1#!/sbin/sh 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22# 23# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24# Use is subject to license terms. 25# 26# This is the second phase of TCP/IP configuration. The first part is 27# run by the svc:/network/physical service and includes configuring the 28# interfaces and setting the machine's hostname. The svc:/network/initial 29# service does all configuration that can be done before name services are 30# started, bar configuring IP routing (this is carried out by the 31# svc:/network/routing-setup service). The final part, run by the 32# svc:/network/service service, does all configuration that may require 33# name services. This includes a final re-configuration of the 34# interfaces. 35# 36 37. /lib/svc/share/smf_include.sh 38 39# 40# In a shared-IP zone we need this service to be up, but all of the work 41# it tries to do is irrelevant (and will actually lead to the service 42# failing if we try to do it), so just bail out. 43# In the global zone and exclusive-IP zones we proceed. 44# 45smf_configure_ip || exit $SMF_EXIT_OK 46 47# Configure IPv6 Default Address Selection. 48if [ -f /etc/inet/ipaddrsel.conf ]; then 49 /usr/sbin/ipaddrsel -f /etc/inet/ipaddrsel.conf 50fi 51 52# 53# If explicit IPMP groups are being used, in.mpathd will already be started. 54# However, if TRACK_INTERFACES_ONLY_WITH_GROUPS=no and no explicit IPMP 55# groups have been configured, then it still needs to be started. So, fire 56# it up in "adopt" mode; if there are no interfaces it needs to manage, it 57# will automatically exit. 58# 59/usr/bin/pgrep -x -u 0 -z `smf_zonename` in.mpathd >/dev/null 2>&1 || \ 60 /usr/lib/inet/in.mpathd -a 61 62# 63# Set the RFC 1948 entropy, regardless of if I'm using it or not. If present, 64# use the encrypted root password as a source of entropy. Otherwise, 65# just use the pre-set (and hopefully difficult to guess) entropy that 66# tcp used when it loaded. 67# 68encr=`/usr/bin/awk -F: '/^root:/ {print $2}' /etc/shadow` 69[ -z "$encr" ] || /usr/sbin/ndd -set /dev/tcp tcp_1948_phrase $encr 70unset encr 71 72# 73# Get values for TCP_STRONG_ISS, ACCEPT6TO4RELAY and RELAY6TO4ADDR. 74# 75[ -f /etc/default/inetinit ] && . /etc/default/inetinit 76 77# Set the SDP system Policy. This needs to happen after basic 78# networking is up but before any networking services that might 79# want to use SDP are enabled 80if [ -f /usr/sbin/sdpadm -a -f /etc/sdp.conf ]; then 81 . /etc/sdp.conf 82 if [ "$sysenable" = "1" ]; then 83 /usr/sbin/sdpadm enable 84 fi 85fi 86 87# 88# Set TCP ISS generation. By default the ISS generation is 89# time + random()-delta. This might not be strong enough for some users. 90# See /etc/default/inetinit for settings and further info on TCP_STRONG_ISS. 91# If not set, use TCP's internal default setting. 92# 93if [ $TCP_STRONG_ISS ]; then 94 /usr/sbin/ndd -set /dev/tcp tcp_strong_iss $TCP_STRONG_ISS 95fi 96 97# 98# Configure tunnels which were deferred by /lib/svc/method/net-physical 99# (the svc:/network/physical service) since it depends on the tunnel endpoints 100# being reachable i.e. routing must be running. 101# 102# WARNING: you may wish to turn OFF forwarding if you haven't already, because 103# of various possible security vulnerabilities when configuring tunnels for 104# Virtual Private Network (VPN) construction. 105# 106# Also, if names are used in the /etc/hostname.ip.tun* file, those names 107# have to be in either DNS (and DNS is used) or in /etc/hosts, because this 108# file is executed before NIS or NIS+ is started. 109# 110 111# 112# IPv4 tunnels 113# The second component of the name must be either "ip" or "ip6". 114# 115interface_names="`/usr/bin/ls /etc/hostname.ip*.*[0-9] 2>/dev/null | \ 116 /usr/bin/grep '/etc/hostname\.ip6\{0,1\}\.'`" 117if [ -n "$interface_names" ]; then 118 ( 119 echo "configuring IPv4 tunnels:\c" 120 # Extract the part after the first '.' 121 set -- `for intr in $interface_names; do \ 122 /usr/bin/expr //$intr : '[^.]*\.\(.*\)$'; done` 123 while [ $# -ge 1 ]; do 124 # Skip empty files 125 if [ ! -s /etc/hostname\.$1 ]; then 126 shift 127 continue 128 fi 129 /usr/sbin/ifconfig $1 plumb 130 while read ifcmds; do 131 if [ -n "$ifcmds" ]; then 132 /usr/sbin/ifconfig $1 inet $ifcmds 133 fi 134 done </etc/hostname\.$1 >/dev/null 135 echo " $1\c" 136 shift 137 done 138 echo "." 139 ) 140fi 141 142# 143# IPv6 Tunnels 144# The second component of the name must be either "ip" or "ip6". 145# 146interface_names="`/usr/bin/ls /etc/hostname6.ip*.*[0-9] 2>/dev/null | \ 147 /usr/bin/grep '/etc/hostname6\.ip6\{0,1\}\.'`" 148if [ -n "$interface_names" ]; then 149 ( 150 echo "configuring IPv6 tunnels:\c" 151 # Extract the part after the first '.' 152 set -- `for intr in $interface_names; do \ 153 /usr/bin/expr //$intr : '[^.]*\.\(.*\)$'; done` 154 while [ $# -ge 1 ]; do 155 # Skip empty files 156 if [ ! -s /etc/hostname6\.$1 ]; then 157 shift 158 continue 159 fi 160 /usr/sbin/ifconfig $1 inet6 plumb 161 while read ifcmds; do 162 if [ -n "$ifcmds" ]; then 163 /usr/sbin/ifconfig $1 inet6 $ifcmds 164 fi 165 done </etc/hostname6\.$1 > /dev/null 166 echo " $1\c" 167 shift 168 done 169 echo "." 170 ) 171fi 172 173# Clear exit status. 174exit $SMF_EXIT_OK 175