null

	net-init revision e11c3f44f531fdff80941ce57c065d2ae861cefc
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#!/sbin/sh
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# CDDL HEADER START
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# The contents of this file are subject to the terms of the
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# Common Development and Distribution License (the "License").
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# You may not use this file except in compliance with the License.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# or http://www.opensolaris.org/os/licensing.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# See the License for the specific language governing permissions
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# and limitations under the License.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# When distributing Covered Code, include this CDDL HEADER in each
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# If applicable, add the following below this CDDL HEADER, with the
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# fields enclosed by brackets "[]" replaced with your own identifying
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# information: Portions Copyright [yyyy] [name of copyright owner]
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# CDDL HEADER END
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#
76da70d5a5b5b05b926840d7692a31915d3ca8ebPavel Březina# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# Use is subject to license terms.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#
74802794554e0f87d1354b6788f1719cd7d80a6cJakub Hrozek# This is the second phase of TCP/IP configuration.  The first part is
74802794554e0f87d1354b6788f1719cd7d80a6cJakub Hrozek# run by the svc:/network/physical service and includes configuring the
76da70d5a5b5b05b926840d7692a31915d3ca8ebPavel Březina# interfaces and setting the machine's hostname.  The svc:/network/initial
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher# service does all configuration that can be done before name services are
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# started, bar configuring IP routing (this is carried out by the
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# svc:/network/routing-setup service).  The final part, run by the
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# svc:/network/service service,  does all configuration that may require
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# name services.  This includes a final re-configuration of the
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# interfaces.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek. /lib/svc/share/smf_include.sh
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# In a shared-IP zone we need this service to be up, but all of the work
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# it tries to do is irrelevant (and will actually lead to the service
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# failing if we try to do it), so just bail out.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# In the global zone and exclusive-IP zones we proceed.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
3d28e0e560b787b5c57ed7327d184310342a7e38Jakub Hrozeksmf_configure_ip || exit $SMF_EXIT_OK
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# Configure IPv6 Default Address Selection.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekif [ -f /etc/inet/ipaddrsel.conf ]; then
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    /usr/sbin/ipaddrsel -f /etc/inet/ipaddrsel.conf
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekfi
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# If explicit IPMP groups are being used, in.mpathd will already be started.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# However, if TRACK_INTERFACES_ONLY_WITH_GROUPS=no and no explicit IPMP
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# groups have been configured, then it still needs to be started.  So, fire
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# it up in "adopt" mode; if there are no interfaces it needs to manage, it
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# will automatically exit.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek/usr/bin/pgrep -x -u 0 -z `smf_zonename` in.mpathd >/dev/null 2>&1 || \
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    /usr/lib/inet/in.mpathd -a
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# Set the RFC 1948 entropy, regardless of if I'm using it or not.  If present,
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# use the encrypted root password as a source of entropy.  Otherwise,
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# just use the pre-set (and hopefully difficult to guess) entropy that
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# tcp used when it loaded.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekencr=`/usr/bin/awk -F: '/^root:/ {print $2}' /etc/shadow`
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek[ -z "$encr" ] || /usr/sbin/ndd -set /dev/tcp tcp_1948_phrase $encr
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekunset encr
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# Get values for TCP_STRONG_ISS, ACCEPT6TO4RELAY and RELAY6TO4ADDR.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek[ -f /etc/default/inetinit ] && . /etc/default/inetinit
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# Set the SDP system Policy.  This needs to happen after basic
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# networking is up but before any networking services that might
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# want to use SDP are enabled
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekif [ -f /usr/sbin/sdpadm -a -f /etc/sdp.conf ]; then
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    . /etc/sdp.conf
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    if [ "$sysenable" = "1" ]; then
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        /usr/sbin/sdpadm enable
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    fi
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekfi
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# Set TCP ISS generation.  By default the ISS generation is
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# time + random()-delta.  This might not be strong enough for some users.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# See /etc/default/inetinit for settings and further info on TCP_STRONG_ISS.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# If not set, use TCP's internal default setting.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekif [ $TCP_STRONG_ISS ]; then
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    /usr/sbin/ndd -set /dev/tcp tcp_strong_iss $TCP_STRONG_ISS
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekfi
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# Configure tunnels which were deferred by /lib/svc/method/net-physical
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# (the svc:/network/physical service) since it depends on the tunnel endpoints
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# being reachable i.e. routing must be running.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# WARNING: you may wish to turn OFF forwarding if you haven't already, because
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# of various possible security vulnerabilities when configuring tunnels for
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# Virtual Private Network (VPN) construction.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# Also, if names are used in the /etc/hostname.ip.tun* file, those names
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# have to be in either DNS (and DNS is used) or in /etc/hosts, because this
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# file is executed before NIS or NIS+ is started.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# IPv4 tunnels
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# The second component of the name must be either "ip" or "ip6".
