net-iptun revision 36e852a172cba914383d7341c988128b2c667fbd
04428429c4e689333e3ef8d19a2debeb20d4d15dMark Andrews# CDDL HEADER START
e999539fb3e45b2617571e0e3ecd651992291701Mark Andrews# The contents of this file are subject to the terms of the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# Common Development and Distribution License (the "License").
555d01f4c02295e896a26c649d0ffc8808a0bbdcAutomatic Updater# You may not use this file except in compliance with the License.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington# or http://www.opensolaris.org/os/licensing.
ac4e70ff8955669341f435bc0a734a17c01af124Mark Andrews# See the License for the specific language governing permissions
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# and limitations under the License.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# When distributing Covered Code, include this CDDL HEADER in each
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater# If applicable, add the following below this CDDL HEADER, with the
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews# fields enclosed by brackets "[]" replaced with your own identifying
56874aef380a64a2c183b7c282c3e7a361d67fa1Automatic Updater# information: Portions Copyright [yyyy] [name of copyright owner]
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews# CDDL HEADER END
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews# Use is subject to license terms.
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews# This service configures IP tunnel links and IP interfaces over IP
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington# Configure tunnels which were deferred by /lib/svc/method/net-physical (the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater# svc:/network/physical service) since it depends on the tunnel source
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews# addresses being available.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews# WARNING: you may wish to turn OFF forwarding if you haven't already, because
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews# of various possible security vulnerabilities when configuring tunnels for
f8448666aa53603696bea83de971a05007735d8fMark Andrews# Virtual Private Network (VPN) construction.
3098364bcdd7a719fbafa5fc8d2cc9e90e5a5989Automatic Updater# Also, if names are used in the /etc/hostname*.* files, those names have to
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews# be in either DNS (and DNS is used) or in /etc/hosts, because this file is
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews# executed before NIS is started.
4b2cb1422c7c600fbc13b1cb06a8b4693bc11af8Mark Andrews# get_tunnel_links: print the names of the tunnel links currently configured
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews# on the running system.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson# plumb_tunnel <intf_name> <net_type> <intf_file>
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews while read ifcmds; do
6f046a065e5543f8cd7e2f24991c65d2372f4c8dMark Andrews done < $3 > /dev/null
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews # First, bring up tunnel links
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews # Get the list of IP tunnel interfaces we'll need to configure. These
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews # are comprised of IP interfaces over the tunnels we've just brought
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson # up in the above dladm command, and the implicit tunnels named "ip.*"
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews # that we'll also create for backward compatibility. When we build
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews # the list of implicit tunnels, we have to make sure that they're not
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson # different kinds of links that are simply named "ip.*".
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews implicit_tunnel_names=`/usr/bin/ls -1 /etc/hostname.ip*.*[0-9] \
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews /etc/hostname6.ip*.*[0-9] 2> /dev/null | /usr/bin/cut -f2- -d. | \
2831d2c54acc60414e9ffaf5c702ba475f06754bMark Andrews /sbin/dladm show-link -pP $intf_name > /dev/null 2>&1
dde4bc92964ec60a35212dfed59562580e3265e3Mark Andrews implicit_tunnels="$implicit_tunnels $intf_name"
dde4bc92964ec60a35212dfed59562580e3265e3Mark Andrews tunnel_interfaces=`for intf in $tunnel_links $implicit_tunnels; do \
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater echo $intf; done | /usr/bin/sort -u`
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater plumb_tunnel $intf_name inet /etc/hostname.$intf_name
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater plumb_tunnel $intf_name inet6 /etc/hostname6.$intf_name
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater # Set 6to4 Relay Router communication support policy and, if
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater # applicable, the destination Relay Router IPv4 address. See
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater # /etc/default/inetinit for setting and further info on
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater # ACCEPT6TO4RELAY and RELAY6TO4ADDR. If ACCEPT6TO4RELAY=NO, the
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater # default value in the kernel will be used.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater [ -f /etc/default/inetinit ] && . /etc/default/inetinit
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater ACCEPT6TO4RELAY=`echo "$ACCEPT6TO4RELAY" | /usr/bin/tr '[A-Z]' '[a-z]'`
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater # Unplumb IP interfaces
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater /sbin/ifconfig $tun unplumb > /dev/null 2>&1
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater /sbin/ifconfig $tun inet6 unplumb > /dev/null 2>&1
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater # Take down the IP tunnel links
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews echo "Usage: $0 { start | stop }"