#!/sbin/sh # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # # Copyright 2010 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # This service configures IP tunnel links and IP interfaces over IP # tunnels. # . /lib/svc/share/smf_include.sh # # Configure tunnels which were deferred by /lib/svc/method/net-physical (the # svc:/network/physical service) since it depends on the tunnel source # addresses being available. # # WARNING: you may wish to turn OFF forwarding if you haven't already, because # of various possible security vulnerabilities when configuring tunnels for # Virtual Private Network (VPN) construction. # # Also, if names are used in the /etc/hostname*.* files, those names have to # be in either DNS (and DNS is used) or in /etc/hosts, because this file is # executed before NIS is started. # # # get_tunnel_links: print the names of the tunnel links currently configured # on the running system. # get_tunnel_links () { /sbin/dladm show-iptun -p -o link } # plumb_tunnel plumb_tunnel () { /sbin/ifconfig $1 $2 plumb while read ifcmds; do if [ -n "$ifcmds" ]; then /sbin/ifconfig $1 $2 $ifcmds fi done < $3 > /dev/null /sbin/ifconfig $1 $2 up } case "$1" in start) # First, bring up tunnel links /sbin/dladm up-iptun # # Get the list of IP tunnel interfaces we'll need to configure. These # are comprised of IP interfaces over the tunnels we've just brought # up in the above dladm command, and the implicit tunnels named "ip.*" # that we'll also create for backward compatibility. When we build # the list of implicit tunnels, we have to make sure that they're not # different kinds of links that are simply named "ip.*". # tunnel_links=`get_tunnel_links` implicit_tunnel_names=`/usr/bin/ls -1 /etc/hostname.ip*.*[0-9] \ /etc/hostname6.ip*.*[0-9] 2> /dev/null | /usr/bin/cut -f2- -d. | \ /usr/bin/sort -u` for intf_name in $implicit_tunnel_names; do /sbin/dladm show-link -pP $intf_name > /dev/null 2>&1 if [ $? -ne 0 ]; then implicit_tunnels="$implicit_tunnels $intf_name" fi done tunnel_interfaces=`for intf in $tunnel_links $implicit_tunnels; do \ echo $intf; done | /usr/bin/sort -u` for intf_name in $tunnel_interfaces; do if [ -f /etc/hostname.$intf_name ]; then plumb_tunnel $intf_name inet /etc/hostname.$intf_name fi if [ -f /etc/hostname6.$intf_name ]; then plumb_tunnel $intf_name inet6 /etc/hostname6.$intf_name fi # # Configure IP tunnel interfaces set up using ipadm # state=`/sbin/ipadm show-if -p -o state $intf_name` if [ $? -ne 0 ] || [ "$state" != "disabled" ]; then # # skip if not managed my ipadm or if not a persistent # interface # continue; elif [ -f /etc/hostname.$intf_name ] ||\ [ -f /etc/hostname6.$intf_name ]; then echo "found /etc/hostname.$intf_name or "\ "/etc/hostname6.$intfi_name, ignoring ipadm "\ "configuration" > /dev/msglog continue; else # Enable the interface managed by ipadm /sbin/ipadm enable-if -t $intf_name fi done # # Set 6to4 Relay Router communication support policy and, if # applicable, the destination Relay Router IPv4 address. See # /etc/default/inetinit for setting and further info on # ACCEPT6TO4RELAY and RELAY6TO4ADDR. If ACCEPT6TO4RELAY=NO, the # default value in the kernel will be used. # [ -f /etc/default/inetinit ] && . /etc/default/inetinit ACCEPT6TO4RELAY=`echo "$ACCEPT6TO4RELAY" | /usr/bin/tr '[A-Z]' '[a-z]'` if [ "$ACCEPT6TO4RELAY" = yes ]; then if [ "$RELAY6TO4ADDR" ]; then /usr/sbin/6to4relay -e -a $RELAY6TO4ADDR else /usr/sbin/6to4relay -e fi fi ;; stop) tunnel_links=`get_tunnel_links` # Unplumb IP interfaces for tun in $tunnel_links; do /sbin/ifconfig $tun unplumb > /dev/null 2>&1 /sbin/ifconfig $tun inet6 unplumb > /dev/null 2>&1 /sbin/ipadm disable-if -t $tun > /dev/null 2>&1 done # Take down the IP tunnel links /sbin/dladm down-iptun ;; *) echo "Usage: $0 { start | stop }" exit 1 ;; esac exit $SMF_EXIT_OK