14 files changed, 502 insertions, 354 deletions
diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index 0ef3012892dd..ada9094360f6 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -24,7 +24,7 @@
 : ${_localbase:="$(/sbin/sysctl -n user.localbase 2> /dev/null)"}
 : ${_localbase:="/usr/local"}
 
-# rc_debug can't be set here without interferring with rc.subr's setting it
+# rc_debug can't be set here without interfering with rc.subr's setting it
 # when the kenv variable rc.debug is set.
 #rc_debug="NO"		# Set to YES to enable debugging output from rc.d
 rc_info="NO"		# Enables display of informational messages at boot.
@@ -319,8 +319,10 @@ ctld_enable="NO"		# CAM Target Layer / iSCSI target daemon.
 local_unbound_enable="NO"	# Local caching DNS resolver
 local_unbound_oomprotect="YES"	# Don't kill local_unbound when swap space is exhausted.
 local_unbound_tls="NO"		# Use DNS over TLS
-blacklistd_enable="NO"		# Run blacklistd daemon (YES/NO).
-blacklistd_flags=""		# Optional flags for blacklistd(8).
+blacklistd_enable="NO"		# Renamed to blocklistd_enable.
+blacklistd_flags=""		# Renamed to blocklistd_flags.
+blocklistd_enable="NO"		# Run blocklistd daemon (YES/NO).
+blocklistd_flags=""		# Optional flags for blocklistd(8).
 resolv_enable="YES"		# Enable resolv / resolvconf
 
 #
@@ -369,9 +371,6 @@ sshd_enable="NO"		# Enable sshd
 sshd_oomprotect="YES"		# Don't kill sshd when swap space is exhausted.
 sshd_program="/usr/sbin/sshd"	# path to sshd, if you want a different one.
 sshd_flags=""			# Additional flags for sshd.
-ftpd_enable="NO"		# Enable stand-alone ftpd.
-ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
-ftpd_flags=""			# Additional flags to stand-alone ftpd.
 
 ### Network daemon (NFS): All need rpcbind_enable="YES" ###
 autofs_enable="NO"		# Run autofs daemons.
@@ -503,6 +502,9 @@ netwait_enable="NO"		# Enable rc.d/netwait (or NO)
 netwait_timeout="60"		# Total number of seconds to perform pings.
 #netwait_if=""			# Wait for active link on each intf in this list.
 netwait_if_timeout="30"		# Total number of seconds to monitor link state.
+netwait_dad="NO"		# Wait for DAD to complete
+netwait_dad_timeout=""		# Total number of seconds to wait for DAD, zero
+				# or unset to autodetect
 
 ### Miscellaneous network options: ###
 icmp_bmcastecho="NO"	# respond to broadcast ping packets
@@ -586,11 +588,11 @@ font8x14="NO"		# font 8x14 from /usr/share/{syscons,vt}/fonts/* (or NO).
 font8x8="NO"		# font 8x8 from /usr/share/{syscons,vt}/fonts/* (or NO).
 blanktime="300"		# blank time (in seconds) or "NO" to turn it off.
 saver="NO"		# screen saver: Uses /boot/kernel/${saver}_saver.ko
-moused_nondefault_enable="NO" # Treat non-default mice as enabled unless
+moused_nondefault_enable="YES" # Treat non-default mice as enabled unless
 			       # specifically overridden in rc.conf(5).
 moused_enable="NO"	# Run the mouse daemon.
-moused_type="auto"	# See man page for rc.conf(5) for available settings.
-moused_port="auto"	# Set to your mouse port.
+moused_type="evdev"	# See man page for rc.conf(5) for available settings.
+moused_port="/dev/psm0"	# Set to your mouse port.
 moused_flags=""		# Any additional flags to moused.
 mousechar_start="NO"	# if 0xd0-0xd3 default range is occupied in your
 			# language code table, specify alternative range
@@ -705,6 +707,7 @@ osrelease_enable="YES"	# Update /var/run/os-release on boot (or NO).
 osrelease_file="/var/run/os-release" # File to update for os-release.
 osrelease_perms="444"	# Default permission for os-release file.
 dmesg_enable="YES"	# Save dmesg(8) to /var/run/dmesg.boot
+dmesg_umask="022"	# Default umask for /var/run/dmesg.boot file.
 watchdogd_enable="NO"	# Start the software watchdog daemon
 watchdogd_flags=""	# Flags to watchdogd (if enabled)
 watchdogd_timeout=""	# watchdogd timeout, overrides -t in watchdogd_flags
diff --git a/libexec/rc/rc.d/Makefile b/libexec/rc/rc.d/Makefile
index e5ee34e62185..3b7f45e8f101 100644
--- a/libexec/rc/rc.d/Makefile
+++ b/libexec/rc/rc.d/Makefile
@@ -4,6 +4,7 @@ CONFDIR=	/etc/rc.d
 CONFGROUPS=	CONFS
 CONFSPACKAGE=	rc
 
+# Files which are always installed and go in the -rc package.
 CONFS=	DAEMON \
 	FILESYSTEMS \
 	LOGIN \
@@ -47,11 +48,7 @@ CONFS=	DAEMON \
 	netoptions \
 	netwait \
 	noshutdown \
-	${_nscd} \
-	${_opensm} \
 	os-release \
-	powerd \
-	pppoed \
 	pwcheck \
 	quota \
 	random \
@@ -79,210 +76,259 @@ CONFS=	DAEMON \
 	var_run \
 	watchdogd
 
