xref: /illumos-gate/usr/src/cmd/svc/milestone/net-iptun (revision 6e91bba0) 
1#!/sbin/sh
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22#
23# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24# Use is subject to license terms.
25#
26# This service configures IP tunnel links and IP interfaces over IP
27# tunnels.
28#
29
30. /lib/svc/share/smf_include.sh
31
32#
33# Configure tunnels which were deferred by /lib/svc/method/net-physical (the
34# svc:/network/physical service) since it depends on the tunnel source
35# addresses being available.
36#
37# WARNING: you may wish to turn OFF forwarding if you haven't already, because
38# of various possible security vulnerabilities when configuring tunnels for
39# Virtual Private Network (VPN) construction.
40#
41# Also, if names are used in the /etc/hostname*.* files, those names have to
42# be in either DNS (and DNS is used) or in /etc/hosts, because this file is
43# executed before NIS is started.
44#
45
46#
47# get_tunnel_links: print the names of the tunnel links currently configured
48# on the running system.
49#
50get_tunnel_links ()
51{
52	/sbin/dladm show-iptun -p -o link
53}
54
55# plumb_tunnel <intf_name> <net_type> <intf_file>
56plumb_tunnel ()
57{
58	/sbin/ifconfig $1 $2 plumb
59	while read ifcmds; do
60  	if [ -n "$ifcmds" ]; then
61		/sbin/ifconfig $1 $2 $ifcmds
62	fi
63	done < $3 > /dev/null
64	/sbin/ifconfig $1 $2 up
65}
66
67case "$1" in
68start)
69	# First, bring up tunnel links
70	/sbin/dladm up-iptun
71
72	#
73	# Get the list of IP tunnel interfaces we'll need to configure.  These
74	# are comprised of IP interfaces over the tunnels we've just brought
75	# up in the above dladm command, and the implicit tunnels named "ip.*"
76	# that we'll also create for backward compatibility.  When we build
77	# the list of implicit tunnels, we have to make sure that they're not
78	# different kinds of links that are simply named "ip.*".
79	#
80	tunnel_links=`get_tunnel_links`
81	implicit_tunnel_names=`/usr/bin/ls -1 /etc/hostname.ip*.*[0-9] \
82	    /etc/hostname6.ip*.*[0-9] 2> /dev/null | /usr/bin/cut -f2- -d. | \
83	    /usr/bin/sort -u`
84	for intf_name in $implicit_tunnel_names; do
85		/sbin/dladm show-link -pP $intf_name > /dev/null 2>&1
86		if [ $? -ne 0 ]; then
87	    		implicit_tunnels="$implicit_tunnels $intf_name"
88		fi
89	done
90	tunnel_interfaces=`for intf in $tunnel_links $implicit_tunnels; do \
91	    echo $intf; done | /usr/bin/sort -u`
92
93	for intf_name in $tunnel_interfaces; do
94		if [ -f /etc/hostname.$intf_name ]; then
95			plumb_tunnel $intf_name inet /etc/hostname.$intf_name
96		fi
97		if [ -f /etc/hostname6.$intf_name ]; then
98			plumb_tunnel $intf_name inet6 /etc/hostname6.$intf_name
99		fi
100		#
101		# Configure IP tunnel interfaces set up using ipadm
102		#
103		state=`/sbin/ipadm show-if -p -o state $intf_name`
104		if [ $? -ne 0 ] || [ "$state" != "disabled" ]; then
105			#
106			# skip if not managed my ipadm or if not a persistent
107			# interface
108			#
109			continue;
110		elif [ -f /etc/hostname.$intf_name ] ||\
111			[ -f /etc/hostname6.$intf_name ]; then
112			echo "found /etc/hostname.$intf_name or "\
113			    "/etc/hostname6.$intfi_name, ignoring ipadm "\
114			    "configuration" > /dev/msglog
115			continue;
116		else
117			# Enable the interface managed by ipadm
118			/sbin/ipadm enable-if -t $intf_name
119		fi
120	done
121
122	#
123	# Set 6to4 Relay Router communication support policy and, if
124	# applicable, the destination Relay Router IPv4 address.  See
125	# /etc/default/inetinit for setting and further info on
126	# ACCEPT6TO4RELAY and RELAY6TO4ADDR.  If ACCEPT6TO4RELAY=NO, the
127	# default value in the kernel will be used.
128	#
129	[ -f /etc/default/inetinit ] && . /etc/default/inetinit
130	ACCEPT6TO4RELAY=`echo "$ACCEPT6TO4RELAY" | /usr/bin/tr '[A-Z]' '[a-z]'`
131	if [ "$ACCEPT6TO4RELAY" = yes ]; then
132		if [ "$RELAY6TO4ADDR" ]; then
133			/usr/sbin/6to4relay -e -a $RELAY6TO4ADDR
134		else
135			/usr/sbin/6to4relay -e
136		fi
137	fi
138	;;
139
140stop)
141	tunnel_links=`get_tunnel_links`
142
143	# Unplumb IP interfaces
144	for tun in $tunnel_links; do
145		/sbin/ifconfig $tun unplumb > /dev/null 2>&1
146		/sbin/ifconfig $tun inet6 unplumb > /dev/null 2>&1
147		/sbin/ipadm disable-if -t $tun > /dev/null 2>&1
148	done
149
150	# Take down the IP tunnel links
151	/sbin/dladm down-iptun
152	;;
153
154*)
155	echo "Usage: $0 { start | stop }"
156	exit 1
157	;;
158esac
159
160exit $SMF_EXIT_OK
161