Merge tag 'v5.1.0-1' into sid

tag strongSwan 5.1.0-1

142 files changed, 2433 insertions, 24892 deletions

diff --git a/testing/hosts/alice/etc/conf.d/hostname b/testing/hosts/alice/etc/conf.d/hostname
deleted file mode 100644
index 2012e0451..000000000
--- a/testing/hosts/alice/etc/conf.d/hostname
+++ /dev/null
@@ -1 +0,0 @@
-HOSTNAME=alice
diff --git a/testing/hosts/alice/etc/conf.d/net b/testing/hosts/alice/etc/conf.d/net
deleted file mode 100644
index 41e8887c4..000000000
--- a/testing/hosts/alice/etc/conf.d/net
+++ /dev/null
@@ -1,12 +0,0 @@
-# /etc/conf.d/net:
-
-# This is basically the ifconfig argument without the ifconfig $iface
-#
-config_eth0=( "PH_IP_ALICE broadcast 10.1.255.255 netmask 255.255.0.0"
-              "PH_IP6_ALICE/16" )
-config_eth1=( "PH_IP_ALICE1 broadcast 192.168.0.255 netmask 255.255.255.0"
-              "PH_IP6_ALICE1/16" )
-
-# For setting the default gateway
-#
-routes_eth0=( "default via PH_IP_MOON1" )
diff --git a/testing/hosts/alice/etc/freeradius/clients.conf b/testing/hosts/alice/etc/freeradius/clients.conf
new file mode 100644
index 000000000..5fb47a2ad
--- /dev/null
+++ b/testing/hosts/alice/etc/freeradius/clients.conf
@@ -0,0 +1,4 @@
+client 10.1.0.1 {
+  secret    = gv6URkSs
+  shortname = moon
+}
diff --git a/testing/hosts/alice/etc/freeradius/dictionary b/testing/hosts/alice/etc/freeradius/dictionary
new file mode 100644
index 000000000..59a874b3e
--- /dev/null
+++ b/testing/hosts/alice/etc/freeradius/dictionary
@@ -0,0 +1,32 @@
+#
+#	This is the master dictionary file, which references the
+#	pre-defined dictionary files included with the server.
+#
+#	Any new/changed attributes MUST be placed in this file, as
+#	the pre-defined dictionaries SHOULD NOT be edited.
+#
+#	$Id$
+#
+
+#
+#	The filename given here should be an absolute path.
+#
+$INCLUDE	/usr/local/share/freeradius/dictionary
+
+#
+#	Place additional attributes or $INCLUDEs here.  They will
+#	over-ride the definitions in the pre-defined dictionaries.
+#
+#	See the 'man' page for 'dictionary' for information on
+#	the format of the dictionary files.
+
+#
+#	If you want to add entries to the dictionary file,
+#	which are NOT going to be placed in a RADIUS packet,
+#	add them here.  The numbers you pick should be between
+#	3000 and 4000.
+#
+
+#ATTRIBUTE	My-Local-String		3000	string
+#ATTRIBUTE	My-Local-IPAddr		3001	ipaddr
+#ATTRIBUTE	My-Local-Integer	3002	integer
diff --git a/testing/hosts/alice/etc/freeradius/radiusd.conf b/testing/hosts/alice/etc/freeradius/radiusd.conf
new file mode 100644
index 000000000..e4f721738
--- /dev/null
+++ b/testing/hosts/alice/etc/freeradius/radiusd.conf
@@ -0,0 +1,120 @@
+# radiusd.conf	-- FreeRADIUS server configuration file.
+
+prefix = /usr
+exec_prefix = ${prefix}
+sysconfdir = /etc
+localstatedir = /var
+sbindir = ${exec_prefix}/sbin
+logdir = ${localstatedir}/log/freeradius
+raddbdir = ${sysconfdir}/freeradius
+radacctdir = ${logdir}/radacct
+
+#  name of the running server.  See also the "-n" command-line option.
+name = freeradius
+
+#  Location of config and logfiles.
+confdir = ${raddbdir}
+run_dir = ${localstatedir}/run
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+# libdir: Where to find the rlm_* modules.
+libdir = ${exec_prefix}/lib
+
+#  pidfile: Where to place the PID of the RADIUS server.
+pidfile = ${run_dir}/${name}.pid
+
+#  max_request_time: The maximum time (in seconds) to handle a request.
+max_request_time = 30
+
+#  cleanup_delay: The time to wait (in seconds) before cleaning up
+cleanup_delay = 5
+
+#  max_requests: The maximum number of requests which the server keeps
+max_requests = 1024
+
+#  listen: Make the server listen on a particular IP address, and send
+listen {
+  type = auth
+  ipaddr = 10.1.0.10
+  port = 0
+}
+
+#  This second "listen" section is for listening on the accounting
+#  port, too.
+#
+listen {
+  type  = acct
+  ipaddr = 10.1.0.10
+  port = 0
+}
+
+#  hostname_lookups: Log the names of clients or just their IP addresses
+hostname_lookups = no
+
+#  Core dumps are a bad thing.  This should only be set to 'yes'
+allow_core_dumps = no
+
+#  Regular expressions
+regular_expressions = yes
+extended_expressions = yes
+
+#  Logging section.  The various "log_*" configuration items
+log {
+  destination = files
+  file = ${logdir}/radius.log
+  syslog_facility = daemon
+  stripped_names = no
+  auth = yes
+  auth_badpass = yes
+  auth_goodpass = yes
+}
+
+#  The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+#  Security considerations
+security {
+  max_attributes = 200
+  reject_delay = 1
+  status_server = yes
+}
+
+# PROXY CONFIGURATION
+proxy_requests = yes
+$INCLUDE proxy.conf
+
+# CLIENTS CONFIGURATION
+$INCLUDE clients.conf
+
+# THREAD POOL CONFIGURATION
+thread pool {
+  start_servers = 5
+  max_servers = 32
+  min_spare_servers = 3
+  max_spare_servers = 10
+  max_requests_per_server = 0
+}
+
+# MODULE CONFIGURATION
+modules {
+  $INCLUDE ${confdir}/modules/
+  $INCLUDE eap.conf
+  $INCLUDE sql.conf
+  $INCLUDE sql/mysql/counter.conf
+}
+
+# Instantiation
+instantiate {
+  exec
+  expr
+  expiration
+  logintime
+}
+
+# Policies
+$INCLUDE policy.conf
+
+# Include all enabled virtual hosts
+$INCLUDE sites-enabled/
diff --git a/testing/hosts/alice/etc/hostname b/testing/hosts/alice/etc/hostname
new file mode 100644
index 000000000..c9fc40bfb
--- /dev/null
+++ b/testing/hosts/alice/etc/hostname
@@ -0,0 +1 @@
+alice
diff --git a/testing/hosts/alice/etc/init.d/iptables b/testing/hosts/alice/etc/init.d/iptables
deleted file mode 100755
index 1097ac5a4..000000000
--- a/testing/hosts/alice/etc/init.d/iptables
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow IKE
-        iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-			
-	# allow NAT-T 
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/hosts/alice/etc/init.d/net.eth0 b/testing/hosts/alice/etc/init.d/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/alice/etc/init.d/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/alice/etc/init.d/net.eth1 b/testing/hosts/alice/etc/init.d/net.eth1
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/alice/etc/init.d/net.eth1
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/alice/etc/init.d/radiusd b/testing/hosts/alice/etc/init.d/radiusd
deleted file mode 100755
index 8334385f9..000000000
--- a/testing/hosts/alice/etc/init.d/radiusd
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/sbin/runscript
-
-opts="${opts} reload"
-
-depend() {
-	need net
-	use dns
-}
-
-checkconfig() {
-	# set the location of log files
-	if ! cd /var/log/radius ; then
-		eerror "Failed to change current directory to /var/log/radius"
-		return 1
-	fi
-
-	if [ ! -d /var/run/radiusd ] && ! mkdir /var/run/radiusd ; then
-		eerror "Failed to create /var/run/radiusd"
-		return 1
-	fi
-	
-	if [ ! -f /etc/raddb/radiusd.conf ] ; then
-		eerror "No /etc/raddb/radiusd.conf file exists!"
-		return 1
-	fi
-
-	RADIUSD_OPTS="-xx"
-	RADIUSD_USER=`grep '^ *user *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3`
-	RADIUSD_GROUP=`grep '^ *group *=' /etc/raddb/radiusd.conf | cut -d ' ' -f 3`
-	if [ -n "${RADIUSD_USER}" ] && ! getent passwd ${RADIUSD_USER} > /dev/null ; then
-		eerror "${RADIUSD_USER} user missing!"
-		return 1
-	fi
-	if [ -n "${RADIUSD_GROUP}" ] && ! getent group ${RADIUSD_GROUP} > /dev/null ; then
-		eerror "${RADIUSD_GROUP} group missing!"
-		return 1
-	fi
-
-	# radius.log is created before privileges are dropped - need to set proper permissions on it
-	[ -f radius.log ] || touch radius.log || return 1
-
-	chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" . /var/run/radiusd && \
-		chmod -R u+rwX,g+rX . /var/run/radiusd || return 1
-}
-
-start() {
-	checkconfig || return 1
-
-	ebegin "Starting radiusd"
-	start-stop-daemon --start --quiet --exec /usr/sbin/radiusd -- ${RADIUSD_OPTS} >/dev/null
-	eend $?
-}
-
-stop () {
-	ebegin "Stopping radiusd"
-	start-stop-daemon --stop --quiet --pidfile=/var/run/radiusd/radiusd.pid
-	eend $?
-}
-
-reload () {
-	ebegin "Reloading radiusd"
-	kill -HUP `</var/run/radiusd/radiusd.pid`
-	eend $?
-}
diff --git a/testing/hosts/alice/etc/ipsec.conf b/testing/hosts/alice/etc/ipsec.conf
index 134c1c032..6d8aa629d 100755..100644
--- a/testing/hosts/alice/etc/ipsec.conf
+++ b/testing/hosts/alice/etc/ipsec.conf
@@ -1,25 +1,19 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
 		
 conn nat-t
-	left=%defaultroute
+	left=%any
 	leftcert=aliceCert.pem
 	leftid=alice@strongswan.org
 	leftfirewall=yes
-	right=PH_IP_SUN
+	right=192.168.0.2
 	rightid=@sun.strongswan.org
 	rightsubnet=10.2.0.0/16
 	auto=add
diff --git a/testing/hosts/alice/etc/network/interfaces b/testing/hosts/alice/etc/network/interfaces
new file mode 100644
index 000000000..6fcbaa597
--- /dev/null
+++ b/testing/hosts/alice/etc/network/interfaces
@@ -0,0 +1,20 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 10.1.0.10
+	netmask 255.255.0.0
+	broadcast 10.1.255.255
+	gateway 10.1.0.1
+iface eth0 inet6 static
+	address fec1::10
+	netmask 16
+
+iface eth1 inet static
+	address 192.168.0.50
+	netmask 255.255.255.0
+	broadcast 192.168.0.255
+iface eth1 inet6 static
+	address fec0::5
+	netmask 16
diff --git a/testing/hosts/alice/etc/runlevels/default/net.eth0 b/testing/hosts/alice/etc/runlevels/default/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/alice/etc/runlevels/default/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/alice/etc/strongswan.conf b/testing/hosts/alice/etc/strongswan.conf
index 4c40f76cc..f7a87e90c 100644
--- a/testing/hosts/alice/etc/strongswan.conf
+++ b/testing/hosts/alice/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/hosts/bob/etc/conf.d/hostname b/testing/hosts/bob/etc/conf.d/hostname
deleted file mode 100644
index bbf5a2ea6..000000000
--- a/testing/hosts/bob/etc/conf.d/hostname
+++ /dev/null
@@ -1 +0,0 @@
-HOSTNAME=bob
diff --git a/testing/hosts/bob/etc/conf.d/net b/testing/hosts/bob/etc/conf.d/net
deleted file mode 100644
index bd0b3a5ce..000000000
--- a/testing/hosts/bob/etc/conf.d/net
+++ /dev/null
@@ -1,10 +0,0 @@
-# /etc/conf.d/net:
-
-# This is basically the ifconfig argument without the ifconfig $iface
-#
-config_eth0=( "PH_IP_BOB broadcast 10.2.255.255 netmask 255.255.0.0"
-              "PH_IP6_BOB/16" )
-
-# For setting the default gateway
-#
-routes_eth0=( "default via PH_IP_SUN1" )
diff --git a/testing/hosts/bob/etc/hostname b/testing/hosts/bob/etc/hostname
new file mode 100644
index 000000000..696fb6baa
--- /dev/null
+++ b/testing/hosts/bob/etc/hostname
@@ -0,0 +1 @@
+bob
diff --git a/testing/hosts/bob/etc/init.d/iptables b/testing/hosts/bob/etc/init.d/iptables
deleted file mode 100755
index 7b8756b81..000000000
--- a/testing/hosts/bob/etc/init.d/iptables
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow IKE
-        iptables -A INPUT  -i eth0 -p udp --dport 500 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT
-			
-	# allow NAT-T 
-	iptables -A INPUT  -i eth0 -p udp --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT
-
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/hosts/bob/etc/init.d/net.eth0 b/testing/hosts/bob/etc/init.d/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/bob/etc/init.d/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/bob/etc/ipsec.conf b/testing/hosts/bob/etc/ipsec.conf
index 62c0ec787..5896c3436 100755..100644
--- a/testing/hosts/bob/etc/ipsec.conf
+++ b/testing/hosts/bob/etc/ipsec.conf
@@ -1,24 +1,18 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
 
 conn nat-t
-	left=%defaultroute
+	left=%any
 	leftcert=bobCert.pem
 	leftid=bob@strongswan.org
 	leftfirewall=yes
 	right=%any
-	rightsubnetwithin=10.1.0.0/16
+	rightsubnet=10.1.0.0/16
 	auto=add
diff --git a/testing/hosts/bob/etc/network/interfaces b/testing/hosts/bob/etc/network/interfaces
new file mode 100644
index 000000000..eca4f8fe7
--- /dev/null
+++ b/testing/hosts/bob/etc/network/interfaces
@@ -0,0 +1,12 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 10.2.0.10
+	netmask 255.255.0.0
+	broadcast 10.2.255.255
+	gateway 10.2.0.1
+iface eth0 inet6 static
+	address fec2::10
+	netmask 16
diff --git a/testing/hosts/bob/etc/runlevels/default/net.eth0 b/testing/hosts/bob/etc/runlevels/default/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/bob/etc/runlevels/default/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/bob/etc/strongswan.conf b/testing/hosts/bob/etc/strongswan.conf
index 4c40f76cc..f7a87e90c 100644
--- a/testing/hosts/bob/etc/strongswan.conf
+++ b/testing/hosts/bob/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/hosts/carol/etc/conf.d/hostname b/testing/hosts/carol/etc/conf.d/hostname
deleted file mode 100644
index d5101b924..000000000
--- a/testing/hosts/carol/etc/conf.d/hostname
+++ /dev/null
@@ -1 +0,0 @@
-HOSTNAME=carol
diff --git a/testing/hosts/carol/etc/conf.d/net b/testing/hosts/carol/etc/conf.d/net
deleted file mode 100644
index f7f685942..000000000
--- a/testing/hosts/carol/etc/conf.d/net
+++ /dev/null
@@ -1,10 +0,0 @@
-# /etc/conf.d/net:
-
-# This is basically the ifconfig argument without the ifconfig $iface
-#
-config_eth0=( "PH_IP_CAROL broadcast 192.168.0.255 netmask 255.255.255.0"
-              "PH_IP6_CAROL/16" )
-
-# For setting the default gateway
-#
-routes_eth0=( "default via 192.168.0.254" )
diff --git a/testing/hosts/carol/etc/hostname b/testing/hosts/carol/etc/hostname
new file mode 100644
index 000000000..da4b06358
--- /dev/null
+++ b/testing/hosts/carol/etc/hostname
@@ -0,0 +1 @@
+carol
diff --git a/testing/hosts/carol/etc/init.d/iptables b/testing/hosts/carol/etc/init.d/iptables
deleted file mode 100755
index 6ff11a424..000000000
--- a/testing/hosts/carol/etc/init.d/iptables
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow MobIKE
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/hosts/carol/etc/init.d/net.eth0 b/testing/hosts/carol/etc/init.d/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/carol/etc/init.d/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/carol/etc/ipsec.conf b/testing/hosts/carol/etc/ipsec.conf
index 1def6ca99..d2d481b68 100755..100644
--- a/testing/hosts/carol/etc/ipsec.conf
+++ b/testing/hosts/carol/etc/ipsec.conf
@@ -1,24 +1,19 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
 
 conn home
-	left=PH_IP_CAROL
+	left=192.168.0.100
 	leftcert=carolCert.pem
 	leftid=carol@strongswan.org
 	leftfirewall=yes
-	right=PH_IP_MOON
+	right=192.168.0.1
 	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
 	auto=add
diff --git a/testing/hosts/carol/etc/network/interfaces b/testing/hosts/carol/etc/network/interfaces
new file mode 100644
index 000000000..67bc73359
--- /dev/null
+++ b/testing/hosts/carol/etc/network/interfaces
@@ -0,0 +1,12 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 192.168.0.100
+	netmask 255.255.255.0
+	broadcast 192.168.0.255
+	gateway 192.168.0.254
+iface eth0 inet6 static
+	address fec0::10
+	netmask 16
diff --git a/testing/hosts/carol/etc/runlevels/default/net.eth0 b/testing/hosts/carol/etc/runlevels/default/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/carol/etc/runlevels/default/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/carol/etc/strongswan.conf b/testing/hosts/carol/etc/strongswan.conf
index 4c40f76cc..f7a87e90c 100644
--- a/testing/hosts/carol/etc/strongswan.conf
+++ b/testing/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/hosts/dave/etc/conf.d/hostname b/testing/hosts/dave/etc/conf.d/hostname
deleted file mode 100644
index c3fabf331..000000000
--- a/testing/hosts/dave/etc/conf.d/hostname
+++ /dev/null
@@ -1 +0,0 @@
-HOSTNAME=dave
diff --git a/testing/hosts/dave/etc/conf.d/net b/testing/hosts/dave/etc/conf.d/net
deleted file mode 100644
index 2b902525a..000000000
--- a/testing/hosts/dave/etc/conf.d/net
+++ /dev/null
@@ -1,10 +0,0 @@
-# /etc/conf.d/net:
-
-# This is basically the ifconfig argument without the ifconfig $iface
-#
-config_eth0=( "PH_IP_DAVE broadcast 192.168.0.255 netmask 255.255.255.0"
-              "PH_IP6_DAVE/16" )
-
-# For setting the default gateway
-#
-routes_eth0=( "default via 192.168.0.254" )
diff --git a/testing/hosts/dave/etc/hostname b/testing/hosts/dave/etc/hostname
new file mode 100644
index 000000000..9fcf7b10e
--- /dev/null
+++ b/testing/hosts/dave/etc/hostname
@@ -0,0 +1 @@
+dave
diff --git a/testing/hosts/dave/etc/init.d/iptables b/testing/hosts/dave/etc/init.d/iptables
deleted file mode 100755
index 6ff11a424..000000000
--- a/testing/hosts/dave/etc/init.d/iptables
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow MobIKE
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/hosts/dave/etc/init.d/net.eth0 b/testing/hosts/dave/etc/init.d/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/dave/etc/init.d/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/dave/etc/ipsec.conf b/testing/hosts/dave/etc/ipsec.conf
index c9d559f0d..5c546e260 100755..100644
--- a/testing/hosts/dave/etc/ipsec.conf
+++ b/testing/hosts/dave/etc/ipsec.conf
@@ -1,24 +1,19 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
 
