Cross Reference: /illumos-gate/usr/src/cmd/svc/milestone/net-iptun

	net-iptun revision 36e852a172cba914383d7341c988128b2c667fbd
32N/A#!/sbin/sh
32N/A#
1339N/A# CDDL HEADER START
32N/A#
32N/A# The contents of this file are subject to the terms of the
919N/A# Common Development and Distribution License (the "License").
919N/A# You may not use this file except in compliance with the License.
919N/A#
919N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
919N/A# or http://www.opensolaris.org/os/licensing.
919N/A# See the License for the specific language governing permissions
919N/A# and limitations under the License.
919N/A#
919N/A# When distributing Covered Code, include this CDDL HEADER in each
919N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
919N/A# If applicable, add the following below this CDDL HEADER, with the
919N/A# fields enclosed by brackets "[]" replaced with your own identifying
919N/A# information: Portions Copyright [yyyy] [name of copyright owner]
919N/A#
919N/A# CDDL HEADER END
919N/A#
919N/A#
32N/A# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
32N/A# Use is subject to license terms.
32N/A#
32N/A# This service configures IP tunnel links and IP interfaces over IP
493N/A# tunnels.
32N/A#
32N/A
1062N/A. /lib/svc/share/smf_include.sh
32N/A
911N/A#
1062N/A# Configure tunnels which were deferred by /lib/svc/method/net-physical (the
1062N/A# svc:/network/physical service) since it depends on the tunnel source
911N/A# addresses being available.
32N/A#
970N/A# WARNING: you may wish to turn OFF forwarding if you haven't already, because
970N/A# of various possible security vulnerabilities when configuring tunnels for
970N/A# Virtual Private Network (VPN) construction.
970N/A#
970N/A# Also, if names are used in the /etc/hostname*.* files, those names have to
32N/A# be in either DNS (and DNS is used) or in /etc/hosts, because this file is
1339N/A# executed before NIS is started.
1339N/A#
1339N/A
32N/A#
32N/A# get_tunnel_links: print the names of the tunnel links currently configured
# on the running system.
#
get_tunnel_links ()
{
    /sbin/dladm show-iptun -p -o link
}

# plumb_tunnel <intf_name> <net_type> <intf_file>
plumb_tunnel ()
{
    /sbin/ifconfig $1 $2 plumb
    while read ifcmds; do
    if [ -n "$ifcmds" ]; then
        /sbin/ifconfig $1 $2 $ifcmds
    fi
    done < $3 > /dev/null
    /sbin/ifconfig $1 $2 up
}

case "$1" in
start)
    # First, bring up tunnel links
    /sbin/dladm up-iptun

    #
    # Get the list of IP tunnel interfaces we'll need to configure.  These
    # are comprised of IP interfaces over the tunnels we've just brought
    # up in the above dladm command, and the implicit tunnels named "ip.*"
    # that we'll also create for backward compatibility.  When we build
    # the list of implicit tunnels, we have to make sure that they're not
    # different kinds of links that are simply named "ip.*".
    #
    tunnel_links=`get_tunnel_links`
    implicit_tunnel_names=`/usr/bin/ls -1 /etc/hostname.ip*.*[0-9] \
        /etc/hostname6.ip*.*[0-9] 2> /dev/null | /usr/bin/cut -f2- -d. | \
        /usr/bin/sort -u`
    for intf_name in $implicit_tunnel_names; do
        /sbin/dladm show-link -pP $intf_name > /dev/null 2>&1
        if [ $? -ne 0 ]; then
                implicit_tunnels="$implicit_tunnels $intf_name"
        fi
    done
    tunnel_interfaces=`for intf in $tunnel_links $implicit_tunnels; do \
        echo $intf; done | /usr/bin/sort -u`

    for intf_name in $tunnel_interfaces; do
        if [ -f /etc/hostname.$intf_name ]; then
            plumb_tunnel $intf_name inet /etc/hostname.$intf_name
        fi
        if [ -f /etc/hostname6.$intf_name ]; then
            plumb_tunnel $intf_name inet6 /etc/hostname6.$intf_name
        fi
    done

    #
    # Set 6to4 Relay Router communication support policy and, if
    # applicable, the destination Relay Router IPv4 address.  See
    # /etc/default/inetinit for setting and further info on
    # ACCEPT6TO4RELAY and RELAY6TO4ADDR.  If ACCEPT6TO4RELAY=NO, the
    # default value in the kernel will be used.
    #
    [ -f /etc/default/inetinit ] && . /etc/default/inetinit
    ACCEPT6TO4RELAY=`echo "$ACCEPT6TO4RELAY" | /usr/bin/tr '[A-Z]' '[a-z]'`
    if [ "$ACCEPT6TO4RELAY" = yes ]; then
        if [ "$RELAY6TO4ADDR" ]; then
            /usr/sbin/6to4relay -e -a $RELAY6TO4ADDR
        else
            /usr/sbin/6to4relay -e
        fi
    fi
    ;;

stop)
    tunnel_links=`get_tunnel_links`

    # Unplumb IP interfaces
    for tun in $tunnel_links; do
        /sbin/ifconfig $tun unplumb > /dev/null 2>&1
        /sbin/ifconfig $tun inet6 unplumb > /dev/null 2>&1
    done

    # Take down the IP tunnel links
    /sbin/dladm down-iptun
    ;;

*)
    echo "Usage: $0 { start | stop }"
    exit 1
    ;;
esac

exit $SMF_EXIT_OK