2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# CDDL HEADER START
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# The contents of this file are subject to the terms of the
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# Common Development and Distribution License (the "License").
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# You may not use this file except in compliance with the License.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# See the License for the specific language governing permissions
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# and limitations under the License.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# When distributing Covered Code, include this CDDL HEADER in each
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# If applicable, add the following below this CDDL HEADER, with the
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# fields enclosed by brackets "[]" replaced with your own identifying
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# information: Portions Copyright [yyyy] [name of copyright owner]
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# CDDL HEADER END
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail# Copyright 2010 Sun Microsystems, Inc. All rights reserved.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# Use is subject to license terms.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# This service configures IP tunnel links and IP interfaces over IP
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# Configure tunnels which were deferred by /lib/svc/method/net-physical (the
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# svc:/network/physical service) since it depends on the tunnel source
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# addresses being available.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# WARNING: you may wish to turn OFF forwarding if you haven't already, because
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# of various possible security vulnerabilities when configuring tunnels for
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# Virtual Private Network (VPN) construction.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# Also, if names are used in the /etc/hostname*.* files, those names have to
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# be in either DNS (and DNS is used) or in /etc/hosts, because this file is
36e852a172cba914383d7341c988128b2c667fbdRaja Andra# executed before NIS is started.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# get_tunnel_links: print the names of the tunnel links currently configured
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# on the running system.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy# plumb_tunnel <intf_name> <net_type> <intf_file>
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy while read ifcmds; do
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy done < $3 > /dev/null
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # First, bring up tunnel links
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # Get the list of IP tunnel interfaces we'll need to configure. These
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # are comprised of IP interfaces over the tunnels we've just brought
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # up in the above dladm command, and the implicit tunnels named "ip.*"
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # that we'll also create for backward compatibility. When we build
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # the list of implicit tunnels, we have to make sure that they're not
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # different kinds of links that are simply named "ip.*".
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy implicit_tunnel_names=`/usr/bin/ls -1 /etc/hostname.ip*.*[0-9] \
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy /etc/hostname6.ip*.*[0-9] 2> /dev/null | /usr/bin/cut -f2- -d. | \
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy /sbin/dladm show-link -pP $intf_name > /dev/null 2>&1
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy implicit_tunnels="$implicit_tunnels $intf_name"
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy tunnel_interfaces=`for intf in $tunnel_links $implicit_tunnels; do \
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy echo $intf; done | /usr/bin/sort -u`
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy plumb_tunnel $intf_name inet /etc/hostname.$intf_name
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy plumb_tunnel $intf_name inet6 /etc/hostname6.$intf_name
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail # Configure IP tunnel interfaces set up using ipadm
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail state=`/sbin/ipadm show-if -p -o state $intf_name`
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail if [ $? -ne 0 ] || [ "$state" != "disabled" ]; then
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail # skip if not managed my ipadm or if not a persistent
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail echo "found /etc/hostname.$intf_name or "\
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail "/etc/hostname6.$intfi_name, ignoring ipadm "\
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail # Enable the interface managed by ipadm
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # Set 6to4 Relay Router communication support policy and, if
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # applicable, the destination Relay Router IPv4 address. See
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # /etc/default/inetinit for setting and further info on
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # ACCEPT6TO4RELAY and RELAY6TO4ADDR. If ACCEPT6TO4RELAY=NO, the
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # default value in the kernel will be used.
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy [ -f /etc/default/inetinit ] && . /etc/default/inetinit
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy ACCEPT6TO4RELAY=`echo "$ACCEPT6TO4RELAY" | /usr/bin/tr '[A-Z]' '[a-z]'`
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # Unplumb IP interfaces
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy /sbin/ifconfig $tun inet6 unplumb > /dev/null 2>&1
6e91bba0d6c6bdabbba62cefae583715a4a58e2aGirish Moodalbail /sbin/ipadm disable-if -t $tun > /dev/null 2>&1
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy # Take down the IP tunnel links
2b24ab6b3865caeede9eeb9db6b83e1d89dcd1eaSebastien Roy echo "Usage: $0 { start | stop }"