Gitiles
Code Review Sign In
code.illumos.org / illumos-gate / e11c3f44f531fdff80941ce57c065d2ae861cefc / . / usr / src / cmd / svc / milestone / net-init
blob: 7f0804af67e6b05b8a9c61b4229a0c6f6818f349 [file] [log] [blame]
#!/sbin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# This is the second phase of TCP/IP configuration. The first part is
# run by the svc:/network/physical service and includes configuring the
# interfaces and setting the machine's hostname. The svc:/network/initial
# service does all configuration that can be done before name services are
# started, bar configuring IP routing (this is carried out by the
# svc:/network/routing-setup service). The final part, run by the
# svc:/network/service service, does all configuration that may require
# name services. This includes a final re-configuration of the
# interfaces.
#
. /lib/svc/share/smf_include.sh
#
# In a shared-IP zone we need this service to be up, but all of the work
# it tries to do is irrelevant (and will actually lead to the service
# failing if we try to do it), so just bail out.
# In the global zone and exclusive-IP zones we proceed.
#
smf_configure_ip || exit $SMF_EXIT_OK
# Configure IPv6 Default Address Selection.
if [ -f /etc/inet/ipaddrsel.conf ]; then
/usr/sbin/ipaddrsel -f /etc/inet/ipaddrsel.conf
fi
#
# If explicit IPMP groups are being used, in.mpathd will already be started.
# However, if TRACK_INTERFACES_ONLY_WITH_GROUPS=no and no explicit IPMP
# groups have been configured, then it still needs to be started. So, fire
# it up in "adopt" mode; if there are no interfaces it needs to manage, it
# will automatically exit.
#
/usr/bin/pgrep -x -u 0 -z `smf_zonename` in.mpathd >/dev/null 2>&1 || \
/usr/lib/inet/in.mpathd -a
#
# Set the RFC 1948 entropy, regardless of if I'm using it or not. If present,
# use the encrypted root password as a source of entropy. Otherwise,
# just use the pre-set (and hopefully difficult to guess) entropy that
# tcp used when it loaded.
#
encr=`/usr/bin/awk -F: '/^root:/ {print $2}' /etc/shadow`
[ -z "$encr" ] || /usr/sbin/ndd -set /dev/tcp tcp_1948_phrase $encr
unset encr
#
# Get values for TCP_STRONG_ISS, ACCEPT6TO4RELAY and RELAY6TO4ADDR.
#
[ -f /etc/default/inetinit ] && . /etc/default/inetinit
# Set the SDP system Policy. This needs to happen after basic
# networking is up but before any networking services that might
# want to use SDP are enabled
if [ -f /usr/sbin/sdpadm -a -f /etc/sdp.conf ]; then
. /etc/sdp.conf
if [ "$sysenable" = "1" ]; then
/usr/sbin/sdpadm enable
fi
fi
#
# Set TCP ISS generation. By default the ISS generation is
# time + random()-delta. This might not be strong enough for some users.
# See /etc/default/inetinit for settings and further info on TCP_STRONG_ISS.
# If not set, use TCP's internal default setting.
#
if [ $TCP_STRONG_ISS ]; then
/usr/sbin/ndd -set /dev/tcp tcp_strong_iss $TCP_STRONG_ISS
fi
#
# Configure tunnels which were deferred by /lib/svc/method/net-physical
# (the svc:/network/physical service) since it depends on the tunnel endpoints
# being reachable i.e. routing must be running.
#
# WARNING: you may wish to turn OFF forwarding if you haven't already, because
# of various possible security vulnerabilities when configuring tunnels for
# Virtual Private Network (VPN) construction.
#
# Also, if names are used in the /etc/hostname.ip.tun* file, those names
# have to be in either DNS (and DNS is used) or in /etc/hosts, because this
# file is executed before NIS or NIS+ is started.
#
#
# IPv4 tunnels
# The second component of the name must be either "ip" or "ip6".
#
interface_names="`/usr/bin/ls /etc/hostname.ip*.*[0-9] 2>/dev/null | \
/usr/bin/grep '/etc/hostname\.ip6\{0,1\}\.'`"
if [ -n "$interface_names" ]; then
(
echo "configuring IPv4 tunnels:\c"
# Extract the part after the first '.'
set -- `for intr in $interface_names; do \
/usr/bin/expr //$intr : '[^.]*\.\(.*\)$'; done`
while [ $# -ge 1 ]; do
# Skip empty files
if [ ! -s /etc/hostname\.$1 ]; then
shift
continue
fi
/usr/sbin/ifconfig $1 plumb
while read ifcmds; do
if [ -n "$ifcmds" ]; then
/usr/sbin/ifconfig $1 inet $ifcmds
fi
done </etc/hostname\.$1 >/dev/null
echo " $1\c"
shift
done
echo "."
)
fi
#
# IPv6 Tunnels
# The second component of the name must be either "ip" or "ip6".
#
interface_names="`/usr/bin/ls /etc/hostname6.ip*.*[0-9] 2>/dev/null | \
/usr/bin/grep '/etc/hostname6\.ip6\{0,1\}\.'`"
if [ -n "$interface_names" ]; then
(
echo "configuring IPv6 tunnels:\c"
# Extract the part after the first '.'
set -- `for intr in $interface_names; do \
/usr/bin/expr //$intr : '[^.]*\.\(.*\)$'; done`
while [ $# -ge 1 ]; do
# Skip empty files
if [ ! -s /etc/hostname6\.$1 ]; then
shift
continue
fi
/usr/sbin/ifconfig $1 inet6 plumb
while read ifcmds; do
if [ -n "$ifcmds" ]; then
/usr/sbin/ifconfig $1 inet6 $ifcmds
fi
done </etc/hostname6\.$1 > /dev/null
echo " $1\c"
shift
done
echo "."
)
fi
# Clear exit status.
exit $SMF_EXIT_OK