PSARC 2006/366 IP Instances

6289221 RFE: Need virtualized ip-stack for each local zone
6512601 panic in ipsec_in_tag - allocation failure
6514637 error message from dhcpagent: add_pkt_opt: option type 60 is missing required value
6364643 RFE: allow persistent setting of interface flags per zone
6307539 RFE: Invalid network address causes zone boot failure
5041214 Allow IPMP configuration with zones
5005887 RFE: zoneadmd should support plumbing an interface via DHCP
4991139 RFE: zones should provide a mechanism to configure a defaultrouter for a zone
6218378 zoneadmd doesn't set the netmask for non-loopback addresses hosted on lo0
4963280 zones: need to virtualize the IPv6 default address selection mechanism
4963285 zones: need support of stateless address autoconfiguration for IPv6
5048068 zones don't boot if one of its interfaces has failed
5057154 RFE: ability to change interface status from within a zone
4963287 zones should support the plumbing of the first (and only) logical interface
4978517 TCP privileged port space should be partitioned per zone
5023347 zones don't work well with network routes other than default
4963372 investigate whether global zone can act as a router for local zones
6378364 RFE: Allow each zone to have its own virtual IPFilter

6 files changed, 71 insertions, 40 deletions

diff --git a/usr/src/cmd/svc/milestone/net-init b/usr/src/cmd/svc/milestone/net-init
index 5862c4edf6..89c0abdb9a 100644
--- a/usr/src/cmd/svc/milestone/net-init
+++ b/usr/src/cmd/svc/milestone/net-init
@@ -20,7 +20,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -39,11 +39,12 @@
 . /lib/svc/share/smf_include.sh
 
 #
-# In a zone we need this service to be up, but all of the work
-# it tries to do is irrelevant (and will actually lead to the service
-# failing if we try to do it), so just bail out.
+# In a shared-IP zone we need this service to be up, but all of the work
+# it tries to do is irrelevant (and will actually lead to the service 
+# failing if we try to do it), so just bail out. 
+# In the global zone and exclusive-IP zones we proceed.
 #
-smf_is_globalzone || exit $SMF_EXIT_OK
+smf_configure_ip || exit $SMF_EXIT_OK
 
 # Configure IPv6 Default Address Selection.
 if [ -f /etc/inet/ipaddrsel.conf ]; then
@@ -56,7 +57,8 @@ fi
 # automatically exit.  Note that it may already be running if we're not
 # executing as part of system boot.
 #
-/usr/bin/pgrep -x -u 0 in.mpathd >/dev/null 2>&1 || /usr/lib/inet/in.mpathd -a
+/usr/bin/pgrep -x -u 0 -z `smf_zonename` in.mpathd >/dev/null 2>&1 || \
+    /usr/lib/inet/in.mpathd -a
 
 #
 # Pass to the kernel the list of supported IPsec protocols and algorithms.
diff --git a/usr/src/cmd/svc/milestone/net-loopback b/usr/src/cmd/svc/milestone/net-loopback
index 9a23eb27b6..3688a206f5 100644
--- a/usr/src/cmd/svc/milestone/net-loopback
+++ b/usr/src/cmd/svc/milestone/net-loopback
@@ -20,7 +20,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 #ident	"%Z%%M%	%I%	%E% SMI"
@@ -28,11 +28,12 @@
 . /lib/svc/share/smf_include.sh
 
 #
-# In a zone we need this service to be up, but all of the work
-# it tries to do is irrelevant (and will actually lead to the service
-# failing if we try to do it), so just bail out.
+# In a shared-IP zone we need this service to be up, but all of the work
+# it tries to do is irrelevant (and will actually lead to the service 
+# failing if we try to do it), so just bail out. 
+# In the global zone and exclusive-IP zones we proceed.
 #
-smf_is_globalzone || exit $SMF_EXIT_OK
+smf_configure_ip || exit $SMF_EXIT_OK
 
 #
 # Cause ifconfig to not automatically start in.mpathd when IPMP groups are
diff --git a/usr/src/cmd/svc/milestone/net-physical b/usr/src/cmd/svc/milestone/net-physical
index 60c4ee8f98..cc260062ae 100644
--- a/usr/src/cmd/svc/milestone/net-physical
+++ b/usr/src/cmd/svc/milestone/net-physical
@@ -20,7 +20,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T.
@@ -33,11 +33,12 @@
 . /lib/svc/share/net_include.sh
 
