head	1.12;
access;
symbols
	RELENG_8_4:1.11.0.2
	RELENG_9_1_0_RELEASE:1.7.4.2.2.2
	RELENG_9_1:1.7.4.2.0.2
	RELENG_9_1_BP:1.7.4.2
	RELENG_8_3_0_RELEASE:1.7.2.2.2.1
	RELENG_8_3:1.7.2.2.0.2
	RELENG_8_3_BP:1.7.2.2
	RELENG_9_0_0_RELEASE:1.7.4.1.2.1
	RELENG_9_0:1.7.4.1.0.2
	RELENG_9_0_BP:1.7.4.1
	RELENG_9:1.7.0.4
	RELENG_9_BP:1.7
	RELENG_7_4_0_RELEASE:1.5.12.1
	RELENG_8_2_0_RELEASE:1.7.2.1.6.1
	RELENG_7_4:1.5.0.12
	RELENG_7_4_BP:1.5
	RELENG_8_2:1.7.2.1.0.6
	RELENG_8_2_BP:1.7.2.1
	RELENG_8_1_0_RELEASE:1.7.2.1.4.1
	RELENG_8_1:1.7.2.1.0.4
	RELENG_8_1_BP:1.7.2.1
	RELENG_7_3_0_RELEASE:1.5.10.1
	RELENG_7_3:1.5.0.10
	RELENG_7_3_BP:1.5
	RELENG_8_0_0_RELEASE:1.7.2.1.2.1
	RELENG_8_0:1.7.2.1.0.2
	RELENG_8_0_BP:1.7.2.1
	RELENG_8:1.7.0.2
	RELENG_8_BP:1.7
	RELENG_7_2_0_RELEASE:1.5.8.1
	RELENG_7_2:1.5.0.8
	RELENG_7_2_BP:1.5
	RELENG_7_1_0_RELEASE:1.5.6.1
	RELENG_6_4_0_RELEASE:1.1.2.3.4.1
	RELENG_7_1:1.5.0.6
	RELENG_7_1_BP:1.5
	RELENG_6_4:1.1.2.3.0.4
	RELENG_6_4_BP:1.1.2.3
	RELENG_7_0_0_RELEASE:1.5
	RELENG_6_3_0_RELEASE:1.1.2.3
	RELENG_7_0:1.5.0.4
	RELENG_7_0_BP:1.5
	RELENG_6_3:1.1.2.3.0.2
	RELENG_6_3_BP:1.1.2.3
	RELENG_7:1.5.0.2
	RELENG_7_BP:1.5
	RELENG_6_2_0_RELEASE:1.1.2.1
	RELENG_6_2:1.1.2.1.0.6
	RELENG_6_2_BP:1.1.2.1
	RELENG_6_1_0_RELEASE:1.1.2.1
	RELENG_6_1:1.1.2.1.0.4
	RELENG_6_1_BP:1.1.2.1
	RELENG_6_0_0_RELEASE:1.1.2.1
	RELENG_6_0:1.1.2.1.0.2
	RELENG_6_0_BP:1.1.2.1
	RELENG_6:1.1.0.2;
locks; strict;
comment	@# @;


1.12
date	2013.07.16.00.30.38;	author svnexp;	state Exp;
branches;
next	1.11;

1.11
date	2013.02.06.00.34.34;	author svnexp;	state Exp;
branches
	1.11.2.1;
next	1.10;

1.10
date	2012.11.17.01.49.05;	author svnexp;	state Exp;
branches;
next	1.9;

1.9
date	2012.01.14.02.18.41;	author dougb;	state Exp;
branches;
next	1.8;

1.8
date	2012.01.09.08.50.22;	author glebius;	state Exp;
branches;
next	1.7;

1.7
date	2009.06.26.01.04.50;	author dougb;	state Exp;
branches
	1.7.2.1
	1.7.4.1;
next	1.6;

1.6
date	2009.06.01.05.35.03;	author dougb;	state Exp;
branches;
next	1.5;

1.5
date	2007.04.10.16.42.13;	author keramida;	state Exp;
branches
	1.5.2.1
	1.5.6.1
	1.5.8.1
	1.5.10.1
	1.5.12.1;
next	1.4;

1.4
date	2007.04.09.08.53.40;	author des;	state Exp;
branches;
next	1.3;