-CONFGROUPS+=		DEVD
-DEVD=			devd
-DEVDPACKAGE=		devd
-
-CONFGROUPS+=		DEVMATCH
-DEVMATCH=		devmatch
-DEVMATCHPACKAGE=	devmatch
-
-CONFGROUPS+=		DHCLIENT
-DHCLIENT=		dhclient
-DHCLIENTPACKAGE=	dhclient
-
-CONFGROUPS+=		GEOM
-GEOM=			geli \
-			geli2 \
-			gptboot
-GEOMPACKAGE=		geom
-
-CONFGROUPS+=		GGATED
-GGATED=			ggated
-GGATEDPACKAGE=		ggate
-
-CONFGROUPS+=		RESOLVCONF
-RESOLVCONF=		resolv
-RESOLVCONFPACKAGE=	resolvconf
-
-CONFGROUPS+=		CRON
-CRON+=			cron
-CRONPACKAGE=		cron
-
-CONFGROUPS+=		CTL
-CTL=			ctld
-CTLPACKAGE=		ctl
-
-CONFGROUPS+=		NFS
-NFS=			lockd \
-			mountd \
-			nfscbd \
-			nfsclient \
-			nfsd \
-			nfsuserd \
-			statd
-NFSPACKAGE=		nfs
-
-CONFGROUPS+=		NEWSYSLOG
-NEWSYSLOG=		newsyslog
-NEWSYSLOGPACKAGE=	newsyslog
-
-CONFGROUPS+=		SYSLOGD
-SYSLOGD=		syslogd
-SYSLOGDPACKAGE=		syslogd
-
-CONFGROUPS+=		RCMDS
-RCMDS=			rwho
-RCMDSPACKAGE=		rcmds
+# Groups for files which don't go in -rc, or which depend on src.conf knobs.
 
 .if ${MK_ACCT} != "no" || ${MK_UTMPX} != "no"
-CONFGROUPS+=	ACCT
-ACCTPACKAGE=	acct
+CONFGROUPS+=			ACCT
+ACCTPACKAGE=			acct
 .if ${MK_ACCT} != "no"
-ACCT+=		accounting
+ACCT=		accounting
 .endif
 .if ${MK_UTMPX} != "no"
 ACCT+=		utx
 .endif
 .endif
 
-.if ${MK_ACPI} != "no"
-CONFGROUPS+=	ACPI
+CONFGROUPS.${MK_ACPI}+=		ACPI
+ACPIPACKAGE=			acpi
 ACPI=		power_profile
-ACPIPACKAGE=	acpi
-.endif
 
-.if ${MK_APM} != "no"
-CONFGROUPS+=	APM
-APM+=		apm
+CONFGROUPS.${MK_APM}+=		APM
+APMPACKAGE=			apm
+APM=		apm
 .if ${MACHINE} == "i386"
 APM+=		apmd
 .endif
-APMPACKAGE=	apm
-.endif
 
-.if ${MK_AUDIT} != "no"
-CONFGROUPS+=	AUDIT
-AUDIT+=		auditd
-AUDIT+=		auditdistd
-AUDITPACKAGE=	audit
-.endif
+CONFGROUPS.${MK_AUDIT}+=	AUDIT
+AUDITPACKAGE=			audit
+AUDIT=		auditd \
+		auditdistd
 
-.if ${MK_AUTOFS} != "no"
-CONFGROUPS+=	AUTOFS
+CONFGROUPS.${MK_AUTOFS}+=	AUTOFS
+AUTOFSPACKAGE=			autofs
 AUTOFS=		automount \
 		automountd \
 		autounmountd
-AUTOFSPACKAGE=	autofs
-.endif
 
-.if ${MK_BLACKLIST} != "no"
-CONFGROUPS+=	BLOCKLIST
-BLOCKLIST=	blacklistd
-BLOCKLISTPACKAGE=blocklist
-.endif
+CONFGROUPS.${MK_BLOCKLIST}+=	BLOCKLIST
+BLOCKLISTPACKAGE=		blocklist
+BLOCKLIST=	blacklistd \
+		blocklistd
 
-.if ${MK_BLUETOOTH} != "no"
-CONFGROUPS+=	BLUETOOTH
-BLUETOOTH+=	bluetooth \
+CONFGROUPS.${MK_BLUETOOTH}+=	BLUETOOTH
+BLUETOOTHPACKAGE=		bluetooth
+BLUETOOTH=	bluetooth \
 		bthidd \
 		hcsecd \
 		rfcomm_pppd_server \
 		sdpd \
 		ubthidhci
-BLUETOOTHPACKAGE=	bluetooth
-.endif
 
-.if ${MK_BOOTPARAMD} != "no"
-CONFS+=		bootparams
-.endif
+CONFGROUPS.${MK_BOOTPARAMD}+=	BOOTPARAMD
+BOOTPARAMD=	bootparams
 
-.if ${MK_BSNMP} != "no"
-CONFGROUPS+=	BSNMP
-BSNMP+=		bsnmpd
-BSNMPPACKAGE=	bsnmp
-.endif
+CONFGROUPS.${MK_BSNMP}+=	BSNMP
+BSNMPPACKAGE=			bsnmp
+BSNMP=		bsnmpd
 
