15;	author kris;	state Exp;
branches;
next	1.74.2.3;

1.74.2.3
date	2000.06.24.20.51.27;	author dillon;	state Exp;
branches;
next	1.74.2.4;

1.74.2.4
date	2000.08.06.16.58.30;	author nbm;	state Exp;
branches;
next	1.74.2.5;

1.74.2.5
date	2000.08.16.23.10.53;	author jhb;	state Exp;
branches;
next	1.74.2.6;

1.74.2.6
date	2000.08.17.06.55.34;	author jhb;	state Exp;
branches;
next	1.74.2.7;

1.74.2.7
date	2000.10.09.20.18.52;	author brian;	state Exp;
branches;
next	1.74.2.8;

1.74.2.8
date	2000.10.12.11.28.16;	author ru;	state Exp;
branches;
next	1.74.2.9;

1.74.2.9
date	2000.10.30.10.40.11;	author obrien;	state Exp;
branches;
next	1.74.2.10;

1.74.2.10
date	2000.11.11.20.33.39;	author jkh;	state Exp;
branches;
next	1.74.2.11;

1.74.2.11
date	2001.01.14.08.21.07;	author dougb;	state Exp;
branches;
next	1.74.2.12;

1.74.2.12
date	2001.01.14.09.47.48;	author dougb;	state Exp;
branches;
next	1.74.2.13;

1.74.2.13
date	2001.03.06.01.58.45;	author obrien;	state Exp;
branches;
next	1.74.2.14;

1.74.2.14
date	2001.03.06.02.21.59;	author obrien;	state Exp;
branches;
next	1.74.2.15;

1.74.2.15
date	2001.06.09.16.18.12;	author des;	state Exp;
branches;
next	1.74.2.16;

1.74.2.16
date	2001.06.17.11.40.59;	author brian;	state Exp;
branches;
next	1.74.2.17;

1.74.2.17
date	2001.06.23.23.33.14;	author brian;	state Exp;
branches;
next	1.74.2.18;

1.74.2.18
date	2001.06.24.18.14.59;	author ume;	state Exp;
branches;
next	1.74.2.19;

1.74.2.19
date	2001.07.03.11.01.11;	author ume;	state Exp;
branches;
next	1.74.2.20;

1.74.2.20
date	2001.07.24.19.10.15;	author brooks;	state Exp;
branches;
next	1.74.2.21;

1.74.2.21
date	2001.08.01.20.02.42;	author obrien;	state Exp;
branches;
next	1.74.2.22;

1.74.2.22
date	2001.08.01.20.07.55;	author obrien;	state Exp;
branches;
next	1.74.2.23;

1.74.2.23
date	2001.08.17.07.26.38;	author hm;	state Exp;
branches;
next	1.74.2.24;

1.74.2.24
date	2001.11.19.10.42.28;	author sheldonh;	state Exp;
branches;
next	1.74.2.25;

1.74.2.25
date	2001.12.05.10.50.07;	author guido;	state Exp;
branches;
next	1.74.2.26;

1.74.2.26
date	2001.12.07.08.32.37;	author cjc;	state Exp;
branches;
next	1.74.2.27;

1.74.2.27
date	2001.12.09.06.02.40;	author brooks;	state Exp;
branches;
next	1.74.2.28;

1.74.2.28
date	2001.12.19.17.52.17;	author ru;	state Exp;
branches;
next	1.74.2.29;

1.74.2.29
date	2002.02.04.22.29.02;	author cjc;	state Exp;
branches;
next	1.74.2.30;

1.74.2.30
date	2002.02.09.10.38.42;	author cjc;	state Exp;
branches;
next	1.74.2.31;

1.74.2.31
date	2002.02.23.15.48.21;	author cjc;	state Exp;
branches;
next	1.74.2.32;

1.74.2.32
date	2002.02.27.10.36.03;	author sheldonh;	state Exp;
branches;
next	1.74.2.33;

1.74.2.33
date	2002.03.04.08.37.33;	author sheldonh;	state Exp;
branches;
next	1.74.2.34;

1.74.2.34
date	2002.03.07.18.10.02;	author sheldonh;	state Exp;
branches;
next	1.74.2.35;

1.74.2.35
date	2002.03.09.03.54.10;	author dd;	state Exp;
branches;
next	1.74.2.36;

1.74.2.36
date	2002.03.15.10.20.54;	author cjc;	state Exp;
branches;
next	1.74.2.37;

1.74.2.37
date	2002.03.21.10.27.34;	author cjc;	state Exp;
branches;
next	1.74.2.38;

1.74.2.38
date	2002.04.15.02.12.55;	author dougb;	state Exp;
branches;
next	1.74.2.39;

1.74.2.39
date	2002.04.24.18.51.42;	author joerg;	state Exp;
branches
	1.74.2.39.2.1;
next	1.74.2.40;

1.74.2.40
date	2002.07.05.07.48.02;	author ru;	state Exp;
branches;
next	;

1.74.2.39.2.1
date	2002.07.16.12.33.21;	author des;	state Exp;
branches;
next	;

1.39.2.1
date	99.03.17.20.04.57;	author billf;	state Exp;
branches;
next	1.39.2.2;

1.39.2.2
date	99.03.24.17.25.26;	author brian;	state Exp;
branches;
next	1.39.2.3;

1.39.2.3
date	99.04.10.10.59.15;	author des;	state Exp;
branches;
next	1.39.2.4;

1.39.2.4
date	99.04.12.15.29.11;	author brian;	state Exp;
branches;
next	1.39.2.5;

1.39.2.5
date	99.06.09.08.56.11;	author brian;	state Exp;
branches;
next	1.39.2.6;

1.39.2.6
date	99.07.15.18.41.14;	author obrien;	state Exp;
branches;
next	1.39.2.7;

1.39.2.7
date	99.07.15.18.45.07;	author obrien;	state Exp;
branches;
next	1.39.2.8;

1.39.2.8
date	99.07.30.17.30.26;	author brian;	state Exp;
branches;
next	1.39.2.9;

1.39.2.9
date	99.08.23.23.32.26;	author brian;	state Exp;
branches;
next	1.39.2.10;

1.39.2.10
date	99.08.29.14.18.56;	author peter;	state Exp;
branches;
next	1.39.2.11;

1.39.2.11
date	99.09.03.08.57.26;	author jkh;	state Exp;
branches;
next	1.39.2.12;

1.39.2.12
date	99.09.19.21.35.18;	author green;	state Exp;
branches;
next	1.39.2.13;

1.39.2.13
date	99.10.14.11.49.32;	author des;	state Exp;
branches;
next	1.39.2.14;

1.39.2.14
date	99.11.28.16.09.07;	author brian;	state Exp;
branches;
next	;

1.1.2.1
date	97.04.26.22.39.34;	author jkh;	state Exp;
branches;
next	1.1.2.2;

1.1.2.2
date	97.04.27.11.13.39;	author jkh;	state Exp;
branches;
next	1.1.2.3;

1.1.2.3
date	97.05.01.04.37.10;	author jkh;	state Exp;
branches;
next	1.1.2.4;

1.1.2.4
date	97.05.01.20.02.58;	author jkh;	state Exp;
branches;
next	1.1.2.5;

1.1.2.5
date	97.05.01.20.28.48;	author jkh;	state Exp;
branches;
next	1.1.2.6;

1.1.2.6
date	97.05.01.23.42.19;	author jkh;	state Exp;
branches;
next	1.1.2.7;

1.1.2.7
date	97.05.13.08.27.49;	author jkh;	state Exp;
branches;
next	1.1.2.8;

1.1.2.8
date	97.05.19.08.02.37;	author jkh;	state Exp;
branches;
next	1.1.2.9;

1.1.2.9
date	97.07.06.00.32.00;	author pst;	state Exp;
branches;
next	1.1.2.10;

1.1.2.10
date	97.09.14.23.35.26;	author danny;	state Exp;
branches;
next	1.1.2.11;

1.1.2.11
date	97.09.18.22.47.12;	author danny;	state Exp;
branches;
next	1.1.2.12;

1.1.2.12
date	97.12.01.06.06.35;	author obrien;	state Exp;
branches;
next	1.1.2.13;

1.1.2.13
date	98.02.01.00.24.02;	author wollman;	state Exp;
branches;
next	1.1.2.14;

1.1.2.14
date	98.02.15.14.24.50;	author jkh;	state Exp;
branches;
next	1.1.2.15;

1.1.2.15
date	98.02.20.14.46.12;	author brian;	state Exp;
branches;
next	1.1.2.16;

1.1.2.16
date	98.02.23.20.21.07;	author guido;	state Exp;
branches;
next	1.1.2.17;

1.1.2.17
date	98.02.27.20.49.15;	author jkh;	state Exp;
branches;
next	1.1.2.18;

1.1.2.18
date	98.03.09.08.52.01;	author jkh;	state Exp;
branches;
next	1.1.2.19;

1.1.2.19
date	98.05.05.21.39.44;	author andreas;	state Exp;
branches;
next	1.1.2.20;

1.1.2.20
date	98.05.06.17.43.00;	author andreas;	state Exp;
branches;
next	1.1.2.21;

1.1.2.21
date	98.06.27.21.23.20;	author steve;	state Exp;
branches;
next	1.1.2.22;

1.1.2.22
date	98.09.30.01.08.12;	author jdp;	state Exp;
branches;
next	1.1.2.23;

1.1.2.23
date	98.11.25.21.51.34;	author msmith;	state Exp;
branches;
next	1.1.2.24;

1.1.2.24
date	98.11.28.22.04.20;	author jkh;	state Exp;
branches;
next	1.1.2.25;

1.1.2.25
date	99.09.05.11.01.58;	author peter;	state Exp;
branches;
next	;


desc
@@


1.157
log
@Switching exporter and resync
@
text
@#!/bin/sh
#
# $FreeBSD: head/etc/rc.d/netoptions 225521 2011-09-13 00:06:11Z hrs $
#

# PROVIDE: netoptions
# REQUIRE: FILESYSTEMS
# BEFORE: netif
# KEYWORD: nojail

. /etc/rc.subr
. /etc/network.subr

name="netoptions"
start_cmd="netoptions_start"
stop_cmd=:

_netoptions_initdone=
netoptions_init()
{
	if [ -z "${_netoptions_initdone}" ]; then
		echo -n 'Additional TCP/IP options:'
		_netoptions_initdone=yes
	fi
}

netoptions_start()
{
	local _af

	for _af in inet inet6; do
		afexists ${_af} && eval netoptions_${_af}
	done
	[ -n "${_netoptions_initdone}" ] && echo '.'
}

netoptions_inet()
{
	case ${log_in_vain} in
	[12])
		netoptions_init
		echo -n " log_in_vain=${log_in_vain}"
		${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null
		${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null
		;;
	*)
		${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null
		${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null
		;;
	esac

	if checkyesno tcp_extensions; then
		${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null
	else
		netoptions_init
		echo -n " rfc1323 extensions=${tcp_extensions}"
		${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null
	fi

	if checkyesno tcp_keepalive; then
		${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null
	else
		netoptions_init
		echo -n " TCP keepalive=${tcp_keepalive}"
		${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null
	fi

	if checkyesno tcp_drop_synfin; then
		netoptions_init
		echo -n " drop SYN+FIN packets=${tcp_drop_synfin}"
		${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null
	else
		${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null
	fi

	case ${ip_portrange_first} in
	[0-9]*)
		netoptions_init
		echo -n " ip_portrange_first=$ip_portrange_first"
		${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
		;;
	esac

	case ${ip_portrange_last} in
	[0-9]*)
		netoptions_init
		echo -n " ip_portrange_last=$ip_portrange_last"
		${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
		;;
	esac
}

netoptions_inet6()
{
	if checkyesno ipv6_ipv4mapping; then
		netoptions_init
		echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}"
		${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null
	else
		${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null
	fi

	if checkyesno ipv6_privacy; then
		netoptions_init
		echo -n " IPv6 Privacy Addresses"
		${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null
		${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null
	fi

	case $ipv6_cpe_wanif in
	""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
		${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null
		${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null
	;;
	*)	
		netoptions_init
		echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}"
		${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null
		${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null
	;;
	esac
}

load_rc_config $name
run_rc_command $1
@


1.157.2.1
log
@file netoptions was added on branch RELENG_8_4 on 2013-03-28 13:02:43 +0000
@
text
@d1 125
@


1.157.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 92
#!/bin/sh
#
# $FreeBSD: releng/8.4/etc/rc.d/netoptions 180563 2008-07-16 19:22:48Z dougb $
#

# PROVIDE: netoptions
# REQUIRE: FILESYSTEMS
# KEYWORD: nojail

. /etc/rc.subr

_netoptions_initdone=
netoptions_init()
{
	if [ -z "${_netoptions_initdone}" ]; then
		echo -n 'Additional TCP/IP options:'
		_netoptions_initdone=yes
	fi
}

load_rc_config 'XXX'

case ${log_in_vain} in
[Nn][Oo] | '')
	log_in_vain=0
	;;
[Yy][Ee][Ss])
	log_in_vain=1
	;;
[0-9]*)
	;;
*)
	netoptions_init
	echo " invalid log_in_vain setting: ${log_in_vain}"
	log_in_vain=0
	;;
esac

if [ "${log_in_vain}" -ne 0 ]; then
	netoptions_init
	echo -n " log_in_vain=${log_in_vain}"
	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
fi

case ${tcp_extensions} in
[Yy][Ee][Ss] | '')
	;;
*)
	netoptions_init
	echo -n ' tcp extensions=NO'
	sysctl net.inet.tcp.rfc1323=0 >/dev/null
	;;
esac

case ${tcp_keepalive} in
[Nn][Oo])
	netoptions_init
	echo -n ' TCP keepalive=NO'
	sysctl net.inet.tcp.always_keepalive=0 >/dev/null
	;;
esac

case ${tcp_drop_synfin} in
[Yy][Ee][Ss])
	netoptions_init
	echo -n ' drop SYN+FIN packets=YES'
	sysctl net.inet.tcp.drop_synfin=1 >/dev/null
	;;
esac

case ${ip_portrange_first} in
[Nn][Oo] | '')
	;;
*)
	netoptions_init
	echo -n " ip_portrange_first=$ip_portrange_first"
	sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
	;;
esac

case ${ip_portrange_last} in
[Nn][Oo] | '')
	;;
*)
	netoptions_init
	echo -n " ip_portrange_last=$ip_portrange_last"
	sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
	;;
esac

[ -n "${_netoptions_initdone}" ] && echo '.'
@


1.156
log
@SVN rev 225521 on 2011-09-13 00:06:11Z by hrs

Add $ipv6_cpe_wanif to enable functionality required for IPv6 CPE
(r225485).  When setting an interface name to it, the following
configurations will be enabled:

 1. "no_radr" is set to all IPv6 interfaces automatically.

 2. "-no_radr accept_rtadv" will be set only for $ipv6_cpe_wanif.  This is
    done just before evaluating $ifconfig_IF_ipv6 in the rc.d scripts (this
    means you can manually supersede this configuration if necessary).

 3. The node will add RA-sending routers to the default router list
    even if net.inet6.ip6.forwarding=1.

This mode is added to conform to RFC 6204 (a router which connects
the end-user network to a service provider network).  To enable
packet forwarding, you still need to set ipv6_gateway_enable=YES.

Note that accepting router entries into the default router list when
packet forwarding capability and a routing daemon are enabled can
result in messing up the routing table.  To minimize such unexpected
behaviors, "no_radr" is set on all interfaces but $ipv6_cpe_wanif.

Approved by:	re (bz)
@
text
@d3 1
a3 1
# $FreeBSD$
@


1.156.2.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.156.2.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: stable/9/etc/rc.d/netoptions 225521 2011-09-13 00:06:11Z hrs $
@


1.156.2.1.4.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.156.2.1.4.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/9.1/etc/rc.d/netoptions 225521 2011-09-13 00:06:11Z hrs $
@


1.156.2.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.156.2.1.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/9.0/etc/rc.d/netoptions 225521 2011-09-13 00:06:11Z hrs $
@


1.155
log
@SVN rev 220153 on 2011-03-30 01:19:00Z by emaste

Replace ${SYSCTL_W} with ${SYSCTL} in rc.d scripts, as they are identical.
This is a further clean up after r202988.

SYSCTL_W is still initialized in rc.subr as some ports may still use it.
@
text
@d109 13
@


1.154
log
@SVN rev 212576 on 2010-09-13 19:52:46Z by hrs

Add $ipv6_privacy to support net.inet6.ip6.use_tempaddr.  Note that this
will be replaced with a per-IF version later.

Based on:	changes in r206408 by dougb
@
text
@d43 2
a44 2
		${SYSCTL_W} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null
		${SYSCTL_W} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null
d47 2
a48 2
		${SYSCTL_W} net.inet.tcp.log_in_vain=0 >/dev/null
		${SYSCTL_W} net.inet.udp.log_in_vain=0 >/dev/null
d53 1
a53 1
		${SYSCTL_W} net.inet.tcp.rfc1323=1 >/dev/null
d57 1
a57 1
		${SYSCTL_W} net.inet.tcp.rfc1323=0 >/dev/null
d61 1
a61 1
		${SYSCTL_W} net.inet.tcp.always_keepalive=1 >/dev/null
d65 1
a65 1
		${SYSCTL_W} net.inet.tcp.always_keepalive=0 >/dev/null
d71 1
a71 1
		${SYSCTL_W} net.inet.tcp.drop_synfin=1 >/dev/null
d73 1
a73 1
		${SYSCTL_W} net.inet.tcp.drop_synfin=0 >/dev/null
d80 1
a80 1
		${SYSCTL_W} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
d88 1
a88 1
		${SYSCTL_W} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
d98 1
a98 1
		${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null
d100 1
a100 1
		${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null
d106 2
a107 2
		${SYSCTL_W} net.inet6.ip6.use_tempaddr=1 >/dev/null
		${SYSCTL_W} net.inet6.ip6.prefer_tempaddr=1 >/dev/null
@


1.153
log
@SVN rev 212574 on 2010-09-13 19:51:15Z by hrs

Revert changes in r206408.

Discussed with:	dougb, core.5, and core.6
@
text
@d102 7
@


1.152
log
@SVN rev 206408 on 2010-04-09 01:35:09Z by dougb

Improve the handling of IPv6 configuration in rc.d. The ipv6_enable
and ipv6_ifconfig_<interface> options have already been deprecated,
these changes do not alter that.

With these changes any value set for ipv6_enable will emit a
warning. In order to avoid a POLA violation for the deprecation
of the option ipv6_enable=NO will still disable configuration
for all interfaces other than lo0. ipv6_enable=YES will not have
any effect, but will emit an additional warning. Support and
warnings for this option will be removed in FreeBSD 10.x.

Consistent with the current code, in order for IPv6 to be configured
on an interface (other than lo0) an ifconfig_<interface>_ipv6
option will have to be added to /etc/rc.conf[.local].

1. Clean up and minor optimizations for the following functions:
ifconfig_up (the ipv6 elements)
ipv6if
ipv6_autoconfif
get_if_var
_ifconfig_getargs
The cleanups generally were to move the "easy" tests earlier in the
functions, and consolidate duplicate code.

2. Stop overloading ipv6_prefer with the ability to disable IPv6
configuration.

3. Remove noafif() which was only ever called from ipv6_autoconfif.
Instead, simplify and integrate the tests into that function, and
convert the test to use is_wired_interface() instead of listing
wireless interfaces explicitly.

4. Integrate backwards compatibility for ipv6_ifconfig_<interface>
into _ifconfig_getargs. This dramatically simplifies the code in
all of the callers, and avoids a lot of other code duplication.

5. In rc.d/netoptions, add code for an ipv6_privacy option to use
RFC 4193 style pseudo-random addresses (this is what windows does
by default, FYI).

6. Add support for the [NO]RTADV options in ifconfig_getargs() and
ipv6_autoconfif(). In the latter, include support for the explicit
addition of [-]accept_rtadv in ifconfig_<interface>_ipv6 as is done
in the current code.

7. In rc.d/netif add a warning if $ipv6_enable is set, and remove
the set_rcvar_obsolete for it. Also remove the latter from
rc.d/ip6addrctl.

8. In /etc/defaults/rc.conf:

Add an example for RTADV configuration.

Set ipv6_network_interfaces to AUTO.

Switch ipv6_prefer to YES. If ipv6_enable is not set this will have
no effect.

Add a default for ipv6_privacy (NO).

9. Document all of this in rc.conf.5.
@
text
@a101 7

	if checkyesno ipv6_privacy; then
		netoptions_init
		echo -n " IPv6 Privacy Addresses"
		${SYSCTL_W} net.inet6.ip6.use_tempaddr=1 >/dev/null
		${SYSCTL_W} net.inet6.ip6.prefer_tempaddr=1 >/dev/null
	fi
@


1.151
log
@SVN rev 198383 on 2009-10-23 09:30:19Z by hrs

Use double-quotation marks to fix the unexpanded variable issue.

Spotted by:	swell.k
@
text
@d102 7
@


1.150
log
@SVN rev 197702 on 2009-10-02 06:51:39Z by hrs

The net.inet.tcp.log_in_vain accepts 0, 1 or 2, not Y/N.
@
text
@d56 1
a56 1
		echo -n ' rfc1323 extensions=${tcp_extensions}'
d64 1
a64 1
		echo -n ' TCP keepalive=${tcp_keepalive}'
d70 1
a70 1
		echo -n ' drop SYN+FIN packets=${tcp_drop_synfin}'
@


1.149
log
@SVN rev 197698 on 2009-10-02 02:27:49Z by hrs

- Fix logic inversion bug of net.inet.tcp.rfc1323[*].

- Split netoptions_start() to netoptions_AF() and add afexists() check
  for each address family.

- Display a message only if the user sets a non-default value, and set
  a sysctl explicitly even if it is the default value.

Spotted by:	Pegasus Mc Cleaft[*]
@
text
@d39 2
a40 1
	if checkyesno log_in_vain; then
d43 4
a46 3
		${SYSCTL_W} net.inet.tcp.log_in_vain=1 >/dev/null
		${SYSCTL_W} net.inet.udp.log_in_vain=1 >/dev/null
	else
d49 2
a50 1
	fi
@


1.148
log
@SVN rev 197646 on 2009-09-30 14:58:10Z by ume

Don't do an IPv6 operation when the kernel doesn't have
an IPv6 support.

Reported by:	Alexander Best <alexbestms__at__math.uni-muenster.de>
Confirmed by:	Paul B. Mahol <onemda__at__gmail.com>,
		Alexander Best <alexbestms__at__math.uni-muenster.de>
@
text
@d29 10
d42 5
a46 2
		${SYSCTL_W} net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
		${SYSCTL_W} net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
d50 2
d53 1
a53 1
		echo -n ' rfc1323 extensions=NO'
d57 3
a59 1
	if ! checkyesno tcp_keepalive; then
d61 1
a61 1
		echo -n ' TCP keepalive=NO'
d67 1
a67 1
		echo -n ' drop SYN+FIN packets=YES'
d69 2
d88 1
d90 8
a97 7
	if afexists inet6; then
		if checkyesno ipv6_ipv4mapping; then
			${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null
		else
			echo -n " no-ipv4-mapped-ipv6"
			${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null
		fi
a98 2

	[ -n "${_netoptions_initdone}" ] && echo '.'
@


1.147
log
@SVN rev 197143 on 2009-09-12 22:17:52Z by hrs

Use RCng coding convention.