1.3
date	2007.04.02.22.53.07;	author des;	state Exp;
branches;
next	1.2;

1.2
date	2006.12.31.10.37.18;	author yar;	state Exp;
branches;
next	1.1;

1.1
date	2005.10.02.18.59.02;	author yar;	state Exp;
branches
	1.1.2.1;
next	;

1.11.2.1
date	2013.02.06.00.34.34;	author svnexp;	state dead;
branches;
next	1.11.2.2;

1.11.2.2
date	2013.03.28.13.02.44;	author svnexp;	state Exp;
branches;
next	;

1.7.2.1
date	2009.08.03.08.13.06;	author kensmith;	state Exp;
branches
	1.7.2.1.2.1
	1.7.2.1.4.1
	1.7.2.1.6.1;
next	1.7.2.2;

1.7.2.2
date	2012.02.14.10.17.14;	author dougb;	state Exp;
branches
	1.7.2.2.2.1;
next	1.7.2.3;

1.7.2.3
date	2012.11.17.10.35.57;	author svnexp;	state Exp;
branches;
next	;

1.7.2.1.2.1
date	2009.10.25.01.10.29;	author kensmith;	state Exp;
branches;
next	;

1.7.2.1.4.1
date	2010.06.14.02.09.06;	author kensmith;	state Exp;
branches;
next	;

1.7.2.1.6.1
date	2010.12.21.17.09.25;	author kensmith;	state Exp;
branches;
next	;

1.7.2.2.2.1
date	2012.03.03.06.15.13;	author kensmith;	state Exp;
branches;
next	1.7.2.2.2.2;

1.7.2.2.2.2
date	2012.11.17.08.24.38;	author svnexp;	state Exp;
branches;
next	;

1.7.4.1
date	2011.09.23.00.51.37;	author kensmith;	state Exp;
branches
	1.7.4.1.2.1;
next	1.7.4.2;

1.7.4.2
date	2012.02.14.10.16.56;	author dougb;	state Exp;
branches
	1.7.4.2.2.1;
next	1.7.4.3;

1.7.4.3
date	2012.11.17.11.36.11;	author svnexp;	state Exp;
branches;
next	1.7.4.4;

1.7.4.4
date	2013.01.18.13.34.15;	author svnexp;	state Exp;
branches;
next	1.7.4.5;

1.7.4.5
date	2013.04.03.11.01.46;	author svnexp;	state Exp;
branches;
next	;

1.7.4.1.2.1
date	2011.11.11.04.20.22;	author kensmith;	state Exp;
branches;
next	1.7.4.1.2.2;

1.7.4.1.2.2
date	2012.11.17.08.36.11;	author svnexp;	state Exp;
branches;
next	;

1.7.4.2.2.1
date	2012.08.05.23.54.33;	author kensmith;	state Exp;
branches;
next	1.7.4.2.2.2;

1.7.4.2.2.2
date	2012.11.17.08.47.01;	author svnexp;	state Exp;
branches;
next	;

1.5.2.1
date	2012.02.14.10.17.30;	author dougb;	state Exp;
branches;
next	1.5.2.2;

1.5.2.2
date	2012.11.17.08.01.22;	author svnexp;	state Exp;
branches;
next	;

1.5.6.1
date	2008.11.25.02.59.29;	author kensmith;	state Exp;
branches;
next	;

1.5.8.1
date	2009.04.15.03.14.26;	author kensmith;	state Exp;
branches;
next	;

1.5.10.1
date	2010.02.10.00.26.20;	author kensmith;	state Exp;
branches;
next	;

1.5.12.1
date	2010.12.21.17.10.29;	author kensmith;	state Exp;
branches;
next	1.5.12.2;

1.5.12.2
date	2012.11.17.08.16.37;	author svnexp;	state Exp;
branches;
next	;

1.1.2.1
date	2005.10.08.03.32.54;	author yar;	state Exp;
branches;
next	1.1.2.2;

1.1.2.2
date	2007.05.24.16.14.37;	author des;	state Exp;
branches;
next	1.1.2.3;

1.1.2.3
date	2007.05.28.02.00.54;	author keramida;	state Exp;
branches
	1.1.2.3.4.1;
next	1.1.2.4;