-.if ${MK_CCD} != "no"
-CONFGROUPS+=	CCD
+CONFGROUPS.${MK_CCD}+=		CCD
+CCDPACKAGE=			ccdconfig
 CCD=		ccd
-CCDPACKAGE=	ccdconfig
-.endif
 
-.if ${MK_FTP} != "no"
-CONFGROUPS+=	FTPD
-FTPD=		ftpd
-FTPDPACKAGE=	ftpd
-.endif
+CONFGROUPS+=			DEVD
+DEVDPACKAGE=			devd
+DEVD=		devd
+
+CONFGROUPS+=			DEVMATCH
+DEVMATCHPACKAGE=		devmatch
+DEVMATCH=	devmatch
+
+CONFGROUPS+=			DHCLIENT
+DHCLIENTPACKAGE=		dhclient
+DHCLIENT=	dhclient
+
+CONFGROUPS+=			CRON
+CRONPACKAGE=			cron
+CRON=		cron
 
-.if ${MK_KERBEROS_SUPPORT} != "no"
-CONFGROUPS+=	GSSD
+CONFGROUPS+=			CTL
+CTLPACKAGE=			ctl
+CTL=		ctld
+
+CONFGROUPS+=			GEOM
+GEOMPACKAGE=			geom
+GEOM=		geli \
+		geli2 \
+		gptboot
+
+CONFGROUPS+=			GGATED
+GGATEDPACKAGE=			ggate
+GGATED=		ggated
+
+CONFGROUPS.${MK_KERBEROS_SUPPORT}+=GSSD
+GSSDPACKAGE=			gssd
 GSSD=		gssd
-GSSDPACKAGE=	gssd
-.endif
 
-.if ${MK_HAST} != "no"
-CONFGROUPS+=	HAST
+CONFGROUPS.${MK_HAST}+=		HAST
+HASTPACKAGE=			hast
 HAST=		hastd
-HASTPACKAGE=	hast
-.endif
 
-.if ${MK_INETD} != "no"
-CONFGROUPS+=	INETD
+CONFGROUPS.${MK_INETD}+=	INETD
+INETDPACKAGE=			inetd
 INETD=		inetd
-INETDPACKAGE=	inetd
-.endif
 
-.if ${MK_IPFILTER} != "no"
-CONFGROUPS+=	IPF
+CONFGROUPS.${MK_IPFILTER}+=	IPF
+IPFPACKAGE=			ipf
 IPF=		ipfilter \
 		ipfs \
 		ipmon \
 		ipnat \
 		ippool
-IPFPACKAGE=	ipf
-.endif
 
-.if ${MK_IPFW} != "no"
-CONFGROUPS+=	IPFW
-IPFW=		ipfw dnctl
+CONFGROUPS.${MK_IPFW}+=		IPFW
+IPFWPACKAGE=			ipfw
+IPFW=		ipfw \
+		dnctl
 .if ${MK_NETGRAPH} != "no"
 IPFW+=		ipfw_netflow
 .endif
-IPFWPACKAGE=	ipfw
 
-# natd is only built when ipfw is built
-CONFGROUPS+=	NATD
-NATD+=		natd
-NATDPACKAGE=	natd
-.endif
-
-.if ${MK_ISCSI} != "no"
-CONFGROUPS+=	ISCSI
+CONFGROUPS.${MK_ISCSI}+=	ISCSI
+ISCSIPACKAGE=			iscsi
 ISCSI=		iscsictl \
 		iscsid
-ISCSIPACKAGE=	iscsi
-.endif
 
-.if ${MK_JAIL} != "no"
-CONFGROUPS+=	JAIL
-JAIL+=		jail
-JAILPACKAGE=	jail
-.endif
+# natd is only built when ipfw is built
+CONFGROUPS.${MK_IPFW}+=		NATD
+NATDPACKAGE=			natd
+NATD=		natd
+
+CONFGROUPS.${MK_JAIL}+=		JAIL
+JAILPACKAGE=			jail
+JAIL=		jail
+
+CONFGROUPS.${MK_LPR}+=		LP
+LPPACKAGE=			lp
+LP=		lpd
+
+CONFGROUPS+=			NEWSYSLOG
+NEWSYSLOGPACKAGE=		newsyslog
+NEWSYSLOG=	newsyslog
+
+CONFGROUPS+=			NFS
+NFSPACKAGE=			nfs
+NFS=		lockd \
+		mountd \
+		nfscbd \
+		nfsclient \
+		nfsd \
+		nfsuserd \
+		statd
+
+CONFGROUPS.${MK_NIS}+=		NIS
+NISPACKAGE=			yp
+NIS=		ypbind \
+		ypldap \
+		yppasswdd \
+		ypserv \
+		ypset \
+		ypupdated \
+		ypxfrd \
+		nisdomain
 
-.if ${MK_LEGACY_CONSOLE} != "no"
-CONFGROUPS+=	CONSOLE
-CONSOLE+=	moused
-CONSOLE+=	msconvd
-CONSOLE+=	syscons
-CONSOLEPACKAGE=	console-tools
-.endif
+CONFGROUPS.${MK_NS_CACHING}+=	NSCD
+NSCD=		nscd
 
