Home | History | Annotate | Download | only in milestone
      1 #!/sbin/sh
      2 #
      3 # CDDL HEADER START
      4 #
      5 # The contents of this file are subject to the terms of the
      6 # Common Development and Distribution License (the "License").
      7 # You may not use this file except in compliance with the License.
      8 #
      9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
     10 # or http://www.opensolaris.org/os/licensing.
     11 # See the License for the specific language governing permissions
     12 # and limitations under the License.
     13 #
     14 # When distributing Covered Code, include this CDDL HEADER in each
     15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
     16 # If applicable, add the following below this CDDL HEADER, with the
     17 # fields enclosed by brackets "[]" replaced with your own identifying
     18 # information: Portions Copyright [yyyy] [name of copyright owner]
     19 #
     20 # CDDL HEADER END
     21 #
     22 #
     23 # Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
     24 # Use is subject to license terms.
     25 #
     26 # This service configures IP tunnel links and IP interfaces over IP
     27 # tunnels.
     28 #
     29 
     30 . /lib/svc/share/smf_include.sh
     31 
     32 #
     33 # Configure tunnels which were deferred by /lib/svc/method/net-physical (the
     34 # svc:/network/physical service) since it depends on the tunnel source
     35 # addresses being available.
     36 #
     37 # WARNING: you may wish to turn OFF forwarding if you haven't already, because
     38 # of various possible security vulnerabilities when configuring tunnels for
     39 # Virtual Private Network (VPN) construction.
     40 #
     41 # Also, if names are used in the /etc/hostname*.* files, those names have to
     42 # be in either DNS (and DNS is used) or in /etc/hosts, because this file is
     43 # executed before NIS or NIS+ is started.
     44 #
     45 
     46 #
     47 # get_tunnel_links: print the names of the tunnel links currently configured
     48 # on the running system.
     49 #
     50 get_tunnel_links ()
     51 {
     52 	/sbin/dladm show-iptun -p -o link
     53 }
     54 
     55 # plumb_tunnel <intf_name> <net_type> <intf_file>
     56 plumb_tunnel ()
     57 {
     58 	/sbin/ifconfig $1 $2 plumb
     59 	while read ifcmds; do
     60   	if [ -n "$ifcmds" ]; then
     61 		/sbin/ifconfig $1 $2 $ifcmds
     62 	fi
     63 	done < $3 > /dev/null
     64 	/sbin/ifconfig $1 $2 up
     65 }
     66 
     67 case "$1" in
     68 start)
     69 	# First, bring up tunnel links
     70 	/sbin/dladm up-iptun
     71 
     72 	#
     73 	# Get the list of IP tunnel interfaces we'll need to configure.  These
     74 	# are comprised of IP interfaces over the tunnels we've just brought
     75 	# up in the above dladm command, and the implicit tunnels named "ip.*"
     76 	# that we'll also create for backward compatibility.  When we build
     77 	# the list of implicit tunnels, we have to make sure that they're not
     78 	# different kinds of links that are simply named "ip.*".
     79 	#
     80 	tunnel_links=`get_tunnel_links`
     81 	implicit_tunnel_names=`/usr/bin/ls -1 /etc/hostname.ip*.*[0-9] \
     82 	    /etc/hostname6.ip*.*[0-9] 2> /dev/null | /usr/bin/cut -f2- -d. | \
     83 	    /usr/bin/sort -u`
     84 	for intf_name in $implicit_tunnel_names; do
     85 		/sbin/dladm show-link -pP $intf_name > /dev/null 2>&1
     86 		if [ $? -ne 0 ]; then
     87 	    		implicit_tunnels="$implicit_tunnels $intf_name"
     88 		fi
     89 	done
     90 	tunnel_interfaces=`for intf in $tunnel_links $implicit_tunnels; do \
     91 	    echo $intf; done | /usr/bin/sort -u`
     92 
     93 	for intf_name in $tunnel_interfaces; do
     94 		if [ -f /etc/hostname.$intf_name ]; then
     95 			plumb_tunnel $intf_name inet /etc/hostname.$intf_name
     96 		fi
     97 		if [ -f /etc/hostname6.$intf_name ]; then
     98 			plumb_tunnel $intf_name inet6 /etc/hostname6.$intf_name
     99 		fi
    100 	done
    101 
    102 	#
    103 	# Set 6to4 Relay Router communication support policy and, if
    104 	# applicable, the destination Relay Router IPv4 address.  See
    105 	# /etc/default/inetinit for setting and further info on
    106 	# ACCEPT6TO4RELAY and RELAY6TO4ADDR.  If ACCEPT6TO4RELAY=NO, the
    107 	# default value in the kernel will be used.
    108 	#
    109 	[ -f /etc/default/inetinit ] && . /etc/default/inetinit
    110 	ACCEPT6TO4RELAY=`echo "$ACCEPT6TO4RELAY" | /usr/bin/tr '[A-Z]' '[a-z]'`
    111 	if [ "$ACCEPT6TO4RELAY" = yes ]; then
    112 		if [ "$RELAY6TO4ADDR" ]; then
    113 			/usr/sbin/6to4relay -e -a $RELAY6TO4ADDR
    114 		else
    115 			/usr/sbin/6to4relay -e
    116 		fi
    117 	fi
    118 	;;
    119 
    120 stop)
    121 	tunnel_links=`get_tunnel_links`
    122 
    123 	# Unplumb IP interfaces
    124 	for tun in $tunnel_links; do
    125 		/sbin/ifconfig $tun unplumb > /dev/null 2>&1
    126 		/sbin/ifconfig $tun inet6 unplumb > /dev/null 2>&1
    127 	done
    128 
    129 	# Take down the IP tunnel links
    130 	/sbin/dladm down-iptun
    131 	;;
    132 
    133 *)
    134 	echo "Usage: $0 { start | stop }"
    135 	exit 1
    136 	;;
    137 esac
    138 
    139 exit $SMF_EXIT_OK
    140