 conn home
-	left=PH_IP_DAVE
+	left=192.168.0.200
 	leftcert=daveCert.pem
 	leftid=dave@strongswan.org
 	leftfirewall=yes
-	right=PH_IP_MOON
+	right=192.168.0.1
 	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
 	auto=add
diff --git a/testing/hosts/dave/etc/network/interfaces b/testing/hosts/dave/etc/network/interfaces
new file mode 100644
index 000000000..59e526751
--- /dev/null
+++ b/testing/hosts/dave/etc/network/interfaces
@@ -0,0 +1,12 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 192.168.0.200
+	netmask 255.255.255.0
+	broadcast 192.168.0.255
+	gateway 192.168.0.254
+iface eth0 inet6 static
+	address fec0::20
+	netmask 16
diff --git a/testing/hosts/dave/etc/runlevels/default/net.eth0 b/testing/hosts/dave/etc/runlevels/default/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/dave/etc/runlevels/default/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/dave/etc/strongswan.conf b/testing/hosts/dave/etc/strongswan.conf
index 4c40f76cc..f7a87e90c 100644
--- a/testing/hosts/dave/etc/strongswan.conf
+++ b/testing/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/hosts/default/etc/default/slapd b/testing/hosts/default/etc/default/slapd
new file mode 100644
index 000000000..a4a0a6e2a
--- /dev/null
+++ b/testing/hosts/default/etc/default/slapd
@@ -0,0 +1,45 @@
+# Default location of the slapd.conf file or slapd.d cn=config directory. If
+# empty, use the compiled-in default (/etc/ldap/slapd.d with a fallback to
+# /etc/ldap/slapd.conf).
+SLAPD_CONF=/etc/ldap/slapd.conf
+
+# System account to run the slapd server under. If empty the server
+# will run as root.
+SLAPD_USER="openldap"
+
+# System group to run the slapd server under. If empty the server will
+# run in the primary group of its user.
+SLAPD_GROUP="openldap"
+
+# Path to the pid file of the slapd server. If not set the init.d script
+# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf by
+# default)
+SLAPD_PIDFILE=
+
+# slapd normally serves ldap only on all TCP-ports 389. slapd can also
+# service requests on TCP-port 636 (ldaps) and requests via unix
+# sockets.
+# Example usage:
+# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
+SLAPD_SERVICES="ldap:///"
+
+# If SLAPD_NO_START is set, the init script will not start or restart
+# slapd (but stop will still work).  Uncomment this if you are
+# starting slapd via some other means or if you don't want slapd normally
+# started at boot.
+#SLAPD_NO_START=1
+
+# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
+# the init script will not start or restart slapd (but stop will still
+# work).  Use this for temporarily disabling startup of slapd (when doing
+# maintenance, for example, or through a configuration management system)
+# when you don't want to edit a configuration file.
+SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
+
+# For Kerberos authentication (via SASL), slapd by default uses the system
+# keytab file (/etc/krb5.keytab).  To use a different keytab file,
+# uncomment this line and change the path.
+#export KRB5_KTNAME=/etc/krb5.keytab
+
+# Additional options to pass to slapd
+SLAPD_OPTIONS=""
diff --git a/testing/hosts/default/etc/fstab b/testing/hosts/default/etc/fstab
new file mode 100644
index 000000000..12747232e
--- /dev/null
+++ b/testing/hosts/default/etc/fstab
@@ -0,0 +1 @@
+/hostshare /root/shared 9p trans=virtio,version=9p2000.L 0 0
diff --git a/testing/hosts/default/etc/ip6tables.flush b/testing/hosts/default/etc/ip6tables.flush
new file mode 100644
index 000000000..c3f5a9254
--- /dev/null
+++ b/testing/hosts/default/etc/ip6tables.flush
@@ -0,0 +1,15 @@
+*filter
+
+-F
+
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+COMMIT
+
+*mangle
+
+-F
+
+COMMIT
diff --git a/testing/hosts/default/etc/ip6tables.rules b/testing/hosts/default/etc/ip6tables.rules
new file mode 100644
index 000000000..6a2c6af8e
--- /dev/null
+++ b/testing/hosts/default/etc/ip6tables.rules
@@ -0,0 +1,39 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow last UDP fragment
+-A INPUT -i eth0 -p udp -m frag --fraglast -j ACCEPT
+
+# allow ICMPv6 neighbor-solicitations
+-A INPUT  -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-solicitation -j ACCEPT
+
+# allow ICMPv6 neighbor-advertisements
+-A INPUT  -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+-A OUTPUT -p icmpv6 --icmpv6-type neighbor-advertisement -j ACCEPT
+
+# allow crl and certficate fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s fec0::15 -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d fec0::15 -j ACCEPT
+
+# log dropped packets
+-A INPUT  -j LOG --log-prefix " IN: "
+-A OUTPUT -j LOG --log-prefix " OUT: "
+
+COMMIT
diff --git a/testing/hosts/default/etc/iptables.drop b/testing/hosts/default/etc/iptables.drop
new file mode 100644
index 000000000..445c45669
--- /dev/null
+++ b/testing/hosts/default/etc/iptables.drop
@@ -0,0 +1,12 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+COMMIT
diff --git a/testing/hosts/default/etc/iptables.flush b/testing/hosts/default/etc/iptables.flush
new file mode 100644
index 000000000..b3ab63c51
--- /dev/null
+++ b/testing/hosts/default/etc/iptables.flush
@@ -0,0 +1,21 @@
+*filter
+
+-F
+
+-P INPUT ACCEPT
+-P OUTPUT ACCEPT
+-P FORWARD ACCEPT
+
+COMMIT
+
+*nat
+
+-F
+
+COMMIT
+
+*mangle
+
+-F
+
+COMMIT
diff --git a/testing/hosts/default/etc/iptables.rules b/testing/hosts/default/etc/iptables.rules
new file mode 100644
index 000000000..c3f036cf9
--- /dev/null
+++ b/testing/hosts/default/etc/iptables.rules
@@ -0,0 +1,28 @@
+*filter
+
+# default policy is DROP
+-P INPUT DROP
+-P OUTPUT DROP
+-P FORWARD DROP
+
+# allow esp
+-A INPUT  -i eth0 -p 50 -j ACCEPT
+-A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+# allow IKE
+-A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+# allow MobIKE
+-A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
+-A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
+
+# allow ssh
+-A INPUT  -p tcp --dport 22 -j ACCEPT
+-A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+# allow crl fetch from winnetou
+-A INPUT  -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
+-A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
+
+COMMIT
diff --git a/testing/hosts/default/etc/ld.so.conf.d/strongswan.conf b/testing/hosts/default/etc/ld.so.conf.d/strongswan.conf
new file mode 100644
index 000000000..8648d0185
--- /dev/null
+++ b/testing/hosts/default/etc/ld.so.conf.d/strongswan.conf
@@ -0,0 +1 @@
+/usr/local/lib/ipsec
diff --git a/testing/hosts/default/etc/profile.d/coredumps.sh b/testing/hosts/default/etc/profile.d/coredumps.sh
new file mode 100644
index 000000000..ea44c0ef6
--- /dev/null
+++ b/testing/hosts/default/etc/profile.d/coredumps.sh
@@ -0,0 +1,5 @@
+#!/bin/sh -e
+
+ulimit -c unlimited >/dev/null 2>&1
+install -m 1777 -d /var/local/dumps >/dev/null 2>&1
+echo "/var/local/dumps/core.%e.%p" > /proc/sys/kernel/core_pattern
diff --git a/testing/hosts/default/etc/pts/data.sql b/testing/hosts/default/etc/pts/data.sql
new file mode 100644
index 000000000..35fd65753
--- /dev/null
+++ b/testing/hosts/default/etc/pts/data.sql
@@ -0,0 +1,846 @@
+/* Products */
+
+INSERT INTO products (			/*  1 */
+  name
+) VALUES (
+ 'Debian 6.0 i686'
+);
+
+INSERT INTO products (			/*  2 */
+  name
+) VALUES (
+ 'Debian 6.0 x86_64'
+);
+
+INSERT INTO products (			/*  3 */
+  name
+) VALUES (
+ 'Debian 7.0 i686'
+);
+
+INSERT INTO products (			/*  4 */
+  name
+) VALUES (
+ 'Debian 7.0 x86_64'
+);
+
+INSERT INTO products (			/*  5 */
+  name
+) VALUES (
+ 'Debian 8.0 i686'
+);
+
+INSERT INTO products (			/*  6 */
+  name
+) VALUES (
+ 'Debian 8.0 x86_64'
+);
+
+INSERT INTO products (			/*  7 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 i686'
+);
+
+INSERT INTO products (			/*  8 */
+  name
+) VALUES (
+ 'Ubuntu 10.04 x86_64'
+);
+
+INSERT INTO products (			/*  9 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 i686'
+);
+
+INSERT INTO products (			/* 10 */
+  name
+) VALUES (
+ 'Ubuntu 10.10 x86_64'
+);
+
+INSERT INTO products (			/* 11 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 i686'
+);
+
+INSERT INTO products (			/* 12 */
+  name
+) VALUES (
+ 'Ubuntu 11.04 x86_64'
+);
+
+INSERT INTO products (			/* 13 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 i686'
+);
+
+INSERT INTO products (			/* 14 */
+  name
+) VALUES (
+ 'Ubuntu 11.10 x86_64'
+);
+
+INSERT INTO products (			/* 15 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 i686'
+);
+
+INSERT INTO products (			/* 16 */
+  name
+) VALUES (
+ 'Ubuntu 12.04 x86_64'
+);
+
+INSERT INTO products (			/* 17 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 i686'
+);
+
+INSERT INTO products (			/* 18 */
+  name
+) VALUES (
+ 'Ubuntu 12.10 x86_64'
+);
+
+INSERT INTO products (			/* 19 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 i686'
+);
+
+INSERT INTO products (			/* 20 */
+  name
+) VALUES (
+ 'Ubuntu 13.04 x86_64'
+);
+
+INSERT INTO products (			/* 21 */
+  name
+) VALUES (
+ 'Android 4.1.1'
+);
+
+INSERT INTO products (			/* 22 */
+  name
+) VALUES (
+ 'Android 4.2.1'
+);
+
+/* Directories */
+
+INSERT INTO directories (		/*  1 */
+  path
+) VALUES (
+ '/bin'
+);
+
+INSERT INTO directories (		/*  2 */
+  path
+) VALUES (
+ '/etc'
+);
+
+INSERT INTO directories (		/*  3 */
+  path
+) VALUES (
+ '/lib'
+);
+
+INSERT INTO directories (		/*  4 */
+  path
+) VALUES (
+ '/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (		/*  5 */
+  path
+) VALUES (
+ '/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (		/*  6 */
+  path
+) VALUES (
+ '/lib/xtables'
+);
+
+INSERT INTO directories (		/*  7 */
+  path
+) VALUES (
+ '/sbin'
+);
+
+INSERT INTO directories (		/*  8 */
+  path
+) VALUES (
+ '/usr/bin'
+);
+
+INSERT INTO directories (		/*  9 */
+  path
+) VALUES (
+ '/usr/lib'
+);
+
+INSERT INTO directories (		/* 10 */
+  path
+) VALUES (
+ '/usr/lib/i386-linux-gnu'
+);
+
+INSERT INTO directories (		/* 11 */
+  path
+) VALUES (
+ '/usr/lib/x86_64-linux-gnu'
+);
+
+INSERT INTO directories (		/* 12 */
+  path
+) VALUES (
+ '/usr/sbin'
+);
+
+INSERT INTO directories (		/* 13 */
+  path
+) VALUES (
+ '/system/bin'
+);
+
+INSERT INTO directories (		/* 14 */
+  path
+) VALUES (
+ '/system/lib'
+);
+
+/* Files */
+
+INSERT INTO files (				/*  1 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 5
+);
+
+INSERT INTO files (				/*  2 */
+  name, dir
+) VALUES (
+ 'libcrypto.so.1.0.0', 11
+);
+
+INSERT INTO files (				/*  3 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 5
+);
+
+INSERT INTO files (				/*  4 */
+  name, dir
+) VALUES (
+ 'libssl.so.1.0.0', 11
+);
+
+INSERT INTO files (				/*  5 */
+  name, dir
+) VALUES (
+  'openssl', 8
+);
+
+INSERT INTO files (				/*  6 */
+  name, dir
+) VALUES (
+  'tnc_config', 2
+);
+
+/* Algorithms */
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  65536, 'SHA1-IMA' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  32768, 'SHA1' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  16384, 'SHA256' 
+);
+
+INSERT INTO algorithms (
+  id, name
+) VALUES (
+  8192, 'SHA384' 
+);
+
+/* File Hashes */
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 32768, X'6c6f8e12f6cbfba612e780374c4cdcd40f20968a' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 16384, X'dbcecd19d59310183cf5c31ddee29e8d7bec64d3f9583aad074330a1b3024b07' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 2, 8192, X'197c5385e5853003188833d4f991136c1b0875fa416a60b1159f64e57e457b3184762c884a802a2bda194c058e3bd953' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 32768, X'3ad204f99eb7262efab79cfca02628870ea76361' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 16384, X'3a2170aad92fdd58b55e0e199822bc873cf587b2d1eb1ed7ed8dcea97ae86376' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 4, 8192, X'f778076baa876b5e4b502494a3db081fb09dd870dee6991d54104a74b7e009c58fe261db5ffd13c11e08ef0cefcfa59f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 32768, X'ecd9c7076cc0572724c7a67db7f19c2831e0445f' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 16384, X'28f3ea5afd34444c8232ea75003131e294a0c9b847de300e4b205d38c1a41305' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  4, 5, 8192, X'51921a8b9322f2d3f06d55002ff40a79da67e70cb563b2a50977642d603dfac2ccbb68b3d32a8bb350769b75d6254208' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 32768, X'd9309b9e45928239d7a7b18711e690792632cce4' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 16384, X'dbfa1856d278d8707c4989b30dd065b4bcd309908f0f2e6e66ff2aa83ff93f59' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 1, 8192, X'fb8d027f03bb5ebb47741ed247eb9e174127b714d20229885feb37e0979aeb14a1b74020cded891d680441093625729c' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 32768, X'3715f2f94016a91fab5bbc503f0f1d43c5a9fc2b' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 16384, X'c03a5296b5decb87b01517f9927a8b2349dfb29ff9f5ba084f994c155ca5d4be' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 3, 8192, X'b8bc345f56115235cc6091f61e312ce43ea54a5b99e7295002ae7b415fd35e06ec4c731ab70ad00d784bb53a318a2fa0' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 32768, X'e59602f4edf24c1b36199588886d06665d4adcd7' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 16384, X'090e1b77bda7fe665e498c6b5e09dbb7ddc5cfe57f213de48f4fb6736484f500' 
+);
+
+INSERT INTO file_hashes (
+  product, file, algo, hash
+) VALUES (
+  18, 5, 8192, X'7cbdb4612a13443dba910ecdef5161f2213e52c9b4a2eef14bcee5d287e9df931cd022e9e9715518ad9c9b6e3384a668' 
+);
+
+/* Packages */
+
+INSERT INTO packages (			/*  1 */
+  name
+) VALUES (
+ 'libssl-dev'
+);
+
+INSERT INTO packages (			/*  2 */
+  name
+) VALUES (
+ 'libssl1.0.0'
+);
+
+INSERT INTO packages (			/*  3 */
+  name
+) VALUES (
+ 'libssl1.0.0-dbg'
+);
+
+INSERT INTO packages (			/*  4 */
+  name
+) VALUES (
+ 'openssl'
+);
+
+/* Versions */
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  1, 4, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  2, 4, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  3, 4, '1.0.1e-2', 1366531494
+);
+
+INSERT INTO versions (
+  package, product, release, time
+) VALUES (
+  4, 4, '1.0.1e-2', 1366531494
+);
+
+/* Components */
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 1, 33  /* ITA TGRUB */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 2, 33  /* ITA TBOOT */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 33  /* ITA IMA - Trusted Platform */
+);
+
+INSERT INTO components (
+  vendor_id, name, qualifier
+) VALUES (
+  36906, 3, 34  /* ITA IMA - Operating System */
+);
+
+/* Groups */
+
+INSERT INTO groups (			/*  1 */
+  name
+) VALUES (
+  'Default'
+);
+
+INSERT INTO groups (			/*  2 */
+  name, parent
+) VALUES (
+  'Linux', 1
+);
+
+INSERT INTO groups (			/*  3 */
+  name, parent
+) VALUES (
+  'Android', 1
+);
+
+INSERT INTO groups (			/*  4 */
+  name, parent
+) VALUES (
+  'Debian i686', 2
+);
+
+INSERT INTO groups (			/*  5 */
+  name, parent
+) VALUES (
+  'Debian x86_64', 2
+);
+
+INSERT INTO groups (			/*  6 */
+  name, parent
+) VALUES (
+  'Ubuntu i686', 2
+);
+
+INSERT INTO groups (			/*  7 */
+  name, parent
+) VALUES (
+  'Ubuntu x86_64', 2
+);
+
+INSERT INTO groups (			/*  8 */
+  name
+) VALUES (
+  'Reference'
+);
+
+INSERT INTO groups (			/*  9 */
+  name, parent
+) VALUES (
+  'Ref. Android', 8
+);
+
+INSERT INTO groups (			/* 10 */
+  name, parent
+) VALUES (
+  'Ref. Linux', 8
+);
+
+/* Default Product Groups */
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 1
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 3
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  4, 5
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 2
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 4
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  5, 6
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 7
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 9
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 11
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 13
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 15
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 17
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  6, 19
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 8
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 10
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 12
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 14
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 16
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 18
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  7, 20
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 21
+);
+
+INSERT INTO groups_product_defaults (
+  group_id, product_id
+) VALUES (
+  3, 22
+);
+
+/* Policies */
+
+INSERT INTO policies (			/*  1 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  1, 'Installed Packages', 2, 2
+);
+
+INSERT INTO policies (			/*  2 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  2, 'Unknown Source', 2, 2
+);
+
+INSERT INTO policies (			/*  3 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  3, 'IP Forwarding Enabled',  1, 1
+);
+
+INSERT INTO policies (			/*  4 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  4, 'Default Factory Password Enabled', 1, 1
+);
+
+INSERT INTO policies (			/*  5 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 1, 2, 2
+);
+
+INSERT INTO policies (			/*  6 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /lib/x86_64-linux-gnu/libssl.so.1.0.0', 3, 2, 2
+);
+
+INSERT INTO policies (			/*  7 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/bin/openssl', 5, 2, 2
+);
+
+INSERT INTO policies (			/*  8 */
+  type, name, rec_fail, rec_noresult
+) VALUES (
+  11, 'No Open TCP Ports', 1, 1
+);
+
+INSERT INTO policies (			/*  9 */
+  type, name, argument, rec_fail, rec_noresult
+) VALUES (
+  13, 'Open UDP Ports', '500 4500 10000-65000', 1, 1
+);
+
+INSERT INTO policies (			/* 10 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  7, 'Metadata of /etc/tnc_config', 6, 0, 0
+);
+
+INSERT INTO policies (			/* 11 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /bin', 1, 0, 0
+);
+
+INSERT INTO policies (			/*  12 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0', 2, 2, 2
+);
+
+INSERT INTO policies (			/* 13 */
+  type, name, file, rec_fail, rec_noresult
+) VALUES (
+  6, 'Measure /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0', 4, 2, 2
+);
+
+INSERT INTO policies (			/* 14 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /system/bin', 13, 0, 0
+);
+
+INSERT INTO policies (			/* 15 */
+  type, name, dir, rec_fail, rec_noresult
+) VALUES (
+  8, 'Get /system/lib', 14, 0, 0
+);
+
+/* Enforcements */
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  1, 1, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  2, 3, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  3, 2, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  5, 7, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  6, 7, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  7, 2, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  8, 1, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  9, 1, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  10, 2, 60
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  11, 10, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  12, 5, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  13, 5, 86400
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  14, 9, 0
+);
+
+INSERT INTO enforcements (
+  policy, group_id, max_age
+) VALUES (
+  15, 9, 0
+);
+
diff --git a/testing/hosts/default/etc/pts/tables.sql b/testing/hosts/default/etc/pts/tables.sql
new file mode 100644
index 000000000..4cc959e09
--- /dev/null
+++ b/testing/hosts/default/etc/pts/tables.sql
@@ -0,0 +1,234 @@
+/* IMV PTS SQLite database */
+
+DROP TABLE IF EXISTS directories;
+CREATE TABLE directories (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  path TEXT NOT NULL
+);
+DROP INDEX IF EXISTS directories_path;
+CREATE INDEX directories_path ON directories (
+  path
+);
+
+DROP TABLE IF EXISTS files;
+CREATE TABLE files (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  dir INTEGER DEFAULT 0 REFERENCES directories(id),
+  name TEXT NOT NULL
+);
+DROP INDEX IF EXISTS files_name;
+CREATE INDEX files_name ON files (
+  name
+);
+
+DROP TABLE IF EXISTS products;
+CREATE TABLE products (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  name TEXT NOT NULL
+);
+DROP INDEX IF EXISTS products_name;
+CREATE INDEX products_name ON products (
+  name
+);
+
+DROP TABLE IF EXISTS algorithms;
+CREATE TABLE algorithms (
+  id INTEGER PRIMARY KEY,
+  name VARCHAR(20) not NULL
+);
+
+DROP TABLE IF EXISTS file_hashes;
+CREATE TABLE file_hashes (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  file INTEGER NOT NULL REFERENCES files(id),
+  product INTEGER NOT NULL REFERENCES products(id),
+  device INTEGER DEFAULT 0,
+  key INTEGER DEFAULT 0 REFERENCES keys(id),
+  algo INTEGER NOT NULL REFERENCES algorithms(id),
+  hash BLOB NOT NULL
+);
+
+DROP TABLE IF EXISTS keys;
+CREATE TABLE keys (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  keyid BLOB NOT NULL,
+  owner TEXT NOT NULL
+);
+DROP INDEX IF EXISTS keys_keyid;
+CREATE INDEX keys_keyid ON keys (
+  keyid
+);
+DROP INDEX IF EXISTS keys_owner;
+CREATE INDEX keys_owner ON keys (
+  owner
+);
+
+DROP TABLE IF EXISTS groups;
+CREATE TABLE groups (
+  id INTEGER NOT NULL PRIMARY KEY,
+  name VARCHAR(50) NOT NULL UNIQUE,
+  parent INTEGER
+);
+
+DROP TABLE IF EXISTS groups_members;
+CREATE TABLE groups_members (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  group_id INTEGER NOT NULL REFERENCES groups(id),
+  device_id INTEGER NOT NULL REFERENCES devices(id),
+  UNIQUE (group_id, device_id)
+);
+
+DROP TABLE IF EXISTS groups_product_defaults;
+CREATE TABLE groups_product_defaults (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  group_id INTEGER NOT NULL REFERENCES groups(id),
+  product_id INTEGER NOT NULL REFERENCES products(id),
+  UNIQUE (group_id, product_id)
+);
+
+DROP TABLE IF EXISTS policies;
+CREATE TABLE policies (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  type INTEGER NOT NULL,
+  name VARCHAR(100) NOT NULL UNIQUE,
+  argument TEXT DEFAULT '' NOT NULL,
+  rec_fail INTEGER NOT NULL,
+  rec_noresult INTEGER NOT NULL,
+  file INTEGER DEFAULT 0 REFERENCES files(id),
+  dir INTEGER DEFAULT 0 REFERENCES directories(id)
+);
+
+DROP TABLE IF EXISTS enforcements;
+CREATE TABLE enforcements (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  policy INTEGER NOT NULL REFERENCES policies(id),
+  group_id INTEGER NOT NULL REFERENCES groups(id),
+  rec_fail INTEGER,
+  rec_noresult INTEGER,
+  max_age INTEGER NOT NULL,
+  UNIQUE (policy, group_id)
+);
+
+DROP TABLE IF EXISTS sessions;
+CREATE TABLE sessions (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  time INTEGER NOT NULL,
+  connection INTEGER NOT NULL,
+  identity INTEGER DEFAULT 0 REFERENCES identities(id),
+  device INTEGER DEFAULT 0 REFERENCES devices(id),
+  product INTEGER DEFAULT 0 REFERENCES products(id),
+  rec INTEGER DEFAULT 3
+);
+
+DROP TABLE IF EXISTS workitems;
+CREATE TABLE workitems (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  session INTEGER NOT NULL REFERENCES sessions(id),
+  enforcement INTEGER NOT NULL REFERENCES enforcements(id),
+  type INTEGER NOT NULL,
+  arg_str TEXT,
+  arg_int INTEGER DEFAULT 0,
+  rec_fail INTEGER NOT NULL,
+  rec_noresult INTEGER NOT NULL,
+  rec_final INTEGER,
+  result TEXT
+);
+DROP INDEX IF EXISTS workitems_session;
+CREATE INDEX workitems_sessions ON workitems (
+  session
+);
+
+DROP TABLE IF EXISTS results;
+CREATE TABLE results (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  session INTEGER NOT NULL REFERENCES measurements(id),
+  policy INTEGER NOT NULL REFERENCES policies(id),
+  rec INTEGER NOT NULL,
+  result TEXT NOT NULL
+);
+DROP INDEX IF EXISTS results_session;
+CREATE INDEX results_session ON results (
+  session
+);
+
+DROP TABLE IF EXISTS components;
+CREATE TABLE components (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  vendor_id INTEGER NOT NULL,
+  name INTEGER NOT NULL,
+  qualifier INTEGER DEFAULT 0
+);
+
+
+DROP TABLE IF EXISTS key_component;
+CREATE TABLE key_component (
+  key INTEGER NOT NULL,
+  component INTEGER NOT NULL,
+  depth INTEGER DEFAULT 0,
+  seq_no INTEGER DEFAULT 0,
+  PRIMARY KEY (key, component)
+);
+
+
+DROP TABLE IF EXISTS component_hashes;
+CREATE TABLE component_hashes (
+  component INTEGER NOT NULL,
+  key INTEGER NOT NULL,
+  seq_no INTEGER NOT NULL,
+  pcr INTEGER NOT NULL,
+  algo INTEGER NOT NULL,
+  hash BLOB NOT NULL,
+  PRIMARY KEY(component, key, seq_no, algo)
+);
+
+DROP TABLE IF EXISTS packages;
+CREATE TABLE packages (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  name TEXT NOT NULL,
+  blacklist INTEGER DEFAULT 0
+);
+DROP INDEX IF EXISTS packages_name;
+CREATE INDEX packages_name ON packages (
+  name
+);
+
+DROP TABLE IF EXISTS versions;
+CREATE TABLE versions (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  package INTEGER NOT NULL REFERENCES packages(id),
+  product INTEGER NOT NULL REFERENCES products(id),
+  release TEXT NOT NULL,
+  security INTEGER DEFAULT 0,
+  blacklist INTEGER DEFAULT 0,
+  time INTEGER DEFAULT 0
+);
+DROP INDEX IF EXISTS versions_release;
+CREATE INDEX versions_release ON versions (
+  release
+);
+DROP INDEX IF EXISTS versions_package_product;
+CREATE INDEX versions_package_product ON versions (
+  package, product
+);
+
+DROP TABLE IF EXISTS devices;
+CREATE TABLE devices (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  description TEXT DEFAULT '',
+  value TEXT NOT NULL,
+  product INTEGER REFERENCES products(id),
+  created INTEGER
+);
+DROP INDEX IF EXISTS devices_id;
+CREATE INDEX devices_value ON devices (
+  value
+);
+
+DROP TABLE IF EXISTS identities;
+CREATE TABLE identities (
+  id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+  type INTEGER NOT NULL,
+  value BLOB NOT NULL,
+  UNIQUE (type, value)
+);
+
diff --git a/testing/hosts/default/etc/rsyslog.conf b/testing/hosts/default/etc/rsyslog.conf
new file mode 100644
index 000000000..9f76da36e
--- /dev/null
+++ b/testing/hosts/default/etc/rsyslog.conf
@@ -0,0 +1,125 @@
+#  /etc/rsyslog.conf	Configuration file for rsyslog.
+#
+#			For more information see
+#			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+
+
+#################
+#### MODULES ####
+#################
+
+$ModLoad imuxsock # provides support for local system logging
+$ModLoad imklog   # provides kernel logging support
+#$ModLoad immark  # provides --MARK-- message capability
+
+# Don't drop messages
+$SystemLogRateLimitInterval 0
+$RepeatedMsgReduction off
+
+# provides UDP syslog reception
+#$ModLoad imudp
+#$UDPServerRun 514
+
+# provides TCP syslog reception
+#$ModLoad imtcp
+#$InputTCPServerRun 514
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Logging for INN news system.
+#
+news.crit			/var/log/news/news.crit
+news.err			/var/log/news/news.err
+news.notice			-/var/log/news/news.notice
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	news.none;mail.none	-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail,news.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
+
+#
+# I like to have messages displayed on the console, but only on a virtual
+# console I usually leave idle.
+#
+#daemon,mail.*;\
+#	news.=crit;news.=err;news.=notice;\
+#	*.=debug;*.=info;\
+#	*.=notice;*.=warn	/dev/tty8
+
+# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
+# you must invoke `xconsole' with the `-file' option:
+#
+#    $ xconsole -file /dev/xconsole [...]
+#
+# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
+#      busy site..
+#
+daemon.*;mail.*;\
+	news.err;\
+	*.=debug;*.=info;\
+	*.=notice;*.=warn	|/dev/xconsole
diff --git a/testing/hosts/default/etc/security/limits.conf b/testing/hosts/default/etc/security/limits.conf
new file mode 100644
index 000000000..2658b3236
--- /dev/null
+++ b/testing/hosts/default/etc/security/limits.conf
@@ -0,0 +1,58 @@
+# /etc/security/limits.conf
+#
+#Each line describes a limit for a user in the form:
+#
+#<domain>        <type>  <item>  <value>
+#
+#Where:
+#<domain> can be:
+#        - an user name
+#        - a group name, with @group syntax
+#        - the wildcard *, for default entry
+#        - the wildcard %, can be also used with %group syntax,
+#                 for maxlogin limit
+#        - NOTE: group and wildcard limits are not applied to root.
+#          To apply a limit to the root user, <domain> must be
+#          the literal username root.
+#
+#<type> can have the two values:
+#        - "soft" for enforcing the soft limits
+#        - "hard" for enforcing hard limits
+#
+#<item> can be one of the following:
+#        - core - limits the core file size (KB)
+#        - data - max data size (KB)
+#        - fsize - maximum filesize (KB)
+#        - memlock - max locked-in-memory address space (KB)
+#        - nofile - max number of open files
+#        - rss - max resident set size (KB)
+#        - stack - max stack size (KB)
+#        - cpu - max CPU time (MIN)
+#        - nproc - max number of processes
+#        - as - address space limit (KB)
+#        - maxlogins - max number of logins for this user
+#        - maxsyslogins - max number of logins on the system
+#        - priority - the priority to run user process with
+#        - locks - max number of file locks the user can hold
+#        - sigpending - max number of pending signals
+#        - msgqueue - max memory used by POSIX message queues (bytes)
+#        - nice - max nice priority allowed to raise to values: [-20, 19]
+#        - rtprio - max realtime priority
+#        - chroot - change root to directory (Debian-specific)
+#
+#<domain>      <type>  <item>         <value>
+#
+
+#*               soft    core            0
+#root            hard    core            100000
+#*               hard    rss             10000
+#@student        hard    nproc           20
+#@faculty        soft    nproc           20
+#@faculty        hard    nproc           50
+#ftp             hard    nproc           0
+#ftp             -       chroot          /ftp
+#@student        -       maxlogins       4
+
+* soft core unlimited
+
+# End of file
diff --git a/testing/hosts/default/etc/ssh/sshd_config b/testing/hosts/default/etc/ssh/sshd_config
new file mode 100644
index 000000000..07b7e78e5
--- /dev/null
+++ b/testing/hosts/default/etc/ssh/sshd_config
@@ -0,0 +1,13 @@
+Port 22
+Protocol 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+UsePrivilegeSeparation no
+PermitRootLogin yes
+StrictModes no
+PubkeyAuthentication no
+PermitEmptyPasswords yes
+PrintMotd no
+PrintLastLog no
+UsePAM no
diff --git a/testing/hosts/default/etc/sysctl.conf b/testing/hosts/default/etc/sysctl.conf
new file mode 100644
index 000000000..43010d52e
--- /dev/null
+++ b/testing/hosts/default/etc/sysctl.conf
@@ -0,0 +1,62 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additonal system variables
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+
+# Enable coredump for suid binaries
+fs.suid_dumpable = 1
diff --git a/testing/hosts/default/root/.bashrc b/testing/hosts/default/root/.bashrc
new file mode 100644
index 000000000..078dbd601
--- /dev/null
+++ b/testing/hosts/default/root/.bashrc
@@ -0,0 +1,11 @@
+# don't store duplicate entries in the history
+export HISTCONTROL=erasedups
+# use a simple prompt of host:pwd# (user is always root)
+PS1='\h:\w\$ '
+# set the terminal title to host:pwd
+case $TERM in
+xterm*)
+	PROMPT_COMMAND='echo -ne "\033]0;${HOSTNAME}:${PWD}\007"'
+	;;
+esac
+
diff --git a/testing/hosts/default/root/.ssh/config b/testing/hosts/default/root/.ssh/config
new file mode 100644
index 000000000..aa102a144
--- /dev/null
+++ b/testing/hosts/default/root/.ssh/config
@@ -0,0 +1,3 @@
+Host *
+	StrictHostKeyChecking no
+	UserKnownHostsFile /dev/null
diff --git a/testing/hosts/default/usr/local/bin/expect-connection b/testing/hosts/default/usr/local/bin/expect-connection
new file mode 100755
index 000000000..10a709255
--- /dev/null
+++ b/testing/hosts/default/usr/local/bin/expect-connection
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Wait until a given IPsec connection becomes available
+#
+# Params:
+# $1 - connection name
+# $2 - maximum time to wait in seconds, default is 5 seconds
+
+if [[ $# -lt 1 || $# -gt 2 ]]
+then
+	echo "invalid arguments"
+	exit 1
+fi
+
+secs=$2
+[ ! $secs ] && secs=5
+
+let steps=$secs*10
+for i in `seq 1 $steps`
+do
+	ipsec statusall 2>&1 | grep ^[[:space:]]*$1: >/dev/null
+	[ $? -eq 0 ] && exit 0
+	sleep 0.1
+done
+
+echo "Connection '$1' not available after $secs second(s)"
+exit 1
diff --git a/testing/hosts/default/usr/local/bin/expect-file b/testing/hosts/default/usr/local/bin/expect-file
new file mode 100755
index 000000000..6921b6638
--- /dev/null
+++ b/testing/hosts/default/usr/local/bin/expect-file
@@ -0,0 +1,29 @@
+#!/bin/bash
+#
+# Wait until a given file appears
+#
+# Params:
+# $1 - filename
+# $2 - maximum time to wait in seconds, default is 5 seconds
+
+if [[ $# -lt 1 || $# -gt 2 ]]
+then
+	echo "invalid arguments"
+	exit 1
+fi
+
+secs=$2
+[ ! $secs ] && secs=5
+
+let steps=$secs*10
+for i in `seq 1 $steps`
+do
+	# -f does not work for special files (e.g. UNIX domain sockets), use ls
+	# instead
+	ls $1 >/dev/null 2>&1
+	[ $? -eq 0 ] && exit 0
+	sleep 0.1
+done
+
+echo "File '$1' not available after $secs second(s)"
+exit 1
diff --git a/testing/hosts/moon/etc/conf.d/hostname b/testing/hosts/moon/etc/conf.d/hostname
deleted file mode 100644
index 78e695337..000000000
--- a/testing/hosts/moon/etc/conf.d/hostname
+++ /dev/null
@@ -1 +0,0 @@
-HOSTNAME=moon
diff --git a/testing/hosts/moon/etc/conf.d/net b/testing/hosts/moon/etc/conf.d/net
deleted file mode 100644
index 7f09fd8a5..000000000
--- a/testing/hosts/moon/etc/conf.d/net
+++ /dev/null
@@ -1,12 +0,0 @@
-# /etc/conf.d/net:
-
-# This is basically the ifconfig argument without the ifconfig $iface
-#
-config_eth0=( "PH_IP_MOON broadcast 192.168.0.255 netmask 255.255.255.0"
-              "PH_IP6_MOON/16" )
-config_eth1=( "PH_IP_MOON1 broadcast 10.1.255.255 netmask 255.255.0.0"
-              "PH_IP6_MOON1/16" )
-
-# For setting the default gateway
-#
-routes_eth0=( "default via 192.168.0.254" )
diff --git a/testing/hosts/moon/etc/hostname b/testing/hosts/moon/etc/hostname
new file mode 100644
index 000000000..605185ef1
--- /dev/null
+++ b/testing/hosts/moon/etc/hostname
@@ -0,0 +1 @@
+moon
diff --git a/testing/hosts/moon/etc/init.d/iptables b/testing/hosts/moon/etc/init.d/iptables
deleted file mode 100755
index f5fa80b26..000000000
--- a/testing/hosts/moon/etc/init.d/iptables
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-
-	# allow MobIKE
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/hosts/moon/etc/init.d/net.eth0 b/testing/hosts/moon/etc/init.d/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/moon/etc/init.d/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/moon/etc/init.d/net.eth1 b/testing/hosts/moon/etc/init.d/net.eth1
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/moon/etc/init.d/net.eth1
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/moon/etc/ipsec.conf b/testing/hosts/moon/etc/ipsec.conf
index b1e6549cf..623e75d0a 100755..100644
--- a/testing/hosts/moon/etc/ipsec.conf
+++ b/testing/hosts/moon/etc/ipsec.conf
@@ -1,31 +1,26 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	charonstart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_MOON
+	left=192.168.0.1
 	leftcert=moonCert.pem
 	leftid=@moon.strongswan.org
 	leftfirewall=yes
 