MFC after:	3 days
@
text
@d12 1
d70 7
a76 5
	if checkyesno ipv6_ipv4mapping; then
		${SYSCTL_W} net.inet6.ip6.v6only=0 >/dev/null
	else
		echo -n " no-ipv4-mapped-ipv6"
		${SYSCTL_W} net.inet6.ip6.v6only=1 >/dev/null
@


1.146
log
@SVN rev 179951 on 2008-06-23 12:06:35Z by mtm

Set the sysctl(8) value in the same shell, not a subshell. This was
causing calls to netoptions_init() to not properly set a global variable,
which ended up being in the parent shell.
@
text
@d8 1
d13 4
d26 26
a51 1
load_rc_config 'XXX'
d53 25
a77 68
case ${log_in_vain} in
[Nn][Oo] | '')
	log_in_vain=0
	;;
[Yy][Ee][Ss])
	log_in_vain=1
	;;
[0-9]*)
	;;
*)
	netoptions_init
	echo " invalid log_in_vain setting: ${log_in_vain}"
	log_in_vain=0
	;;
esac

if [ "${log_in_vain}" -ne 0 ]; then
	netoptions_init
	echo -n " log_in_vain=${log_in_vain}"
	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
fi

case ${tcp_extensions} in
[Yy][Ee][Ss] | '')
	;;
*)
	netoptions_init
	echo -n ' tcp extensions=NO'
	sysctl net.inet.tcp.rfc1323=0 >/dev/null
	;;
esac

case ${tcp_keepalive} in
[Nn][Oo])
	netoptions_init
	echo -n ' TCP keepalive=NO'
	sysctl net.inet.tcp.always_keepalive=0 >/dev/null
	;;
esac

case ${tcp_drop_synfin} in
[Yy][Ee][Ss])
	netoptions_init
	echo -n ' drop SYN+FIN packets=YES'
	sysctl net.inet.tcp.drop_synfin=1 >/dev/null
	;;
esac

case ${ip_portrange_first} in
[Nn][Oo] | '')
	;;
*)
	netoptions_init
	echo -n " ip_portrange_first=$ip_portrange_first"
	sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
	;;
esac

case ${ip_portrange_last} in
[Nn][Oo] | '')
	;;
*)
	netoptions_init
	echo -n " ip_portrange_last=$ip_portrange_last"
	sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
	;;
esac
d79 2
a80 1
[ -n "${_netoptions_initdone}" ] && echo '.'
@


1.146.2.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.146.2.2
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: stable/8/etc/rc.d/netoptions 180563 2008-07-16 19:22:48Z dougb $
@


1.146.2.1.8.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.146.2.1.8.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/8.3/etc/rc.d/netoptions 180563 2008-07-16 19:22:48Z dougb $
@


1.146.2.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.146.2.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.146.2.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.145
log
@SVN rev 179940 on 2008-06-23 04:00:45Z by mtm

Do not print anything unless one of the net/routing options is set.
@
text
@d39 1
a39 1
[ "${log_in_vain}" -ne 0 ] && (
d44 1
a44 1
)
@


1.144
log
@Move options that do not have anything to do with routing out of
rc.d/routing and in to rc.d/netoptions. Also instead of saying
"TCP options" say "IP options".
@
text
@d12 9
a22 1
echo -n 'Additional IP options:'
d33 1
d40 1
d50 1
d58 1
d66 1
d76 1
d86 1
d92 1
a92 1
echo '.'
@


1.144.2.1
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: stable/7/etc/rc.d/netoptions 220110 2011-03-28 19:29:30Z dougb $
@


1.144.12.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.144.12.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/7.4/etc/rc.d/netoptions 169217 2007-05-02 15:49:30Z mtm $
@


1.144.10.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.144.8.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.144.6.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.143
log
@When rc.d/NETWORKING included this script in its REQUIRE line, a circular
dependency was introduced because this script had rc.d/localpkg (which is
*after* rc.d/NETWORKING) in its REQUIRE line.

From an examination of its contents it seems that only the availability of
a local filesystem is necessary for this script to function properly.
@
text
@d14 1
a14 1
echo -n 'Additional TCP options:'
d35 42
@


1.142
log
@Apply "additional TCP options" earlier.

Requested by:	andre@@
MFC after:	1 week
@
text
@d7 1
a7 1
# REQUIRE: localpkg
@


1.141
log
@Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
@
text
@a7 1
# BEFORE:  securelevel
@


1.141.2.1
log
@MFC: apply "additional TCP options" earlier
@
text
@d8 1
@


1.141.2.2
log
@MFC: (1.143) break cyclic dependency
@
text
@d7 1
a7 1
# REQUIRE: FILESYSTEMS
@


1.141.2.3
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: stable/6/etc/rc.d/netoptions 170090 2007-05-29 09:28:10Z des $
@


1.141.2.2.4.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


1.140
log
@Mark scripts as not usable inside a jail by adding keyword 'nojail'.

Some suggestions from:	rwatson, Ruben de Groot <mail25@@bzerk.org>
@
text
@d9 1
a9 1
# KEYWORD: FreeBSD nojail
@


1.140.2.1
log
@RCS file: /home/ncvs/src/etc/rc,v
----------------------------
revision 1.335
date: 2004/10/08 14:23:49;  author: mtm;  state: Exp;  lines: +0 -1
Remove an unused variable.

Submitted by: Pawel Worach <pawel.worach@@telia.com>
----------------------------
revision 1.334
date: 2004/10/07 13:55:25;  author: mtm;  state: Exp;  lines: +1 -1
Remove the requirement for the FreeBSD keyword as it no longer
makes any sense.

Discussed with: dougb, brooks
MFC after: 3 days
=============================================================================
RCS file: /home/ncvs/src/etc/rc.d/nsswitch,v
----------------------------
revision 1.4
date: 2004/09/16 17:03:12;  author: keramida;  state: Exp;  lines: +1 -1
Fix requirement of `network' to `NETWORK' because the former isn't
provided by any rc.d script.

Approved by:	mtm
=============================================================================
RCS file: /home/ncvs/src/etc/rc.d/pflog,v
----------------------------
revision 1.3
date: 2004/09/16 17:04:20;  author: keramida;  state: Exp;  lines: +1 -1
We don't have any providers of `beforenetlkm' in FreeBSD.  Remove the
dependency to it from our rc.d scripts.

Approved by:	mtm
=============================================================================

Approved by: re/scottl
@
text
@d9 1
a9 1
# KEYWORD: nojail
@


1.139
log
@Rename localdaemons to localpkg.
The original name was really a mistake since
/usr/local/etc/rc.d scripts can (and usually do) start
more than just daemons. Even the output in the script
uses 'local packages.' Also, the term 'local daemons' is
used by rc.d/local, which was etc/rc.local of rcOG fame.
No repo-copy because there isn't much history to save.
I will remove localdaemons shortly with all the other
files that don't belong in rc.d anymore.

Discussed with:	dougb, freebsd-rc@@yahoogroups.com
@
text
@d9 1
a9 1
# KEYWORD: FreeBSD
@


1.138
log
@o Repocopied routing and netoptions from network2 and network3, respectively.
o Change the provider names.
o Separate routing into two parts: static routing and routing options. The
  start command will run both parts, but they can be run separately using
  the static and options command, respectively:
  (/etc/rc.d/routing static; /etc/rc.d/routing options)
@
text
@d7 1
a7 1
# REQUIRE: localdaemons
@


1.137
log
@Move securelevel further back in the boot order.

Approved by:	markm (mentor)(implicit)
Reviewed by:	dougb
@
text
@d6 1
a6 1
# PROVIDE: network3
@


1.136
log
@Fix style bugs:
* Space -> tabs conversion.
* Removed blanks before semicolon in "if ... ; then".
* Proper indentation of misindented lines.
* Put a full stop after some comments.
* Removed whitespace at end of line.

Approved by:	silence from gordon
@
text
@d8 1
@


1.135
log
@Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by:   Mike Makonnen <makonnen@@pacbell.net>
Reviewed by:    silence on -current and -hackers
Prodded by:     rwatson
@
text
@d31 3
a33 3
    echo -n " log_in_vain=${log_in_vain}"
    sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
    sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
@


1.134
log
@Cosmetic changes to the previous commit, bringing it closer to what I
already had in my tree but didn't want to commit.
@
text
@d1 1
a1 1
#!/bin/sh -
d3 1
a3 2
# Copyright (c) 1993  The FreeBSD Project
# All rights reserved.
a4 934
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD: src/etc/rc.network,v 1.133 2002/04/10 22:30:54 peter Exp $
#	From: @@(#)netstart	5.9 (Berkeley) 3/30/91
#

# Note that almost all of the user-configurable behavior is no longer in
# this file, but rather in /etc/defaults/rc.conf.  Please check that file
# first before contemplating any changes here.  If you do need to change
# this file for some reason, we would like to know about it.

# First pass startup stuff.
#
network_pass1() {
	echo -n 'Doing initial network setup:'

	# Generate host.conf for compatibility
	#
	if [ -f "/etc/nsswitch.conf" ]; then
		echo -n ' host.conf'
		generate_host_conf /etc/nsswitch.conf /etc/host.conf
	fi

	# Convert host.conf to nsswitch.conf if necessary
	#
	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
		echo ''
		echo 'Warning: /etc/host.conf is no longer used'
		echo '  /etc/nsswitch.conf will be created for you'
		convert_host_conf /etc/host.conf /etc/nsswitch.conf
	fi

	# Set the host name if it is not already set
	#
	if [ -z "`hostname -s`" ]; then
		hostname ${hostname}
		echo -n ' hostname'
	fi

	# Establish ipfilter ruleset as early as possible (best in
	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)

	# check whether ipfilter and/or ipnat is enabled
	ipfilter_active="NO"
	case ${ipfilter_enable} in
	[Yy][Ee][Ss])
		ipfilter_active="YES"
		;;
	esac
	case ${ipnat_enable} in
	[Yy][Ee][Ss])
		ipfilter_active="YES"
		;;
	esac
	case ${ipfilter_active} in
	[Yy][Ee][Ss])
		# load ipfilter kernel module if needed
		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
			if kldload ipl; then
				echo 'IP-filter module loaded.'
			else
				echo 'Warning: IP-filter module failed to load.'
				# avoid further errors
				ipfilter_active="NO"
				ipmon_enable="NO"
				ipfilter_enable="NO"
				ipnat_enable="NO"
				ipfs_enable="NO"
			fi
		fi
		# start ipmon before loading any rules
		case "${ipmon_enable}" in
		[Yy][Ee][Ss])
			echo -n ' ipmon'
			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
			;;
		esac
		case "${ipfilter_enable}" in
		[Yy][Ee][Ss])
			if [ -r "${ipfilter_rules}" ]; then
				echo -n ' ipfilter'
				${ipfilter_program:-/sbin/ipf} -Fa -f \
				    "${ipfilter_rules}" ${ipfilter_flags}
			else
				ipfilter_enable="NO"
				echo -n ' NO IPF RULES'
			fi
			;;
		esac
		case "${ipnat_enable}" in
		[Yy][Ee][Ss])
			if [ -r "${ipnat_rules}" ]; then
				echo -n ' ipnat'
				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
				    "${ipnat_rules}" ${ipnat_flags}
			else
				ipnat_enable="NO"
				echo -n ' NO IPNAT RULES'
			fi
			;;
		esac
		# restore filter/NAT state tables after loading the rules
		case "${ipfs_enable}" in
		[Yy][Ee][Ss])
			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
				echo -n ' ipfs'
				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
				# remove files to avoid reloading old state
				# after an ungraceful shutdown
				rm -f /var/db/ipf/ipstate.ipf
				rm -f /var/db/ipf/ipnat.ipf
			fi
			;;
		esac
		;;
	esac

	# Set the domainname if we're using NIS
	#
	case ${nisdomainname} in
	[Nn][Oo] | '')
		;;
	*)
		domainname ${nisdomainname}
		echo -n ' domain'
		;;
	esac

	echo '.'

	# Initial ATM interface configuration
	#
	case ${atm_enable} in
	[Yy][Ee][Ss])
		if [ -r /etc/rc.atm ]; then
			. /etc/rc.atm
			atm_pass1
		fi
		;;
	esac

	# Attempt to create cloned interfaces.
	for ifn in ${cloned_interfaces}; do
		ifconfig ${ifn} create
	done

	# Special options for sppp(4) interfaces go here.  These need
	# to go _before_ the general ifconfig section, since in the case
	# of hardwired (no link1 flag) but required authentication, you
	# cannot pass auth parameters down to the already running interface.
	#
	for ifn in ${sppp_interfaces}; do
		eval spppcontrol_args=\$spppconfig_${ifn}
		if [ -n "${spppcontrol_args}" ]; then
			# The auth secrets might contain spaces; in order
			# to retain the quotation, we need to eval them
			# here.
			eval spppcontrol ${ifn} ${spppcontrol_args}
		fi
	done

	# gifconfig
	network_gif_setup

	# Set up all the network interfaces, calling startup scripts if needed
	#
	case ${network_interfaces} in
	[Aa][Uu][Tt][Oo])
		network_interfaces="`ifconfig -l`"
		;;
	*)
		network_interfaces="${network_interfaces} ${cloned_interfaces}"
		;;
	esac

	dhcp_interfaces=""
	for ifn in ${network_interfaces}; do
		if [ -r /etc/start_if.${ifn} ]; then
			. /etc/start_if.${ifn}
			eval showstat_$ifn=1
		fi

		# Do the primary ifconfig if specified
		#
		eval ifconfig_args=\$ifconfig_${ifn}

		case ${ifconfig_args} in
		'')
			;;
		[Dd][Hh][Cc][Pp])
			# DHCP inits are done all in one go below
			dhcp_interfaces="$dhcp_interfaces $ifn"
			eval showstat_$ifn=1
			;;
		*)
			ifconfig ${ifn} ${ifconfig_args}
			eval showstat_$ifn=1
			;;
		esac
	done

	if [ ! -z "${dhcp_interfaces}" ]; then
		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
	fi

	for ifn in ${network_interfaces}; do
		# Check to see if aliases need to be added
		#
		alias=0
		while : ; do
			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
			if [ -n "${ifconfig_args}" ]; then
				ifconfig ${ifn} ${ifconfig_args} alias
				eval showstat_$ifn=1
				alias=$((${alias} + 1))
			else
				break;
			fi
		done

		# Do ipx address if specified
		#
		eval ifconfig_args=\$ifconfig_${ifn}_ipx
		if [ -n "${ifconfig_args}" ]; then
			ifconfig ${ifn} ${ifconfig_args}
			eval showstat_$ifn=1
		fi
	done

	for ifn in ${network_interfaces}; do
		eval showstat=\$showstat_${ifn}
		if [ ! -z ${showstat} ]; then
			ifconfig ${ifn}
		fi
	done

	# ISDN subsystem startup
	#
	case ${isdn_enable} in
	[Yy][Ee][Ss])
		if [ -r /etc/rc.isdn ]; then
			. /etc/rc.isdn
		fi
		;;
	esac

	# Start user ppp if required.  This must happen before natd.
	#
	case ${ppp_enable} in
	[Yy][Ee][Ss])
		# Establish ppp mode.
		#
		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
			-a "${ppp_mode}" != "dedicated" \
			-a "${ppp_mode}" != "background" ]; then
			ppp_mode="auto"
		fi

		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"

		# Switch on NAT mode?
		#
		case ${ppp_nat} in
		[Yy][Ee][Ss])
			ppp_command="${ppp_command} -nat"
			;;
		esac

		ppp_command="${ppp_command} ${ppp_profile}"

		echo "Starting ppp as \"${ppp_user}\""
		su -m ${ppp_user} -c "exec ${ppp_command}"
		;;
	esac

	# Re-Sync ipfilter so it picks up any new network interfaces
	#
	case ${ipfilter_active} in
	[Yy][Ee][Ss])
		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
		;;
	esac
	unset ipfilter_active

	# Initialize IP filtering using ipfw
	#
	if /sbin/ipfw -q flush > /dev/null 2>&1; then
		firewall_in_kernel=1
	else
		firewall_in_kernel=0
	fi

	case ${firewall_enable} in
	[Yy][Ee][Ss])
		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
			firewall_in_kernel=1
			echo 'Kernel firewall module loaded'
		elif [ "${firewall_in_kernel}" -eq 0 ]; then
			echo 'Warning: firewall kernel module failed to load'
		fi
		;;
	esac

	# Load the filters if required
	#
	case ${firewall_in_kernel} in
	1)
		if [ -z "${firewall_script}" ]; then
			firewall_script=/etc/rc.firewall
		fi

		case ${firewall_enable} in
		[Yy][Ee][Ss])
			if [ -r "${firewall_script}" ]; then
				. "${firewall_script}"
				echo -n 'Firewall rules loaded, starting divert daemons:'

				# Network Address Translation daemon
				#
				case ${natd_enable} in
				[Yy][Ee][Ss])
					if [ -n "${natd_interface}" ]; then
						if echo ${natd_interface} | \
							grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
							natd_flags="$natd_flags -a ${natd_interface}"
						else
							natd_flags="$natd_flags -n ${natd_interface}"
						fi
					fi
					echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
					;;
				esac

				echo '.'

			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
				echo 'Warning: kernel has firewall functionality,' \
				     'but firewall rules are not enabled.'
				echo '		 All ip services are disabled.'
			fi

			case ${firewall_logging} in
			[Yy][Ee][Ss] | '')
				echo 'Firewall logging=YES'
				sysctl net.inet.ip.fw.verbose=1 >/dev/null
				;;
			*)
				;;
			esac

			;;
		esac
		;;
	esac

	# Additional ATM interface configuration
	#
	if [ -n "${atm_pass1_done}" ]; then
		atm_pass2
	fi

	# Configure routing
	#
	case ${defaultrouter} in
	[Nn][Oo] | '')
		;;
	*)
		static_routes="default ${static_routes}"
		route_default="default ${defaultrouter}"
		;;
	esac

	# Set up any static routes.  This should be done before router discovery.
	#
	if [ -n "${static_routes}" ]; then
		for i in ${static_routes}; do
			eval route_args=\$route_${i}
			route add ${route_args}
		done
	fi

	echo -n 'Additional routing options:'
	case ${tcp_extensions} in
	[Yy][Ee][Ss] | '')
		;;
	*)
		echo -n ' tcp extensions=NO'
		sysctl net.inet.tcp.rfc1323=0 >/dev/null
		;;
	esac

	case ${icmp_bmcastecho} in
	[Yy][Ee][Ss])
		echo -n ' broadcast ping responses=YES'
		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
		;;
	esac

	case ${icmp_drop_redirect} in
	[Yy][Ee][Ss])
		echo -n ' ignore ICMP redirect=YES'
		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
		;;
	esac

	case ${icmp_log_redirect} in
	[Yy][Ee][Ss])
		echo -n ' log ICMP redirect=YES'
		sysctl net.inet.icmp.log_redirect=1 >/dev/null
		;;
	esac

	case ${gateway_enable} in
	[Yy][Ee][Ss])
		echo -n ' IP gateway=YES'
		sysctl net.inet.ip.forwarding=1 >/dev/null
		;;
	esac

	case ${forward_sourceroute} in
	[Yy][Ee][Ss])
		echo -n ' do source routing=YES'
		sysctl net.inet.ip.sourceroute=1 >/dev/null
		;;
	esac

	case ${accept_sourceroute} in
	[Yy][Ee][Ss])
		echo -n ' accept source routing=YES'
		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
		;;
	esac

	case ${tcp_keepalive} in
	[Nn][Oo])
		echo -n ' TCP keepalive=NO'
		sysctl net.inet.tcp.always_keepalive=0 >/dev/null
		;;
	esac

	case ${tcp_drop_synfin} in
	[Yy][Ee][Ss])
		echo -n ' drop SYN+FIN packets=YES'
		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
		;;
	esac

	case ${ipxgateway_enable} in
	[Yy][Ee][Ss])
		echo -n ' IPX gateway=YES'
		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
		;;
	esac

	case ${arpproxy_all} in
	[Yy][Ee][Ss])
		echo -n ' ARP proxyall=YES'
		sysctl net.link.ether.inet.proxyall=1 >/dev/null
		;;
	esac

	case ${ip_portrange_first} in
	[Nn][Oo] | '')
		;;
	*)
		echo -n " ip_portrange_first=$ip_portrange_first"
		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
		;;
	esac

	case ${ip_portrange_last} in
	[Nn][Oo] | '')
		;;
	*)
		echo -n " ip_portrange_last=$ip_portrange_last"
		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
		;;
	esac

	echo '.'

	case ${ipsec_enable} in
	[Yy][Ee][Ss])
		if [ -f ${ipsec_file} ]; then
		    echo ' ipsec: enabled'
		    setkey -f ${ipsec_file}
		else
		    echo ' ipsec: file not found'
		fi
		;;
	esac

	echo -n 'Routing daemons:'
	case ${router_enable} in
	[Yy][Ee][Ss])
		echo -n " ${router}";	${router} ${router_flags}
		;;
	esac

	case ${ipxrouted_enable} in
	[Yy][Ee][Ss])
		echo -n ' IPXrouted'
		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
		;;
	esac

	case ${mrouted_enable} in
	[Yy][Ee][Ss])
		echo -n ' mrouted';	mrouted ${mrouted_flags}
		;;
	esac

	case ${rarpd_enable} in
	[Yy][Ee][Ss])
		echo -n ' rarpd';	rarpd ${rarpd_flags}
		;;
	esac
	echo '.'

