xref: /illumos-gate/usr/src/cmd/svc/milestone/net-init (revision 48633f182599946aebd63dccdc852ad722b57d0e)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26# This is the second phase of TCP/IP configuration.  The first part is
27# run by the svc:/network/physical service and includes configuring the
28# interfaces and setting the machine's hostname.  The svc:/network/initial
29# service does all configuration that can be done before name services are
30# started, bar configuring IP routing (this is carried out by the
31# svc:/network/routing-setup service).  The final part, run by the
32# svc:/network/service service,  does all configuration that may require
33# name services.  This includes a final re-configuration of the
34# interfaces.
35#
36
37. /lib/svc/share/smf_include.sh
38
39#
40# In a shared-IP zone we need this service to be up, but all of the work
41# it tries to do is irrelevant (and will actually lead to the service
42# failing if we try to do it), so just bail out.
43# In the global zone and exclusive-IP zones we proceed.
44#
45smf_configure_ip || exit $SMF_EXIT_OK
46
47# Configure IPv6 Default Address Selection.
48if [ -f /etc/inet/ipaddrsel.conf ]; then
49	/usr/sbin/ipaddrsel -f /etc/inet/ipaddrsel.conf
50fi
51
52#
53# If explicit IPMP groups are being used, in.mpathd will already be started.
54# However, if TRACK_INTERFACES_ONLY_WITH_GROUPS=no and no explicit IPMP
55# groups have been configured, then it still needs to be started.  So, fire
56# it up in "adopt" mode; if there are no interfaces it needs to manage, it
57# will automatically exit.
58#
59/usr/bin/pgrep -x -u 0 -z `smf_zonename` in.mpathd >/dev/null 2>&1 || \
60    /usr/lib/inet/in.mpathd -a
61
62#
63# Set the RFC 1948 entropy, regardless of if I'm using it or not.  If present,
64# use the encrypted root password as a source of entropy.  Otherwise,
65# just use the pre-set (and hopefully difficult to guess) entropy that
66# tcp used when it loaded.
67#
68encr=`/usr/bin/awk -F: '/^root:/ {print $2}' /etc/shadow`
69[ -z "$encr" ] || /usr/sbin/ndd -set /dev/tcp tcp_1948_phrase $encr
70unset encr
71
72#
73# Get values for TCP_STRONG_ISS, ACCEPT6TO4RELAY and RELAY6TO4ADDR.
74#
75[ -f /etc/default/inetinit ] && . /etc/default/inetinit
76
77# Set the SDP system Policy.  This needs to happen after basic
78# networking is up but before any networking services that might
79# want to use SDP are enabled
80if [ -f /usr/sbin/sdpadm -a -f /etc/sdp.conf ]; then
81	. /etc/sdp.conf
82	if [ "$sysenable" = "1" ]; then
83		/usr/sbin/sdpadm enable
84	fi
85fi
86
87#
88# Set TCP ISS generation.  By default the ISS generation is
89# time + random()-delta.  This might not be strong enough for some users.
90# See /etc/default/inetinit for settings and further info on TCP_STRONG_ISS.
91# If not set, use TCP's internal default setting.
92#
93if [ $TCP_STRONG_ISS ]; then
94	/usr/sbin/ndd -set /dev/tcp tcp_strong_iss $TCP_STRONG_ISS
95fi
96
97#
98# Configure tunnels which were deferred by /lib/svc/method/net-physical
99# (the svc:/network/physical service) since it depends on the tunnel endpoints
100# being reachable i.e. routing must be running.
101#
102# WARNING: you may wish to turn OFF forwarding if you haven't already, because
103# of various possible security vulnerabilities when configuring tunnels for
104# Virtual Private Network (VPN) construction.
105#
106# Also, if names are used in the /etc/hostname.ip.tun* file, those names
107# have to be in either DNS (and DNS is used) or in /etc/hosts, because this
108# file is executed before NIS or NIS+ is started.
109#
110
111#
112# IPv4 tunnels
113# The second component of the name must be either "ip" or "ip6".
114#
115interface_names="`/usr/bin/ls /etc/hostname.ip*.*[0-9] 2>/dev/null | \
116    /usr/bin/grep '/etc/hostname\.ip6\{0,1\}\.'`"
117if [ -n "$interface_names" ]; then
118	(
119		echo "configuring IPv4 tunnels:\c"
120		# Extract the part after the first '.'
121		set -- `for intr in $interface_names; do \
122		    /usr/bin/expr //$intr : '[^.]*\.\(.*\)$'; done`
123		while [ $# -ge 1 ]; do
124			# Skip empty files
125			if [ ! -s /etc/hostname\.$1 ]; then
126				shift
127				continue
128			fi
129			/usr/sbin/ifconfig $1 plumb
130			while read ifcmds; do
131				if [ -n "$ifcmds" ]; then
132					/usr/sbin/ifconfig $1 inet $ifcmds
133				fi
134			done </etc/hostname\.$1 >/dev/null
135			echo " $1\c"
136			shift
137		done
138		echo "."
139	)
140fi
141
142#
143# IPv6 Tunnels
144# The second component of the name must be either "ip" or "ip6".
145#
146interface_names="`/usr/bin/ls /etc/hostname6.ip*.*[0-9] 2>/dev/null | \
147    /usr/bin/grep '/etc/hostname6\.ip6\{0,1\}\.'`"
148if [ -n "$interface_names" ]; then
149	(
150		echo "configuring IPv6 tunnels:\c"
151		# Extract the part after the first '.'
152		set -- `for intr in $interface_names; do \
153		    /usr/bin/expr //$intr : '[^.]*\.\(.*\)$'; done`
154		while [ $# -ge 1 ]; do
155			# Skip empty files
156			if [ ! -s /etc/hostname6\.$1 ]; then
157				shift
158				continue
159			fi
160			/usr/sbin/ifconfig $1 inet6 plumb
161			while read ifcmds; do
162				if [ -n "$ifcmds" ]; then
163					/usr/sbin/ifconfig $1 inet6 $ifcmds
164				fi
165			done </etc/hostname6\.$1 > /dev/null
166			echo " $1\c"
167			shift
168		done
169		echo "."
170	)
171fi
172
173# Clear exit status.
174exit $SMF_EXIT_OK
175