17c478bd9Sstevel@tonic-gate#!/sbin/sh 27c478bd9Sstevel@tonic-gate# 37c478bd9Sstevel@tonic-gate# CDDL HEADER START 47c478bd9Sstevel@tonic-gate# 57c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 66927f468Sdp# Common Development and Distribution License (the "License"). 76927f468Sdp# You may not use this file except in compliance with the License. 87c478bd9Sstevel@tonic-gate# 97c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate# and limitations under the License. 137c478bd9Sstevel@tonic-gate# 147c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate# 207c478bd9Sstevel@tonic-gate# CDDL HEADER END 217c478bd9Sstevel@tonic-gate# 227c478bd9Sstevel@tonic-gate# 23e11c3f44Smeem# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate# Use is subject to license terms. 257c478bd9Sstevel@tonic-gate# 26*a73be61aSHans Rosenfeld# Copyright 2021 Tintri by DDN, Inc. All rights reserved. 27*a73be61aSHans Rosenfeld# 287c478bd9Sstevel@tonic-gate# This is the second phase of TCP/IP configuration. The first part is 29a192e900Samaguire# run by the svc:/network/physical service and includes configuring the 30a192e900Samaguire# interfaces and setting the machine's hostname. The svc:/network/initial 31a192e900Samaguire# service does all configuration that can be done before name services are 32a192e900Samaguire# started, bar configuring IP routing (this is carried out by the 33a192e900Samaguire# svc:/network/routing-setup service). The final part, run by the 34a192e900Samaguire# svc:/network/service service, does all configuration that may require 35a192e900Samaguire# name services. This includes a final re-configuration of the 36a192e900Samaguire# interfaces. 377c478bd9Sstevel@tonic-gate# 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate. /lib/svc/share/smf_include.sh 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate# 42f4b3ec61Sdh155122# In a shared-IP zone we need this service to be up, but all of the work 437c478bd9Sstevel@tonic-gate# it tries to do is irrelevant (and will actually lead to the service 447c478bd9Sstevel@tonic-gate# failing if we try to do it), so just bail out. 45f4b3ec61Sdh155122# In the global zone and exclusive-IP zones we proceed. 467c478bd9Sstevel@tonic-gate# 47f4b3ec61Sdh155122smf_configure_ip || exit $SMF_EXIT_OK 486927f468Sdp 497c478bd9Sstevel@tonic-gate# Configure IPv6 Default Address Selection. 507c478bd9Sstevel@tonic-gateif [ -f /etc/inet/ipaddrsel.conf ]; then 517c478bd9Sstevel@tonic-gate /usr/sbin/ipaddrsel -f /etc/inet/ipaddrsel.conf 527c478bd9Sstevel@tonic-gatefi 537c478bd9Sstevel@tonic-gate 547c478bd9Sstevel@tonic-gate# 557c478bd9Sstevel@tonic-gate# Set the RFC 1948 entropy, regardless of if I'm using it or not. If present, 567c478bd9Sstevel@tonic-gate# use the encrypted root password as a source of entropy. Otherwise, 577c478bd9Sstevel@tonic-gate# just use the pre-set (and hopefully difficult to guess) entropy that 587c478bd9Sstevel@tonic-gate# tcp used when it loaded. 597c478bd9Sstevel@tonic-gate# 607c478bd9Sstevel@tonic-gateencr=`/usr/bin/awk -F: '/^root:/ {print $2}' /etc/shadow` 617c478bd9Sstevel@tonic-gate[ -z "$encr" ] || /usr/sbin/ndd -set /dev/tcp tcp_1948_phrase $encr 627c478bd9Sstevel@tonic-gateunset encr 637c478bd9Sstevel@tonic-gate 64db5ca0bdSsangeeta# Set the SDP system Policy. This needs to happen after basic 65db5ca0bdSsangeeta# networking is up but before any networking services that might 66db5ca0bdSsangeeta# want to use SDP are enabled 67db5ca0bdSsangeetaif [ -f /usr/sbin/sdpadm -a -f /etc/sdp.conf ]; then 68db5ca0bdSsangeeta . /etc/sdp.conf 69db5ca0bdSsangeeta if [ "$sysenable" = "1" ]; then 70db5ca0bdSsangeeta /usr/sbin/sdpadm enable 71db5ca0bdSsangeeta fi 72db5ca0bdSsangeetafi 73db5ca0bdSsangeeta 747c478bd9Sstevel@tonic-gate# 757c478bd9Sstevel@tonic-gate# Set TCP ISS generation. By default the ISS generation is 767c478bd9Sstevel@tonic-gate# time + random()-delta. This might not be strong enough for some users. 777c478bd9Sstevel@tonic-gate# See /etc/default/inetinit for settings and further info on TCP_STRONG_ISS. 787c478bd9Sstevel@tonic-gate# If not set, use TCP's internal default setting. 797c478bd9Sstevel@tonic-gate# 802b24ab6bSSebastien Roy[ -f /etc/default/inetinit ] && . /etc/default/inetinit 817c478bd9Sstevel@tonic-gateif [ $TCP_STRONG_ISS ]; then 827c478bd9Sstevel@tonic-gate /usr/sbin/ndd -set /dev/tcp tcp_strong_iss $TCP_STRONG_ISS 837c478bd9Sstevel@tonic-gatefi 847c478bd9Sstevel@tonic-gate 857c478bd9Sstevel@tonic-gate# Clear exit status. 866927f468Sdpexit $SMF_EXIT_OK 87