	# Let future generations know we made it.
	#
	network_pass1_done=YES
}

network_pass2() {
	echo -n 'Doing additional network setup:'
	case ${named_enable} in
	[Yy][Ee][Ss])
		echo -n ' named';	${named_program:-named} ${named_flags}
		;;
	esac

	case ${ntpdate_enable} in
	[Yy][Ee][Ss])
		echo -n ' ntpdate'
		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
		;;
	esac

	case ${xntpd_enable} in
	[Yy][Ee][Ss])
		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
		;;
	esac

	case ${timed_enable} in
	[Yy][Ee][Ss])
		echo -n ' timed';	timed ${timed_flags}
		;;
	esac

	case ${portmap_enable} in
	[Yy][Ee][Ss])
		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
			${portmap_flags}

		# Start ypserv if we're an NIS server.
		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
		#
		case ${nis_server_enable} in
		[Yy][Ee][Ss])
			echo -n ' ypserv'; ypserv ${nis_server_flags}

			case ${nis_ypxfrd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.ypxfrd'
				rpc.ypxfrd ${nis_ypxfrd_flags}
				;;
			esac

			case ${nis_yppasswdd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.yppasswdd'
				rpc.yppasswdd ${nis_yppasswdd_flags}
				;;
			esac
			;;
		esac

		# Start ypbind if we're an NIS client
		#
		case ${nis_client_enable} in
		[Yy][Ee][Ss])
			echo -n ' ypbind'; ypbind ${nis_client_flags}
			case ${nis_ypset_enable} in
			[Yy][Ee][Ss])
				echo -n ' ypset';	ypset ${nis_ypset_flags}
				;;
			esac
			;;
		esac

		# Start keyserv if we are running Secure RPC
		#
		case ${keyserv_enable} in
		[Yy][Ee][Ss])
			echo -n ' keyserv';	keyserv ${keyserv_flags}
			;;
		esac

		# Start ypupdated if we are running Secure RPC
		# and we are NIS master
		#
		case ${rpc_ypupdated_enable} in
		[Yy][Ee][Ss])
			echo -n ' rpc.ypupdated';	rpc.ypupdated
			;;
		esac
		;;
	esac

	# Start ATM daemons
	if [ -n "${atm_pass2_done}" ]; then
		atm_pass3
	fi

	echo '.'
	network_pass2_done=YES
}

network_pass3() {
	echo -n 'Starting final network daemons:'

	case ${portmap_enable} in
	[Yy][Ee][Ss])
		case ${nfs_server_enable} in
		[Yy][Ee][Ss])
			# Handle absent nfs server support
			nfsserver_in_kernel=0
			if sysctl vfs.nfsrv >/dev/null 2>&1; then
				nfsserver_in_kernel=1
			else
				kldload nfsserver && nfsserver_in_kernel=1
			fi

			if [ -r /etc/exports -a \
			    ${nfsserver_in_kernel} -eq 1 ]; then
				echo -n ' mountd'

				case ${weak_mountd_authentication} in
				[Yy][Ee][Ss])
					mountd_flags="${mountd_flags} -n"
					;;
				esac

				mountd ${mountd_flags}

				case ${nfs_reserved_port_only} in
				[Yy][Ee][Ss])
					echo -n ' NFS on reserved port only=YES'
					sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
					;;
				esac

				echo -n ' nfsd';	nfsd ${nfs_server_flags}

				case ${rpc_statd_enable} in
				[Yy][Ee][Ss])
					echo -n ' rpc.statd';	rpc.statd
					;;
				esac

				case ${rpc_lockd_enable} in
				[Yy][Ee][Ss])
					echo -n ' rpc.lockd';	rpc.lockd
					;;
				esac
			else
				echo -n ' Warning: nfs server failed'
			fi
			;;
		*)
			case ${single_mountd_enable} in
			[Yy][Ee][Ss])
				if [ -r /etc/exports ]; then
					echo -n ' mountd'

					case ${weak_mountd_authentication} in
					[Yy][Ee][Ss])
						mountd_flags="-n"
						;;
					esac

					mountd ${mountd_flags}
				fi
				;;
			esac
			;;
		esac

		case ${nfs_client_enable} in
		[Yy][Ee][Ss])
			nfsclient_in_kernel=0
			# Handle absent nfs client support
			if sysctl vfs.nfs >/dev/null 2>&1; then
				nfsclient_in_kernel=1
			else
				kldload nfsclient && nfsclient_in_kernel=1
			fi

			if [ ${nfsclient_in_kernel} -eq 1 ]
			then
				if [ -n "${nfs_access_cache}" ]; then
					echo -n " NFS access cache time=${nfs_access_cache}"
					sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
				fi
				if [ -n "${nfs_bufpackets}" ]; then
					sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
				fi
				case ${rpc_statd_enable} in
				[Yy][Ee][Ss])
					echo -n ' rpc.statd';	rpc.statd
					;;
				esac

				case ${rpc_lockd_enable} in
				[Yy][Ee][Ss])
					echo -n ' rpc.lockd';	rpc.lockd
					;;
				esac

				case ${amd_enable} in
				[Yy][Ee][Ss])
					echo -n ' amd'
					case ${amd_map_program} in
					[Nn][Oo] | '')
						;;
					*)
						amd_flags="${amd_flags} `eval\
							${amd_map_program}`"
						;;
					esac

					case "${amd_flags}" in
					'')
						if [ -r /etc/amd.conf ]; then
							amd &
						else
							echo ''
			echo 'Warning: amd will not load without arguments'
						fi
						;;
					*)
						amd -p ${amd_flags} \
							 >/var/run/amd.pid \
							2>/dev/null &
						;;
					esac
					;;
				esac
			else
				echo 'Warning: NFS client kernel module failed to load'
				nfs_client_enable=NO
			fi
			;;
		esac

		# If /var/db/mounttab exists, some nfs-server has not been
		# successfully notified about a previous client shutdown.
		# If there is no /var/db/mounttab, we do nothing.
		if [ -f /var/db/mounttab ]; then
			rpc.umntall -k
		fi

		;;
	esac

	case ${rwhod_enable} in
	[Yy][Ee][Ss])
		echo -n ' rwhod';	rwhod ${rwhod_flags}
		;;
	esac

	# Kerberos servers run ONLY on the Kerberos server machine
	case ${kerberos4_server_enable} in
	[Yy][Ee][Ss])
		case ${kerberos_stash} in
		[Yy][Ee][Ss])
			stash=-n
			;;
		*)
			stash=
			;;
		esac

		echo -n ' kerberosIV'
		${kerberos4_server} ${stash} >> /var/log/kerberos.log &

		case ${kadmind4_server_enable} in
		[Yy][Ee][Ss])
			echo -n ' kadmindIV'
			(
				sleep 20;
				${kadmind4_server} ${stash} >/dev/null 2>&1 &
			) &
			;;
		esac
		unset stash_flag
		;;
	esac

	case ${kerberos5_server_enable} in
	[Yy][Ee][Ss])
		echo -n ' kerberos5'
		${kerberos5_server} &

		case ${kadmind5_server_enable} in
		[Yy][Ee][Ss])
			echo -n ' kadmind5'
			${kadmind5_server} &
			;;
		esac
		;;
	esac

	case ${pppoed_enable} in
	[Yy][Ee][Ss])
		if [ -n "${pppoed_provider}" ]; then
			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
		fi
		echo -n ' pppoed';
		_opts=$-; set -f
		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
		set +f; set -${_opts}
		;;
	esac

	case ${sshd_enable} in
	[Yy][Ee][Ss])
		if [ -x /usr/bin/ssh-keygen ]; then
			if [ ! -f /etc/ssh/ssh_host_key ]; then
				echo ' creating ssh1 RSA host key';
				/usr/bin/ssh-keygen -t rsa1 -N "" \
					-f /etc/ssh/ssh_host_key
			fi
			if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
				echo ' creating ssh2 RSA host key';
				/usr/bin/ssh-keygen -t rsa -N "" \
					-f /etc/ssh/ssh_host_rsa_key
			fi
			if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
				echo ' creating ssh2 DSA host key';
				/usr/bin/ssh-keygen -t dsa -N "" \
					-f /etc/ssh/ssh_host_dsa_key
			fi
		fi
		;;
	esac

	echo '.'
	network_pass3_done=YES
}

network_pass4() {
	echo -n 'Additional TCP options:'
	case ${log_in_vain} in
	[Nn][Oo] | '')
		log_in_vain=0
		;;
	[Yy][Ee][Ss])
		log_in_vain=1
		;;
	[0-9]*)
		;;
	*)
		echo " invalid log_in_vain setting: ${log_in_vain}"
		log_in_vain=0
		;;
	esac

	[ "${log_in_vain}" -ne 0 ] && (
	    echo -n " log_in_vain=${log_in_vain}"
	    sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
	    sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
	)
	echo '.'
	network_pass4_done=YES
}

network_gif_setup() {
	case ${gif_interfaces} in
	[Nn][Oo] | '')
		;;
	*)
		for i in ${gif_interfaces}; do
			eval peers=\$gifconfig_$i
			case ${peers} in
			'')
				continue
				;;
			*)
				ifconfig $i create >/dev/null 2>&1
				ifconfig $i tunnel ${peers}
				;;
			esac
		done
		;;
	esac
}

convert_host_conf() {
    host_conf=$1; shift;
    nsswitch_conf=$1; shift;
    awk '                                                                   \
        /^[:blank:]*#/       { next }                                       \
        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
        /nis/                { nsswitch[c] = "nis";   c++; next }           \
        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
        END {                                                               \
                printf "hosts: ";                                           \
                for (i in nsswitch) printf "%s ", nsswitch[i];              \
                printf "\n";                                                \
        }' < $host_conf > $nsswitch_conf
}
d6 30
a35 29
generate_host_conf() {
    nsswitch_conf=$1; shift;
    host_conf=$1; shift;
    
    awk '
BEGIN {
    xlat["files"] = "hosts";
    xlat["dns"] = "bind";
    xlat["nis"] = "nis";
    cont = 0;
}
sub(/^[\t ]*hosts:/, "") || cont {
    if (!cont)
	srcs = ""
    sub(/#.*/, "")
    gsub(/[][]/, " & ")
    cont = sub(/\\$/, "")
    srcs = srcs " " $0
}
END {
    print "# Auto-generated from nsswitch.conf, do not edit"
    ns = split(srcs, s)
    for (n = 1; n <= ns; ++n) {
        if (s[n] in xlat)
            print xlat[s[n]]
    }
}
' <$nsswitch_conf >$host_conf
}
@


1.133
log
@Since sshd expects /etc/ssh/ssh_host_rsa_key to exist, we had better
create it.  Also specify protocol v1/v2 in case people wonder why we
generate two RSA keys.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.132 2002/04/01 18:33:45 dougb Exp $
d856 1
a856 1
				echo ' creating ssh protocol v1 RSA host key';
d860 5
d866 1
a866 1
				echo ' creating ssh protocol v2 DSA host key';
a868 5
			fi
			if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
				echo ' creating ssh protocol v2 RSA host key';
				/usr/bin/ssh-keygen -t rsa -N "" \
					-f /etc/ssh/ssh_host_rsa_key
@


1.132
log
@The good news is that my initial PR was correct... the bad news is that I
was apparently smoking something when I committed the last fix, because as
ume was kindly enough to set me straight on, amd *will* start with no
arguments at all, as long as there is an /etc/amd.conf file for it to
read. What it won't do is start with *just* -p.

In any case, now it's fixed.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.131 2002/03/19 03:45:02 des Exp $
d856 2
a857 2
				echo ' creating ssh RSA host key';
				/usr/bin/ssh-keygen -trsa1 -N "" \
d861 2
a862 2
				echo ' creating ssh DSA host key';
				/usr/bin/ssh-keygen -tdsa -N "" \
d864 5
@


1.131
log
@Don't try to generate ssh keys if ssh isn't installed.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.130 2002/03/19 01:56:04 cjc Exp $
d760 4
a763 1
						echo ''
d765 1
@


1.130
log
@IPFilter may need to be re-sync'ed even if we are not filtering, but
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.

Submitted by:	devet@@devet.org (Arjan de Vet)
MFC after:	3 days
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.129 2002/03/17 07:35:51 dougb Exp $
d850 11
a860 7
		if [ ! -f /etc/ssh/ssh_host_key ]; then
			echo ' creating ssh RSA host key';
			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
		fi
		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
			echo ' creating ssh DSA host key';
			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
@


1.129
log
@Answer the question posed in 1.126. amd won't start without either a
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)

PR:		conf/12432
Submitted by:	Me
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.128 2002/03/12 20:25:25 cjc Exp $
d88 1
d302 1
a302 1
	case ${ipfilter_enable} in
d307 1
@


1.128
log
@The reload of ipf(8) rules should depend on $ipfilter_enable, not
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).

MFC after:	3 days
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.127 2002/03/12 01:04:35 obrien Exp $
d756 11
a766 2
					amd -p ${amd_flags} > /var/run/amd.pid \
						2> /dev/null &
@


1.127
log
@Background the startup of `Amd', it often blocks on startup.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.126 2002/03/12 01:01:53 obrien Exp $
d301 1
a301 1
	case ${ipfilter_active} in
a305 1
	unset ipfilter_active
@


1.126
log
@Why shouldn't amd always write its PID to a file?
Since I cannot answer that question, make it.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.125 2002/03/04 10:30:24 dd Exp $
d757 2
a758 2
					amd -p ${amd_flags}\
						> /var/run/amd.pid 2> /dev/null
@


1.125
log
@Redirect stdout of `ipf -y' to /dev/null.  This removes a stray
"filter sync'd" in the middle of the boot output if IPFilter is
enabled, but does not hide any potential errors, which go to stderr.
@
text
@d27 1
a27 1
# $FreeBSD$
d757 2
a758 6
					if [ -n "${amd_flags}" ]; then
						amd -p ${amd_flags}\
							> /var/run/amd.pid 2> /dev/null
					else
						amd 2> /dev/null
					fi
@


1.124
log
@There is no reason to demand the administrator set 'natd_interface'
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'

Fix the documentation, rc.conf(5), to reflect this change.

Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.

MFC after:	3 days
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.123 2002/02/08 13:25:33 cjc Exp $
d303 1
a303 1
		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
@


1.123
log
@peter points out that we probably should not mess with the sysctl(8)
values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.

If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.122 2002/01/28 11:06:02 sheldonh Exp $
d347 2
a348 2
							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
							natd_ifarg="-a ${natd_interface}"
d350 1
a350 1
							natd_ifarg="-n ${natd_interface}"
a351 2

						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
d353 1
@


1.122
log
@(forced commit)

The previous change is subject to:

MFC after:	1 month
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.121 2002/01/28 11:05:01 sheldonh Exp $
d877 5
a881 4
	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null

@


1.121
log
@Register amd's dependency on NFS.

This change was submitted to the freebsd-audit mailing list for review
but received no feedback.  Hindsight-enabled reviews are welcome.

PR:		conf/31358
Submitted:	Thomas Quinot <thomas@@cuivre.fr.eu.org>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.120 2002/01/26 09:04:58 cjc Exp $
@


1.120
log
@Make the rc.conf(5) 'log_in_vain' knob an integer.

Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).

PR:		bin/32953
Reviewed by:	-bugs discussion
MFC after:	1 week
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.119 2001/12/13 04:21:18 alfred Exp $
d717 6
a722 3
			if [ -n "${nfs_access_cache}" ]; then
				echo -n " NFS access cache time=${nfs_access_cache}"
				sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
d724 45
a768 2
			if [ -n "${nfs_bufpackets}" ]; then
				sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
a769 11
			case ${rpc_statd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.statd';	rpc.statd
				;;
			esac

			case ${rpc_lockd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.lockd';	rpc.lockd
				;;
			esac
a779 20
		case ${amd_enable} in
		[Yy][Ee][Ss])
			echo -n ' amd'
			case ${amd_map_program} in
			[Nn][Oo] | '')
				;;
			*)
				amd_flags="${amd_flags} `eval\
					${amd_map_program}`"
				;;
			esac

			if [ -n "${amd_flags}" ]; then
				amd -p ${amd_flags}\
					> /var/run/amd.pid 2> /dev/null
			else
				amd 2> /dev/null
			fi
			;;
		esac
@


1.119
log
@rpc.lockd needs rpc.statd to be running for it to start up properly.
so swap the order.

Also allow rpc.lockd and rpc.statd to be turned on if nfsclient is
enabled.  They are needed to provide client side locking support.

PR: conf/27811
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.118 2001/12/11 08:21:45 ru Exp $
d849 6
d857 2
a858 3
		echo -n ' log_in_vain=YES'
		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
		sysctl net.inet.udp.log_in_vain=1 >/dev/null
d861 4
@


1.118
log
@s/sysctl -w/sysctl/
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.117 2001/12/07 17:03:14 rwatson Exp $
d681 1
a681 1
				case ${rpc_lockd_enable} in
d683 1
a683 1
					echo -n ' rpc.lockd';	rpc.lockd
d687 1
a687 1
				case ${rpc_statd_enable} in
d689 1
a689 1
					echo -n ' rpc.statd';	rpc.statd
d724 11
@


1.117
log
@o Update rc.network to reflect the recent change of default in the
  kernel TCP timer code: rather than checking for tcp_keepalive being
  set to "YES", check for "NO" and turn off keepalives if the variable
  is set in that manner.

o Note: eventually, it would make sense to remove this variable from
  rc.conf management, and instead rely on sysctl.conf.  In fact, this
  is probably true of a number of rc.conf variables whose sole aim
  is to drive the setting of sysctls at boot time.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.116 2001/12/06 09:34:44 cjc Exp $
d369 1
a369 1
				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
d412 1
a412 1
		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
d419 1
a419 1
		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
d426 1
a426 1
		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
d433 1
a433 1
		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
d440 1
a440 1
		sysctl -w net.inet.ip.forwarding=1 >/dev/null
d447 1
a447 1
		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
d454 1
a454 1
		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
d461 1
a461 1
		sysctl -w net.inet.tcp.always_keepalive=0 >/dev/null
d468 1
a468 1
		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
d475 1
a475 1
		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
d482 1
a482 1
		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
d491 1
a491 1
		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
d500 1
a500 1
		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
d675 1
a675 1
					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
d719 1
a719 1
				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
d722 1
a722 1
				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
d841 2
a842 2
		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
@


1.116
log
@Protect the '*' in pppoed_provider (the default) from metacharacter
expansion in the rc-scripts.

PR:		32552
Submitted by:	Gleb Smirnoff <glebius@@rinet.ru>
Approved by:	ru
Obtained from:	ru
MFC after:	1 day
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.115 2001/11/24 23:41:32 dd Exp $
d459 3
a461 3
	[Yy][Ee][Ss])
		echo -n ' TCP keepalive=YES'
		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
@


1.115
log
@Spelling police: sucessful -> successful.
@
text
@d27 1
a27 1
# $FreeBSD$
d811 1
d813 1
@


1.114
log
@(Forced commit to list actual problems fixed / PRs affected).

Overview of problems fixed:

- fix support for saving and restoring filter/NAT state information
  (across reboots for example);

- ipmon(8) is started before loading any filter/NAT rules;

- ipmon(8) and ipfs(8) do not solely depend on ipfilter_enable anymore,
  they now also work when only ipnat_enable is true;

- the multiple occurrences of code loading the ipfilter kernel module
  have been removed;

- the options have been removed from the _program variables in
  defaults/rc.conf and the comments in that file have been updated to
  reflect (possibly new) reality;

- the rc.conf.5 manual page has been updated to reflect the changes.

Submitted by:	Arjan de Vet <devet@@devet.org>
PR:		conf/25223, kern/25344, conf/25809,
		conf/26275, bin/27016, conf/31482
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.113 2001/11/24 13:48:30 darrenr Exp $
d728 1
a728 1
		# sucessfully notified about a previous client shutdown.
@


1.113
log
@Resolve all the ipfilter startup issues in rc.network with one big patch
to get it all right, allowing ipnat to be enabled independantly of ipfilter
in rc.conf (among other things).

PR:		multiple
Submitted by:	Arjan de Vet <devet@@devet.org>
Reviewed by:	Giorgos Keramidas <keramida@@FreeBSD.org>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.112 2001/11/14 06:35:43 sheldonh Exp $
@


1.112
log
@Avoid unnecessary calls to expr(1) by using standard shell arithmetic
expansion instead.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.111 2001/11/07 00:33:56 fenner Exp $
a65 6
	#
	if /sbin/ipfstat -i > /dev/null 2>&1; then
		ipfilter_in_kernel=1
	else
		ipfilter_in_kernel=0
	fi
d67 3
a69 1
	case "${ipfilter_enable}" in
d71 7
a77 30
		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
			ipfilter_in_kernel=1
			echo "Kernel ipfilter module loaded."
		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
			echo "Warning: ipfilter kernel module failed to load."
		fi

		if [ -r "${ipfilter_rules}" ]; then
			echo -n ' ipfilter';
			${ipfilter_program:-/sbin/ipf -Fa -f} \
			    "${ipfilter_rules}" ${ipfilter_flags}
			case "${ipmon_enable}" in
			[Yy][Ee][Ss])
				echo -n ' ipmon'
				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
				;;
			esac
			case "${ipfs_enable}" in
			[Yy][Ee][Ss])
				if [ -r "/var/db/ipf/ipstate.ipf" ]; then
					echo -n ' ipfs';
					eval ${ipfs_program:-/sbin/ipfs -R} \
						${ipfs_flags}
				fi
				;;
			esac
		else
			ipfilter_enable="NO"
			echo -n ' NO IPF RULES'
		fi
d79 1
a79 1
	case "${ipnat_enable}" in
d81 12
a92 12
		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
			ipfilter_in_kernel=1
			echo "Kernel ipfilter module loaded."
		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
			echo "Warning: ipfilter kernel module failed to load."
		fi
		if [ -r "${ipnat_rules}" ]; then
			echo -n ' ipnat';
		eval ${ipnat_program:-/sbin/ipnat -CF -f} \
			"${ipnat_rules}" ${ipnat_flags}
		else
			echo -n ' NO IPNAT RULES'
d94 44
d299 1
a299 1
	# Re-Sync ipfilter
d301 1
a301 1
	case ${ipfilter_enable} in
d303 1
a303 1
		${ipfilter_program:-/sbin/ipf -y}
a304 6
	*)
		case ${ipnat_enable} in
		[Yy][Ee][Ss])
			${ipfilter_program:-/sbin/ipf -y}
			;;
		esac
d306 1
@


1.111
log
@Update the nsswitch.conf -> host.conf generator to handle criteria,
 continuation lines, extra whitespace, and to use the last matching
 line in the file.  This syncs the host.conf generation with how
 the nsswitch.conf is parsed.
Only print " host.conf" instead of a multi-line message, since this
 happens on every boot.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.110 2001/11/01 12:39:01 des Exp $
d221 1
a221 1
				alias=`expr ${alias} + 1`
@


1.110
log
@Modify the way host.conf and nsswitch.conf are treated at boot time:

 - if nsswitch.conf exists, host.conf is auto-generated for compatibility
   with legacy applications and libraries.

 - if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto-
   generated as usual.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.109 2001/10/20 04:46:32 darrenr Exp $
d44 1
a44 2
	        echo ''
		echo 'Generating /etc/host.conf for compatibility'
d882 1
d884 7
a890 6
/^hosts:/ {
    print "# Auto-generated, do not edit";
    for (n = 2; n <= NF; ++n)
        if ($n in xlat)
            print xlat[$n];
    quit;
d892 7
a898 2
// {
    next;
@


1.109
log
@Do an ipf -y after bringing up ppp to ensure rules which mention ppp get
matched.  Moification on PR to handle ipnat not being dependant on
ipfilter_enable

PR:	22859
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.108 2001/10/20 04:41:47 darrenr Exp $
d41 8
d50 2
a51 1
	if [ -f "/etc/host.conf" ]; then
d54 2
a55 6
		if [ -f "/etc/nsswitch.conf" ]; then
		    echo '  /etc/nsswitch.conf will be used instead'
		else
		    echo '  /etc/nsswitch.conf will be created for you'
		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
		fi
d874 22
@


1.108
log
@Allow ipnat_enable to be set to "yes" without requiring ipfiltre_enable to
be set to "yes"

PR:		25223
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.107 2001/10/20 04:32:57 darrenr Exp $
d276 14
@


1.107
log
@Put in place for using ipfs use on shutdown and startup.

PR:		27070
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.106 2001/10/19 06:50:52 dougb Exp $
a87 11
			case "${ipnat_enable}" in
			[Yy][Ee][Ss])
				if [ -r "${ipnat_rules}" ]; then
					echo -n ' ipnat';
				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
					"${ipnat_rules}" ${ipnat_flags}
				else
					echo -n ' NO IPNAT RULES'
				fi
				;;
			esac
d100 16
@


1.106
log
@Handle the lack of nfs server or client support in the kernel by
kldload'ing the appropriate modules before enabling the service.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.105 2001/10/10 20:36:51 jhb Exp $
d96 9
@


1.105
log
@Remove references to nfsiod and nfs_client_flags now that they are
obsolete.

Submitted by:	Gordon Tetlow <gordont@@gnf.org>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.104 2001/09/19 21:27:18 brooks Exp $
d608 10
a617 1
			if [ -r /etc/exports ]; then
d648 2
@


1.104
log
@Add a new rc.conf variable, cloned_interfaces, to create cloned
interfaces at boot.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.103 2001/09/19 00:22:26 peter Exp $
a661 1
			#echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
@


1.103
log
@The vfs.nfs.bufpackets sysctl is in the client, not the server.  Move it
to the client section.  Turn off nfsiod, it no longer exists (now just
kthreads).  I need revisit nfsiod so that we have an argument passthrough.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.102 2001/07/30 23:12:02 darrenr Exp $
d130 5
d159 3
d806 2
a807 1
				ifconfig $i create tunnel ${peers}
@


1.102
log
@Merge in patch to automagically decide whether or not a kldload of ipfilter
is required into rc.network.