 conn net-net
 	leftsubnet=10.1.0.0/16
-	right=PH_IP_SUN
+	right=192.168.0.2
 	rightsubnet=10.2.0.0/16
 	rightid=@sun.strongswan.org
 	auto=add
-        
+
 conn host-host
-	right=PH_IP_SUN
+	right=192.168.0.2
 	rightid=@sun.strongswan.org
 	auto=add
 
diff --git a/testing/hosts/moon/etc/network/interfaces b/testing/hosts/moon/etc/network/interfaces
new file mode 100644
index 000000000..fde2f102f
--- /dev/null
+++ b/testing/hosts/moon/etc/network/interfaces
@@ -0,0 +1,21 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 192.168.0.1
+	netmask 255.255.255.0
+	broadcast 192.168.0.255
+	gateway 192.168.0.254
+iface eth0 inet6 static
+	address fec0::1
+	netmask 16
+
+auto eth1
+iface eth1 inet static
+	address 10.1.0.1
+	netmask 255.255.0.0
+	broadcast 10.1.255.255
+iface eth1 inet6 static
+	address fec1::1
+	netmask 16
diff --git a/testing/hosts/moon/etc/rc.local b/testing/hosts/moon/etc/rc.local
new file mode 100755
index 000000000..8649a2bcb
--- /dev/null
+++ b/testing/hosts/moon/etc/rc.local
@@ -0,0 +1,20 @@
+#!/bin/sh -e
+#
+# rc.local
+#
+# This script is executed at the end of each multiuser runlevel.
+# Make sure that the script will "exit 0" on success or any other
+# value on error.
+#
+# In order to enable or disable this script just change the execution
+# bits.
+#
+
+# Disable checksum offloading on eth1 because it does not currently work with
+# libvirt and isc-dhcp-server running on venus, see [1]
+# [1] - https://bugs.mageia.org/show_bug.cgi?id=1243
+
+ethtool --offload eth1 tx off >/dev/null 2>&1
+ethtool --offload eth1 rx off >/dev/null 2>&1
+
+exit 0
diff --git a/testing/hosts/moon/etc/runlevels/default/net.eth0 b/testing/hosts/moon/etc/runlevels/default/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/moon/etc/runlevels/default/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/moon/etc/runlevels/default/net.eth1 b/testing/hosts/moon/etc/runlevels/default/net.eth1
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/moon/etc/runlevels/default/net.eth1
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/moon/etc/strongswan.conf b/testing/hosts/moon/etc/strongswan.conf
index 4c40f76cc..f7a87e90c 100644
--- a/testing/hosts/moon/etc/strongswan.conf
+++ b/testing/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/hosts/ssh_host_rsa_key.pub b/testing/hosts/ssh_host_rsa_key.pub
deleted file mode 100644
index a5f71de4e..000000000
--- a/testing/hosts/ssh_host_rsa_key.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsxKfTm05po6leGD8C+M0eAR5EE4s1pQXc0D/dVlqrmfZ65h5BFQY9lnwpCvapV6OVqKWx8ICmeIH3OhaPxPPNKlU81f3d0xgh8BRJpWh459DYkRVa5f7ax5eeFE1lelj9s1d0seUl/IZolpJ8Wmt9TN1hwJ0mrkwN4670rb3urc=
diff --git a/testing/hosts/sun/etc/conf.d/hostname b/testing/hosts/sun/etc/conf.d/hostname
deleted file mode 100644
index bc042b68b..000000000
--- a/testing/hosts/sun/etc/conf.d/hostname
+++ /dev/null
@@ -1 +0,0 @@
-HOSTNAME=sun
diff --git a/testing/hosts/sun/etc/conf.d/net b/testing/hosts/sun/etc/conf.d/net
deleted file mode 100644
index 4a6370ab7..000000000
--- a/testing/hosts/sun/etc/conf.d/net
+++ /dev/null
@@ -1,14 +0,0 @@
-# /etc/conf.d/net:
-
-# This is basically the ifconfig argument without the ifconfig $iface
-#
-config_eth0=( "PH_IP_SUN broadcast 192.168.0.255 netmask 255.255.255.0"
-              "PH_IP6_SUN/16" )
-config_eth1=( "PH_IP_SUN1 broadcast 10.2.255.255 netmask 255.255.0.0"
-              "PH_IP6_SUN1/16" )
-
-# For setting the default gateway
-#
-routes_eth0=( "default via 192.168.0.254" )
-
-
diff --git a/testing/hosts/sun/etc/hostname b/testing/hosts/sun/etc/hostname
new file mode 100644
index 000000000..692699759
--- /dev/null
+++ b/testing/hosts/sun/etc/hostname
@@ -0,0 +1 @@
+sun
diff --git a/testing/hosts/sun/etc/init.d/iptables b/testing/hosts/sun/etc/init.d/iptables
deleted file mode 100755
index aeaf472fb..000000000
--- a/testing/hosts/sun/etc/init.d/iptables
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# enable IP forwarding
-	echo 1 > /proc/sys/net/ipv4/ip_forward
-	
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow esp
-	iptables -A INPUT  -i eth0 -p 50 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
-
-	# allow IKE
-	iptables -A INPUT  -i eth0 -p udp --dport 500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --sport 500 -j ACCEPT
-
-        # allow NAT-T 
-	iptables -A INPUT  -i eth0 -p udp --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --sport 4500 -j ACCEPT
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/hosts/sun/etc/init.d/net.eth0 b/testing/hosts/sun/etc/init.d/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/sun/etc/init.d/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/sun/etc/init.d/net.eth1 b/testing/hosts/sun/etc/init.d/net.eth1
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/sun/etc/init.d/net.eth1
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/sun/etc/ipsec.conf b/testing/hosts/sun/etc/ipsec.conf
index 083e58970..2f979f122 100755..100644
--- a/testing/hosts/sun/etc/ipsec.conf
+++ b/testing/hosts/sun/etc/ipsec.conf
@@ -1,37 +1,31 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
-	left=PH_IP_SUN
+	left=192.168.0.2
 	leftcert=sunCert.pem
 	leftid=@sun.strongswan.org
 	leftfirewall=yes
 
 conn net-net
 	leftsubnet=10.2.0.0/16
-	right=PH_IP_MOON
+	right=192.168.0.1
 	rightsubnet=10.1.0.0/16
 	rightid=@moon.strongswan.org
 	auto=add
 
 conn host-host
-	right=PH_IP_MOON
+	right=192.168.0.1
 	rightid=@moon.strongswan.org
 	auto=add
 
 conn nat-t
 	leftsubnet=10.2.0.0/16
 	right=%any
-	rightsubnetwithin=10.1.0.0/16
+	rightsubnet=10.1.0.0/16
 	auto=add
diff --git a/testing/hosts/sun/etc/network/interfaces b/testing/hosts/sun/etc/network/interfaces
new file mode 100644
index 000000000..841735af1
--- /dev/null
+++ b/testing/hosts/sun/etc/network/interfaces
@@ -0,0 +1,21 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 192.168.0.2
+	netmask 255.255.255.0
+	broadcast 192.168.0.255
+	gateway 192.168.0.254
+iface eth0 inet6 static
+	address fec0::2
+	netmask 16
+
+auto eth1
+iface eth1 inet static
+	address 10.2.0.1
+	netmask 255.255.0.0
+	broadcast 10.2.255.255
+iface eth1 inet6 static
+	address fec2::1
+	netmask 16
diff --git a/testing/hosts/sun/etc/runlevels/default/net.eth0 b/testing/hosts/sun/etc/runlevels/default/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/sun/etc/runlevels/default/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/sun/etc/runlevels/default/net.eth1 b/testing/hosts/sun/etc/runlevels/default/net.eth1
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/sun/etc/runlevels/default/net.eth1
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/sun/etc/strongswan.conf b/testing/hosts/sun/etc/strongswan.conf
index 4c40f76cc..f7a87e90c 100644
--- a/testing/hosts/sun/etc/strongswan.conf
+++ b/testing/hosts/sun/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/hosts/venus/etc/conf.d/hostname b/testing/hosts/venus/etc/conf.d/hostname
deleted file mode 100644
index c9e3dd1d4..000000000
--- a/testing/hosts/venus/etc/conf.d/hostname
+++ /dev/null
@@ -1 +0,0 @@
-HOSTNAME=venus
diff --git a/testing/hosts/venus/etc/conf.d/net b/testing/hosts/venus/etc/conf.d/net
deleted file mode 100644
index 43ec97807..000000000
--- a/testing/hosts/venus/etc/conf.d/net
+++ /dev/null
@@ -1,10 +0,0 @@
-# /etc/conf.d/net:
-
-# This is basically the ifconfig argument without the ifconfig $iface
-#
-config_eth0=( "PH_IP_VENUS broadcast 10.1.255.255 netmask 255.255.0.0"
-              "PH_IP6_VENUS/16" )
-
-# For setting the default gateway
-#
-routes_eth0=( "default via PH_IP_MOON1" )
diff --git a/testing/hosts/venus/etc/hostname b/testing/hosts/venus/etc/hostname
new file mode 100644
index 000000000..acf16d8be
--- /dev/null
+++ b/testing/hosts/venus/etc/hostname
@@ -0,0 +1 @@
+venus
diff --git a/testing/hosts/venus/etc/init.d/iptables b/testing/hosts/venus/etc/init.d/iptables
deleted file mode 100755
index 1097ac5a4..000000000
--- a/testing/hosts/venus/etc/init.d/iptables
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="start stop reload"
-
-depend() {
-	before net
-	need logger
-}
-
-start() {
-	ebegin "Starting firewall"
-
-	# default policy is DROP
-	/sbin/iptables -P INPUT DROP
-	/sbin/iptables -P OUTPUT DROP
-	/sbin/iptables -P FORWARD DROP
-
-	# allow IKE
-        iptables -A INPUT  -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
-        iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
-			
-	# allow NAT-T 
-	iptables -A INPUT  -i eth0 -p udp --sport 4500 --dport 4500 -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p udp --dport 4500 --sport 4500 -j ACCEPT
-
-
-	# allow crl fetch from winnetou
-	iptables -A INPUT  -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
-	iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
-
-	# allow ssh
-	iptables -A INPUT  -p tcp --dport 22 -j ACCEPT
-	iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-	eend $?
-}
-
-stop() {
-	ebegin "Stopping firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-	
-			if [ $a == nat ]; then
-				/sbin/iptables -t nat -P PREROUTING ACCEPT
-				/sbin/iptables -t nat -P POSTROUTING ACCEPT
-				/sbin/iptables -t nat -P OUTPUT ACCEPT
-			elif [ $a == mangle ]; then
-				/sbin/iptables -t mangle -P PREROUTING ACCEPT
-				/sbin/iptables -t mangle -P INPUT ACCEPT
-				/sbin/iptables -t mangle -P FORWARD ACCEPT
-				/sbin/iptables -t mangle -P OUTPUT ACCEPT
-				/sbin/iptables -t mangle -P POSTROUTING ACCEPT
-			elif [ $a == filter ]; then
-				/sbin/iptables -t filter -P INPUT ACCEPT
-				/sbin/iptables -t filter -P FORWARD ACCEPT
-				/sbin/iptables -t filter -P OUTPUT ACCEPT
-			fi
-		done
-	eend $?
-}
-
-reload() {
-	ebegin "Flushing firewall"
-		for a in `cat /proc/net/ip_tables_names`; do
-			/sbin/iptables -F -t $a
-			/sbin/iptables -X -t $a
-		done;
-        eend $?
-	start
-}
-
diff --git a/testing/hosts/venus/etc/init.d/net.eth0 b/testing/hosts/venus/etc/init.d/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/venus/etc/init.d/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/venus/etc/ipsec.conf b/testing/hosts/venus/etc/ipsec.conf
index 86cd6c9d4..e4604cb44 100755..100644
--- a/testing/hosts/venus/etc/ipsec.conf
+++ b/testing/hosts/venus/etc/ipsec.conf
@@ -1,25 +1,19 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
-	plutodebug=control
-	crlcheckinterval=180
-	strictcrlpolicy=no
-	nat_traversal=yes
-	charonstart=no
 
 conn %default
 	ikelifetime=60m
 	keylife=20m
 	rekeymargin=3m
 	keyingtries=1
-	keyexchange=ikev1
 
 conn nat-t
-	left=%defaultroute
+	left=%any
 	leftcert=venusCert.pem
 	leftid=@venus.strongswan.org
 	leftfirewall=yes
-	right=PH_IP_SUN
+	right=192.168.0.2
 	rightid=@sun.strongswan.org
 	rightsubnet=10.2.0.0/16
 	auto=add
diff --git a/testing/hosts/venus/etc/network/interfaces b/testing/hosts/venus/etc/network/interfaces
new file mode 100644
index 000000000..9cbae6041
--- /dev/null
+++ b/testing/hosts/venus/etc/network/interfaces
@@ -0,0 +1,12 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 10.1.0.20
+	netmask 255.255.0.0
+	broadcast 10.1.255.255
+	gateway 10.1.0.1
+iface eth0 inet6 static
+	address fec1::20
+	netmask 16
diff --git a/testing/hosts/venus/etc/runlevels/default/net.eth0 b/testing/hosts/venus/etc/runlevels/default/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/venus/etc/runlevels/default/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/venus/etc/strongswan.conf b/testing/hosts/venus/etc/strongswan.conf
index 4c40f76cc..f7a87e90c 100644
--- a/testing/hosts/venus/etc/strongswan.conf
+++ b/testing/hosts/venus/etc/strongswan.conf
@@ -1,11 +1,9 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
-pluto {
-  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 gmp random curl kernel-netlink
+charon {
+  load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints pubkey gmp random nonce curl kernel-netlink socket-default updown stroke
 }
 