-.if ${MK_LPR} != "no"
-CONFGROUPS+=	LP
-LP+=		lpd
-LPPACKAGE=	lp
-.endif
+CONFGROUPS.${MK_NTP}+=		NTP
+NTPPACKAGE=			ntp
+NTP=		ntpd \
+		ntpdate
+
+CONFGROUPS.${MK_NUAGEINIT}+=	NUAGEINIT
+NUAGEINITPACKAGE=		nuageinit
+NUAGEINIT=	nuageinit \
+		nuageinit_post_net \
+		nuageinit_user_data_script
+
+CONFGROUPS.${MK_OFED_EXTRA}+=	OPENSM
+OPENSM=	opensm
+
+CONFGROUPS.${MK_PF}+=		PF
+PFPACKAGE=			pf
+PF=		pf \
+		pflog \
+		pfsync \
+		ftp-proxy
+
+CONFGROUPS+=			POWERD
+POWERDPACKAGE=			powerd
+POWERD=		powerd
+
+CONFGROUPS.${MK_PPP}+=		PPP
+PPPPACKAGE=			ppp
+PPP=		ppp
+
+CONFGROUPS+=			PPPOED
+PPPOEDPACKAGE=			ppp
+PPPOED=		pppoed
+
+CONFGROUPS+=			SYSLOGD
+SYSLOGDPACKAGE=			syslogd
+SYSLOGD=	syslogd
+
+CONFGROUPS+=			RCMDS
+RCMDSPACKAGE=			rcmds
+RCMDS=		rwho
+
+CONFGROUPS+=			RESOLVCONF
+RESOLVCONFPACKAGE=		resolvconf
+RESOLVCONF=	resolv
+
+CONFGROUPS.${MK_SENDMAIL}+=	SENDMAIL
+SENDMAILPACKAGE=		sendmail
+SENDMAIL=	sendmail
+
+CONFGROUPS.${MK_OPENSSH}+=	SSH
+SSHPACKAGE=			ssh
+SSH=		sshd
+
+CONFGROUPS.${MK_UNBOUND}+=	UNBOUND
+UNBOUNDPACKAGE=			local-unbound
+UNBOUND=	local_unbound
+
+CONFGROUPS.${MK_VI}+=		VI
+VIPACKAGE=			vi
+VI=		virecover
+
+CONFGROUPS.${MK_CUSE}+=		VOSS
+VOSSPACKAGE=			sound
+VOSS=		virtual_oss
+
+CONFGROUPS.${MK_WIRELESS}+=	HOSTAPD
+HOSTAPDPACKAGE=			hostapd
+HOSTAPD=	hostapd
+
+CONFGROUPS.${MK_WIRELESS}+=	WPA
+WPAPACKAGE=			wpa
+WPA=		wpa_supplicant
+
+CONFGROUPS.${MK_ZFS}+=		ZFS
+ZFSPACKAGE=			zfs
+ZFS=		zfs \
+		zfsbe \
+		zfsd \
+		zfskeys \
+		zpool \
+		zpoolreguid \
+		zpoolupgrade \
+		zvol
+
+CONFGROUPS.${MK_LEGACY_CONSOLE}+=SYSCONS
+SYSCONSPACKAGE=			console-tools
+SYSCONS=	moused \
+		msconvd \
+		syscons
 
 .if ${MK_KERBEROS} != "no"
 .if ${MK_MITKRB5} == "no"
@@ -312,58 +358,10 @@ KRB5PACKAGE=	kerberos-kdc
 .endif	# ${MK_MITKRB5}
 .endif	# ${MK_KERBEROS}
 
-.if ${MK_NIS} != "no"
-CONFGROUPS+=	YP
-YP=		ypbind \
-		ypldap \
-		yppasswdd \
-		ypserv \
-		ypset \
-		ypupdated \
-		ypxfrd \
-		nisdomain
-YPPACKAGE=	yp
-.endif
-
-.if ${MK_NS_CACHING} != "no"
-_nscd=		nscd
-.endif
-
-.if ${MK_NTP} != "no"
-CONFGROUPS+=	NTP
-NTP+=		ntpd \
-		ntpdate
-NTPPACKAGE=	ntp
-.endif
-
-.if ${MK_OFED_EXTRA} != "no"
-_opensm=	opensm
-.endif
-
 .if ${MK_OPENSSL} != "no" && ${MK_OPENSSL_KTLS} != "no"
-CONFS+=		tlsclntd \
-		tlsservd
-.endif
-
-.if ${MK_OPENSSH} != "no"
-CONFGROUPS+=	SSH
-SSH=		sshd
-SSHPACKAGE=	ssh
-.endif
-
-.if ${MK_PF} != "no"
-CONFGROUPS+=	PF
-PF=		pf \
-		pflog \
-		pfsync \
-		ftp-proxy
-PFPACKAGE=	pf
-.endif
-
-.if ${MK_PPP} != "no"
-CONFGROUPS+=	PPP
-PPP=		ppp
-PPPPACKAGE=	ppp
+CONFGROUPS+=			KTLS
+KTLS=	tlsclntd \
+	tlsservd
 .endif
 
 .if ${MK_INET6} != "no" || ${MK_ROUTED} != "no"
@@ -378,57 +376,9 @@ RIP+=		routed
 .endif
 .endif
 