Person failed to use a real name so both email addresses from PR included
(Sent was different to From).

PR:		22998
Submitted by:	dl@@leo.org/spock@@empire.trek.org
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.101 2001/07/28 19:57:57 markm Exp $
d614 1
a614 1
					sysctl -w vfs.nfs.nfs_privport=1 > /dev/null
a619 4
				if [ -n "${nfs_bufpackets}" ]; then
					sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
				fi

d654 7
a660 4
			echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
				if [ -n "${nfs_access_cache}" ]; then
			echo -n " NFS access cache time=${nfs_access_cache}"
			sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
@


1.101
log
@Upgraded launchpad for kerberos. Noe kerberos IV OR kerberos 5
may be started at boot for kerberos servers.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.100 2001/07/02 21:08:48 brooks Exp $
d63 6
d71 7
@


1.100
log
@Create gif devices in the "gifconfig" stage while configuring them.

Reviewed by:	ru, ume
Obtained from:	NetBSD
MFC after:	1 week
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.99 2001/06/16 15:48:43 schweikh Exp $
d689 2
a690 2
	# Kerberos runs ONLY on the Kerberos server machine
	case ${kerberos_server_enable} in
d694 1
a694 1
			stash_flag=-n
d697 1
a697 1
			stash_flag=
d701 2
a702 2
		echo -n ' kerberos'
		kerberos ${stash_flag} >> /var/log/kerberos.log &
d704 1
a704 1
		case ${kadmind_server_enable} in
d706 5
a710 2
			echo -n ' kadmind'
			(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
d714 14
@


1.99
log
@Fix misindented esac.

MFC after:	1 week
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.98 2001/06/11 12:38:40 ume Exp $
d769 1
a769 1
				ifconfig $i tunnel ${peers}
@


1.98
log
@Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.97 2001/06/10 16:21:56 brian Exp $
d670 1
a670 1
		esac
@


1.97
log
@Add a missing \n

Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
PR:		28014
MFC after:	1 week
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.96 2001/06/03 12:26:56 brian Exp $
d769 1
a769 1
				gifconfig $i ${peers}
@


1.96
log
@Move gif_interfaces from an IP6 option to a regular IP option.

PR:		26543
Submitted by:	Brooks Davis <brooks@@one-eyed-alien.net>
MFC after:	3 weeks
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.95 2001/05/18 18:10:02 obrien Exp $
d238 1
a238 1
		echo -n "Starting ppp as \"${ppp_user}\""
@


1.95
log
@Restore the RSA host key to /etc/ssh/ssh_host_key.
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.94 2001/05/16 19:23:54 jesper Exp $
d132 3
d755 20
@


1.94
log
@Link /etc/ssh/ssh_host_key to /etc/ssh/ssh_host_rsa_key to deal with
gratutious changes in the latest SSH

Reviewed by:	obrien
Approved by:	obrien
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.93 2001/05/09 07:46:44 peter Exp $
d723 3
a725 8
		if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
			if [ -f /etc/ssh/ssh_host_key ]; then
				/bin/ln -s /etc/ssh/ssh_host_key /etc/ssh/ssh_host_rsa_key
				/bin/ln -s /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_rsa_key.pub
			else
				echo ' creating ssh RSA host key';
				/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_rsa_key
			fi
@


1.93
log
@s/ssh_host_key/ssh_host_rsa_key/ since that is what openssh uses now
after a mergemaster.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.92 2001/03/19 22:07:30 des Exp $
d724 7
a730 2
			echo ' creating ssh RSA host key';
			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_rsa_key
@


1.92
log
@Axe TCP_RESTRICT_RST. It was never a particularly good idea except for a few
very specific scenarios, and now that we have had net.inet.tcp.blackhole for
quite some time there is really no reason to use it any more.

(second of three commits)
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.91 2001/03/19 12:49:45 alfred Exp $
d723 1
a723 1
		if [ ! -f /etc/ssh/ssh_host_key ]; then
d725 1
a725 1
			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
@


1.91
log
@Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

  Bring in required TLI library routines to support this.

  Since we don't support TLI we've essentially copied what NetBSD
  has done, adding a thin layer to emulate direct the TLI calls
  into BSD socket calls.

  This is mostly from Sun's tirpc release that was made in 1994,
  however some fixes were backported from the 1999 release (supposedly
  only made available after this porting effort was underway).

  The submitter has agreed to continue on and bring us up to the
  1999 release.

  Several key features are introduced with this update:
    Client calls are thread safe. (1999 code has server side thread
    safe)
    Updated, a more modern interface.

  Many userland updates were done to bring the code up to par with
  the recent RPC API.

  There is an update to the pthreads library, a function
  pthread_main_np() was added to emulate a function of Sun's threads
  library.

  While we're at it, bring in NetBSD's lockd, it's been far too
  long of a wait.

  New rpcbind(8) replaces portmap(8) (supporting communication over
  an authenticated Unix-domain socket, and by default only allowing
  set and unset requests over that channel). It's much more secure
  than the old portmapper.

  Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
  to support TI-RPC and to support IPV6.

  Umount(8) is also fixed to unmount pathnames longer than 80 chars,
  which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.90 2000/12/17 22:14:49 dougb Exp $
a393 7
		;;
	esac

	case ${tcp_restrict_rst} in
	[Yy][Ee][Ss])
		echo -n ' restrict TCP reset=YES'
		sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
@


1.90
log
@* Add an eval so that ipnat_flags=">/dev/null" works, per the PR
* Do some line length and specify full path cleanups while I'm here

PR:				conf/22937
Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.89 2000/12/17 08:15:57 dougb Exp $
d517 16
a532 3
		echo -n ' portmap';	${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
		;;
	esac
d534 8
a541 6
	# Start ypserv if we're an NIS server.
	# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
	#
	case ${nis_server_enable} in
	[Yy][Ee][Ss])
		echo -n ' ypserv'; ypserv ${nis_server_flags}
d543 3
a545 1
		case ${nis_ypxfrd_enable} in
d547 6
a552 2
			echo -n ' rpc.ypxfrd'
			rpc.ypxfrd ${nis_ypxfrd_flags}
d556 3
a558 1
		case ${nis_yppasswdd_enable} in
d560 1
a560 2
			echo -n ' rpc.yppasswdd'
			rpc.yppasswdd ${nis_yppasswdd_flags}
a562 2
		;;
	esac
d564 4
a567 6
	# Start ypbind if we're an NIS client
	#
	case ${nis_client_enable} in
	[Yy][Ee][Ss])
		echo -n ' ypbind'; ypbind ${nis_client_flags}
		case ${nis_ypset_enable} in
d569 1
a569 1
			echo -n ' ypset';	ypset ${nis_ypset_flags}
a574 16
	# Start keyserv if we are running Secure RPC
	#
	case ${keyserv_enable} in
	[Yy][Ee][Ss])
		echo -n ' keyserv';	keyserv ${keyserv_flags}
		;;
	esac

	# Start ypupdated if we are running Secure RPC and we are NIS master
	#
	case ${rpc_ypupdated_enable} in
	[Yy][Ee][Ss])
		echo -n ' rpc.ypupdated';	rpc.ypupdated
		;;
	esac

d587 1
a587 1
	case ${nfs_server_enable} in
d589 4
a592 2
		if [ -r /etc/exports ]; then
			echo -n ' mountd'
d594 14
a607 5
			case ${weak_mountd_authentication} in
			[Yy][Ee][Ss])
				mountd_flags="${mountd_flags} -n"
				;;
			esac
d609 1
a609 1
			mountd ${mountd_flags}
d611 3
a613 6
			case ${nfs_reserved_port_only} in
			[Yy][Ee][Ss])
				echo -n ' NFS on reserved port only=YES'
				sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
				;;
			esac
d615 5
a619 1
			echo -n ' nfsd';	nfsd ${nfs_server_flags}
d621 5
a625 3
			if [ -n "${nfs_bufpackets}" ]; then
				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
					> /dev/null
d627 6
d634 8
a641 3
			case ${rpc_lockd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.lockd';	rpc.lockd
d644 2
d647 1
a647 9
			case ${rpc_statd_enable} in
			[Yy][Ee][Ss])
				echo -n ' rpc.statd';	rpc.statd
				;;
			esac
		fi
		;;
	*)
		case ${single_mountd_enable} in
d649 4
a652 10
			if [ -r /etc/exports ]; then
				echo -n ' mountd'

				case ${weak_mountd_authentication} in
				[Yy][Ee][Ss])
					mountd_flags="-n"
					;;
				esac

				mountd ${mountd_flags}
a655 2
		;;
	esac
d657 5
a661 7
	case ${nfs_client_enable} in
	[Yy][Ee][Ss])
		echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
		if [ -n "${nfs_access_cache}" ]; then
		echo -n " NFS access cache time=${nfs_access_cache}"
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
			>/dev/null
a662 2
		;;
	esac
d664 11
a674 6
	# If /var/db/mounttab exists, some nfs-server has not been
	# sucessfully notified about a previous client shutdown.
	# If there is no /var/db/mounttab, we do nothing.
	if [ -f /var/db/mounttab ]; then
		rpc.umntall -k
	fi
d676 6
a681 8
	case ${amd_enable} in
	[Yy][Ee][Ss])
		echo -n ' amd'
		case ${amd_map_program} in
		[Nn][Oo] | '')
			;;
		*)
			amd_flags="${amd_flags} `eval ${amd_map_program}`"
a683 6

		if [ -n "${amd_flags}" ]; then
			amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
		else
			amd 2> /dev/null
		fi
@


1.89
log
@Apply a more consistent style to the echo statements in /etc/ scripts.
* Put quotes around each line
* Single quotes for lines with no variable interpolation
* Double quotes if there is
* Capitalize each word that begins a line
* Make echo -n 'Doing foo:' ... echo '.' more of a standard

No functionality changes
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.88 2000/10/12 11:25:57 ru Exp $
d67 2
a68 1
			${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags}
d72 1
a72 1
				${ipmon_program:-ipmon} ${ipmon_flags}
d79 2
a80 1
					${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags}
@


1.88
log
@Fixed the reporting of ip_portrange_{first|last}.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.87 2000/10/08 19:18:24 obrien Exp $
d43 2
a44 2
		echo ""
		echo "Warning: /etc/host.conf is no longer used"
d46 1
a46 1
		    echo "  /etc/nsswitch.conf will be used instead"
d48 1
a48 1
		    echo "  /etc/nsswitch.conf will be created for you"
d250 1
a250 1
			echo "Kernel firewall module loaded."
d252 1
a252 1
			echo "Warning: firewall kernel module failed to load."
d291 3
a293 3
				echo -n "Warning: kernel has firewall functionality, "
				echo "but firewall rules are not enabled."
				echo "		 All ip services are disabled."
d454 1
a454 1
	echo -n 'routing daemons:'
@


1.87
log
@Add copyright notices.  Other systems have been barrowing our /etc files
w/o giving any credit.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.86 2000/10/06 12:24:45 darrenr Exp $
d427 1
a427 1
		echo -n ' ip_portrange_first=$ip_portrange_first'
d436 1
a436 1
		echo -n ' ip_portrange_last=$ip_portrange_last'
@


1.86
log
@This brings support for IP Filter into rc.network and rc.conf with
the appropriate documentation added to rc.conf(5).  If all goes well
with this over the next few weeks, the PR will be closed with the
pullup of patches back to 4-STABLE.

PR:		20202
Submitted by:	Gerhard Sittig <Gerhard.Sittig@@gmx.net>
Reviewed by:	Darren Reed <darrenr@@freebsd.org>
Approved by:	Darren Reed <darrenr@@freebsd.org>
Obtained from:	Gerhard Sittig <Gerhard.Sittig@@gmx.net>
@
text
@d3 25
a27 1
# $FreeBSD: src/etc/rc.network,v 1.85 2000/09/28 05:43:44 brian Exp $
d29 1
@


1.85
log
@Use su -m instead of just su to avoid reading the users login profile
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.84 2000/09/06 18:16:32 nectar Exp $
d34 31
@


1.84
log
@Add nsswitch support.  By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.

= Hesiod has been added to libc (see hesiod(3)).

= A library routine for parsing nsswitch.conf and invoking callback
  functions as specified has been added to libc (see nsdispatch(3)).

= The following C library functions have been modified to use nsdispatch:
    . getgrent, getgrnam, getgrgid
    . getpwent, getpwnam, getpwuid
    . getusershell
    . getaddrinfo
    . gethostbyname, gethostbyname2, gethostbyaddr
    . getnetbyname, getnetbyaddr
    . getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr

= host.conf has been removed from src/etc.  rc.network has been modified
  to warn that host.conf is no longer used at boot time.  In addition, if
  there is a host.conf but no nsswitch.conf, the latter is created at boot
  time from the former.

Obtained from:	NetBSD
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.83 2000/08/16 23:08:28 jhb Exp $
d178 1
a178 1
		su ${ppp_user} -c "exec ${ppp_command}"
@


1.83
log
@Fix a whitespace bogon.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.82 2000/08/10 00:12:53 brian Exp $
d16 12
d696 17
@


1.82
log
@Allow a ppp_user specification to run ppp at startup

PR:		20258
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.81 2000/07/14 13:03:36 nbm Exp $
d366 1
a366 1
	    ;;
@


1.81
log
@Add to, don't overwrite, user-settable mountd_flags.

PR:		conf/15745
Submitted by:	Vivek Khera <khera@@kciLink.com>
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.80 2000/06/22 17:40:52 dillon Exp $
d141 1
a141 1
	# Warm up user ppp if required, must happen before natd.
d150 1
a150 1
			ppp_mode="auto";
d153 1
a153 1
		ppp_command="-${ppp_mode} ";
d155 1
a155 1
		# Switch on alias mode?
d159 1
a159 1
			ppp_command="${ppp_command} -nat";
d163 4
a166 1
		echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
a171 2
	echo ''

@


1.80
log
@    Add ip_portrange_first and ip_portrange_last rc.conf/rc.network
    options.  This allows you to set the standard dynamic port
    assignment range prior to any network daemons (like named) starting
    up, necessary if you are also using a firewall to restrict lower ports.
    will be MFC'd in a few days
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.79 2000/05/16 06:52:11 dillon Exp $
d521 1
a521 1
				mountd_flags="-n"
@


1.79
log
@    Add ipsec_enable and ipsec_file options to run IPSEC's setkey program
    with the specified configuration file at the appropriate time.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.78 2000/05/15 19:56:59 kris Exp $
d353 19
@


1.78
log
@Remove extraneous ";;" in previous commit

Submitted by:	jedgar
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.77 2000/05/15 05:40:26 kris Exp $
d354 11
@


1.77
log
@Create a DSA host key if one does not already exist, and teach sshd_config
about it.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.76 2000/05/06 17:18:14 ache Exp $
a626 1
		;;
@


1.76
log
@Add firewall_logging knob to enable/disablle events logging, disabled
by default. Needed mainly for ipfw kernel module to enable logging
disabled there.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.75 2000/03/27 21:38:32 dillon Exp $
d624 1
a624 1
			echo ' creating ssh host key';
d626 5
@


1.75
log
@    Add a sysctl to specify the amount of UDP receive space NFS should
    reserve, in maximal NFS packets.  Originally only 2 packets worth of
    space was reserved.  The default is now 4, which appears to greatly
    improve performance for slow to mid-speed machines on gigabit networks.

    Add documentation and correct some prior documentation.

Problem Researched by: Andrew Gallatin <gallatin@@cs.duke.edu>
Approved by: jkh
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74 2000/02/29 12:53:28 jkh Exp $
d226 10
@


1.74
log
@cosmetic fix - add a space.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.73 2000/02/28 19:54:06 markm Exp $
d495 5
@


1.74.2.1
log
@    MFC rc.network 1.75, rc.conf 1.55, rc.conf.5 1.65, nfs_socket.c 1.61.
    Add sysctl and increase default receive udp buffer size from 2 to 4
    packets to improve client-side gigabit network performance.

Approved by: jkh
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74 2000/02/29 12:53:28 jkh Exp $
a494 5

			if [ -n "${nfs_bufpackets}" ]; then
				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
					> /dev/null
			fi
@


1.74.2.2
log
@MFC: Create DSA key at boot if it doesn't exist
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.1 2000/03/27 21:39:49 dillon Exp $
d614 1
a614 1
			echo ' creating ssh RSA host key';
a615 4
		fi
		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
			echo ' creating ssh DSA host key';
			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
@


1.74.2.3
log
@    MFC from -current

    Add rc.conf variables for ip_portraneg_first, ip_portrange_last, and
    ipsec_enable (specifies file).  These items must be handled before
    any daemons are started or, for example, named might use too low
    a port for your fireall.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.2 2000/06/09 07:25:15 kris Exp $
a342 19

	case ${ip_portrange_first} in
	[Nn][Oo] | '')
		;;
	*)
		echo -n ' ip_portrange_first=$ip_portrange_first'
		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
		;;
	esac

	case ${ip_portrange_last} in
	[Nn][Oo] | '')
	    ;;
	*)
	    echo -n ' ip_portrange_last=$ip_portrange_last'
	    sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
	    ;;
	esac

a343 11

	case ${ipsec_enable} in
	[Yy][Ee][Ss])
		if [ -f ${ipsec_file} ]; then
		    echo ' ipsec: enabled'
		    setkey -f ${ipsec_file}
		else
		    echo ' ipsec: file not found'
		fi
		;;
	esac
@


1.74.2.4
log
@MFC (1.81): Add to, don't overwrite, user-settable mountd_flags.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.3 2000/06/24 20:51:27 dillon Exp $
d511 1
a511 1
				mountd_flags="${mountd_flags} -n"
@


1.74.2.5
log
@MFC:
- firewall_enable knob
- ppp_user knob for ppp startup at boot
- cleanup whitespace bogons to minimize diff from current
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.4 2000/08/06 16:58:30 nbm Exp $
d141 1
a141 1
	# Start user ppp if required.  This must happen before natd.
d150 1
a150 1
			ppp_mode="auto"
d153 1
a153 1
		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
d155 1
a155 1
		# Switch on NAT mode?
d159 1
a159 1
			ppp_command="${ppp_command} -nat"
d163 1
a163 4
		ppp_command="${ppp_command} ${ppp_profile}"

		echo -n "Starting ppp as \"${ppp_user}\""
		su ${ppp_user} -c "exec ${ppp_command}"
d169 2
a225 10

			case ${firewall_logging} in
			[Yy][Ee][Ss] | '')
				echo 'Firewall logging=YES'
				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
				;;
			*)
				;;
			esac

d355 1
a355 1
		;;
d357 3
a359 3
		echo -n ' ip_portrange_last=$ip_portrange_last'
		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
		;;
@


1.74.2.6
log
@Note that in my previous commit, I MFC'd the firewall_logging option,
not the firewall_enable option.

Noticed by:	ru
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.5 2000/08/16 23:10:53 jhb Exp $
@


1.74.2.7
log
@MFC: Use ``su -m'' instead of just ``su'' when starting ppp.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.6 2000/08/17 06:55:34 jhb Exp $
d166 1
a166 1
		su -m ${ppp_user} -c "exec ${ppp_command}"
@


1.74.2.8
log
@MFC: (rev 1.88) fixed the reporting of ip_portrange_XXX settings.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.7 2000/10/09 20:18:52 brian Exp $
d359 1
a359 1
		echo -n " ip_portrange_first=$ip_portrange_first"
d368 1
a368 1
		echo -n " ip_portrange_last=$ip_portrange_last"
@


1.74.2.9
log
@MFC: Add copyright.
@
text
@d3 1
a3 25
# Copyright (c) 1993  The FreeBSD Project
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
a4 1
#
@


1.74.2.10
log
@MFC: This brings support for IP Filter into rc.network and rc.conf with
the appropriate documentation added to rc.conf(5).  This has been tested
in -current since Oct 6th.

Requested by:	Gerhard Sittig <Gerhard.Sittig@@gmx.net>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.9 2000/10/30 10:40:11 obrien Exp $
a46 31

	# Establish ipfilter ruleset as early as possible (best in
	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
	#
	case "${ipfilter_enable}" in
	[Yy][Ee][Ss])
		if [ -r "${ipfilter_rules}" ]; then
			echo -n ' ipfilter';
			${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags}
			case "${ipmon_enable}" in
			[Yy][Ee][Ss])
				echo -n ' ipmon'
				${ipmon_program:-ipmon} ${ipmon_flags}
				;;
			esac
			case "${ipnat_enable}" in
			[Yy][Ee][Ss])
				if [ -r "${ipnat_rules}" ]; then
					echo -n ' ipnat';
					${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags}
				else
					echo -n ' NO IPNAT RULES'
				fi
				;;
			esac
		else
			ipfilter_enable="NO"
			echo -n ' NO IPF RULES'
		fi
		;;
	esac
@


1.74.2.11
log
@MFC 1.90, ipf/ipnat related cleanups

PR:		conf/22937
Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.10 2000/11/11 20:33:39 jkh Exp $
d55 1
a55 2
			${ipfilter_program:-/sbin/ipf -Fa -f} \
			    "${ipfilter_rules}" ${ipfilter_flags}
d59 1
a59 1
				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
d66 1
a66 2
				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
					"${ipnat_rules}" ${ipnat_flags}
@


1.74.2.12
log
@MFC, Apply a more consistent style to the echo statements in /etc/ scripts.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.11 2001/01/14 08:21:07 dougb Exp $
d240 1
a240 1
			echo 'Kernel firewall module loaded'
d242 1
a242 1
			echo 'Warning: firewall kernel module failed to load'
d281 3
a283 3
				echo 'Warning: kernel has firewall functionality,' \
				     'but firewall rules are not enabled.'
				echo '		 All ip services are disabled.'
d444 1
a444 1
	echo -n 'Routing daemons:'
@


1.74.2.13
log
@MFC: add copyright notices
@
text
@d27 1
a27 26
# Copyright (c) 1993  The FreeBSD Project
# All rights reserved.
#
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD: src/etc/rc.network,v 1.74.2.12 2001/01/14 09:47:48 dougb Exp $
@


1.74.2.14
log
@I really did a number on adding the copyrights...
@
text
@d27 26
a52 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.13 2001/03/06 01:58:45 obrien Exp $
@


1.74.2.15
log
@MFC: Nuke the TCP_RESTRICT_RST option.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.14 2001/03/06 02:21:59 obrien Exp $
d382 7
@


1.74.2.16
log
@MFC: Add a missing \n
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.15 2001/06/09 16:18:12 des Exp $
d223 1
a223 1
		echo "Starting ppp as \"${ppp_user}\""
@


1.74.2.17
log
@MFC: Configure gif interfaces without requiring ipv6
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.16 2001/06/17 11:40:59 brian Exp $
a119 3
	# gifconfig
	network_gif_setup

a733 20
}

network_gif_setup() {
	case ${gif_interfaces} in
	[Nn][Oo] | '')
		;;
	*)
		for i in ${gif_interfaces}; do
			eval peers=\$gifconfig_$i
			case ${peers} in
			'')
				continue
				;;
			*)
				ifconfig $i tunnel ${peers}
				;;
			esac
		done
		;;
	esac
@


1.74.2.18
log
@ifconfig doesn't understand tunnel under 4-STABLE, yet.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.17 2001/06/23 23:33:14 brian Exp $
d751 1
a751 1
				gifconfig $i ${peers}
@