1.1.2.4
date	2012.11.17.07.39.08;	author svnexp;	state Exp;
branches;
next	;

1.1.2.3.4.1
date	2008.10.02.02.57.24;	author kensmith;	state Exp;
branches;
next	;


desc
@@


1.12
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/253357
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@#!/bin/sh
#
# $FreeBSD: head/etc/rc.d/pfsync 253357 2013-07-15 08:48:45Z des $
#

# PROVIDE: pfsync
# REQUIRE: FILESYSTEMS netif
# KEYWORD: nojail

. /etc/rc.subr

name="pfsync"
rcvar="pfsync_enable"
start_precmd="pfsync_prestart"
start_cmd="pfsync_start"
stop_cmd="pfsync_stop"
required_modules="pf"

pfsync_prestart()
{
	case "$pfsync_syncdev" in
	'')
		warn "pfsync_syncdev is not set."
		return 1
		;;
	esac
	return 0
}

pfsync_start()
{
	local _syncpeer

	echo "Enabling pfsync."
	if [ -n "${pfsync_syncpeer}" ]; then
		_syncpeer="syncpeer ${pfsync_syncpeer}"
	fi
	load_kld pfsync
	ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up
}

pfsync_stop()
{
	echo "Disabling pfsync."
	ifconfig pfsync0 -syncdev -syncpeer down
}

load_rc_config $name
run_rc_command "$1"
@


1.11
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/246358
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d3 1
a3 1
# $FreeBSD: head/etc/rc.d/pfsync 246358 2013-02-05 12:18:39Z des $
d45 1
a45 1
	ifconfig pfsync0 -syncdev down
@


1.11.2.1
log
@file pfsync was added on branch RELENG_8_4 on 2013-03-28 13:02:44 +0000
@
text
@d1 49
@


1.11.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 55
#!/bin/sh
#
# $FreeBSD: releng/8.4/etc/rc.d/pfsync 231655 2012-02-14 10:17:14Z dougb $
#

# PROVIDE: pfsync
# REQUIRE: FILESYSTEMS netif
# KEYWORD: nojail

. /etc/rc.subr

name="pfsync"
rcvar="pfsync_enable"
start_precmd="pfsync_prestart"
start_cmd="pfsync_start"
stop_cmd="pfsync_stop"
required_modules="pf"

pfsync_prestart()
{
	# XXX Currently pfsync cannot be a module as it must register
	# a network protocol in a static kernel table.
	if ! kldstat -q -m pfsync; then
		warn "pfsync(4) must be statically compiled in the kernel."
		return 1
	fi

	case "$pfsync_syncdev" in
	'')
		warn "pfsync_syncdev is not set."
		return 1
		;;
	esac
	return 0
}

pfsync_start()
{
	local _syncpeer

	echo "Enabling pfsync."
	if [ -n "${pfsync_syncpeer}" ]; then
		_syncpeer="syncpeer ${pfsync_syncpeer}"
	fi
	ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up
}

pfsync_stop()
{
	echo "Disabling pfsync."
	ifconfig pfsync0 -syncdev down
}

load_rc_config $name
run_rc_command "$1"
@


1.10
log
@Switching exporter and resync
@
text
@d3 1
a3 1
# $FreeBSD: head/etc/rc.d/pfsync 230099 2012-01-14 02:18:41Z dougb $
d38 1
@


1.9
log
@SVN rev 230099 on 2012-01-14 02:18:41Z by dougb

Prepare for the removal of set_rcvar() by changing the rcvar=
assignments to the literal values it would have returned.

The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.

During the discussion on freebsd-rc@@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
@
text
@d3 1
a3 1
# $FreeBSD$
@


1.8
log
@SVN rev 229850 on 2012-01-09 08:50:22Z by glebius

Bunch of fixes to pfsync(4) module load/unload:

o Make the pfsync.ko actually usable. Before this change loading it
  didn't register protosw, so was a nop. However, a module /boot/kernel
  did confused users.
o Rewrite the way we are joining multicast group:
  - Move multicast initialization/destruction to separate functions.
  - Don't allocate memory if we aren't going to join a multicast group.
  - Use modern API for joining/leaving multicast group.
  - Now the utterly wrong pfsync_ifdetach() isn't needed.
o Move module initialization from SYSINIT(9) to moduledata_t method.
o Refuse to unload module, unless asked forcibly.
o Improve a bit some FreeBSD porting code:
  - Use separate malloc type.
  - Simplify swi sheduling.

