xref: /illumos-gate/usr/src/cmd/svc/milestone/net-init (revision b3619796d92b4472acfed6b7c813f83cef335013)
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26# Copyright 2021 Tintri by DDN, Inc. All rights reserved.
27#
28# This is the second phase of TCP/IP configuration.  The first part is
29# run by the svc:/network/physical service and includes configuring the
30# interfaces and setting the machine's hostname.  The svc:/network/initial
31# service does all configuration that can be done before name services are
32# started, bar configuring IP routing (this is carried out by the
33# svc:/network/routing-setup service).  The final part, run by the
34# svc:/network/service service,  does all configuration that may require
35# name services.  This includes a final re-configuration of the
36# interfaces.
37#
38
39. /lib/svc/share/smf_include.sh
40
41#
42# In a shared-IP zone we need this service to be up, but all of the work
43# it tries to do is irrelevant (and will actually lead to the service
44# failing if we try to do it), so just bail out.
45# In the global zone and exclusive-IP zones we proceed.
46#
47smf_configure_ip || exit $SMF_EXIT_OK
48
49# Configure IPv6 Default Address Selection.
50if [ -f /etc/inet/ipaddrsel.conf ]; then
51	/usr/sbin/ipaddrsel -f /etc/inet/ipaddrsel.conf
52fi
53
54#
55# Set the RFC 1948 entropy, regardless of if I'm using it or not.  If present,
56# use the encrypted root password as a source of entropy.  Otherwise,
57# just use the pre-set (and hopefully difficult to guess) entropy that
58# tcp used when it loaded.
59#
60encr=`/usr/bin/awk -F: '/^root:/ {print $2}' /etc/shadow`
61[ -z "$encr" ] || /usr/sbin/ndd -set /dev/tcp tcp_1948_phrase $encr
62unset encr
63
64# Set the SDP system Policy.  This needs to happen after basic
65# networking is up but before any networking services that might
66# want to use SDP are enabled
67if [ -f /usr/sbin/sdpadm -a -f /etc/sdp.conf ]; then
68	. /etc/sdp.conf
69	if [ "$sysenable" = "1" ]; then
70		/usr/sbin/sdpadm enable
71	fi
72fi
73
74#
75# Set TCP ISS generation.  By default the ISS generation is
76# time + random()-delta.  This might not be strong enough for some users.
77# See /etc/default/inetinit for settings and further info on TCP_STRONG_ISS.
78# If not set, use TCP's internal default setting.
79#
80[ -f /etc/default/inetinit ] && . /etc/default/inetinit
81if [ $TCP_STRONG_ISS ]; then
82	/usr/sbin/ndd -set /dev/tcp tcp_strong_iss $TCP_STRONG_ISS
83fi
84
85# Clear exit status.
86exit $SMF_EXIT_OK
87