-.if ${MK_SENDMAIL} != "no"
-CONFGROUPS+=	SMRCD
-SMRCD=		sendmail
-SMRCDPACKAGE=	sendmail
-.endif
-
-.if ${MK_NUAGEINIT} != "no"
-CONFGROUPS+=	NIUAGEINIT
-NIUAGEINIT=		nuageinit \
-			nuageinit_post_net \
-			nuageinit_user_data_script
-NIUAGEINITPACKAGE=	nuageinit
-.endif
-
-.if ${MK_UNBOUND} != "no"
-CONFGROUPS+=	UNBOUND
-UNBOUND+=	local_unbound
-UNBOUNDPACKAGE=	unbound
-.endif
-
-.if ${MK_VI} != "no"
-CONFGROUPS+=	VI
-VI+=		virecover
-VIPACKAGE=	vi
-.endif
-
-.if ${MK_WIRELESS} != "no"
-CONFGROUPS+=	HOSTAPD
-HOSTAPD=	hostapd
-HOSTAPDPACKAGE=	hostapd
-
-CONFGROUPS+=	WPA
-WPA=		wpa_supplicant
-WPAPACKAGE=	wpa
-.endif
-
-.if ${MK_ZFS} != "no"
-CONFGROUPS+=	ZFS
-ZFS+=		zfs
-ZFS+=		zfsbe
-ZFS+=		zfsd
-ZFS+=		zfskeys
-ZFS+=		zpool
-ZFS+=		zpoolreguid
-ZFS+=		zpoolupgrade
-ZFS+=		zvol
-ZFSPACKAGE=	zfs
-.endif
-
-.for fg in ${CONFGROUPS}
+.for fg in ${CONFGROUPS} ${CONFGROUPS.yes}
 ${fg}MODE?=	${BINMODE}
+${fg}PACKAGE?=	rc
 .endfor
 
 .include <bsd.prog.mk>
diff --git a/libexec/rc/rc.d/blacklistd b/libexec/rc/rc.d/blacklistd
index 5248b0ea3580..175e3e8c56b3 100755
--- a/libexec/rc/rc.d/blacklistd
+++ b/libexec/rc/rc.d/blacklistd
@@ -29,18 +29,26 @@
 #
 
 # PROVIDE: blacklistd
-# REQUIRE: netif pf
+# REQUIRE: netif ipfilter ipfw pf
 
 . /etc/rc.subr
 
 name="blacklistd"
-desc="System blacklist daemon"
+desc="The blacklist daemon has been renamed to blocklist"
 rcvar="blacklistd_enable"
 command="/usr/sbin/${name}"
 required_files="/etc/blacklistd.conf"
+start_precmd="blacklistd_prestart"
 
 # no svcj options needed
 : ${blacklistd_svcj_options:=""}
 
+blacklistd_prestart()
+{
+	echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+	echo "@  WARNING: blacklistd has been renamed to blocklistd      @"
+	echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
+}
+
 load_rc_config $name
 run_rc_command "$1"
diff --git a/libexec/rc/rc.d/blocklistd b/libexec/rc/rc.d/blocklistd
new file mode 100755
index 000000000000..f979162ec3e0
--- /dev/null
+++ b/libexec/rc/rc.d/blocklistd
@@ -0,0 +1,46 @@
+#!/bin/sh
+#
+# Copyright (c) 2016 The FreeBSD Foundation
+#
+# This software was developed by Kurt Lidl under sponsorship from the
+# FreeBSD Foundation.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+#
+
+# PROVIDE: blocklistd
+# REQUIRE: netif ipfilter ipfw pf
+
+. /etc/rc.subr
+
+name="blocklistd"
+desc="System blocklist daemon"
+rcvar="blocklistd_enable"
+command="/usr/sbin/${name}"
+required_files="/etc/blocklistd.conf"
+
+# no svcj options needed
+: ${blocklistd_svcj_options:=""}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg
index 51e35d5d4e80..736449f3b159 100755
--- a/libexec/rc/rc.d/dmesg
+++ b/libexec/rc/rc.d/dmesg
@@ -19,7 +19,7 @@ stop_cmd=":"
 do_dmesg()
 {
 	rm -f ${dmesg_file}
-	( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} )
+	( umask "${dmesg_umask}" ; /sbin/dmesg $rc_flags > ${dmesg_file} )
 }
 
 load_rc_config $name
diff --git a/libexec/rc/rc.d/ftpd b/libexec/rc/rc.d/ftpd
deleted file mode 100755
index e25a561a520a..000000000000
--- a/libexec/rc/rc.d/ftpd
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-#
-#
-
-# PROVIDE: ftpd
-# REQUIRE: LOGIN FILESYSTEMS
-# KEYWORD: shutdown
-
-. /etc/rc.subr
-
-name="ftpd"
-desc="Internet File Transfer Protocol daemon"
-rcvar="ftpd_enable"
-command="/usr/libexec/${name}"
-pidfile="/var/run/${name}.pid"
-
-: ${ftpd_svcj_options:="net_basic"}
-
-load_rc_config $name
-
-flags="-D ${flags} ${rc_flags}"
-
-run_rc_command "$1"
diff --git a/libexec/rc/rc.d/hostapd b/libexec/rc/rc.d/hostapd
index 264cb4ef476b..15b20c95c488 100755
--- a/libexec/rc/rc.d/hostapd
+++ b/libexec/rc/rc.d/hostapd
@@ -11,15 +11,6 @@
 name="hostapd"
 desc="Authenticator for IEEE 802.11 networks"
 command=${hostapd_program}
-start_postcmd="hostapd_poststart"
-
-hostapd_poststart() {
-	if [ -n "$ifn" ]; then
-		ifconfig ${ifn} down
-		sleep 2
-		ifconfig ${ifn} up
-	fi
-}
 