This change is probably wrong from VIMAGE viewpoint, however pfsync
wasn't VIMAGE-correct before this change, too.

Glanced at by:	bz
@
text
@d13 1
a13 1
rcvar=`set_rcvar`
@


1.7
log
@SVN rev 195026 on 2009-06-26 01:04:50Z by dougb

Reverse the effect of r193198 for pf and ipfw which will once again
allow them to start after netif. There were too many problems reported
with this change in the short period of time that it lived in HEAD, and
we are too late in the release cycle to properly shake it out.

IMO the issue of having the firewalls up before the network is still a
valid concern, particularly for pf whose default state is wide open.
However properly solving this issue is going to take some investment
on the part of the people who actually use those tools.

This is not a strict reversion of all the changes for r193198 since it
also included some simplification of the BEFORE/REQUIRE logic which is
still valid for ipfilter and ip6fw.
@
text
@a20 7
	# XXX Currently pfsync cannot be a module as it must register
	# a network protocol in a static kernel table.
	if ! kldstat -q -m pfsync; then
		warn "pfsync(4) must be statically compiled in the kernel."
		return 1
	fi

@


1.7.4.1
log
@SVN rev 225736 on 2011-09-23 00:51:37Z by kensmith

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.7.4.2
log
@SVN rev 231653 on 2012-02-14 10:16:56Z by dougb

MFC r230099:

Change rcvar= assignments to the literal values set_rcvar
would have returned. This will slightly reduce boot time,
and help in diff reduction to HEAD.
@
text
@d13 1
a13 1
rcvar="pfsync_enable"
@


1.7.4.3
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242902
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242902 | dteske | 2012-11-11 23:29:45 +0000 (Sun, 11 Nov 2012) | 10 lines
## SVN ##
## SVN ## Fix a regression introduced by SVN r211417 that saw the breakage of a feature
## SVN ## documented in usr.sbin/sysinstall/help/shortcuts.hlp (reproduced below):
## SVN ##
## SVN ## If /usr/sbin/sysinstall is linked to another filename, say
## SVN ## `/usr/local/bin/configPackages', then the basename will be used
## SVN ## as an implicit command name.
## SVN ##
## SVN ## Reviewed by:	adrian (co-mentor)
## SVN ## Approved by:	adrian (co-mentor)
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: stable/9/etc/rc.d/pfsync 231653 2012-02-14 10:16:56Z dougb $
@


1.7.4.4
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/245604
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d3 1
a3 1
# $FreeBSD: stable/9/etc/rc.d/pfsync 245604 2013-01-18 13:16:02Z glebius $
d21 7
@


1.7.4.5
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/249046
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@d3 1
a3 1
# $FreeBSD: stable/9/etc/rc.d/pfsync 249046 2013-04-03 11:00:50Z des $
a37 1
	load_kld pfsync
@


1.7.4.2.2.1
log
@SVN rev 239080 on 2012-08-05 23:54:33Z by kensmith

Copy stable/9 to releng/9.1 as part of the 9.1-RELEASE release process.

Approved by:	re (implicit)
@
text
@@


1.7.4.2.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/9.1/etc/rc.d/pfsync 231653 2012-02-14 10:16:56Z dougb $
@


1.7.4.1.2.1
log
@SVN rev 227445 on 2011-11-11 04:20:22Z by kensmith

Copy stable/9 to releng/9.0 as part of the FreeBSD 9.0-RELEASE release
cycle.

Approved by:	re (implicit)
@
text
@@


1.7.4.1.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/9.0/etc/rc.d/pfsync 195026 2009-06-26 01:04:50Z dougb $
@


1.7.2.1
log
@SVN rev 196045 on 2009-08-03 08:13:06Z by kensmith

Copy head to stable/8 as part of 8.0 Release cycle.

Approved by:	re (Implicit)
@
text
@@


1.7.2.2
log
@SVN rev 231655 on 2012-02-14 10:17:14Z by dougb

MFC r230099:

Change rcvar= assignments to the literal values set_rcvar
would have returned. This will slightly reduce boot time,
and help in diff reduction to HEAD.
@
text
@d13 1
a13 1
rcvar="pfsync_enable"
@


1.7.2.3
log
@## SVN ##
## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/ 242909
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ## r242909 | dim | 2012-11-12 07:47:19 +0000 (Mon, 12 Nov 2012) | 20 lines
## SVN ##
## SVN ## MFC r242625:
## SVN ##
## SVN ## Remove duplicate const specifiers in many drivers (I hope I got all of
## SVN ## them, please let me know if not).  Most of these are of the form:
## SVN ##
## SVN ## static const struct bzzt_type {
## SVN ##       [...list of members...]
## SVN ## } const bzzt_devs[] = {
## SVN ##       [...list of initializers...]
## SVN ## };
## SVN ##
## SVN ## The second const is unnecessary, as arrays cannot be modified anyway,
## SVN ## and if the elements are const, the whole thing is const automatically
## SVN ## (e.g. it is placed in .rodata).
## SVN ##
## SVN ## I have verified this does not change the binary output of a full kernel
## SVN ## build (except for build timestamps embedded in the object files).
## SVN ##
## SVN ## Reviewed by:	yongari, marius
## SVN ##
## SVN ## ------------------------------------------------------------------------
## SVN ##
@
text
@d3 1
a3 1
# $FreeBSD: stable/8/etc/rc.d/pfsync 231655 2012-02-14 10:17:14Z dougb $
@


1.7.2.2.2.1
log
@SVN rev 232438 on 2012-03-03 06:15:13Z by kensmith

Copy stable/8 to releng/8.3 as part of 8.3-RELEASE release cycle.

Approved by:	re (implicit)
@
text
@@


1.7.2.2.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/8.3/etc/rc.d/pfsync 231655 2012-02-14 10:17:14Z dougb $
@


1.7.2.1.6.1
log
@SVN rev 216617 on 2010-12-21 17:09:25Z by kensmith

Copy stable/8 to releng/8.2 in preparation for FreeBSD-8.2 release.

Approved by:	re (implicit)
@
text
@@


1.7.2.1.4.1
log
@SVN rev 209145 on 2010-06-14 02:09:06Z by kensmith

Copy stable/8 to releng/8.1 in preparation for 8.1-RC1.

Approved by:	re (implicit)
@
text
@@


1.7.2.1.2.1
log
@SVN rev 198460 on 2009-10-25 01:10:29Z by kensmith

Copy stable/8 to releng/8.0 as part of 8.0-RELEASE release procedure.

Approved by:	re (implicit)
@
text
@@


1.6
log
@SVN rev 193198 on 2009-06-01 05:35:03Z by dougb

Make the pf and ipfw firewalls start before netif, just like ipfilter
already does. This eliminates a logical inconsistency, and a small
window where the system is open after the network comes up.
@
text
@d7 1
a7 1
# REQUIRE: FILESYSTEMS
@


1.5
log
@Add a pfsync_syncpeer option to /etc/defaults/rc.conf and rc.conf(5),
which can be used to turn off multicast pfsync support, and enable
the transmission of directed PFSYNC (IP protocol: 240) packets to
a specific "sync peer" host.

PR:		conf/111225
Submitted by:	Bas van Beek <bas@@tobin.nl>
Approved by:	mtm, mlaier
MFC after:	2 weeks
@
text
@d7 1
a7 1
# REQUIRE: FILESYSTEMS netif
@


1.5.2.1
log
@SVN rev 231656 on 2012-02-14 10:17:30Z by dougb

MFC r230099:

Change rcvar= assignments to the literal values set_rcvar
would have returned. This will slightly reduce boot time,
and help in diff reduction to HEAD.
@
text
@d13 1
a13 1
rcvar="pfsync_enable"
@


1.5.2.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: stable/7/etc/rc.d/pfsync 231656 2012-02-14 10:17:30Z dougb $
@


1.5.12.1
log
@SVN rev 216618 on 2010-12-21 17:10:29Z by kensmith

Copy stable/7 to releng/7.4 in preparation for FreeBSD-7.4 release.

Approved by:	re (implicit)
@
text
@@


1.5.12.2
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: releng/7.4/etc/rc.d/pfsync 168593 2007-04-10 16:42:14Z keramida $
@


1.5.10.1
log
@SVN rev 203736 on 2010-02-10 00:26:20Z by kensmith

Copy stable/7 to releng/7.3 as part of the 7.3-RELEASE process.

Approved by:	re (implicit)
@
text
@@


1.5.8.1
log
@SVN rev 191087 on 2009-04-15 03:14:26Z by kensmith

Create releng/7.2 from stable/7 in preparation for 7.2-RELEASE.

Approved by:	re (implicit)
@
text
@@


1.5.6.1
log
@SVN rev 185281 on 2008-11-25 02:59:29Z by kensmith

Create releng/7.1 in preparation for moving into RC phase of 7.1 release
cycle.

Approved by:	re (implicit)
@
text
@@


1.4
log
@FILESYSTEMS requires root, so requiring both of them is redundant.
@
text
@d39 2
d42 4
a45 1
	ifconfig pfsync0 syncdev $pfsync_syncdev $pfsync_ifconfig up
@


1.3
log
@Add a dummy script, FILESYSTEMS, which depends on root and mountcritlocal
and takes over mountcritlocal's role as the early / late divider.  This
makes it far easier to add rc scripts which need to run early, such as a
startup script for zfs, which is right around the corner.

This change should be a no-op; I have verified that the only change in
rcorder's output is the insertion of FILESYSTEMS immediately after
mountcritlocal.

MFC after:	3 weeks
@
text
@d7 1
a7 1
# REQUIRE: root FILESYSTEMS netif
@


1.2
log
@Use $required_modules wherever suitable.  Use load_kld() in special
cases.  So we get rid of quite a few lines of duplicated code.
@
text
@d7 1
a7 1
# REQUIRE: root mountcritlocal netif
@


1.1
log
@Add an rc.d script to start pfsync at the right moment of the
system boot, and hook it up in the system.

The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.

Discussed with:	mlaier on -pf
MFC after:	5 days
@
text
@d17 1
d21 7
a33 11

	# load pf kernel module if needed
	if ! kldstat -q -m pf ; then
		if kldload pf ; then
			info "pf module loaded."
		else
			warn "pf module failed to load."
			return 1
		fi
	fi

@


1.1.2.1
log
@MFC:

Add an rc.d script to start the pfsync interface after all
the conventional network interfaces have been started so that
pfsync can be attached to any of the latter.

Record the dependency of rc.d/pf on the newly added rc.d/pfsync.
Also make rc.d/pf start as early as before rc.d/routing to improve
system security.

Document rc.d/pfsync on pfsync(4) and rc.conf(5).

Approved by:	re (scottl), mlaier
@
text
@@


1.1.2.2
log
@MFC: add FILESYSTEMS
@
text
@d7 1
a7 1
# REQUIRE: root FILESYSTEMS netif
@


1.1.2.3
log
@MFC pfsync_syncpeer option for rc.conf(5).

: Add a pfsync_syncpeer option to /etc/defaults/rc.conf and rc.conf(5),
: which can be used to turn off multicast pfsync support, and enable
: the transmission of directed PFSYNC (IP protocol: 240) packets to
: a specific "sync peer" host.
:
: PR:             conf/111225
: Submitted by:   Bas van Beek <bas@@tobin.nl>
: Approved by:    mtm, mlaier
: MFC after:      2 weeks
:
: Revision  Changes    Path
: 1.314     +1 -0      src/etc/defaults/rc.conf
: 1.5       +6 -1      src/etc/rc.d/pfsync
: 1.323     +20 -0     src/share/man/man5/rc.conf.5
@
text
@a41 2
	local _syncpeer

d43 1
a43 4
	if [ -n "${pfsync_syncpeer}" ]; then
		_syncpeer="syncpeer ${pfsync_syncpeer}"
	fi
	ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up
@


1.1.2.4
log
@Switch importer
@
text
@d3 1
a3 1
# $FreeBSD: stable/6/etc/rc.d/pfsync 170042 2007-05-28 02:00:54Z keramida $
@


1.1.2.3.4.1
log
@SVN rev 183531 on 2008-10-02 02:57:24Z by kensmith

Create releng/6.4 from stable/6 in preparation for 6.4-RC1.

Approved by:	re (implicit)
@
text
@@