1.74.2.19
log
@MFC: Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

	etc/defaults/rc.conf:			1.111
	etc/rc.network:				1.98
	etc/rc.network6:			1.20
	lib/libipsec/ipsec_set_policy.3:	1.8
	lib/libipsec/ipsec_strerror.3:		1.7
	lib/libipsec/ipsec_strerror.c:		1.3
	lib/libipsec/ipsec_strerror.h:		1.3
	lib/libipsec/libpfkey.h:		1.2
	lib/libipsec/pfkey.c:			1.3
	lib/libipsec/pfkey_dump.c:		1.3
	lib/libipsec/policy_token.l:		1.5
	lib/libipsec/test-policy.c:		1.4
	sbin/ifconfig/ifconfig.8:		1.42
	sbin/ifconfig/ifconfig.c:		1.63
	sbin/ping6/ping6.8:			1.10
	sbin/ping6/ping6.c:			1.9
	sbin/route/route.c:			1.48, 1.50
	sbin/rtsol/Makefile:			1.4
	share/doc/IPv6/IMPLEMENTATION:		1.3
	share/examples/IPv6/USAGE:		1.3
	share/man/man4/faith.4:			1.10
	share/man/man4/gif.4:			1.9
	share/man/man4/inet6.4:			1.8
	share/man/man4/ip6.4:			1.8
	share/man/man4/ipsec.4:			1.9
	share/man/man4/kame.4:			1.8
	share/man/man4/stf.4:			1.8
	sys/conf/files:				1.534
	sys/crypto/md5.c:			1.4
	sys/crypto/sha1.c:			1.7
	sys/crypto/blowfish/bf_enc.c:		1.4
	sys/crypto/blowfish/bf_locl.h:		1.4
	sys/crypto/blowfish/bf_skey.c:		1.4
	sys/crypto/blowfish/blowfish.h:		1.4
	sys/crypto/cast128/cast128.c:		1.4
	sys/crypto/cast128/cast128.h:		1.4
	sys/crypto/des/des.h:			1.4
	sys/crypto/des/des_ecb.c:		1.4
	sys/crypto/des/des_locl.h:		1.5
	sys/crypto/des/des_setkey.c:		1.4
	sys/crypto/rijndael/boxes-fst.dat:	1.2
	sys/crypto/rijndael/rijndael-alg-fst.c:	1.2, 1.3
	sys/crypto/rijndael/rijndael-alg-fst.h:	1.2
	sys/crypto/rijndael/rijndael-api-fst.c:	1.2
	sys/crypto/rijndael/rijndael-api-fst.h:	1.2
	sys/crypto/rijndael/rijndael_local.h:	1.3
	sys/kern/uipc_domain.c:			1.24
	sys/kern/uipc_mbuf.c:			1.82
	sys/kern/uipc_mbuf2.c:			1.8
	sys/net/if.c:				1.109
	sys/net/if_faith.c:			1.4, 1.5
	sys/net/if_gif.c:			1.10
	sys/net/if_gif.h:			1.4
	sys/net/if_loop.c:			1.61
	sys/net/if_sppp.h:			1.17
	sys/net/if_spppsubr.c:			1.68, 1.69
	sys/net/net_osdep.c:			1.4
	sys/net/net_osdep.h:			1.5
	sys/net/pfkeyv2.h:			1.6
	sys/net/ppp_defs.h:			1.7
	sys/net/rtsock.c:			1.52
	sys/netinet/icmp6.h:			1.4
	sys/netinet/in.c:			1.54
	sys/netinet/in_gif.c:			1.10
	sys/netinet/in_pcb.c:			1.84
	sys/netinet/in_pcb.h:			1.38
	sys/netinet/in_proto.c:			1.56
	sys/netinet/ip6.h:			1.5
	sys/netinet/ip_ecn.c:			1.4
	sys/netinet/ip_ecn.h:			1.4
	sys/netinet/ip_encap.c:			1.4
	sys/netinet/ip_icmp.c:			1.57
	sys/netinet/ip_input.c:			1.171
	sys/netinet/ip_output.c:		1.126
	sys/netinet/ip_var.h:			1.56
	sys/netinet/raw_ip.c:			1.78
	sys/netinet/tcp_input.c:		1.132
	sys/netinet/tcp_output.c:		1.50
	sys/netinet/tcp_subr.c:			1.103
	sys/netinet/tcp_usrreq.c:		1.60
	sys/netinet/udp_usrreq.c:		1.89
	sys/netinet6/ah.h:			1.5
	sys/netinet6/ah6.h:			1.4
	sys/netinet6/ah_core.c:			1.8
	sys/netinet6/ah_input.c:		1.7
	sys/netinet6/ah_output.c:		1.7
	sys/netinet6/dest6.c:			1.6
	sys/netinet6/esp.h:			1.4
	sys/netinet6/esp6.h:			1.4
	sys/netinet6/esp_core.c:		1.5
	sys/netinet6/esp_input.c:		1.7
	sys/netinet6/esp_output.c:		1.5
	sys/netinet6/frag6.c:			1.8
	sys/netinet6/icmp6.c:			1.11
	sys/netinet6/in6.c:			1.12
	sys/netinet6/in6.h:			1.13
	sys/netinet6/in6_cksum.c:		1.4
	sys/netinet6/in6_gif.c:			1.5
	sys/netinet6/in6_ifattach.c:		1.6
	sys/netinet6/in6_ifattach.h:		1.3
	sys/netinet6/in6_pcb.c:			1.15
	sys/netinet6/in6_pcb.h:			1.4
	sys/netinet6/in6_prefix.c:		1.7
	sys/netinet6/in6_prefix.h:		1.5
	sys/netinet6/in6_proto.c:		1.14
	sys/netinet6/in6_rmx.c:			1.4
	sys/netinet6/in6_src.c:			1.4
	sys/netinet6/in6_var.h:			1.8
	sys/netinet6/ip6_ecn.h:			1.4
	sys/netinet6/ip6_forward.c:		1.11
	sys/netinet6/ip6_fw.c:			1.11
	sys/netinet6/ip6_fw.h:			1.11
	sys/netinet6/ip6_input.c:		1.27
	sys/netinet6/ip6_mroute.c:		1.7
	sys/netinet6/ip6_mroute.h:		1.4
	sys/netinet6/ip6_output.c:		1.25
	sys/netinet6/ip6_var.h:			1.7
	sys/netinet6/ip6protosw.h:		1.6
	sys/netinet6/ipcomp.h:			1.2
	sys/netinet6/ipcomp6.h:			1.2
	sys/netinet6/ipcomp_core.c:		1.2
	sys/netinet6/ipcomp_input.c:		1.2
	sys/netinet6/ipcomp_output.c:		1.2
	sys/netinet6/ipsec.c:			1.12
	sys/netinet6/ipsec.h:			1.8
	sys/netinet6/ipsec6.h:			1.5
	sys/netinet6/mld6.c:			1.7
	sys/netinet6/nd6.c:			1.9
	sys/netinet6/nd6.h:			1.7
	sys/netinet6/nd6_nbr.c:			1.9
	sys/netinet6/nd6_rtr.c:			1.7, 1.8
	sys/netinet6/raw_ip6.c:			1.11
	sys/netinet6/route6.c:			1.4
	sys/netinet6/scope6.c:			1.2
	sys/netinet6/udp6_output.c:		1.3
	sys/netinet6/udp6_usrreq.c:		1.15
	sys/netkey/key.c:			1.25
	sys/netkey/key.h:			1.7
	sys/netkey/key_debug.c:			1.14
	sys/netkey/key_debug.h:			1.7
	sys/netkey/key_var.h:			1.4
	sys/netkey/keydb.h:			1.6
	sys/netkey/keysock.c:			1.6
	sys/netsmb/smb_crypt.c:			1.2
	sys/sys/mbuf.h:				1.79, 1.80
	sys/sys/protosw.h:			1.33
	sys/sys/socket.h:			1.54, 1.56
	sys/sys/sockio.h:			1.17
	usr.bin/netstat/inet.c:			1.42
	usr.bin/netstat/inet6.c:		1.10
	usr.bin/netstat/ipsec.c:		1.2
	usr.bin/netstat/main.c:			1.40
	usr.bin/netstat/mroute6.c:		1.5
	usr.bin/netstat/netstat.1:		1.29
	usr.bin/netstat/netstat.h:		1.21
	usr.bin/netstat/route.c:		1.50, 1.51, 1.55
	usr.sbin/faithd/Makefile:		1.6
	usr.sbin/faithd/README:			1.4
	usr.sbin/faithd/faithd.8:		1.9
	usr.sbin/faithd/faithd.c:		1.7
	usr.sbin/faithd/faithd.h:		1.3
	usr.sbin/faithd/ftp.c:			1.5
	usr.sbin/faithd/rsh.c:			1.5
	usr.sbin/faithd/tcp.c:			1.3
	usr.sbin/gifconfig/gifconfig.8:		1.6
	usr.sbin/gifconfig/gifconfig.c:		1.4
	usr.sbin/ifmcstat/ifmcstat.8:		1.3
	usr.sbin/ifmcstat/ifmcstat.c:		1.7
	usr.sbin/mld6query/mld6.c:		1.2
	usr.sbin/mld6query/mld6query.8:		1.2
	usr.sbin/ndp/ndp.8:			1.6
	usr.sbin/ndp/ndp.c:			1.6
	usr.sbin/prefix/Makefile:		1.4
	usr.sbin/rip6query/rip6query.8:		1.4
	usr.sbin/rip6query/rip6query.c:		1.5
	usr.sbin/route6d/route6d.8:		1.6
	usr.sbin/route6d/route6d.c:		1.9
	usr.sbin/route6d/route6d.h:		1.3
	usr.sbin/rrenumd/lexer.l:		1.3
	usr.sbin/rrenumd/parser.y:		1.3
	usr.sbin/rrenumd/rrenumd.8:		1.6
	usr.sbin/rrenumd/rrenumd.c:		1.4
	usr.sbin/rrenumd/rrenumd.conf.5:	1.10
	usr.sbin/rrenumd/rrenumd.h:		1.3
	usr.sbin/rtadvd/advcap.c:		1.4
	usr.sbin/rtadvd/advcap.h:		1.4
	usr.sbin/rtadvd/config.c:		1.7
	usr.sbin/rtadvd/config.h:		1.4
	usr.sbin/rtadvd/dump.c:			1.3
	usr.sbin/rtadvd/dump.h:			1.3
	usr.sbin/rtadvd/if.c:			1.6
	usr.sbin/rtadvd/if.h:			1.4
	usr.sbin/rtadvd/pathnames.h:		1.5
	usr.sbin/rtadvd/rrenum.c:		1.5
	usr.sbin/rtadvd/rrenum.h:		1.4
	usr.sbin/rtadvd/rtadvd.8:		1.8
	usr.sbin/rtadvd/rtadvd.c:		1.6
	usr.sbin/rtadvd/rtadvd.conf.5:		1.6
	usr.sbin/rtadvd/rtadvd.h:		1.4
	usr.sbin/rtadvd/timer.c:		1.4
	usr.sbin/rtadvd/timer.h:		1.4
	usr.sbin/rtsold/Makefile:		1.6
	usr.sbin/rtsold/dump.c:			1.4
	usr.sbin/rtsold/if.c:			1.5
	usr.sbin/rtsold/probe.c:		1.5
	usr.sbin/rtsold/rtsol.c:		1.4
	usr.sbin/rtsold/rtsold.8:		1.5
	usr.sbin/rtsold/rtsold.c:		1.4
	usr.sbin/rtsold/rtsold.h:		1.4
	usr.sbin/setkey/parse.y:		1.3
	usr.sbin/setkey/scriptdump.pl:		1.3
	usr.sbin/setkey/setkey.8:		1.14
	usr.sbin/setkey/setkey.c:		1.3
	usr.sbin/setkey/token.l:		1.5
	usr.sbin/traceroute6/traceroute6.8:	1.7
	usr.sbin/traceroute6/traceroute6.c:	1.8
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.18 2001/06/24 18:14:59 ume Exp $
d751 1
a751 1
				ifconfig $i tunnel ${peers}
@


1.74.2.20
log
@MFC: Interface cloning support.  gif modularity and cloning.
stf modularity and removal of gif dependence.

Reviewed by:	brian
@
text
@d27 1
a27 1
# $FreeBSD$
d751 1
a751 1
				ifconfig $i create tunnel ${peers}
@


1.74.2.21
log
@MFC: rev 1.102 -- merge in patch to automagically decide whether or not
a kldload of ipfilter is required into rc.network.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.20 2001/07/24 19:10:15 brooks Exp $
a50 6
	if /sbin/ipfstat -i > /dev/null 2>&1; then
		ipfilter_in_kernel=1
	else
		ipfilter_in_kernel=0
	fi

a52 7
		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
			ipfilter_in_kernel=1
			echo "Kernel ipfilter module loaded."
		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
			echo "Warning: ipfilter kernel module failed to load."
		fi

@


1.74.2.22
log
@MFC: Kerberos5 startup support (off by default of course)
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.21 2001/08/01 20:02:42 obrien Exp $
d684 1
a684 1
	# Kerberos servers run ONLY on the Kerberos server machine
d696 1
a696 1
		echo -n ' kerberosIV'
d701 2
a702 5
			echo -n ' kadmindIV'
			(
				sleep 20;
				kadmind ${stash_flag} >/dev/null 2>&1 &
			) &
a705 14
		;;
	esac

	case ${kerberos5_server_enable} in
	[Yy][Ee][Ss])
		echo -n ' kerberos5'
		${kerberos5_server} &

		case ${kadmind5_server_enable} in
		[Yy][Ee][Ss])
			echo -n ' kadmind5'
			${kadmind5_server} &
			;;
		esac
@


1.74.2.23
log
@back out my previous commit to rc.conf restoring the original state with
respect to configuring sppp interfaces.

modify rc.network to make the change (ISDN users must not use spppcontrol
anymore but ispppcontrol to configure the isp<N> interfaces since the
MFC of i4b 1.001) in isp-interface configuration transparent to ISDN users
of the sppp-configuration mechanism in rc.conf.

Reviewed by:	sheldonh and joerg
Approved by:	murray
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.22 2001/08/01 20:07:55 obrien Exp $
d129 1
a129 8
			case "${ifn}" in
			isp*)
				eval ispppcontrol ${ifn} ${spppcontrol_args}
				;;
			*)
				eval spppcontrol ${ifn} ${spppcontrol_args}
				;;
			esac
@


1.74.2.24
log
@MFC: use shell arithmetic expansion instead of expr(1) where appropriate
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.23 2001/08/17 07:26:38 hm Exp $
d190 1
a190 1
				alias=$((${alias} + 1))
@


1.74.2.25
log
@MFC: IP Filter rc.* reorganisation plus documentation of it.
While this adds functionaility to save state and nat tables across
reboots, saving nat tables will still cause a panic. The fix will
be MFC-ed in 3 days
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.24 2001/11/19 10:42:28 sheldonh Exp $
d50 6
d57 1
a57 3
	# check whether ipfilter and/or ipnat is enabled
	ipfilter_active="NO"
	case ${ipfilter_enable} in
d59 31
a89 22
		ipfilter_active="YES"
		;;
	esac
	case ${ipnat_enable} in
	[Yy][Ee][Ss])
		ipfilter_active="YES"
		;;
	esac
	case ${ipfilter_active} in
	[Yy][Ee][Ss])
		# load ipfilter kernel module if needed
		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
			if kldload ipl; then
				echo 'IP-filter module loaded.'
			else
				echo 'Warning: IP-filter module failed to load.'
				# avoid further errors
				ipmon_enable="NO"
				ipfilter_enable="NO"
				ipnat_enable="NO"
				ipfs_enable="NO"
			fi
a90 44
		# start ipmon before loading any rules
		case "${ipmon_enable}" in
		[Yy][Ee][Ss])
			echo -n ' ipmon'
			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
			;;
		esac
		case "${ipfilter_enable}" in
		[Yy][Ee][Ss])
			if [ -r "${ipfilter_rules}" ]; then
				echo -n ' ipfilter'
				${ipfilter_program:-/sbin/ipf} -Fa -f \
				    "${ipfilter_rules}" ${ipfilter_flags}
			else
				ipfilter_enable="NO"
				echo -n ' NO IPF RULES'
			fi
			;;
		esac
		case "${ipnat_enable}" in
		[Yy][Ee][Ss])
			if [ -r "${ipnat_rules}" ]; then
				echo -n ' ipnat'
				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
				    "${ipnat_rules}" ${ipnat_flags}
			else
				ipnat_enable="NO"
				echo -n ' NO IPNAT RULES'
			fi
			;;
		esac
		# restore filter/NAT state tables after loading the rules
		case "${ipfs_enable}" in
		[Yy][Ee][Ss])
			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
				echo -n ' ipfs'
				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
				# remove files to avoid reloading old state
				# after an ungraceful shutdown
				rm -f /var/db/ipf/ipstate.ipf
				rm -f /var/db/ipf/ipnat.ipf
			fi
			;;
		esac
a249 9

	# Re-Sync ipfilter so it picks up any new network interfaces
	#
	case ${ipfilter_active} in
	[Yy][Ee][Ss])
		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
		;;
	esac
	unset ipfilter_active
@


1.74.2.26
log
@MFC: 1.116. Protect the '*' in pppoed_provider (the default) from
metacharacter expansion in the rc-scripts.

PR:		32552
Submitted by:	ru
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.25 2001/12/05 10:50:07 guido Exp $
a778 1
		_opts=$-; set -f
a779 1
		set +f; set -${_opts}
@


1.74.2.27
log
@MFC: New rc.conf variable, cloned_interfaces, for creating cloned
network devices at startup.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.26 2001/12/07 08:32:37 cjc Exp $
a148 5
	# Attempt to create cloned interfaces.
	for ifn in ${cloned_interfaces}; do
		ifconfig ${ifn} create
	done

a179 3
	*)
		network_interfaces="${network_interfaces} ${cloned_interfaces}"
		;;
d830 1
a830 2
				ifconfig $i create >/dev/null 2>&1
				ifconfig $i tunnel ${peers}
@


1.74.2.28
log
@MFC: s/sysctl -w/sysctl/
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.27 2001/12/09 06:02:40 brooks Exp $
d360 1
a360 1
				sysctl net.inet.ip.fw.verbose=1 >/dev/null
d403 1
a403 1
		sysctl net.inet.tcp.rfc1323=0 >/dev/null
d410 1
a410 1
		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
d417 1
a417 1
		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
d424 1
a424 1
		sysctl net.inet.icmp.log_redirect=1 >/dev/null
d431 1
a431 1
		sysctl net.inet.ip.forwarding=1 >/dev/null
d438 1
a438 1
		sysctl net.inet.ip.sourceroute=1 >/dev/null
d445 1
a445 1
		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
d452 1
a452 1
		sysctl net.inet.tcp.always_keepalive=1 >/dev/null
d459 1
a459 1
		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
d466 1
a466 1
		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
d473 1
a473 1
		sysctl net.link.ether.inet.proxyall=1 >/dev/null
d482 1
a482 1
		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
d491 1
a491 1
		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
d653 1
a653 1
				sysctl vfs.nfs.nfs_privport=1 >/dev/null
d660 1
a660 1
				sysctl vfs.nfs.bufpackets=${nfs_bufpackets} \
d701 1
a701 1
		sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} \
d817 2
a818 2
		sysctl net.inet.tcp.log_in_vain=1 >/dev/null
		sysctl net.inet.udp.log_in_vain=1 >/dev/null
@


1.74.2.29
log
@MFC: Make the rc.conf(5) 'log_in_vain' knob an integer.

PR:		bin/32953
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.28 2001/12/19 17:52:17 ru Exp $
a813 6
		log_in_vain=0
		;;
	[Yy][Ee][Ss])
		log_in_vain=1
		;;
	[0-9]*)
d816 3
a818 2
		echo " invalid log_in_vain setting: ${log_in_vain}"
		log_in_vain=0
a820 4

	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
@


1.74.2.30
log
@MFC 1.123: peter points out that we probably should not mess with the
sysctl(8) values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.

If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.29 2002/02/04 22:29:02 cjc Exp $
d827 3
a829 5
	if [ "${log_in_vain}" -ne 0 ]; then
		echo -n " log_in_vain=${log_in_vain}"
		sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
		sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
	fi
@


1.74.2.31
log
@MFC: There is no reason to demand the administrator set
'natd_interface' when running natd(8) out of the rc-files.

  src/etc/defaults/rc.conf	1.139
  src/etc/rc.network		1.124
  src/share/man/man5/rc.conf.5	1.152
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.30 2002/02/09 10:38:42 cjc Exp $
d338 2
a339 2
							grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
							natd_flags="$natd_flags -a ${natd_interface}"
d341 1
a341 1
							natd_flags="$natd_flags -n ${natd_interface}"
d343 2
a345 1
					echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
@


1.74.2.32
log
@MFC: register amd's dependency on NFS

	rc		rev 1.292
	rc.network	rev 1.121
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.31 2002/02/23 15:48:21 cjc Exp $
d697 5
a701 33
		nfsclient_in_kernel=0
		# Handle absent nfs client support
		if sysctl vfs.nfs >/dev/null 2>&1; then
			nfsclient_in_kernel=1
		else
			kldload nfsclient && nfsclient_in_kernel=1
		fi
		if [ ${nfsclient_in_kernel} -eq 1 ]
		then
			echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
			if [ -n "${nfs_access_cache}" ]; then
				echo -n " NFS access cache time=${nfs_access_cache}"
				sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
			fi

			case ${amd_enable} in
			[Yy][Ee][Ss])
				echo -n ' amd'
				case ${amd_map_program} in
				[Nn][Oo] | '')
					;;
				*)
					amd_flags="${amd_flags} `eval ${amd_map_program}`"
					;;
				esac
		
				if [ -n "${amd_flags}" ]; then
					amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
				else
					amd 2> /dev/null
				fi
				;;
			esac
d712 19
@


1.74.2.33
log
@Revert previous delta.  The patch wasn't properly tailored to -STABLE,
where nfcslient.ko does not exist.
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.32 2002/02/27 10:36:03 sheldonh Exp $
d697 33
a729 5
		echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
		if [ -n "${nfs_access_cache}" ]; then
		echo -n " NFS access cache time=${nfs_access_cache}"
		sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} \
			>/dev/null
a739 19

	case ${amd_enable} in
	[Yy][Ee][Ss])
		echo -n ' amd'
		case ${amd_map_program} in
		[Nn][Oo] | '')
			;;
		*)
			amd_flags="${amd_flags} `eval ${amd_map_program}`"
			;;
		esac

		if [ -n "${amd_flags}" ]; then
			amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
		else
			amd 2> /dev/null
		fi
		;;
	esac
@


1.74.2.34
log
@Re-introduce registration of amd's dependency on nfs.  This time,
load nfs.ko, not nfsclient.ko.  The change has been tested for
kernels with and without NFS support wired in.

This change was originally MFC'd as

	rev 1.212.2.41 of src/etc/rc
	rev 1.74.2.32 of src/etc/rc.network
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.33 2002/03/04 08:37:33 sheldonh Exp $
d697 5
a701 33
		nfs_in_kernel=0
		# Handle absent nfs client support
		if sysctl vfs.nfs >/dev/null 2>&1; then
			nfs_in_kernel=1
		else
			kldload nfs && nfs_in_kernel=1
		fi
		if [ ${nfs_in_kernel} -eq 1 ]
		then
			echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
			if [ -n "${nfs_access_cache}" ]; then
				echo -n " NFS access cache time=${nfs_access_cache}"
				sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
			fi

			case ${amd_enable} in
			[Yy][Ee][Ss])
				echo -n ' amd'
				case ${amd_map_program} in
				[Nn][Oo] | '')
					;;
				*)
					amd_flags="${amd_flags} `eval ${amd_map_program}`"
					;;
				esac
		
				if [ -n "${amd_flags}" ]; then
					amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
				else
					amd 2> /dev/null
				fi
				;;
			esac
d712 19
@


1.74.2.35
log
@MFC 1.125: redirect stdout of `ipf -y' to /dev/null.
@
text
@d27 1
a27 1
# $FreeBSD$
d294 1
a294 1
		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
@


1.74.2.36
log
@MFC 1.128: The reload of ipf(8) rules should depend on
$ipfilter_enable, not $ipfilter_active. $ipfilter_enable is set to
"NO" if modules fail to load, and $ipfilter_active can be "YES" when
we are not using ipf(8).
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.35 2002/03/09 03:54:10 dd Exp $
d292 1
a292 1
	case ${ipfilter_enable} in
d297 1
@


1.74.2.37
log
@MFC 1.130: IPFilter may need to be re-sync'ed even if we are not
filtering, but only doing ipnat(8). Go back to using $ipfilter_active,
but turn off $ipfilter_active when loading ipl.ko has failed.

