1*2b24ab6bSSebastien Roy#!/sbin/sh 2*2b24ab6bSSebastien Roy# 3*2b24ab6bSSebastien Roy# CDDL HEADER START 4*2b24ab6bSSebastien Roy# 5*2b24ab6bSSebastien Roy# The contents of this file are subject to the terms of the 6*2b24ab6bSSebastien Roy# Common Development and Distribution License (the "License"). 7*2b24ab6bSSebastien Roy# You may not use this file except in compliance with the License. 8*2b24ab6bSSebastien Roy# 9*2b24ab6bSSebastien Roy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*2b24ab6bSSebastien Roy# or http://www.opensolaris.org/os/licensing. 11*2b24ab6bSSebastien Roy# See the License for the specific language governing permissions 12*2b24ab6bSSebastien Roy# and limitations under the License. 13*2b24ab6bSSebastien Roy# 14*2b24ab6bSSebastien Roy# When distributing Covered Code, include this CDDL HEADER in each 15*2b24ab6bSSebastien Roy# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*2b24ab6bSSebastien Roy# If applicable, add the following below this CDDL HEADER, with the 17*2b24ab6bSSebastien Roy# fields enclosed by brackets "[]" replaced with your own identifying 18*2b24ab6bSSebastien Roy# information: Portions Copyright [yyyy] [name of copyright owner] 19*2b24ab6bSSebastien Roy# 20*2b24ab6bSSebastien Roy# CDDL HEADER END 21*2b24ab6bSSebastien Roy# 22*2b24ab6bSSebastien Roy# 23*2b24ab6bSSebastien Roy# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 24*2b24ab6bSSebastien Roy# Use is subject to license terms. 25*2b24ab6bSSebastien Roy# 26*2b24ab6bSSebastien Roy# This service configures IP tunnel links and IP interfaces over IP 27*2b24ab6bSSebastien Roy# tunnels. 28*2b24ab6bSSebastien Roy# 29*2b24ab6bSSebastien Roy 30*2b24ab6bSSebastien Roy. /lib/svc/share/smf_include.sh 31*2b24ab6bSSebastien Roy 32*2b24ab6bSSebastien Roy# 33*2b24ab6bSSebastien Roy# Configure tunnels which were deferred by /lib/svc/method/net-physical (the 34*2b24ab6bSSebastien Roy# svc:/network/physical service) since it depends on the tunnel source 35*2b24ab6bSSebastien Roy# addresses being available. 36*2b24ab6bSSebastien Roy# 37*2b24ab6bSSebastien Roy# WARNING: you may wish to turn OFF forwarding if you haven't already, because 38*2b24ab6bSSebastien Roy# of various possible security vulnerabilities when configuring tunnels for 39*2b24ab6bSSebastien Roy# Virtual Private Network (VPN) construction. 40*2b24ab6bSSebastien Roy# 41*2b24ab6bSSebastien Roy# Also, if names are used in the /etc/hostname*.* files, those names have to 42*2b24ab6bSSebastien Roy# be in either DNS (and DNS is used) or in /etc/hosts, because this file is 43*2b24ab6bSSebastien Roy# executed before NIS or NIS+ is started. 44*2b24ab6bSSebastien Roy# 45*2b24ab6bSSebastien Roy 46*2b24ab6bSSebastien Roy# 47*2b24ab6bSSebastien Roy# get_tunnel_links: print the names of the tunnel links currently configured 48*2b24ab6bSSebastien Roy# on the running system. 49*2b24ab6bSSebastien Roy# 50*2b24ab6bSSebastien Royget_tunnel_links () 51*2b24ab6bSSebastien Roy{ 52*2b24ab6bSSebastien Roy /sbin/dladm show-iptun -p -o link 53*2b24ab6bSSebastien Roy} 54*2b24ab6bSSebastien Roy 55*2b24ab6bSSebastien Roy# plumb_tunnel <intf_name> <net_type> <intf_file> 56*2b24ab6bSSebastien Royplumb_tunnel () 57*2b24ab6bSSebastien Roy{ 58*2b24ab6bSSebastien Roy /sbin/ifconfig $1 $2 plumb 59*2b24ab6bSSebastien Roy while read ifcmds; do 60*2b24ab6bSSebastien Roy if [ -n "$ifcmds" ]; then 61*2b24ab6bSSebastien Roy /sbin/ifconfig $1 $2 $ifcmds 62*2b24ab6bSSebastien Roy fi 63*2b24ab6bSSebastien Roy done < $3 > /dev/null 64*2b24ab6bSSebastien Roy /sbin/ifconfig $1 $2 up 65*2b24ab6bSSebastien Roy} 66*2b24ab6bSSebastien Roy 67*2b24ab6bSSebastien Roycase "$1" in 68*2b24ab6bSSebastien Roystart) 69*2b24ab6bSSebastien Roy # First, bring up tunnel links 70*2b24ab6bSSebastien Roy /sbin/dladm up-iptun 71*2b24ab6bSSebastien Roy 72*2b24ab6bSSebastien Roy # 73*2b24ab6bSSebastien Roy # Get the list of IP tunnel interfaces we'll need to configure. These 74*2b24ab6bSSebastien Roy # are comprised of IP interfaces over the tunnels we've just brought 75*2b24ab6bSSebastien Roy # up in the above dladm command, and the implicit tunnels named "ip.