-# pluto uses optimized DH exponent sizes (RFC 3526)
-
 libstrongswan {
   dh_exponent_ansi_x9_42 = no
 }
diff --git a/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text b/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text
new file mode 100644
index 000000000..6f5f3011c
--- /dev/null
+++ b/testing/hosts/winnetou/etc/apache2/conf.d/testresults-as-text
@@ -0,0 +1 @@
+AddType text/plain .iptables .log .sql
diff --git a/testing/hosts/winnetou/etc/apache2/conf/ssl/ca.crt b/testing/hosts/winnetou/etc/apache2/conf/ssl/ca.crt
deleted file mode 100644
index 0de3b268d..000000000
--- a/testing/hosts/winnetou/etc/apache2/conf/ssl/ca.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
-Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y
-X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f
-FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc
-4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/
-7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5
-gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr
-K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud
-DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw
-ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD
-VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg
-Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/
-lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n
-+g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE
-UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy
-0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy
-gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8=
------END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/apache2/conf/ssl/server.crt b/testing/hosts/winnetou/etc/apache2/conf/ssl/server.crt
deleted file mode 100644
index 956c217d9..000000000
--- a/testing/hosts/winnetou/etc/apache2/conf/ssl/server.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEFTCCAv2gAwIBAgIBDjANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTA1MDYwODE5MTcxNFoXDTEwMDYwNzE5MTcxNFowSjELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xIDAeBgNVBAMTF3dpbm5l
-dG91LnN0cm9uZ3N3YW4ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
-AQEAwBkz95BmByWVZaEW8cDbeuGr4C1caGAj4QPmuwaIriK+7XqXuh16Ahe3S5vZ
-F56WhUSvMDOIyULckKH84oSa3Jx/SCz0g7X42x8vZuq92tpsjcP/u7BlyqpBUtLa
-r14qm5wYw/1nQqMcSG3k9MQOQ+e9KgaGqpidxWM/8T4M/41AaFRBK2gQGBUULo26
-sjoq3af7Z2jYmWkP/kzj1CHLy9Mgt+UvhKeA+ag5cZnyOG596cqVjlKyqG7vdggk
-wW2n+/KDpHNOndYfT7GMFeGXUNzJPkCImWlttic7ssi0mjP3q3MuOP3FNHIRMd2H
-AcNcqT0bgdJHqnNzGv8C0Ei9XQIDAQABo4IBCTCCAQUwCQYDVR0TBAIwADALBgNV
-HQ8EBAMCA6gwHQYDVR0OBBYEFEMS0mbhrA4zDvmfKf4MntUNxkH4MG0GA1UdIwRm
-MGSAFF2n3XAGUTJ+57Zts7Xl4GDqLk3voUmkRzBFMQswCQYDVQQGEwJDSDEZMBcG
-A1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBSb290
-IENBggEAMCIGA1UdEQQbMBmCF3dpbm5ldG91LnN0cm9uZ3N3YW4ub3JnMDkGA1Ud
-HwQyMDAwLqAsoCqGKGh0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dh
-bi5jcmwwDQYJKoZIhvcNAQEEBQADggEBACO4+j1Mwt/lbkopeSJst46uFh7OtegG
-6IWNE30i3l3FIn9slSwAOMtmZR0hAF8sExvk61EPlzCR/d9trSJ5+gyjPkeF/enw
-p61rxPMT13Grzomi9gYlk6Q/0zLmE9uYWEY69Q0bEIUcfdZfwB+F7kesa946JNMc
-yHfVEhKtvzmns9ueG0S/8E+6MPDeJv+JHQ++SdWSvOVg6JNxXDGusnim2fjM2Aln
-JmqA6iU4IaPl9DUCuXlLOVv/YhwhviNEbF94upyHq8xjOZdzPbKroHXg/2yvalAw
-4aXc/ZsnFxqsq3i6a2Fj1Y4J7gYsNO/HwA0xvKz3loOTqHaJqO/qeow=
------END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/apache2/conf/ssl/server.key b/testing/hosts/winnetou/etc/apache2/conf/ssl/server.key
deleted file mode 100644
index 727027188..000000000
--- a/testing/hosts/winnetou/etc/apache2/conf/ssl/server.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAwBkz95BmByWVZaEW8cDbeuGr4C1caGAj4QPmuwaIriK+7XqX
-uh16Ahe3S5vZF56WhUSvMDOIyULckKH84oSa3Jx/SCz0g7X42x8vZuq92tpsjcP/
-u7BlyqpBUtLar14qm5wYw/1nQqMcSG3k9MQOQ+e9KgaGqpidxWM/8T4M/41AaFRB
-K2gQGBUULo26sjoq3af7Z2jYmWkP/kzj1CHLy9Mgt+UvhKeA+ag5cZnyOG596cqV
-jlKyqG7vdggkwW2n+/KDpHNOndYfT7GMFeGXUNzJPkCImWlttic7ssi0mjP3q3Mu
-OP3FNHIRMd2HAcNcqT0bgdJHqnNzGv8C0Ei9XQIDAQABAoIBACYiWrCgl8B/c4Lz
-Uay4Tlm8hvQ/zQJjY3v93EXwbB21hBV8qrYlt9zGfHqj+5q2vsbB9c0pzdO2VDba
-EWueS2fUIWhglEG5VCebrztNCldx2O7jo9bMk8iBt+oLNaJunSK7ACeYHHGcE7dF
-KZh1eyd7z4+SMBWZqmhO5ZisasQoHCusVGepcyyMGQNkc3XKJ6resGAsOqrOoq7Q
-C4vO5Kkbnk8nnEGmQ/ldD8LwIyq1hzVLDiiqWXZgh6S5l4BEo7Dy3KYrZoZfVcZK
-GMVhAI2+uA1ZqY9twpwryT6VZ3eK4DXF/COQntiBW5pLOpaqTOnKqiVmZFwfbo3u
-cq8n5jkCgYEA5zgzRLifbM0q34c2HX8pTegh+BH7MGCxtcoU2uRPaXiGkqQObHI9
-aItrgUQp+pAmKSBnEWJKgKsOh2Uf5ogjIeNuruGG/AXw/Pw2ORHNueenhDuhu69T
-E2I4yxT3PPYbdzJ4ylBElfgm9WTrv7Wi7wSSfgQ6rEFdWukXa5vvsqMCgYEA1K+q
-m1Jv9MGVIVc6MxhuOOj2Ym+qcWt/Pjvg78rR8SRsKwHlGTuv1rdWUSXYDr3f2Nf7
-6DdbJtaSx5f8gY/UG34yGZx5FFbYV03vcCYBaLXsi/b6H7vb/VW74Y5g6bXqnprv
-4mcdVU7xfyNFgdbLPAP9sYVLijPYDwm0Qq3cz/8CgYBKSJz4BBR8AQI4JBl3qoXb
-mKtpJmW76iTN0amXlWgJ64XYkMptftpJvxj/w6V08WDBL77NL/XdlpcpWozAJJac
-6ZOCrcQPLd15eZH2Dck5Y7pG2l2gjbgz7wdt/0NbG3pBdj6mSNlwEPR7PDwdMD6z
-aZWi1LsA4lMaxO4YTVXZ3wKBgQCoFhTNH/+e/YawjNFQJFSn4WUnMn0Pmhc7xfLl
-T/NPkqtx6dN3d7ZmCQrMow33yJOqOje5tFXzgc0KtNE4S8Uj3T4XA5SlQGVFyjAa
-/85JRM2naA8RGVSpCCKuBeoNilnb8zL2SOvjyboN8oAyNuDzk2vh6ihjFsoASHkP
-4XwLXQKBgQC0k6rzt/plIwEiP56XXOqwOxJj6kuE/hx1zGIiGT6lWiOsih20Ym2T
-kYegVFvuDIWmSIAxGONWyee1lfnJbEuaHRixWQTnHUpqrU0FSnZTubnR3q/faZat
-hrvLDdpa0ydAKoMEn3qUPSrh3CdBfi3KTQAQn2Mlk7bGHh9ICWi3vA==
------END RSA PRIVATE KEY-----
diff --git a/testing/hosts/winnetou/etc/apache2/modules.d/00_mod_mime.conf b/testing/hosts/winnetou/etc/apache2/modules.d/00_mod_mime.conf
deleted file mode 100644
index 72b7e0ea4..000000000
--- a/testing/hosts/winnetou/etc/apache2/modules.d/00_mod_mime.conf
+++ /dev/null
@@ -1,61 +0,0 @@
-# DefaultType: the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value.  If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-DefaultType text/plain
-
-<IfModule mime_module>
-# TypesConfig points to the file containing the list of mappings from
-# filename extension to MIME-type.
-TypesConfig /etc/mime.types
-
-# AddType allows you to add to or override the MIME configuration
-# file specified in TypesConfig for specific file types.
-#AddType application/x-gzip .tgz
-
-# AddEncoding allows you to have certain browsers uncompress
-# information on the fly. Note: Not all browsers support this.
-#AddEncoding x-compress .Z
-#AddEncoding x-gzip .gz .tgz
-
-# If the AddEncoding directives above are commented-out, then you
-# probably should define those extensions to indicate media types:
-AddType application/x-compress .Z
-AddType application/x-gzip .gz .tgz
-
-# AddHandler allows you to map certain file extensions to "handlers":
-# actions unrelated to filetype. These can be either built into the server
-# or added with the Action directive (see below)
-
-# To use CGI scripts outside of ScriptAliased directories:
-# (You will also need to add "ExecCGI" to the "Options" directive.)
-AddHandler cgi-script .cgi
-
-# For files that include their own HTTP headers:
-#AddHandler send-as-is asis
-
-# For server-parsed imagemap files:
-#AddHandler imap-file map
-
-# For type maps (negotiated resources):
-AddHandler type-map var
-
-# Filters allow you to process content before it is sent to the client.
-#
-# To parse .shtml files for server-side includes (SSI):
-# (You will also need to add "Includes" to the "Options" directive.)
-#AddType text/html .shtml
-#AddOutputFilter INCLUDES .shtml
-</IfModule>
-
-<IfModule mime_magic_module>
-# The mod_mime_magic module allows the server to use various hints from the
-# contents of the file itself to determine its type.  The MIMEMagicFile
-# directive tells the module where the hint definitions are located.
-MIMEMagicFile /etc/apache2/magic
-</IfModule>
-
-# vim: ts=4 filetype=apache
diff --git a/testing/hosts/winnetou/etc/apache2/vhosts.d/01_ocsp_vhost.conf b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost
index 9a32412db..b76080e37 100644
--- a/testing/hosts/winnetou/etc/apache2/vhosts.d/01_ocsp_vhost.conf
+++ b/testing/hosts/winnetou/etc/apache2/sites-enabled/001-ocsp_vhost
@@ -2,6 +2,8 @@
 