Submitted by:	devet@@devet.org (Arjan de Vet)
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.36 2002/03/15 10:20:54 cjc Exp $
a71 1
				ipfilter_active="NO"
d292 1
a292 1
	case ${ipfilter_active} in
a296 1
	unset ipfilter_active
@


1.74.2.38
log
@MFC my changes from 1.129 and 1.132, which gives amd a better chance
of starting successfully when amd_flags="".
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.37 2002/03/21 10:27:34 cjc Exp $
d720 1
a720 2
					amd_flags="${amd_flags} `eval \
						${amd_map_program}`"
d724 5
a728 14
				case "${amd_flags}" in
				'')
					if [ -r /etc/amd.conf ]; then
						amd &
					else
						echo ''
			echo 'Warning: amd will not load without arguments'
					fi
					;;
				*)
					amd -p ${amd_flags} >/var/run/amd.pid \
						2>/dev/null &
					;;
				esac
@


1.74.2.39
log
@Back out rev. 1.74.2.23 that used to be necessary to support i4b's
offspring version of sppp(4).  Now that all their functionality has
been merged back into the main version, there's no need for this hack
anymore.

(This is not an MFC, since the hack never emerged into -current at all.
It has only been there to support -stable users.)
@
text
@d27 1
a27 1
# $FreeBSD: src/etc/rc.network,v 1.74.2.38 2002/04/15 02:12:55 dougb Exp $
d166 8
a173 1
			eval spppcontrol ${ifn} ${spppcontrol_args}
@


1.74.2.39.2.1
log
@Merge OpenSSH, OPIE, PAM and a number of dependencies from -STABLE.
@
text
@d27 1
a27 1
# $FreeBSD$
d807 7
a813 16
		if [ -x /usr/bin/ssh-keygen ]; then
			if [ ! -f /etc/ssh/ssh_host_key ]; then
				echo ' creating ssh1 RSA host key';
				/usr/bin/ssh-keygen -t rsa1 -N "" \
					-f /etc/ssh/ssh_host_key
			fi
			if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
				echo ' creating ssh2 RSA host key';
				/usr/bin/ssh-keygen -t rsa -N "" \
					-f /etc/ssh/ssh_host_rsa_key
			fi
			if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
				echo ' creating ssh2 DSA host key';
				/usr/bin/ssh-keygen -t dsa -N "" \
					-f /etc/ssh/ssh_host_dsa_key
			fi
@


1.74.2.40
log
@MFC: 1.131, 1.133, 1.134 (ssh-keygen(8) now requires -t).
@
text
@d27 1
a27 1
# $FreeBSD$
d807 7
a813 16
		if [ -x /usr/bin/ssh-keygen ]; then
			if [ ! -f /etc/ssh/ssh_host_key ]; then
				echo ' creating ssh1 RSA host key';
				/usr/bin/ssh-keygen -t rsa1 -N "" \
					-f /etc/ssh/ssh_host_key
			fi
			if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
				echo ' creating ssh2 RSA host key';
				/usr/bin/ssh-keygen -t rsa -N "" \
					-f /etc/ssh/ssh_host_rsa_key
			fi
			if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
				echo ' creating ssh2 DSA host key';
				/usr/bin/ssh-keygen -t dsa -N "" \
					-f /etc/ssh/ssh_host_dsa_key
			fi
@


1.73
log
@Get the order of things right; the keys need to be generated
early to allow entropy to replenish.
sshd must start late to catch the full effects of ldconfig.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.72 2000/02/28 19:21:05 jkh Exp $
d609 1
a609 1
			echo creating ssh host key
@


1.72
log
@Generate new sshd host key when necessary.  I'm tired of
waiting for someone to commit this. :)
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.71 2000/02/24 23:12:04 markm Exp $
a610 3
			echo now starting sshd
		else
			echo -n ' sshd';
a611 1
		${sshd_program:-/usr/sbin/sshd} ${sshd_flags}
@


1.71
log
@Run sshd at boot time if the sysadmin wants it. Also install
ssh[d] config files in the right place.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.70 2000/02/06 16:33:54 hm Exp $
d608 7
a614 1
		echo -n ' sshd';
@


1.70
log
@Approved by: jkh
Reviewed by: joerg

The isdnd is able to listen on a socket for isdnmonitor to connect to
it to remotely control it (similar to ppp and pppctl). When this is
enabled in the isdnd config file, it will fail currently because isdnd
is started before the network interfaces are configured.
It is necessary to move the isdnd start after the ifconfig of the network
interfaces, then this problem will not occur.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.69 2000/01/15 14:28:05 green Exp $
d603 7
@


1.69
log
@This is another in Martin Blapp's N-series of mount-related cleanups :)
Changes are:
 - rpc.umntall is called at the right places now in /etc/rc*
 - rpc.umntall timeout has been lowered from two days (too high) to one
 - verbose messages in rpc.umntall have been clarified
 - kill double entries in /var/db/mounttab when rpc.umntall is invoked
 - ${early_nfs_mounts} has been removed from /etc/rc
 - patched mount(8) -p to print different pass/dump values for ufs filesystems.
   (last patch recieved from dan <bugg@@bugg.strangled.net>)

Submitted by:	Martin Blapp <mbr@@imp.ch>, dan <bugg@@bugg.strangled.net>
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.68 1999/12/17 13:36:40 roberto Exp $
a46 10
	# ISDN subsystem startup
	#
	case ${isdn_enable} in
	[Yy][Ee][Ss])
		if [ -r /etc/rc.isdn ]; then
			. /etc/rc.isdn
		fi
		;;
	esac

d130 10
@


1.68
log
@xntpd -> ntpd.

Submitted by:	ru
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.67 1999/12/12 01:58:30 obrien Exp $
d538 7
@


1.67
log
@Suport multiple ``ifconfig_*?="DHCP"'' configurations.

Currently we have a problem in that `dhclient' bails when configuring the
second interface as port 68 is already in use (by the `dhclient' started
for the first interface).

PR:		14810
Submitted by:	n_hibma
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.66 1999/11/23 00:26:03 brian Exp $
d394 1
a394 1
		echo -n ' xntpd';	${xntpd_program:-xntpd} ${xntpd_flags}
@


1.66
log
@Oops, typo
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.65 1999/11/23 00:22:24 brian Exp $
d80 1
a81 1
		showstat=false
d84 1
a84 1
			showstat=true
d95 3
a97 2
			${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn}
			showstat=true
d101 1
a101 1
			showstat=true
d104 5
d110 1
d118 1
a118 1
				showstat=true
d130 1
a130 1
			showstat=true
d132 1
d134 3
a136 2
		case ${showstat} in
		true)
d138 1
a138 2
			;;
		esac
@


1.65
log
@Add pppoed startup options
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.64 1999/11/17 22:38:02 ache Exp $
d583 1
a583 1
		if [ -n "$pppoed_provider ]; then
@


1.64
log
@Add network pass4 - after all local (/usr/local/etc/rc.d f.e.)
daemons started. Move log_in_vain option there. It is needed to avoid
lot of connections to port 80 logged on production WWW server prior
Apache started from /usr/local/etc/rc.d
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.63 1999/11/14 21:28:07 ache Exp $
d578 10
@


1.63
log
@Add single_mountd_enable hook to run mountd but not NFS server
Needed for machine with CFS but without real NFS
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.62 1999/09/19 21:32:42 green Exp $
a258 10
	case ${log_in_vain} in
	[Nn][Oo] | '')
		;;
	*)
		echo -n ' log_in_vain=YES'
		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
		;;
	esac

d583 16
@


1.62
log
@Make the firewall file variable space-safe.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.61 1999/09/13 15:44:18 sheldonh Exp $
d510 17
@


1.61
log
@Apply a consistent style to most of the etc scripts.  Particularly, use
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.

Changes discussed on freebsd-hackers.

Submitted by:	Doug Barton <Doug@@gorean.org>
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.60 1999/09/12 17:22:05 des Exp $
d190 2
a191 2
			if [ -r ${firewall_script} ]; then
				. ${firewall_script}
@


1.60
log
@Add the net.inet.tcp.restrict_rst and net.inet.tcp.drop_synfin sysctl
variables, conditional on the TCP_RESTRICT_RST and TCP_DROP_SYNFIN kernel
options, respectively. See the comments in LINT for details.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.59 1999/09/01 08:57:01 peter Exp $
d6 2
a7 2
# Note that almost all the user-configurable behavior is no longer in
# this file, but rather in /etc/rc.conf.  Please check that file
d12 34
d47 118
a164 117
network_pass1() {
    echo -n 'Doing initial network setup:'
    # Set the host name if it is not already set
    if [ -z "`hostname -s`" ] ; then
	    hostname ${hostname}
	    echo -n ' hostname'
    fi

    # Set the domainname if we're using NIS
    if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then
	    domainname ${nisdomainname}
	    echo -n ' domain'
    fi
    echo '.'

    # Initial ATM interface configuration
    if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then
	    . /etc/rc.atm
	    atm_pass1
    fi

    # ISDN subsystem startup
    if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then
	    . /etc/rc.isdn
    fi

    # Special options for sppp(4) interfaces go here.  These need
    # to go _before_ the general ifconfig section, since in the case
    # of hardwired (no link1 flag) but required authentication, you
    # cannot pass auth parameters down to the already running interface.
    for ifn in ${sppp_interfaces}; do
	    eval spppcontrol_args=\$spppconfig_${ifn}
	    if [ -n "${spppcontrol_args}" ] ; then
		    # The auth secrets might contain spaces; in order
		    # to retain the quotation, we need to eval them
		    # here.
		    eval spppcontrol ${ifn} ${spppcontrol_args}
	    fi
    done

    # Set up all the network interfaces, calling startup scripts if needed
    if [ "${network_interfaces}" = "auto" ]; then
	    network_interfaces="`ifconfig -l`"
    fi
    for ifn in ${network_interfaces}; do
	    showstat=false
	    if [ -e /etc/start_if.${ifn} ]; then
		    . /etc/start_if.${ifn}
		    showstat=true
	    fi
	    # Do the primary ifconfig if specified
	    eval ifconfig_args=\$ifconfig_${ifn}
	    if [ -n "${ifconfig_args}" ] ; then
		    # See if we are using DHCP
		    if [ "${ifconfig_args}" = "DHCP" ]; then
			     ${dhcp_program} ${dhcp_flags} ${ifn}
		    else
			     ifconfig ${ifn} ${ifconfig_args}
		    fi
		    showstat=true
	    fi
	    # Check to see if aliases need to be added
	    alias=0
	    while :
	    do
		    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
		    if [ -n "${ifconfig_args}" ]; then
			    ifconfig ${ifn} ${ifconfig_args} alias
			    showstat=true
			    alias=`expr ${alias} + 1`
		    else
			    break;
		    fi
	    done
	    # Do ipx address if specified
	    eval ifconfig_args=\$ifconfig_${ifn}_ipx
	    if [ -n "${ifconfig_args}" ]; then
		    ifconfig ${ifn} ${ifconfig_args}
		    showstat=true
	    fi
	    if [ "${showstat}" = "true" ]
	    then
		    ifconfig ${ifn}
	    fi
    done

    # Warm up user ppp if required, must happen before natd.
    if [ "${ppp_enable}" = "YES" ]; then
	    # Establish ppp mode.
	    if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
		-a "${ppp_mode}" != "dedicated" \
		-a "${ppp_mode}" != "background" ]; then
	        ppp_mode="auto";
	    fi
	    ppp_command="-${ppp_mode} ";

	    # Switch on alias mode?
	    if [ "${ppp_nat}" = "YES" ]; then
		ppp_command="${ppp_command} -nat";
	    fi

	    echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
    fi

    # Initialize IP filtering using ipfw
    echo ""
    /sbin/ipfw -q flush > /dev/null 2>&1
    if [ $? = 0 ] ; then
	firewall_in_kernel=1
    else 
	firewall_in_kernel=0
    fi

    if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}"  = "YES" ] ; then
	if kldload ipfw; then
		firewall_in_kernel=1		# module loaded successfully
		echo "Kernel firewall module loaded."
d166 1
a166 1
		echo "Warning: firewall kernel module failed to load."
a167 1
    fi
d169 58
a226 4
    # Load the filters if required
    if [ ${firewall_in_kernel} = 1 ]; then
	if [ -z "${firewall_script}" ] ; then
	    firewall_script="/etc/rc.firewall"
d228 19
a246 22
	if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then
	    . ${firewall_script}
	    echo -n 'Firewall rules loaded, starting divert daemons:'

	    # Network Address Translation daemon
	    if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then
		if echo ${natd_interface} | \
		    grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
		    natd_ifarg="-a ${natd_interface}"
		else
		    natd_ifarg="-n ${natd_interface}"
		fi
		echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg}
	    fi
	    echo '.'
	else
	    IPFW_DEFAULT=`ipfw l 65535`
	    if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then
		echo -n "Warning: kernel has firewall functionality, "
		echo "but firewall rules are not enabled."
		echo "         All ip services are disabled."
	    fi
a247 1
    fi
d249 128
a376 107
    # Additional ATM interface configuration
    if [ -n "${atm_pass1_done}" ]; then
	    atm_pass2
    fi

    # Configure routing

    if [ "${defaultrouter}" != "NO" ] ; then
	    static_routes="default ${static_routes}"
	    route_default="default ${defaultrouter}"
    fi
    
    # Set up any static routes.  This should be done before router discovery.
    if [ -n "${static_routes}" ]; then
	    for i in ${static_routes}; do
		    eval route_args=\$route_${i}
		    route add ${route_args}
	    done
    fi

    echo -n 'Additional routing options:'
    if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then
	    echo -n ' tcp extensions=NO'
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
    fi

    if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then
	    echo -n ' log_in_vain=YES'
	    sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
	    sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
    fi

    if [ "${icmp_bmcastecho}" = "YES" ]; then
	    echo -n ' broadcast ping responses=YES'
	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
    fi
    
    if [ "${icmp_drop_redirect}" = "YES" ]; then
	    echo -n ' ignore ICMP redirect=YES'
	    sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
    fi
    
    if [ "${icmp_log_redirect}" = "YES" ]; then
	    echo -n ' log ICMP redirect=YES'
	    sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
    fi

    if [ "${gateway_enable}" = "YES" ]; then
	    echo -n ' IP gateway=YES'
	    sysctl -w net.inet.ip.forwarding=1 >/dev/null
    fi
    
    if [ "${forward_sourceroute}" = "YES" ]; then
	    echo -n ' do source routing=YES'
	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null
    fi

    if [ "${accept_sourceroute}" = "YES" ]; then
	    echo -n ' accept source routing=YES'
	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
    fi

    if [ "${tcp_keepalive}" = "YES" ]; then
	    echo -n ' TCP keepalive=YES'
	    sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
    fi

    if [ "X$tcp_restrict_rst" = X"YES" ]; then
	    echo -n ' restrict TCP reset=YES'
	    sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
    fi

    if [ "X$tcp_drop_synfin" = X"YES" ]; then
	    echo -n ' drop SYN+FIN packets=YES'
	    sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
    fi

    if [ "${ipxgateway_enable}" = "YES" ]; then
	    echo -n ' IPX gateway=YES'
	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
    fi
    
    if [ "${arpproxy_all}" = "YES" ]; then
	    echo -n ' ARP proxyall=YES'
	    sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
    fi
    echo '.'

    echo -n 'routing daemons:'
    if [ "${router_enable}" = "YES" ]; then
	    echo -n " ${router}";	${router} ${router_flags}
    fi
    
    if [ "${ipxrouted_enable}" = "YES" ]; then
	    echo -n ' IPXrouted'
	    IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
    fi
    
    if [ "${mrouted_enable}" = "YES" ]; then
	    echo -n ' mrouted'; mrouted ${mrouted_flags}
    fi

    if [ "${rarpd_enable}" = "YES" ]; then
	    echo -n ' rarpd';     rarpd ${rarpd_flags}
    fi
    echo '.'
    network_pass1_done=YES	# Let future generations know we made it.
d380 88
a467 56
    echo -n 'Doing additional network setup:'
    if [ "${named_enable}" = "YES" ]; then
	    echo -n ' named';		${named_program-"named"} ${named_flags}
    fi

    if [ "${ntpdate_enable}" = "YES" ]; then
	    echo -n ' ntpdate';	${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1
    fi

    if [ "${xntpd_enable}" = "YES" ]; then
	    echo -n ' xntpd';	${xntpd_program} ${xntpd_flags}
    fi

    if [ "${timed_enable}" = "YES" ]; then
	    echo -n ' timed';		timed ${timed_flags}
    fi

    if [ "${portmap_enable}" = "YES" ]; then
	    echo -n ' portmap';		${portmap_program} ${portmap_flags}
    fi

    # Start ypserv if we're an NIS server.
    # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
    if [ "${nis_server_enable}" = "YES" ]; then
	    echo -n ' ypserv'; ypserv ${nis_server_flags}
	    
	    if [ "${nis_ypxfrd_enable}" = "YES" ]; then
		    echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags}
	    fi
	    
	    if [ "${nis_yppasswdd_enable}" = "YES" ]; then
		    echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags}
	    fi
    fi

    # Start ypbind if we're an NIS client
    if [ "${nis_client_enable}" = "YES" ]; then
	    echo -n ' ypbind'; ypbind ${nis_client_flags}
	    if [ "${nis_ypset_enable}" = "YES" ]; then
		    echo -n ' ypset'; ypset ${nis_ypset_flags}
	    fi
    fi

    # Start keyserv if we are running Secure RPC
    if [ "${keyserv_enable}" = "YES" ]; then
	    echo -n ' keyserv';		keyserv ${keyserv_flags}
    fi
    # Start ypupdated if we are running Secure RPC and we are NIS master
    if [ "${rpc_ypupdated_enable}" = "YES" ]; then
	    echo -n ' rpc.ypupdated';	rpc.ypupdated
    fi

    # Start ATM daemons
    if [ -n "${atm_pass2_done}" ]; then
	    atm_pass3
    fi
d469 2
a470 2
    echo '.'
    network_pass2_done=YES
d474 38
a511 1
    echo -n 'Starting final network daemons:'
d513 4
a516 22
    if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then
	    echo -n ' mountd'
	    if [ "${weak_mountd_authentication}" = "YES" ]; then
		    mountd_flags="-n"
	    fi
	    mountd ${mountd_flags}
	    if [ "${nfs_reserved_port_only}" = "YES" ]; then
		    echo -n ' NFS on reserved port only=YES'
		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
	    fi
	    echo -n ' nfsd';		nfsd ${nfs_server_flags}
	    if [ "${rpc_lockd_enable}" = "YES" ]; then
		echo -n ' rpc.lockd';		rpc.lockd
	    fi
	    if [ "${rpc_statd_enable}" = "YES" ]; then
		echo -n ' rpc.statd';		rpc.statd
	    fi
    fi
    
    if [ "${nfs_client_enable}" = "YES" ]; then
	    echo -n ' nfsiod';		nfsiod ${nfs_client_flags}
	    if [ "${nfs_access_cache}" != "X" ]; then
d519 43
a561 29
		    >/dev/null
	    fi
    fi

    if [ "${amd_enable}" = "YES" ]; then
	    echo -n ' amd'
	    if [ "${amd_map_program}" != "NO" ]; then
		amd_flags="${amd_flags} `eval ${amd_map_program}`"
	    fi
	    if [ -n "${amd_flags}" ]
	    then
	      amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
	    else
	      amd 2> /dev/null
	    fi
    fi

    if [ "${rwhod_enable}" = "YES" ]; then
	    echo -n ' rwhod';	rwhod ${rwhod_flags}
    fi

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "${kerberos_server_enable}" = "YES" ]; then
	    if [ "${kerberos_stash}" = "YES" ]; then
		stash_flag=-n
	    else
		stash_flag=
	    fi
	    echo -n ' kerberos'; \
d563 13
a575 9
	    if [ "${kadmind_server_enable}" = "YES" ]; then
		echo -n ' kadmind'; \
		(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
	    fi
	    unset stash_flag
    fi
    
    echo '.'
    network_pass3_done=YES
@


1.59
log
@-background is also a legitimate ppp mode.  Don't change it to -auto.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.58 1999/08/27 23:23:44 peter Exp $
d230 10
@


1.58
log
@$Id$ -> $FreeBSD$
@
text
@d3 1
a3 1
# $FreeBSD$
d103 2
a104 1
		-a "${ppp_mode}" != "dedicated" ]; then \
@


1.57
log
@Catch an extra X on DHCP.