*" 76*2b24ab6bSSebastien Roy # that we'll also create for backward compatibility. When we build 77*2b24ab6bSSebastien Roy # the list of implicit tunnels, we have to make sure that they're not 78*2b24ab6bSSebastien Roy # different kinds of links that are simply named "ip.*". 79*2b24ab6bSSebastien Roy # 80*2b24ab6bSSebastien Roy tunnel_links=`get_tunnel_links` 81*2b24ab6bSSebastien Roy implicit_tunnel_names=`/usr/bin/ls -1 /etc/hostname.ip*.*[0-9] \ 82*2b24ab6bSSebastien Roy /etc/hostname6.ip*.*[0-9] 2> /dev/null | /usr/bin/cut -f2- -d. | \ 83*2b24ab6bSSebastien Roy /usr/bin/sort -u` 84*2b24ab6bSSebastien Roy for intf_name in $implicit_tunnel_names; do 85*2b24ab6bSSebastien Roy /sbin/dladm show-link -pP $intf_name > /dev/null 2>&1 86*2b24ab6bSSebastien Roy if [ $? -ne 0 ]; then 87*2b24ab6bSSebastien Roy implicit_tunnels="$implicit_tunnels $intf_name" 88*2b24ab6bSSebastien Roy fi 89*2b24ab6bSSebastien Roy done 90*2b24ab6bSSebastien Roy tunnel_interfaces=`for intf in $tunnel_links $implicit_tunnels; do \ 91*2b24ab6bSSebastien Roy echo $intf; done | /usr/bin/sort -u` 92*2b24ab6bSSebastien Roy 93*2b24ab6bSSebastien Roy for intf_name in $tunnel_interfaces; do 94*2b24ab6bSSebastien Roy if [ -f /etc/hostname.$intf_name ]; then 95*2b24ab6bSSebastien Roy plumb_tunnel $intf_name inet /etc/hostname.$intf_name 96*2b24ab6bSSebastien Roy fi 97*2b24ab6bSSebastien Roy if [ -f /etc/hostname6.$intf_name ]; then 98*2b24ab6bSSebastien Roy plumb_tunnel $intf_name inet6 /etc/hostname6.$intf_name 99*2b24ab6bSSebastien Roy fi 100*2b24ab6bSSebastien Roy done 101*2b24ab6bSSebastien Roy 102*2b24ab6bSSebastien Roy # 103*2b24ab6bSSebastien Roy # Set 6to4 Relay Router communication support policy and, if 104*2b24ab6bSSebastien Roy # applicable, the destination Relay Router IPv4 address. See 105*2b24ab6bSSebastien Roy # /etc/default/inetinit for setting and further info on 106*2b24ab6bSSebastien Roy # ACCEPT6TO4RELAY and RELAY6TO4ADDR. If ACCEPT6TO4RELAY=NO, the 107*2b24ab6bSSebastien Roy # default value in the kernel will be used. 108*2b24ab6bSSebastien Roy # 109*2b24ab6bSSebastien Roy [ -f /etc/default/inetinit ] && . /etc/default/inetinit 110*2b24ab6bSSebastien Roy ACCEPT6TO4RELAY=`echo "$ACCEPT6TO4RELAY" | /usr/bin/tr '[A-Z]' '[a-z]'` 111*2b24ab6bSSebastien Roy if [ "$ACCEPT6TO4RELAY" = yes ]; then 112*2b24ab6bSSebastien Roy if [ "$RELAY6TO4ADDR" ]; then 113*2b24ab6bSSebastien Roy /usr/sbin/6to4relay -e -a $RELAY6TO4ADDR 114*2b24ab6bSSebastien Roy else 115*2b24ab6bSSebastien Roy /usr/sbin/6to4relay -e 116*2b24ab6bSSebastien Roy fi 117*2b24ab6bSSebastien Roy fi 118*2b24ab6bSSebastien Roy ;; 119*2b24ab6bSSebastien Roy 120*2b24ab6bSSebastien Roystop) 121*2b24ab6bSSebastien Roy tunnel_links=`get_tunnel_links` 122*2b24ab6bSSebastien Roy 123*2b24ab6bSSebastien Roy # Unplumb IP interfaces 124*2b24ab6bSSebastien Roy for tun in $tunnel_links; do 125*2b24ab6bSSebastien Roy /sbin/ifconfig $tun unplumb > /dev/null 2>&1 126*2b24ab6bSSebastien Roy /sbin/ifconfig $tun inet6 unplumb > /dev/null 2>&1 127*2b24ab6bSSebastien Roy done 128*2b24ab6bSSebastien Roy 129*2b24ab6bSSebastien Roy # Take down the IP tunnel links 130*2b24ab6bSSebastien Roy /sbin/dladm down-iptun 131*2b24ab6bSSebastien Roy ;; 132*2b24ab6bSSebastien Roy 133*2b24ab6bSSebastien Roy*) 134*2b24ab6bSSebastien Roy echo "Usage: $0 { start | stop }" 135*2b24ab6bSSebastien Roy exit 1 136*2b24ab6bSSebastien Roy ;; 137*2b24ab6bSSebastien Royesac 138*2b24ab6bSSebastien Roy 139*2b24ab6bSSebastien Royexit $SMF_EXIT_OK 140