 Listen 8880
 
+AddHandler cgi-script .cgi
+
 <VirtualHost *:8880>
     ServerAdmin  root@strongswan.org
     DocumentRoot /etc/openssl/ocsp
diff --git a/testing/hosts/winnetou/etc/bind/K.+008+32329.key b/testing/hosts/winnetou/etc/bind/K.+008+32329.key
new file mode 100644
index 000000000..9f4e5ea5d
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/K.+008+32329.key
@@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 32329, for .
+; Created: 20130213194956 (Wed Feb 13 20:49:56 2013)
+; Publish: 20130213194956 (Wed Feb 13 20:49:56 2013)
+; Activate: 20130213194956 (Wed Feb 13 20:49:56 2013)
+. IN DNSKEY 257 3 8 AwEAAbcskaratFgvgvXl0bNq4I43ZBzd9jYnoPqsIcA0ahqXlUTUa+c2 XzN2mS7DGcI4Z5Gn+8v/Ih4lQJQrlf9I/c2HjooCAsK1bA5cRS2DiU+b L6Ge0nLtvNOf4C0MHGLrWcDONg5QoL0OcFvMXuUtOvDkoIMdtfDYDScx E9vSokc98Sx553/MTxpssXeM9i+OauGqohIZU+MVRdWwvJPieCL7Ma4b AttgG+KSbQy7x/qXPISoqzwGQvCxsL93fvD/cpp+KziqA0oH+Dfryvc5 nWdCdra4gYz7WCFFwcY1PW6PbL5ie4jnjl3WWxopuzT46HKROxDhE+FO O9fOgGnjzAk=
diff --git a/testing/hosts/winnetou/etc/bind/K.+008+32329.private b/testing/hosts/winnetou/etc/bind/K.+008+32329.private
new file mode 100644
index 000000000..8ad5cd6ae
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/K.+008+32329.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: tyyRqtq0WC+C9eXRs2rgjjdkHN32Nieg+qwhwDRqGpeVRNRr5zZfM3aZLsMZwjhnkaf7y/8iHiVAlCuV/0j9zYeOigICwrVsDlxFLYOJT5svoZ7Scu2805/gLQwcYutZwM42DlCgvQ5wW8xe5S068OSggx218NgNJzET29KiRz3xLHnnf8xPGmyxd4z2L45q4aqiEhlT4xVF1bC8k+J4IvsxrhsC22Ab4pJtDLvH+pc8hKirPAZC8LGwv3d+8P9ymn4rOKoDSgf4N+vK9zmdZ0J2triBjPtYIUXBxjU9bo9svmJ7iOeOXdZbGim7NPjocpE7EOET4U47186AaePMCQ==
+PublicExponent: AQAB
+PrivateExponent: cOOQ6uFa4DZ32aBHuvGVb1CH7JqHER0fQx4utswW0Ei3f/IChj6mMYtYIM+w4lfszIHg1vpoRnfi8u5hxTFw6egvWrKejO1OqRMIt2Inj94uXscJIDeQdkRD3r9mBzjQ2di8y9m5For9iDXODiPv/WKJ4gS/iq08ffjrKkEILirduFpG+EcopBy4MJeAMAkATkRsATEHgEbyqulP7gMwAnQ6vXFbTybfZQWWSgANabGikKMmGroJMChBGJ2Q9c7mHVpXu2IhMqYRKHWmBA5v/OrEc21dNxRGXsZuq+iu3P8o5MLHgX6YDB9nB3OVb47Prg/BxHYdQid2PwX0A0qZeQ==
+Prime1: 2ovikMXe1sTJ2xYPHgofDMmDXUwgpHu/nsCbdDHhyHIMllLXWsefuAFGQug/DDDg69oZGhNkah53uU9XAEyy6uiFJKgnzBTqCg+QmuZnuiuiQ4QjZ/g2x6R2MvzTZLOAQOaOLA3GVsgOh5msyO1kaatES4m2Pbp3xF6CYkhVRlc=
+Prime2: 1pDSXUoE/dwWCebwJHyKLQ3RSGn1o3EHeKZKnqZpABMSPs7imeoVQVZomidjUjHxkB9jbE8nqN15U/Ui4WuZKM+LPbiknaC+h2Y8v6p3u5XQSR0l1cWwdo7BZtdUkcuqSwpL0mnwnmLc6ZQrr13GXnk3qm1ymXST3MFWCWjyRJ8=
+Exponent1: 02q1b8XrT6qpd2a8kxvJc85RZWTqwxPviDzdZaeHuygRYy6apHgu24toE/umWj3CqIag9+fAoSP+P+cvy9tmzfbILnD5puSoj7kE88RmnePuIhBnTAIDxFgl/Cc2vNkk/iPLb3SX5YW9AJK6Ytm75LlI5SZAhTCpAe9HhJpi3Bs=
+Exponent2: deHfEY3nLCnMmegdK46Yw6QBxU0hvYgN2MVT3dIDghz4OzWi3Xjz8I+urHLTaIcz9kCoeQsL+QSk8fGOFlbtMLTGBUT6e/eidfU/jvXzDkaCxoiTDt2r05cevoezWN6SUuP3QEUgA4TBZjsXvSNCJwlmAeZbvd+ElRZLVKQp5nU=
+Coefficient: mtSrbS9kgU1yoTaaY4C6jTnfa43wvHi9pGHW5TUSjRQ9YnCsxy6GiuhmCcKB4iDUzWvIHehfGF5A8UaIF4GvIWcSj1FYO1uBrre5mKMxk89Y7oGtwF2qVbpPHAL4GKHPOUzmfr0vR+nT1PFs1Gr1BF+hkYgluh05KEu0flOZoAk=
+Created: 20130213194956
+Publish: 20130213194956
+Activate: 20130213194956
diff --git a/testing/hosts/winnetou/etc/bind/K.+008+43749.key b/testing/hosts/winnetou/etc/bind/K.+008+43749.key
new file mode 100644
index 000000000..de00dec2d
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/K.+008+43749.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 43749, for .
+; Created: 20130213194939 (Wed Feb 13 20:49:39 2013)
+; Publish: 20130213194939 (Wed Feb 13 20:49:39 2013)
+; Activate: 20130213194939 (Wed Feb 13 20:49:39 2013)
+. IN DNSKEY 256 3 8 AwEAAdMS+CyW9m8yB6rwrqsdfMW41AWim1T/ehg4Un/9qADFEZN9T7NK 9PI+DD3Dr72Z2ZO4hrKXB2Xe0nlvsCUjTfCwdGqgz9YLv2WfXzqRksxF gQXmzAdG7JGH+7YmXq7AAF3246caa+wMXAGRdUUCiQf87CnAaZXJ1kUz wHw3Arp5
diff --git a/testing/hosts/winnetou/etc/bind/K.+008+43749.private b/testing/hosts/winnetou/etc/bind/K.+008+43749.private
new file mode 100644
index 000000000..fb0f442f3
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/K.+008+43749.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: 0xL4LJb2bzIHqvCuqx18xbjUBaKbVP96GDhSf/2oAMURk31Ps0r08j4MPcOvvZnZk7iGspcHZd7SeW+wJSNN8LB0aqDP1gu/ZZ9fOpGSzEWBBebMB0bskYf7tiZersAAXfbjpxpr7AxcAZF1RQKJB/zsKcBplcnWRTPAfDcCunk=
+PublicExponent: AQAB
+PrivateExponent: MWEqtiPLG1B1AsSz2ExZuFf5IihcdpIeGjRy+IZ7G1L/PaX/U06h51okuv5gytaHVEvDF1zF2ks6qjY62zVbMhr69/a6XjP6QWtiDmJgAnOjRqnKs8ZfEE3rsdauDtPPUIclNr9LnJtOz32oVlvxQXn/zVCE421eKlIKZIS0AEE=
+Prime1: 8iaE9VEf9lmYEBM7m5Z/maTvP+RjYvmVx7gdnBDzHkw1ZZkc/27sSI1bvgPZ55ZSiH+324OHwQp3A5m2P9th1Q==
+Prime2: 3yVw5TpfBOSteVUMtkvUqI7o0TnUoMeGuKZyXUo8GfQz8oGKoZgmdBJTETmmV4gXPtaEMFUxD4PhJw5ralrkFQ==
+Exponent1: QPWeY2Tw6xhb16whKHr2HhSF7iDpnIqR6LL2loBhh/YvuOKbSdbK4iexvcawtRS5bU691tBxIZMaHEgnAPhsRQ==
+Exponent2: iw5B9BcT73CxydJ+QXuv4fpsizWGk0rDYX4X9pq0KVhMpuqjAWBXVi21Jh7O0e00zyvO5G+ySwDb5gLOXVCWoQ==
+Coefficient: b46+74v/ETHVVKxqdXZWf9r5RL/08AyxScYrT5qDXhJ+QeGZa1jRxrWp469FWltzliP68jLh2om6F4IjAK5o0g==
+Created: 20130213194939
+Publish: 20130213194939
+Activate: 20130213194939
diff --git a/testing/hosts/winnetou/etc/bind/Korg.+008+24285.key b/testing/hosts/winnetou/etc/bind/Korg.+008+24285.key
new file mode 100644
index 000000000..44043b485
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/Korg.+008+24285.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 24285, for org.
+; Created: 20130213191908 (Wed Feb 13 20:19:08 2013)
+; Publish: 20130213191908 (Wed Feb 13 20:19:08 2013)
+; Activate: 20130213191908 (Wed Feb 13 20:19:08 2013)
+org. IN DNSKEY 256 3 8 AwEAAa6IO30MFlgyj0hJLe0vqvHLr1/4kRCNl/Biz7VYwgzRkiYxHxLJ U+i8/r9rEWU85Q6WEt77xQ+HyxzwmoXpSaMtymYifNFZnvwl31CbkzIB FTtBUQ3BCKZjv0WgpLExDqAKgclCWBZ1PrHvDn1HTl6mMgCpiWothzkn zoNbB0g9
diff --git a/testing/hosts/winnetou/etc/bind/Korg.+008+24285.private b/testing/hosts/winnetou/etc/bind/Korg.+008+24285.private
new file mode 100644
index 000000000..e707bb6bb
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/Korg.+008+24285.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: rog7fQwWWDKPSEkt7S+q8cuvX/iREI2X8GLPtVjCDNGSJjEfEslT6Lz+v2sRZTzlDpYS3vvFD4fLHPCahelJoy3KZiJ80Vme/CXfUJuTMgEVO0FRDcEIpmO/RaCksTEOoAqByUJYFnU+se8OfUdOXqYyAKmJai2HOSfOg1sHSD0=
+PublicExponent: AQAB
+PrivateExponent: Enac/HSL5Jasq7P6JM5XIi8vBVMRXZPtD+QUHxYdqSd+c4XcyKr9snBT7sIP3AreHHXp1ycBSMxPw2b8oc/1Fx5UcCdfL2Sygw2l9oDG2nVWX5taLZgNe1t+Bbsf7fqUxBu0fYHx42xvRHPNwV+8VsDa2TDGRImH8MlPuVbHt2E=
+Prime1: 375Bu+m6egBN6k2P82oE8mUuLVYnJDOQ90ipG6Vcfxy7HTzObX+Ismw171oMASLrwMV8UWohp8cbFiira/4ruQ==
+Prime2: x7G7d58Pycz+Wox3ez8/livTQ4wXYb/ykUzgycOVJaPPRX9siz10rVfl5Y3sXQlsR4xFSl6GKFAc11MbmS7qpQ==
+Exponent1: aPk+pgd28h6Kb8+MJkwrnf5St/qfyqBW924jyVDAIPM95u3MfBtF61BRzcaVs0LLEVqWhSwiNjF4R+E07CoIIQ==
+Exponent2: T3kaZJb3D5b3u02f13rqcXdrkrxUKeDcRptT8rhVyS8SNFRr/FYu8zXCFsOOx9ASOb9HbDuGJNENSVyX5TTYyQ==
+Coefficient: GsFR4s38eNTqazXvDLcSG+166dSIRRWUrIMR85veIchQY7lsFTRFEmwKX43OsXvSZUMIE2svwIgclhP/FefcUw==
+Created: 20130213191908
+Publish: 20130213191908
+Activate: 20130213191908
diff --git a/testing/hosts/winnetou/etc/bind/Korg.+008+51859.key b/testing/hosts/winnetou/etc/bind/Korg.+008+51859.key
new file mode 100644
index 000000000..7a617ecbe
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/Korg.+008+51859.key
@@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 51859, for org.
+; Created: 20130213191920 (Wed Feb 13 20:19:20 2013)
+; Publish: 20130213191920 (Wed Feb 13 20:19:20 2013)
+; Activate: 20130213191920 (Wed Feb 13 20:19:20 2013)
+org. IN DNSKEY 257 3 8 AwEAAfAyiINF1/fIyebiAZhG3kFxv1+j3D3TxNBPccbiVUgYSnse95mb mn40KgguCljoi6kDu10Qo+XUwpR78dGJiqvKfej7cz6wbIr5qu9Kv7f8 lJPRQ2igxZ/0ZCLXGbozRuQGy39klQeG98fwxNkzHqXRxkhyAgpY8E2B umRsi2Cca/vKF+6OpNx9b8RXIBcUTdhx0Vjg+3gYhSRR1rPB160sbaL+ v3Fxv9ZzOIY9ekforNxuqV9/U0DCiOhgpZC7H+5ShPb0VNzYvv0IwIAG VPVEJdh5SNPQ0LclPXcR3av+DpjvdY5oAOn/mLPCHjxBnzOl7Q3P43dL DtYdKb9mGnk=
diff --git a/testing/hosts/winnetou/etc/bind/Korg.+008+51859.private b/testing/hosts/winnetou/etc/bind/Korg.+008+51859.private
new file mode 100644
index 000000000..698cb4f80
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/Korg.+008+51859.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: 8DKIg0XX98jJ5uIBmEbeQXG/X6PcPdPE0E9xxuJVSBhKex73mZuafjQqCC4KWOiLqQO7XRCj5dTClHvx0YmKq8p96PtzPrBsivmq70q/t/yUk9FDaKDFn/RkItcZujNG5AbLf2SVB4b3x/DE2TMepdHGSHICCljwTYG6ZGyLYJxr+8oX7o6k3H1vxFcgFxRN2HHRWOD7eBiFJFHWs8HXrSxtov6/cXG/1nM4hj16R+is3G6pX39TQMKI6GClkLsf7lKE9vRU3Ni+/QjAgAZU9UQl2HlI09DQtyU9dxHdq/4OmO91jmgA6f+Ys8IePEGfM6XtDc/jd0sO1h0pv2YaeQ==
+PublicExponent: AQAB
+PrivateExponent: pJ69mNqhbZ0bYzW6Shcn9Ep1EqNHKsictvf7zocIU+TyBvfuUkSm2Z/+vqRvSwf1z9xS6TGiYr4yrXlU/nr5o0ugh7DuByT6/zSlxmLAiuR9H+HoBSlKyJnCl248n7TM/TL6/VB+Iy6JW2rUPtgeRR9EehpI87aI21Xx3SnXTFoUTP7Z9HwoWEPOaU1SfYvBDLjZ0GTtMJ4i/LRB/rC6sbetqru4MTCAhsr8VrcH6YsFu5JrlmG+/dTEi005DrZPUOnKaDf4w3TbgSeTfbFJmvpfOoJObGm+Pc1PtxgfVUVdDWGK/LSNbTdqPQkPGlOI1sUETFNMKOY0S66H5q44QQ==
+Prime1: /y8kGw8mAtAuvISUtlUao7srcSphvvMLpxvgOB22u2wgzD51VdPRr2Inv1SJN7SGoJ9ERNLnfBnc1KFBOqtvf5uOwHD4++U80H+qWS+1aNgmMEa+IQ5WamQSPvUWFkhF6TjJnwY4rATfK2FGh00n6O3IOMjDxYyDs/M/j62/VQ0=
+Prime2: 8PcgSGgYGveDwkocfVkF0uuWRMVtfY3O/tiYSuCfkFP/++7eKMXQekmBay+5a5YUSZ6UwDFqduC/tYIuvGBi0rv+lzZJ8ydz/sdmQ+aqS3/g6oerGaTUjRV560OKWCwiMIfwQqaN+ivXdBFgGCJnaah65wiQ9W0xeTJqORQxWB0=
+Exponent1: dL3+SJrPiu3u07PbzOZ2P317TFRVT2QlapfoJgQB+xBmmMniKBe1kATZpkBoXiGqjYUPWGUcHbw/OM9k5hBT/A8QaZ3FaoffIIunRRH8bjCkl+VlSf4jLp0Fc+Pv7NW3lhCyvJu+BYRdDJ1+BJwZrAhMVx4R4ih8gDDCXVrhc2k=
+Exponent2: QQvEuCb5UtY7yAevdxq/2rbjon7U1o6gMOUQ/y1xhUlXkY9igwkbBNewytlgKS2jHlhjeRodzidPONUCfrFaG97Jk9IA1lVxF3aGIZAzqhvEACtNQafgBJGmjp51yuVm+UjIz4UcUErjZx6FnR40Yi4rtw/16XpnX3r/d5b+1vU=
+Coefficient: hAE0/Fdc6enFMymrfGW8o4lDauKQj7yQ16hw3IoOlrRLUpXqLiEnk+J6kzkSqgiW+ZC2v5Qq8mTC/3Q//ddWgaLX/LlbItitTlhQCS7hlV33ZkyvLBBjonYztnI+LHnIkj/omjumEzeQGR40TAh4FAgByRNXG2IOrLavfR/iPC8=
+Created: 20130213191920
+Publish: 20130213191920
+Activate: 20130213191920
diff --git a/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.key b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.key
new file mode 100644
index 000000000..a2d755ff4
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.key
@@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 481, for strongswan.org.
+; Created: 20130213175556 (Wed Feb 13 18:55:56 2013)
+; Publish: 20130213175556 (Wed Feb 13 18:55:56 2013)
+; Activate: 20130213175556 (Wed Feb 13 18:55:56 2013)
+strongswan.org. IN DNSKEY 257 3 8 AwEAAcXfcWvCGzQq80q9JX1Wvz0lwA/fi1XZmega350wGR8WdFCklvmK fAzNaf1CrvN3bH9Gl2VEEhkYMF6h6kVFTU7taspq5t0bLwgCK/nS8QzK TLWvzWdyVayiHfij1PPwnQV5FADBTE5mMEkmn82+PKg6jaKs3ANsc0BP bGSsGIxhUKliLxJEd+6KSl/+ouQD9RfCD5sz9NIF+IXv1ZGp2Rjf+6vK bPO8f0hmttwE/OzKyBgysLBbd6fw2pKOBhunVFmUYPaHM9zLTydzuSIA X9iSeM6HtAvlKgK0JGgPEFrX+jPG6wDvJfzzakx85rMkRGc31NFiFLqM ooWxy1674/U=
diff --git a/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.private b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.private
new file mode 100644
index 000000000..cfa7e83c4
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+00481.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: xd9xa8IbNCrzSr0lfVa/PSXAD9+LVdmZ6BrfnTAZHxZ0UKSW+Yp8DM1p/UKu83dsf0aXZUQSGRgwXqHqRUVNTu1qymrm3RsvCAIr+dLxDMpMta/NZ3JVrKId+KPU8/CdBXkUAMFMTmYwSSafzb48qDqNoqzcA2xzQE9sZKwYjGFQqWIvEkR37opKX/6i5AP1F8IPmzP00gX4he/VkanZGN/7q8ps87x/SGa23AT87MrIGDKwsFt3p/Dako4GG6dUWZRg9ocz3MtPJ3O5IgBf2JJ4zoe0C+UqArQkaA8QWtf6M8brAO8l/PNqTHzmsyREZzfU0WIUuoyihbHLXrvj9Q==
+PublicExponent: AQAB
+PrivateExponent: SIEdgEy5xx3N1B8Gs6yrmm5QuABDgAuh94iRU3miWt/RcxM8NuflmJNUOPbMQG4MFX76TqLotsVERAi0XPmN4FPig5U0TuR9EUQqdPo0VWlzPkfSzgr5Fa65qLfvegs6nhzFlZk+qqOLIeLDP5Jri4EZEPiiDacZfAEeSK0+uYDxxNCSShcYFqd9kIcqFS9pk0tcqVOZY55xjEHlk35+N08TvC+H6OnFyppz24TAuU9vqxtdGYEt6+BXnwG8MI6hCv16PkHJKeJVeC3tIl+cO+TYMMaWeI+8MXX+GIfyAOaAGj0pi3BnpUOiiLtwO0P3mi7mxB2/0Jzx2c8lLvLqaQ==
+Prime1: 8UFH1F2bt+1B2ssTHiPq+nqw/VYMTVUw+Hju79hVg2TugP0OEat00BqmZU4+bI1YscpwmWHZAU8wHvhMyjomol4+KplqxALXes3WMTijs9qXZIAX48yuakWyOrPLgUdNYwnvtcrC0vxJXk9G1lhOXDzHxmLD+HVd37SlUGvFvy8=
+Prime2: 0fdlpeBJzmDDLYz7GP2oCLhuxvUXl4xFKDDJMAikdjgpZI8wTHAyNOY9BQMZGDUkrozrxWzYpcDLyEuhVfQFl7fvlOy6c8cnHPar6JPLFhcV1g2tSiXGnUVfusVytwtDdApAPKVtFeaC3HX+jil0SmO4uqw6wXtkwwsH7aeMZhs=
+Exponent1: Utd/usSJ/BZUTrT805Sx02Dd9Z/eiY9/SVL9eQ5oDr5Rx6kdc6PUcME18gN0HAJNOn+xOnoG8hQnCftpIufk7ExAPJCBwNzY8SpNKomwbMnawn/ZtDdMjOFx2gZzEulRAXkf/uSpEZnf96pxQJkCD1ovn0e600459d8qBPt847E=
+Exponent2: Y+w99rwPw+Su3j2qvhDxZ/0F0y+O47OAsgjNpktmoVBG+rFeRfJbImuz/G+mAKxB4cP07IbJb9CZ6p97j2FLTBHgNdqXPUQ47ALEezHiw4eG/9CQeKoTpIMAdO1Ek7ILjuzV90au7G5ANtT8qQE3c7OTlVsjtzKXGG9mfYZwPaM=
+Coefficient: zqyn6OSkR2j10qY+a+Yma8kiOnUdcqvk1TW8CpG9+ch9T0mlCSiB7wPkWiIqkK8fP0qVkuurIvsxEARa0FFDTZDM5g5nJ8G26LsoNj1LA8hp0xH/UB/2pSXzo1Coc3f2VAuZEunFoNxEq0XBaZm4XLbPc3cOvVeL8WmSrf2K6lU=
+Created: 20130213175556
+Publish: 20130213175556
+Activate: 20130213175556
diff --git a/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.key b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.key
new file mode 100644
index 000000000..6f8eb8c70
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 9396, for strongswan.org.
+; Created: 20130213175239 (Wed Feb 13 18:52:39 2013)
+; Publish: 20130213175239 (Wed Feb 13 18:52:39 2013)
+; Activate: 20130213175239 (Wed Feb 13 18:52:39 2013)
+strongswan.org. IN DNSKEY 256 3 8 AwEAAa5Lb6qTxuy4ZJBDoDStnmstIU5nAsliu6UKZ6imLEg2ufAXfz7f fOtIh2/QECp80GgUDBStMvVJfRjXeJUgavM8d0Ob/rJfl1uH/buyO7Yj D+64n9t29pEuFKSAR+tYyUYk5iTidqE/CNltNkps9wc1wBAxK8ouSVXd bNvV9pvZ
diff --git a/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.private b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.private
new file mode 100644
index 000000000..2a91d9106
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/Kstrongswan.org.+008+09396.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: rktvqpPG7LhkkEOgNK2eay0hTmcCyWK7pQpnqKYsSDa58Bd/Pt9860iHb9AQKnzQaBQMFK0y9Ul9GNd4lSBq8zx3Q5v+sl+XW4f9u7I7tiMP7rif23b2kS4UpIBH61jJRiTmJOJ2oT8I2W02Smz3BzXAEDEryi5JVd1s29X2m9k=
+PublicExponent: AQAB
+PrivateExponent: rT8wnPZNGgnjc/60ZQha2p++ZodAHtt0N4XTKbEbfSBgzEUe52kQa3LppPvExebQ5VNf+sF6UJSesy2in2DczIqBOo2iftjKHXXWlnZN6ApN0v+oVmWxbvsEzODbeMOYklAzZd/QHvcNJCVHr+6WzxFlu5vnRwwF3vAEbFw+hIE=
+Prime1: 59ugOWNLFlyOP/m7iYkr3vrei7vhT0c1IvIlBYiDSX6Ns98reI21KFXHjAl7jfx0DjJXZBK4VYCfFm7/nFS7KQ==
+Prime2: wHFpgOLWd6AQfDscdkE7+rCHiaYKBADAUZ7smJni1rWFfQix+wm4qZRyrFjgT3mIZdWICJiFjh0qdrM9SvqhMQ==
+Exponent1: ndmuiaOKGV1GE1QoU4ip75MINEXjLSAjkvkcL1ozV7PrMUx8wgRoE1/jDPnfvljjgk7PpHgCO2Pn61QCfiJJkQ==
+Exponent2: vUKMdQIh1DIqJFNqEW7kkw5rrdcKwJcQjPUUUJv/OBP7fVVA3NfZsYVaJd+ecureVvBiwblml7ZdXbG3VPcZ8Q==
+Coefficient: D6wuDQKGBlZjXQov//tXMrwhWMFhNzXfBbZCSz7td3RLspi7TJkDBFIXmJolXCLpB+Y5TNOa/3FDA8rWEIQm9w==
+Created: 20130213175239
+Publish: 20130213175239
+Activate: 20130213175239
diff --git a/testing/hosts/winnetou/etc/bind/bind.keys b/testing/hosts/winnetou/etc/bind/bind.keys
new file mode 100644
index 000000000..b991fa3c4
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/bind.keys
@@ -0,0 +1,46 @@
+/* $Id: bind.keys,v 1.7 2011/01/03 23:45:07 each Exp $ */
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9.  As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org").  Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options.  To use the built-in DLV key, set
+# "dnssec-lookaside auto;".  Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of January 2011.  If any key fails to
+# initialize correctly, it may have expired.  In that event you should
+# replace this file with a current version.  The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+	# ISC DLV: See https://www.isc.org/solutions/dlv for details.
+        # NOTE: This key is activated by setting "dnssec-lookaside auto;"
+        # in named.conf.
+	dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+		TDN0YUuWrBNh";
+
+	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml
+	# for current trust anchor information.
+        # NOTE: This key is activated by setting "dnssec-validation auto;"
+        # in named.conf.
+	. initial-key 257 3 8 "AwEAAbcskaratFgvgvXl0bNq4I43ZBzd9jYnoPqsIcA0ahqXlUTUa+c2
+		XzN2mS7DGcI4Z5Gn+8v/Ih4lQJQrlf9I/c2HjooCAsK1bA5cRS2DiU+b
+		L6Ge0nLtvNOf4C0MHGLrWcDONg5QoL0OcFvMXuUtOvDkoIMdtfDYDScx
+		E9vSokc98Sx553/MTxpssXeM9i+OauGqohIZU+MVRdWwvJPieCL7Ma4b
+		AttgG+KSbQy7x/qXPISoqzwGQvCxsL93fvD/cpp+KziqA0oH+Dfryvc5
+		nWdCdra4gYz7WCFFwcY1PW6PbL5ie4jnjl3WWxopuzT46HKROxDhE+FO
+		O9fOgGnjzAk=";
+};
diff --git a/testing/hosts/winnetou/etc/bind/db.org b/testing/hosts/winnetou/etc/bind/db.org
new file mode 100644
index 000000000..ecd2c23c1
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/db.org
@@ -0,0 +1,40 @@
+;
+; Zonefile for the org zone
+;
+$TTL	604800
+@		IN	SOA	ns1.org.	root.org. (
+				     1		; Serial
+				 604800		; Refresh
+				  86400		; Retry	
+				2419200		; Expire
+				 604800 )	; Negative Cache TTL
+;
+@		IN	NS	ns1.org.
+ns1		IN	A	192.168.0.150
+ns1		IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+strongswan	IN	NS	ns1.strongswan.org.
+ns1.strongswan	IN	A	192.168.0.150
+ns1.strongswan	IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+strongswan.org.	IN	DS	481 8 1 5B239B124E38890C1853F5ECF299DEDEB5537E55
+strongswan.org.	IN	DS	481 8 2 FEE6842CA2322347D818318D278A929E0B9FD82353B84AE94A6A4C7B 1DFB4FEE
+;
+; This is a zone-signing key, keyid 24285, for org.
+org.		IN	DNSKEY	256 3 8	(
+				AwEAAa6IO30MFlgyj0hJLe0vqvHLr1/4kRCNl/Biz7VYwgzRkiYxHxLJ
+				U+i8/r9rEWU85Q6WEt77xQ+HyxzwmoXpSaMtymYifNFZnvwl31CbkzIB
+				FTtBUQ3BCKZjv0WgpLExDqAKgclCWBZ1PrHvDn1HTl6mMgCpiWothzkn
+				zoNbB0g9
+				)
+;
+; This is a key-signing key, keyid 51859, for org.
+org.		IN	DNSKEY	257 3 8 (
+				AwEAAfAyiINF1/fIyebiAZhG3kFxv1+j3D3TxNBPccbiVUgYSnse95mb
+				mn40KgguCljoi6kDu10Qo+XUwpR78dGJiqvKfej7cz6wbIr5qu9Kv7f8
+				lJPRQ2igxZ/0ZCLXGbozRuQGy39klQeG98fwxNkzHqXRxkhyAgpY8E2B
+				umRsi2Cca/vKF+6OpNx9b8RXIBcUTdhx0Vjg+3gYhSRR1rPB160sbaL+
+				v3Fxv9ZzOIY9ekforNxuqV9/U0DCiOhgpZC7H+5ShPb0VNzYvv0IwIAG
+				VPVEJdh5SNPQ0LclPXcR3av+DpjvdY5oAOn/mLPCHjxBnzOl7Q3P43dL
+				DtYdKb9mGnk=
+				)
diff --git a/testing/hosts/winnetou/etc/bind/db.root b/testing/hosts/winnetou/etc/bind/db.root
new file mode 100644
index 000000000..cfbbbc8bf
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/db.root
@@ -0,0 +1,40 @@
+;
+; Zonefile for the root zone
+;
+$TTL	604800
+@		IN	SOA	ns1.	root. (
+				     1		; Serial
+				 604800		; Refresh
+				  86400		; Retry	
+				2419200		; Expire
+				 604800 )	; Negative Cache TTL
+;
+@		IN	NS	ns1.
+ns1		IN	A	192.168.0.150
+ns1		IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+org		IN	NS	ns1.org.
+ns1.org		IN	A	192.168.0.150
+ns1.org		IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+org.		IN	DS 	51859 8 1 5075E7B1185CFCC744364EC45D2E03CBA6178929
+org.		IN	DS 	51859 8 2 9122D2557F70A8CE5CB14E85BF5D966848FC7016A0E2E021012F33B8 398770A9
+;
+; This is a zone-signing key, keyid 43749, for .
+.		IN	DNSKEY	256 3 8	(
+				AwEAAdMS+CyW9m8yB6rwrqsdfMW41AWim1T/ehg4Un/9qADFEZN9T7NK
+				9PI+DD3Dr72Z2ZO4hrKXB2Xe0nlvsCUjTfCwdGqgz9YLv2WfXzqRksxF
+				gQXmzAdG7JGH+7YmXq7AAF3246caa+wMXAGRdUUCiQf87CnAaZXJ1kUz
+				wHw3Arp5
+				)
+;
+; This is a key-signing key, keyid 32329, for .
+.		IN	DNSKEY	257 3 8	(
+				AwEAAbcskaratFgvgvXl0bNq4I43ZBzd9jYnoPqsIcA0ahqXlUTUa+c2
+				XzN2mS7DGcI4Z5Gn+8v/Ih4lQJQrlf9I/c2HjooCAsK1bA5cRS2DiU+b
+				L6Ge0nLtvNOf4C0MHGLrWcDONg5QoL0OcFvMXuUtOvDkoIMdtfDYDScx
+				E9vSokc98Sx553/MTxpssXeM9i+OauGqohIZU+MVRdWwvJPieCL7Ma4b
+				AttgG+KSbQy7x/qXPISoqzwGQvCxsL93fvD/cpp+KziqA0oH+Dfryvc5
+				nWdCdra4gYz7WCFFwcY1PW6PbL5ie4jnjl3WWxopuzT46HKROxDhE+FO
+				O9fOgGnjzAk=
+				)
diff --git a/testing/hosts/winnetou/etc/bind/db.strongswan.org b/testing/hosts/winnetou/etc/bind/db.strongswan.org
new file mode 100644
index 000000000..dfd2705cb
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/db.strongswan.org
@@ -0,0 +1,88 @@
+;
+; Zonefile for the strongswan.org zone
+;
+$TTL	604800
+@		IN	SOA	ns1.strongswan.org.	root.strongswan.org. (
+				     1			; Serial
+				 604800			; Refresh
+				  86400			; Retry	
+				2419200			; Expire
+				 604800 )		; Negative Cache TTL
+;
+@		IN	NS	ns1.strongswan.org.
+ns1		IN	A	192.168.0.150	
+ns1		IN	AAAA	fe80::fcfd:c0ff:fea8:96
+;
+moon		IN	A	192.168.0.1
+sun		IN	A	192.168.0.2
+mars		IN	A	192.168.0.5
+alice1		IN	A	192.168.0.50
+carol		IN	A	192.168.0.100
+winnetou	IN	A	192.168.0.150
+dave		IN	A	192.168.0.200
+;
+ip6-moon	IN	AAAA	fe80::fcfd:c0ff:fea8:01
+ip6-sun		IN	AAAA	fe80::fcfd:c0ff:fea8:02
+ip6-carol	IN	AAAA	fe80::fcfd:c0ff:fea8:64
+ip6-winnetou	IN	AAAA	fe80::fcfd:c0ff:fea8:96
+ip6-dave	IN	AAAA	fe80::fcfd:c0ff:fea8:c8
+;
+crl		IN	CNAME	winnetou.strongswan.org.
+ldap		IN	CNAME	winnetou.strongswan.org.
+ocsp		IN	CNAME	winnetou.strongswan.org.
+;
+moon		IN	IPSECKEY ( 10 1 2 192.168.0.1
+				AwEAAcovYz3Uu7oFhiFbFaAxL3P1MxJPCzObmuE7tkiwK0xGjg8B5jD7
+				75IZe3cI9dv/6n5JYoaWbXWs8TvV5Dd6GCHYLeEC6t+ZY7SJBBoLD592
+				t54hUKo5Ag4/pSpnfbuHnJhikeTxVC/i8ElOnFyVTU+qdaF6p7VmUvGx
+				bvvctGaX99C39SC8mQIFNlk40s0x8r7tMOdhpWwC2dyC8M3vydQ0R7ap
+				j3YortKsEnpKlQSDj2bnUX5eCwZyyBZUdLzmifc6b8bjxyssRUmN27w
+				LF7BJFWBv6U8lbMd3xCxTRWD/u+WqzdlEzI200quviilK9VsDpqAaVNe
+				EMKt4OJdTwoc=
+				)
+sun		IN	IPSECKEY ( 10 1 2 192.168.0.2
+				AwEAAd+VVIpn6Q5jaU//EN6p6A5cSfUfhBK0mFa2laFFZh/Y0h66AXqq
+				rQ3X917h7YNsSk68oowY9h9I3gOx7hNVBsJr2VjdYC+b0q5NTha09/A5
+				mimv/prYj6o0yawxoPjoDs9Yh7D7Kf+F8fkgk0stlHJZX66J7dNrFXbg
+				1xBld+Ep5Or2FbEZ9QWUpRQTuhdpNt/49YuxQ59DemY9IRbwsrKCHH0m
+				GrJsDdqeb0ap+8QvSXHjCt1fr9MNKWaAFAQLKQI4e0da1ntPCEQLeE83
+				3+NNRBgGufk0KqGT3eAXqrxa9AEIUJnVcPexQdqUMjcUpXFb8WNzRWB8
+				Egh3BDK6FsE=
+				)
+carol		IN	IPSECKEY ( 10 1 2 192.168.0.100
+				AwEAAdBdWU+BF7x4lyo+xHnr4UAOU89yQQuT5vdPoXzx6kRPsjYAuukt
+				gXR+SaLkQHw/YRgDPSKj5nzmmlOQf/rWRr+8O2q+C92aUICmkNvZGamo
+				5w2WlOMZ6T5dk2Hv+QM6xT/GzWyVr1dMYu/7tywD1Bw7aW/HqkRESDu6
+				q95VWu+Lzg6XlxCNEez0YsZrN/fC6BL2qzKAqMBbIHFW8OOnh+nEY4IF
+				5AzkZnFrw12GI72Z882pw97lyKwZhSz/GMQFBJx+rnNdw5P1IJwTlG5P
+				UdoDCte/Mcr1iiA+zOovx55x1GoGxduoXWU5egrf1MtalRf9Pc8Xr4q3
+				WEKTAmsZrVE=
+				)
+dave		IN	IPSECKEY ( 10 1 2 192.168.0.200
+				AwEAAcAH8lNvBVjmg0XT7wF6F1tzQ055f5uXRI5yClmFrqdswFA7jWO0
+				4jmvlduD2wr2X4Ng6dlBkSwSEhVkOgrzIYj8UgQT6BZF/44uYjyTYr4b
+				V2SVML9U/a1lYxBhBazpSdfeKJWkdxwjcJCqolZ719mwiyrQn2P2G7qH
+				10YgRuifpFcMs8jkMiIgpzevSMMc0OwhQPNyO5R0LEoUIy4dQJ9rU8GK
+				qmPmk/pdPQaAjpSNuCc1Y9M9vZrETs/XHmBCZXCIWJiz5VOHZ+r073E3
+				Gef9ibMuTj9g2XLvFhdDfU26FK9GkfuOwnWnhVK66diq9xw9Qqynk+8K
+				0J4a81Paq3U=
+				)
+;
+; This is a zone-signing key, keyid 9396, for strongswan.org.
+strongswan.org.	IN	DNSKEY	256 3 8	(
+				AwEAAa5Lb6qTxuy4ZJBDoDStnmstIU5nAsliu6UKZ6imLEg2ufAXfz7f
+				fOtIh2/QECp80GgUDBStMvVJfRjXeJUgavM8d0Ob/rJfl1uH/buyO7Yj
+				D+64n9t29pEuFKSAR+tYyUYk5iTidqE/CNltNkps9wc1wBAxK8ouSVXd
+				bNvV9pvZ
+				)
+;
+; This is a key-signing key, keyid 481, for strongswan.org.
+strongswan.org.	IN	DNSKEY	257 3 8	(
+				AwEAAcXfcWvCGzQq80q9JX1Wvz0lwA/fi1XZmega350wGR8WdFCklvmK
+			 	fAzNaf1CrvN3bH9Gl2VEEhkYMF6h6kVFTU7taspq5t0bLwgCK/nS8QzK
+				TLWvzWdyVayiHfij1PPwnQV5FADBTE5mMEkmn82+PKg6jaKs3ANsc0BP
+				bGSsGIxhUKliLxJEd+6KSl/+ouQD9RfCD5sz9NIF+IXv1ZGp2Rjf+6vK
+				bPO8f0hmttwE/OzKyBgysLBbd6fw2pKOBhunVFmUYPaHM9zLTydzuSIA
+				X9iSeM6HtAvlKgK0JGgPEFrX+jPG6wDvJfzzakx85rMkRGc31NFiFLqM
+				ooWxy1674/U=
+				)
diff --git a/testing/hosts/winnetou/etc/bind/named.conf.default-zones b/testing/hosts/winnetou/etc/bind/named.conf.default-zones
new file mode 100644
index 000000000..52a1e4c7c
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/named.conf.default-zones
@@ -0,0 +1,23 @@
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+	type master;
+	file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+	type master;
+	file "/etc/bind/db.255";
+};
+
diff --git a/testing/hosts/winnetou/etc/bind/named.conf.local b/testing/hosts/winnetou/etc/bind/named.conf.local
new file mode 100644
index 000000000..fa26fa9e5
--- /dev/null
+++ b/testing/hosts/winnetou/etc/bind/named.conf.local
@@ -0,0 +1,18 @@
+//
+// Do any local configuration here
+//
+
+zone "." {
+        type master;
+        file "/etc/bind/db.root.signed";
+};
+
+zone "org" {
+        type master;
+        file "/etc/bind/db.org.signed";
+};
+
+zone "strongswan.org" {
+        type master;
+        file "/etc/bind/db.strongswan.org.signed";
+};
diff --git a/testing/hosts/winnetou/etc/conf.d/hostname b/testing/hosts/winnetou/etc/conf.d/hostname
deleted file mode 100644
index 1bfa5acbd..000000000
--- a/testing/hosts/winnetou/etc/conf.d/hostname
+++ /dev/null
@@ -1 +0,0 @@
-HOSTNAME=winnetou
diff --git a/testing/hosts/winnetou/etc/conf.d/net b/testing/hosts/winnetou/etc/conf.d/net
deleted file mode 100644
index 7fbc37014..000000000
--- a/testing/hosts/winnetou/etc/conf.d/net
+++ /dev/null
@@ -1,10 +0,0 @@
-# /etc/conf.d/net:
-
-# This is basically the ifconfig argument without the ifconfig $iface
-#
-config_eth0=( "PH_IP_WINNETOU broadcast 192.168.0.255 netmask 255.255.255.0"
-              "PH_IP6_WINNETOU/16" )
-
-# For setting the default gateway
-#
-routes_eth0=( "default via 192.168.0.254" )
diff --git a/testing/hosts/winnetou/etc/conf.d/slapd b/testing/hosts/winnetou/etc/conf.d/slapd
deleted file mode 100644
index 8d9ac4787..000000000
--- a/testing/hosts/winnetou/etc/conf.d/slapd
+++ /dev/null
@@ -1,8 +0,0 @@
-# conf.d file for the openldap-2.1 series
-#
-# To enable both the standard unciphered server and the ssl encrypted
-# one uncomment this line or set any other server starting options
-# you may desire.
-#
-# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
-OPTS="-4"
diff --git a/testing/hosts/winnetou/etc/init.d/apache2 b/testing/hosts/winnetou/etc/init.d/apache2
deleted file mode 100755
index 5f72d3090..000000000
--- a/testing/hosts/winnetou/etc/init.d/apache2
+++ /dev/null
@@ -1,121 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="configtest fullstatus graceful gracefulstop modules reload"
-
-depend() {
-	need net
-	use mysql dns logger netmount postgresql
-	after sshd
-}
-
-configtest() {
-	ebegin "Checking Apache Configuration"
-	checkconfig
-	eend $?
-}
-
-checkconfig() {
-	SERVERROOT="${SERVERROOT:-/usr/lib/apache2}"
-	if [ ! -d ${SERVERROOT} ]; then
-		eerror "SERVERROOT does not exist: ${SERVERROOT}"
-		return 1
-	fi
-
-	CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}"
-	[ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}"
-	if [ ! -r "${CONFIGFILE}" ]; then
-		eerror "Unable to read configuration file: ${CONFIGFILE}"
-		return 1
-	fi
-
-	APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}"
-	APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}"
-	[ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}"
-
-	APACHE2="/usr/sbin/apache2"
-
-	${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1
-	ret=$?
-	if [ $ret -ne 0 ]; then
-		eerror "Apache2 has detected a syntax error in your configuration files:"
-		${APACHE2} ${APACHE2_OPTS} -t
-	fi
-
-	return $ret
-}
-
-start() {
-	checkconfig || return 1
-	ebegin "Starting apache2"
-	[ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache
-
-	start-stop-daemon --start --exec ${APACHE2} -- ${APACHE2_OPTS} -k start
-	eend $?
-}
-
-stop() {
-	checkconfig || return 1
-	ebegin "Stopping apache2"
-	start-stop-daemon --stop --retry -TERM/5/-KILL/5 --exec ${APACHE2} --pidfile /var/run/apache2.pid
-	eend $?
-}
-
-reload() {
-	RELOAD_TYPE="${RELOAD_TYPE:-graceful}"
-
-	checkconfig || return 1
-	if [ "${RELOAD_TYPE}" = "restart" ]; then
-		ebegin "Restarting apache2"
-		start-stop-daemon --stop --oknodo --signal HUP --exec ${APACHE2} --pidfile /var/run/apache2.pid
-		eend $?
-	elif [ "${RELOAD_TYPE}" = "graceful" ]; then
-		ebegin "Gracefully restarting apache2"
-		start-stop-daemon --stop --oknodo --signal USR1 --exec ${APACHE2} --pidfile /var/run/apache2.pid
-		eend $?
-	else
-		eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/apache2"
-	fi
-}
-
-graceful() {
-	checkconfig || return 1
-	ebegin "Gracefully restarting apache2"
-	start-stop-daemon --stop --signal USR1 --exec ${APACHE2} --pidfile /var/run/apache2.pid
-	eend $?
-}
-
-gracefulstop() {
-	checkconfig || return 1
-	
-	# zap!
-	if service_started "${myservice}"; then
-		mark_service_stopped "${myservice}"
-	fi
-
-	ebegin "Gracefully stopping apache2"
-	# 28 is SIGWINCH
-	start-stop-daemon --stop --signal 28 --exec ${APACHE2} --pidfile /var/run/apache2.pid
-	eend $?
-}
-
-modules() {
-	checkconfig || return 1
-
-	${APACHE2} ${APACHE2_OPTS} -M 2>&1
-}
-
-status() {
-	LYNX="${LYNX:-lynx -dump}"
-	STATUSURL="${STATUSURL:-http://localhost/server-status}"
-	
-	${LYNX} ${STATUSURL} | awk ' /process$/ { print; exit } { print } '
-}
-
-fullstatus() {
-	LYNX="${LYNX:-lynx -dump}"
-	STATUSURL="${STATUSURL:-http://localhost/server-status}"
-	
-	${LYNX} ${STATUSURL}
-}
diff --git a/testing/hosts/winnetou/etc/init.d/net.eth0 b/testing/hosts/winnetou/etc/init.d/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/winnetou/etc/init.d/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4
diff --git a/testing/hosts/winnetou/etc/init.d/slapd b/testing/hosts/winnetou/etc/init.d/slapd
deleted file mode 100755
index d4c070b33..000000000
--- a/testing/hosts/winnetou/etc/init.d/slapd
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2004 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/strongswan/testing/hosts/winnetou/etc/init.d/slapd,v 1.2 2005/05/31 14:04:43 as Exp $
-
-depend() {
-	need net
-}
-
-start() {
-	ebegin "Starting ldap-server"
-	eval start-stop-daemon --start --quiet --pidfile /var/run/openldap/slapd.pid --exec /usr/lib/openldap/slapd -- -u ldap -g ldap "${OPTS}"
-	eend $?
-	if [ ! -e /var/lib/openldap-data/objectClass.bdb ]
-	then
-		sleep 5
-		ldapadd -x -D "cn=Manager, o=Linux strongSwan, c=CH" -w tuxmux -f /etc/openldap/ldif.txt
-	fi
-}
-
-stop() {
-	ebegin "Stopping ldap-server"
-	start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid 
-	eend $?
-}
diff --git a/testing/hosts/winnetou/etc/openldap/ldif.txt b/testing/hosts/winnetou/etc/ldap/ldif.txt
index 3eca4d6c6..d06621adb 100644
--- a/testing/hosts/winnetou/etc/openldap/ldif.txt
+++ b/testing/hosts/winnetou/etc/ldap/ldif.txt
@@ -28,7 +28,7 @@ cACertificate;binary:< file:///etc/openssl/research/researchCert.der
 