Spotted by the eagle eyes of:	Pierre DAVID <Pierre.David@@prism.uvsq.fr>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.56 1999/08/25 16:01:37 sheldonh Exp $
@


1.56
log
@Style clean-up:

	* All variables are now embraced: ${foo}

	* All comparisons against some value now take the form:
	  [ "${foo}" ? "value" ]
	  where ? is a comparison operator

	* All empty string tests now take the form:
	  [ -z "${foo}" ]

	* All non-empty string tests now take the form:
	  [ -n "${foo}" ]

Submitted by:	jkh
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.55 1999/08/22 23:26:03 brian Exp $
d67 1
a67 1
		    if [ "${ifconfig_args}" = "XDHCP" ]; then
@


1.55
log
@ppp_alias -> ppp_nat

Submitted by: Josef L. Karthauser <joe@@FreeBSD.org.uk>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.54 1999/08/19 21:15:16 brian Exp $
d17 1
a17 1
	    hostname $hostname
d22 2
a23 2
    if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then
	    domainname $nisdomainname
d29 1
a29 1
    if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then
d35 1
a35 1
    if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then
d54 1
a54 1
    if [ "x${network_interfaces}" = "xauto" ]; then
d67 1
a67 1
		    if [ X"${ifconfig_args}" = X"DHCP" ]; then
d100 1
a100 1
    if [ "X$ppp_enable" = X"YES" ]; then
d102 2
a103 2
	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
		-a "X$ppp_mode" != X"dedicated" ]; then \
d109 1
a109 1
	    if [ "X$ppp_nat" = X"YES" ]; then
d125 1
a125 1
    if [ $firewall_in_kernel = 0 -a "x$firewall_enable"  = "xYES" ] ; then
d135 1
a135 1
    if [ $firewall_in_kernel = 1 ]; then
d139 1
a139 1
	if [ -f ${firewall_script} -a X"$firewall_enable" = X"YES" ]; then
d144 1
a144 1
	    if [ X"${natd_enable}" = X"YES" -a -n "${natd_interface}" ]; then
d156 1
a156 1
	    if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then
d171 1
a171 1
    if [ "x$defaultrouter" != "xNO" ] ; then
d177 1
a177 1
    if [ "x${static_routes}" != "x" ]; then
d185 1
a185 1
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
d190 1
a190 1
    if [ -n "$log_in_vain" -a "x$log_in_vain" != "xNO" ] ; then
d196 1
a196 1
    if [ X"$icmp_bmcastecho" = X"YES" ]; then
d201 1
a201 1
    if [ "X$icmp_drop_redirect" = X"YES" ]; then
d206 1
a206 1
    if [ "X$icmp_log_redirect" = X"YES" ]; then
d211 1
a211 1
    if [ "X$gateway_enable" = X"YES" ]; then
d216 1
a216 1
    if [ "X$forward_sourceroute" = X"YES" ]; then
d221 1
a221 1
    if [ "X$accept_sourceroute" = X"YES" ]; then
d226 1
a226 1
    if [ "X$tcp_keepalive" = X"YES" ]; then
d231 1
a231 1
    if [ "X$ipxgateway_enable" = X"YES" ]; then
d236 1
a236 1
    if [ "X$arpproxy_all" = X"YES" ]; then
d243 1
a243 1
    if [ "X$router_enable" = X"YES" ]; then
d247 1
a247 1
    if [ "X$ipxrouted_enable" = X"YES" ]; then
d252 1
a252 1
    if [ "X${mrouted_enable}" = X"YES" ]; then
d256 1
a256 1
    if [ "X$rarpd_enable" = X"YES" ]; then
d265 1
a265 1
    if [ "X${named_enable}" = X"YES" ]; then
d269 1
a269 1
    if [ "X${ntpdate_enable}" = X"YES" ]; then
d273 1
a273 1
    if [ "X${xntpd_enable}" = X"YES" ]; then
d277 1
a277 1
    if [ "X${timed_enable}" = X"YES" ]; then
d281 1
a281 1
    if [ "X${portmap_enable}" = X"YES" ]; then
d287 1
a287 1
    if [ "X${nis_server_enable}" = X"YES" ]; then
d290 1
a290 1
	    if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then
d294 1
a294 1
	    if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then
d300 1
a300 1
    if [ "X${nis_client_enable}" = X"YES" ]; then
d302 1
a302 1
	    if [ "X${nis_ypset_enable}" = X"YES" ]; then
d308 1
a308 1
    if [ "X${keyserv_enable}" = X"YES" ]; then
d312 1
a312 1
    if [ "X$rpc_ypupdated_enable" = X"YES" ]; then
d328 1
a328 1
    if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then
d330 1
a330 1
	    if [ "X${weak_mountd_authentication}" = X"YES" ]; then
d334 1
a334 1
	    if [ "X${nfs_reserved_port_only}" = X"YES" ]; then
d339 1
a339 1
	    if [ "X$rpc_lockd_enable" = X"YES" ]; then
d342 1
a342 1
	    if [ "X$rpc_statd_enable" = X"YES" ]; then
d347 1
a347 1
    if [ "X${nfs_client_enable}" = X"YES" ]; then
d349 1
a349 1
	    if [ "X${nfs_access_cache}" != X ]; then
d356 1
a356 1
    if [ "X${amd_enable}" = X"YES" ]; then
d358 1
a358 1
	    if [ "X${amd_map_program}" != X"NO" ]; then
d361 1
a361 1
	    if [ -n "$amd_flags" ]
d369 1
a369 1
    if [ "X${rwhod_enable}" = X"YES" ]; then
d374 2
a375 2
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
	    if [ "X${kerberos_stash}" = "XYES" ]; then
d382 1
a382 1
	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
@


1.54
log
@Quieten ppp at startup.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.53 1999/08/10 09:45:31 des Exp $
d109 2
a110 2
	    if [ "X$ppp_alias" = X"YES" ]; then
		ppp_command="${ppp_command} -alias";
@


1.53
log
@Add net.inet.icmp.log_redirect and net.inet.icmp.drop_redirect, for
respectively logging and dropping ICMP REDIRECT packets.

Note that there is no rate limiting on the log messages, so log_redirect
should be used with caution (preferrably only for debugging purposes).
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.52 1999/07/26 15:17:23 brian Exp $
d113 1
a113 1
	    echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile}
@


1.52
log
@Start ppp before natd, not afterwards.

Submitted by: Josef L. Karthauser <joe@@uk.FreeBSD.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.51 1999/07/26 10:49:31 brian Exp $
d199 10
@


1.51
log
@Add a default ppp.conf (mode 600).

Originally submitted by: Wayne Self <wself@@cdrom.com>

Allow a ppp startup option in rc.conf.

Adjust sysinstall so that it appends to the end of ppp.conf
and uses the generated profile to start ppp in auto mode on
boot.

Submitted by: Josef L. Karthauser <joe@@uk.FreeBSD.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.50 1999/07/16 09:26:52 jkh Exp $
d99 17
a161 17
    fi

    # Warm up user ppp if required.
    if [ "X$ppp_enable" = X"YES" ]; then
	    # Establish ppp mode.
	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
		-a "X$ppp_mode" != X"dedicated" ]; then \
	        ppp_mode="auto";
	    fi
	    ppp_command="-${ppp_mode} ";

	    # Switch on alias mode?
	    if [ "X$ppp_alias" = X"YES" ]; then
		ppp_command="${ppp_command} -alias";
	    fi

	    echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile}
@


1.50
log
@Allow DHCP to be used in an ifconfig variable instead of the usual
address information, producing the obvious effect (dhcp configuration).

Submitted by:   "Sean O'Connell" <sean@@stat.Duke.EDU>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.49 1999/07/08 18:56:02 peter Exp $
d145 17
@


1.49
log
@Tweak previous commit.  Only sense the configuration if network_interfaces
is set to "auto".  Any network_interfaces settings will be treated as
before.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.48 1999/07/07 12:49:45 peter Exp $
d66 6
a71 1
		    ifconfig ${ifn} ${ifconfig_args}
@


1.48
log
@Do away with ${network_interfaces} in rc.conf.  Just use `ifconfig -l` to
get a list of interfaces, and then automatically configure them if
${ifconfig_${ifn}} or /etc/start_if.${ifn} exists.

This makes it a lot easier to deal with machines that constantly change
their network configuration as you can leave ifconfig settings for all
the possible cards - just the ones that are present will be configured.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.47 1999/06/08 13:00:30 brian Exp $
d54 4
a57 2
    interfaces="`ifconfig -l`"
    for ifn in ${interfaces}; do
@


1.47
log
@If amd_flags is empty, don't add -p as it makes amd abend.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.46 1999/06/05 12:06:19 bde Exp $
d54 3
a56 1
    for ifn in ${network_interfaces}; do
d59 1
d65 1
d74 1
d84 5
a89 1
	    ifconfig ${ifn}
@


1.46
log
@Don't discard error output from sysctl(8).

Do discard standard output from the sysctl for approxy_all, and echo
what this sysctl is doing in the usual way.  This fix is probably
backwards.  We should probably just use the standard sysctl output
in all cases (it needs to have a newline filtered out).

Echo what the sysctls for nfs_reserved_port_only and nfs_access_cache
are doing.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.45 1999/06/05 05:45:47 phk Exp $
d318 6
a323 1
	    amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
@


1.45
log
@Add handle to control global TCP keepalives and turn them on as
default.

Despite their name it doesn't keep TCP sessions alive, it kills
them if the other end has gone AWOL.  This happens a lot with
clients which use NAT, dynamic IP assignment or which has a 2^32
* 10^-3 seconds upper bound on their uptime.

There is no detectable increase in network trafic because of this:
two minimal TCP packets every two hours for a live TCP connection.

Many servers already enable keepalives themselves.

The host requirements RFC is 10 years old, and doesn't know about
the loosing clients of todays InterNet.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.44 1999/04/12 15:26:41 brian Exp $
d154 1
a154 1
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
d159 2
a160 2
	    sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 2>&1
	    sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 2>&1
d165 1
a165 1
	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
d170 1
a170 1
	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1
d175 1
a175 1
	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1
d180 1
a180 1
	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1
d185 1
a185 1
	    sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 2>&1
d190 1
a190 1
	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1
d194 2
a195 2
	    echo -n ' enabling ARP_PROXY_ALL: '
	    sysctl -w net.link.ether.inet.proxyall=1 2>&1
d292 2
a293 1
		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1
d307 1
d309 1
a309 1
			>/dev/null 2>&1
@


1.44
log
@Remove extraneous space
PR:		11096
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.43 1999/04/10 10:56:58 des Exp $
d181 5
@


1.43
log
@Allow the user to specify a different firewall script than /etc/rc.firewall.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.42 1999/03/28 20:36:03 imp Exp $
d108 1
a108 1
	    echo -n 'Firewall rules loaded, starting divert daemons: '
@


1.42
log
@Add two features:
    log_in_vain:
	log_in_vain turns on logging for packets to ports for which
	there is no listener.
    rc.sysctl:
	A generic way to set sysctl values.  It reads /etc/syslog.conf
	and sets values based on that.  No /etc/syslog.conf has been
	checked in yet, and I've not added this to the makefile yet
	until I get more feedback.

Reviewed by: -current, -hackers and bde especially
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.41 1999/03/24 10:28:49 brian Exp $
d103 5
a107 2
	if [ -f /etc/rc.firewall -a X"$firewall_enable" = X"YES" ]; then
	    . /etc/rc.firewall
@


1.41
log
@Move natd from network_pass3 to network_pass1
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.40 1999/03/11 16:17:24 jfitz Exp $
d152 6
@


1.40
log
@Add ${lpd_program} and ${portmap_program} as variables in rc.conf, with
suitable defaults pointing to the FreeBSD-shipped versions.  This will allow
for easier integration of third-party replacements for these daemons.
Reviewed by: Several members of -committers
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $
d103 1
a103 2
	if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \
		"x$firewall_enable" = "xYES" ] ; then
d105 13
a117 1
	    echo "Firewall rules loaded."
a324 12
    # Network Address Translation daemon
       if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \
               -a X"${firewall_enable}" = X"YES" ]; then
               if echo ${natd_interface} | \
                       grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
                       natd_ifarg="-a ${natd_interface}"
               else
                       natd_ifarg="-n ${natd_interface}"
               fi
               echo -n ' natd'; natd ${natd_flags} ${natd_ifarg}
       fi

@


1.39
log
@Add some special hooks for sppp(4) interfaces.  In addition to the
normal ifconfig stuff, one might need to pass down authentication
parameters for them.

This is closely tied to Hellmuth's impending rc patches for ISDN, but
sppp can also be used separately (thus it doesn't go directly into the
planned ISDN section of rc.conf).

Reviewed by:	hm
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.38 1999/01/13 08:20:55 hm Exp $
d214 1
a214 1
	    echo -n ' portmap';		portmap ${portmap_flags}
@


1.39.2.1
log
@MFC: portmap_program, lpd_program, sendmail comments, check_quota, enable_quotas

	rc.conf 	1.1 -> 1.4
	rc.network 	1.39 -> 1.40
	rc 		1.179 -> 1.180
			1.182 -> 1.183
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.40 1999/03/11 16:17:24 jfitz Exp $
d214 1
a214 1
	    echo -n ' portmap';		${portmap_program} ${portmap_flags}
@


1.39.2.2
log
@MFC: Move natd to network_pass1
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.41 1999/03/24 10:28:49 brian Exp $
d103 2
a104 1
	if [ -f /etc/rc.firewall -a X"$firewall_enable" = X"YES" ]; then
d106 1
a106 13
	    echo -n 'Firewall rules loaded, starting divert daemons: '

	    # Network Address Translation daemon
	    if [ X"${natd_enable}" = X"YES" -a -n "${natd_interface}" ]; then
		if echo ${natd_interface} | \
		    grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
		    natd_ifarg="-a ${natd_interface}"
		else
		    natd_ifarg="-n ${natd_interface}"
		fi
		echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg}
	    fi
	    echo '.'
d314 12
@


1.39.2.3
log
@MFC: Allow the user to specify a firewall script.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.2 1999/03/24 17:25:26 brian Exp $
d103 2
a104 5
	if [ -z "${firewall_script}" ] ; then
	    firewall_script="/etc/rc.firewall"
	fi
	if [ -f ${firewall_script} -a X"$firewall_enable" = X"YES" ]; then
	    . ${firewall_script}
@


1.39.2.4
log
@MFC: remove extraneous space
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.3 1999/04/10 10:59:15 des Exp $
d108 1
a108 1
	    echo -n 'Firewall rules loaded, starting divert daemons:'
@


1.39.2.5
log
@MFC: Don't add the -p flag if amd_args is empty.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.4 1999/04/12 15:29:11 brian Exp $
d305 1
a305 6
	    if [ -n "$amd_flags" ]
	    then
	      amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
	    else
	      amd 2> /dev/null
	    fi
@


1.39.2.6
log
@MFC: revs 1.4{2,5,9}
     * log_in_vain
     * TCP keepalives
     * network_interfaces=auto processing
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.5 1999/06/09 08:56:11 brian Exp $
a53 3
    if [ "x${network_interfaces}" = "xauto" ]; then
	    network_interfaces="`ifconfig -l`"
    fi
a54 1
	    showstat=false
a56 1
		    showstat=true
a61 1
		    showstat=true
a69 1
			    showstat=true
a78 5
		    showstat=true
	    fi
	    if [ "${showstat}" = "true" ]
	    then
		    ifconfig ${ifn}
d80 1
a156 6
    if [ -n "$log_in_vain" -a "x$log_in_vain" != "xNO" ] ; then
	    echo -n ' log_in_vain=YES'
	    sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
	    sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
    fi

a176 5
    if [ "X$tcp_keepalive" = X"YES" ]; then
	    echo -n ' TCP keepalive=YES'
	    sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
    fi

d183 1
a183 1
	    echo -n ' ARP proxyall=YES'
a280 1
		    echo -n ' NFS on reserved port only=YES'
@


1.39.2.7
log
@MFC: rev 1.46 (don't discard error output from sysctl(8))
	 + echo "NFS access cache time" setting
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.6 1999/07/15 18:41:14 obrien Exp $
d165 1
a165 1
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
d176 1
a176 1
	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
d181 1
a181 1
	    sysctl -w net.inet.ip.forwarding=1 >/dev/null
d186 1
a186 1
	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null
d191 1
a191 1
	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
d201 1
a201 1
	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
d206 1
a206 1
	    sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
d304 1
a304 1
		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
d318 2
a319 2
		echo -n " NFS access cache time=${nfs_access_cache}"
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
@


1.39.2.8
log
@MFC: Add a default ppp.conf (mode 600).

     Originally submitted by: Wayne Self <wself@@cdrom.com>

     Allow a ppp startup option in rc.conf.

     Adjust sysinstall so that it appends to the end of ppp.conf
     and uses the generated profile to start ppp in auto mode on
     boot.

     Submitted by: Josef L. Karthauser <joe@@uk.FreeBSD.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.7 1999/07/15 18:45:07 obrien Exp $
a139 17
    fi

    # Warm up user ppp if required.
    if [ "X$ppp_enable" = X"YES" ]; then
	    # Establish ppp mode.
	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
		-a "X$ppp_mode" != X"dedicated" ]; then \
	        ppp_mode="auto";
	    fi
	    ppp_command="-${ppp_mode} ";

	    # Switch on alias mode?
	    if [ "X$ppp_alias" = X"YES" ]; then
		ppp_command="${ppp_command} -alias";
	    fi

	    echo -n 'Starting ppp: '; ppp ${ppp_command} ${ppp_profile}
@


1.39.2.9
log
@MFC: ppp_alias -> ppp_nat
     Shuffle ppp startup location
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.39.2.8 1999/07/30 17:30:26 brian Exp $
a93 17
    # Warm up user ppp if required, must happen before natd.
    if [ "X$ppp_enable" = X"YES" ]; then
	    # Establish ppp mode.
	    if [ "X$ppp_mode" != X"ddial" -a "X$ppp_mode" != X"direct" \
		-a "X$ppp_mode" != X"dedicated" ]; then \
	        ppp_mode="auto";
	    fi
	    ppp_command="-${ppp_mode} ";

	    # Switch on alias mode?
	    if [ "X$ppp_nat" = X"YES" ]; then
		ppp_command="${ppp_command} -nat";
	    fi

	    echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
    fi

d140 17
@


1.39.2.10
log
@$Id$ -> $FreeBSD$
@
text
@d3 1
a3 1
# $FreeBSD$
@


1.39.2.11
log
@MFC: Enable DHCP support
PR:	13548
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.39.2.10 1999/08/29 14:18:56 peter Exp $
d66 1
a66 6
		    # See if we are using DHCP
		    if [ X"${ifconfig_args}" = X"DHCP" ]; then
			     ${dhcp_program} ${dhcp_flags} ${ifn}
		    else
			     ifconfig ${ifn} ${ifconfig_args}
		    fi
@


1.39.2.12
log
@Put "${firewall_script}" in quotes.

Submitted by:	rox@@fearme.com
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.39.2.11 1999/09/03 08:57:26 jkh Exp $
d139 2
a140 2
	if [ -f "${firewall_script}" -a X"$firewall_enable" = X"YES" ]; then
	    . "${firewall_script}"
@


1.39.2.13
log
@MFC: Add the net.inet.icmp.drop_redirect, net.inet.icmp.log_redirect,
net.inet.tcp.drop_synfin and net.inet.tcp.restrict_rst sysctls.
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.39.2.12 1999/09/19 21:35:18 green Exp $
a199 10
    
    if [ "X$icmp_drop_redirect" = X"YES" ]; then
	    echo -n ' ignore ICMP redirect=YES'
	    sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
    fi
    
    if [ "X$icmp_log_redirect" = X"YES" ]; then
	    echo -n ' log ICMP redirect=YES'
	    sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
    fi
a218 10
    fi

    if [ "X$tcp_drop_synfin" = X"YES" ]; then
	    echo -n ' drop SYN+FIN packets=YES'
	    sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
    fi

    if [ "X$tcp_restrict_rst" = X"YES" ]; then
	    echo -n ' restrict TCP reset=YES'
	    sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
@


1.39.2.14
log
@MFC (with whitespace changes): start pppoed
@
text
@d3 1
a3 1
# $FreeBSD: src/etc/rc.network,v 1.39.2.13 1999/10/14 11:49:32 des Exp $
a396 10

    case ${pppoed_enable} in
    [Yy][Ee][Ss])
	if [ -n "${pppoed_provider}" ]; then
	    pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
	fi
	echo -n ' pppoed';
	/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
	;;
    esac
@


1.38
log
@Integrate the ISDN subsystem into the /etc/rc framework
Reviewed by: Joerg Wunsch
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.37 1999/01/03 22:19:23 jkh Exp $
d38 14
@


1.37
log
@Allow rwhod to take flags.

PR:		7705
Submitted by:	Johan Karlsson <k@@numeri.campus.luth.se>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.36 1998/11/27 07:06:11 jkoshy Exp $
d32 5
@


1.36
log
@Direct std{err,out} to /dev/null when invoking sysctl(8) for setting
`nfs_access_cache_timeout'.

Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.35 1998/11/15 20:30:04 msmith Exp $
d276 1
a276 1
	    echo -n ' rwhod';	rwhod
@


1.35
log
@Implement the nfs_access_cache variable, allowing us to set the timeout for
the NFS client's ACCESS cache.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.34 1998/11/11 05:23:44 peter Exp $
d261 3
a263 2
	    if [ ! "X${nfs_access_cache}" = X ]; then
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache}
@


1.34
log
@kldload ipfw, it's installed always and works on both kernel formats
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.33 1998/10/06 19:24:14 phk Exp $
d261 3
@


1.33
log
@Here are some scripts and man pages for configuring HARP ATM
interfaces.

Reviewed by:	phk
Submitted by:	Mike Spengler <mks@@networkcs.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.32 1998/09/16 20:38:23 cracauer Exp $
d74 1
a74 1
	if modload /lkm/ipfw_mod.o; then
@


1.32
log
@rc.conf variable $amd_map_program needs to be eval'ed.
PR:		misc/7435
Submitted by:	David Wolfskill <dhw@@whistle.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.31 1998/09/15 10:49:02 jkoshy Exp $
d28 6
d98 5
d227 5
@


1.31
log
@Turn off replies to ICMP echo requests for broadcast and multicast
addresses by default.

Add a knob "icmp_bmcastecho" to "rc.network" to allow this
behaviour to be controlled from "rc.conf".

Document the controlling sysctl variable "net.inet.icmp.bmcastecho"
in sysctl(3).

Reviewed by: dg, jkh
Reminded on -hackers by: Steinar Haug <sthaug@@nethelp.no>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.30 1998/09/06 08:20:11 phk Exp $
d250 1
a250 1
		amd_flags="${amd_flags} `${amd_map_program}`"
@


1.30
log
@tcp_extensions now only applies to RFC1323
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.29 1998/08/14 06:55:17 phk Exp $
d111 5
@


1.29
log
@In /etc/rc.network, near line 242, setting up Kerberos,
variable "stash_flag" is set.  A few lines later, it is evaluated
as "stash_flags" with a trailing "s", and then a bit later the
singular version is unset.

PR:		7609
Reviewed by:	phk
Submitted by:	Walt Howard <howard@@ee.utah.edu>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.28 1998/07/08 15:40:53 nectar Exp $
a110 1
	    sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
@


1.28
log
@Allow either an IP address or an interface to be specified in
the rc.conf variable ``natd_interface''.  rc.network will
determine whether it is an IP address or an interface name,
and invoke natd with the -a or -n flag as appropriate.

PR:				6947
Reviewed by:	jkh@@FreeBSD.ORG
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.27 1998/06/14 16:31:03 steve Exp $
d263 1
a263 1
		kerberos ${stash_flags} >> /var/log/kerberos.log &
d266 1
a266 1
		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
@


1.27
log
@Cleanup natd startup test.

PR:		6946
Submitted by:	Jacques Vidrine <n@@nectar.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.26 1998/05/19 04:36:31 jkh Exp $
d272 10
a281 4
    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" \
	-a "X${firewall_enable}" = X"YES" ]; then
	    echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
    fi
@


1.26
log
@cosmetic: clean up startup messages and rearrange some options
to go in a more proper order.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.25 1998/05/06 17:36:16 andreas Exp $
d272 3
a274 4
    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
	    if [ -a "X${firewall_enable}" = X"YES" ]; then
	            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
	    fi
@


1.25
log
@Overlooked, that newer naming convention is xxx_program instead of xxx_prog.
So changed it to ntpdate_program and xntpd_program.
Backout last change, now we have again named_program, sorry.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.24 1998/05/05 21:14:27 andreas Exp $
d68 1
a68 2
	modload /lkm/ipfw_mod.o
	if [ $? = 0 ]; then
a128 4
    if [ "X$router_enable" = X"YES" ]; then
	    echo -n " ${router}";	${router} ${router_flags}
    fi
    
d134 11
d146 1
a146 1
	    echo -n ' IPXrouted: '
d150 2
a151 3
    if [ "X$arpproxy_all" = X"YES" ]; then
	    echo -n ' enabling ARP_PROXY_ALL: '
	    sysctl -w net.link.ether.inet.proxyall=1 2>&1
d153 1
a156 1

a227 1
		    echo -n ' nfsprivport=YES'
a270 5
    # IP multicast routing daemon
    if [ "X${mrouted_enable}" = X"YES" ]; then
	    echo -n ' mrouted'; mrouted ${mrouted_flags}
    fi

@


1.24
log
@Add variables for the ntpdate and xntpd program, you might want
to run the binaries from the new ntp v4 port.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.23 1998/04/26 06:32:13 phk Exp $
d163 1
a163 1
	    echo -n ' ntpdate';	${ntpdate_prog} ${ntpdate_flags} >/dev/null 2>&1
d167 1
a167 1
	    echo -n ' xntpd';	${xntpd_prog} ${xntpd_flags}
@


1.23
log
@Jean-Simon Pendry's paper on  amd refers to the use of "ypcat -k"
against the "master map" to get the list of mount point/amd map
correspondences, and using that list as command-line arguments to start
amd.

