Cross Reference: /illumos-gate/usr/src/cmd/svc/milestone/net-routing-setup

	net-routing-setup revision 36e852a172cba914383d7341c988128b2c667fbd
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews#!/sbin/sh
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#
32098293b78922a5fbd10906afa28624820d3756Tinderbox User# CDDL HEADER START
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User# The contents of this file are subject to the terms of the
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User# Common Development and Distribution License (the "License").
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User# You may not use this file except in compliance with the License.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# or http://www.opensolaris.org/os/licensing.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# See the License for the specific language governing permissions
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# and limitations under the License.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User#
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# When distributing Covered Code, include this CDDL HEADER in each
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# If applicable, add the following below this CDDL HEADER, with the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# fields enclosed by brackets "[]" replaced with your own identifying
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# information: Portions Copyright [yyyy] [name of copyright owner]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# CDDL HEADER END
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# Use is subject to license terms.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# This script configures IP routing.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein. /lib/svc/share/smf_include.sh
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# In a shared-IP zone we need this service to be up, but all of the work
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# it tries to do is irrelevant (and will actually lead to the service
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# failing if we try to do it), so just bail out.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# In the global zone and exclusive-IP zones we proceed.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User#
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinsmf_configure_ip || exit $SMF_EXIT_OK
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User#
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# If routing.conf file is in place, and has not already been read in
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# by previous invokation of routeadm, legacy configuration is upgraded
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# by this call to "routeadm -u".  This call is also needed when
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# a /var/svc/profile/upgrade file is found, as it may contain routeadm commands
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User# which need to be applied.  Finally, routeadm starts in.ndpd by
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User# enabling the ndp service (in.ndpd), which is required for IPv6 address
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# autoconfiguration. It would be nice if we could do this in
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# network/loopback, but since the SMF backend is read-only at that
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User# point in boot, we cannot.
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User#
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User/sbin/routeadm -u
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User
2b4d1b54f6ca406b8233d9e6fea9593df6dad035Tinderbox User#
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# Are we routing dynamically? routeadm(1M) reports this in the
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User# "current" values of ipv4/6-routing - if either are true, we are running
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User# routing daemons (or at least they are enabled to run).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt#
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindynamic_routing_test=`/sbin/routeadm -p | \
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox Usernawk '/^ipv[46]-routing [.]*/ { print $2 }'  | /usr/bin/grep "current=enabled"`
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox Userif [ -n "$dynamic_routing_test" ]; then
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User    dynamic_routing="true"
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updaterfi
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater#
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# Configure default IPv4 routers using the local "/etc/defaultrouter"
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# configuration file.  The file can contain the hostnames or IP
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# addresses of one or more default routers.  If hostnames are used,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# each hostname must also be listed in the local "/etc/hosts" file
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# because NIS is not running at the time that this script is
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# run.  Each router name or address is listed on a single line by
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# itself in the file.  Anything else on that line after the router's
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# name or address is ignored.  Lines that begin with "#" are
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# considered comments and ignored.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User#
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# The default routes listed in the "/etc/defaultrouter" file will
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# replace those added by the kernel during diskless booting.  An
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# empty "/etc/defaultrouter" file will cause the default route
6f64d4ab8e68f9b2333bcbfc755396d29a4a9d7cAutomatic Updater# added by the kernel to be deleted.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt#
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater# Note that the default router file is ignored if we received routes
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# from a DHCP server.  Our policy is to always trust DHCP over local
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User# administration.
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User#
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Huntsmf_netstrategy
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userif [ "$_INIT_NET_STRATEGY" = "dhcp" ] && \
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User    [ -n "`/sbin/dhcpinfo Router`" ]; then
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User    defrouters=`/sbin/dhcpinfo Router`
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox Userelif [ -f /etc/defaultrouter ]; then
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User    defrouters=`/usr/bin/grep -v \^\# /etc/defaultrouter | \
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User        /usr/bin/awk '{print $1}'`
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User    if [ -n "$defrouters" ]; then
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater        #
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        # We want the default router(s) listed in
44d0f0256fbdce130a18655023c3b06bacacbd61Automatic Updater        # /etc/defaultrouter to replace the one added from the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User        # BOOTPARAMS WHOAMI response but we must avoid flushing
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User        # the last route between the running system and its
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User        # /usr file system.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        #
bcf15a19ae0efa72a22cdfb50666a3c6ce39eb9fTinderbox User
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User        # First, remember the original route.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User        shift $#
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User        set -- `/usr/bin/netstat -rn -f inet | \
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            /usr/bin/grep '^default'`
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User        route_IP="$2"
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User        #
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User        # Next, add those from /etc/defaultrouter.  While doing
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User        # this, if one of the routes we add is for the route
af40ebed6257e4ac1996144530b3de317cf4da11Tinderbox User        # previously added as a result of the BOOTPARAMS
983df82baf1d7d0b668c98cf45928a19f175c6e7Tinderbox User        # response, we will see a message of the form:
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User        #       "add net default: gateway a.b.c.d: entry exists"
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User        #
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        do_delete=yes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        for router in $defrouters; do
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            route_added=`/usr/sbin/route -n add default \
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                -gateway $router`
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            res=$?