 ifn="$2"
 if [ -z "$ifn" ]; then
diff --git a/libexec/rc/rc.d/moused b/libexec/rc/rc.d/moused
index aaf0dd0890a8..e267ae5b3cd8 100755
--- a/libexec/rc/rc.d/moused
+++ b/libexec/rc/rc.d/moused
@@ -16,6 +16,7 @@ start_cmd="moused_start"
 pidprefix="/var/run/moused"
 pidfile="${pidprefix}.pid"
 pidarg=
+typearg=
 load_rc_config $name
 
 # doesn't make sense to run in a svcj: nojail keyword
@@ -27,9 +28,10 @@ moused_svcj="NO"
 # expected to be the mouse device.
 #
 if [ -n "$2" ]; then
-	eval moused_$2_enable=\${moused_$2_enable-${moused_nondefault_enable}}
-	rcvar="moused_${2}_enable"
-	pidfile="${pidprefix}.$2.pid"
+	ms=`basename $2`
+	eval moused_${ms}_enable=\${moused_${ms}_enable-${moused_nondefault_enable}}
+	rcvar="moused_${ms}_enable"
+	pidfile="${pidprefix}.${ms}.pid"
 	pidarg="-I $pidfile"
 fi
 
@@ -44,20 +46,22 @@ moused_start()
 	# the moused_port variable, which if not defined sets it to the
 	# passed in device name.
 	#
-	ms=$1
-	if [ -n "$ms" ]; then
+	if [ -n "$1" ]; then
+		ms=`basename $1`
 		eval myflags=\${moused_${ms}_flags-$moused_flags}
-		eval myport=\${moused_${ms}_port-/dev/$ms}
+		eval myport=\${moused_${ms}_port-/dev/$1}
 		eval mytype=\${moused_${ms}_type-$moused_type}
+		if [ -n "$mytype" ] && check_kern_features evdev_support; then
+			typearg="-t ${mytype}"
+		fi
 	else
 		ms="default"
 		myflags="$moused_flags"
 		myport="$moused_port"
-		mytype="$moused_type"
 	fi
 
 	startmsg -n "Starting ${ms} moused"
-	/usr/sbin/moused ${myflags} -p ${myport} -t ${mytype} ${pidarg}
+	/usr/sbin/moused ${myflags} -p ${myport} ${typearg} ${pidarg}
 	startmsg '.'
 
 	mousechar_arg=
diff --git a/libexec/rc/rc.d/netwait b/libexec/rc/rc.d/netwait
index 3f374806d97c..05874552cf1c 100755
--- a/libexec/rc/rc.d/netwait
+++ b/libexec/rc/rc.d/netwait
@@ -2,12 +2,14 @@
 #
 # PROVIDE: netwait
 # REQUIRE: devd ipfw pf routing
-# KEYWORD: nojail
 #
-# The netwait script helps handle two situations:
+# The netwait script helps handle three situations:
 #  - Systems with USB or other late-attaching network hardware which
 #    is initialized by devd events.  The script waits for all the
 #    interfaces named in the netwait_if list to appear.
+#  - Systems with IPv6 addresses, especially jails, where we need to
+#    wait for DAD to complete before starting daemons, as they will
+#    otherwise fail to bind to IN6ADDR_ANY.
 #  - Systems with statically-configured IP addresses in rc.conf(5).
 #    The IP addresses in the netwait_ip list are pinged.  The script
 #    waits for any single IP in the list to respond to the ping.  If your
@@ -29,28 +31,38 @@ netwait_start()
 {
 	local ip rc count output link wait_if got_if any_error
 
-	if [ -z "${netwait_if}" ] && [ -z "${netwait_ip}" ]; then
-		err 1 "No interface or IP addresses listed, nothing to wait for"
+	if [ -z "${netwait_if}" ] && [ -z "${netwait_ip}" ] &&
+	   ! checkyesno netwait_dad ; then
+		err 1 "Nothing to wait for"
 	fi
 
-	if [ ${netwait_timeout} -lt 1 ]; then
+	if ! [ "${netwait_if_timeout:=0}" -ge 1 ]; then
+		err 1 "netwait_if_timeout must be >= 1"
+	fi
+	if ! check_kern_features inet6; then
+		netwait_dad="NO"
+	elif ! [ "${netwait_dad_timeout:=0}" -ge 1 ]; then
+		netwait_dad_timeout=$(($(sysctl -n net.inet6.ip6.dad_count)+1))
+	fi
+	if ! [ "${netwait_timeout:=0}" -ge 1 ]; then
 		err 1 "netwait_timeout must be >= 1"
 	fi
 