When I tried to do this with the existing /etc/rc* scripts, I found that
I couldn't do this by modifying only /etc/rc.conf:  that file gets
sourced very early by /etc/rc, well before any networking functionality
is present, let alone NIS.  Further, I wasn't able to figure out a way
to use various levels & types of quoting to defer evaluation of the
string to a point subsequent to NIS initialization.

As a result, I resorted to hacking /etc/rc.network -- but I did it in a
way that ought to be reasonably general, and avoid breakage for anyone
else.

PR:		6387
Reviewed by:	phk
Submitted by:	David Wolfskill <dhw@@whistle.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.22 1998/04/18 10:27:06 brian Exp $
d163 1
a163 1
	    echo -n ' ntpdate';	ntpdate ${ntpdate_flags} >/dev/null 2>&1
d167 1
a167 1
	    echo -n ' xntpd';	xntpd ${xntpd_flags}
@


1.22
log
@Add natd support.
PR:		6339
Submitted by:	cdillon@@wolves.k12.mo.us
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.21 1998/04/12 09:47:43 markm Exp $
d241 3
@


1.21
log
@Enable the SecureRPC bits in rc.conf, if the Administrator wants them.
@
text
@d3 1
a3 1
#	$Id$
d268 8
@


1.20
log
@Allow rarpd to be started from rc.conf
PR:		5457
Submitted by:	Andre Albsmeier <andre.albsmeier@@mchp.siemens.de>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.19 1998/02/20 14:45:06 brian Exp $
d198 9
@


1.19
log
@Remove useless argument to ``. start_if.$ifn''
Pointed out by: Tim Tsai <tim@@futuresouth.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.18 1998/02/16 19:21:32 guido Exp $
d148 4
@


1.18
log
@Add 2 new rc.conf variables:
forward_sourceroute : controls setting of existing net.inet.ip.sourceroute
accept_sourceroute : control setting of new net.inet.ip.accept_sourceroute
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.17 1998/02/14 04:12:23 alex Exp $
d31 1
a31 1
		    . /etc/start_if.${ifn} ${ifn}
@


1.17
log
@Avoid using grep when determining ipfw's default policy -- it may not
be available at this stage of the boot if /usr is NFS mounted.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.16 1998/02/07 04:56:56 alex Exp $
d120 10
@


1.16
log
@Don't assume that IP services are disabled just because firewall_enable
is not set to YES in rc.conf.

Noticed by:	Mikael Karpberg <karpen@@ocean.campus.luth.se>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.15 1998/02/01 00:20:56 wollman Exp $
d84 2
a85 1
	    if ipfw l 65535 | grep deny; then
@


1.15
log
@Add an additional `named_program' variable so that we can easily choose
between 4.9.6 and the port of 8.x.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.14 1998/01/10 03:33:39 alex Exp $
d84 5
a88 2
	    echo "Warning: kernel has firewall functionality, but firewall rules are not enabled."
	    echo "         All ip services are disabled."
@


1.14
log
@Compare return code from ipfw against 0 for success instead of == 1
for error.

Pointed out by:	Matthew Thyer <thyerm@@camtech.net.au>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.13 1997/12/01 06:11:34 obrien Exp $
d141 1
a141 1
	    echo -n ' named';		named ${named_flags}
@


1.13
log
@MF 22s
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.12 1997/11/07 20:45:34 sef Exp $
d61 3
a63 1
    if [ $? = 1 ] ; then
a64 2
    else 
	firewall_in_kernel=1
@


1.12
log
@Allow the system to be configured to pass "-n" to kerberos and
kadmind or not; also, only run kadmind on a non-slave server.  Man
page for rc.conf is also updated.

Reviewed by:	Mark Murray
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.11 1997/09/18 22:43:48 danny Exp $
d144 3
a146 4
    if [ "X${ntpdate_enable}" = X"YES" -o "X${xntpd_enable}" = X"YES" ]; then
	    if [ "X${ntpdate_enable}" = X"YES" ]; then
		    echo -n ' ntpdate';	ntpdate ${ntpdate_flags} >/dev/null 2>&1
	    fi
d148 2
a149 3
	    if [ "X${xntpd_enable}" = X"YES" ]; then
		    echo -n ' xntpd';	xntpd ${xntpd_flags}
	    fi
@


1.11
log
@Fix some problems in the rules file loading and need for modload detection.

Found by: "James E. Housley" <housley@@pr-comm.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.10 1997/09/11 10:59:02 danny Exp $
d225 12
a236 3
	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
	    echo -n ' kadmind'; \
		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
@


1.10
log
@Reviewed by:	msmith, alex
Cosmetic changes to the loading of firewall rules and lkm.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.9 1997/07/06 00:33:34 pst Exp $
d61 1
a61 1
    if [ $? ] ; then
@


1.9
log
@Merge from 2.2 (tcp extensions in phase 1)
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.8 1997/05/19 07:46:48 jkh Exp $
d57 24
a80 4
    
    # If IP filtering
    if [ -n "$firewall" -a "x$firewall" != "xNO" -a -f /etc/rc.firewall ] ; then
	    echo -n ' firewall'
d82 5
d88 2
@


1.8
log
@Neaten up some things which were inconsistent, add a few more flags
to things which need them, general cleanup.
Submitted by:	Brian Somers <brian@@awfulhak.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.7 1997/05/13 08:22:27 jkh Exp $
d78 6
a112 5
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echo -n ' tcp extensions=NO'
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
	    sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
    fi
@


1.7
log
@Add arp_proxyall knob.
Submitted by:	Christoph Kukulies <kuku@@gilberto.physik.RWTH-Aachen.DE>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.6 1997/05/03 11:22:17 jkh Exp $
d173 1
a173 1
	    echo -n ' nfsd';		nfsd -u -t 4
d183 1
a183 1
	    echo -n ' nfsiod';		nfsiod -n 4
@


1.6
log
@Update the etc world from RELENG_2_2 which is now more up-to-date
(gotta get myself -current again, this is a drag).

Also-fixes-problems-noted-by: Wolfgang Helbig & Joerg Wunsch
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.6 1997/05/01 23:42:19 jkh Exp $
d95 5
@


1.5
log
@Ack, learn to spell "extentions" the same way in the same file.
Also make the output a little less cryptic for sysctl settings.

Suggested by:	bde
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.4 1997/05/01 20:04:42 jkh Exp $
d102 2
a103 2
    if [ -n "$tcp_extentions" -a "x$tcp_extentions" != "xYES" ] ; then
	    echo -n ' tcp extentions=NO'
a111 4
	    if [ "X${tickadj_enable}" = X"YES" ]; then
		    echo -n ' tickadj';	tickadj ${tickadj_flags--Aq}
	    fi

@


1.4
log
@YAMF22
PR:		3456
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.3 1997/05/01 04:38:16 jkh Exp $
d79 1
a79 1
	    echo -n ' IP gateway=1'
d88 1
a88 1
	    echo -n ' IPX gateway=1'
d102 2
a103 2
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echo -n ' tcp extentions=0'
d169 1
a169 1
		    echo -n ' nfsprivport=1'
@


1.3
log
@YAMF22
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.2 1997/04/27 03:59:14 jkh Exp $
d61 1
a61 1
	    sh /etc/rc.firewall
@


1.2
log
@Bring in rc file changes from -current.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.1 1997/04/26 22:39:34 jkh Exp $
d103 1
a103 1
	    echon -n ' tcp extentions=0'
@


1.1
log
@file rc.network was initially added on branch RELENG_2_2.
@
text
@d1 207
@


1.1.2.1
log
@Bring in rc reorganizational changes.  I'm bringing them into 2.2
first rather than 3.0 because, ironically, I have every confidence that
they run in 2.2 but not in 3.0 yet.  3.0 commits will follow just as I've
finished an inventory for any new knobs in -current which need accomodation.
In any case, it's good to get them into 2.2 early because there is going
to be a doc hit for this (all the references to sysconfig) and I'd just
as soon start getting people used to the new files ASAP rather than
prolonging the pain any more than necessary.
@
text
@a0 207
#!/bin/sh -
#
#	$Id$
#	From: @@(#)netstart	5.9 (Berkeley) 3/30/91

# Note that almost all the user-configurable behavior is no longer in
# this file, but rather in /etc/rc.conf.  Please check that file
# first before contemplating any changes here.  If you do need to change
# this file for some reason, we would like to know about it.

# First pass startup stuff.

network_pass1() {
    echo -n 'Doing initial network setup:'
    # Set the host name if it is not already set
    if [ -z "`hostname -s`" ] ; then
	    hostname $hostname
	    echo -n ' hostname'
    fi

    # Set the domainname if we're using NIS
    if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then
	    domainname $nisdomainname
	    echo -n ' domain'
    fi
    echo '.'

    # Set up all the network interfaces, calling startup scripts if needed
    for ifn in ${network_interfaces}; do
	    if [ -e /etc/start_if.${ifn} ]; then
		    . /etc/start_if.${ifn} ${ifn}
	    fi
	    # Do the primary ifconfig if specified
	    eval ifconfig_args=\$ifconfig_${ifn}
	    if [ -n "${ifconfig_args}" ] ; then
		    ifconfig ${ifn} ${ifconfig_args}
	    fi
	    # Check to see if aliases need to be added
	    alias=0
	    while :
	    do
		    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
		    if [ -n "${ifconfig_args}" ]; then
			    ifconfig ${ifn} ${ifconfig_args} alias
			    alias=`expr ${alias} + 1`
		    else
			    break;
		    fi
	    done
	    # Do ipx address if specified
	    eval ifconfig_args=\$ifconfig_${ifn}_ipx
	    if [ -n "${ifconfig_args}" ]; then
		    ifconfig ${ifn} ${ifconfig_args}
	    fi
	    ifconfig ${ifn}
    done
    
    # If IP filtering
    if [ -n "$firewall" -a "x$firewall" != "xNO" -a -f /etc/rc.firewall ] ; then
	    echo -n ' firewall'
	    sh /etc/rc.firewall
    fi

    if [ "x$defaultrouter" != "xNO" ] ; then
	    static_routes="default ${static_routes}"
	    route_default="default ${defaultrouter}"
    fi
    
    # Set up any static routes.  This should be done before router discovery.
    if [ "x${static_routes}" != "x" ]; then
	    for i in ${static_routes}; do
		    eval route_args=\$route_${i}
		    route add ${route_args}
	    done
    fi

    echo -n 'Additional routing options:'
    if [ "X$gateway_enable" = X"YES" ]; then
	    echo -n ' IP gateway=1'
	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1
    fi
    
    if [ "X$router_enable" = X"YES" ]; then
	    echo -n " ${router}";	${router} ${router_flags}
    fi
    
    if [ "X$ipxgateway_enable" = X"YES" ]; then
	    echo -n ' IPX gateway=1'
	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1
    fi
    
    if [ "X$ipxrouted_enable" = X"YES" ]; then
	    echo -n ' IPXrouted: '
	    IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
    fi
    echo '.'
    network_pass1_done=YES	# Let future generations know we made it.
}

network_pass2() {
    echo -n 'Doing additional network setup:'
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echon -n ' tcp extentions=0'
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
	    sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
    fi
    if [ "X${named_enable}" = X"YES" ]; then
	    echo -n ' named';		named ${named_flags}
    fi

    if [ "X${ntpdate_enable}" = X"YES" -o "X${xntpd_enable}" = X"YES" ]; then
	    if [ "X${tickadj_enable}" = X"YES" ]; then
		    echo -n ' tickadj';	tickadj ${tickadj_flags--Aq}
	    fi

	    if [ "X${ntpdate_enable}" = X"YES" ]; then
		    echo -n ' ntpdate';	ntpdate ${ntpdate_flags} >/dev/null 2>&1
	    fi

	    if [ "X${xntpd_enable}" = X"YES" ]; then
		    echo -n ' xntpd';	xntpd ${xntpd_flags}
	    fi
    fi

    if [ "X${timed_enable}" = X"YES" ]; then
	    echo -n ' timed';		timed ${timed_flags}
    fi

    if [ "X${portmap_enable}" = X"YES" ]; then
	    echo -n ' portmap';		portmap ${portmap_flags}
    fi

    # Start ypserv if we're an NIS server.
    # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
    if [ "X${nis_server_enable}" = X"YES" ]; then
	    echo -n ' ypserv'; ypserv ${nis_server_flags}
	    
	    if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then
		    echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags}
	    fi
	    
	    if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then
		    echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags}
	    fi
    fi

    # Start ypbind if we're an NIS client
    if [ "X${nis_client_enable}" = X"YES" ]; then
	    echo -n ' ypbind'; ypbind ${nis_client_flags}
	    if [ "X${nis_ypset_enable}" = X"YES" ]; then
		    echo -n ' ypset'; ypset ${nis_ypset_flags}
	    fi
    fi

    echo '.'
    network_pass2_done=YES
}

network_pass3() {
    echo -n 'Starting final network daemons:'

    if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then
	    echo -n ' mountd'
	    if [ "X${weak_mountd_authentication}" = X"YES" ]; then
		    mountd_flags="-n"
	    fi
	    mountd ${mountd_flags}
	    if [ "X${nfs_reserved_port_only}" = X"YES" ]; then
		    echo -n ' nfsprivport=1'
		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1
	    fi
	    echo -n ' nfsd';		nfsd -u -t 4
	    if [ "X$rpc_lockd_enable" = X"YES" ]; then
		echo -n ' rpc.lockd';		rpc.lockd
	    fi
	    if [ "X$rpc_statd_enable" = X"YES" ]; then
		echo -n ' rpc.statd';		rpc.statd
	    fi
    fi
    
    if [ "X${nfs_client_enable}" = X"YES" ]; then
	    echo -n ' nfsiod';		nfsiod -n 4
    fi

    if [ "X${amd_enable}" = X"YES" ]; then
	    echo -n ' amd'
	    amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
    fi

    if [ "X${rwhod_enable}" = X"YES" ]; then
	    echo -n ' rwhod';	rwhod
    fi

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
	    echo -n ' kerberos';	kerberos >> /var/log/kerberos.log &
	    echo -n ' kadmind'; \
		    (sleep 20; kadmind -n >/dev/null 2>&1 &) &
    fi
    
    # IP multicast routing daemon
    if [ "X${mrouted_enable}" = X"YES" ]; then
	    echo -n ' mrouted'; mrouted ${mrouted_flags}
    fi
    echo '.'
    network_pass3_done=YES
}
@


1.1.2.2
log
@tickadj is useful even if ntpdate isn't selected (clock drift isn't
isolated to network time users) so make it a fully independant knob.
Suggested-By: Richard Crook <richard@@sj.co.uk>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.1 1997/04/26 22:39:34 jkh Exp $
d112 4
@


1.1.2.3
log
@Correct bogosity with tcp_extensions clause.
Submitted-By: "Philippe Charnier" <charnier@@xp11.frmug.org>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.2 1997/04/27 11:13:39 jkh Exp $
d103 1
a103 1
	    echo -n ' tcp extentions=0'
@


1.1.2.4
log
@Source rc.firewall, don't execute it (so that variables get passed in
properly).  Closes PR#3456

Submitted-By: Christopher Masto <chris@@netmonger.net>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.3 1997/05/01 04:37:10 jkh Exp $
d61 1
a61 1
	    . /etc/rc.firewall
@


1.1.2.5
log
@YAMFC
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.4 1997/05/01 20:02:58 jkh Exp $
d79 1
a79 1
	    echo -n ' IP gateway=YES'
d88 1
a88 1
	    echo -n ' IPX gateway=YES'
d102 2
a103 2
    if [ -n "$tcp_extentions" -a "x$tcp_extentions" != "xYES" ] ; then
	    echo -n ' tcp extentions=NO'
d165 1
a165 1
		    echo -n ' nfsprivport=YES'
@


1.1.2.6
log
@DOH!  I "corrected" the spelling in exactly the opposite way
I meant to.  Urk.  Fix.
Reminded by:	wollman
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.5 1997/05/01 20:28:48 jkh Exp $
d102 2
a103 2
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echo -n ' tcp extensions=NO'
@


1.1.2.7
log
@Merge arp_proxyall knob from -current.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.6 1997/05/01 23:42:19 jkh Exp $
a94 5
    fi
    
    if [ "X$arpproxy_all" = X"YES" ]; then
	    echo -n ' enabling ARP_PROXY_ALL: '
	    sysctl -w net.link.ether.inet.proxyall=1 2>&1
@


1.1.2.8
log
@YAMFC
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.7 1997/05/13 08:27:49 jkh Exp $
d173 1
a173 1
	    echo -n ' nfsd';		nfsd ${nfs_server_flags}
d183 1
a183 1
	    echo -n ' nfsiod';		nfsiod ${nfs_client_flags}
@


1.1.2.9
log
@Move TCP extensions into phase 1.
Submitted by:	bde
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.8 1997/05/19 08:02:37 jkh Exp $
a77 6
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echo -n ' tcp extensions=NO'
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
	    sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
    fi

d107 5
@


1.1.2.10
log
@MFC - firewall initialization cosmetics.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.9 1997/07/06 00:32:00 pst Exp $
d57 4
a60 24

    # Initialize IP filtering using ipfw
    echo ""
    /sbin/ipfw -q flush > /dev/null 2>&1
    if [ $? ] ; then
	firewall_in_kernel=0
    else 
	firewall_in_kernel=1
    fi

    if [ $firewall_in_kernel = 0 -a "x$firewall_enable"  = "xYES" ] ; then
	modload /lkm/ipfw_mod.o
	if [ $? = 0 ]; then
		firewall_in_kernel=1		# module loaded successfully
		echo "Kernel firewall module loaded."
	else
		echo "Warning: firewall kernel module failed to load."
	fi
    fi

    # Load the filters if required
    if [ $firewall_in_kernel = 1 ]; then
	if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \
		"x$firewall_enable" = "xYES" ] ; then
a61 5
	    echo "Firewall rules loaded."
	else
	    echo "Warning: kernel has firewall functionality, but firewall rules are not enabled."
	    echo "         All ip services are disabled."
	fi
a62 2

    # Configure routing
@


1.1.2.11
log
@Fix problems with rules file loading and need-modload detection.
Found by: "James E. Housley" <housley@@pr-comm.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.10 1997/09/14 23:35:26 danny Exp $
d61 1
a61 1
    if [ $? = 1 ] ; then
@


1.1.2.12
log
@Remove useless double test.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.11 1997/09/18 22:47:12 danny Exp $
d144 4
a147 3
    if [ "X${ntpdate_enable}" = X"YES" ]; then
	    echo -n ' ntpdate';	ntpdate ${ntpdate_flags} >/dev/null 2>&1
    fi
d149 3
a151 2
    if [ "X${xntpd_enable}" = X"YES" ]; then
	    echo -n ' xntpd';	xntpd ${xntpd_flags}
@


1.1.2.13
log
@MFC: allow an alternate named to be specified.
Revs: rc.conf 1.37, rc.network 1.15
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.12 1997/12/01 06:06:35 obrien Exp $
d141 1
a141 1
	    echo -n ' named';		${named_program-"named"} ${named_flags}
@


1.1.2.14
log
@MFC: selected improvements for etc files *not* including periodic changes,
     security tweaks or other kerberbos related stuff.  I expect that
     stuff to occur as a side-effect of what others will be doing in etc,
     if at all.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.13 1998/02/01 00:24:02 wollman Exp $
d61 3
a63 1
    if [ $? = 0 ] ; then
a64 2
    else 
	firewall_in_kernel=0
d84 2
a85 6
	    IPFW_DEFAULT=`ipfw l 65535`
	    if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then
		echo -n "Warning: kernel has firewall functionality, "
		echo "but firewall rules are not enabled."
		echo "         All ip services are disabled."
	    fi
@


1.1.2.15
log
@MFC: Remove useless argument to ``. start_if.$ifn''
     Pointed out by: Tim Tsai <tim@@futuresouth.com>
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.14 1998/02/15 14:24:50 jkh Exp $
d31 1
a31 1
		    . /etc/start_if.${ifn}
@


1.1.2.16
log
@MFC: Addition of forward_sourceroute and accept_sourceroute variables
in rc.conf and the implementation of the latter.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.15 1998/02/20 14:46:12 brian Exp $
a119 10
    if [ "X$forward_sourceroute" = X"YES" ]; then
	    echo -n ' do source routing=YES'
	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1
    fi

    if [ "X$accept_sourceroute" = X"YES" ]; then
	    echo -n ' accept source routing=YES'
	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1
    fi

@


1.1.2.17
log
@MFC: cosmetic tweaks, merge in new kerberos vars for rc.conf.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.16 1998/02/23 20:21:07 guido Exp $
d237 3
a239 12
	    if [ "X${kerberos_stash}" = "XYES" ]; then
		stash_flag=-n
	    else
		stash_flag=
	    fi
	    echo -n ' kerberos'; \
		kerberos ${stash_flags} >> /var/log/kerberos.log &
	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
		echo -n ' kadmind'; \
		(sleep 20; kadmind ${stash_flags} >/dev/null 2>&1 &) &
	    fi
	    unset stash_flag
@


1.1.2.18
log
@MFC: rarpd flags.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.17 1998/02/27 20:49:15 jkh Exp $
a147 4
    if [ "X$rarpd_enable" = X"YES" ]; then
	    echo -n ' rarpd';     rarpd ${rarpd_flags}
    fi

@


1.1.2.19
log
@Merged in changes from current
config option to specify the path for ntpdate and xntpd program
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.18 1998/03/09 08:52:01 jkh Exp $
d163 1
a163 1
	    echo -n ' ntpdate';	${ntpdate_prog} ${ntpdate_flags} >/dev/null 2>&1
d167 1
a167 1
	    echo -n ' xntpd';	${xntpd_prog} ${xntpd_flags}
@


1.1.2.20
log
@MFC: xxx_prog -> xxx_program, overlooked this new style of var names.
     backout last change "named_prog"
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.19 1998/05/05 21:39:44 andreas Exp $
d163 1
a163 1
	    echo -n ' ntpdate';	${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1
d167 1
a167 1
	    echo -n ' xntpd';	${xntpd_program} ${xntpd_flags}
@


1.1.2.21
log
@MFC: natd support
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.20 1998/05/06 17:43:00 andreas Exp $
a258 6

    # Network Address Translation daemon
    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then
            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
    fi

@


1.1.2.22
log
@MFC 1.28 -> 1.29: Fix misspelling of "stash_flag".
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.21 1998/06/27 21:23:20 steve Exp $
d247 1
a247 1
		kerberos ${stash_flag} >> /var/log/kerberos.log &
d250 1
a250 1
		(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
@


1.1.2.23
log
@Add hooks for configuring the NFS ACCESS cache, defaulting it to disabled.
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.22 1998/09/30 01:08:12 jdp Exp $
a227 3
	    if [ ! "X${nfs_access_cache}" = X ]; then
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache}
	    fi
@


1.1.2.24
log
@MFC: redirect sysctl output properly to /dev/null

Requested by:	jkoshy
@
text
@d3 1
a3 1
#	$Id: rc.network,v 1.1.2.23 1998/11/25 21:51:34 msmith Exp $
d228 2
a229 3
	    if [ "X${nfs_access_cache}" != X ]; then
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
			>/dev/null 2>&1
@


1.1.2.25
log
@$Id$ -> $FreeBSD$
@
text
@d3 1
a3 1
# $FreeBSD$
@