 dn: ou=Sales, o=Linux strongSwan, c=CH
 objectclass: organizationalUnit
-ou: Sales 
+ou: Sales
 
 dn: cn=Sales CA, ou=Sales, o=Linux strongSwan, c=CH
 objectClass: organizationalRole
@@ -37,4 +37,3 @@ objectClass: certificationAuthority
 authorityRevocationList;binary:< file:///etc/openssl/sales/sales.crl
 certificateRevocationList;binary:< file:///etc/openssl/sales/sales.crl
 cACertificate;binary:< file:///etc/openssl/sales/salesCert.der
-
diff --git a/testing/hosts/winnetou/etc/ldap/slapd.conf b/testing/hosts/winnetou/etc/ldap/slapd.conf
new file mode 100644
index 000000000..103d4573f
--- /dev/null
+++ b/testing/hosts/winnetou/etc/ldap/slapd.conf
@@ -0,0 +1,23 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+
+moduleload	back_bdb.la
+
+include		/etc/ldap/schema/core.schema
+
+pidfile		/var/run/openldap/slapd.pid
+argsfile	/var/run/openldap/slapd.args
+
+#######################################################################
+# BDB database definitions
+#######################################################################
+
+database	bdb
+suffix		"o=Linux strongSwan,c=CH"
+rootdn		"cn=Manager,o=Linux strongSwan,c=CH"
+checkpoint	32	30
+rootpw		tuxmux
+directory	/var/lib/ldap
+index		objectClass	eq
diff --git a/testing/hosts/winnetou/etc/network/interfaces b/testing/hosts/winnetou/etc/network/interfaces
new file mode 100644
index 000000000..7bfb6a9f2
--- /dev/null
+++ b/testing/hosts/winnetou/etc/network/interfaces
@@ -0,0 +1,12 @@
+auto lo
+iface lo inet loopback
+
+auto eth0
+iface eth0 inet static
+	address 192.168.0.150
+	netmask 255.255.255.0
+	broadcast 192.168.0.255
+	gateway 192.168.0.254
+iface eth0 inet6 static
+	address fec0::15
+	netmask 16
diff --git a/testing/hosts/winnetou/etc/openldap/slapd.conf b/testing/hosts/winnetou/etc/openldap/slapd.conf
deleted file mode 100644
index 5a99f955d..000000000
--- a/testing/hosts/winnetou/etc/openldap/slapd.conf
+++ /dev/null
@@ -1,68 +0,0 @@
-#
-# See slapd.conf(5) for details on configuration options.
-# This file should NOT be world readable.
-#
-include		/etc/openldap/schema/core.schema
-
-# Define global ACLs to disable default read access.
-
-# Do not enable referrals until AFTER you have a working directory
-# service AND an understanding of referrals.
-#referral	ldap://root.openldap.org
-
-pidfile		/var/run/openldap/slapd.pid
-argsfile	/var/run/openldap/slapd.args
-
-# Load dynamic backend modules:
-# modulepath	/usr/lib/openldap/openldap
-# moduleload	back_bdb.la
-# moduleload	back_ldap.la
-# moduleload	back_ldbm.la
-# moduleload	back_passwd.la
-# moduleload	back_shell.la
-
-# Sample security restrictions
-#	Require integrity protection (prevent hijacking)
-#	Require 112-bit (3DES or better) encryption for updates
-#	Require 63-bit encryption for simple bind
-# security ssf=1 update_ssf=112 simple_bind=64
-
-# Sample access control policy:
-#	Root DSE: allow anyone to read it
-#	Subschema (sub)entry DSE: allow anyone to read it
-#	Other DSEs:
-#		Allow self write access
-#		Allow authenticated users read access
-#		Allow anonymous users to authenticate
-#	Directives needed to implement policy:
-# access to dn.base="" by * read
-# access to dn.base="cn=Subschema" by * read
-# access to *
-#	by self write
-#	by users read
-#	by anonymous auth
-#
-# if no access controls are present, the default policy
-# allows anyone and everyone to read anything but restricts
-# updates to rootdn.  (e.g., "access to * by * read")
-#
-# rootdn can always read and write EVERYTHING!
-
-#######################################################################
-# BDB database definitions
-#######################################################################
-
-database	bdb
-suffix		"o=Linux strongSwan,c=CH"
-rootdn		"cn=Manager,o=Linux strongSwan,c=CH"
-checkpoint	32	30 # <kbyte> <min>
-# Cleartext passwords, especially for the rootdn, should
-# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
-# Use of strong authentication encouraged.
-rootpw		tuxmux	
-# The database directory MUST exist prior to running slapd AND 
-# should only be accessible by the slapd and slap tools.
-# Mode 700 recommended.
-directory	/var/lib/openldap-data
-# Indices to maintain
-index	objectClass	eq
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt
index 358e0fd3a..1f01a4c26 100644
--- a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt
@@ -1,6 +1,13 @@
-V	130621144307Z		01	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
-R	130621161252Z	080622162459Z	02	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
-V	130621161359Z		03	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
-V	130621162918Z		04	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+R	130621144307Z	130627211828Z,superseded	01	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
+R	130621161252Z	080622162459Z,keyCompromise	02	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+R	130621161359Z	130627211849Z,superseded	03	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
+R	130621162918Z	130627211852Z,superseded	04	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
 V	140611160633Z		05	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
 V	140611160706Z		06	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
+V	180602071743Z		07	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
+V	180602072050Z		08	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
+V	180602072738Z		09	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+V	180602073154Z		0A	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org
+V	180602073328Z		0B	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org
+V	180602073519Z		0C	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
+V	180602100216Z		0D	unknown	/C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/08.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/08.pem
new file mode 100644
index 000000000..7bf96cdc8
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/08.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICdzCCAdqgAwIBAgIBCDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjA1MFoXDTE4MDYwMjA3MjA1MFowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQh4YOVBbRxtdaM7uJvDrZqt6a1jJo+rijEV5Nw1OqU5jlk
+srCtZwcZXrR67MlqzFNyvkHtbcWRuBjL55xjQE+YavKnltuKu42COUhWXh760M/c
+2SNzsjvsJgGXAsiPwiajgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
+7o/Y0jAeBgNVHREEFzAVghNtb29uLnN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
+MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
+cmwwCgYIKoZIzj0EAwQDgYoAMIGGAkE35mfDj/fFUXGsetoU9l9Kt3jbIKYugJgE
+2gmv/MW8jwrqoP7y6ATHXJkonA6AvEK+o0ZMrae55lIKPkBh5xk3XQJBfp5Eqg6Y
+efRIXUeLksM56fRjVwJS6es7qb8l1q6+c1wC1A3lEHQvAs+kJxFfFyni2oxA923F
+h2eoaYy9vSqET5Q=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/09.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/09.pem
new file mode 100644
index 000000000..a85635faf
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/09.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
+BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
+GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
+nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
+Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
+hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0A.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0A.pem
new file mode 100644
index 000000000..f43957143
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0A.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICfDCCAd2gAwIBAgIBCjAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzE1NFoXDTE4MDYwMjA3MzE1NFowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMHYwEAYHKoZI
+zj0CAQYFK4EEACIDYgAERiDlh/bOFDq6bSRdDq2ivOcNcxWSGlO5dy5yBRvAhTWl
+NJcy93jxhDIzF5mxPpmgNXpdmSBRKbm3ydkw8LbWI+5/lje06Yl6nOLBO6Zb7GqH
+XFO+BqJrUxzbdHXwxWqto4GDMIGAMB8GA1UdIwQYMBaAFLpd+XG2E7Vq0d26Nreq
+0sHuj9jSMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIA8mbKzo+mp8umjvpoQUo5pIvR1CQQ
+lvBGCUWv7mtq1CVBXzv7Z+HQqPsrL388RymEErA7BzDMkPKTa5E3ZV5LL38CQgDx
++v/cIcJdYngOOF0IgVSDzcGgSvOmMlPF/D97eC4Od7XwdYl5p9Sxi4SjmDZZi4r/
+EArN3teDfoc7CZcRxWcDhQ==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0B.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0B.pem
new file mode 100644
index 000000000..c83be145d
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0B.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICXDCCAb2gAwIBAgIBCzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzMyOFoXDTE4MDYwMjA3MzMyOFowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAAQ0aUuue3BcBvF6aEISID4c+mVBJyvSm2fPVRRkAQqh
+RktTHMYDWY6B8e/iGr4GDeF5bjr46vMB5eEtVx3chWbQo4GBMH8wHwYDVR0jBBgw
+FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
+d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAd5ols9c
+CP6HPtfMXbPlSpUDKSRyB3c5Ix2Yn3z5ogMM1QSoS88FW8D7KKsb0qTY5TnlAls3
+45PmauVwEbI2cV6qAkIBphvsmhYWMnt/QMOij7DinihEL9Ib1vxOS2boUos6sHWi
+gj3wfHyfgHM3Pgt0YYoZxELDIxcLVJeoa1TmNey7IaI=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0C.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0C.pem
new file mode 100644
index 000000000..e97709a3f
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0C.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
+DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
+3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
+7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
+MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
+cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
+d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
+iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
+ZEmeb0/mRB56osgppA==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0D.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0D.pem
new file mode 100644
index 000000000..25f0538a7
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0D.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
+NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
+PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
+ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
+Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
+tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
+BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
+Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
+BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
+vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
+9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
+2A==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/serial b/testing/hosts/winnetou/etc/openssl/ecdsa/serial
index 2c7456e3e..ff470b05e 100644
--- a/testing/hosts/winnetou/etc/openssl/ecdsa/serial
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/serial
@@ -1 +1 @@
-07
+0E
diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl
index 60e53a0a4..839816bf5 100755
--- a/testing/hosts/winnetou/etc/openssl/generate-crl
+++ b/testing/hosts/winnetou/etc/openssl/generate-crl
@@ -16,30 +16,32 @@
 
 export COMMON_NAME=strongSwan
 
+ROOT=/var/www
+
 cd /etc/openssl
 openssl ca -gencrl -crldays 30 -config /etc/openssl/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out strongswan.crl
-cp strongswan.crl     /var/www/localhost/htdocs/
-cp strongswanCert.pem /var/www/localhost/htdocs/
-cp index.html         /var/www/localhost/htdocs/
+cp strongswan.crl     ${ROOT}
+cp strongswanCert.pem ${ROOT}
+cp index.html         ${ROOT}
 cd /etc/openssl/research
 openssl ca -gencrl -crldays 15 -config /etc/openssl/research/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out research.crl
-cp research.crl       /var/www/localhost/htdocs/
+cp research.crl       ${ROOT}
 cd /etc/openssl/sales
 openssl ca -gencrl -crldays 15 -config /etc/openssl/sales/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out sales.crl
-cp sales.crl         /var/www/localhost/htdocs/
+cp sales.crl         ${ROOT}
 cd /etc/openssl/ecdsa
 openssl ca -gencrl -crldays 15 -config /etc/openssl/ecdsa/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out strongswan_ec.crl
-cp strongswan_ec.crl /var/www/localhost/htdocs/
+cp strongswan_ec.crl ${ROOT}
 cd /etc/openssl/monster
 openssl ca -gencrl -crldays 15 -config /etc/openssl/monster/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out strongswan-monster.crl
-cp strongswan-monster.crl /var/www/localhost/htdocs/
+cp strongswan-monster.crl ${ROOT}
 cd /etc/openssl/rfc3779
 openssl ca -gencrl -crldays 15 -config /etc/openssl/rfc3779/openssl.cnf -out crl.pem
 openssl crl -in crl.pem -outform der -out strongswan_rfc3779.crl
-cp strongswan_rfc3779.crl /var/www/localhost/htdocs/
+cp strongswan_rfc3779.crl ${ROOT}
 
diff --git a/testing/hosts/winnetou/etc/openssl/index.html b/testing/hosts/winnetou/etc/openssl/index.html
index 1641768ae..8cbb2c482 100644
--- a/testing/hosts/winnetou/etc/openssl/index.html
+++ b/testing/hosts/winnetou/etc/openssl/index.html
@@ -20,10 +20,10 @@
     </li>
   </ul>
 