+	any_error=false
+
 	if [ -n "${netwait_if}" ]; then
-		any_error=0
 		for wait_if in ${netwait_if}; do
 			echo -n "Waiting for ${wait_if}"
 			link=""
-			got_if=0
+			got_if=false
 			count=1
-			# Handle SIGINT (Ctrl-C); force abort of while() loop
+			# Handle SIGINT (Ctrl-C); force abort of while loop
 			trap break SIGINT
 			while [ ${count} -le ${netwait_if_timeout} ]; do
 				if output=`/sbin/ifconfig ${wait_if} 2>/dev/null`; then
-					if [ ${got_if} -eq 0 ]; then
+					if ! ${got_if}; then
 						echo -n ", interface present"
-						got_if=1
+						got_if=true
 					fi
 					link=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'`
 					if [ -z "${link}" ]; then
@@ -63,22 +75,45 @@ netwait_start()
 			done
 			# Restore default SIGINT handler
 			trap - SIGINT
-			if [ ${got_if} -eq 0 ]; then
+			if ! ${got_if}; then
 				echo ", wait failed: interface never appeared."
-				any_error=1
+				any_error=true
 			elif [ -n "${link}" ]; then
 				echo ", wait failed: interface still has no link."
-				any_error=1
+				any_error=true
 			fi
 		done
-		if [ ${any_error} -eq 1 ]; then
-		    warn "Continuing with startup, but be aware you may not have "
-		    warn "a fully functional networking layer at this point."
-		fi
 	fi
 	
+	if checkyesno netwait_dad; then
+		got_dad=false
+		# Handle SIGINT (Ctrl-C); force abort of while loop
+		trap break SIGINT
+
+		echo -n "Waiting for DAD to complete"
+		count=1
+		while [ ${count} -le ${netwait_dad_timeout} ]; do
+			if ! ifconfig | grep -q 'inet6.*tentative'; then
+				echo ', done.'
+				got_dad=true
+				break
+			fi
+			sleep 1
+			count=$((count+1))
+		done
+
+		# Restore default SIGINT handler
+		trap - SIGINT
+
+		if ! ${got_dad}; then
+			echo ', timed out.'
+			any_error=true
+		fi
+	fi
+
 	if [ -n "${netwait_ip}" ]; then
-		# Handle SIGINT (Ctrl-C); force abort of for() loop
+		got_ip=false
+		# Handle SIGINT (Ctrl-C); force abort of for loop
 		trap break SIGINT
 
 		for ip in ${netwait_ip}; do
@@ -90,11 +125,9 @@ netwait_start()
 				rc=$?
 
 				if [ $rc -eq 0 ]; then
-					# Restore default SIGINT handler
-					trap - SIGINT
-
 					echo ', got response.'
-					return
+					got_ip=false
+					break 2
 				fi
 				count=$((count+1))
 			done
@@ -104,10 +137,15 @@ netwait_start()
 		# Restore default SIGINT handler
 		trap - SIGINT
 
-		warn "Exhausted IP list.  Continuing with startup, but be aware you may"
-		warn "not have a fully functional networking layer at this point."
+		if ! ${got_ip}; then
+			any_error=true
+		fi
 	fi
 
+	if ${any_error}; then
+		warn "Continuing with startup, but be aware you may not have "
+		warn "a fully functional networking layer at this point."
+	fi
 }
 
 load_rc_config $name
diff --git a/libexec/rc/rc.d/virtual_oss b/libexec/rc/rc.d/virtual_oss
new file mode 100644
index 000000000000..b9c830617385
--- /dev/null
+++ b/libexec/rc/rc.d/virtual_oss
@@ -0,0 +1,119 @@
+#!/bin/sh
+
+# PROVIDE: virtual_oss
+# REQUIRE: NETWORKING kld ldconfig
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="virtual_oss"
+desc="virtual_oss device manager"
+rcvar="${name}_enable"
+
+command="/usr/sbin/${name}"
+command_args="-B"
+
+load_rc_config "$name"
+start_precmd="${name}_precmd"
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+status_cmd="${name}_status"
+
+configs=
+pidpath="/var/run/${name}"
+virtual_oss_default_args="\
+	-S \
+	-C 2 \
+	-c 2 \
+	-r 48000 \
+	-b 24 \
+	-s 8ms \
+	-i 8 \
+	-f /dev/dsp \
+	-d dsp \
+	-t vdsp.ctl"
+
+# Set to NO by default. Set it to "YES" to enable virtual_oss.
+: "${virtual_oss_enable:="NO"}"
+
+#  List of configurations to use. Default is "dsp".
+: "${virtual_oss_configs:="dsp"}"
+
+# Default (dsp) virtual_oss config.
+: "${virtual_oss_dsp:="${virtual_oss_default_args}"}"
+
+virtual_oss_pids()
+{
+	pids=$(pgrep -d ' ' ${name})
+	pids=${pids% }
+	printf '%s\n' "${pids}"
+}
+
+virtual_oss_precmd()
+{
+	/usr/bin/install -d -m 0755 -o root "${pidpath}"
+	load_kld cuse
+}
+
+start_instance()
+{
+	config="$1"
+	instance_args=$(eval "echo \$virtual_oss_${config}")
+	if [ -z "${instance_args}" ]; then
+		warn "no such config: ${config}"
+	else
+		startmsg -n "Starting virtual_oss config: ${config}: "
+		${command} \
+			${command_args} \
+			-D "${pidpath}/${config}.pid" \
+			${instance_args}
+		startmsg "done"
+	fi
+}
+
+stop_instance()
+{
+	config="$1"
+	instance_args=$(eval "echo \$virtual_oss_${config}")
+	if [ -z "${instance_args}" ]; then
+		warn "no such config: ${config}"
+	else
+		startmsg -n "Stopping virtual_oss config: ${config}: "
+		kill "$(cat "${pidpath}/${config}.pid")"
+		rm -f "${pidpath}/${config}.pid"
+		startmsg "done"
+	fi
+}
+
+virtual_oss_start()
+{
+	configs="$1"
+	[ -z "${configs}" ] && configs="${virtual_oss_configs}"
+	for config in ${configs}; do
+		start_instance "${config}"
+	done
+}
+
+virtual_oss_stop()
+{
+	configs="$1"
+	[ -z "${configs}" ] && configs="${virtual_oss_configs}"
+	for config in ${configs}; do
+		stop_instance "${config}"
+	done
+}
+
+virtual_oss_status()
+{
+	pids=$(virtual_oss_pids)
+
+	if [ "${pids}" ]; then
+		echo "${name} is running as pid ${pids}."
+	else
+		echo "${name} is not running."
+		return 1
+	fi
+}
+
+run_rc_command "$@"
diff --git a/libexec/rc/rc.d/zpoolreguid b/libexec/rc/rc.d/zpoolreguid
index f94630d9283f..c19f52d3d702 100755
--- a/libexec/rc/rc.d/zpoolreguid
+++ b/libexec/rc/rc.d/zpoolreguid
@@ -2,7 +2,7 @@
 