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekinterface_names="`/usr/bin/ls /etc/hostname.ip*.*[0-9] 2>/dev/null | \
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    /usr/bin/grep '/etc/hostname\.ip6\{0,1\}\.'`"
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekif [ -n "$interface_names" ]; then
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    (
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        echo "configuring IPv4 tunnels:\c"
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        # Extract the part after the first '.'
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        set -- `for intr in $interface_names; do \
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            /usr/bin/expr //$intr : '[^.]*\.\(.*\)$'; done`
d67a80baf0bdc888297d3587c98f8a12d4827ebcLukas Slebodnik        while [ $# -ge 1 ]; do
d67a80baf0bdc888297d3587c98f8a12d4827ebcLukas Slebodnik            # Skip empty files
d67a80baf0bdc888297d3587c98f8a12d4827ebcLukas Slebodnik            if [ ! -s /etc/hostname\.$1 ]; then
d67a80baf0bdc888297d3587c98f8a12d4827ebcLukas Slebodnik                shift
d67a80baf0bdc888297d3587c98f8a12d4827ebcLukas Slebodnik                continue
d67a80baf0bdc888297d3587c98f8a12d4827ebcLukas Slebodnik            fi
d67a80baf0bdc888297d3587c98f8a12d4827ebcLukas Slebodnik            /usr/sbin/ifconfig $1 plumb
d67a80baf0bdc888297d3587c98f8a12d4827ebcLukas Slebodnik            while read ifcmds; do
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek                if [ -n "$ifcmds" ]; then
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek                    /usr/sbin/ifconfig $1 inet $ifcmds
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek                fi
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            done </etc/hostname\.$1 >/dev/null
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            echo " $1\c"
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            shift
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        done
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        echo "."
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    )
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekfi
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# IPv6 Tunnels
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# The second component of the name must be either "ip" or "ip6".
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek#
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekinterface_names="`/usr/bin/ls /etc/hostname6.ip*.*[0-9] 2>/dev/null | \
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    /usr/bin/grep '/etc/hostname6\.ip6\{0,1\}\.'`"
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekif [ -n "$interface_names" ]; then
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    (
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        echo "configuring IPv6 tunnels:\c"
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        # Extract the part after the first '.'
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        set -- `for intr in $interface_names; do \
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            /usr/bin/expr //$intr : '[^.]*\.\(.*\)$'; done`
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        while [ $# -ge 1 ]; do
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            # Skip empty files
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            if [ ! -s /etc/hostname6\.$1 ]; then
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek                shift
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek                continue
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            fi
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            /usr/sbin/ifconfig $1 inet6 plumb
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            while read ifcmds; do
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek                if [ -n "$ifcmds" ]; then
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek                    /usr/sbin/ifconfig $1 inet6 $ifcmds
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek                fi
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            done </etc/hostname6\.$1 > /dev/null
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek            echo " $1\c"
3d28e0e560b787b5c57ed7327d184310342a7e38Jakub Hrozek            shift
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        done
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek        echo "."
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek    )
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekfi
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek# Clear exit status.
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozekexit $SMF_EXIT_OK
5546876b121d674077e93fe908f3a602de8ec31fJakub Hrozek