xref: /illumos-gate/usr/src/cmd/svc/milestone/net-iptun (revision 6e91bba0)

#!/sbin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# This service configures IP tunnel links and IP interfaces over IP
# tunnels.
#

. /lib/svc/share/smf_include.sh

#
# Configure tunnels which were deferred by /lib/svc/method/net-physical (the
# svc:/network/physical service) since it depends on the tunnel source
# addresses being available.
#
# WARNING: you may wish to turn OFF forwarding if you haven't already, because
# of various possible security vulnerabilities when configuring tunnels for
# Virtual Private Network (VPN) construction.
#
# Also, if names are used in the /etc/hostname*.* files, those names have to
# be in either DNS (and DNS is used) or in /etc/hosts, because this file is
# executed before NIS is started.
#

#
# get_tunnel_links: print the names of the tunnel links currently configured
# on the running system.
#
get_tunnel_links ()
{
	/sbin/dladm show-iptun -p -o link
}

# plumb_tunnel <intf_name> <net_type> <intf_file>
plumb_tunnel ()
{
	/sbin/ifconfig $1 $2 plumb
	while read ifcmds; do
  	if [ -n "$ifcmds" ]; then
		/sbin/ifconfig $1 $2 $ifcmds
	fi
	done < $3 > /dev/null
	/sbin/ifconfig $1 $2 up
}

case "$1" in
start)
	# First, bring up tunnel links
	/sbin/dladm up-iptun

	#
	# Get the list of IP tunnel interfaces we'll need to configure.  These
	# are comprised of IP interfaces over the tunnels we've just brought
	# up in the above dladm command, and the implicit tunnels named "ip.*"
	# that we'll also create for backward compatibility.  When we build
	# the list of implicit tunnels, we have to make sure that they're not
	# different kinds of links that are simply named "ip.*".
	#
	tunnel_links=`get_tunnel_links`
	implicit_tunnel_names=`/usr/bin/ls -1 /etc/hostname.ip*.*[0-9] \
	    /etc/hostname6.ip*.*[0-9] 2> /dev/null | /usr/bin/cut -f2- -d. | \
	    /usr/bin/sort -u`
	for intf_name in $implicit_tunnel_names; do
		/sbin/dladm show-link -pP $intf_name > /dev/null 2>&1
		if [ $? -ne 0 ]; then
	    		implicit_tunnels="$implicit_tunnels $intf_name"
		fi
	done
	tunnel_interfaces=`for intf in $tunnel_links $implicit_tunnels; do \
	    echo $intf; done | /usr/bin/sort -u`

	for intf_name in $tunnel_interfaces; do
		if [ -f /etc/hostname.$intf_name ]; then
			plumb_tunnel $intf_name inet /etc/hostname.$intf_name
		fi
		if [ -f /etc/hostname6.$intf_name ]; then
			plumb_tunnel $intf_name inet6 /etc/hostname6.$intf_name
		fi
		#
		# Configure IP tunnel interfaces set up using ipadm
		#
		state=`/sbin/ipadm show-if -p -o state $intf_name`
		if [ $? -ne 0 ] || [ "$state" != "disabled" ]; then
			#
			# skip if not managed my ipadm or if not a persistent
			# interface
			#
			continue;
		elif [ -f /etc/hostname.$intf_name ] ||\
			[ -f /etc/hostname6.$intf_name ]; then
			echo "found /etc/hostname.$intf_name or "\
			    "/etc/hostname6.$intfi_name, ignoring ipadm "\
			    "configuration" > /dev/msglog
			continue;
		else
			# Enable the interface managed by ipadm
			/sbin/ipadm enable-if -t $intf_name
		fi
	done

	#
	# Set 6to4 Relay Router communication support policy and, if
	# applicable, the destination Relay Router IPv4 address.  See
	# /etc/default/inetinit for setting and further info on
	# ACCEPT6TO4RELAY and RELAY6TO4ADDR.  If ACCEPT6TO4RELAY=NO, the
	# default value in the kernel will be used.
	#
	[ -f /etc/default/inetinit ] && . /etc/default/inetinit
	ACCEPT6TO4RELAY=`echo "$ACCEPT6TO4RELAY" | /usr/bin/tr '[A-Z]' '[a-z]'`
	if [ "$ACCEPT6TO4RELAY" = yes ]; then
		if [ "$RELAY6TO4ADDR" ]; then
			/usr/sbin/6to4relay -e -a $RELAY6TO4ADDR
		else
			/usr/sbin/6to4relay -e
		fi
	fi
	;;

stop)
	tunnel_links=`get_tunnel_links`

	# Unplumb IP interfaces
	for tun in $tunnel_links; do
		/sbin/ifconfig $tun unplumb > /dev/null 2>&1
		/sbin/ifconfig $tun inet6 unplumb > /dev/null 2>&1
		/sbin/ipadm disable-if -t $tun > /dev/null 2>&1
	done

	# Take down the IP tunnel links
	/sbin/dladm down-iptun
	;;

*)
	echo "Usage: $0 { start | stop }"
	exit 1
	;;
esac

exit $SMF_EXIT_OK