-  <h2>strongSwan UML Testing Environment</h2>
+  <h2>strongSwan Testing Environment</h2>
   <ul>
     <li>
-      <a href="testresults/">UML Test Results</a>
+      <a href="testresults/">Test Results</a>
     </li>
   </ul>
   <a href="images/umlArchitecture_large.png" target="_blank">
diff --git a/testing/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi b/testing/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
index cb585ed08..a62fe16bd 100755
--- a/testing/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
+++ b/testing/hosts/winnetou/etc/openssl/ocsp/ocsp.cgi
@@ -5,7 +5,7 @@ cd /etc/openssl
 echo "Content-type: application/ocsp-response"
 echo ""
 
-/usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
-                      -rkey ocspKey.pem -rsigner ocspCert.pem \
-		      -nmin 5 \
-		      -reqin /dev/stdin -respout /dev/stdout
+cat | /usr/bin/openssl ocsp -index index.txt -CA strongswanCert.pem \
+	-rkey ocspKey.pem -rsigner ocspCert.pem \
+	-nmin 5 \
+	-reqin /dev/stdin -respout /dev/stdout | cat
diff --git a/testing/hosts/winnetou/etc/openssl/research/ocsp/ocsp.cgi b/testing/hosts/winnetou/etc/openssl/research/ocsp/ocsp.cgi
index c193e8779..32405f81c 100755
--- a/testing/hosts/winnetou/etc/openssl/research/ocsp/ocsp.cgi
+++ b/testing/hosts/winnetou/etc/openssl/research/ocsp/ocsp.cgi
@@ -5,7 +5,7 @@ cd /etc/openssl/research
 echo "Content-type: application/ocsp-response"
 echo ""
 
-/usr/bin/openssl ocsp -index index.txt -CA researchCert.pem \
-                      -rkey ocspKey.pem -rsigner ocspCert.pem \
-		      -nmin 5 \
-		      -reqin /dev/stdin -respout /dev/stdout
+cat | /usr/bin/openssl ocsp -index index.txt -CA researchCert.pem \
+	-rkey ocspKey.pem -rsigner ocspCert.pem \
+	-nmin 5 \
+	-reqin /dev/stdin -respout /dev/stdout | cat
diff --git a/testing/hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi b/testing/hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi
index c53cb9a76..74a2aebc2 100755
--- a/testing/hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi
+++ b/testing/hosts/winnetou/etc/openssl/sales/ocsp/ocsp.cgi
@@ -5,7 +5,7 @@ cd /etc/openssl/sales
 echo "Content-type: application/ocsp-response"
 echo ""
 