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            set -- $route_added
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            [ $res -ne 0 -a "$5" = "$route_IP:" ] && do_delete=no
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        done
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        #
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        # Finally, delete the original default route unless it
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        # was also listed in the defaultrouter file.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        #
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        if [ -n "$route_IP" -a $do_delete = yes ]; then
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            /usr/sbin/route -n delete default \
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User                -gateway $route_IP >/dev/null
71c66a876ecca77923638d3f94cc0783152b2f03Mark Andrews        fi
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    else
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        /usr/sbin/route -fn > /dev/null
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    fi
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Huntelse
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    defrouters=
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfi
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User#
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrews# Use routeadm(1M) to configure forwarding and launch routing daemons
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User# for IPv4 and IPv6 based on preset values.  These settings only apply
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# to the global zone.  For IPv4 dynamic routing, the system will default
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# to disabled if a default route was previously added via BOOTP, DHCP,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt# or the /etc/defaultrouter file.  routeadm also starts in.ndpd.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt#
5a4557e8de2951a2796676b5ec4b6a90caa5be14Mark Andrewsif [ "$dynamic_routing" != "true"  ] && [ -z "$defrouters" ]; then
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User    #
dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User    # No default routes were setup by "route" command above.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    # Check the kernel routing table for any other default
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    # routes.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    #
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    /usr/bin/netstat -rn -f inet | \
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        /usr/bin/grep default >/dev/null 2>&1 && defrouters=yes
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfi
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User#
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# The routeadm/ipv4-routing-set property is true if the administrator
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# has run "routeadm -e/-d ipv4-routing".  If not, we revert to the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# appropriate defaults.  We no longer run "routeadm -u" on every boot
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein# however, as persistent daemon state is now controlled by SMF.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Useripv4_routing_set=`/usr/bin/svcprop -p routeadm/ipv4-routing-set $SMF_FMRI`
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userif [ -z "$defrouters" ]; then
acb72d5e2c83b597332e3eb0c7d59e1142f1adfdMark Andrews    #
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    # Set default value for ipv4-routing to enabled.  If routeadm -e/-d
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    # has not yet been run by the administrator, we apply this default.
852ccdd42a71550c974111b49415204ffeca6573Automatic Updater    # The -b option is project-private and informs routeadm not
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    # to treat the enable as administrator-driven.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    #
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    /usr/sbin/svccfg -s $SMF_FMRI \
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater        setprop routeadm/default-ipv4-routing = true
3cddb2c552ee6582e8db0849c28747f6b6ca57feAutomatic Updater    if [ "$ipv4_routing_set" = "false" ]; then
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        /sbin/routeadm -b -e ipv4-routing -u
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    fi
852ccdd42a71550c974111b49415204ffeca6573Automatic Updaterelse
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    #
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    # Default router(s) have been found,  so ipv4-routing default value
66f25f2ceeb589e67efe7af2413baaa3426b0042Automatic Updater    # should be disabled.  If routaedm -e/d has not yet been run by
66f25f2ceeb589e67efe7af2413baaa3426b0042Automatic Updater    # the administrator, we apply this default.  The -b option is
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    # project-private and informs routeadm not to treat the disable as
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    # administrator-driven.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    #
66f25f2ceeb589e67efe7af2413baaa3426b0042Automatic Updater    /usr/sbin/svccfg -s $SMF_FMRI \
66f25f2ceeb589e67efe7af2413baaa3426b0042Automatic Updater        setprop routeadm/default-ipv4-routing = false
66f25f2ceeb589e67efe7af2413baaa3426b0042Automatic Updater    if [ "$ipv4_routing_set" = "false" ]; then
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        /sbin/routeadm -b -d ipv4-routing -u
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    fi
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox Userfi
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater#
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater# Read /etc/inet/static_routes and add each route.
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updater#
38417cbfb1a328c20b5b723b8584a02c57f88897Automatic Updaterif [ -f /etc/inet/static_routes ]; then
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    echo "Adding persistent routes:"
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    /usr/bin/egrep -v "^(#|$)" /etc/inet/static_routes | while read line; do
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        /usr/sbin/route add $line
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    done
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinfi
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User# Clear exit status.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeinexit $SMF_EXIT_OK
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein