Index: head/etc/mac.conf =================================================================== --- head/etc/mac.conf (revision 229782) +++ head/etc/mac.conf (revision 229783) @@ -1,18 +1,18 @@ # # $FreeBSD$ # # TrustedBSD MAC userland policy configuration file. Kernel modules # export label information, and mac.conf indicates to userland -# applications what defaults they should use in the absense of any +# applications what defaults they should use in the absence of any # other user-provided information. # # # Default label set to be used by simple MAC applications # default_labels file ?biba,?lomac,?mls,?sebsd default_labels ifnet ?biba,?lomac,?mls,?sebsd default_labels process ?biba,?lomac,?mls,?partition,?sebsd default_labels socket ?biba,?lomac,?mls Index: head/etc/namedb/named.conf =================================================================== --- head/etc/namedb/named.conf (revision 229782) +++ head/etc/namedb/named.conf (revision 229783) @@ -1,294 +1,294 @@ // $FreeBSD$ // // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/share/doc/bind9 for more details. // // If you are going to set up an authoritative server, make sure you // understand the hairy details of how DNS works. Even with // simple mistakes, you can break connectivity for affected parties, // or cause huge amounts of useless Internet traffic. options { // All file and path names are relative to the chroot directory, // if any, and should be fully qualified. directory "/etc/namedb/working"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. listen-on { 127.0.0.1; }; // If you have IPv6 enabled on this system, uncomment this option for // use as a local resolver. To give access to the network, specify // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; // These zones are already covered by the empty zones listed below. // If you remove the related empty zones below, comment these lines out. disable-empty-zone "255.255.255.255.IN-ADDR.ARPA"; disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { 127.0.0.1; }; */ // If the 'forwarders' clause is not empty the default is to 'forward first' // which will fall back to sending a query from your local server if the name // servers in 'forwarders' do not have the answer. Alternatively you can // force your name server to never initiate queries of its own by enabling the // following line: // forward only; // If you wish to have forwarding configured automatically based on // the entries in /etc/resolv.conf, uncomment the following line and // set named_auto_forward=yes in /etc/rc.conf. You can also enable // named_auto_forward_only (the effect of which is described above). // include "/etc/namedb/auto_forward.conf"; /* Modern versions of BIND use a random UDP port for each outgoing query by default in order to dramatically reduce the possibility of cache poisoning. All users are strongly encouraged to utilize this feature, and to configure their firewalls to accommodate it. AS A LAST RESORT in order to get around a restrictive firewall policy you can try enabling the option below. Use of this option will significantly reduce your ability to withstand cache poisoning attacks, and should be avoided if at all possible. Replace NNNNN in the example with a number between 49160 and 65530. */ // query-source address * port NNNNN; }; // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. // The traditional root hints mechanism. Use this, OR the slave zones below. zone "." { type hint; file "/etc/namedb/named.root"; }; /* Slaving the following zones from the root name servers has some significant advantages: 1. Faster local resolution for your users 2. No spurious traffic will be sent from your network to the roots 3. Greater resilience to any potential root server failure/DDoS On the other hand, this method requires more monitoring than the hints file to be sure that an unexpected failure mode has not incapacitated your server. Name servers that are serving a lot of clients will benefit more from this approach than individual hosts. Use with caution. To use this mechanism, uncomment the entries below, and comment the hint zone above. As documented at http://dns.icann.org/services/axfr/ these zones: "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET - are availble for AXFR from these servers on IPv4 and IPv6: + are available for AXFR from these servers on IPv4 and IPv6: xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org */ /* zone "." { type slave; file "/etc/namedb/slave/root.slave"; masters { 192.5.5.241; // F.ROOT-SERVERS.NET. }; notify no; }; zone "arpa" { type slave; file "/etc/namedb/slave/arpa.slave"; masters { 192.5.5.241; // F.ROOT-SERVERS.NET. }; notify no; }; */ /* Serving the following zones locally will prevent any queries for these zones leaving your network and going to the root name servers. This has two significant advantages: 1. Faster local resolution for your users 2. No spurious traffic will be sent from your network to the roots */ // RFCs 1912, 5735 and 6303 (and BCP 32 for localhost) zone "localhost" { type master; file "/etc/namedb/master/localhost-forward.db"; }; zone "127.in-addr.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; }; zone "255.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // RFC 1912-style zone for IPv6 localhost address (RFC 6303) zone "0.ip6.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; }; // "This" Network (RFCs 1912, 5735 and 6303) zone "0.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // Private Use Networks (RFCs 1918, 5735 and 6303) zone "10.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // Link-local/APIPA (RFCs 3927, 5735 and 6303) zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // IETF protocol assignments (RFCs 5735 and 5736) zone "0.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303) zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "100.51.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "113.0.203.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // IPv6 Example Range for Documentation (RFCs 3849 and 6303) zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // Domain Names for Documentation and Testing (BCP 32) zone "test" { type master; file "/etc/namedb/master/empty.db"; }; zone "example" { type master; file "/etc/namedb/master/empty.db"; }; zone "invalid" { type master; file "/etc/namedb/master/empty.db"; }; zone "example.com" { type master; file "/etc/namedb/master/empty.db"; }; zone "example.net" { type master; file "/etc/namedb/master/empty.db"; }; zone "example.org" { type master; file "/etc/namedb/master/empty.db"; }; // Router Benchmark Testing (RFCs 2544 and 5735) zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // IANA Reserved - Old Class E Space (RFC 5735) zone "240.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "241.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "242.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "243.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "244.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "245.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "246.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "247.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "248.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "249.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "250.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "251.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "252.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "253.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "254.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // IPv6 Unassigned Addresses (RFC 4291) zone "1.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "3.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "4.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "5.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "6.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "7.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "8.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "9.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "a.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "b.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "c.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "d.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "e.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "0.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "1.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "2.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "3.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "4.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "5.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "6.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "7.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "8.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "9.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "a.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "b.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "0.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "1.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "2.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "3.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "4.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "5.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "6.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "7.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // IPv6 ULA (RFCs 4193 and 6303) zone "c.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "d.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // IPv6 Link Local (RFCs 4291 and 6303) zone "8.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "9.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "a.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "b.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303) zone "c.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "d.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "e.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; zone "f.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; }; // IP6.INT is Deprecated (RFC 4159) zone "ip6.int" { type master; file "/etc/namedb/master/empty.db"; }; // NB: Do not use the IP addresses below, they are faked, and only // serve demonstration/documentation purposes! // // Example slave zone config entries. It can be convenient to become // a slave at least for the zone your own domain is in. Ask // your network administrator for the IP address of the responsible // master name server. // // Do not forget to include the reverse lookup zone! // This is named after the first bytes of the IP address, in reverse // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6. // // Before starting to set up a master zone, make sure you fully // understand how DNS and BIND work. There are sometimes // non-obvious pitfalls. Setting up a slave zone is usually simpler. // // NB: Don't blindly enable the examples below. :-) Use actual names // and addresses instead. /* An example dynamic zone key "exampleorgkey" { algorithm hmac-md5; secret "sf87HJqjkqh8ac87a02lla=="; }; zone "example.org" { type master; allow-update { key "exampleorgkey"; }; file "/etc/namedb/dynamic/example.org"; }; */ /* Example of a slave reverse zone zone "1.168.192.in-addr.arpa" { type slave; file "/etc/namedb/slave/1.168.192.in-addr.arpa"; masters { 192.168.1.1; }; }; */ Index: head/etc/network.subr =================================================================== --- head/etc/network.subr (revision 229782) +++ head/etc/network.subr (revision 229783) @@ -1,1418 +1,1418 @@ # # Copyright (c) 2003 The FreeBSD Project. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # # Subroutines commonly used from network startup scripts. # Requires that rc.conf be loaded first. # # ifn_start ifn # Bring up and configure an interface. If some configuration is # applied, print the interface configuration. # ifn_start() { local ifn cfg ifn="$1" cfg=1 [ -z "$ifn" ] && err 1 "ifn_start called without an interface" ifscript_up ${ifn} && cfg=0 ifconfig_up ${ifn} && cfg=0 afexists inet && ipv4_up ${ifn} && cfg=0 afexists inet6 && ipv6_up ${ifn} && cfg=0 afexists ipx && ipx_up ${ifn} && cfg=0 childif_create ${ifn} && cfg=0 return $cfg } # ifn_stop ifn # Shutdown and de-configure an interface. If action is taken, # print the interface name. # ifn_stop() { local ifn cfg ifn="$1" cfg=1 [ -z "$ifn" ] && err 1 "ifn_stop called without an interface" afexists ipx && ipx_down ${ifn} && cfg=0 afexists inet6 && ipv6_down ${ifn} && cfg=0 afexists inet && ipv4_down ${ifn} && cfg=0 ifconfig_down ${ifn} && cfg=0 ifscript_down ${ifn} && cfg=0 childif_destroy ${ifn} && cfg=0 return $cfg } # ifconfig_up if # Evaluate ifconfig(8) arguments for interface $if and # run ifconfig(8) with those arguments. It returns 0 if # arguments were found and executed or 1 if the interface # had no arguments. Pseudo arguments DHCP and WPA are handled # here. # ifconfig_up() { local _cfg _ipv6_opts ifconfig_args _cfg=1 # Make sure lo0 always comes up. if [ "$1" = "lo0" ]; then _cfg=0 fi # ifconfig_IF ifconfig_args=`ifconfig_getargs $1` if [ -n "${ifconfig_args}" ]; then eval ifconfig $1 ${ifconfig_args} _cfg=0 fi # inet6 specific if afexists inet6; then if checkyesno ipv6_activate_all_interfaces; then _ipv6_opts="-ifdisabled" elif [ "$1" != "lo0" ]; then _ipv6_opts="ifdisabled" fi # backward compatibility: $ipv6_enable case $ipv6_enable in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) _ipv6_opts="${_ipv6_opts} accept_rtadv" ;; esac case $ipv6_cpe_wanif in $1) _ipv6_opts="${_ipv6_opts} -no_radr accept_rtadv" ;; esac if [ -n "${_ipv6_opts}" ]; then ifconfig $1 inet6 ${_ipv6_opts} fi # ifconfig_IF_ipv6 ifconfig_args=`ifconfig_getargs $1 ipv6` if [ -n "${ifconfig_args}" ]; then # backward compatibility: inet6 keyword case "${ifconfig_args}" in :*|[0-9a-fA-F]*:*) warn "\$ifconfig_$1_ipv6 needs " \ "\"inet6\" keyword for an IPv6 address." ifconfig_args="inet6 ${ifconfig_args}" ;; esac ifconfig $1 inet6 -ifdisabled eval ifconfig $1 ${ifconfig_args} _cfg=0 fi - # backward compatiblity: $ipv6_ifconfig_IF + # backward compatibility: $ipv6_ifconfig_IF ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF` if [ -n "${ifconfig_args}" ]; then warn "\$ipv6_ifconfig_$1 is obsolete." \ " Use ifconfig_$1_ipv6 instead." ifconfig $1 inet6 -ifdisabled eval ifconfig $1 inet6 ${ifconfig_args} _cfg=0 fi fi if [ ${_cfg} -eq 0 ]; then ifconfig $1 up fi if wpaif $1; then /etc/rc.d/wpa_supplicant start $1 _cfg=0 # XXX: not sure this should count fi if dhcpif $1; then if [ $_cfg -ne 0 ] ; then ifconfig $1 up fi if syncdhcpif $1; then /etc/rc.d/dhclient start $1 fi _cfg=0 fi return $_cfg } # ifconfig_down if # returns 1 if wpa_supplicant or dhclient was stopped or # the interface exists. # ifconfig_down() { local _cfg _cfg=1 if wpaif $1; then /etc/rc.d/wpa_supplicant stop $1 _cfg=0 fi if dhcpif $1; then /etc/rc.d/dhclient stop $1 _cfg=0 fi if ifexists $1; then ifconfig $1 down _cfg=0 fi return $_cfg } # get_if_var if var [default] # Return the value of the pseudo-hash corresponding to $if where # $var is a string containg the sub-string "IF" which will be # replaced with $if after the characters defined in _punct are # replaced with '_'. If the variable is unset, replace it with # $default if given. get_if_var() { local _if _punct _punct_c _var _default prefix suffix if [ $# -ne 2 -a $# -ne 3 ]; then err 3 'USAGE: get_if_var name var [default]' fi _if=$1 _punct=". - / +" for _punct_c in $_punct; do _if=`ltr ${_if} ${_punct_c} '_'` done _var=$2 _default=$3 prefix=${_var%%IF*} suffix=${_var##*IF} eval echo \${${prefix}${_if}${suffix}-${_default}} } # _ifconfig_getargs if [af] # Prints the arguments for the supplied interface to stdout. # Returns 1 if empty. In general, ifconfig_getargs should be used # outside this file. _ifconfig_getargs() { local _ifn _af _ifn=$1 _af=${2+_$2} if [ -z "$_ifn" ]; then return 1 fi get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT" } # ifconfig_getargs if [af] # Takes the result from _ifconfig_getargs and removes pseudo # args such as DHCP and WPA. ifconfig_getargs() { local _tmpargs _arg _args _tmpargs=`_ifconfig_getargs $1 $2` if [ $? -eq 1 ]; then return 1 fi _args= for _arg in $_tmpargs; do case $_arg in [Dd][Hh][Cc][Pp]) ;; [Nn][Oo][Aa][Uu][Tt][Oo]) ;; [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;; [Ww][Pp][Aa]) ;; *) _args="$_args $_arg" ;; esac done echo $_args } # autoif # Returns 0 if the interface should be automatically configured at # boot time and 1 otherwise. autoif() { local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Aa][Uu][Tt][Oo]) return 1 ;; esac done return 0 } # dhcpif if # Returns 0 if the interface is a DHCP interface and 1 otherwise. dhcpif() { local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` if noafif $1; then return 1 fi for _arg in $_tmpargs; do case $_arg in [Dd][Hh][Cc][Pp]) return 0 ;; [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) return 0 ;; [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) return 0 ;; esac done return 1 } # syncdhcpif # Returns 0 if the interface should be configured synchronously and # 1 otherwise. syncdhcpif() { local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` if noafif $1; then return 1 fi for _arg in $_tmpargs; do case $_arg in [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) return 1 ;; [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) return 0 ;; esac done checkyesno synchronous_dhclient } # wpaif if # Returns 0 if the interface is a WPA interface and 1 otherwise. wpaif() { local _tmpargs _arg _tmpargs=`_ifconfig_getargs $1` for _arg in $_tmpargs; do case $_arg in [Ww][Pp][Aa]) return 0 ;; esac done return 1 } # afexists af # Returns 0 if the address family is enabled in the kernel # 1 otherwise. afexists() { local _af _af=$1 case ${_af} in inet|inet6) check_kern_features ${_af} ;; ipx) ${SYSCTL_N} net.ipx > /dev/null 2>&1 ;; atm) if [ -x /sbin/atmconfig ]; then /sbin/atmconfig diag list > /dev/null 2>&1 else return 1 fi ;; *) err 1 "afexists(): Unsupported address family: $_af" ;; esac } # noafif if # Returns 0 if the interface has no af configuration and 1 otherwise. noafif() { local _if _if=$1 case $_if in pflog[0-9]*|\ pfsync[0-9]*|\ an[0-9]*|\ ath[0-9]*|\ ipw[0-9]*|\ ipfw[0-9]*|\ iwi[0-9]*|\ iwn[0-9]*|\ ral[0-9]*|\ wi[0-9]*|\ wl[0-9]*|\ wpi[0-9]*) return 0 ;; esac return 1 } # ipv6if if # Returns 0 if the interface should be configured for IPv6 and # 1 otherwise. ipv6if() { local _if _tmpargs i _if=$1 if ! afexists inet6; then return 1 fi # lo0 is always IPv6-enabled case $_if in lo0) return 0 ;; esac case "${ipv6_network_interfaces}" in $_if|"$_if "*|*" $_if"|*" $_if "*|[Aa][Uu][Tt][Oo]) # True if $ifconfig_IF_ipv6 is defined. _tmpargs=`_ifconfig_getargs $_if ipv6` if [ -n "${_tmpargs}" ]; then return 0 fi # backward compatibility: True if $ipv6_ifconfig_IF is defined. _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` if [ -n "${_tmpargs}" ]; then return 0 fi ;; esac return 1 } # ipv6_autoconfif if # Returns 0 if the interface should be configured for IPv6 with # Stateless Address Configuration; 1 otherwise. ipv6_autoconfif() { local _if _tmpargs _arg _if=$1 case $_if in lo0|\ stf[0-9]*|\ faith[0-9]*|\ lp[0-9]*|\ sl[0-9]*) return 1 ;; esac if noafif $_if; then return 1 fi if ! ipv6if $_if; then return 1 fi if checkyesno ipv6_gateway_enable; then return 1 fi _tmpargs=`get_if_var $_if ipv6_prefix_IF` if [ -n "${_tmpargs}" ]; then return 1 fi # backward compatibility: $ipv6_enable case $ipv6_enable in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0 ;; esac _tmpargs=`_ifconfig_getargs $_if ipv6` for _arg in $_tmpargs; do case $_arg in accept_rtadv) return 0 ;; esac done # backward compatibility: $ipv6_ifconfig_IF _tmpargs=`get_if_var $_if ipv6_ifconfig_IF` for _arg in $_tmpargs; do case $_arg in accept_rtadv) return 0 ;; esac done return 1 } # ifexists if # Returns 0 if the interface exists and 1 otherwise. ifexists() { [ -z "$1" ] && return 1 ifconfig -n $1 > /dev/null 2>&1 } # ipv4_up if # add IPv4 addresses to the interface $if ipv4_up() { local _if _ret _if=$1 _ret=1 # Add 127.0.0.1/8 to lo0 unless otherwise specified. if [ "${_if}" = "lo0" ]; then ifconfig_args=`get_if_var ${_if} ifconfig_IF` if [ -z "${ifconfig_args}" ]; then ifconfig ${_if} inet 127.0.0.1/8 alias fi fi ifalias_up ${_if} inet && _ret=0 ipv4_addrs_common ${_if} alias && _ret=0 return $_ret } # ipv6_up if # add IPv6 addresses to the interface $if ipv6_up() { local _if _ret _if=$1 _ret=1 if ! ipv6if $_if; then return 0 fi ifalias_up ${_if} inet6 && _ret=0 ipv6_prefix_hostid_addr_common ${_if} alias && _ret=0 ipv6_accept_rtadv_up ${_if} && _ret=0 # wait for DAD sleep `${SYSCTL_N} net.inet6.ip6.dad_count` sleep 1 return $_ret } # ipv4_down if # remove IPv4 addresses from the interface $if ipv4_down() { local _if _ifs _ret inetList oldifs _inet _if=$1 _ifs="^" _ret=1 inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" for _inet in $inetList ; do # get rid of extraneous line [ -z "$_inet" ] && break _inet=`expr "$_inet" : '.*\(inet \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*'` IFS="$oldifs" ifconfig ${_if} ${_inet} delete IFS="$_ifs" _ret=0 done IFS="$oldifs" ifalias_down ${_if} inet && _ret=0 ipv4_addrs_common ${_if} -alias && _ret=0 return $_ret } # ipv6_down if # remove IPv6 addresses from the interface $if ipv6_down() { local _if _ifs _ret inetList oldifs _inet6 _if=$1 _ifs="^" _ret=1 if ! ipv6if $_if; then return 0 fi ipv6_accept_rtadv_down ${_if} && _ret=0 ipv6_prefix_hostid_addr_common ${_if} -alias && _ret=0 ifalias_down ${_if} inet6 && _ret=0 inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" for _inet6 in $inetList ; do # get rid of extraneous line [ -z "$_inet6" ] && break _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'` IFS="$oldifs" ifconfig ${_if} ${_inet6} -alias IFS="$_ifs" _ret=0 done IFS="$oldifs" return $_ret } # ipv4_addrs_common if action # Evaluate the ifconfig_if_ipv4 arguments for interface $if and # use $action to add or remove IPv4 addresses from $if. ipv4_addrs_common() { local _ret _if _action _cidr _cidr_addr local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount _ret=1 _if=$1 _action=$2 # get ipv4-addresses cidr_addr=`get_if_var $_if ipv4_addrs_IF` for _cidr in ${cidr_addr}; do _ipaddr=${_cidr%%/*} _netmask="/"${_cidr##*/} _range=${_ipaddr##*.} _ipnet=${_ipaddr%.*} _iplow=${_range%-*} _iphigh=${_range#*-} # clear netmask when removing aliases if [ "${_action}" = "-alias" ]; then _netmask="" fi _ipcount=${_iplow} while [ "${_ipcount}" -le "${_iphigh}" ]; do eval "ifconfig ${_if} ${_action} ${_ipnet}.${_ipcount}${_netmask}" _ipcount=$((${_ipcount}+1)) _ret=0 # only the first ipaddr in a subnet need the real netmask if [ "${_action}" != "-alias" ]; then _netmask="/32" fi done done return $_ret } # ifalias_up if af # Configure aliases for network interface $if. # It returns 0 if at least one alias was configured or # 1 if there were none. # ifalias_up() { local _ret _ret=1 case "$2" in inet) _ret=`ifalias_ipv4_up "$1"` ;; inet6) _ret=`ifalias_ipv6_up "$1"` ;; esac return $_ret } # ifalias_ipv4_up if # Helper function for ifalias_up(). Handles IPv4. # ifalias_ipv4_up() { local _ret alias ifconfig_args _ret=1 # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet\ *) ifconfig $1 ${ifconfig_args} alias && _ret=0 ;; inet6\ *) ;; "") break ;; *) warn "\$ifconfig_$1_alias${alias} needs " \ "\"inet\" keyword for an IPv4 address." ifconfig $1 ${ifconfig_args} alias && _ret=0 ;; esac alias=$((${alias} + 1)) done return $_ret } # ifalias_ipv6_up if # Helper function for ifalias_up(). Handles IPv6. # ifalias_ipv6_up() { local _ret alias ifconfig_args _ret=1 # ifconfig_IF_aliasN which starts with "inet6" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet6\ *) ifconfig $1 ${ifconfig_args} alias && _ret=0 ;; "") break ;; esac alias=$((${alias} + 1)) done # backward compatibility: ipv6_ifconfig_IF_aliasN. alias=0 while : ; do ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` case "${ifconfig_args}" in "") break ;; *) ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0 warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ " Use ifconfig_$1_aliasN instead." ;; esac alias=$((${alias} + 1)) done return $_ret } # ifalias_down if af # Remove aliases for network interface $if. # It returns 0 if at least one alias was removed or # 1 if there were none. # ifalias_down() { local _ret _ret=1 case "$2" in inet) _ret=`ifalias_ipv4_down "$1"` ;; inet6) _ret=`ifalias_ipv6_down "$1"` ;; esac return $_ret } # ifalias_ipv4_down if # Helper function for ifalias_down(). Handles IPv4. # ifalias_ipv4_down() { local _ret alias ifconfig_args _ret=1 # ifconfig_IF_aliasN which starts with "inet" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet\ *) ifconfig $1 ${ifconfig_args} -alias && _ret=0 ;; "") break ;; esac alias=$((${alias} + 1)) done return $_ret } # ifalias_ipv6_down if # Helper function for ifalias_down(). Handles IPv6. # ifalias_ipv6_down() { local _ret alias ifconfig_args _ret=1 # ifconfig_IF_aliasN which starts with "inet6" alias=0 while : ; do ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}` case "${ifconfig_args}" in inet6\ *) ifconfig $1 ${ifconfig_args} -alias && _ret=0 ;; "") break ;; esac alias=$((${alias} + 1)) done # backward compatibility: ipv6_ifconfig_IF_aliasN. alias=0 while : ; do ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}` case "${ifconfig_args}" in "") break ;; *) ifconfig $1 inet6 ${ifconfig_args} -alias && _ret=0 warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \ " Use ifconfig_$1_aliasN instead." ;; esac alias=$((${alias} + 1)) done return $_ret } # ipv6_prefix_hostid_addr_common if action # Add or remove IPv6 prefix + hostid addr on the interface $if # ipv6_prefix_hostid_addr_common() { local _if _action prefix laddr hostid j address _if=$1 _action=$2 prefix=`get_if_var ${_if} ipv6_prefix_IF` if [ -n "${prefix}" ]; then laddr=`network6_getladdr ${_if}` hostid=${laddr#fe80::} hostid=${hostid%\%*} for j in ${prefix}; do address=$j\:${hostid} ifconfig ${_if} inet6 ${address} prefixlen 64 ${_action} # if I am a router, add subnet router # anycast address (RFC 2373). if checkyesno ipv6_gateway_enable; then ifconfig ${_if} inet6 $j:: prefixlen 64 \ ${_action} anycast fi done fi } # ipv6_accept_rtadv_up if # Enable accepting Router Advertisement and send Router # Solicitation message ipv6_accept_rtadv_up() { if ipv6_autoconfif $1; then ifconfig $1 inet6 accept_rtadv up if ! checkyesno rtsold_enable; then rtsol ${rtsol_flags} $1 fi fi } # ipv6_accept_rtadv_down if # Disable accepting Router Advertisement ipv6_accept_rtadv_down() { if ipv6_autoconfif $1; then ifconfig $1 inet6 -accept_rtadv fi } # ifscript_up if # Evaluate a startup script for the $if interface. # It returns 0 if a script was found and processed or # 1 if no script was found. # ifscript_up() { if [ -r /etc/start_if.$1 ]; then . /etc/start_if.$1 return 0 else return 1 fi } # ifscript_down if # Evaluate a shutdown script for the $if interface. # It returns 0 if a script was found and processed or # 1 if no script was found. # ifscript_down() { if [ -r /etc/stop_if.$1 ]; then . /etc/stop_if.$1 return 0 else return 1 fi } # clone_up # Create cloneable interfaces. # clone_up() { local _prefix _list ifn _prefix= _list= # create_args_IF for ifn in ${cloned_interfaces}; do ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF` if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' fi done debug "Cloned: ${_list}" } # clone_down # Destroy cloned interfaces. Destroyed interfaces are echoed to # standard output. # clone_down() { local _prefix _list ifn _prefix= _list= for ifn in ${cloned_interfaces}; do ifconfig -n ${ifn} destroy if [ $? -eq 0 ]; then _list="${_list}${_prefix}${ifn}" [ -z "$_prefix" ] && _prefix=' ' fi done debug "Destroyed clones: ${_list}" } # childif_create # Create and configure child interfaces. Return 0 if child # interfaces are created. # childif_create() { local cfg child child_vlans child_wlans create_args debug_flags ifn i cfg=1 ifn=$1 # Create wireless interfaces child_wlans=`get_if_var $ifn wlans_IF` for child in ${child_wlans}; do create_args="wlandev $ifn `get_if_var $child create_args_IF`" debug_flags="`get_if_var $child wlandebug_IF`" if expr $child : 'wlan[0-9][0-9]*$' >/dev/null 2>&1; then ifconfig $child create ${create_args} && cfg=0 if [ -n "${debug_flags}" ]; then wlandebug -i $child ${debug_flags} fi else i=`ifconfig wlan create ${create_args}` if [ -n "${debug_flags}" ]; then wlandebug -i $i ${debug_flags} fi ifconfig $i name $child && cfg=0 fi if autoif $child; then ifn_start $child fi done # Create vlan interfaces child_vlans=`get_if_var $ifn vlans_IF` if [ -n "${child_vlans}" ]; then load_kld if_vlan fi for child in ${child_vlans}; do if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then child="${ifn}.${child}" create_args=`get_if_var $child create_args_IF` ifconfig $child create ${create_args} && cfg=0 else create_args="vlandev $ifn `get_if_var $child create_args_IF`" if expr $child : 'vlan[0-9][0-9]*$' >/dev/null 2>&1; then ifconfig $child create ${create_args} && cfg=0 else i=`ifconfig vlan create ${create_args}` ifconfig $i name $child && cfg=0 fi fi if autoif $child; then ifn_start $child fi done return ${cfg} } # childif_destroy # Destroy child interfaces. # childif_destroy() { local cfg child child_vlans child_wlans ifn cfg=1 child_wlans=`get_if_var $ifn wlans_IF` for child in ${child_wlans}; do if ! ifexists $child; then continue fi ifconfig -n $child destroy && cfg=0 done child_vlans=`get_if_var $ifn vlans_IF` for child in ${child_vlans}; do if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then child="${ifn}.${child}" fi if ! ifexists $child; then continue fi ifconfig -n $child destroy && cfg=0 done return ${cfg} } # ng_mkpeer # Create netgraph nodes. # ng_mkpeer() { ngctl -f - 2> /dev/null </dev/null 2>&1; then ifconfig $i create >/dev/null 2>&1 else gif=`ifconfig gif create` ifconfig $gif name $i fi ifconfig $i tunnel ${peers} ifconfig $i up ;; esac done } # ng_fec_create ifn # Configure Fast EtherChannel for interface $ifn. Returns 0 if # FEC arguments were found and configured; returns !0 otherwise. ng_fec_create() { local req_iface iface bogus req_iface="$1" ngctl shutdown ${req_iface}: > /dev/null 2>&1 bogus="" while true; do iface=`ng_create_one fec dummy fec` if [ -z "${iface}" ]; then exit 2 fi if [ "${iface}" = "${req_iface}" ]; then break fi bogus="${bogus} ${iface}" done for iface in ${bogus}; do ngctl shutdown ${iface}: done } # fec_up # Create Fast EtherChannel interfaces. fec_up() { local i j for i in ${fec_interfaces}; do ng_fec_create $i for j in `get_if_var $i fecconfig_IF`; do case ${j} in '') continue ;; *) ngctl msg ${i}: add_iface "\"${j}\"" ;; esac done done } # ipx_up ifn # Configure any IPX addresses for interface $ifn. Returns 0 if # IPX arguments were found and configured; returns 1 otherwise. # ipx_up() { local ifn ifn="$1" # ifconfig_IF_ipx ifconfig_args=`_ifconfig_getargs $ifn ipx` if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} return 0 fi return 1 } # ipx_down ifn # Remove IPX addresses for interface $ifn. Returns 0 if IPX # addresses were found and unconfigured. It returns 1, otherwise. # ipx_down() { local _if _ifs _ret ipxList oldifs _ipx _if=$1 _ifs="^" _ret=1 ipxList="`ifconfig ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`" oldifs="$IFS" IFS="$_ifs" for _ipx in $ipxList ; do # get rid of extraneous line [ -z "$_ipx" ] && break _ipx=`expr "$_ipx" : '.*\(ipx [0-9a-h]\{1,8\}H*\.[0-9a-h]\{1,12\}\).*'` IFS="$oldifs" ifconfig ${_if} ${_ipx} delete IFS="$_ifs" _ret=0 done IFS="$oldifs" return $_ret } # ifnet_rename # Rename all requested interfaces. # ifnet_rename() { local _if _ifname # ifconfig_IF_name for _if in `ifconfig -l`; do _ifname=`get_if_var $_if ifconfig_IF_name` if [ ! -z "$_ifname" ]; then ifconfig $_if name $_ifname fi done return 0 } # list_net_interfaces type # List all network interfaces. The type of interface returned # can be controlled by the type argument. The type # argument can be any of the following: # nodhcp - all interfaces, excluding DHCP configured interfaces # dhcp - list only DHCP configured interfaces # noautoconf - all interfaces, excluding IPv6 Stateless # Address Autoconf configured interfaces # autoconf - list only IPv6 Stateless Address Autoconf # configured interfaces # If no argument is specified all network interfaces are output. # Note that the list will include cloned interfaces if applicable. # Cloned interfaces must already exist to have a chance to appear # in the list if ${network_interfaces} is set to `auto'. # list_net_interfaces() { local type _tmplist _list _autolist _lo _if type=$1 # Get a list of ALL the interfaces and make lo0 first if it's there. # _tmplist= case ${network_interfaces} in [Aa][Uu][Tt][Oo]) _autolist="`ifconfig -l`" _lo= for _if in ${_autolist} ; do if autoif $_if; then if [ "$_if" = "lo0" ]; then _lo="lo0 " else _tmplist="${_tmplist} ${_if}" fi fi done _tmplist="${_lo}${_tmplist# }" ;; *) _tmplist="${network_interfaces} ${cloned_interfaces}" # lo0 is effectively mandatory, so help prevent foot-shooting # case "$_tmplist" in lo0|'lo0 '*|*' lo0'|*' lo0 '*) ;; # This is fine, do nothing *) _tmplist="lo0 ${_tmplist}" ;; esac ;; esac _list= case "$type" in nodhcp) for _if in ${_tmplist} ; do if ! dhcpif $_if && \ [ -n "`_ifconfig_getargs $_if`" ]; then _list="${_list# } ${_if}" fi done ;; dhcp) for _if in ${_tmplist} ; do if dhcpif $_if; then _list="${_list# } ${_if}" fi done ;; noautoconf) for _if in ${_tmplist} ; do if ! ipv6_autoconfif $_if && \ [ -n "`_ifconfig_getargs $_if ipv6`" ]; then _list="${_list# } ${_if}" fi done ;; autoconf) for _if in ${_tmplist} ; do if ipv6_autoconfif $_if; then _list="${_list# } ${_if}" fi done ;; *) _list=${_tmplist} ;; esac echo $_list return 0 } # get_default_if -address_family # Get the interface of the default route for the given address family. # The -address_family argument must be suitable passing to route(8). # get_default_if() { local routeget oldifs defif line defif= oldifs="$IFS" IFS=" " for line in `route -n get $1 default 2>/dev/null`; do case $line in *interface:*) defif=${line##*: } ;; esac done IFS=${oldifs} echo $defif } # hexdigit arg # Echo decimal number $arg (single digit) in hexadecimal format. hexdigit() { printf '%x\n' "$1" } # hexprint arg # Echo decimal number $arg (multiple digits) in hexadecimal format. hexprint() { printf '%x\n' "$1" } is_wired_interface() { local media case `ifconfig $1 2>/dev/null` in *media:?Ethernet*) media=Ethernet ;; esac test "$media" = "Ethernet" } # network6_getladdr if [flag] # Echo link-local address from $if if any. # If flag is defined, tentative ones will be excluded. network6_getladdr() { local proto addr rest ifconfig $1 2>/dev/null | while read proto addr rest; do case ${proto} in inet6) case ${addr} in fe80::*) if [ -z "$2" ]; then echo ${addr} return fi case ${rest} in *tentative*) continue ;; *) echo ${addr} return esac esac esac done } Index: head/etc/rc.d/bgfsck =================================================================== --- head/etc/rc.d/bgfsck (revision 229782) +++ head/etc/rc.d/bgfsck (revision 229783) @@ -1,42 +1,42 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: bgfsck # REQUIRE: cron devfs syslogd # KEYWORD: nojail . /etc/rc.subr name="background-fsck" rcvar="background_fsck" start_cmd="bgfsck_start" stop_cmd=":" bgfsck_start () { if [ -z "${rc_force}" ]; then background_fsck_delay=${background_fsck_delay:=0} else background_fsck_delay=0 fi if [ ${background_fsck_delay} -lt 0 ]; then - echo "Background file system checks delayed indefinitly" + echo "Background file system checks delayed indefinitely" return 0 fi bgfsck_msg='Starting background file system checks' if [ "${background_fsck_delay}" -gt 0 ]; then bgfsck_msg="${bgfsck_msg} in ${background_fsck_delay} seconds" fi if [ -z "${rc_force}" ]; then check_startmsgs && echo "${bgfsck_msg}." fi (sleep ${background_fsck_delay}; nice -4 fsck -B -p) 2>&1 | \ logger -p daemon.notice -t fsck & } load_rc_config $name run_rc_command "$1" Index: head/etc/rc.firewall =================================================================== --- head/etc/rc.firewall (revision 229782) +++ head/etc/rc.firewall (revision 229783) @@ -1,539 +1,539 @@ #!/bin/sh - # Copyright (c) 1996 Poul-Henning Kamp # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # # # Setup system for ipfw(4) firewall service. # # Suck in the configuration variables. if [ -z "${source_rc_confs_defined}" ]; then if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi fi ############ # Define the firewall type in /etc/rc.conf. Valid values are: # open - will allow anyone in # client - will try to protect just this machine # simple - will try to protect a whole network # closed - totally disables IP services except via lo0 interface -# workstation - will try to protect just this machine using statefull +# workstation - will try to protect just this machine using stateful # firewalling. See below for rc.conf variables used # UNKNOWN - disables the loading of firewall rules. # filename - will load the rules in the given filename (full path required) # # For ``client'' and ``simple'' the entries below should be customized # appropriately. ############ # # If you don't know enough about packet filtering, we suggest that you # take time to read this book: # # Building Internet Firewalls, 2nd Edition # Brent Chapman and Elizabeth Zwicky # # O'Reilly & Associates, Inc # ISBN 1-56592-871-7 # http://www.ora.com/ # http://www.oreilly.com/catalog/fire2/ # # For a more advanced treatment of Internet Security read: # # Firewalls and Internet Security: Repelling the Wily Hacker, 2nd Edition # William R. Cheswick, Steven M. Bellowin, Aviel D. Rubin # # Addison-Wesley / Prentice Hall # ISBN 0-201-63466-X # http://www.pearsonhighered.com/ # http://www.pearsonhighered.com/educator/academic/product/0,3110,020163466X,00.html # setup_loopback () { ############ # Only in rare cases do you want to change these rules # ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any if [ $ipv6_available -eq 0 ]; then ${fwcmd} add 400 deny all from any to ::1 ${fwcmd} add 500 deny all from ::1 to any fi } setup_ipv6_mandatory () { [ $ipv6_available -eq 0 ] || return 0 ############ # Only in rare cases do you want to change these rules # # ND # # DAD ${fwcmd} add pass ipv6-icmp from :: to ff02::/16 # RS, RA, NS, NA, redirect... ${fwcmd} add pass ipv6-icmp from fe80::/10 to fe80::/10 ${fwcmd} add pass ipv6-icmp from fe80::/10 to ff02::/16 - # Allow ICMPv6 destination unreach + # Allow ICMPv6 destination unreachable ${fwcmd} add pass ipv6-icmp from any to any icmp6types 1 # Allow NS/NA/toobig (don't filter it out) ${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136 } if [ -n "${1}" ]; then firewall_type="${1}" fi . /etc/rc.subr . /etc/network.subr afexists inet6 ipv6_available=$? ############ # Set quiet mode if requested # case ${firewall_quiet} in [Yy][Ee][Ss]) fwcmd="/sbin/ipfw -q" ;; *) fwcmd="/sbin/ipfw" ;; esac ############ # Flush out the list before we begin. # ${fwcmd} -f flush setup_loopback setup_ipv6_mandatory ############ # Network Address Translation. All packets are passed to natd(8) # before they encounter your remaining rules. The firewall rules # will then be run again on each packet after translation by natd # starting at the rule number following the divert rule. # # For ``simple'' firewall type the divert rule should be put to a # different place to not interfere with address-checking rules. # case ${firewall_type} in [Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt]) case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface} fi ;; esac case ${firewall_nat_enable} in [Yy][Ee][Ss]) if [ -n "${firewall_nat_interface}" ]; then if echo "${firewall_nat_interface}" | \ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}" else firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}" fi ${fwcmd} nat 123 config log ${firewall_nat_flags} ${fwcmd} add 50 nat 123 ip4 from any to any via ${firewall_nat_interface} fi ;; esac esac ############ # If you just configured ipfw in the kernel as a tool to solve network # problems or you just want to disallow some particular kinds of traffic # then you will want to change the default policy to open. You can also # do this as your only action by setting the firewall_type to ``open''. # # ${fwcmd} add 65000 pass all from any to any # Prototype setups. # case ${firewall_type} in [Oo][Pp][Ee][Nn]) ${fwcmd} add 65000 pass all from any to any ;; [Cc][Ll][Ii][Ee][Nn][Tt]) ############ # This is a prototype setup that will protect your system somewhat # against people from outside your own network. # # Configuration: # firewall_client_net: Network address of local IPv4 network. # firewall_client_net_ipv6: Network address of local IPv6 network. ############ # set this to your local network net="$firewall_client_net" net6="$firewall_client_net_ipv6" # Allow limited broadcast traffic from my own net. ${fwcmd} add pass all from ${net} to 255.255.255.255 # Allow any traffic to or from my own net. ${fwcmd} add pass all from me to ${net} ${fwcmd} add pass all from ${net} to me if [ -n "$net6" ]; then ${fwcmd} add pass all from me to ${net6} ${fwcmd} add pass all from ${net6} to me fi if [ -n "$net6" ]; then # Allow any link-local multicast traffic ${fwcmd} add pass all from fe80::/10 to ff02::/16 ${fwcmd} add pass all from ${net6} to ff02::/16 # Allow DHCPv6 ${fwcmd} add pass udp from fe80::/10 to me 546 fi # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming email ${fwcmd} add pass tcp from any to me 25 setup # Allow setup of outgoing TCP connections only ${fwcmd} add pass tcp from me to any setup # Disallow setup of all other TCP connections ${fwcmd} add deny tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from me to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from me to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;; [Ss][Ii][Mm][Pp][Ll][Ee]) ############ # This is a prototype setup for a simple firewall. Configure this # machine as a DNS and NTP server, and point all the machines # on the inside at this machine for those services. # # Configuration: # firewall_simple_iif: Inside IPv4 network interface. # firewall_simple_inet: Inside IPv4 network address. # firewall_simple_oif: Outside IPv4 network interface. # firewall_simple_onet: Outside IPv4 network address. # firewall_simple_iif_ipv6: Inside IPv6 network interface. # firewall_simple_inet_ipv6: Inside IPv6 network prefix. # firewall_simple_oif_ipv6: Outside IPv6 network interface. # firewall_simple_onet_ipv6: Outside IPv6 network prefix. ############ # set these to your outside interface network oif="$firewall_simple_oif" onet="$firewall_simple_onet" oif6="${firewall_simple_oif_ipv6:-$firewall_simple_oif}" onet6="$firewall_simple_onet_ipv6" # set these to your inside interface network iif="$firewall_simple_iif" inet="$firewall_simple_inet" iif6="${firewall_simple_iif_ipv6:-$firewall_simple_iif}" inet6="$firewall_simple_inet_ipv6" # Stop spoofing ${fwcmd} add deny all from ${inet} to any in via ${oif} ${fwcmd} add deny all from ${onet} to any in via ${iif} if [ -n "$inet6" ]; then ${fwcmd} add deny all from ${inet6} to any in via ${oif6} if [ -n "$onet6" ]; then ${fwcmd} add deny all from ${onet6} to any in \ via ${iif6} fi fi # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif} ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif} ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif} ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif} ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif} ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif} # Network Address Translation. This rule is placed here deliberately # so that it does not interfere with the surrounding address-checking # rules. If for example one of your internal LAN machines had its IP # address set to 192.0.2.1 then an incoming packet for it after being # translated by natd(8) would match the `deny' rule above. Similarly # an outgoing packet originated from it before being translated would # match the `deny' rule below. case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add divert natd ip4 from any to any via ${natd_interface} fi ;; esac # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1, # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E) # on the outside interface ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif} ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif} ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif} ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif} if [ -n "$inet6" ]; then # Stop unique local unicast address on the outside interface ${fwcmd} add deny all from fc00::/7 to any via ${oif6} ${fwcmd} add deny all from any to fc00::/7 via ${oif6} # Stop site-local on the outside interface ${fwcmd} add deny all from fec0::/10 to any via ${oif6} ${fwcmd} add deny all from any to fec0::/10 via ${oif6} # Disallow "internal" addresses to appear on the wire. ${fwcmd} add deny all from ::ffff:0.0.0.0/96 to any \ via ${oif6} ${fwcmd} add deny all from any to ::ffff:0.0.0.0/96 \ via ${oif6} # Disallow packets to malicious IPv4 compatible prefix. ${fwcmd} add deny all from ::224.0.0.0/100 to any via ${oif6} ${fwcmd} add deny all from any to ::224.0.0.0/100 via ${oif6} ${fwcmd} add deny all from ::127.0.0.0/104 to any via ${oif6} ${fwcmd} add deny all from any to ::127.0.0.0/104 via ${oif6} ${fwcmd} add deny all from ::0.0.0.0/104 to any via ${oif6} ${fwcmd} add deny all from any to ::0.0.0.0/104 via ${oif6} ${fwcmd} add deny all from ::255.0.0.0/104 to any via ${oif6} ${fwcmd} add deny all from any to ::255.0.0.0/104 via ${oif6} ${fwcmd} add deny all from ::0.0.0.0/96 to any via ${oif6} ${fwcmd} add deny all from any to ::0.0.0.0/96 via ${oif6} # Disallow packets to malicious 6to4 prefix. ${fwcmd} add deny all from 2002:e000::/20 to any via ${oif6} ${fwcmd} add deny all from any to 2002:e000::/20 via ${oif6} ${fwcmd} add deny all from 2002:7f00::/24 to any via ${oif6} ${fwcmd} add deny all from any to 2002:7f00::/24 via ${oif6} ${fwcmd} add deny all from 2002:0000::/24 to any via ${oif6} ${fwcmd} add deny all from any to 2002:0000::/24 via ${oif6} ${fwcmd} add deny all from 2002:ff00::/24 to any via ${oif6} ${fwcmd} add deny all from any to 2002:ff00::/24 via ${oif6} ${fwcmd} add deny all from 2002:0a00::/24 to any via ${oif6} ${fwcmd} add deny all from any to 2002:0a00::/24 via ${oif6} ${fwcmd} add deny all from 2002:ac10::/28 to any via ${oif6} ${fwcmd} add deny all from any to 2002:ac10::/28 via ${oif6} ${fwcmd} add deny all from 2002:c0a8::/32 to any via ${oif6} ${fwcmd} add deny all from any to 2002:c0a8::/32 via ${oif6} ${fwcmd} add deny all from ff05::/16 to any via ${oif6} ${fwcmd} add deny all from any to ff05::/16 via ${oif6} fi # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming email ${fwcmd} add pass tcp from any to me 25 setup # Allow access to our DNS ${fwcmd} add pass tcp from any to me 53 setup ${fwcmd} add pass udp from any to me 53 ${fwcmd} add pass udp from me 53 to any # Allow access to our WWW ${fwcmd} add pass tcp from any to me 80 setup # Reject&Log all setup of incoming connections from the outside ${fwcmd} add deny log ip4 from any to any in via ${oif} setup proto tcp if [ -n "$inet6" ]; then ${fwcmd} add deny log ip6 from any to any in via ${oif6} \ setup proto tcp fi # Allow setup of any other TCP connection ${fwcmd} add pass tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from me to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from me to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;; [Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn]) # Configuration: # firewall_myservices: List of TCP ports on which this host # offers services. # firewall_allowservices: List of IPv4 and/or IPv6 addresses # that have access to # $firewall_myservices. # firewall_trusted: List of IPv4 and/or IPv6 addresses # that have full access to this host. # Be very careful when setting this. # This option can seriously degrade # the level of protection provided by # the firewall. # firewall_logdeny: Boolean (YES/NO) specifying if the # default denied packets should be # logged (in /var/log/security). # firewall_nologports: List of TCP/UDP ports for which - # denied incomming packets are not + # denied incoming packets are not # logged. # Allow packets for which a state has been built. ${fwcmd} add check-state # For services permitted below. ${fwcmd} add pass tcp from me to any established # Allow any connection out, adding state for each. ${fwcmd} add pass tcp from me to any setup keep-state ${fwcmd} add pass udp from me to any keep-state ${fwcmd} add pass icmp from me to any keep-state if [ $ipv6_available -eq 0 ]; then ${fwcmd} add pass ipv6-icmp from me to any keep-state fi # Allow DHCP. ${fwcmd} add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out ${fwcmd} add pass udp from any 67 to me 68 in ${fwcmd} add pass udp from any 67 to 255.255.255.255 68 in if [ $ipv6_available -eq 0 ]; then ${fwcmd} add pass udp from fe80::/10 to me 546 in fi # Some servers will ping the IP while trying to decide if it's # still in use. ${fwcmd} add pass icmp from any to any icmptype 8 if [ $ipv6_available -eq 0 ]; then ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129 fi # Allow "mandatory" ICMP in. ${fwcmd} add pass icmp from any to any icmptype 3,4,11 if [ $ipv6_available -eq 0 ]; then ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3 fi # Add permits for this workstations published services below # Only IPs and nets in firewall_allowservices is allowed in. # If you really wish to let anyone use services on your # workstation, then set "firewall_allowservices='any'" in /etc/rc.conf # # Note: We don't use keep-state as that would allow DoS of # our statetable. # You can add 'keep-state' to the lines for slightly # better performance if you fell that DoS of your # workstation won't be a problem. # for i in ${firewall_allowservices} ; do for j in ${firewall_myservices} ; do ${fwcmd} add pass tcp from $i to me $j done done # Allow all connections from trusted IPs. # Playing with the content of firewall_trusted could seriously # degrade the level of protection provided by the firewall. for i in ${firewall_trusted} ; do ${fwcmd} add pass ip from $i to me done ${fwcmd} add 65000 count ip from any to any # Drop packets to ports where we don't want logging for i in ${firewall_nologports} ; do ${fwcmd} add deny { tcp or udp } from any to any $i in done - # Broadcasts and muticasts + # Broadcasts and multicasts ${fwcmd} add deny ip from any to 255.255.255.255 ${fwcmd} add deny ip from any to 224.0.0.0/24 in # XXX # Noise from routers ${fwcmd} add deny udp from any to any 520 in # Noise from webbrowsing. - # The statefull filter is a bit agressive, and will cause some + # The stateful filter is a bit aggressive, and will cause some # connection teardowns to be logged. ${fwcmd} add deny tcp from any 80,443 to any 1024-65535 in # Deny and (if wanted) log the rest unconditionally. log="" if [ ${firewall_logdeny:-x} = "YES" -o ${firewall_logdeny:-x} = "yes" ] ; then log="log logamount 500" # The default of 100 is too low. sysctl net.inet.ip.fw.verbose=1 >/dev/null fi ${fwcmd} add deny $log ip from any to any ;; [Cc][Ll][Oo][Ss][Ee][Dd]) ${fwcmd} add 65000 deny ip from any to any ;; [Uu][Nn][Kk][Nn][Oo][Ww][Nn]) ;; *) if [ -r "${firewall_type}" ]; then ${fwcmd} ${firewall_flags} ${firewall_type} fi ;; esac Index: head/etc/rc.initdiskless =================================================================== --- head/etc/rc.initdiskless (revision 229782) +++ head/etc/rc.initdiskless (revision 229783) @@ -1,381 +1,381 @@ #!/bin/sh # # Copyright (c) 1999 Matt Dillon # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD$ # On entry to this script the entire system consists of a read-only root # mounted via NFS. The kernel has run BOOTP and configured an interface # (otherwise it would not have been able to mount the NFS root!) # # We use the contents of /conf to create and populate memory filesystems # that are mounted on top of this root to implement the writable # (and host-specific) parts of the root filesystem, and other volatile # filesystems. # # The hierarchy in /conf has the form /conf/T/M/ where M are directories # for which memory filesystems will be created and filled, # and T is one of the "template" directories below: # # base universal base, typically a replica of the original root; # default secondary universal base, typically overriding some # of the files in the original root; # ${ipba} where ${ipba} is the assigned broadcast IP address # bcast/${ipba} same as above # ${class} where ${class} is a list of directories supplied by # bootp/dhcp through the T134 option. -# ${ipba} and ${class} are typicall used to configure features +# ${ipba} and ${class} are typically used to configure features # for group of diskless clients, or even individual features; # ${ip} where ${ip} is the machine's assigned IP address, typically # used to set host-specific features; # ip/${ip} same as above # # Template directories are scanned in the order they are listed above, -# with each sucessive directory overriding (merged into) the previous one; +# with each successive directory overriding (merged into) the previous one; # non-existing directories are ignored. The subdirectory forms exist to -# help keep the top level /conf managable in large installations. +# help keep the top level /conf manageable in large installations. # # The existence of a directory /conf/T/M causes this script to create a # memory filesystem mounted as /M on the client. # # Some files in /conf have special meaning, namely: # # Filename Action # ---------------------------------------------------------------- # /conf/T/M/remount # The contents of the file is a mount command. E.g. if # /conf/1.2.3.4/foo/remount contains "mount -o ro /dev/ad0s3", # then /dev/ad0s3 will be be mounted on /conf/1.2.3.4/foo/ # # /conf/T/M/remount_optional # If this file exists, then failure to execute the mount # command contained in /conf/T/M/remount is non-fatal. # # /conf/T/M/remount_subdir # If this file exists, then the behaviour of /conf/T/M/remount # changes as follows: # 1. /conf/T/M/remount is invoked to mount the root of the # filesystem where the configuration data exists on a # temporary mountpoint. # 2. /conf/T/M/remount_subdir is then invoked to mount a # *subdirectory* of the filesystem mounted by # /conf/T/M/remount on /conf/T/M/. # # /conf/T/M/diskless_remount # The contents of the file points to an NFS filesystem, # possibly followed by mount_nfs options. If the server name # is omitted, the script will prepend the root path used when # booting. E.g. if you booted from foo.com:/path/to/root, # an entry for /conf/base/etc/diskless_remount could be any of # foo.com:/path/to/root/etc # /etc -o ro # Because mount_nfs understands ".." in paths, it is # possible to mount from locations above the NFS root with # paths such as "/../../etc". # # /conf/T/M/md_size # The contents of the file specifies the size of the memory # filesystem to be created, in 512 byte blocks. # The default size is 10240 blocks (5MB). E.g. if # /conf/base/etc/md_size contains "30000" then a 15MB MFS # will be created. In case of multiple entries for the same # directory M, the last one in the scanning order is used. # NOTE: If you only need to create a memory filesystem but not # initialize it from a template, it is preferrable to specify # it in fstab e.g. as "md /tmp mfs -s=30m,rw 0 0" # # /conf/T/SUBDIR.cpio.gz # The file is cpio'd into /SUBDIR (and a memory filesystem is # created for /SUBDIR if necessary). The presence of this file # prevents the copy from /conf/T/SUBDIR/ # # /conf/T/SUBDIR.remove # The list of paths contained in the file are rm -rf'd # relative to /SUBDIR. # # /conf/diskless_remount # Similar to /conf/T/M/diskless_remount above, but allows # all of /conf to be remounted. This can be used to allow # multiple roots to share the same /conf. # # # You will almost universally want to create the following files under /conf # # File Content # ---------------------------- ---------------------------------- # /conf/base/etc/md_size size of /etc filesystem # /conf/base/etc/diskless_remount "/etc" # /conf/default/etc/rc.conf generic diskless config parameters # /conf/default/etc/fstab generic diskless fstab e.g. like this # # foo:/root_part / nfs ro 0 0 # foo:/usr_part /usr nfs ro 0 0 # foo:/home_part /home nfs rw 0 0 # md /tmp mfs -s=30m,rw 0 0 # md /var mfs -s=30m,rw 0 0 # proc /proc procfs rw 0 0 # # plus, possibly, overrides for password files etc. # # NOTE! /var, /tmp, and /dev will be typically created elsewhere, e.g. # as entries in the fstab as above. # Those filesystems should not be specified in /conf. # # (end of documentation, now get to the real code) dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` # DEBUGGING # log something on stdout if verbose. o_verbose=0 # set to 1 or 2 if you want more debugging log() { [ ${o_verbose} -gt 0 ] && echo "*** $* ***" [ ${o_verbose} -gt 1 ] && read -p "=== Press enter to continue" foo } # chkerr: # # Routine to check for error # # checks error code and drops into shell on failure. # if shell exits, terminates script as well as /etc/rc. # if remount_optional exists under the mountpoint, skip this check. # chkerr() { lastitem () ( n=$(($# - 1)) ; shift $n ; echo $1 ) mountpoint="$(lastitem $2)" [ -r $mountpoint/remount_optional ] && ( echo "$2 failed: ignoring due to remount_optional" ; return ) case $1 in 0) ;; *) echo "$2 failed: dropping into /bin/sh" /bin/sh # RESUME ;; esac } # The list of filesystems to umount after the copy to_umount="" handle_remount() { # $1 = mount point local nfspt mountopts b b=$1 log handle_remount $1 [ -d $b -a -f $b/diskless_remount ] || return read nfspt mountopts < $b/diskless_remount log "nfspt ${nfspt} mountopts ${mountopts}" # prepend the nfs root if not present [ `expr "$nfspt" : '\(.\)'` = "/" ] && nfspt="${nfsroot}${nfspt}" mount_nfs $mountopts $nfspt $b chkerr $? "mount_nfs $nfspt $b" to_umount="$b ${to_umount}" } # Create a generic memory disk # mount_md() { /sbin/mdmfs -S -i 4096 -s $1 -M md $2 } # Create the memory filesystem if it has not already been created # create_md() { [ "x`eval echo \\$md_created_$1`" = "x" ] || return # only once if [ "x`eval echo \\$md_size_$1`" = "x" ]; then md_size=10240 else md_size=`eval echo \\$md_size_$1` fi log create_md $1 with size $md_size mount_md $md_size /$1 /bin/chmod 755 /$1 eval md_created_$1=created } # DEBUGGING # # set -v # Figure out our interface and IP. # bootp_ifc="" bootp_ipa="" bootp_ipbca="" class="" if [ ${dlv:=0} -ne 0 ] ; then iflist=`ifconfig -l` for i in ${iflist} ; do set -- `ifconfig ${i}` while [ $# -ge 1 ] ; do if [ "${bootp_ifc}" = "" -a "$1" = "inet" ] ; then bootp_ifc=${i} ; bootp_ipa=${2} ; shift fi if [ "${bootp_ipbca}" = "" -a "$1" = "broadcast" ] ; then bootp_ipbca=$2; shift fi shift done if [ "${bootp_ifc}" != "" ] ; then break fi done # Get the values passed with the T134 bootp cookie. class="`/sbin/sysctl -qn kern.bootp_cookie`" echo "Interface ${bootp_ifc} IP-Address ${bootp_ipa} Broadcast ${bootp_ipbca} ${class}" fi log Figure out our NFS root path # set -- `mount -t nfs` while [ $# -ge 1 ] ; do if [ "$2" = "on" -a "$3" = "/" ]; then nfsroot="$1" break fi shift done # The list of directories with template files templates="base default" if [ -n "${bootp_ipbca}" ]; then templates="${templates} ${bootp_ipbca} bcast/${bootp_ipbca}" fi if [ -n "${class}" ]; then templates="${templates} ${class}" fi if [ -n "${bootp_ipa}" ]; then templates="${templates} ${bootp_ipa} ip/${bootp_ipa}" fi # If /conf/diskless_remount exists, remount all of /conf. handle_remount /conf # Resolve templates in /conf/base, /conf/default, /conf/${bootp_ipbca}, # and /conf/${bootp_ipa}. For each subdirectory found within these # directories: # # - calculate memory filesystem sizes. If the subdirectory (prior to # NFS remounting) contains the file 'md_size', the contents specified # in 512 byte sectors will be used to size the memory filesystem. Otherwise # 8192 sectors (4MB) is used. # # - handle NFS remounts. If the subdirectory contains the file # diskless_remount, the contents of the file is NFS mounted over # the directory. For example /conf/base/etc/diskless_remount # might contain 'myserver:/etc'. NFS remounts allow you to avoid # having to dup your system directories in /conf. Your server must # be sure to export those filesystems -alldirs, however. # If the diskless_remount file contains a string beginning with a # '/' it is assumed that the local nfsroot should be prepended to # it before attemping to the remount. This allows the root to be # relocated without needing to change the remount files. # log "templates are ${templates}" for i in ${templates} ; do for j in /conf/$i/* ; do [ -d $j ] || continue # memory filesystem size specification subdir=${j##*/} [ -f $j/md_size ] && eval md_size_$subdir=`cat $j/md_size` # remount. Beware, the command is in the file itself! if [ -f $j/remount ]; then if [ -f $j/remount_subdir ]; then k="/conf.tmp/$i/$subdir" [ -d $k ] || continue # Mount the filesystem root where the config data is # on the temporary mount point. nfspt=`/bin/cat $j/remount` $nfspt $k chkerr $? "$nfspt $k" # Now use a nullfs mount to get the data where we # really want to see it. remount_subdir=`/bin/cat $j/remount_subdir` remount_subdir_cmd="mount -t nullfs $k/$remount_subdir" $remount_subdir_cmd $j chkerr $? "$remount_subdir_cmd $j" # XXX check order -- we must force $k to be unmounted # after j, as j depends on k. to_umount="$j $k ${to_umount}" else nfspt=`/bin/cat $j/remount` $nfspt $j chkerr $? "$nfspt $j" to_umount="$j ${to_umount}" # XXX hope it is really a mount! fi fi # NFS remount handle_remount $j done done # - Create all required MFS filesystems and populate them from # our templates. Support both a direct template and a dir.cpio.gz # archive. Support dir.remove files containing a list of relative # paths to remove. # # The dir.cpio.gz form is there to make the copy process more efficient, # so if the cpio archive is present, it prevents the files from dir/ # from being copied. for i in ${templates} ; do for j in /conf/$i/* ; do subdir=${j##*/} if [ -d $j -a ! -f $j.cpio.gz ]; then create_md $subdir cp -Rp $j/ /$subdir fi done for j in /conf/$i/*.cpio.gz ; do subdir=${j%*.cpio.gz} subdir=${subdir##*/} if [ -f $j ]; then create_md $subdir echo "Loading /$subdir from cpio archive $j" (cd / ; /rescue/tar -xpf $j) fi done for j in /conf/$i/*.remove ; do subdir=${j%*.remove} subdir=${subdir##*/} if [ -f $j ]; then # doubly sure it is a memory disk before rm -rf'ing create_md $subdir (cd /$subdir; rm -rf `/bin/cat $j`) fi done done # umount partitions used to fill the memory filesystems [ -n "${to_umount}" ] && umount $to_umount Index: head/etc/rc.subr =================================================================== --- head/etc/rc.subr (revision 229782) +++ head/etc/rc.subr (revision 229783) @@ -1,1778 +1,1778 @@ # $NetBSD: rc.subr,v 1.67 2006/10/07 11:25:15 elad Exp $ # $FreeBSD$ # # Copyright (c) 1997-2004 The NetBSD Foundation, Inc. # All rights reserved. # # This code is derived from software contributed to The NetBSD Foundation # by Luke Mewburn. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # rc.subr # functions used by various rc scripts # : ${rcvar_manpage:='rc.conf(5)'} : ${RC_PID:=$$}; export RC_PID # # Operating System dependent/independent variables # if [ -z "${_rc_subr_loaded}" ]; then _rc_subr_loaded="YES" SYSCTL="/sbin/sysctl" SYSCTL_N="${SYSCTL} -n" SYSCTL_W="${SYSCTL}" ID="/usr/bin/id" IDCMD="if [ -x $ID ]; then $ID -un; fi" PS="/bin/ps -ww" JID=`$PS -p $$ -o jid=` # # functions # --------- # set_rcvar [var] [defval] [desc] # # Echo or define a rc.conf(5) variable name. Global variable # $rcvars is used. # # If no argument is specified, echo "${name}_enable". # # If only a var is specified, echo "${var}_enable". # # If var and defval are specified, the ${var} is defined as # rc.conf(5) variable and the default value is ${defvar}. An # optional argument $desc can also be specified to add a # description for that. # set_rcvar() { case $# in 0) echo ${name}_enable ;; 1) echo ${1}_enable ;; *) debug "rcvar_define: \$$1=$2 is added" \ " as a rc.conf(5) variable." local _var _var=$1 rcvars="${rcvars# } $_var" eval ${_var}_defval=\"$2\" shift 2 # encode multiple lines of _desc for l in "$@"; do eval ${_var}_desc=\"\${${_var}_desc#^^}^^$l\" done eval ${_var}_desc=\"\${${_var}_desc#^^}\" ;; esac } # set_rcvar_obsolete oldvar [newvar] [msg] # Define obsolete variable. # Global variable $rcvars_obsolete is used. # set_rcvar_obsolete() { local _var _var=$1 debug "rcvar_obsolete: \$$1(old) -> \$$2(new) is defined" rcvars_obsolete="${rcvars_obsolete# } $1" eval ${1}_newvar=\"$2\" shift 2 eval ${_var}_obsolete_msg=\"$*\" } # # force_depend script # Force a service to start. Intended for use by services # to resolve dependency issues. It is assumed the caller # has check to make sure this call is necessary # $1 - filename of script, in /etc/rc.d, to run # force_depend() { _depend="$1" info "${name} depends on ${_depend}, which will be forced to start." if ! /etc/rc.d/${_depend} forcestart; then warn "Unable to force ${_depend}. It may already be running." return 1 fi return 0 } # # checkyesno var # Test $1 variable, and warn if not set to YES or NO. # Return 0 if it's "yes" (et al), nonzero otherwise. # checkyesno() { eval _value=\$${1} debug "checkyesno: $1 is set to $_value." case $_value in # "yes", "true", "on", or "1" [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) return 0 ;; # "no", "false", "off", or "0" [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) return 1 ;; *) warn "\$${1} is not set properly - see ${rcvar_manpage}." return 1 ;; esac } # # reverse_list list # print the list in reverse order # reverse_list() { _revlist= for _revfile; do _revlist="$_revfile $_revlist" done echo $_revlist } # stop_boot always # If booting directly to multiuser or $always is enabled, # send SIGTERM to the parent (/etc/rc) to abort the boot. # Otherwise just exit. # stop_boot() { local always case $1 in # "yes", "true", "on", or "1" [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) always=true ;; *) always=false ;; esac if [ "$autoboot" = yes -o "$always" = true ]; then echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" kill -TERM ${RC_PID} fi exit 1 } # # mount_critical_filesystems type # Go through the list of critical filesystems as provided in # the rc.conf(5) variable $critical_filesystems_${type}, checking # each one to see if it is mounted, and if it is not, mounting it. # mount_critical_filesystems() { eval _fslist=\$critical_filesystems_${1} for _fs in $_fslist; do mount | ( _ismounted=false while read what _on on _type type; do if [ $on = $_fs ]; then _ismounted=true fi done if $_ismounted; then : else mount $_fs >/dev/null 2>&1 fi ) done } # # check_pidfile pidfile procname [interpreter] # Parses the first line of pidfile for a PID, and ensures # that the process is running and matches procname. # Prints the matching PID upon success, nothing otherwise. # interpreter is optional; see _find_processes() for details. # check_pidfile() { _pidfile=$1 _procname=$2 _interpreter=$3 if [ -z "$_pidfile" -o -z "$_procname" ]; then err 3 'USAGE: check_pidfile pidfile procname [interpreter]' fi if [ ! -f $_pidfile ]; then debug "pid file ($_pidfile): not readable." return fi read _pid _junk < $_pidfile if [ -z "$_pid" ]; then debug "pid file ($_pidfile): no pid in file." return fi _find_processes $_procname ${_interpreter:-.} '-p '"$_pid" } # # check_process procname [interpreter] # Ensures that a process (or processes) named procname is running. # Prints a list of matching PIDs. # interpreter is optional; see _find_processes() for details. # check_process() { _procname=$1 _interpreter=$2 if [ -z "$_procname" ]; then err 3 'USAGE: check_process procname [interpreter]' fi _find_processes $_procname ${_interpreter:-.} '-ax' } # # _find_processes procname interpreter psargs # Search for procname in the output of ps generated by psargs. # Prints the PIDs of any matching processes, space separated. # # If interpreter == ".", check the following variations of procname # against the first word of each command: # procname # `basename procname` # `basename procname` + ":" # "(" + `basename procname` + ")" # "[" + `basename procname` + "]" # # If interpreter != ".", read the first line of procname, remove the # leading #!, normalise whitespace, append procname, and attempt to # match that against each command, either as is, or with extra words # at the end. As an alternative, to deal with interpreted daemons # using perl, the basename of the interpreter plus a colon is also # tried as the prefix to procname. # _find_processes() { if [ $# -ne 3 ]; then err 3 'USAGE: _find_processes procname interpreter psargs' fi _procname=$1 _interpreter=$2 _psargs=$3 _pref= if [ $_interpreter != "." ]; then # an interpreted script _script=${_chroot}${_chroot:+"/"}$_procname if [ -r $_script ]; then read _interp < $_script # read interpreter name case "$_interp" in \#!*) _interp=${_interp#\#!} # strip #! set -- $_interp case $1 in */bin/env) shift # drop env to get real name ;; esac if [ $_interpreter != $1 ]; then warn "\$command_interpreter $_interpreter != $1" fi ;; *) warn "no shebang line in $_script" set -- $_interpreter ;; esac else warn "cannot read shebang line from $_script" set -- $_interpreter fi _interp="$* $_procname" # cleanup spaces, add _procname _interpbn=${1##*/} _fp_args='_argv' _fp_match='case "$_argv" in ${_interp}|"${_interp} "*|"${_interpbn}: ${_procname}"*)' else # a normal daemon _procnamebn=${_procname##*/} _fp_args='_arg0 _argv' _fp_match='case "$_arg0" in $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")' fi _proccheck="\ $PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' | while read _npid _jid '"$_fp_args"'; do '"$_fp_match"' if [ "$JID" -eq "$_jid" ]; then echo -n "$_pref$_npid"; _pref=" "; fi ;; esac done' # debug "in _find_processes: proccheck is ($_proccheck)." eval $_proccheck } # # wait_for_pids pid [pid ...] # spins until none of the pids exist # wait_for_pids() { local _list _prefix _nlist _j _list="$@" if [ -z "$_list" ]; then return fi _prefix= while true; do _nlist=""; for _j in $_list; do if kill -0 $_j 2>/dev/null; then _nlist="${_nlist}${_nlist:+ }$_j" [ -n "$_prefix" ] && sleep 1 fi done if [ -z "$_nlist" ]; then break fi _list=$_nlist echo -n ${_prefix:-"Waiting for PIDS: "}$_list _prefix=", " pwait $_list 2>/dev/null done if [ -n "$_prefix" ]; then echo "." fi } # # get_pidfile_from_conf string file # # Takes a string to search for in the specified file. # Ignores lines with traditional comment characters. # # Example: # # if get_pidfile_from_conf string file; then # pidfile="$_pidfile_from_conf" # else # pidfile='appropriate default' # fi # get_pidfile_from_conf() { if [ -z "$1" -o -z "$2" ]; then err 3 "USAGE: get_pidfile_from_conf string file ($name)" fi local string file line string="$1" ; file="$2" if [ ! -s "$file" ]; then err 3 "get_pidfile_from_conf: $file does not exist ($name)" fi while read line; do case "$line" in *[#\;]*${string}*) continue ;; *${string}*) break ;; esac done < $file if [ -n "$line" ]; then line=${line#*/} _pidfile_from_conf="/${line%%[\"\;]*}" else return 1 fi } # # check_startmsgs # If rc_quiet is set (usually as a result of using faststart at # boot time) check if rc_startmsgs is enabled. # check_startmsgs() { if [ -n "$rc_quiet" ]; then checkyesno rc_startmsgs else return 0 fi } # # run_rc_command argument # Search for argument in the list of supported commands, which is: # "start stop restart rcvar status poll ${extra_commands}" # If there's a match, run ${argument}_cmd or the default method # (see below). # # If argument has a given prefix, then change the operation as follows: # Prefix Operation # ------ --------- # fast Skip the pid check, and set rc_fast=yes, rc_quiet=yes # force Set ${rcvar} to YES, and set rc_force=yes # one Set ${rcvar} to YES # quiet Don't output some diagnostics, and set rc_quiet=yes # # The following globals are used: # # Name Needed Purpose # ---- ------ ------- # name y Name of script. # # command n Full path to command. # Not needed if ${rc_arg}_cmd is set for # each keyword. # # command_args n Optional args/shell directives for command. # # command_interpreter n If not empty, command is interpreted, so # call check_{pidfile,process}() appropriately. # # desc n Description of script. # # extra_commands n List of extra commands supported. # # pidfile n If set, use check_pidfile $pidfile $command, # otherwise use check_process $command. # In either case, only check if $command is set. # # procname n Process name to check for instead of $command. # # rcvar n This is checked with checkyesno to determine # if the action should be run. # # ${name}_program n Full path to command. # Meant to be used in /etc/rc.conf to override # ${command}. # # ${name}_chroot n Directory to chroot to before running ${command} # Requires /usr to be mounted. # # ${name}_chdir n Directory to cd to before running ${command} # (if not using ${name}_chroot). # # ${name}_flags n Arguments to call ${command} with. # NOTE: $flags from the parent environment # can be used to override this. # # ${name}_nice n Nice level to run ${command} at. # # ${name}_user n User to run ${command} as, using su(1) if not # using ${name}_chroot. # Requires /usr to be mounted. # # ${name}_group n Group to run chrooted ${command} as. # Requires /usr to be mounted. # # ${name}_groups n Comma separated list of supplementary groups # to run the chrooted ${command} with. # Requires /usr to be mounted. # # ${rc_arg}_cmd n If set, use this as the method when invoked; # Otherwise, use default command (see below) # # ${rc_arg}_precmd n If set, run just before performing the # ${rc_arg}_cmd method in the default # operation (i.e, after checking for required # bits and process (non)existence). # If this completes with a non-zero exit code, # don't run ${rc_arg}_cmd. # # ${rc_arg}_postcmd n If set, run just after performing the # ${rc_arg}_cmd method, if that method # returned a zero exit code. # # required_dirs n If set, check for the existence of the given # directories before running a (re)start command. # # required_files n If set, check for the readability of the given # files before running a (re)start command. # # required_modules n If set, ensure the given kernel modules are # loaded before running a (re)start command. # The check and possible loads are actually # done after start_precmd so that the modules # aren't loaded in vain, should the precmd # return a non-zero status to indicate a error. # If a word in the list looks like "foo:bar", # "foo" is the KLD file name and "bar" is the # module name. If a word looks like "foo~bar", # "foo" is the KLD file name and "bar" is a # egrep(1) pattern matching the module name. # Otherwise the module name is assumed to be # the same as the KLD file name, which is most # common. See load_kld(). # # required_vars n If set, perform checkyesno on each of the # listed variables before running the default # (re)start command. # # Default behaviour for a given argument, if no override method is # provided: # # Argument Default behaviour # -------- ----------------- # start if !running && checkyesno ${rcvar} # ${command} # # stop if ${pidfile} # rc_pid=$(check_pidfile $pidfile $command) # else # rc_pid=$(check_process $command) # kill $sig_stop $rc_pid # wait_for_pids $rc_pid # ($sig_stop defaults to TERM.) # # reload Similar to stop, except use $sig_reload instead, # and doesn't wait_for_pids. # $sig_reload defaults to HUP. # Note that `reload' isn't provided by default, # it should be enabled via $extra_commands. # # restart Run `stop' then `start'. # # status Show if ${command} is running, etc. # # poll Wait for ${command} to exit. # # rcvar Display what rc.conf variable is used (if any). # # Variables available to methods, and after run_rc_command() has # completed: # # Variable Purpose # -------- ------- # rc_arg Argument to command, after fast/force/one processing # performed # # rc_flags Flags to start the default command with. # Defaults to ${name}_flags, unless overridden # by $flags from the environment. # This variable may be changed by the precmd method. # # rc_pid PID of command (if appropriate) # # rc_fast Not empty if "fast" was provided (q.v.) # # rc_force Not empty if "force" was provided (q.v.) # # rc_quiet Not empty if "quiet" was provided # # run_rc_command() { _return=0 rc_arg=$1 if [ -z "$name" ]; then err 3 'run_rc_command: $name is not set.' fi # Don't repeat the first argument when passing additional command- # line arguments to the command subroutines. # shift 1 rc_extra_args="$*" _rc_prefix= case "$rc_arg" in fast*) # "fast" prefix; don't check pid rc_arg=${rc_arg#fast} rc_fast=yes rc_quiet=yes ;; force*) # "force" prefix; always run rc_force=yes _rc_prefix=force rc_arg=${rc_arg#${_rc_prefix}} if [ -n "${rcvar}" ]; then eval ${rcvar}=YES fi ;; one*) # "one" prefix; set ${rcvar}=yes _rc_prefix=one rc_arg=${rc_arg#${_rc_prefix}} if [ -n "${rcvar}" ]; then eval ${rcvar}=YES fi ;; quiet*) # "quiet" prefix; omit some messages _rc_prefix=quiet rc_arg=${rc_arg#${_rc_prefix}} rc_quiet=yes ;; esac eval _override_command=\$${name}_program command=${_override_command:-$command} _keywords="start stop restart rcvar $extra_commands" rc_pid= _pidcmd= _procname=${procname:-${command}} # setup pid check command if [ -n "$_procname" ]; then if [ -n "$pidfile" ]; then _pidcmd='rc_pid=$(check_pidfile '"$pidfile $_procname $command_interpreter"')' else _pidcmd='rc_pid=$(check_process '"$_procname $command_interpreter"')' fi if [ -n "$_pidcmd" ]; then _keywords="${_keywords} status poll" fi fi if [ -z "$rc_arg" ]; then rc_usage $_keywords fi if [ -n "$flags" ]; then # allow override from environment rc_flags=$flags else eval rc_flags=\$${name}_flags fi eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \ _nice=\$${name}_nice _user=\$${name}_user \ _group=\$${name}_group _groups=\$${name}_groups if [ -n "$_user" ]; then # unset $_user if running as that user if [ "$_user" = "$(eval $IDCMD)" ]; then unset _user fi fi eval $_pidcmd # determine the pid if necessary for _elem in $_keywords; do if [ "$_elem" != "$rc_arg" ]; then continue fi # if ${rcvar} is set, $1 is not "rcvar" # and ${rc_pid} is not set, then run # checkyesno ${rcvar} # and return if that failed # if [ -n "${rcvar}" -a "$rc_arg" != "rcvar" -a "$rc_arg" != "stop" ] || [ -n "${rcvar}" -a "$rc_arg" = "stop" -a -z "${rc_pid}" ]; then if ! checkyesno ${rcvar}; then if [ -n "${rc_quiet}" ]; then return 0 fi echo -n "Cannot '${rc_arg}' $name. Set ${rcvar} to " echo -n "YES in /etc/rc.conf or use 'one${rc_arg}' " echo "instead of '${rc_arg}'." return 0 fi fi # if there's a custom ${XXX_cmd}, # run that instead of the default # eval _cmd=\$${rc_arg}_cmd \ _precmd=\$${rc_arg}_precmd \ _postcmd=\$${rc_arg}_postcmd if [ -n "$_cmd" ]; then _run_rc_precmd || return 1 _run_rc_doit "$_cmd $rc_extra_args" || return 1 _run_rc_postcmd return $_return fi case "$rc_arg" in # default operations... status) _run_rc_precmd || return 1 if [ -n "$rc_pid" ]; then echo "${name} is running as pid $rc_pid." else echo "${name} is not running." return 1 fi _run_rc_postcmd ;; start) if [ -z "$rc_fast" -a -n "$rc_pid" ]; then echo 1>&2 "${name} already running? (pid=$rc_pid)." return 1 fi if [ ! -x ${_chroot}${_chroot:+"/"}${command} ]; then warn "run_rc_command: cannot run $command" return 1 fi if ! _run_rc_precmd; then warn "failed precmd routine for ${name}" return 1 fi # setup the full command to run # check_startmsgs && echo "Starting ${name}." if [ -n "$_chroot" ]; then _doit="\ ${_nice:+nice -n $_nice }\ chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\ $_chroot $command $rc_flags $command_args" else _doit="\ ${_chdir:+cd $_chdir && }\ $command $rc_flags $command_args" if [ -n "$_user" ]; then _doit="su -m $_user -c 'sh -c \"$_doit\"'" fi if [ -n "$_nice" ]; then if [ -z "$_user" ]; then _doit="sh -c \"$_doit\"" fi _doit="nice -n $_nice $_doit" fi fi # run the full command # if ! _run_rc_doit "$_doit"; then warn "failed to start ${name}" return 1 fi # finally, run postcmd # _run_rc_postcmd ;; stop) if [ -z "$rc_pid" ]; then [ -n "$rc_fast" ] && return 0 _run_rc_notrunning return 1 fi _run_rc_precmd || return 1 # send the signal to stop # echo "Stopping ${name}." _doit=$(_run_rc_killcmd "${sig_stop:-TERM}") _run_rc_doit "$_doit" || return 1 # wait for the command to exit, # and run postcmd. wait_for_pids $rc_pid _run_rc_postcmd ;; reload) if [ -z "$rc_pid" ]; then _run_rc_notrunning return 1 fi _run_rc_precmd || return 1 _doit=$(_run_rc_killcmd "${sig_reload:-HUP}") _run_rc_doit "$_doit" || return 1 _run_rc_postcmd ;; restart) # prevent restart being called more # than once by any given script # if ${_rc_restart_done:-false}; then return 0 fi _rc_restart_done=true _run_rc_precmd || return 1 # run those in a subshell to keep global variables ( run_rc_command ${_rc_prefix}stop $rc_extra_args ) ( run_rc_command ${_rc_prefix}start $rc_extra_args ) _return=$? [ $_return -ne 0 ] && [ -z "$rc_force" ] && return 1 _run_rc_postcmd ;; poll) _run_rc_precmd || return 1 if [ -n "$rc_pid" ]; then wait_for_pids $rc_pid fi _run_rc_postcmd ;; rcvar) echo -n "# $name" if [ -n "$desc" ]; then echo " : $desc" else echo "" fi echo "#" # Get unique vars in $rcvar $rcvars for _v in $rcvar $rcvars; do case $v in $_v\ *|\ *$_v|*\ $_v\ *) ;; *) v="${v# } $_v" ;; esac done # Display variables. for _v in $v; do if [ -z "$_v" ]; then continue fi eval _desc=\$${_v}_desc eval _defval=\$${_v}_defval _h="-" eval echo \"$_v=\\\"\$$_v\\\"\" # decode multiple lines of _desc while [ -n "$_desc" ]; do case $_desc in *^^*) echo "# $_h ${_desc%%^^*}" _desc=${_desc#*^^} _h=" " ;; *) echo "# $_h ${_desc}" break ;; esac done echo "# (default: \"$_defval\")" done echo "" ;; *) rc_usage $_keywords ;; esac return $_return done echo 1>&2 "$0: unknown directive '$rc_arg'." rc_usage $_keywords # not reached } # # Helper functions for run_rc_command: common code. # They use such global variables besides the exported rc_* ones: # # name R/W # ------------------ # _precmd R # _postcmd R # _return W # _run_rc_precmd() { check_required_before "$rc_arg" || return 1 if [ -n "$_precmd" ]; then debug "run_rc_command: ${rc_arg}_precmd: $_precmd $rc_extra_args" eval "$_precmd $rc_extra_args" _return=$? # If precmd failed and force isn't set, request exit. if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then return 1 fi fi check_required_after "$rc_arg" || return 1 return 0 } _run_rc_postcmd() { if [ -n "$_postcmd" ]; then debug "run_rc_command: ${rc_arg}_postcmd: $_postcmd $rc_extra_args" eval "$_postcmd $rc_extra_args" _return=$? fi return 0 } _run_rc_doit() { debug "run_rc_command: doit: $*" eval "$@" _return=$? # If command failed and force isn't set, request exit. if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then return 1 fi return 0 } _run_rc_notrunning() { local _pidmsg if [ -n "$pidfile" ]; then _pidmsg=" (check $pidfile)." else _pidmsg= fi echo 1>&2 "${name} not running?${_pidmsg}" } _run_rc_killcmd() { local _cmd _cmd="kill -$1 $rc_pid" if [ -n "$_user" ]; then _cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'" fi echo "$_cmd" } # # run_rc_script file arg # Start the script `file' with `arg', and correctly handle the # return value from the script. # If `file' ends with `.sh', it's sourced into the current environment # when $rc_fast_and_loose is set, otherwise it is run as a child process. # If `file' appears to be a backup or scratch file, ignore it. # Otherwise if it is executable run as a child process. # run_rc_script() { _file=$1 _arg=$2 if [ -z "$_file" -o -z "$_arg" ]; then err 3 'USAGE: run_rc_script file arg' fi unset name command command_args command_interpreter \ extra_commands pidfile procname \ rcvar rcvars rcvars_obsolete required_dirs required_files \ required_vars eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd case "$_file" in /etc/rc.d/*.sh) # no longer allowed in the base warn "Ignoring old-style startup script $_file" ;; *[~#]|*.OLD|*.bak|*.orig|*,v) # scratch file; skip warn "Ignoring scratch file $_file" ;; *) # run in subshell if [ -x $_file ]; then if [ -n "$rc_fast_and_loose" ]; then set $_arg; . $_file else ( trap "echo Script $_file interrupted; kill -QUIT $$" 3 trap "echo Script $_file interrupted; exit 1" 2 trap "echo Script $_file running" 29 set $_arg; . $_file ) fi fi ;; esac } # # load_rc_config name # Source in the configuration file for a given name. # load_rc_config() { local _name _var _defval _v _msg _new _name=$1 if [ -z "$_name" ]; then err 3 'USAGE: load_rc_config name' fi if ${_rc_conf_loaded:-false}; then : else if [ -r /etc/defaults/rc.conf ]; then debug "Sourcing /etc/defaults/rc.conf" . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then debug "Sourcing /etc/rc.conf (/etc/defaults/rc.conf doesn't exist)." . /etc/rc.conf fi _rc_conf_loaded=true fi if [ -f /etc/rc.conf.d/"$_name" ]; then debug "Sourcing /etc/rc.conf.d/${_name}" . /etc/rc.conf.d/"$_name" fi # Set defaults if defined. for _var in $rcvar $rcvars; do eval _defval=\$${_var}_defval if [ -n "$_defval" ]; then eval : \${$_var:=\$${_var}_defval} fi done # check obsolete rc.conf variables for _var in $rcvars_obsolete; do eval _v=\$$_var eval _msg=\$${_var}_obsolete_msg eval _new=\$${_var}_newvar case $_v in "") ;; *) if [ -z "$_new" ]; then _msg="Ignored." else eval $_new=\"\$$_var\" if [ -z "$_msg" ]; then _msg="Use \$$_new instead." fi fi warn "\$$_var is obsolete. $_msg" ;; esac done } # # load_rc_config_var name var # Read the rc.conf(5) var for name and set in the # current shell, using load_rc_config in a subshell to prevent # unwanted side effects from other variable assignments. # load_rc_config_var() { if [ $# -ne 2 ]; then err 3 'USAGE: load_rc_config_var name var' fi eval $(eval '( load_rc_config '$1' >/dev/null; if [ -n "${'$2'}" -o "${'$2'-UNSET}" != "UNSET" ]; then echo '$2'=\'\''${'$2'}\'\''; fi )' ) } # # rc_usage commands # Print a usage string for $0, with `commands' being a list of # valid commands. # rc_usage() { echo -n 1>&2 "Usage: $0 [fast|force|one](" _sep= for _elem; do echo -n 1>&2 "$_sep$_elem" _sep="|" done echo 1>&2 ")" exit 1 } # # err exitval message # Display message to stderr and log to the syslog, and exit with exitval. # err() { exitval=$1 shift if [ -x /usr/bin/logger ]; then logger "$0: ERROR: $*" fi echo 1>&2 "$0: ERROR: $*" exit $exitval } # # warn message # Display message to stderr and log to the syslog. # warn() { if [ -x /usr/bin/logger ]; then logger "$0: WARNING: $*" fi echo 1>&2 "$0: WARNING: $*" } # # info message # Display informational message to stdout and log to syslog. # info() { case ${rc_info} in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ -x /usr/bin/logger ]; then logger "$0: INFO: $*" fi echo "$0: INFO: $*" ;; esac } # # debug message # If debugging is enabled in rc.conf output message to stderr. # BEWARE that you don't call any subroutine that itself calls this # function. # debug() { case ${rc_debug} in [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1) if [ -x /usr/bin/logger ]; then logger "$0: DEBUG: $*" fi echo 1>&2 "$0: DEBUG: $*" ;; esac } # # backup_file action file cur backup # Make a backup copy of `file' into `cur', and save the previous # version of `cur' as `backup' or use rcs for archiving. # # This routine checks the value of the backup_uses_rcs variable, # which can be either YES or NO. # # The `action' keyword can be one of the following: # # add `file' is now being backed up (and is possibly # being reentered into the backups system). `cur' # is created and RCS files, if necessary, are # created as well. # # update `file' has changed and needs to be backed up. # If `cur' exists, it is copied to to `back' or # checked into RCS (if the repository file is old), # and then `file' is copied to `cur'. Another RCS # check in done here if RCS is being used. # # remove `file' is no longer being tracked by the backups # system. If RCS is not being used, `cur' is moved # to `back', otherwise an empty file is checked in, # and then `cur' is removed. # # backup_file() { _action=$1 _file=$2 _cur=$3 _back=$4 if checkyesno backup_uses_rcs; then _msg0="backup archive" _msg1="update" # ensure that history file is not locked if [ -f $_cur,v ]; then rcs -q -u -U -M $_cur fi # ensure after switching to rcs that the # current backup is not lost if [ -f $_cur ]; then # no archive, or current newer than archive if [ ! -f $_cur,v -o $_cur -nt $_cur,v ]; then ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur rcs -q -kb -U $_cur co -q -f -u $_cur fi fi case $_action in add|update) cp -p $_file $_cur ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur rcs -q -kb -U $_cur co -q -f -u $_cur chown root:wheel $_cur $_cur,v ;; remove) cp /dev/null $_cur ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur rcs -q -kb -U $_cur chown root:wheel $_cur $_cur,v rm $_cur ;; esac else case $_action in add|update) if [ -f $_cur ]; then cp -p $_cur $_back fi cp -p $_file $_cur chown root:wheel $_cur ;; remove) mv -f $_cur $_back ;; esac fi } # make_symlink src link # Make a symbolic link 'link' to src from basedir. If the # directory in which link is to be created does not exist # a warning will be displayed and an error will be returned. -# Returns 0 on sucess, 1 otherwise. +# Returns 0 on success, 1 otherwise. # make_symlink() { local src link linkdir _me src="$1" link="$2" linkdir="`dirname $link`" _me="make_symlink()" if [ -z "$src" -o -z "$link" ]; then warn "$_me: requires two arguments." return 1 fi if [ ! -d "$linkdir" ]; then warn "$_me: the directory $linkdir does not exist." return 1 fi if ! ln -sf $src $link; then warn "$_me: unable to make a symbolic link from $link to $src" return 1 fi return 0 } # devfs_rulesets_from_file file # Reads a set of devfs commands from file, and creates # the specified rulesets with their rules. Returns non-zero # if there was an error. # devfs_rulesets_from_file() { local file _err _me file="$1" _me="devfs_rulesets_from_file" _err=0 if [ -z "$file" ]; then warn "$_me: you must specify a file" return 1 fi if [ ! -e "$file" ]; then debug "$_me: no such file ($file)" return 0 fi debug "reading rulesets from file ($file)" { while read line do case $line in \#*) continue ;; \[*\]*) rulenum=`expr "$line" : "\[.*=\([0-9]*\)\]"` if [ -z "$rulenum" ]; then warn "$_me: cannot extract rule number ($line)" _err=1 break fi rulename=`expr "$line" : "\[\(.*\)=[0-9]*\]"` if [ -z "$rulename" ]; then warn "$_me: cannot extract rule name ($line)" _err=1 break; fi eval $rulename=\$rulenum debug "found ruleset: $rulename=$rulenum" if ! /sbin/devfs rule -s $rulenum delset; then _err=1 break fi ;; *) rulecmd="${line%%"\#*"}" # evaluate the command incase it includes # other rules if [ -n "$rulecmd" ]; then debug "adding rule ($rulecmd)" if ! eval /sbin/devfs rule -s $rulenum $rulecmd then _err=1 break fi fi ;; esac if [ $_err -ne 0 ]; then debug "error in $_me" break fi done } < $file return $_err } # devfs_init_rulesets # Initializes rulesets from configuration files. Returns # non-zero if there was an error. # devfs_init_rulesets() { local file _me _me="devfs_init_rulesets" # Go through this only once if [ -n "$devfs_rulesets_init" ]; then debug "$_me: devfs rulesets already initialized" return fi for file in $devfs_rulesets; do if ! devfs_rulesets_from_file $file; then warn "$_me: could not read rules from $file" return 1 fi done devfs_rulesets_init=1 debug "$_me: devfs rulesets initialized" return 0 } # devfs_set_ruleset ruleset [dir] # Sets the default ruleset of dir to ruleset. The ruleset argument # must be a ruleset name as specified in devfs.rules(5) file. # Returns non-zero if it could not set it successfully. # devfs_set_ruleset() { local devdir rs _me [ -n "$1" ] && eval rs=\$$1 || rs= [ -n "$2" ] && devdir="-m "$2"" || devdir= _me="devfs_set_ruleset" if [ -z "$rs" ]; then warn "$_me: you must specify a ruleset number" return 1 fi debug "$_me: setting ruleset ($rs) on mount-point (${devdir#-m })" if ! /sbin/devfs $devdir ruleset $rs; then warn "$_me: unable to set ruleset $rs to ${devdir#-m }" return 1 fi return 0 } # devfs_apply_ruleset ruleset [dir] # Apply ruleset number $ruleset to the devfs mountpoint $dir. # The ruleset argument must be a ruleset name as specified # in a devfs.rules(5) file. Returns 0 on success or non-zero # if it could not apply the ruleset. # devfs_apply_ruleset() { local devdir rs _me [ -n "$1" ] && eval rs=\$$1 || rs= [ -n "$2" ] && devdir="-m "$2"" || devdir= _me="devfs_apply_ruleset" if [ -z "$rs" ]; then warn "$_me: you must specify a ruleset" return 1 fi debug "$_me: applying ruleset ($rs) to mount-point (${devdir#-m })" if ! /sbin/devfs $devdir rule -s $rs applyset; then warn "$_me: unable to apply ruleset $rs to ${devdir#-m }" return 1 fi return 0 } # devfs_domount dir [ruleset] # Mount devfs on dir. If ruleset is specified it is set # on the mount-point. It must also be a ruleset name as specified # in a devfs.rules(5) file. Returns 0 on success. # devfs_domount() { local devdir rs _me devdir="$1" [ -n "$2" ] && rs=$2 || rs= _me="devfs_domount()" if [ -z "$devdir" ]; then warn "$_me: you must specify a mount-point" return 1 fi debug "$_me: mount-point is ($devdir), ruleset is ($rs)" if ! mount -t devfs dev "$devdir"; then warn "$_me: Unable to mount devfs on $devdir" return 1 fi if [ -n "$rs" ]; then devfs_init_rulesets devfs_set_ruleset $rs $devdir devfs -m $devdir rule applyset fi return 0 } # devfs_mount_jail dir [ruleset] # Mounts a devfs file system appropriate for jails # on the directory dir. If ruleset is specified, the ruleset # it names will be used instead. If present, ruleset must # be the name of a ruleset as defined in a devfs.rules(5) file. # This function returns non-zero if an error occurs. # devfs_mount_jail() { local jdev rs _me jdev="$1" [ -n "$2" ] && rs=$2 || rs="devfsrules_jail" _me="devfs_mount_jail" devfs_init_rulesets if ! devfs_domount "$jdev" $rs; then warn "$_me: devfs was not mounted on $jdev" return 1 fi return 0 } # Provide a function for normalizing the mounting of memory # filesystems. This should allow the rest of the code here to remain # as close as possible between 5-current and 4-stable. # $1 = size # $2 = mount point # $3 = (optional) extra mdmfs flags mount_md() { if [ -n "$3" ]; then flags="$3" fi /sbin/mdmfs $flags -s $1 md $2 } # Code common to scripts that need to load a kernel module # if it isn't in the kernel yet. Syntax: # load_kld [-e regex] [-m module] file # where -e or -m chooses the way to check if the module # is already loaded: # regex is egrep'd in the output from `kldstat -v', # module is passed to `kldstat -m'. # The default way is as though `-m file' were specified. load_kld() { local _loaded _mod _opt _re while getopts "e:m:" _opt; do case "$_opt" in e) _re="$OPTARG" ;; m) _mod="$OPTARG" ;; *) err 3 'USAGE: load_kld [-e regex] [-m module] file' ;; esac done shift $(($OPTIND - 1)) if [ $# -ne 1 ]; then err 3 'USAGE: load_kld [-e regex] [-m module] file' fi _mod=${_mod:-$1} _loaded=false if [ -n "$_re" ]; then if kldstat -v | egrep -q -e "$_re"; then _loaded=true fi else if kldstat -q -m "$_mod"; then _loaded=true fi fi if ! $_loaded; then if ! kldload "$1"; then warn "Unable to load kernel module $1" return 1 else info "$1 kernel module loaded." fi else debug "load_kld: $1 kernel module already loaded." fi return 0 } # ltr str src dst # Change every $src in $str to $dst. # Useful when /usr is not yet mounted and we cannot use tr(1), sed(1) nor # awk(1). ltr() { local _str _src _dst _out _com _str=$1 _src=$2 _dst=$3 _out="" IFS=${_src} for _com in ${_str}; do if [ -z "${_out}" ]; then _out="${_com}" else _out="${_out}${_dst}${_com}" fi done echo "${_out}" } # Creates a list of providers for GELI encryption. geli_make_list() { local devices devices2 local provider mountpoint type options rest # Create list of GELI providers from fstab. while read provider mountpoint type options rest ; do case ":${options}" in :*noauto*) noauto=yes ;; *) noauto=no ;; esac case ":${provider}" in :#*) continue ;; *.eli) # Skip swap devices. if [ "${type}" = "swap" -o "${options}" = "sw" -o "${noauto}" = "yes" ]; then continue fi devices="${devices} ${provider}" ;; esac done < /etc/fstab # Append providers from geli_devices. devices="${devices} ${geli_devices}" for provider in ${devices}; do provider=${provider%.eli} provider=${provider#/dev/} devices2="${devices2} ${provider}" done echo ${devices2} } # Find scripts in local_startup directories that use the old syntax # find_local_scripts_old () { zlist='' slist='' for dir in ${local_startup}; do if [ -d "${dir}" ]; then for file in ${dir}/[0-9]*.sh; do grep '^# PROVIDE:' $file >/dev/null 2>&1 && continue zlist="$zlist $file" done for file in ${dir}/[!0-9]*.sh; do grep '^# PROVIDE:' $file >/dev/null 2>&1 && continue slist="$slist $file" done fi done } find_local_scripts_new () { local_rc='' for dir in ${local_startup}; do if [ -d "${dir}" ]; then for file in `grep -l '^# PROVIDE:' ${dir}/* 2>/dev/null`; do case "$file" in *.sample) ;; *) if [ -x "$file" ]; then local_rc="${local_rc} ${file}" fi ;; esac done fi done } # check_required_{before|after} command # Check for things required by the command before and after its precmd, # respectively. The two separate functions are needed because some # conditions should prevent precmd from being run while other things # depend on precmd having already been run. # check_required_before() { local _f case "$1" in start) for _f in $required_vars; do if ! checkyesno $_f; then warn "\$${_f} is not enabled." if [ -z "$rc_force" ]; then return 1 fi fi done for _f in $required_dirs; do if [ ! -d "${_f}/." ]; then warn "${_f} is not a directory." if [ -z "$rc_force" ]; then return 1 fi fi done for _f in $required_files; do if [ ! -r "${_f}" ]; then warn "${_f} is not readable." if [ -z "$rc_force" ]; then return 1 fi fi done ;; esac return 0 } check_required_after() { local _f _args case "$1" in start) for _f in $required_modules; do case "${_f}" in *~*) _args="-e ${_f#*~} ${_f%%~*}" ;; *:*) _args="-m ${_f#*:} ${_f%%:*}" ;; *) _args="${_f}" ;; esac if ! load_kld ${_args}; then if [ -z "$rc_force" ]; then return 1 fi fi done ;; esac return 0 } # check_kern_features mib # Return existence of kern.features.* sysctl MIB as true or # false. The result will be cached in $_rc_cache_kern_features_ # namespace. "0" means the kern.features.X exists. check_kern_features() { local _v [ -n "$1" ] || return 1; eval _v=\$_rc_cache_kern_features_$1 [ -n "$_v" ] && return "$_v"; if ${SYSCTL_N} kern.features.$1 > /dev/null 2>&1; then eval _rc_cache_kern_features_$1=0 return 0 else eval _rc_cache_kern_features_$1=1 return 1 fi } # _echoonce var msg mode # mode=0: Echo $msg if ${$var} is empty. # After doing echo, a string is set to ${$var}. # # mode=1: Echo $msg if ${$var} is a string with non-zero length. # _echoonce() { local _var _msg _mode eval _var=\$$1 _msg=$2 _mode=$3 case $_mode in 1) [ -n "$_var" ] && echo "$_msg" ;; *) [ -z "$_var" ] && echo -n "$_msg" && eval "$1=finished" ;; esac } fi # [ -z "${_rc_subr_loaded}" ] _rc_subr_loaded=: Index: head/etc/services =================================================================== --- head/etc/services (revision 229782) +++ head/etc/services (revision 229783) @@ -1,2483 +1,2483 @@ # # Network services, Internet style # # Note that it is presently the policy of IANA to assign a single well-known # port number for both TCP and UDP; hence, most entries here have two entries # even if the protocol doesn't support UDP operations. # # The latest IANA port assignments can be gotten from # # http://www.iana.org/assignments/port-numbers # # The Well Known Ports are those from 0 through 1023. # The Registered Ports are those from 1024 through 49151 # The Dynamic and/or Private Ports are those from 49152 through 65535 # # Kerberos services are for Kerberos v4, and are unofficial. Sites running # v5 should uncomment v5 entries and comment v4 entries. # # $FreeBSD$ # From: @(#)services 5.8 (Berkeley) 5/9/91 # # WELL KNOWN PORT NUMBERS # rtmp 1/ddp #Routing Table Maintenance Protocol tcpmux 1/tcp #TCP Port Service Multiplexer tcpmux 1/udp #TCP Port Service Multiplexer nbp 2/ddp #Name Binding Protocol compressnet 2/tcp #Management Utility compressnet 2/udp #Management Utility compressnet 3/tcp #Compression Process compressnet 3/udp #Compression Process echo 4/ddp #AppleTalk Echo Protocol rje 5/tcp #Remote Job Entry rje 5/udp #Remote Job Entry zip 6/ddp #Zone Information Protocol echo 7/sctp echo 7/tcp echo 7/udp discard 9/sctp sink null discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users #Active Users systat 11/udp users #Active Users daytime 13/sctp daytime 13/tcp daytime 13/udp qotd 17/tcp quote #Quote of the Day qotd 17/udp quote #Quote of the Day msp 18/tcp #Message Send Protocol msp 18/udp #Message Send Protocol chargen 19/sctp ttytst source #Character Generator chargen 19/tcp ttytst source #Character Generator chargen 19/udp ttytst source #Character Generator ftp-data 20/sctp #File Transfer [Default Data] ftp-data 20/tcp #File Transfer [Default Data] ftp-data 20/udp #File Transfer [Default Data] ftp 21/sctp #File Transfer [Control] ftp 21/tcp #File Transfer [Control] ftp 21/udp #File Transfer [Control] ssh 22/sctp #Secure Shell Login ssh 22/tcp #Secure Shell Login ssh 22/udp #Secure Shell Login telnet 23/tcp telnet 23/udp # 24/tcp any private mail system # 24/udp any private mail system smtp 25/tcp mail #Simple Mail Transfer smtp 25/udp mail #Simple Mail Transfer nsw-fe 27/tcp #NSW User System FE nsw-fe 27/udp #NSW User System FE msg-icp 29/tcp #MSG ICP msg-icp 29/udp #MSG ICP msg-auth 31/tcp #MSG Authentication msg-auth 31/udp #MSG Authentication dsp 33/tcp #Display Support Protocol dsp 33/udp #Display Support Protocol # 35/tcp any private printer server # 35/udp any private printer server time 37/tcp timserver time 37/udp timserver rap 38/tcp #Route Access Protocol rap 38/udp #Route Access Protocol rlp 39/tcp resource #Resource Location Protocol rlp 39/udp resource #Resource Location Protocol graphics 41/tcp graphics 41/udp nameserver 42/tcp name #Host Name Server nameserver 42/udp name #Host Name Server nicname 43/tcp whois nicname 43/udp whois mpm-flags 44/tcp #MPM FLAGS Protocol mpm-flags 44/udp #MPM FLAGS Protocol mpm 45/tcp #Message Processing Module [recv] mpm 45/udp #Message Processing Module [recv] mpm-snd 46/tcp #MPM [default send] mpm-snd 46/udp #MPM [default send] ni-ftp 47/tcp #NI FTP ni-ftp 47/udp #NI FTP auditd 48/tcp #Digital Audit Daemon auditd 48/udp #Digital Audit Daemon tacacs 49/tcp #Login Host Protocol (TACACS) tacacs 49/udp #Login Host Protocol (TACACS) re-mail-ck 50/tcp #Remote Mail Checking Protocol re-mail-ck 50/udp #Remote Mail Checking Protocol la-maint 51/tcp #IMP Logical Address Maintenance la-maint 51/udp #IMP Logical Address Maintenance xns-time 52/tcp #XNS Time Protocol xns-time 52/udp #XNS Time Protocol domain 53/tcp #Domain Name Server domain 53/udp #Domain Name Server xns-ch 54/tcp #XNS Clearinghouse xns-ch 54/udp #XNS Clearinghouse isi-gl 55/tcp #ISI Graphics Language isi-gl 55/udp #ISI Graphics Language xns-auth 56/tcp #XNS Authentication xns-auth 56/udp #XNS Authentication # 57/tcp any private terminal access # 57/udp any private terminal access xns-mail 58/tcp #XNS Mail xns-mail 58/udp #XNS Mail # 59/tcp any private file service # 59/udp any private file service ni-mail 61/tcp #NI MAIL ni-mail 61/udp #NI MAIL acas 62/tcp #ACA Services acas 62/udp #ACA Services whois++ 63/tcp whois++ 63/udp covia 64/tcp #Communications Integrator (CI) covia 64/udp #Communications Integrator (CI) tacacs-ds 65/tcp #TACACS-Database Service tacacs-ds 65/udp #TACACS-Database Service sql*net 66/tcp #Oracle SQL*NET sql*net 66/udp #Oracle SQL*NET bootps 67/tcp dhcps #Bootstrap Protocol Server bootps 67/udp dhcps #Bootstrap Protocol Server bootpc 68/tcp dhcpc #Bootstrap Protocol Client bootpc 68/udp dhcpc #Bootstrap Protocol Client tftp 69/tcp #Trivial File Transfer tftp 69/udp #Trivial File Transfer gopher 70/tcp gopher 70/udp netrjs-1 71/tcp #Remote Job Service netrjs-1 71/udp #Remote Job Service netrjs-2 72/tcp #Remote Job Service netrjs-2 72/udp #Remote Job Service netrjs-3 73/tcp #Remote Job Service netrjs-3 73/udp #Remote Job Service netrjs-4 74/tcp #Remote Job Service netrjs-4 74/udp #Remote Job Service # 75/tcp any private dial out service # 75/udp any private dial out service deos 76/tcp #Distributed External Object Store deos 76/udp #Distributed External Object Store # 77/tcp any private RJE service # 77/udp any private RJE service vettcp 78/tcp vettcp 78/udp finger 79/tcp finger 79/udp http 80/sctp www www-http #World Wide Web HTTP http 80/tcp www www-http #World Wide Web HTTP http 80/udp www www-http #World Wide Web HTTP hosts2-ns 81/tcp #HOSTS2 Name Server hosts2-ns 81/udp #HOSTS2 Name Server xfer 82/tcp #XFER Utility xfer 82/udp #XFER Utility mit-ml-dev 83/tcp #MIT ML Device mit-ml-dev 83/udp #MIT ML Device ctf 84/tcp #Common Trace Facility ctf 84/udp #Common Trace Facility mit-ml-dev 85/tcp #MIT ML Device mit-ml-dev 85/udp #MIT ML Device mfcobol 86/tcp #Micro Focus Cobol mfcobol 86/udp #Micro Focus Cobol # 87/tcp any private terminal link # 87/udp any private terminal link kerberos-sec 88/tcp kerberos # krb5 # Kerberos (v5) kerberos-sec 88/udp kerberos # krb5 # Kerberos (v5) su-mit-tg 89/tcp #SU/MIT Telnet Gateway su-mit-tg 89/udp #SU/MIT Telnet Gateway dnsix 90/tcp #DNSIX Securit Attribute Token Map dnsix 90/udp #DNSIX Securit Attribute Token Map mit-dov 91/tcp #MIT Dover Spooler mit-dov 91/udp #MIT Dover Spooler npp 92/tcp #Network Printing Protocol npp 92/udp #Network Printing Protocol dcp 93/tcp #Device Control Protocol dcp 93/udp #Device Control Protocol objcall 94/tcp #Tivoli Object Dispatcher objcall 94/udp #Tivoli Object Dispatcher supdup 95/tcp supdup 95/udp dixie 96/tcp #DIXIE Protocol Specification dixie 96/udp #DIXIE Protocol Specification swift-rvf 97/tcp #Swift Remote Virtural File Protocol swift-rvf 97/udp #Swift Remote Virtural File Protocol tacnews 98/tcp #TAC News, Unofficial: Red Hat linuxconf tacnews 98/udp #TAC News, Unofficial: Red Hat linuxconf metagram 99/tcp #Metagram Relay metagram 99/udp #Metagram Relay newacct 100/tcp #[unauthorized use] hostname 101/tcp hostnames #NIC Host Name Server hostname 101/udp hostnames #NIC Host Name Server iso-tsap 102/tcp tsap #ISO-TSAP Class 0 iso-tsap 102/udp tsap #ISO-TSAP Class 0 gppitnp 103/tcp #Genesis Point-to-Point Trans Net gppitnp 103/udp #Genesis Point-to-Point Trans Net acr-nema 104/tcp #ACR-NEMA Digital Imag. & Comm. 300 acr-nema 104/udp #ACR-NEMA Digital Imag. & Comm. 300 csnet-ns 105/tcp cso-ns cso #Mailbox Name Nameserver csnet-ns 105/udp cso-ns cso #Mailbox Name Nameserver pop3pw 106/tcp 3com-tsmux #Eudora compatible PW changer 3com-tsmux 106/udp rtelnet 107/tcp #Remote Telnet Service rtelnet 107/udp #Remote Telnet Service snagas 108/tcp #SNA Gateway Access Server snagas 108/udp #SNA Gateway Access Server pop2 109/tcp postoffice #Post Office Protocol - Version 2 pop2 109/udp postoffice #Post Office Protocol - Version 2 pop3 110/tcp #Post Office Protocol - Version 3 pop3 110/udp #Post Office Protocol - Version 3 sunrpc 111/tcp rpcbind #SUN Remote Procedure Call sunrpc 111/udp rpcbind #SUN Remote Procedure Call mcidas 112/tcp #McIDAS Data Transmission Protocol mcidas 112/udp #McIDAS Data Transmission Protocol auth 113/tcp ident tap #Authentication Service auth 113/udp ident tap #Authentication Service sftp 115/tcp #Simple File Transfer Protocol sftp 115/udp #Simple File Transfer Protocol ansanotify 116/tcp #ANSA REX Notify ansanotify 116/udp #ANSA REX Notify uucp-path 117/tcp #UUCP Path Service uucp-path 117/udp #UUCP Path Service sqlserv 118/tcp #SQL Services sqlserv 118/udp #SQL Services nntp 119/tcp usenet #Network News Transfer Protocol nntp 119/udp usenet #Network News Transfer Protocol cfdptkt 120/tcp cfdptkt 120/udp erpc 121/tcp #Encore Expedited Remote Pro.Call erpc 121/udp #Encore Expedited Remote Pro.Call smakynet 122/tcp smakynet 122/udp ntp 123/tcp #Network Time Protocol ntp 123/udp #Network Time Protocol ansatrader 124/tcp #ANSA REX Trader ansatrader 124/udp #ANSA REX Trader locus-map 125/tcp #Locus PC-Interface Net Map Ser locus-map 125/udp #Locus PC-Interface Net Map Ser unitary 126/tcp #Unisys Unitary Login unitary 126/udp #Unisys Unitary Login locus-con 127/tcp #Locus PC-Interface Conn Server locus-con 127/udp #Locus PC-Interface Conn Server gss-xlicen 128/tcp #GSS X License Verification gss-xlicen 128/udp #GSS X License Verification pwdgen 129/tcp #Password Generator Protocol pwdgen 129/udp #Password Generator Protocol cisco-fna 130/tcp #cisco FNATIVE cisco-fna 130/udp #cisco FNATIVE cisco-tna 131/tcp #cisco TNATIVE cisco-tna 131/udp #cisco TNATIVE cisco-sys 132/tcp #cisco SYSMAINT cisco-sys 132/udp #cisco SYSMAINT statsrv 133/tcp #Statistics Service statsrv 133/udp #Statistics Service ingres-net 134/tcp #INGRES-NET Service ingres-net 134/udp #INGRES-NET Service loc-srv 135/tcp epmap #Location Service loc-srv 135/udp epmap #Location Service profile 136/tcp #PROFILE Naming System profile 136/udp #PROFILE Naming System netbios-ns 137/tcp #NETBIOS Name Service netbios-ns 137/udp #NETBIOS Name Service netbios-dgm 138/tcp #NETBIOS Datagram Service netbios-dgm 138/udp #NETBIOS Datagram Service netbios-ssn 139/tcp #NETBIOS Session Service netbios-ssn 139/udp #NETBIOS Session Service emfis-data 140/tcp #EMFIS Data Service emfis-data 140/udp #EMFIS Data Service emfis-cntl 141/tcp #EMFIS Control Service emfis-cntl 141/udp #EMFIS Control Service bl-idm 142/tcp #Britton-Lee IDM bl-idm 142/udp #Britton-Lee IDM imap 143/tcp imap2 imap4 #Interim Mail Access Protocol v2 imap 143/udp imap2 imap4 #Interim Mail Access Protocol v2 NeWS 144/tcp # Window System NeWS 144/udp # Window System #PROBLEMS!============================================================== #uma 144/tcp #Universal Management Architecture #uma 144/udp #Universal Management Architecture #PROBLEMS!============================================================== uaac 145/tcp #UAAC Protocol uaac 145/udp #UAAC Protocol iso-tp0 146/tcp iso-tp0 146/udp iso-ip 147/tcp iso-ip 147/udp cronus 148/tcp jargon #CRONUS-SUPPORT cronus 148/udp jargon #CRONUS-SUPPORT aed-512 149/tcp #AED 512 Emulation Service aed-512 149/udp #AED 512 Emulation Service sql-net 150/tcp sql-net 150/udp hems 151/tcp hems 151/udp bftp 152/tcp #Background File Transfer Program bftp 152/udp #Background File Transfer Program sgmp 153/tcp sgmp 153/udp netsc-prod 154/tcp netsc-prod 154/udp netsc-dev 155/tcp netsc-dev 155/udp sqlsrv 156/tcp #SQL Service sqlsrv 156/udp #SQL Service knet-cmp 157/tcp #KNET/VM Command/Message Protocol knet-cmp 157/udp #KNET/VM Command/Message Protocol pcmail-srv 158/tcp #PCMail Server pcmail-srv 158/udp #PCMail Server nss-routing 159/tcp nss-routing 159/udp sgmp-traps 160/tcp sgmp-traps 160/udp snmp 161/tcp snmp 161/udp snmptrap 162/tcp snmp-trap snmptrap 162/udp snmp-trap cmip-man 163/tcp #CMIP/TCP Manager cmip-man 163/udp #CMIP/TCP Manager cmip-agent 164/tcp #CMIP/TCP Agent smip-agent 164/udp #CMIP/TCP Agent xns-courier 165/tcp #Xerox xns-courier 165/udp #Xerox s-net 166/tcp #Sirius Systems s-net 166/udp #Sirius Systems namp 167/tcp namp 167/udp rsvd 168/tcp rsvd 168/udp send 169/tcp send 169/udp print-srv 170/tcp #Network PostScript print-srv 170/udp #Network PostScript multiplex 171/tcp #Network Innovations Multiplex multiplex 171/udp #Network Innovations Multiplex cl/1 172/tcp #Network Innovations CL/1 cl/1 172/udp #Network Innovations CL/1 xyplex-mux 173/tcp xyplex-mux 173/udp mailq 174/tcp mailq 174/udp vmnet 175/tcp vmnet 175/udp genrad-mux 176/tcp genrad-mux 176/udp xdmcp 177/tcp #X Display Manager Control Protocol xdmcp 177/udp #X Display Manager Control Protocol NextStep 178/tcp nextstep NeXTStep #NextStep Window Server NextStep 178/udp nextstep NeXTStep #NextStep Window Server bgp 179/sctp #Border Gateway Protocol bgp 179/tcp #Border Gateway Protocol bgp 179/udp #Border Gateway Protocol ris 180/tcp #Intergraph ris 180/udp #Intergraph unify 181/tcp unify 181/udp audit 182/tcp #Unisys Audit SITP audit 182/udp #Unisys Audit SITP ocbinder 183/tcp ocbinder 183/udp ocserver 184/tcp ocserver 184/udp remote-kis 185/tcp remote-kis 185/udp kis 186/tcp #KIS Protocol kis 186/udp #KIS Protocol aci 187/tcp #Application Communication Interface aci 187/udp #Application Communication Interface mumps 188/tcp #Plus Five's MUMPS mumps 188/udp #Plus Five's MUMPS qft 189/tcp #Queued File Transport qft 189/udp #Queued File Transport gacp 190/tcp #Gateway Access Control Protocol gacp 190/udp cacp #Gateway Access Control Protocol prospero 191/tcp #Prospero Directory Service prospero 191/udp #Prospero Directory Service osu-nms 192/tcp #OSU Network Monitoring System osu-nms 192/udp #OSU Network Monitoring System srmp 193/tcp #Spider Remote Monitoring Protocol srmp 193/udp #Spider Remote Monitoring Protocol irc 194/tcp #Internet Relay Chat Protocol irc 194/udp #Internet Relay Chat Protocol dn6-nlm-aud 195/tcp #DNSIX Network Level Module Audit dn6-nlm-aud 195/udp #DNSIX Network Level Module Audit dn6-smm-red 196/tcp #DNSIX Session Mgt Module Audit Redir dn6-smm-red 196/udp #DNSIX Session Mgt Module Audit Redir dls 197/tcp #Directory Location Service dls 197/udp #Directory Location Service dls-mon 198/tcp #Directory Location Service Monitor dls-mon 198/udp #Directory Location Service Monitor smux 199/tcp smux 199/udp src 200/tcp #IBM System Resource Controller src 200/udp #IBM System Resource Controller at-rtmp 201/tcp #AppleTalk Routing Maintenance at-rtmp 201/udp #AppleTalk Routing Maintenance at-nbp 202/tcp #AppleTalk Name Binding at-nbp 202/udp #AppleTalk Name Binding at-3 203/tcp #AppleTalk Unused at-3 203/udp #AppleTalk Unused at-echo 204/tcp #AppleTalk Echo at-echo 204/udp #AppleTalk Echo at-5 205/tcp #AppleTalk Unused at-5 205/udp #AppleTalk Unused at-zis 206/tcp #AppleTalk Zone Information at-zis 206/udp #AppleTalk Zone Information at-7 207/tcp #AppleTalk Unused at-7 207/udp #AppleTalk Unused at-8 208/tcp #AppleTalk Unused at-8 208/udp #AppleTalk Unused qmtp 209/tcp #The Quick Mail Transfer Protocol qmtp 209/udp #The Quick Mail Transfer Protocol #PROBLEMS!============================================================== #tam 209/tcp #Trivial Authenticated Mail Protocol #tam 209/udp #Trivial Authenticated Mail Protocol #PROBLEMS!============================================================== z39.50 210/tcp wais #ANSI Z39.50 z39.50 210/udp wais #ANSI Z39.50 914c/g 211/tcp #Texas Instruments 914C/G Terminal 914c/g 211/udp #Texas Instruments 914C/G Terminal anet 212/tcp #ATEXSSTR anet 212/udp #ATEXSSTR ipx 213/tcp ipx 213/udp vmpwscs 214/tcp vmpwscs 214/udp softpc 215/tcp #Insignia Solutions softpc 215/udp #Insignia Solutions CAIlic 216/tcp atls #Computer Associates Int'l License Server CAIlic 216/udp atls #Computer Associates Int'l License Server dbase 217/tcp #dBASE Unix dbase 217/udp #dBASE Unix mpp 218/tcp #Netix Message Posting Protocol mpp 218/udp #Netix Message Posting Protocol uarps 219/tcp #Unisys ARPs uarps 219/udp #Unisys ARPs imap3 220/tcp #Interactive Mail Access Protocol v3 imap3 220/udp #Interactive Mail Access Protocol v3 fln-spx 221/tcp #Berkeley rlogind with SPX auth fln-spx 221/udp #Berkeley rlogind with SPX auth rsh-spx 222/tcp #Berkeley rshd with SPX auth rsh-spx 222/udp #Berkeley rshd with SPX auth cdc 223/tcp #Certificate Distribution Center cdc 223/udp #Certificate Distribution Center masqdialer 224/tcp masqdialer 224/udp direct 242/tcp direct 242/udp sur-meas 243/tcp #Survey Measurement sur-meas 243/udp #Survey Measurement dayna 244/tcp dayna 244/udp link 245/tcp link 245/udp dsp3270 246/tcp #Display Systems Protocol dsp3270 246/udp #Display Systems Protocol subntbcst_tftp 247/tcp #subntbcst_tftp subntbcst_tftp 247/udp #subntbcst_tftp bhfhs 248/tcp bhfhs 248/udp # 249-255 reserved rap 256/tcp rap 256/udp set 257/tcp #secure electronic transaction set 257/udp #secure electronic transaction esro-gen 259/tcp #efficient short remote operations esro-gen 259/udp #efficient short remote operations openport 260/tcp openport 260/udp nsiiops 261/tcp #iiop name service over tls/ssl nsiiops 261/udp #iiop name service over tls/ssl arcisdms 262/tcp arcisdms 262/udp hdap 263/tcp hdap 263/udp bgmp 264/tcp bgmp 264/udp x-bone-ctl 265/tcp #X-Bone CTL x-bone-ctl 265/udp #X-Bone CTL sst 266/tcp #SCSI on ST sst 266/udp #SCSI on ST td-service 267/tcp #Tobit David Service Layer td-service 267/udp #Tobit David Service Layer td-replica 268/tcp #Tobit David Replica td-replica 268/udp #Tobit David Replica # 269-279 unassigned http-mgmt 280/tcp http-mgmt 280/udp personal-link 281/tcp personal-link 281/udp cableport-ax 282/tcp #cable port a/x cableport-ax 282/udp #cable port a/x rescap 283/tcp rescap 283/udp corerjd 284/tcp corerjd 284/udp # 285 unassigned fxp 286/tcp fxp 286/udp k-block 287/tcp k-block 287/udp # 288-307 unassigned novastorbakcup 308/tcp #novastor backup novastorbakcup 308/udp #novastor backup entrusttime 309/tcp entrusttime 309/udp bhmds 310/tcp bhmds 310/udp asip-webadmin 311/tcp #appleshare ip webadmin asip-webadmin 311/udp #appleshare ip webadmin vslmp 312/tcp vslmp 312/udp magenta-logic 313/tcp magenta-logic 313/udp opalis-robot 314/tcp opalis-robot 314/udp dpsi 315/tcp dpsi 315/udp decauth 316/tcp decauth 316/udp zannet 317/tcp zannet 317/udp pkix-timestamp 318/tcp #PKIX TimeStamp pkix-timestamp 318/udp #PKIX TimeStamp ptp-event 319/tcp #PTP Event ptp-event 319/udp #PTP Event ptp-general 320/tcp #PTP General ptp-general 320/udp #PTP General pip 321/tcp pip 321/udp rtsps 322/tcp rtsps 322/udp # 323-332 #unassigned texar 333/tcp #Texar Security Port texar 333/udp #Texar Security Port # 334-343 #unassigned pdap 344/tcp #Prospero Data Access Protocol pdap 344/udp #Prospero Data Access Protocol pawserv 345/tcp #Perf Analysis Workbench pawserv 345/udp #Perf Analysis Workbench zserv 346/tcp #Zebra server zserv 346/udp #Zebra server fatserv 347/tcp #Fatmen Server fatserv 347/udp #Fatmen Server csi-sgwp 348/tcp #Cabletron Management Protocol csi-sgwp 348/udp #Cabletron Management Protocol mftp 349/tcp mftp 349/udp matip-type-a 350/tcp #MATIP Type A matip-type-a 350/udp matip-type-b 351/tcp #MATIP Type B matip-type-b 351/udp bhoetty 351/tcp #unassigned but widespread use bhoetty 351/udp #unassigned but widespread use dtag-ste-sb 352/tcp #DTAG dtag-ste-sb 352/udp #DTAG bhoedap4 352/tcp #unassigned but widespread use bhoedap4 352/udp #unassigned but widespread use ndsauth 353/tcp ndsauth 353/udp bh611 354/tcp bh611 354/udp datex-asn 355/tcp datex-asn 355/udp cloanto-net-1 356/tcp #Cloanto Net 1 cloanto-net-1 356/udp bhevent 357/tcp bhevent 357/udp shrinkwrap 358/tcp shrinkwrap 358/udp tenebris_nts 359/tcp #Tenebris Network Trace Service tenebris_nts 359/udp #Tenebris Network Trace Service scoi2odialog 360/tcp scoi2odialog 360/udp semantix 361/tcp semantix 361/udp srssend 362/tcp #SRS Send srssend 362/udp #SRS Send rsvp_tunnel 363/tcp rsvp_tunnel 363/udp aurora-cmgr 364/tcp aurora-cmgr 364/udp dtk 365/tcp #Deception Tool Kit - Fred Cohen dtk 365/udp #Deception Tool Kit - Fred Cohen odmr 366/tcp odmr 366/udp mortgageware 367/tcp mortgageware 367/udp qbikgdp 368/tcp #QbikGDP qbikgdp 368/udp rpc2portmap 369/tcp rpc2portmap 369/udp codaauth2 370/tcp codaauth2 370/udp clearcase 371/tcp clearcase 371/udp ulistserv 372/tcp ulistproc #Unix Listserv ulistserv 372/udp ulistproc #Unix Listserv legent-1 373/tcp #Legent Corporation (now Computer Associates Intl.) legent-1 373/udp #Legent Corporation (now Computer Associates Intl.) legent-2 374/tcp #Legent Corporation (now Computer Associates Intl.) legent-2 374/udp #Legent Corporation (now Computer Associates Intl.) hassle 375/tcp hassle 375/udp nip 376/tcp #Amiga Envoy Network Inquiry Proto nip 376/udp #Amiga Envoy Network Inquiry Proto tnETOS 377/tcp #NEC Corporation tnETOS 377/udp #NEC Corporation dsETOS 378/tcp #NEC Corporation dsETOS 378/udp #NEC Corporation is99c 379/tcp #TIA/EIA/IS-99 modem client is99c 379/udp #TIA/EIA/IS-99 modem client is99s 380/tcp #TIA/EIA/IS-99 modem server is99s 380/udp #TIA/EIA/IS-99 modem server hp-collector 381/tcp #hp performance data collector hp-collector 381/udp #hp performance data collector hp-managed-node 382/tcp #hp performance data managed node hp-managed-node 382/udp #hp performance data managed node hp-alarm-mgr 383/tcp #hp performance data alarm manager hp-alarm-mgr 383/udp #hp performance data alarm manager arns 384/tcp #A Remote Network Server System arns 384/udp #A Remote Network Server System ibm-app 385/tcp #IBM Application ibm-app 385/udp #IBM Application asa 386/tcp #ASA Message Router Object Def. asa 386/udp #ASA Message Router Object Def. aurp 387/tcp #Appletalk Update-Based Routing Pro. aurp 387/udp #Appletalk Update-Based Routing Pro. unidata-ldm 388/tcp #Unidata LDM Version 4 unidata-ldm 388/udp #Unidata LDM Version 4 ldap 389/tcp #Lightweight Directory Access Protocol ldap 389/udp #Lightweight Directory Access Protocol uis 390/tcp uis 390/udp synotics-relay 391/tcp #SynOptics SNMP Relay Port synotics-relay 391/udp #SynOptics SNMP Relay Port synotics-broker 392/tcp #SynOptics Port Broker Port synotics-broker 392/udp #SynOptics Port Broker Port dis 393/tcp #Data Interpretation System dis 393/udp #Data Interpretation System embl-ndt 394/tcp #EMBL Nucleic Data Transfer embl-ndt 394/udp #EMBL Nucleic Data Transfer netcp 395/tcp #NETscout Control Protocol netcp 395/udp #NETscout Control Protocol netware-ip 396/tcp #Novell Netware over IP netware-ip 396/udp #Novell Netware over IP mptn 397/tcp #Multi Protocol Trans. Net. mptn 397/udp #Multi Protocol Trans. Net. kryptolan 398/tcp kryptolan 398/udp iso-tsap-c2 399/tcp #ISO-TSAP Class 2 iso-tsap-c2 399/udp #ISO-TSAP Class 2 work-sol 400/tcp #Workstation Solutions work-sol 400/udp #Workstation Solutions ups 401/tcp #Uninterruptible Power Supply ups 401/udp #Uninterruptible Power Supply genie 402/tcp #Genie Protocol genie 402/udp #Genie Protocol decap 403/tcp decap 403/udp nced 404/tcp nced 404/udp ncld 405/tcp ncld 405/udp imsp 406/tcp #Interactive Mail Support Protocol imsp 406/udp #Interactive Mail Support Protocol timbuktu 407/tcp timbuktu 407/udp prm-sm 408/tcp #Prospero Resource Manager Sys. Man. prm-sm 408/udp #Prospero Resource Manager Sys. Man. prm-nm 409/tcp #Prospero Resource Manager Node Man. prm-nm 409/udp #Prospero Resource Manager Node Man. decladebug 410/tcp #DECLadebug Remote Debug Protocol decladebug 410/udp #DECLadebug Remote Debug Protocol rmt 411/tcp #Remote MT Protocol rmt 411/udp #Remote MT Protocol synoptics-trap 412/tcp #Trap Convention Port synoptics-trap 412/udp #Trap Convention Port smsp 413/tcp smsp 413/udp infoseek 414/tcp infoseek 414/udp bnet 415/tcp bnet 415/udp silverplatter 416/tcp silverplatter 416/udp onmux 417/tcp onmux 417/udp hyper-g 418/tcp hyper-g 418/udp ariel1 419/tcp ariel1 419/udp smpte 420/tcp smpte 420/udp ariel2 421/tcp ariel2 421/udp ariel3 422/tcp ariel3 422/udp opc-job-start 423/tcp #IBM Operations Planning and Control Start opc-job-start 423/udp #IBM Operations Planning and Control Start opc-job-track 424/tcp #IBM Operations Planning and Control Track opc-job-track 424/udp #IBM Operations Planning and Control Track icad-el 425/tcp icad-el 425/udp smartsdp 426/tcp smartsdp 426/udp svrloc 427/tcp #Server Location svrloc 427/udp #Server Location ocs_cmu 428/tcp ocs_cmu 428/udp ocs_amu 429/tcp ocs_amu 429/udp utmpsd 430/tcp utmpsd 430/udp utmpcd 431/tcp utmpcd 431/udp iasd 432/tcp iasd 432/udp nnsp 433/tcp nnsp 433/udp mobileip-agent 434/tcp mobileip-agent 434/udp mobilip-mn 435/tcp mobilip-mn 435/udp dna-cml 436/tcp dna-cml 436/udp comscm 437/tcp comscm 437/udp dsfgw 438/tcp dsfgw 438/udp dasp 439/tcp dasp 439/udp sgcp 440/tcp sgcp 440/udp decvms-sysmgt 441/tcp decvms-sysmgt 441/udp cvc_hostd 442/tcp cvc_hostd 442/udp https 443/sctp https 443/tcp https 443/udp snpp 444/tcp #Simple Network Paging Protocol snpp 444/udp #Simple Network Paging Protocol # [RFC1568] microsoft-ds 445/tcp microsoft-ds 445/udp ddm-rdb 446/tcp ddm-rdb 446/udp ddm-dfm 447/tcp ddm-dfm 447/udp ddm-ssl 448/tcp ddm-byte ddm-ssl 448/udp ddm-byte as-servermap 449/tcp #AS Server Mapper as-servermap 449/udp #AS Server Mapper tserver 450/tcp tserver 450/udp sfs-smp-net 451/tcp #Cray Network Semaphore server sfs-smp-net 451/udp #Cray Network Semaphore server sfs-config 452/tcp #Cray SFS config server sfs-config 452/udp #Cray SFS config server creativeserver 453/tcp #CreativeServer creativeserver 453/udp #CreativeServer contentserver 454/tcp #ContentServer contentserver 454/udp #ContentServer creativepartnr 455/tcp #CreativePartnr creativepartnr 455/udp #CreativePartnr macon-tcp 456/tcp macon-udp 456/udp scohelp 457/tcp scohelp 457/udp appleqtc 458/tcp #apple quick time appleqtc 458/udp #apple quick time ampr-rcmd 459/tcp ampr-rcmd 459/udp skronk 460/tcp skronk 460/udp datasurfsrv 461/tcp datasurfsrv 461/udp datasurfsrvsec 462/tcp datasurfsrvsec 462/udp alpes 463/tcp alpes 463/udp # kpasswd5 464/tcp # Kerberos (v5) kpasswd5 464/udp # Kerberos (v5) #PROBLEMS!============================================================== -# IANA has offically assigned these two ports as ``kpasswd'' +# IANA has officially assigned these two ports as ``kpasswd'' #kpasswd 464/tcp # Kerberos (v5) #kpasswd 464/udp # Kerberos (v5) #PROBLEMS!============================================================== smtps 465/tcp #smtp protocol over TLS/SSL (was ssmtp) smtps 465/udp #smtp protocol over TLS/SSL (was ssmtp) digital-vrc 466/tcp digital-vrc 466/udp mylex-mapd 467/tcp mylex-mapd 467/udp photuris 468/tcp photuris 468/udp rcp 469/tcp #Radio Control Protocol rcp 469/udp #Radio Control Protocol scx-proxy 470/tcp scx-proxy 470/udp mondex 471/tcp mondex 471/udp ljk-login 472/tcp ljk-login 472/udp hybrid-pop 473/tcp hybrid-pop 473/udp tn-tl-w1 474/tcp tn-tl-w2 474/udp tcpnethaspsrv 475/tcp tcpnethaspsrv 475/udp tn-tl-fd1 476/tcp tn-tl-fd1 476/udp ss7ns 477/tcp ss7ns 477/udp spsc 478/tcp spsc 478/udp iafserver 479/tcp iafserver 479/udp iafdbase 480/tcp iafdbase 480/udp ph 481/tcp ph 481/udp bgs-nsi 482/tcp bgs-nsi 482/udp ulpnet 483/tcp ulpnet 483/udp integra-sme 484/tcp #Integra Software Management Environment integra-sme 484/udp #Integra Software Management Environment powerburst 485/tcp #Air Soft Power Burst powerburst 485/udp #Air Soft Power Burst avian 486/tcp avian 486/udp saft 487/tcp #saft Simple Asynchronous File Transfer saft 487/udp #saft Simple Asynchronous File Transfer gss-http 488/tcp gss-http 488/udp nest-protocol 489/tcp nest-protocol 489/udp micom-pfs 490/tcp micom-pfs 490/udp go-login 491/tcp go-login 491/udp ticf-1 492/tcp #Transport Independent Convergence for FNA ticf-1 492/udp #Transport Independent Convergence for FNA ticf-2 493/tcp #Transport Independent Convergence for FNA ticf-2 493/udp #Transport Independent Convergence for FNA pov-ray 494/tcp pov-ray 494/udp intecourier 495/tcp intecourier 495/udp pim-rp-disc 496/tcp pim-rp-disc 496/udp dantz 497/tcp dantz 497/udp siam 498/tcp siam 498/udp iso-ill 499/tcp #ISO ILL Protocol iso-ill 499/udp #ISO ILL Protocol isakmp 500/tcp isakmp 500/udp stmf 501/tcp stmf 501/udp asa-appl-proto 502/tcp asa-appl-proto 502/udp intrinsa 503/tcp intrinsa 503/udp citadel 504/tcp citadel 504/udp mailbox-lm 505/tcp mailbox-lm 505/udp ohimsrv 506/tcp ohimsrv 506/udp crs 507/tcp crs 507/udp xvttp 508/tcp xvttp 508/udp snare 509/tcp snare 509/udp fcp 510/tcp #FirstClass Protocol fcp 510/udp #FirstClass Protocol passgo 511/tcp passgo 511/udp # # Berkeley-specific services # exec 512/tcp #remote process execution; # authentication performed using # passwords and UNIX login names biff 512/udp comsat #used by mail system to notify users # of new mail received; currently # receives messages only from # processes on the same machine login 513/tcp #remote login a la telnet; # automatic authentication performed # based on priviledged port numbers # and distributed data bases which # identify "authentication domains" who 513/udp whod #maintains data bases showing who's # logged in to machines on a local # net and the load average of the # machine shell 514/tcp cmd #like exec, but automatic # authentication is performed as for # login server syslog 514/udp printer 515/tcp spooler printer 515/udp spooler videotex 516/tcp videotex 516/udp talk 517/tcp #like tenex link, but across # machine - unfortunately, doesn't # use link protocol (this is actually # just a rendezvous port from which a # tcp connection is established) talk 517/udp #like tenex link, but across # machine - unfortunately, doesn't # use link protocol (this is actually # just a rendezvous port from which a # tcp connection is established) ntalk 518/tcp ntalk 518/udp utime 519/tcp unixtime utime 519/udp unixtime efs 520/tcp #extended file name server router 520/udp route routed #local routing process (on site); # uses variant of Xerox NS routing # information protocol ripng 521/tcp ripng 521/udp ulp 522/tcp ulp 522/udp ibm-db2 523/tcp ibm-db2 523/udp ncp 524/tcp ncp 524/udp timed 525/tcp timeserver timed 525/udp timeserver tempo 526/tcp newdate tempo 526/udp newdate stx 527/tcp #Stock IXChange stx 527/udp #Stock IXChange custix 528/tcp #Customer IXChange custix 528/udp #Customer IXChange irc-serv 529/tcp irc-serv 529/udp courier 530/tcp rpc courier 530/udp rpc conference 531/tcp chat conference 531/udp chat netnews 532/tcp readnews netnews 532/udp readnews netwall 533/tcp #for emergency broadcasts netwall 533/udp #for emergency broadcasts mm-admin 534/tcp #MegaMedia Admin mm-admin 534/udp #MegaMedia Admin iiop 535/tcp iiop 535/udp opalis-rdv 536/tcp opalis-rdv 536/udp nmsp 537/tcp #Networked Media Streaming Protocol nmsp 537/udp #Networked Media Streaming Protocol gdomap 538/tcp gdomap 538/udp apertus-ldp 539/tcp #Apertus Technologies Load Determination apertus-ldp 539/udp #Apertus Technologies Load Determination uucp 540/tcp uucpd uucp 540/udp uucpd uucp-rlogin 541/tcp uucp-rlogin 541/udp commerce 542/tcp commerce 542/udp klogin 543/tcp # Kerberos (v4/v5) klogin 543/udp # Kerberos (v4/v5) kshell 544/tcp krcmd # Kerberos (v4/v5) kshell 544/udp krcmd # Kerberos (v4/v5) appleqtcsrvr 545/tcp appleqtcsrvr 545/udp dhcpv6-client 546/tcp #DHCPv6 Client dhcpv6-client 546/udp #DHCPv6 Client dhcpv6-server 547/tcp #DHCPv6 Server dhcpv6-server 547/udp #DHCPv6 Server afpovertcp 548/tcp #AFP over TCP afpovertcp 548/udp #AFP over TCP idfp 549/tcp idfp 549/udp new-rwho 550/tcp new-who new-rwho 550/udp new-who cybercash 551/tcp cybercash 551/udp deviceshare 552/tcp deviceshare 552/udp pirp 553/tcp pirp 553/udp rtsp 554/tcp #Real Time Stream Control Protocol rtsp 554/udp #Real Time Stream Control Protocol dsf 555/tcp dsf 555/udp remotefs 556/tcp rfs rfs_server # Brunhoff remote filesystem remotefs 556/udp rfs rfs_server # Brunhoff remote filesystem openvms-sysipc 557/tcp openvms-sysipc 557/udp sdnskmp 558/tcp sdnskmp 558/udp teedtap 559/tcp teedtap 559/udp rmonitor 560/tcp rmonitord rmonitor 560/udp rmonitord monitor 561/tcp monitor 561/udp chshell 562/tcp chcmd chshell 562/udp chcmd nntps 563/tcp snntp #nntp protocol over TLS/SSL nntps 563/udp snntp #nntp protocol over TLS/SSL 9pfs 564/tcp #plan 9 file service 9pfs 564/udp #plan 9 file service whoami 565/tcp whoami 565/udp streettalk 566/tcp streettalk 566/udp banyan-rpc 567/tcp banyan-rpc 567/udp ms-shuttle 568/tcp #Microsoft shuttle ms-shuttle 568/udp #Microsoft shuttle ms-rome 569/tcp #Microsoft rome ms-rome 569/udp #Microsoft rome meter 570/tcp #demon meter 570/udp #demon umeter 571/tcp #udemon umeter 571/udp #udemon sonar 572/tcp sonar 572/udp banyan-vip 573/tcp banyan-vip 573/udp ftp-agent 574/tcp #FTP Software Agent System ftp-agent 574/udp #FTP Software Agent System vemmi 575/tcp vemmi 575/udp ipcd 576/tcp ipcd 576/udp vnas 577/tcp vnas 577/udp ipdd 578/tcp ipdd 578/udp decbsrv 579/tcp decbsrv 579/udp sntp-heartbeat 580/tcp sntp-heartbeat 580/udp bdp 581/tcp #Bundle Discovery Protocol bdp 581/udp #Bundle Discovery Protocol scc-security 582/tcp scc-security 582/udp philips-vc 583/tcp #Philips Video-Conferencing philips-vc 583/udp #Philips Video-Conferencing keyserver 584/tcp keyserver 584/udp #imap4-ssl@585 never should have been allocated. See PR 46294. #imap4-ssl 585/tcp #IMAP4+SSL (use of 585 is not recommended, #imap4-ssl 585/udp # use 993 instead) password-chg 586/tcp password-chg 586/udp submission 587/tcp submission 587/udp cal 588/tcp cal 588/udp eyelink 589/tcp eyelink 589/udp tns-cml 590/tcp tns-cml 590/udp http-alt 591/tcp #FileMaker, Inc. - HTTP Alternate (see Port 80) http-alt 591/udp #FileMaker, Inc. - HTTP Alternate (see Port 80) eudora-set 592/tcp eudora-set 592/udp http-rpc-epmap 593/tcp #HTTP RPC Ep Map http-rpc-epmap 593/udp #HTTP RPC Ep Map tpip 594/tcp tpip 594/udp cab-protocol 595/tcp cab-protocol 595/udp smsd 596/tcp smsd 596/udp ptcnameservice 597/tcp #PTC Name Service ptcnameservice 597/udp #PTC Name Service sco-websrvrmg3 598/tcp #SCO Web Server Manager 3 sco-websrvrmg3 598/udp #SCO Web Server Manager 3 acp 599/tcp #Aeolon Core Protocol acp 599/udp #Aeolon Core Protocol ipcserver 600/tcp #Sun IPC server ipcserver 600/udp #Sun IPC server syslog-conn 601/tcp #Reliable Syslog Service syslog-conn 601/udp #Reliable Syslog Service xmlrpc-beep 602/tcp #XML-RPC over BEEP xmlrpc-beep 602/udp #XML-RPC over BEEP idxp 603/tcp idxp 603/udp tunnel 604/tcp tunnel 604/udp soap-beep 605/tcp #SOAP over BEEP soap-beep 605/udp #SOAP over BEEP urm 606/tcp #Cray Unified Resource Manager urm 606/udp #Cray Unified Resource Manager nqs 607/tcp nqs 607/udp sift-uft 608/tcp #Sender-Initiated/Unsolicited File Transfer sift-uft 608/udp #Sender-Initiated/Unsolicited File Transfer npmp-trap 609/tcp npmp-trap 609/udp npmp-local 610/tcp npmp-local 610/udp npmp-gui 611/tcp npmp-gui 611/udp hmmp-ind 612/tcp #HMMP Indication hmmp-ind 612/udp #HMMP Indication hmmp-op 613/tcp #HMMP Operation hmmp-op 613/udp #HMMP Operation sshell 614/tcp #SSLshell sshell 614/udp sco-inetmgr 615/tcp #Internet Configuration Manager sco-inetmgr 615/udp #Internet Configuration Manager sco-sysmgr 616/tcp #SCO System Administration Server sco-sysmgr 616/udp #SCO System Administration Server sco-dtmgr 617/tcp #SCO Desktop Administration Server sco-dtmgr 617/udp #SCO Desktop Administration Server dei-icda 618/tcp dei-icda 618/udp compaq-evm 619/tcp #Compaq EVM compaq-evm 619/udp #Compaq EVM sco-websrvrmgr 620/tcp #SCO WebServer Manager sco-websrvrmgr 620/udp #SCO WebServer Manager escp-ip 621/tcp #ESCP escp-ip 621/udp #ESCP collaborator 622/tcp collaborator 622/udp asf-rmcp 623/tcp #ASF Remote Management and Control Protocol asf-rmcp 623/udp #ASF Remote Management and Control Protocol cryptoadmin 624/tcp #Crypto Admin cryptoadmin 624/udp #Crypto Admin dec_dlm 625/tcp #DEC DLM dec_dlm 625/udp #DEC DLM asia 626/tcp asia 626/udp passgo-tivoli 627/tcp #PassGo Tivoli passgo-tivoli 627/udp #PassGo Tivoli qmqp 628/tcp qmqp 628/udp 3com-amp3 629/tcp #3Com AMP3 3com-amp3 629/udp #3Com AMP3 rda 630/tcp rda 630/udp ipp 631/tcp #IPP (Internet Printing Protocol) ipp 631/udp #IPP (Internet Printing Protocol) bmpp 632/tcp bmpp 632/udp servstat 633/tcp #Service Status update (Sterling Software) servstat 633/udp #Service Status update (Sterling Software) ginad 634/tcp ginad 634/udp rlzdbase 635/tcp #RLZ DBase rlzdbase 635/udp #RLZ DBase ldaps 636/tcp sldap #ldap protocol over TLS/SSL ldaps 636/udp sldap lanserver 637/tcp lanserver 637/udp mcns-sec 638/tcp mcns-sec 638/udp msdp 639/tcp msdp 639/udp entrust-sps 640/tcp entrust-sps 640/udp repcmd 641/tcp repcmd 641/udp esro-emsdp 642/tcp #ESRO-EMSDP V1.3 esro-emsdp 642/udp #ESRO-EMSDP V1.3 sanity 643/tcp #SANity sanity 643/udp #SANity dwr 644/tcp dwr 644/udp pssc 645/tcp pssc 645/udp ldp 646/tcp ldp 646/udp dhcp-failover 647/tcp #DHCP Failover dhcp-failover 647/udp #DHCP Failover rrp 648/tcp #Registry Registrar Protocol (RRP) rrp 648/udp #Registry Registrar Protocol (RRP) cadview-3d 649/tcp #Cadview-3d - streaming 3d models over the internet cadview-3d 649/udp #Cadview-3d - streaming 3d models over the internet obex 650/tcp obex 650/udp ieee-mms 651/tcp #IEEE MMS ieee-mms 651/udp #IEEE MMS hello-port 652/tcp hello-port 652/udp repscmd 653/tcp repscmd 653/udp aodv 654/tcp #Ad-Hoc On-Demand Distance Vector Routing Protocol aodv 654/udp #Ad-Hoc On-Demand Distance Vector Routing Protocol tinc 655/tcp tinc 655/udp spmp 656/tcp spmp 656/udp rmc 657/tcp rmc 657/udp tenfold 658/tcp tenfold 658/udp mac-srvr-admin 660/tcp #MacOS Server Admin mac-srvr-admin 660/udp #MacOS Server Admin hap 661/tcp hap 661/udp pftp 662/tcp pftp 662/udp purenoise 663/tcp #PureNoise purenoise 663/udp #PureNoise asf-secure-rmcp 664/tcp #ASF Secure Remote Management and Control Protocol asf-secure-rmcp 664/udp #ASF Secure Remote Management and Control Protocol sun-dr 665/tcp #Sun DR sun-dr 665/udp #Sun DR mdqs 666/tcp mdqs 666/udp #PROBLEMS!=============================================== doom 666/tcp #doom Id Software doom 666/udp #doom Id Software #PROBLEMS!=============================================== disclose 667/tcp #campaign contribution disclosures - SDR Technologies disclose 667/udp #campaign contribution disclosures - SDR Technologies mecomm 668/tcp mecomm 668/udp meregister 669/tcp meregister 669/udp vacdsm-sws 670/tcp vacdsm-sws 670/udp vacdsm-app 671/tcp vacdsm-app 671/udp vpps-qua 672/tcp vpps-qua 672/udp cimplex 673/tcp cimplex 673/udp acap 674/tcp #Application Configuration Access Protocol acap 674/udp #Application Configuration Access Protocol dctp 675/tcp dctp 675/udp vpps-via 676/tcp #VPPS Via vpps-via 676/udp #VPPS Via vpp 677/tcp #Virtual Presence Protocol vpp 677/udp #Virtual Presence Protocol ggf-ncp 678/tcp #GNU Generation Foundation NCP ggf-ncp 678/udp #GNU Generation Foundation NCP mrm 679/tcp mrm 679/udp entrust-aaas 680/tcp entrust-aaas 680/udp entrust-aams 681/tcp entrust-aams 681/udp xfr 682/tcp xfr 682/udp corba-iiop 683/tcp #CORBA IIOP corba-iiop 683/udp #CORBA IIOP corba-iiop-ssl 684/tcp #CORBA IIOP SSL corba-iiop-ssl 684/udp #CORBA IIOP SSL mdc-portmapper 685/tcp #MDC Port Mapper mdc-portmapper 685/udp #MDC Port Mapper hcp-wismar 686/tcp #Hardware Control Protocol Wismar hcp-wismar 686/udp #Hardware Control Protocol Wismar asipregistry 687/tcp asipregistry 687/udp -realm-rusd 688/tcp #ApplianceWare managment protocol -realm-rusd 688/udp #ApplianceWare managment protocol +realm-rusd 688/tcp #ApplianceWare management protocol +realm-rusd 688/udp #ApplianceWare management protocol nmap 689/tcp nmap 689/udp vatp 690/tcp #Velazquez Application Transfer Protocol vatp 690/udp #Velazquez Application Transfer Protocol msexch-routing 691/tcp #MS Exchange Routing msexch-routing 691/udp #MS Exchange Routing hyperwave-isp 692/tcp #Hyperwave-ISP hyperwave-isp 692/udp #Hyperwave-ISP connendp 693/tcp connendp 693/udp ha-cluster 694/tcp ha-cluster 694/udp ieee-mms-ssl 695/tcp ieee-mms-ssl 695/udp rushd 696/tcp rushd 696/udp uuidgen 697/tcp uuidgen 697/udp olsr 698/tcp olsr 698/udp accessnetwork 699/tcp #Access Network accessnetwork 699/udp #Access Network epp 700/tcp #Extensible Provisioning Protocol epp 700/udp #Extensible Provisioning Protocol lmp 701/tcp #Link Management Protocol (LMP) lmp 701/udp #Link Management Protocol (LMP) iris-beep 702/tcp #IRIS over BEEP iris-beep 702/udp #IRIS over BEEP elcsd 704/tcp #errlog copy/server daemon elcsd 704/udp #errlog copy/server daemon agentx 705/tcp #AgentX agentx 705/udp #AgentX silc 706/tcp silc 706/udp borland-dsj 707/tcp #Borland DSJ borland-dsj 707/udp #Borland DSJ entrustmanager 709/tcp #EntrustManager entrustmanager 709/udp #EntrustManager entrust-ash 710/tcp #Entrust Administration Service Handler entrust-ash 710/udp #Entrust Administration Service Handler cisco-tdp 711/tcp #Cisco TDP cisco-tdp 711/udp #Cisco TDP tbrpf 712/tcp tbrpf 712/udp iris-xpc 713/tcp #IRIS over XPC iris-xpc 713/udp #IRIS over XPC iris-xpcs 714/tcp #IRIS over XPCS iris-xpcs 714/udp #IRIS over XPCS iris-lwz 715/tcp iris-lwz 715/udp netviewdm1 729/tcp #IBM NetView DM/6000 Server/Client netviewdm1 729/udp #IBM NetView DM/6000 Server/Client netviewdm2 730/tcp #IBM NetView DM/6000 send/tcp netviewdm2 730/udp #IBM NetView DM/6000 send/tcp netviewdm3 731/tcp #IBM NetView DM/6000 receive/tcp netviewdm3 731/udp #IBM NetView DM/6000 receive/tcp netgw 741/tcp netgw 741/udp netrcs 742/tcp #Network based Rev. Cont. Sys. netrcs 742/udp #Network based Rev. Cont. Sys. flexlm 744/tcp #Flexible License Manager flexlm 744/udp #Flexible License Manager fujitsu-dev 747/tcp #Fujitsu Device Control fujitsu-dev 747/udp #Fujitsu Device Control ris-cm 748/tcp #Russell Info Sci Calendar Manager ris-cm 748/udp #Russell Info Sci Calendar Manager kerberos-adm 749/tcp #Kerberos administration (v5) kerberos-adm 749/udp #Kerberos administration (v5) kerberos-iv 750/udp kdc # Kerberos (v4) kerberos-iv 750/tcp kdc # Kerberos (v4) #PROBLEMS!======================================================== #rfile 750/tcp #loadav 750/udp #PROBLEMS!======================================================== kerberos_master 751/tcp # Kerberos `kadmin' (v4) kerberos_master 751/udp # Kerberos `kadmin' (v4) #PROBLEMS!======================================================== pump 751/tcp pump 751/udp #PROBLEMS!======================================================== qrh 752/tcp qrh 752/udp rrh 753/tcp rrh 753/udp krb_prop 754/tcp krb5_prop # kerberos/v5 server propagation #PROBLEMS!======================================================== tell 754/tcp #send #PROBLEMS!======================================================== tell 754/udp #send nlogin 758/tcp nlogin 758/udp con 759/tcp con 759/udp krbupdate 760/tcp kreg # Kerberos (v4) registration #PROBLEMS!======================================================== ns 760/tcp #PROBLEMS!======================================================== ns 760/udp kpasswd 761/tcp kpwd # Kerberos (v4) "passwd" #PROBLEMS!======================================================== rxe 761/tcp #PROBLEMS!======================================================== rxe 761/udp quotad 762/tcp quotad 762/udp cycleserv 763/tcp cycleserv 763/udp omserv 764/tcp omserv 764/udp webster 765/tcp webster 765/udp phonebook 767/tcp #phone phonebook 767/udp #phone vid 769/tcp vid 769/udp cadlock 770/tcp cadlock 770/udp rtip 771/tcp rtip 771/udp cycleserv2 772/tcp cycleserv2 772/udp submit 773/tcp notify 773/udp rpasswd 774/tcp acmaint_dbd 774/udp entomb 775/tcp acmaint_transd 775/udp wpages 776/tcp wpages 776/udp multiling-http 777/tcp #Multiling HTTP multiling-http 777/udp #Multiling HTTP wpgs 780/tcp wpgs 780/udp mdbs_daemon 800/tcp mdbs_daemon 800/udp device 801/tcp device 801/udp fcp-udp 810/tcp #FCP fcp-udp 810/udp #FCP Datagram itm-mcell-s 828/tcp itm-mcell-s 828/udp pkix-3-ca-ra 829/tcp #PKIX-3 CA/RA pkix-3-ca-ra 829/udp #PKIX-3 CA/RA netconf-ssh 830/tcp #NETCONF over SSH netconf-ssh 830/udp #NETCONF over SSH netconf-beep 831/tcp #NETCONF over BEEP netconf-beep 831/udp #NETCONF over BEEP netconfsoaphttp 832/tcp #NETCONF for SOAP over HTTPS netconfsoaphttp 832/udp #NETCONF for SOAP over HTTPS netconfsoapbeep 833/tcp #NETCONF for SOAP over BEEP netconfsoapbeep 833/udp #NETCONF for SOAP over BEEP dhcp-failover2 847/tcp #dhcp-failover 2 dhcp-failover2 847/udp #dhcp-failover 2 gdoi 848/tcp gdoi 848/udp iscsi 860/tcp iscsi 860/udp owamp-control 861/tcp owamp-control 861/udp supfilesrv 871/tcp # for SUP rsync 873/tcp rsync 873/udp iclcnet-locate 886/tcp #ICL coNETion locate server iclcnet-locate 886/udp #ICL coNETion locate server iclcnet_svinfo 887/tcp #ICL coNETion server info iclcnet_svinfo 887/udp #ICL coNETion server info accessbuilder 888/tcp accessbuilder 888/udp omginitialrefs 900/tcp #OMG Initial Refs omginitialrefs 900/udp #OMG Initial Refs swat 901/tcp # samba web configuration tool smpnameres 901/tcp smpnameres 901/udp ideafarm-chat 902/tcp ideafarm-chat 902/udp ideafarm-catch 903/tcp ideafarm-catch 903/udp kink 910/tcp #Kerberized Internet Negotiation of Keys (KINK) kink 910/udp #Kerberized Internet Negotiation of Keys (KINK) xact-backup 911/tcp xact-backup 911/udp apex-mesh 912/tcp #APEX relay-relay service apex-mesh 912/udp #APEX relay-relay service apex-edge 913/tcp #APEX endpoint-relay service apex-edge 913/udp #APEX endpoint-relay service rndc 953/tcp # named's rndc control socket ftps-data 989/tcp # ftp protocol, data, over TLS/SSL ftps-data 989/udp ftps 990/tcp # ftp protocol, control, over TLS/SSL ftps 990/udp nas 991/tcp #Netnews Administration System nas 991/udp #Netnews Administration System telnets 992/tcp # telnet protocol over TLS/SSL telnets 992/udp imaps 993/tcp # imap4 protocol over TLS/SSL imaps 993/udp ircs 994/tcp # irc protocol over TLS/SSL ircs 994/udp pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL pop3s 995/udp spop3 vsinet 996/tcp vsinet 996/udp maitrd 997/tcp maitrd 997/udp busboy 998/tcp puparp 998/udp garcon 999/tcp applix 999/udp #Applix ac puprouter 999/tcp puprouter 999/udp cadlock2 1000/tcp cadlock2 1000/udp surf 1010/tcp surf 1010/udp exp1 1021/tcp #RFC3692-style Experiment 1 (*) [RFC4727] exp1 1021/udp #RFC3692-style Experiment 1 (*) [RFC4727] exp2 1022/tcp #RFC3692-style Experiment 2 (*) [RFC4727] exp2 1022/udp #RFC3692-style Experiment 2 (*) [RFC4727] # # REGISTERED PORT NUMBERS # blackjack 1025/tcp #network blackjack blackjack 1025/udp #network blackjack iad1 1030/tcp #BBN IAD iad1 1030/udp #BBN IAD iad2 1031/tcp #BBN IAD iad2 1031/udp #BBN IAD iad3 1032/tcp #BBN IAD iad3 1032/udp #BBN IAD nim 1058/tcp nim 1058/udp nimreg 1059/tcp nimreg 1059/udp instl_boots 1067/tcp #Installation Bootstrap Proto. Serv. instl_boots 1067/udp #Installation Bootstrap Proto. Serv. instl_bootc 1068/tcp #Installation Bootstrap Proto. Cli. instl_bootc 1068/udp #Installation Bootstrap Proto. Cli. socks 1080/tcp socks 1080/udp ansoft-lm-1 1083/tcp #Anasoft License Manager ansoft-lm-1 1083/udp #Anasoft License Manager ansoft-lm-2 1084/tcp #Anasoft License Manager ansoft-lm-2 1084/udp #Anasoft License Manager webobjects 1085/tcp #Web Objects webobjects 1085/udp #Web Objects kpop 1109/tcp #Unofficial kpop 1109/udp #Unofficial nfsd-status 1110/tcp #Cluster status info nfsd-keepalive 1110/udp #Client status info supfiledbg 1127/tcp # for SUP nfa 1155/tcp #Network File Access nfa 1155/udp #Network File Access cisco-ipsla 1167/sctp #Cisco IP SLAs Control Protocol cisco-ipsla 1167/tcp #Cisco IP SLAs Control Protocol cisco-ipsla 1167/udp #Cisco IP SLAs Control Protocol skkserv 1178/tcp #SKK (kanji input) openvpn 1194/tcp #OpenVPN openvpn 1194/udp #OpenVPN lupa 1212/tcp lupa 1212/udp nerv 1222/tcp #SNI R&D network nerv 1222/udp #SNI R&D network hermes 1248/tcp hermes 1248/udp healthd 1281/tcp #healthd healthd 1281/udp #healthd alta-ana-lm 1346/tcp #Alta Analytics License Manager alta-ana-lm 1346/udp #Alta Analytics License Manager bbn-mmc 1347/tcp #multi media conferencing bbn-mmc 1347/udp #multi media conferencing bbn-mmx 1348/tcp #multi media conferencing bbn-mmx 1348/udp #multi media conferencing sbook 1349/tcp #Registration Network Protocol sbook 1349/udp #Registration Network Protocol editbench 1350/tcp #Registration Network Protocol editbench 1350/udp #Registration Network Protocol equationbuilder 1351/tcp #Digital Tool Works (MIT) equationbuilder 1351/udp #Digital Tool Works (MIT) lotusnote 1352/tcp #Lotus Note lotusnote 1352/udp #Lotus Note relief 1353/tcp #Relief Consulting relief 1353/udp #Relief Consulting rightbrain 1354/tcp #RightBrain Software rightbrain 1354/udp #RightBrain Software intuitive-edge 1355/tcp #Intuitive Edge intuitive-edge 1355/udp #Intuitive Edge cuillamartin 1356/tcp #CuillaMartin Company cuillamartin 1356/udp #CuillaMartin Company pegboard 1357/tcp #Electronic PegBoard pegboard 1357/udp #Electronic PegBoard connlcli 1358/tcp connlcli 1358/udp ftsrv 1359/tcp ftsrv 1359/udp mimer 1360/tcp mimer 1360/udp linx 1361/tcp linx 1361/udp timeflies 1362/tcp timeflies 1362/udp ndm-requester 1363/tcp #Network DataMover Requester ndm-requester 1363/udp #Network DataMover Requester ndm-server 1364/tcp #Network DataMover Server ndm-server 1364/udp #Network DataMover Server adapt-sna 1365/tcp #Network Software Associates adapt-sna 1365/udp #Network Software Associates netware-csp 1366/tcp #Novell NetWare Comm Service Platform netware-csp 1366/udp #Novell NetWare Comm Service Platform dcs 1367/tcp dcs 1367/udp screencast 1368/tcp screencast 1368/udp gv-us 1369/tcp #GlobalView to Unix Shell gv-us 1369/udp #GlobalView to Unix Shell us-gv 1370/tcp #Unix Shell to GlobalView us-gv 1370/udp #Unix Shell to GlobalView fc-cli 1371/tcp #Fujitsu Config Protocol fc-cli 1371/udp #Fujitsu Config Protocol fc-ser 1372/tcp #Fujitsu Config Protocol fc-ser 1372/udp #Fujitsu Config Protocol chromagrafx 1373/tcp chromagrafx 1373/udp molly 1374/tcp #EPI Software Systems molly 1374/udp #EPI Software Systems bytex 1375/tcp bytex 1375/udp ibm-pps 1376/tcp #IBM Person to Person Software ibm-pps 1376/udp #IBM Person to Person Software cichlid 1377/tcp #Cichlid License Manager cichlid 1377/udp #Cichlid License Manager elan 1378/tcp #Elan License Manager elan 1378/udp #Elan License Manager dbreporter 1379/tcp #Integrity Solutions dbreporter 1379/udp #Integrity Solutions telesis-licman 1380/tcp #Telesis Network License Manager telesis-licman 1380/udp #Telesis Network License Manager apple-licman 1381/tcp #Apple Network License Manager apple-licman 1381/udp #Apple Network License Manager #udt_os 1382/tcp #udt_os 1382/udp gwha 1383/tcp #GW Hannaway Network License Manager gwha 1383/udp #GW Hannaway Network License Manager os-licman 1384/tcp #Objective Solutions License Manager os-licman 1384/udp #Objective Solutions License Manager atex_elmd 1385/tcp #Atex Publishing License Manager atex_elmd 1385/udp #Atex Publishing License Manager checksum 1386/tcp #CheckSum License Manager checksum 1386/udp #CheckSum License Manager cadsi-lm 1387/tcp #Computer Aided Design Software Inc LM cadsi-lm 1387/udp #Computer Aided Design Software Inc LM objective-dbc 1388/tcp #Objective Solutions DataBase Cache objective-dbc 1388/udp #Objective Solutions DataBase Cache iclpv-dm 1389/tcp #Document Manager iclpv-dm 1389/udp #Document Manager iclpv-sc 1390/tcp #Storage Controller iclpv-sc 1390/udp #Storage Controller iclpv-sas 1391/tcp #Storage Access Server iclpv-sas 1391/udp #Storage Access Server iclpv-pm 1392/tcp #Print Manager iclpv-pm 1392/udp #Print Manager iclpv-nls 1393/tcp #Network Log Server iclpv-nls 1393/udp #Network Log Server iclpv-nlc 1394/tcp #Network Log Client iclpv-nlc 1394/udp #Network Log Client iclpv-wsm 1395/tcp #PC Workstation Manager software iclpv-wsm 1395/udp #PC Workstation Manager software dvl-activemail 1396/tcp #DVL Active Mail dvl-activemail 1396/udp #DVL Active Mail audio-activmail 1397/tcp #Audio Active Mail audio-activmail 1397/udp #Audio Active Mail video-activmail 1398/tcp #Video Active Mail video-activmail 1398/udp #Video Active Mail cadkey-licman 1399/tcp #Cadkey License Manager cadkey-licman 1399/udp #Cadkey License Manager cadkey-tablet 1400/tcp #Cadkey Tablet Daemon cadkey-tablet 1400/udp #Cadkey Tablet Daemon goldleaf-licman 1401/tcp #Goldleaf License Manager goldleaf-licman 1401/udp #Goldleaf License Manager prm-sm-np 1402/tcp #Prospero Resource Manager prm-sm-np 1402/udp #Prospero Resource Manager prm-nm-np 1403/tcp #Prospero Resource Manager prm-nm-np 1403/udp #Prospero Resource Manager igi-lm 1404/tcp #Infinite Graphics License Manager igi-lm 1404/udp #Infinite Graphics License Manager ibm-res 1405/tcp #IBM Remote Execution Starter ibm-res 1405/udp #IBM Remote Execution Starter netlabs-lm 1406/tcp #NetLabs License Manager netlabs-lm 1406/udp #NetLabs License Manager dbsa-lm 1407/tcp #DBSA License Manager dbsa-lm 1407/udp #DBSA License Manager sophia-lm 1408/tcp #Sophia License Manager sophia-lm 1408/udp #Sophia License Manager here-lm 1409/tcp #Here License Manager here-lm 1409/udp #Here License Manager hiq 1410/tcp #HiQ License Manager hiq 1410/udp #HiQ License Manager af 1411/tcp #AudioFile af 1411/udp #AudioFile innosys 1412/tcp innosys 1412/udp innosys-acl 1413/tcp innosys-acl 1413/udp ibm-mqseries 1414/tcp #IBM MQSeries ibm-mqseries 1414/udp #IBM MQSeries dbstar 1415/tcp dbstar 1415/udp novell-lu6.2 1416/tcp #Novell LU6.2 novell-lu6.2 1416/udp #Novell LU6.2 timbuktu-srv1 1417/tcp #Timbuktu Service 1 Port timbuktu-srv1 1417/udp #Timbuktu Service 1 Port timbuktu-srv2 1418/tcp #Timbuktu Service 2 Port timbuktu-srv2 1418/udp #Timbuktu Service 2 Port timbuktu-srv3 1419/tcp #Timbuktu Service 3 Port timbuktu-srv3 1419/udp #Timbuktu Service 3 Port timbuktu-srv4 1420/tcp #Timbuktu Service 4 Port timbuktu-srv4 1420/udp #Timbuktu Service 4 Port gandalf-lm 1421/tcp #Gandalf License Manager gandalf-lm 1421/udp #Gandalf License Manager autodesk-lm 1422/tcp #Autodesk License Manager autodesk-lm 1422/udp #Autodesk License Manager essbase 1423/tcp #Essbase Arbor Software essbase 1423/udp #Essbase Arbor Software hybrid 1424/tcp #Hybrid Encryption Protocol hybrid 1424/udp #Hybrid Encryption Protocol zion-lm 1425/tcp #Zion Software License Manager zion-lm 1425/udp #Zion Software License Manager sas-1 1426/tcp #Satellite-data Acquisition System 1 sas-1 1426/udp #Satellite-data Acquisition System 1 mloadd 1427/tcp #mloadd monitoring tool mloadd 1427/udp #mloadd monitoring tool informatik-lm 1428/tcp #Informatik License Manager informatik-lm 1428/udp #Informatik License Manager nms 1429/tcp #Hypercom NMS nms 1429/udp #Hypercom NMS tpdu 1430/tcp #Hypercom TPDU tpdu 1430/udp #Hypercom TPDU rgtp 1431/tcp #Reverse Gossip Transport rgtp 1431/udp #Reverse Gossip Transport blueberry-lm 1432/tcp #Blueberry Software License Manager blueberry-lm 1432/udp #Blueberry Software License Manager ms-sql-s 1433/tcp #Microsoft-SQL-Server ms-sql-s 1433/udp #Microsoft-SQL-Server ms-sql-m 1434/tcp #Microsoft-SQL-Monitor ms-sql-m 1434/udp #Microsoft-SQL-Monitor ibm-cics 1435/tcp ibm-cics 1435/udp sas-2 1436/tcp #Satellite-data Acquisition System 2 sas-2 1436/udp #Satellite-data Acquisition System 2 tabula 1437/tcp tabula 1437/udp eicon-server 1438/tcp #Eicon Security Agent/Server eicon-server 1438/udp #Eicon Security Agent/Server eicon-x25 1439/tcp #Eicon X25/SNA Gateway eicon-x25 1439/udp #Eicon X25/SNA Gateway eicon-slp 1440/tcp #Eicon Service Location Protocol eicon-slp 1440/udp #Eicon Service Location Protocol cadis-1 1441/tcp #Cadis License Management cadis-1 1441/udp #Cadis License Management cadis-2 1442/tcp #Cadis License Management cadis-2 1442/udp #Cadis License Management ies-lm 1443/tcp #Integrated Engineering Software ies-lm 1443/udp #Integrated Engineering Software marcam-lm 1444/tcp #Marcam License Management marcam-lm 1444/udp #Marcam License Management proxima-lm 1445/tcp #Proxima License Manager proxima-lm 1445/udp #Proxima License Manager ora-lm 1446/tcp #Optical Research Associates License Manager ora-lm 1446/udp #Optical Research Associates License Manager apri-lm 1447/tcp #Applied Parallel Research LM apri-lm 1447/udp #Applied Parallel Research LM oc-lm 1448/tcp #OpenConnect License Manager oc-lm 1448/udp #OpenConnect License Manager peport 1449/tcp peport 1449/udp dwf 1450/tcp #Tandem Distributed Workbench Facility dwf 1450/udp #Tandem Distributed Workbench Facility infoman 1451/tcp #IBM Information Management infoman 1451/udp #IBM Information Management gtegsc-lm 1452/tcp #GTE Government Systems License Man gtegsc-lm 1452/udp #GTE Government Systems License Man genie-lm 1453/tcp #Genie License Manager genie-lm 1453/udp #Genie License Manager interhdl_elmd 1454/tcp #interHDL License Manager interhdl_elmd 1454/udp #interHDL License Manager esl-lm 1455/tcp #ESL License Manager esl-lm 1455/udp #ESL License Manager dca 1456/tcp dca 1456/udp valisys-lm 1457/tcp #Valisys License Manager valisys-lm 1457/udp #Valisys License Manager nrcabq-lm 1458/tcp #Nichols Research Corp. nrcabq-lm 1458/udp #Nichols Research Corp. proshare1 1459/tcp #Proshare Notebook Application proshare1 1459/udp #Proshare Notebook Application proshare2 1460/tcp #Proshare Notebook Application proshare2 1460/udp #Proshare Notebook Application ibm_wrless_lan 1461/tcp #IBM Wireless LAN ibm_wrless_lan 1461/udp #IBM Wireless LAN world-lm 1462/tcp #World License Manager world-lm 1462/udp #World License Manager nucleus 1463/tcp nucleus 1463/udp msl_lmd 1464/tcp #MSL License Manager msl_lmd 1464/udp #MSL License Manager pipes 1465/tcp #Pipes Platform pipes 1465/udp #Pipes Platform mfarlin@peerlogic.com oceansoft-lm 1466/tcp #Ocean Software License Manager oceansoft-lm 1466/udp #Ocean Software License Manager csdmbase 1467/tcp csdmbase 1467/udp csdm 1468/tcp csdm 1468/udp aal-lm 1469/tcp #Active Analysis Limited License Manager aal-lm 1469/udp #Active Analysis Limited License Manager uaiact 1470/tcp #Universal Analytics uaiact 1470/udp #Universal Analytics csdmbase 1471/tcp csdmbase 1471/udp csdm 1472/tcp csdm 1472/udp openmath 1473/tcp openmath 1473/udp telefinder 1474/tcp telefinder 1474/udp taligent-lm 1475/tcp #Taligent License Manager taligent-lm 1475/udp #Taligent License Manager clvm-cfg 1476/tcp clvm-cfg 1476/udp ms-sna-server 1477/tcp ms-sna-server 1477/udp ms-sna-base 1478/tcp ms-sna-base 1478/udp dberegister 1479/tcp dberegister 1479/udp pacerforum 1480/tcp pacerforum 1480/udp airs 1481/tcp airs 1481/udp miteksys-lm 1482/tcp #Miteksys License Manager miteksys-lm 1482/udp #Miteksys License Manager afs 1483/tcp #AFS License Manager afs 1483/udp #AFS License Manager confluent 1484/tcp #Confluent License Manager confluent 1484/udp #Confluent License Manager lansource 1485/tcp lansource 1485/udp nms_topo_serv 1486/tcp nms_topo_serv 1486/udp localinfosrvr 1487/tcp localinfosrvr 1487/udp docstor 1488/tcp docstor 1488/udp dmdocbroker 1489/tcp dmdocbroker 1489/udp insitu-conf 1490/tcp insitu-conf 1490/udp anynetgateway 1491/tcp anynetgateway 1491/udp stone-design-1 1492/tcp stone-design-1 1492/udp netmap_lm 1493/tcp netmap_lm 1493/udp ica 1494/tcp ica 1494/udp cvc 1495/tcp cvc 1495/udp liberty-lm 1496/tcp liberty-lm 1496/udp rfx-lm 1497/tcp rfx-lm 1497/udp watcom-sql 1498/tcp watcom-sql 1498/udp fhc 1499/tcp #Federico Heinz Consultora fhc 1499/udp #Federico Heinz Consultora vlsi-lm 1500/tcp #VLSI License Manager vlsi-lm 1500/udp #VLSI License Manager sas-3 1501/tcp #Satellite-data Acquisition System 3 sas-3 1501/udp #Satellite-data Acquisition System 3 shivadiscovery 1502/tcp #Shiva shivadiscovery 1502/udp #Shiva imtc-mcs 1503/tcp #Databeam imtc-mcs 1503/udp #Databeam evb-elm 1504/tcp #EVB Software Engineering License Manager evb-elm 1504/udp #EVB Software Engineering License Manager funkproxy 1505/tcp #Funk Software, Inc. funkproxy 1505/udp #Funk Software, Inc. utcd 1506/tcp #Universal Time daemon (utcd) utcd 1506/udp #Universal Time daemon (utcd) symplex 1507/tcp symplex 1507/udp diagmond 1508/tcp diagmond 1508/udp robcad-lm 1509/tcp #Robcad, Ltd. License Manager robcad-lm 1509/udp #Robcad, Ltd. License Manager mvx-lm 1510/tcp #Midland Valley Exploration Ltd. Lic. Man. mvx-lm 1510/udp #Midland Valley Exploration Ltd. Lic. Man. 3l-l1 1511/tcp 3l-l1 1511/udp wins 1512/tcp #Microsoft's Windows Internet Name Service wins 1512/udp #Microsoft's Windows Internet Name Service fujitsu-dtc 1513/tcp #Fujitsu Systems Business of America, Inc fujitsu-dtc 1513/udp #Fujitsu Systems Business of America, Inc fujitsu-dtcns 1514/tcp #Fujitsu Systems Business of America, Inc fujitsu-dtcns 1514/udp #Fujitsu Systems Business of America, Inc ifor-protocol 1515/tcp ifor-protocol 1515/udp vpad 1516/tcp #Virtual Places Audio data vpad 1516/udp #Virtual Places Audio data vpac 1517/tcp #Virtual Places Audio control vpac 1517/udp #Virtual Places Audio control vpvd 1518/tcp #Virtual Places Video data vpvd 1518/udp #Virtual Places Video data vpvc 1519/tcp #Virtual Places Video control vpvc 1519/udp #Virtual Places Video control atm-zip-office 1520/tcp #atm zip office atm-zip-office 1520/udp #atm zip office ncube-lm 1521/tcp #nCube License Manager ncube-lm 1521/udp #nCube License Manager rna-lm 1522/tcp #Ricardo North America License Manager rna-lm 1522/udp #Ricardo North America License Manager cichild-lm 1523/tcp cichild-lm 1523/udp ingreslock 1524/tcp #ingres ingreslock 1524/udp #ingres prospero-np 1525/tcp #Prospero Directory Service non-priv prospero-np 1525/udp #Prospero Directory Service non-priv #PROBLEMS!======================================================== orasrv 1525/tcp #oracle orasrv 1525/udp #oracle #PROBLEMS!======================================================== pdap-np 1526/tcp #Prospero Data Access Prot non-priv pdap-np 1526/udp #Prospero Data Access Prot non-priv tlisrv 1527/tcp #oracle tlisrv 1527/udp #oracle mciautoreg 1528/tcp mciautoreg 1528/udp support 1529/tcp prmsd gnatsd # cygnus bug tracker coauthor 1529/tcp #oracle coauthor 1529/udp #oracle rap-service 1530/tcp rap-service 1530/udp rap-listen 1531/tcp rap-listen 1531/udp miroconnect 1532/tcp miroconnect 1532/udp virtual-places 1533/tcp #Virtual Places Software virtual-places 1533/udp #Virtual Places Software micromuse-lm 1534/tcp micromuse-lm 1534/udp ampr-info 1535/tcp ampr-info 1535/udp ampr-inter 1536/tcp ampr-inter 1536/udp sdsc-lm 1537/tcp sdsc-lm 1537/udp 3ds-lm 1538/tcp 3ds-lm 1538/udp intellistor-lm 1539/tcp #Intellistor License Manager intellistor-lm 1539/udp #Intellistor License Manager rds 1540/tcp rds 1540/udp rds2 1541/tcp rds2 1541/udp gridgen-elmd 1542/tcp gridgen-elmd 1542/udp simba-cs 1543/tcp simba-cs 1543/udp aspeclmd 1544/tcp aspeclmd 1544/udp vistium-share 1545/tcp vistium-share 1545/udp abbaccuray 1546/tcp abbaccuray 1546/udp laplink 1547/tcp laplink 1547/udp axon-lm 1548/tcp #Axon License Manager axon-lm 1548/udp #Axon License Manager shivahose 1549/tcp #Shiva Hose shivasound 1549/udp #Shiva Sound 3m-image-lm 1550/tcp #Image Storage license manager 3M Company 3m-image-lm 1550/udp #Image Storage license manager 3M Company hecmtl-db 1551/tcp hecmtl-db 1551/udp pciarray 1552/tcp pciarray 1552/udp issd 1600/tcp issd 1600/udp # IMPORTANT NOTE: Ports 1645/1646 are the traditional radius ports used by # many vendors without obtaining official IANA assignment. The official # assignment is now ports 1812/1813 and users are encouraged to migrate # when possible to these new ports. #radius 1645/udp #RADIUS authentication protocol (old) #radacct 1646/udp #RADIUS accounting protocol (old) nkd 1650/tcp nkd 1650/udp shiva_confsrvr 1651/tcp shiva_confsrvr 1651/udp xnmp 1652/tcp xnmp 1652/udp netview-aix-1 1661/tcp netview-aix-1 1661/udp netview-aix-2 1662/tcp netview-aix-2 1662/udp netview-aix-3 1663/tcp netview-aix-3 1663/udp netview-aix-4 1664/tcp netview-aix-4 1664/udp netview-aix-5 1665/tcp netview-aix-5 1665/udp netview-aix-6 1666/tcp netview-aix-6 1666/udp netview-aix-7 1667/tcp netview-aix-7 1667/udp netview-aix-8 1668/tcp netview-aix-8 1668/udp netview-aix-9 1669/tcp netview-aix-9 1669/udp netview-aix-10 1670/tcp netview-aix-10 1670/udp netview-aix-11 1671/tcp netview-aix-11 1671/udp netview-aix-12 1672/tcp netview-aix-12 1672/udp l2f 1701/tcp #l2f l2f 1701/udp #l2f l2tp 1701/tcp #Layer 2 Tunnelling Protocol l2tp 1701/udp #Layer 2 Tunnelling Protocol pptp 1723/tcp #Point-to-point tunnelling protocol # IMPORTANT NOTE: See comments for ports 1645/1646 when using older equipment radius 1812/udp #RADIUS authentication protocol (IANA sanctioned) radacct 1813/udp #RADIUS accounting protocol (IANA sanctioned) licensedaemon 1986/tcp #cisco license management licensedaemon 1986/udp #cisco license management tr-rsrb-p1 1987/tcp #cisco RSRB Priority 1 port tr-rsrb-p1 1987/udp #cisco RSRB Priority 1 port tr-rsrb-p2 1988/tcp #cisco RSRB Priority 2 port tr-rsrb-p2 1988/udp #cisco RSRB Priority 2 port tr-rsrb-p3 1989/tcp #cisco RSRB Priority 3 port tr-rsrb-p3 1989/udp #cisco RSRB Priority 3 port #PROBLEMS!=================================================== mshnet 1989/tcp #MHSnet system mshnet 1989/udp #MHSnet system #PROBLEMS!=================================================== stun-p1 1990/tcp #cisco STUN Priority 1 port stun-p1 1990/udp #cisco STUN Priority 1 port stun-p2 1991/tcp #cisco STUN Priority 2 port stun-p2 1991/udp #cisco STUN Priority 2 port stun-p3 1992/tcp #cisco STUN Priority 3 port stun-p3 1992/udp #cisco STUN Priority 3 port #PROBLEMS!=================================================== ipsendmsg 1992/tcp ipsendmsg 1992/udp #PROBLEMS!=================================================== snmp-tcp-port 1993/tcp #cisco SNMP TCP port snmp-tcp-port 1993/udp #cisco SNMP TCP port stun-port 1994/tcp #cisco serial tunnel port stun-port 1994/udp #cisco serial tunnel port perf-port 1995/tcp #cisco perf port perf-port 1995/udp #cisco perf port tr-rsrb-port 1996/tcp #cisco Remote SRB port tr-rsrb-port 1996/udp #cisco Remote SRB port gdp-port 1997/tcp #cisco Gateway Discovery Protocol gdp-port 1997/udp #cisco Gateway Discovery Protocol x25-svc-port 1998/tcp #cisco X.25 service (XOT) x25-svc-port 1998/udp #cisco X.25 service (XOT) tcp-id-port 1999/tcp #cisco identification port tcp-id-port 1999/udp #cisco identification port callbook 2000/tcp callbook 2000/udp dc 2001/tcp wizard 2001/udp #curry globe 2002/tcp globe 2002/udp cfingerd 2003/tcp #GNU finger mailbox 2004/tcp emce 2004/udp #CCWS mm conf berknet 2005/tcp oracle 2005/udp invokator 2006/tcp raid-cc 2006/udp #raid dectalk 2007/tcp raid-am 2007/udp conf 2008/tcp terminaldb 2008/udp news 2009/tcp whosockami 2009/udp search 2010/tcp pipe_server 2010/udp raid-cc 2011/tcp #raid servserv 2011/udp ttyinfo 2012/tcp raid-ac 2012/udp raid-am 2013/tcp raid-cd 2013/udp troff 2014/tcp raid-sf 2014/udp cypress 2015/tcp raid-cs 2015/udp bootserver 2016/tcp bootserver 2016/udp cypress-stat 2017/tcp bootclient 2017/udp terminaldb 2018/tcp rellpack 2018/udp whosockami 2019/tcp about 2019/udp xinupageserver 2020/tcp xinupageserver 2020/udp servexec 2021/tcp xinuexpansion1 2021/udp down 2022/tcp xinuexpansion2 2022/udp xinuexpansion3 2023/tcp xinuexpansion3 2023/udp xinuexpansion4 2024/tcp xinuexpansion4 2024/udp ellpack 2025/tcp xribs 2025/udp scrabble 2026/tcp scrabble 2026/udp shadowserver 2027/tcp shadowserver 2027/udp submitserver 2028/tcp submitserver 2028/udp device2 2030/tcp device2 2030/udp blackboard 2032/tcp blackboard 2032/udp glogger 2033/tcp glogger 2033/udp scoremgr 2034/tcp scoremgr 2034/udp imsldoc 2035/tcp imsldoc 2035/udp objectmanager 2038/tcp objectmanager 2038/udp lam 2040/tcp lam 2040/udp interbase 2041/tcp interbase 2041/udp isis 2042/tcp isis 2042/udp isis-bcast 2043/tcp isis-bcast 2043/udp rimsl 2044/tcp rimsl 2044/udp cdfunc 2045/tcp cdfunc 2045/udp sdfunc 2046/tcp sdfunc 2046/udp #dls 2047/tcp #dls 2047/udp dls-monitor 2048/tcp dls-monitor 2048/udp nfsd 2049/sctp nfs # NFS server daemon nfsd 2049/tcp nfs # NFS server daemon nfsd 2049/udp nfs # NFS server daemon #PROBLEMS!============================================================= #shilp 2049/tcp #shilp 2049/udp #PROBLEMS!============================================================= dlsrpn 2065/tcp #Data Link Switch Read Port Number dlsrpn 2065/udp #Data Link Switch Read Port Number dlswpn 2067/tcp #Data Link Switch Write Port Number dlswpn 2067/udp #Data Link Switch Write Port Number zephyr-clt 2103/udp #Zephyr serv-hm connection zephyr-hm 2104/udp #Zephyr hostmanager #PROBLEMS!============================================================= #zephyr-hm-srv 2105/udp #Zephyr hm-serv connection #PROBLEMS!============================================================= eklogin 2105/tcp #Kerberos (v4) encrypted rlogin eklogin 2105/udp #Kerberos (v4) encrypted rlogin ekshell 2106/tcp #Kerberos (v4) encrypted rshell ekshell 2106/udp #Kerberos (v4) encrypted rshell rkinit 2108/tcp #Kerberos (v4) remote initialization rkinit 2108/udp #Kerberos (v4) remote initialization ats 2201/tcp #Advanced Training System Program ats 2201/udp #Advanced Training System Program hpssd 2207/tcp #HP Status and Services hpssd 2207/udp #HP Status and Services hpiod 2208/tcp #HP I/O Backend hpiod 2208/udp #HP I/O Backend rcip-itu 2225/sctp #Resource Connection Initiation Protocol rcip-itu 2225/tcp #Resource Connection Initiation Protocol ivs-video 2232/tcp #IVS Video default ivs-video 2232/udp #IVS Video default ivsd 2241/tcp #IVS Daemon ivsd 2241/udp #IVS Daemon pehelp 2307/tcp pehelp 2307/udp cvspserver 2401/tcp #CVS network server cvspserver 2401/udp #CVS network server venus 2430/tcp #venus venus 2430/udp #venus venus-se 2431/tcp #venus-se venus-se 2431/udp #venus-se codasrv 2432/tcp #codasrv codasrv 2432/udp #codasrv codasrv-se 2433/tcp #codasrv-se codasrv-se 2433/udp #codasrv-se rtsserv 2500/tcp #Resource Tracking system server rtsserv 2500/udp #Resource Tracking system server rtsclient 2501/tcp #Resource Tracking system client rtsclient 2501/udp #Resource Tracking system client hp-3000-telnet 2564/tcp #HP 3000 NS/VT block mode telnet zebrasrv 2600/tcp #zebra service zebra 2601/tcp #zebra vty ripd 2602/tcp #RIPd vty ripngd 2603/tcp #RIPngd vty ospfd 2604/tcp #OSPFd vty bgpd 2605/tcp #BGPd vty ospf6d 2606/tcp #OSPF6d vty dict 2628/tcp #RFC 2229 dict 2628/udp #RFC 2229 listen 2766/tcp #System V listener port www-dev 2784/tcp #world wide web - development www-dev 2784/udp #world wide web - development m2ua 2904/sctp #M2UA m2ua 2904/tcp #M2UA m2ua 2904/udp #M2UA m3ua 2905/sctp #M3UA m3ua 2905/tcp #M3UA megaco-h248 2944/sctp #Megaco-H.248 text megaco-h248 2944/tcp #Megaco H-248 megaco-h248 2944/udp #Megaco H-248 h248-binary 2945/sctp #Megaco/H.248 binary h248-binary 2945/tcp #H248 Binary h248-binary 2945/udp #H248 Binary eppc 3031/tcp #Remote AppleEvents/PPC Toolbox eppc 3031/udp #Remote AppleEvents/PPC Toolbox NSWS 3049/tcp NSWS 3049/udp gds_db 3050/tcp #InterBase Database Remote Protocol gds_db 3050/udp #InterBase Database Remote Protocol sj3 3086/tcp #SJ3 (kanji input) itu-bicc-stc 3097/sctp #ITU-T Q.1902.1/Q.2150.3 vmodem 3141/tcp vmodem 3141/udp iscsi-target 3260/tcp # iSCSI port iscsi-target 3260/udp # iSCSI port ccmail 3264/tcp #cc:mail/lotus ccmail 3264/udp #cc:mail/lotus dec-notes 3333/tcp #DEC Notes dec-notes 3333/udp #DEC Notes rdp 3389/tcp #Microsoft Remote Desktop Protocol bmap 3421/tcp #Bull Apprise portmapper bmap 3421/udp #Bull Apprise portmapper prsvp 3455/tcp #RSVP Port prsvp 3455/udp rsvp-encap #RSVP Port vat 3456/tcp #VAT default data vat 3456/udp #VAT default data vat-control 3457/tcp #VAT default control vat-control 3457/udp #VAT default control nut 3493/tcp #Network UPS Tools nut 3493/udp #Network UPS Tools m2pa 3565/sctp #M2PA m2pa 3565/tcp #M2PA tsp 3653/tcp #Tunnel Setup Protocol tsp 3653/udp #Tunnel Setup Protocol svn 3690/tcp #Subversion svn 3690/udp #Subversion asap 3863/sctp #asap sctp asap 3863/tcp #asap tcp port asap 3863/udp #asap udp port asap-tls 3864/sctp #asap-sctp/tls asap-tls 3864/tcp #asap/tls tcp port diameter 3868/tcp #DIAMETER diameter 3868/sctp #DIAMETER udt_os 3900/tcp #Unidata UDT OS udt_os 3900/udp #Unidata UDT OS mapper-nodemgr 3984/tcp #MAPPER network node manager mapper-nodemgr 3984/udp #MAPPER network node manager mapper-mapethd 3985/tcp #MAPPER TCP/IP server mapper-mapethd 3985/udp #MAPPER TCP/IP server mapper-ws_ethd 3986/tcp #MAPPER workstation server mapper-ws_ethd 3986/udp #MAPPER workstation server netcheque 4008/tcp #NetCheque accounting netcheque 4008/udp #NetCheque accounting lockd 4045/udp # NFS lock daemon/manager lockd 4045/tcp nuts_dem 4132/tcp #NUTS Daemon nuts_dem 4132/udp #NUTS Daemon nuts_bootp 4133/tcp #NUTS Bootp Server nuts_bootp 4133/udp #NUTS Bootp Server sieve 4190/tcp #ManageSieve Protocol sieve 4190/udp #ManageSieve Protocol rwhois 4321/tcp #Remote Who Is rwhois 4321/udp #Remote Who Is unicall 4343/tcp unicall 4343/udp epmd 4369/tcp #Erlang Port Mapper Daemon epmd 4369/udp #Erlang Port Mapper Daemon krb524 4444/tcp krb524 4444/udp # PROBLEM krb524 assigned the port, # PROBLEM nv used it without an assignment nv-video 4444/tcp #NV Video default nv-video 4444/udp #NV Video default sae-urn 4500/tcp sae-urn 4500/udp fax 4557/tcp #FAX transmission service hylafax 4559/tcp #HylaFAX client-server protocol rfa 4672/tcp #remote file access server rfa 4672/udp #remote file access server ipfix 4739/sctp #IP Flow Info Export ipfix 4739/tcp #IP Flow Info Export ipfix 4739/udp #IP Flow Info Export ipfixs 4740/sctp #ipfix protocol over DTLS ipfixs 4740/tcp #ipfix protocol over TLS ipfixs 4740/udp #ipfix protocol over DTLS commplex-main 5000/tcp commplex-main 5000/udp commplex-link 5001/tcp commplex-link 5001/udp rfe 5002/tcp #radio free ethernet rfe 5002/udp #radio free ethernet telelpathstart 5010/tcp telelpathstart 5010/udp telelpathattack 5011/tcp telelpathattack 5011/udp mmcc 5050/tcp #multimedia conference control tool mmcc 5050/udp #multimedia conference control tool sds 5059/tcp #SIP Directory Services sds 5059/udp #SIP Directory Services sip 5060/tcp #Session Initialization Protocol (VoIP) sip 5060/udp #Session Initialization Protocol (VoIP) sip-tls 5061/tcp #SIP over TLS sip-tls 5061/udp #SIP over TLS car 5090/sctp #Candidate AR cxtp 5091/sctp #Context Transfer Protocol rmonitor_secure 5145/tcp rmonitor_secure 5145/udp aol 5190/tcp #America-Online aol 5190/udp #America-Online aol-1 5191/tcp #AmericaOnline1 aol-1 5191/udp #AmericaOnline1 aol-2 5192/tcp #AmericaOnline2 aol-2 5192/udp #AmericaOnline2 aol-3 5193/tcp #AmericaOnline3 aol-3 5193/udp #AmericaOnline3 xmpp-client 5222/tcp #XMPP Client Connection xmpp-client 5222/udp #XMPP Client Connection padl2sim 5236/tcp padl2sim 5236/udp xmpp-server 5269/tcp #XMPP Server Connection xmpp-server 5269/udp #XMPP Server Connection hacl-hb 5300/tcp # HA cluster heartbeat hacl-hb 5300/udp # HA cluster heartbeat hacl-gs 5301/tcp # HA cluster general services hacl-gs 5301/udp # HA cluster general services hacl-cfg 5302/tcp # HA cluster configuration hacl-cfg 5302/udp # HA cluster configuration hacl-probe 5303/tcp # HA cluster probing hacl-probe 5303/udp # HA cluster probing hacl-local 5304/tcp hacl-local 5304/udp hacl-test 5305/tcp hacl-test 5305/udp cfengine 5308/tcp cfengine 5308/udp mdns 5353/tcp #Multicast DNS mdns 5353/udp #Multicast DNS postgresql 5432/tcp #PostgreSQL Database postgresql 5432/udp #PostgreSQL Database rplay 5555/udp amqp 5672/sctp #AMQP amqp 5672/tcp #AMQP amqp 5672/udp #AMQP v5ua 5675/sctp #V5UA application port v5ua 5675/tcp #V5UA application port v5ua 5675/udp #V5UA application port canna 5680/tcp #Canna (Japanese Input) proshareaudio 5713/tcp #proshare conf audio proshareaudio 5713/udp #proshare conf audio prosharevideo 5714/tcp #proshare conf video prosharevideo 5714/udp #proshare conf video prosharedata 5715/tcp #proshare conf data prosharedata 5715/udp #proshare conf data prosharerequest 5716/tcp #proshare conf request prosharerequest 5716/udp #proshare conf request prosharenotify 5717/tcp #proshare conf notify prosharenotify 5717/udp #proshare conf notify cvsup 5999/tcp #CVSup file transfer/John Polstra/FreeBSD x11 6000/tcp #6000-6063 are assigned to X Window System x11 6000/udp x11-ssh 6010/tcp #Unofficial name, for convenience x11-ssh 6010/udp softcm 6110/tcp #HP SoftBench CM softcm 6110/udp #HP SoftBench CM spc 6111/tcp #HP SoftBench Sub-Process Control spc 6111/udp #HP SoftBench Sub-Process Control meta-corp 6141/tcp #Meta Corporation License Manager meta-corp 6141/udp #Meta Corporation License Manager aspentec-lm 6142/tcp #Aspen Technology License Manager aspentec-lm 6142/udp #Aspen Technology License Manager watershed-lm 6143/tcp #Watershed License Manager watershed-lm 6143/udp #Watershed License Manager statsci1-lm 6144/tcp #StatSci License Manager - 1 statsci1-lm 6144/udp #StatSci License Manager - 1 statsci2-lm 6145/tcp #StatSci License Manager - 2 statsci2-lm 6145/udp #StatSci License Manager - 2 lonewolf-lm 6146/tcp #Lone Wolf Systems License Manager lonewolf-lm 6146/udp #Lone Wolf Systems License Manager montage-lm 6147/tcp #Montage License Manager montage-lm 6147/udp #Montage License Manager ricardo-lm 6148/tcp #Ricardo North America License Manager ricardo-lm 6148/udp #Ricardo North America License Manager sge_qmaster 6444/tcp #Grid Engine Qmaster Service sge_qmaster 6444/udp #Grid Engine Qmaster Service sge_execd 6445/tcp #Grid Engine Execution Service sge_execd 6445/udp #Grid Engine Execution Service xdsxdm 6558/tcp xdsxdm 6558/udp sane-port 6566/tcp #Scanner Access Now Easy (SANE) Control Port sane-port 6566/udp #Scanner Access Now Easy (SANE) Control Port -ircd 6667/tcp #Internet Relay Chat (unoffical) +ircd 6667/tcp #Internet Relay Chat (unofficial) frc-hp 6704/sctp #ForCES HP (High Priority) channel frc-mp 6705/sctp #ForCES MP (Medium Priority) channel frc-lp 6706/sctp #ForCES LP (Low priority) channel acmsoda 6969/tcp acmsoda 6969/udp afs3-fileserver 7000/tcp #file server itself afs3-fileserver 7000/udp #file server itself afs3-callback 7001/tcp #callbacks to cache managers afs3-callback 7001/udp #callbacks to cache managers afs3-prserver 7002/tcp #users & groups database afs3-prserver 7002/udp #users & groups database afs3-vlserver 7003/tcp #volume location database afs3-vlserver 7003/udp #volume location database afs3-kaserver 7004/tcp #AFS/Kerberos authentication service afs3-kaserver 7004/udp #AFS/Kerberos authentication service afs3-volser 7005/tcp #volume management server afs3-volser 7005/udp #volume management server afs3-errors 7006/tcp #error interpretation service afs3-errors 7006/udp #error interpretation service afs3-bos 7007/tcp #basic overseer process afs3-bos 7007/udp #basic overseer process afs3-update 7008/tcp #server-to-server updater afs3-update 7008/udp #server-to-server updater afs3-rmtsys 7009/tcp #remote cache manager service afs3-rmtsys 7009/udp #remote cache manager service afs3-resserver 7010/tcp #MR-AFS residence server afs3-resserver 7010/udp #MR-AFS residence server ups-onlinet 7010/tcp #onlinet uninterruptable power supplies ups-onlinet 7010/udp #onlinet uninterruptable power supplies afs3-remio 7011/tcp #MR-AFS remote IO server afs3-remio 7011/udp #MR-AFS remote IO server font-service 7100/tcp #X Font Service font-service 7100/udp #X Font Service fodms 7200/tcp #FODMS FLIP fodms 7200/udp #FODMS FLIP dlip 7201/tcp dlip 7201/udp simco 7626/sctp #SImple Middlebox COnfiguration (SIMCO) simco 7626/tcp #SImple Middlebox COnfiguration (SIMCO) Server ftp-proxy 8021/tcp # FTP proxy pim 8471/sctp #PIM over Reliable Transport pim 8471/tcp #PIM over Reliable Transport natd 8668/divert # Network Address Translation lcs-ap 9082/sctp #LCS Application Protocol aurora 9084/sctp #IBM AURORA Performance Visualizer aurora 9084/tcp #IBM AURORA Performance Visualizer aurora 9084/udp #IBM AURORA Performance Visualizer jetdirect 9100/tcp #HP JetDirect card git 9418/tcp #git pack transfer service git 9418/udp #git pack transfer service man 9535/tcp man 9535/udp sd 9876/tcp #Session Director sd 9876/udp #Session Director iua 9900/sctp #IUA iua 9900/tcp #IUA iua 9900/udp #IUA enrp 9901/sctp #enrp server channel enrp 9901/udp #enrp server channel enrp-tls 9902/sctp #enrp/tls server channel amanda 10080/tcp #Dump server control amanda 10080/udp #Dump server control amandaidx 10082/tcp #Amanda indexing amidxtape 10083/tcp #Amanda tape indexing wmereceiving 11997/sctp #WorldMailExpress wmedistribution 11998/sctp #WorldMailExpress wmereporting 11999/sctp #WorldMailExpress sua 14001/sctp #SUA sua 14001/tcp #SUA isode-dua 17007/tcp isode-dua 17007/udp biimenu 18000/tcp #Beckman Instruments, Inc. biimenu 18000/udp #Beckman Instruments, Inc. nfsrdma 20049/sctp #Network File System (NFS) over RDMA nfsrdma 20049/tcp #Network File System (NFS) over RDMA nfsrdma 20049/udp #Network File System (NFS) over RDMA wnn4 22273/tcp wnn6 #Wnn4 (Japanese input) wnn4_Cn 22289/tcp wnn6_Cn #Wnn4 (Chinese input) wnn4_Kr 22305/tcp wnn6_Kr #Wnn4 (Korean input) wnn4_Tw 22321/tcp wnn6_Tw #Wnn4 (Taiwanse input) wnn6_DS 26208/tcp #Wnn6 (Dserver) sgsap 29118/sctp #SGsAP in 3GPP sbcap 29168/sctp #SBcAP in 3GPP iuhsctpassoc 29169/sctp #HNBAP and RUA Common Association s1-control 36412/sctp #S1-Control Plane (3GPP) x2-control 36422/sctp #X2-Control Plane (3GPP) dbbrowse 47557/tcp #Databeam Corporation dbbrowse 47557/udp #Databeam Corporation