-/usr/bin/openssl ocsp -index index.txt -CA salesCert.pem \
-                      -rkey ocspKey.pem -rsigner ocspCert.pem \
-		      -nmin 5 \
-		      -reqin /dev/stdin -respout /dev/stdout
+cat | /usr/bin/openssl ocsp -index index.txt -CA salesCert.pem \
+	-rkey ocspKey.pem -rsigner ocspCert.pem \
+	-nmin 5 \
+	-reqin /dev/stdin -respout /dev/stdout | cat
diff --git a/testing/hosts/winnetou/etc/runlevels/default/apache2 b/testing/hosts/winnetou/etc/runlevels/default/apache2
deleted file mode 100755
index 5f72d3090..000000000
--- a/testing/hosts/winnetou/etc/runlevels/default/apache2
+++ /dev/null
@@ -1,121 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-opts="configtest fullstatus graceful gracefulstop modules reload"
-
-depend() {
-	need net
-	use mysql dns logger netmount postgresql
-	after sshd
-}
-
-configtest() {
-	ebegin "Checking Apache Configuration"
-	checkconfig
-	eend $?
-}
-
-checkconfig() {
-	SERVERROOT="${SERVERROOT:-/usr/lib/apache2}"
-	if [ ! -d ${SERVERROOT} ]; then
-		eerror "SERVERROOT does not exist: ${SERVERROOT}"
-		return 1
-	fi
-
-	CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}"
-	[ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}"
-	if [ ! -r "${CONFIGFILE}" ]; then
-		eerror "Unable to read configuration file: ${CONFIGFILE}"
-		return 1
-	fi
-
-	APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}"
-	APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}"
-	[ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}"
-
-	APACHE2="/usr/sbin/apache2"
-
-	${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1
-	ret=$?
-	if [ $ret -ne 0 ]; then
-		eerror "Apache2 has detected a syntax error in your configuration files:"
-		${APACHE2} ${APACHE2_OPTS} -t
-	fi
-
-	return $ret
-}
-
-start() {
-	checkconfig || return 1
-	ebegin "Starting apache2"
-	[ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache
-
-	start-stop-daemon --start --exec ${APACHE2} -- ${APACHE2_OPTS} -k start
-	eend $?
-}
-
-stop() {
-	checkconfig || return 1
-	ebegin "Stopping apache2"
-	start-stop-daemon --stop --retry -TERM/5/-KILL/5 --exec ${APACHE2} --pidfile /var/run/apache2.pid
-	eend $?
-}
-
-reload() {
-	RELOAD_TYPE="${RELOAD_TYPE:-graceful}"
-
-	checkconfig || return 1
-	if [ "${RELOAD_TYPE}" = "restart" ]; then
-		ebegin "Restarting apache2"
-		start-stop-daemon --stop --oknodo --signal HUP --exec ${APACHE2} --pidfile /var/run/apache2.pid
-		eend $?
-	elif [ "${RELOAD_TYPE}" = "graceful" ]; then
-		ebegin "Gracefully restarting apache2"
-		start-stop-daemon --stop --oknodo --signal USR1 --exec ${APACHE2} --pidfile /var/run/apache2.pid
-		eend $?
-	else
-		eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/apache2"
-	fi
-}
-
-graceful() {
-	checkconfig || return 1
-	ebegin "Gracefully restarting apache2"
-	start-stop-daemon --stop --signal USR1 --exec ${APACHE2} --pidfile /var/run/apache2.pid
-	eend $?
-}
-
-gracefulstop() {
-	checkconfig || return 1
-	
-	# zap!
-	if service_started "${myservice}"; then
-		mark_service_stopped "${myservice}"
-	fi
-
-	ebegin "Gracefully stopping apache2"
-	# 28 is SIGWINCH
-	start-stop-daemon --stop --signal 28 --exec ${APACHE2} --pidfile /var/run/apache2.pid
-	eend $?
-}
-
-modules() {
-	checkconfig || return 1
-
-	${APACHE2} ${APACHE2_OPTS} -M 2>&1
-}
-
-status() {
-	LYNX="${LYNX:-lynx -dump}"
-	STATUSURL="${STATUSURL:-http://localhost/server-status}"
-	
-	${LYNX} ${STATUSURL} | awk ' /process$/ { print; exit } { print } '
-}
-
-fullstatus() {
-	LYNX="${LYNX:-lynx -dump}"
-	STATUSURL="${STATUSURL:-http://localhost/server-status}"
-	
-	${LYNX} ${STATUSURL}
-}
diff --git a/testing/hosts/winnetou/etc/runlevels/default/net.eth0 b/testing/hosts/winnetou/etc/runlevels/default/net.eth0
deleted file mode 100755
index 92b3851cf..000000000
--- a/testing/hosts/winnetou/etc/runlevels/default/net.eth0
+++ /dev/null
@@ -1,1124 +0,0 @@
-#!/sbin/runscript
-# Copyright (c) 2004-2006 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Contributed by Roy Marples (uberlord@gentoo.org)
-# Many thanks to Aron Griffis (agriffis@gentoo.org)
-# for help, ideas and patches
-
-#NB: Config is in /etc/conf.d/net
-
-# For pcmcia users. note that pcmcia must be added to the same
-# runlevel as the net.* script that needs it.
-depend() {
-	need localmount
-	after bootmisc hostname
-	use isapnp isdn pcmcia usb wlan
-
-	# Load any custom depend functions for the given interface
-	# For example, br0 may need eth0 and eth1
-	local iface="${SVCNAME#*.}"
-	[[ $(type -t "depend_${iface}") == "function" ]] && depend_${iface}
-
-	if [[ ${iface} != "lo" && ${iface} != "lo0" ]] ; then
-		after net.lo net.lo0
-
-		# Support new style RC_NEED and RC_USE in one net file
-		local x="RC_NEED_${iface}"
-		[[ -n ${!x} ]] && need ${!x}
-		x="RC_USE_${iface}"
-		[[ -n ${!x} ]] && use ${!x}
-	fi
-
-	return 0
-}
-
-# Define where our modules are
-MODULES_DIR="${svclib}/net"
-
-# Make some wrappers to fudge after/before/need/use depend flags.
-# These are callbacks so MODULE will be set.
-after() {
-	eval "${MODULE}_after() { echo \"$*\"; }"
-}
-before() {
-	eval "${MODULE}_before() { echo \"$*\"; }"
-}
-need() {
-	eval "${MODULE}_need() { echo \"$*\"; }"
-}
-installed() {
-	# We deliberately misspell this as _installed will probably be used
-	# at some point
-	eval "${MODULE}_instlled() { echo \"$*\"; }"
-}
-provide() {
-	eval "${MODULE}_provide() { echo \"$*\"; }"
-}
-functions() {
-	eval "${MODULE}_functions() { echo \"$*\"; }"
-}
-variables() {
-	eval "${MODULE}_variables() { echo \"$*\"; }"
-}
-
-is_loopback() {
-	[[ $1 == "lo" || $1 == "lo0" ]]
-}
-
-# char* interface_device(char *iface)
-#
-# Gets the base device of the interface
-# Can handle eth0:1 and eth0.1
-# Which returns eth0 in this case
-interface_device() {
-	local dev="${1%%.*}"
-	[[ ${dev} == "$1" ]] && dev="${1%%:*}"
-	echo "${dev}"
-}
-
-# char* interface_type(char* iface)
-#
-# Returns the base type of the interface
-# eth, ippp, etc
-interface_type() {
-	echo "${1%%[0-9]*}"
-}
-
-# int calculate_metric(char *interface, int base)
-#
-# Calculates the best metric for the interface
-# We use this when we add routes so we can prefer interfaces over each other
-calculate_metric() {
-	local iface="$1" metric="$2"
-
-	# Have we already got a metric?
-	local m=$(awk '$1=="'${iface}'" && $2=="00000000" { print $7 }' \
-		/proc/net/route)
-	if [[ -n ${m} ]] ; then
-		echo "${m}"
-		return 0
-	fi
-
-	local i= dest= gw= flags= ref= u= m= mtu= metrics=
-	while read i dest gw flags ref u m mtu ; do
-		# Ignore lo
-		is_loopback "${i}" && continue
-		# We work out metrics from default routes only
-		[[ ${dest} != "00000000" || ${gw} == "00000000" ]] && continue
-		metrics="${metrics}\n${m}"
-	done < /proc/net/route
-
-	# Now, sort our metrics
-	metrics=$(echo -e "${metrics}" | sort -n)
-
-	# Now, find the lowest we can use
-	local gotbase=false
-	for m in ${metrics} ; do
-		[[ ${m} -lt ${metric} ]] && continue
-		[[ ${m} == ${metric} ]] && ((metric++))
-		[[ ${m} -gt ${metric} ]] && break
-	done
-	
-	echo "${metric}"
-}
-
-# int netmask2cidr(char *netmask)
-#
-# Returns the CIDR of a given netmask
-netmask2cidr() {
-	local binary= i= bin=
-
-	for i in ${1//./ }; do
-		bin=""
-		while [[ ${i} != "0" ]] ; do
-			bin=$[${i}%2]${bin}
-			(( i=i>>1 ))
-		done
-		binary="${binary}${bin}"
-	done
-	binary="${binary%%0*}"
-	echo "${#binary}"
-}
-
-
-# bool is_function(char* name)
-#
-# Returns 0 if the given name is a shell function, otherwise 1
-is_function() {
-	[[ -z $1 ]] && return 1
-	[[ $(type -t "$1") == "function" ]]
-}
-
-# void function_wrap(char* source, char* target)
-#
-# wraps function calls - for example function_wrap(this, that)
-# maps function names this_* to that_*
-function_wrap() {
-	local i=
-
-	is_function "${2}_depend" && return
-
-	for i in $(typeset -f | grep -o '^'"${1}"'_[^ ]*'); do
-		eval "${2}${i#${1}}() { ${i} \"\$@\"; }"
-	done
-}
-
-# char[] * expand_parameters(char *cmd)
-#
-# Returns an array after expanding parameters. For example
-# "192.168.{1..3}.{1..3}/24 brd +"
-# will return
-# "192.168.1.1/24 brd +"
-# "192.168.1.2/24 brd +"
-# "192.168.1.3/24 brd +"
-# "192.168.2.1/24 brd +"
-# "192.168.2.2/24 brd +"
-# "192.168.2.3/24 brd +"
-# "192.168.3.1/24 brd +"
-# "192.168.3.2/24 brd +"
-# "192.168.3.3/24 brd +"
-expand_parameters() {
-	local x=$(eval echo ${@// /_})
-	local -a a=( ${x} )
-
-	a=( "${a[@]/#/\"}" )
-	a=( "${a[@]/%/\"}" )
-	echo "${a[*]//_/ }"
-}
-
-# void configure_variables(char *interface, char *option1, [char *option2])
-#
-# Maps configuration options from <variable>_<option> to <variable>_<iface>
-# option2 takes precedence over option1
-configure_variables() {
-	local iface="$1" option1="$2" option2="$3"
-
-	local mod= func= x= i=
-	local -a ivars=() ovars1=() ovars2=()
-	local ifvar=$(bash_variable "${iface}")
-
-	for mod in ${MODULES[@]}; do
-		is_function ${mod}_variables || continue
-		for v in $(${mod}_variables) ; do
-			x=
-			[[ -n ${option2} ]] && x="${v}_${option2}[@]"
-			[[ -z ${!x} ]] && x="${v}_${option1}[@]"
-			[[ -n ${!x} ]] && eval "${v}_${ifvar}=( \"\${!x}\" )"
-		done
-	done
-
-	return 0
-}
-# bool module_load_minimum(char *module)
-#
-# Does the minimum checking on a module - even when forcing
-module_load_minimum() {
-	local f="$1.sh" MODULE="${1##*/}"
-
-	if [[ ! -f ${f} ]] ; then
-		eerror "${f} does not exist"
-		return 1
-	fi
-
-	if ! source "${f}" ; then
-		eerror "${MODULE} failed a sanity check"
-		return 1
-	fi
-
-	for f in depend; do
-		is_function "${MODULE}_${f}" && continue
-		eerror "${MODULE}.sh does not support the required function ${f}"
-		return 1
-	done
-
-	return 0
-}
-
-# bool modules_load_auto()
-#
-# Load and check each module for sanity
-# If the module is not installed, the functions are to be removed
-modules_load_auto() {
-	local i j inst
-
-	# Populate the MODULES array
-	# Basically we treat evey file in ${MODULES_DIR} as a module
-	MODULES=( $( cd "${MODULES_DIR}" ; ls *.sh ) )
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES_DIR}/${MODULES[i]}"
-		[[ ! -f ${MODULES[i]} ]] && unset MODULES[i]
-	done
-	MODULES=( "${MODULES[@]}" )
-
-	# Each of these sources into the global namespace, so it's
-	# important that module functions and variables are prefixed with
-	# the module name, for example iproute2_
-
-	j="${#MODULES[@]}"
-	loaded_interface=false
-	for (( i=0; i<j; i++ )); do
-		MODULES[i]="${MODULES[i]%.sh*}"
-		if [[ ${MODULES[i]##*/} == "interface" ]] ; then
-			eerror "interface is a reserved name - cannot load a module called interface"
-			return 1
-		fi
-		
-		(
-		u=0;
-		module_load_minimum "${MODULES[i]}" || u=1;
-		if [[ ${u} == 0 ]] ; then
-			inst="${MODULES[i]##*/}_check_installed";
-			if is_function "${inst}" ; then
-				${inst} false || u=1;
-			fi
-		fi
-		exit "${u}";
-		)
-
-		if [[ $? == 0 ]] ; then
-			source "${MODULES[i]}.sh"
-			MODULES[i]="${MODULES[i]##*/}"
-		else
-			unset MODULES[i]
-		fi
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	return 0
-}
-
-# bool modules_check_installed(void)
-#
-# Ensure that all modules have the required modules loaded
-# This enables us to remove modules from the MODULES array
-# Whilst other modules can still explicitly call them
-# One example of this is essidnet which configures network
-# settings for the specific ESSID connected to as the user
-# may be using a daemon to configure wireless instead of our
-# iwconfig module
-modules_check_installed() {
-	local i j missingdeps nmods="${#MODULES[@]}"
-
-	for (( i=0; i<nmods; i++ )); do
-		is_function "${MODULES[i]}_instlled" || continue
-		for j in $( ${MODULES[i]}_instlled ); do
-			missingdeps=true
-			if is_function "${j}_check_installed" ; then
-				${j}_check_installed && missingdeps=false
-			elif is_function "${j}_depend" ; then
-				missingdeps=false
-			fi
-			${missingdeps} && unset MODULES[i] && unset PROVIDES[i] && break
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-}
-
-# bool modules_check_user(void)
-modules_check_user() {
-	local iface="$1" ifvar=$(bash_variable "${IFACE}")
-	local i= j= k= l= nmods="${#MODULES[@]}"
-	local -a umods=()
-
-	# Has the interface got any specific modules?
-	umods="modules_${ifvar}[@]"
-	umods=( "${!umods}" )
-
-	# Global setting follows interface-specific setting
-	umods=( "${umods[@]}" "${modules[@]}" )
-
-	# Add our preferred modules
-	local -a pmods=( "iproute2" "dhcpcd" "iwconfig" "netplugd" )
-	umods=( "${umods[@]}" "${pmods[@]}" )
-
-	# First we strip any modules that conflict from user settings
-	# So if the user specifies pump then we don't use dhcpcd
-	for (( i=0; i<${#umods[@]}; i++ )); do
-		# Some users will inevitably put "dhcp" in their modules
-		# list.  To keep users from screwing up their system this
-		# way, ignore this setting so that the default dhcp
-		# module will be used.
-		[[ ${umods[i]} == "dhcp" ]] && continue
-
-		# We remove any modules we explicitly don't want
-		if [[ ${umods[i]} == "!"* ]] ; then
-			for (( j=0; j<nmods; j++ )); do
-				[[ -z ${MODULES[j]} ]] && continue
-				if [[ ${umods[i]:1} == "${MODULES[j]}" \
-					|| ${umods[i]:1} == "${PROVIDES[j]}" ]] ; then
-					# We may need to setup a class wrapper for it even though
-					# we don't use it directly
-					# However, we put it into an array and wrap later as
-					# another module may provide the same thing
-					${MODULES[j]}_check_installed \
-						&& WRAP_MODULES=(
-							"${WRAP_MODULES[@]}"
-							"${MODULES[j]} ${PROVIDES[j]}"
-						)
-					unset MODULES[j]
-					unset PROVIDES[j]
-				fi
-			done
-			continue
-		fi
-
-		if ! is_function "${umods[i]}_depend" ; then
-			# If the module is one of our preferred modules, then
-			# ignore this error; whatever is available will be
-			# used instead.
-			(( i < ${#umods[@]} - ${#pmods[@]} )) || continue
-
-			# The function may not exist because the modules software is
-			# not installed. Load the module and report its error
-			if [[ -e "${MODULES_DIR}/${umods[i]}.sh" ]] ; then
-				source "${MODULES_DIR}/${umods[i]}.sh"
-				is_function "${umods[i]}_check_installed" \
-					&& ${umods[i]}_check_installed true
-			else
-				eerror "The module \"${umods[i]}\" does not exist"
-			fi
-			return 1
-		fi
-
-		if is_function "${umods[i]}_provide" ; then
-			mod=$(${umods[i]}_provide)
-		else
-			mod="${umods[i]}"
-		fi
-		for (( j=0; j<nmods; j++ )); do
-			[[ -z ${MODULES[j]} ]] && continue
-			if [[ ${PROVIDES[j]} == "${mod}" && ${umods[i]} != "${MODULES[j]}" ]] ; then
-				# We don't have a match - now ensure that we still provide an
-				# alternative. This is to handle our preferred modules.
-				for (( l=0; l<nmods; l++ )); do
-					[[ ${l} == "${j}" || -z ${MODULES[l]} ]] && continue
-					if [[ ${PROVIDES[l]} == "${mod}" ]] ; then
-						unset MODULES[j]
-						unset PROVIDES[j]
-						break
-					fi
-				done
-			fi
-		done
-	done
-
-	# Then we strip conflicting modules.
-	# We only need to do this for 3rd party modules that conflict with
-	# our own modules and the preferred list AND the user modules
-	# list doesn't specify a preference.
-	for (( i=0; i<nmods-1; i++ )); do
-		[[ -z ${MODULES[i]} ]] && continue			
-		for (( j=i+1; j<nmods; j++)); do
-			[[ -z ${MODULES[j]} ]] && continue
-			[[ ${PROVIDES[i]} == "${PROVIDES[j]}" ]] \
-			&& unset MODULES[j] && unset PROVIDES[j]
-		done
-	done
-
-	MODULES=( "${MODULES[@]}" )
-	PROVIDES=( "${PROVIDES[@]}" )
-	return 0
-}
-
-# void modules_sort(void)
-#
-# Sort our modules
-modules_sort() {
-	local i= j= nmods=${#MODULES[@]} m=
-	local -a provide=() provide_list=() after=() dead=() sorted=() sortedp=()
-
-	# Make our provide list
-	for ((i=0; i<nmods; i++)); do
-		dead[i]="false"
-		if [[ ${MODULES[i]} != "${PROVIDES[i]}" ]] ; then
-			local provided=false
-			for ((j=0; j<${#provide[@]}; j++)); do
-				if [[ ${provide[j]} == "${PROVIDES[i]}" ]] ; then
-					provide_list[j]="${provide_list[j]} ${MODULES[i]}"
-					provided=true
-				fi
-			done
-			if ! ${provided}; then
-				provide[j]="${PROVIDES[i]}"
-				provide_list[j]="${MODULES[i]}"
-			fi
-		fi
-	done
-
-	# Create an after array, which holds which modules the module at
-	# index i must be after
-	for ((i=0; i<nmods; i++)); do
-		if is_function "${MODULES[i]}_after" ; then
-			after[i]=" ${after[i]} $(${MODULES[i]}_after) "
-		fi
-		if is_function "${MODULES[i]}_before" ; then
-			for m in $(${MODULES[i]}_before); do
-				for ((j=0; j<nmods; j++)) ; do
-					if [[ ${PROVIDES[j]} == "${m}" ]] ; then
-						after[j]=" ${after[j]} ${MODULES[i]} "
-						break
-					fi
-				done
-			done
-		fi
-	done
-
-	# Replace the after list modules with real modules
-	for ((i=0; i<nmods; i++)); do
-		if [[ -n ${after[i]} ]] ; then
-			for ((j=0; j<${#provide[@]}; j++)); do
-				after[i]="${after[i]// ${provide[j]} / ${provide_list[j]} }"
-			done
-		fi
-	done
-	
-	# We then use the below code to provide a topologial sort
-    module_after_visit() {
-        local name="$1" i= x=
-
-		for ((i=0; i<nmods; i++)); do
-			[[ ${MODULES[i]} == "$1" ]] && break
-		done
-
-        ${dead[i]} && return
-        dead[i]="true"
-
-        for x in ${after[i]} ; do
-            module_after_visit "${x}"
-        done
-
-        sorted=( "${sorted[@]}" "${MODULES[i]}" )
-		sortedp=( "${sortedp[@]}" "${PROVIDES[i]}" )
-    }
-
-	for x in ${MODULES[@]}; do
-		module_after_visit "${x}"
-	done
-
-	MODULES=( "${sorted[@]}" )
-	PROVIDES=( "${sortedp[@]}" )
-}
-
-# bool modules_check_depends(bool showprovides)
-modules_check_depends() {
-	local showprovides="${1:-false}" nmods="${#MODULES[@]}" i= j= needmod=
-	local missingdeps= p= interface=false
-
-	for (( i=0; i<nmods; i++ )); do
-		if is_function "${MODULES[i]}_need" ; then
-			for needmod in $(${MODULES[i]}_need); do
-				missingdeps=true
-				for (( j=0; j<nmods; j++ )); do
-					if [[ ${needmod} == "${MODULES[j]}" \
-						|| ${needmod} == "${PROVIDES[j]}" ]] ; then
-						missingdeps=false
-						break
-					fi
-				done
-				if ${missingdeps} ; then
-					eerror "${MODULES[i]} needs ${needmod} (dependency failure)"
-					return 1
-				fi
-			done
-		fi
-
-		if is_function "${MODULES[i]}_functions" ; then
-			for f in $(${MODULES[i]}_functions); do
-				if ! is_function "${f}" ; then
-					eerror "${MODULES[i]}: missing required function \"${f}\""
-					return 1
-				fi
-			done
-		fi
-
-		[[ ${PROVIDES[i]} == "interface" ]] && interface=true
-
-		if ${showprovides} ; then
-			[[ ${PROVIDES[i]} != "${MODULES[i]}" ]] \
-			&& veinfo "${MODULES[i]} provides ${PROVIDES[i]}"
-		fi
-	done
-
-	if ! ${interface} ; then
-		eerror "no interface module has been loaded"
-		return 1
-	fi
-
-	return 0
-}
-
-# bool modules_load(char *iface, bool starting)
-#
-# Loads the defined handler and modules for the interface
-# Returns 0 on success, otherwise 1
-modules_load()  {
-	local iface="$1" starting="${2:-true}" MODULE= p=false i= j= k=
-	local -a x=()
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a PROVIDES=() WRAP_MODULES=()
-
-	if ! is_loopback "${iface}" ; then
-		x="modules_force_${iface}[@]"
-		[[ -n ${!x} ]] && modules_force=( "${!x}" )
-		if [[ -n ${modules_force} ]] ; then
-			ewarn "WARNING: You are forcing modules!"
-			ewarn "Do not complain or file bugs if things start breaking"
-			report=true
-		fi
-	fi
-
-	veinfo "Loading networking modules for ${iface}"
-	eindent
-
-	if [[ -z ${modules_force} ]] ; then
-		modules_load_auto || return 1
-	else
-		j="${#modules_force[@]}"
-		for (( i=0; i<j; i++ )); do
-			module_load_minimum "${MODULES_DIR}/${modules_force[i]}" || return 1
-			if is_function "${modules_force[i]}_check_installed" ; then
-				${modules_force[i]}_check_installed || unset modules_force[i]
-			fi
-		done
-		MODULES=( "${modules_force[@]}" )
-	fi
-
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		# Now load our dependencies - we need to use the MODULE variable
-		# here as the after/before/need functions use it
-		MODULE="${MODULES[i]}"
-		${MODULE}_depend
-
-		# expose does exactly the same thing as depend
-		# However it is more "correct" as it exposes things to other modules
-		# instead of depending on them ;)
-		is_function "${MODULES[i]}_expose" && ${MODULES[i]}_expose
-
-		# If no provide is given, assume module name
-		if is_function "${MODULES[i]}_provide" ; then
-			PROVIDES[i]=$(${MODULES[i]}_provide)
-		else
-			PROVIDES[i]="${MODULES[i]}"
-		fi
-	done
-
-	if [[ -n ${modules_force[@]} ]] ; then
-		# Strip any duplicate modules providing the same thing
-		j="${#MODULES[@]}"
-		for (( i=0; i<j-1; i++ )); do
-			[[ -z ${MODULES[i]} ]] && continue
-			for (( k=i+1; k<j; k++ )); do
-				if [[ ${PROVIDES[i]} == ${PROVIDES[k]} ]] ; then
-					unset MODULES[k]
-					unset PROVIDES[k]
-				fi
-			done
-		done
-		MODULES=( "${MODULES[@]}" )
-		PROVIDES=( "${PROVIDES[@]}" )
-	else
-		if ${starting}; then
-			modules_check_user "${iface}" || return 1
-		else
-			# Always prefer iproute2 for taking down interfaces
-			if is_function iproute2_provide ; then
-				function_wrap iproute2 "$(iproute2_provide)"
-			fi
-		fi
-	fi
-	
-	# Wrap our modules
-	j="${#MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap "${MODULES[i]}" "${PROVIDES[i]}"
-	done
-	j="${#WRAP_MODULES[@]}"
-	for (( i=0; i<j; i++ )); do
-		function_wrap ${WRAP_MODULES[i]}
-	done
-	
-	if [[ -z ${modules_force[@]} ]] ; then
-		modules_check_installed || return 1
-		modules_sort || return 1
-	fi
-
-	veinfo "modules: ${MODULES[@]}"
-	eindent
-
-	${starting} && p=true
-	modules_check_depends "${p}" || return 1
-	return 0
-}
-
-# bool iface_start(char *interface)
-#
-# iface_start is called from start.  It's expected to start the base
-# interface (for example "eth0"), aliases (for example "eth0:1") and to start
-# VLAN interfaces (for example eth0.0, eth0.1).  VLAN setup is accomplished by
-# calling itself recursively.
-iface_start() {
-	local iface="$1" mod config_counter="-1" x config_worked=false
-	local RC_INDENTATION="${RC_INDENTATION}"
-	local -a config=() fallback=() fallback_route=() conf=() a=() b=()
-	local ifvar=$(bash_variable "$1") i= j= metric=0
-
-	# pre Start any modules with
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_start" ; then
-			${mod}_pre_start "${iface}" || { eend 1; return 1; }
-		fi
-	done
-
-	x="metric_${ifvar}"
-	# If we don't have a metric then calculate one
-	# Our modules will set the metric variable to a suitable base
-	# in their pre starts.
-	if [[ -z ${!x} ]] ; then
-		eval "metric_${ifvar}=\"$(calculate_metric "${iface}" "${metric}")\""
-	fi
-
-	# We now expand the configuration parameters and pray that the
-	# fallbacks expand to the same number as config or there will be
-	# trouble!
-	a="config_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		config=( "${config[@]}" "${b[@]}" )
-	done
-
-	a="fallback_${ifvar}[@]"
-	a=( "${!a}" )
-	for (( i=0; i<${#a[@]}; i++ )); do 
-		eval b=( $(expand_parameters "${a[i]}") )
-		fallback=( "${fallback[@]}" "${b[@]}" )
-	done
-
-	# We don't expand routes
-	fallback_route="fallback_route_${ifvar}[@]"
-	fallback_route=( "${!fallback_route}" )
-	
-	# We must support old configs
-	if [[ -z ${config} ]] ; then
-		interface_get_old_config "${iface}" || return 1
-		if [[ -n ${config} ]] ; then
-			ewarn "You are using a deprecated configuration syntax for ${iface}"
-			ewarn "You are advised to read /etc/conf.d/net.example and upgrade it accordingly"
-		fi
-	fi
-
-	# Handle "noop" correctly
-	if [[ ${config[0]} == "noop" ]] ; then
-		if interface_is_up "${iface}" true ; then
-			einfo "Keeping current configuration for ${iface}"
-			eend 0
-			return 0
-		fi
-
-		# Remove noop from the config var
-		config=( "${config[@]:1}" )
-	fi
-
-	# Provide a default of DHCP if no configuration is set and we're auto
-	# Otherwise a default of NULL
-	if [[ -z ${config} ]] ; then
-		ewarn "Configuration not set for ${iface} - assuming DHCP"
-		if is_function "dhcp_start" ; then
-			config=( "dhcp" )
-		else
-			eerror "No DHCP client installed"
-			return 1
-		fi
-	fi
-
-	einfo "Bringing up ${iface}"
-	eindent
-	for (( config_counter=0; config_counter<${#config[@]}; config_counter++ )); do
-		# Handle null and noop correctly
-		if [[ ${config[config_counter]} == "null" \
-			|| ${config[config_counter]} == "noop" ]] ; then
-			eend 0
-			config_worked=true
-			continue
-		fi
-
-		# We convert it to an array - this has the added
-		# bonus of trimming spaces!
-		conf=( ${config[config_counter]} )
-		einfo "${conf[0]}"
-
-		# Do we have a function for our config?
-		if is_function "${conf[0]}_start" ; then
-			eindent
-			${conf[0]}_start "${iface}" ; x=$?
-			eoutdent
-			[[ ${x} == 0 ]] && config_worked=true && continue
-			# We need to test to see if it's an IP address or a function
-			# We do this by testing if the 1st character is a digit
-		elif [[ ${conf[0]:0:1} == [[:digit:]] || ${conf[0]} == *:* ]] ; then
-			x="0"
-			if ! is_loopback "${iface}" ; then
-				if [[ " ${MODULES[@]} " == *" arping "* ]] ; then
-					if arping_address_exists "${iface}" "${conf[0]}" ; then
-						eerror "${conf[0]%%/*} already taken on ${iface}"
-						x="1"
-					fi
-				fi
-			fi
-			[[ ${x} == "0" ]] && interface_add_address "${iface}" ${conf[@]}; x="$?"
-			eend "${x}" && config_worked=true && continue
-		else
-			if [[ ${conf[0]} == "dhcp" ]] ; then
-				eerror "No DHCP client installed"
-			else
-				eerror "No loaded modules provide \"${conf[0]}\" (${conf[0]}_start)"
-			fi
-		fi
-
-		if [[ -n ${fallback[config_counter]} ]] ; then
-			einfo "Trying fallback configuration"
-			config[config_counter]="${fallback[config_counter]}"
-			fallback[config_counter]=""
-
-			# Do we have a fallback route?
-			if [[ -n ${fallback_route[config_counter]} ]] ; then
-				x="fallback_route[config_counter]"
-				eval "routes_${ifvar}=( \"\${!x}\" )"
-				fallback_route[config_counter]=""
-			fi
-
-			(( config_counter-- )) # since the loop will increment it
-			continue
-		fi
-	done
-	eoutdent
-
-	# We return failure if no configuration parameters worked
-	${config_worked} || return 1
-
-	# Start any modules with _post_start
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_post_start" ; then
-			${mod}_post_start "${iface}" || return 1
-		fi
-	done
-
-	return 0
-}
-
-# bool iface_stop(char *interface)
-#
-# iface_stop: bring down an interface.  Don't trust information in
-# /etc/conf.d/net since the configuration might have changed since
-# iface_start ran.  Instead query for current configuration and bring
-# down the interface.
-iface_stop() {
-	local iface="$1" i= aliases= need_begin=false mod=
-	local RC_INDENTATION="${RC_INDENTATION}"
-
-	# pre Stop any modules
-	for mod in ${MODULES[@]}; do
-		if is_function "${mod}_pre_stop" ; then
-			${mod}_pre_stop "${iface}" || return 1
-		fi
-	done
-
-	einfo "Bringing down ${iface}"
-	eindent
-
-	# Collect list of aliases for this interface.
-	# List will be in reverse order.
-	if interface_exists "${iface}" ; then
-		aliases=$(interface_get_aliases_rev "${iface}")
-	fi
-
-	# Stop aliases before primary interface.
-	# Note this must be done in reverse order, since ifconfig eth0:1 
-	# will remove eth0:2, etc.  It might be sufficient to simply remove 
-	# the base interface but we're being safe here.
-	for i in ${aliases} ${iface}; do
-		# Stop all our modules
-		for mod in ${MODULES[@]}; do
-			if is_function "${mod}_stop" ; then
-				${mod}_stop "${i}" || return 1
-			fi
-		done
-
-		# A module may have removed the interface
-		if ! interface_exists "${iface}" ; then
-			eend 0
-			continue
-		fi
-
-		# We don't delete ppp assigned addresses
-		if ! is_function pppd_exists || ! pppd_exists "${i}" ; then
-			# Delete all the addresses for this alias
-			interface_del_addresses "${i}"
-		fi
-
-		# Do final shut down of this alias
-		if [[ ${IN_BACKGROUND} != "true" \
-			&& ${RC_DOWN_INTERFACE} == "yes" ]] ; then
-			ebegin "Shutting down ${i}"
-			interface_iface_stop "${i}"
-			eend "$?"
-		fi
-	done
-
-	# post Stop any modules
-	for mod in ${MODULES[@]}; do
-		# We have already taken down the interface, so no need to error
-		is_function "${mod}_post_stop" && ${mod}_post_stop "${iface}"
-	done
-
-	return 0
-}
-
-# bool run_start(char *iface)
-#
-# Brings up ${IFACE}.  Calls preup, iface_start, then postup.
-# Returns 0 (success) unless preup or iface_start returns 1 (failure).
-# Ignores the return value from postup.
-# We cannot check that the device exists ourselves as modules like
-# tuntap make create it.
-run_start() {
-	local iface="$1" IFVAR=$(bash_variable "$1")
-
-	# We do this so users can specify additional addresses for lo if they
-	# need too - additional routes too
-	# However, no extra modules are loaded as they are just not needed
-	if [[ ${iface} == "lo" ]] ; then
-		metric_lo="0"
-		config_lo=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo=( "127.0.0.0/8" "${routes_lo[@]}" )
-	elif [[ ${iface} == "lo0" ]] ; then
-		metric_lo0="0"
-		config_lo0=( "127.0.0.1/8 brd 127.255.255.255" "${config_lo[@]}" )
-		routes_lo0=( "127.0.0.0/8" "${routes_lo[@]}" )
-	fi
-
-	# We may not have a loaded module for ${iface}
-	# Some users may have "alias natsemi eth0" in /etc/modules.d/foo
-	# so we can work with this
-	# However, if they do the same with eth1 and try to start it
-	# but eth0 has not been loaded then the module gets loaded as
-	# eth0.
-	# Not much we can do about this :(
-	# Also, we cannot error here as some modules - such as bridge
-	# create interfaces
-	if ! interface_exists "${iface}" ; then
-		/sbin/modprobe "${iface}" &>/dev/null
-	fi
-
-	# Call user-defined preup function if it exists
-	if is_function preup ; then
-		einfo "Running preup function"
-		eindent
-		( preup "${iface}" )
-		eend "$?" "preup ${iface} failed" || return 1
-		eoutdent
-	fi
-
-	# If config is set to noop and the interface is up with an address
-	# then we don't start it
-	local config=
-	config="config_${IFVAR}[@]"
-	config=( "${!config}" )
-	if [[ ${config[0]} == "noop" ]] && interface_is_up "${iface}" true ; then
-		einfo "Keeping current configuration for ${iface}"
-		eend 0
-	else
-		# Remove noop from the config var
-		[[ ${config[0]} == "noop" ]] \
-			&& eval "config_${IFVAR}=( "\"\$\{config\[@\]:1\}\"" )"
-
-		# There may be existing ip address info - so we strip it
-		if [[ ${RC_INTERFACE_KEEP_CONFIG} != "yes" \
-			&& ${IN_BACKGROUND} != "true" ]] ; then
-			interface_del_addresses "${iface}"
-		fi
-
-		# Start the interface
-		if ! iface_start "${iface}" ; then
-			if [[ ${IN_BACKGROUND} != "true" ]] ; then
-				interface_exists "${iface}" && interface_down "${iface}"
-			fi
-			eend 1
-			return 1
-		fi
-	fi
-
-	# Call user-defined postup function if it exists
-	if is_function postup ; then
-		# We need to mark the service as started incase a
-		# postdown function wants to restart services that depend on us
-		mark_service_started "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postup function"
-		eindent
-		( postup "${iface}" )
-		eoutdent
-	fi
-
-	return 0
-}
-
-# bool run_stop(char *iface) {
-#
-# Brings down ${iface}.  If predown call returns non-zero, then
-# stop returns non-zero to indicate failure bringing down device.
-# In all other cases stop returns 0 to indicate success.
-run_stop() {
-	local iface="$1" IFVAR=$(bash_variable "$1") x
-
-	# Load our ESSID variable so users can use it in predown() instead
-	# of having to write code.
-	local ESSID=$(get_options ESSID) ESSIDVAR=
-	[[ -n ${ESSID} ]] && ESSIDVAR=$(bash_variable "${ESSID}")
-
-	# Call user-defined predown function if it exists
-	if is_function predown ; then
-		einfo "Running predown function"
-		eindent
-		( predown "${iface}" )
-		eend $? "predown ${iface} failed" || return 1
-		eoutdent
-	elif is_net_fs / ; then
-		eerror "root filesystem is network mounted -- can't stop ${iface}"
-		return 1
-	elif is_union_fs / ; then
-		for x in $(unionctl "${dir}" --list \
-		| sed -e 's/^\(.*\) .*/\1/') ; do
-			if is_net_fs "${x}" ; then
-				eerror "Part of the root filesystem is network mounted - cannot stop ${iface}"
-				return 1
-			fi
-		done
-	fi
-
-	iface_stop "${iface}" || return 1  # always succeeds, btw
-
-	# Release resolv.conf information.
-	[[ -x /sbin/resolvconf ]] && resolvconf -d "${iface}"
-	
-	# Mark us as inactive if called from the background
-	[[ ${IN_BACKGROUND} == "true" ]] && mark_service_inactive "net.${iface}"
-
-	# Call user-defined postdown function if it exists
-	if is_function postdown ; then
-		# We need to mark the service as stopped incase a
-		# postdown function wants to restart services that depend on us
-		[[ ${IN_BACKGROUND} != "true" ]] && mark_service_stopped "net.${iface}"
-		end_service "net.${iface}" 0
-		einfo "Running postdown function"
-		eindent
-		( postdown "${iface}" )
-		eoutdent
-	fi
-
-
-	return 0
-}
-
-# bool run(char *iface, char *cmd)
-#
-# Main start/stop entry point
-# We load modules here and remove any functions that they
-# added as we may be called inside the same shell scope for another interface
-run() {
-	local iface="$1" cmd="$2" r=1 RC_INDENTATION="${RC_INDENTATION}"
-	local starting=true
-	local -a MODULES=() mods=()
-	local IN_BACKGROUND="${IN_BACKGROUND}"
-
-	if [[ ${IN_BACKGROUND} == "true" || ${IN_BACKGROUND} == "1" ]] ; then
-		IN_BACKGROUND=true
-	else
-		IN_BACKGROUND=false
-	fi
-
-	# We need to override the exit function as runscript.sh now checks
-	# for it. We need it so we can mark the service as inactive ourselves.
-	unset -f exit
-
-	eindent
-	[[ ${cmd} == "stop" ]] && starting=false
-
-	# We force lo to only use these modules for a major speed boost
-	if is_loopback "${iface}" ; then	
-		modules_force=( "iproute2" "ifconfig" "system" )
-	fi
-
-	if modules_load "${iface}" "${starting}" ; then
-		if [[ ${cmd} == "stop" ]] ; then
-			# Reverse the module list for stopping
-			mods=( "${MODULES[@]}" )
-			for ((i = 0; i < ${#mods[@]}; i++)); do
-				MODULES[i]=${mods[((${#mods[@]} - i - 1))]}
-			done
-
-			run_stop "${iface}" && r=0
-		else
-			# Only hotplug on ethernet interfaces
-			if [[ ${IN_HOTPLUG} == 1 ]] ; then
-				if ! interface_is_ethernet "${iface}" ; then
-					eerror "We only hotplug for ethernet interfaces"
-					return 1
-				fi
-			fi
-
-			run_start "${iface}" && r=0
-		fi
-	fi
-
-	if [[ ${r} != "0" ]] ; then
-		if [[ ${cmd} == "start" ]] ; then
-			# Call user-defined failup if it exists
-			if is_function failup ; then
-				einfo "Running failup function"
-				eindent
-				( failup "${iface}" )
-				eoutdent
-			fi
-		else
-			# Call user-defined faildown if it exists
-			if is_function faildown ; then
-				einfo "Running faildown function"
-				eindent
-				( faildown "${iface}" )
-				eoutdent
-			fi
-		fi
-		[[ ${IN_BACKGROUND} == "true" ]] \
-			&& mark_service_inactive "net.${iface}"
-	fi
-
-	return "${r}"
-}
-
-# bool start(void)
-#
-# Start entry point so that we only have one function
-# which localises variables and unsets functions
-start() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Starting ${IFACE}"
-	run "${IFACE}" start
-}
-
-# bool stop(void)
-#
-# Stop entry point so that we only have one function
-# which localises variables and unsets functions
-stop() {
-	declare -r IFACE="${SVCNAME#*.}"
-	einfo "Stopping ${IFACE}"
-	run "${IFACE}" stop
-}
-
-# vim:ts=4