 # PROVIDE: zpoolreguid
 # REQUIRE: zpool
-# BEFORE: mountcritlocal
+# BEFORE: FILESYSTEMS
 # KEYWORD: firstboot nojail
 
 . /etc/rc.subr
diff --git a/libexec/rc/rc.d/zpoolupgrade b/libexec/rc/rc.d/zpoolupgrade
index 1435cba7199c..5e623a9c2bf0 100755
--- a/libexec/rc/rc.d/zpoolupgrade
+++ b/libexec/rc/rc.d/zpoolupgrade
@@ -2,7 +2,7 @@
 
 # PROVIDE: zpoolupgrade
 # REQUIRE: zpool
-# BEFORE: mountcritlocal
+# BEFORE: FILESYSTEMS
 # KEYWORD: firstboot nojail
 
 . /etc/rc.subr
diff --git a/libexec/rc/rc.subr b/libexec/rc/rc.subr
index 06b1bd51384c..e4ad14f582d6 100644
--- a/libexec/rc/rc.subr
+++ b/libexec/rc/rc.subr
@@ -121,11 +121,22 @@ dotted=
 dot()
 {
 	local f verify
+	local dot_dir dot_file
 
 	o_verify_set off verify
 	for f in "$@"; do
 		if [ -f $f -a -s $f ]; then
 			dotted="$dotted $f"
+			case $f in
+			*/*)
+				dot_dir=${f%/*}
+				dot_file=${f##*/}
+				;;
+			*)
+				dot_dir=.
+				dot_file=$f
+				;;
+			esac
 			. $f
 		fi
 	done
@@ -152,8 +163,7 @@ vdot()
 	for f in "$@"; do
 		[ -f $f -a -s $f ] || continue
 		if is_verified $f 2> /dev/null; then
-			dotted="$dotted $f"
-			. $f
+			dot $f
 		else
 			rc=80	# EAUTH
 		fi
@@ -792,28 +802,18 @@ sort_lite()
 #
 wait_for_pids()
 {
-	local _list _prefix _nlist _j
+	local _list _prefix _j
 
-	_list="$@"
-	if [ -z "$_list" ]; then
-		return
-	fi
-	_prefix=
-	while true; do
-		_nlist=""
-		for _j in $_list; do
-			if kill -0 $_j 2>/dev/null; then
-				_nlist="${_nlist}${_nlist:+ }$_j"
-				[ -n "$_prefix" ] && sleep 1
-			fi
-		done
-		if [ -z "$_nlist" ]; then
-			break
+	for _j in "$@"; do
+		if kill -0 $_j 2>/dev/null; then
+			_list="${_list}${_list:+ }$_j"
 		fi
-		_list=$_nlist
+	done
+	_prefix=
+	while [ -n "$_list" ]; do
 		echo -n ${_prefix:-"Waiting for PIDS: "}$_list
 		_prefix=", "
-		pwait -o $_list 2>/dev/null
+		_list=$(pwait -op $_list 2>/dev/null)
 	done
 	if [ -n "$_prefix" ]; then
 		echo "."
diff --git a/libexec/rc/tests/rc_subr_test.sh b/libexec/rc/tests/rc_subr_test.sh
index fe6d3b8264c9..9ddd13b61a7c 100644
--- a/libexec/rc/tests/rc_subr_test.sh
+++ b/libexec/rc/tests/rc_subr_test.sh
@@ -26,6 +26,17 @@
 # SUCH DAMAGE.
 #
 
+atf_test_case no_cycles
+no_cycles_head()
+{
+	atf_set "descr" "Verify that /etc/rc.d/* contains no cycles"
+}
+
+no_cycles_body()
+{
+	atf_check -e empty -o ignore rcorder /etc/rc.d/*
+}
+
 atf_test_case oomprotect_all
 oomprotect_all_head()
 {
@@ -130,6 +141,7 @@ EOF
 
 atf_init_test_cases()
 {
+	atf_add_test_case no_cycles
 	atf_add_test_case oomprotect_all
 	atf_add_test_case oomprotect_yes
 	atf_add_test_case wait_for_pids_progress