 #
-# In a zone we need this service to be up, but all of the work
-# it tries to do is irrelevant (and will actually lead to the service
-# failing if we try to do it), so just bail out.
+# In a shared-IP zone we need this service to be up, but all of the work
+# it tries to do is irrelevant (and will actually lead to the service 
+# failing if we try to do it), so just bail out. 
+# In the global zone and exclusive-IP zones we proceed.
 #
-smf_is_globalzone || exit $SMF_EXIT_OK
+smf_configure_ip || exit $SMF_EXIT_OK
 
 # Print warnings to console
 warn_failed_ifs() {
@@ -57,14 +58,16 @@ SUNW_NO_MPATHD=; export SUNW_NO_MPATHD
 
 smf_netstrategy
 
-#
-# Bring up link aggregations and initialize security objects.
-# Note that link property initialization is deferred until after
-# IP interfaces are plumbed to ensure that the links will not
-# be unloaded (and the property settings lost).
-#
-/sbin/dladm up-aggr
-/sbin/dladm init-secobj
+if smf_is_globalzone; then
+	#
+	# Bring up link aggregations and initialize security objects.
+	# Note that link property initialization is deferred until after
+	# IP interfaces are plumbed to ensure that the links will not
+	# be unloaded (and the property settings lost).
+	#
+	/sbin/dladm up-aggr
+	/sbin/dladm init-secobj
+fi
 
 #
 # If the system was net booted by DHCP, hand DHCP management off to the
@@ -197,13 +200,15 @@ if [ -n "$inet6_list" ]; then
 	[ -n "$inet6_failed" ] && warn_failed_ifs "plumb IPv6" $inet6_failed
 fi
 
-#
-# Unfortunately, if a driver unloads and then is subsequently reloaded, no
-# mechanism currently exists to restore the properties of its associated
-# links.  Hence, we wait until after interfaces have been plumbed (above)
-# to initialize link properties.
-#
-/sbin/dladm init-linkprop
+if smf_is_globalzone; then
+	#
+	# Unfortunately, if a driver unloads and then is subsequently reloaded,
+	# no mechanism currently exists to restore the properties of its
+	# associated links.  Hence, we wait until after interfaces have been
+	# plumbed (above) to initialize link properties.
+	#
+	/sbin/dladm init-linkprop
+fi
 
 #
 # Process the /etc/hostname.* files of plumbed IPv4 interfaces.  If an
diff --git a/usr/src/cmd/svc/milestone/net-routing-setup b/usr/src/cmd/svc/milestone/net-routing-setup
index 09f5f4eabe..dbc879e5e1 100644
--- a/usr/src/cmd/svc/milestone/net-routing-setup
+++ b/usr/src/cmd/svc/milestone/net-routing-setup
@@ -20,7 +20,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -30,11 +30,12 @@
 . /lib/svc/share/smf_include.sh
 
 #
-# In a zone we need this service to be up, but all of the work
+# In a shared-IP zone we need this service to be up, but all of the work
 # it tries to do is irrelevant (and will actually lead to the service 
 # failing if we try to do it), so just bail out. 
+# In the global zone and exclusive-IP zones we proceed.
 #
-smf_is_globalzone || exit $SMF_EXIT_OK
+smf_configure_ip || exit $SMF_EXIT_OK
 
 #
 # If routing.conf file is in place, and has not already been read in
diff --git a/usr/src/cmd/svc/milestone/net-svc b/usr/src/cmd/svc/milestone/net-svc
index e71e34c0d4..a91d3d09fa 100644
--- a/usr/src/cmd/svc/milestone/net-svc
+++ b/usr/src/cmd/svc/milestone/net-svc
@@ -20,7 +20,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 #ident	"%Z%%M%	%I%	%E% SMI"
@@ -36,11 +36,12 @@
 case "$1" in
 'start')
 	#
-	# In a zone we need this service to be up, but all of the work
-	# it tries to do is irrelevant (and will actually lead to the service
-	# failing if we try to do it), so just bail out.
+	# In a shared-IP zone we need this service to be up, but all of the
+	# work it tries to do is irrelevant (and will actually lead to the
+	# service failing if we try to do it), so just bail out. 
+	# In the global zone and exclusive-IP zones we proceed.
 	#
-	smf_is_globalzone || exit 0
+	smf_configure_ip || exit 0
 	;; # Fall through -- rest of script is the initialization code
 
 'stop')
diff --git a/usr/src/cmd/svc/shell/smf_include.sh b/usr/src/cmd/svc/shell/smf_include.sh
index 066993fe01..9357c1bfbc 100644
--- a/usr/src/cmd/svc/shell/smf_include.sh
+++ b/usr/src/cmd/svc/shell/smf_include.sh
@@ -20,7 +20,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 #ident	"%Z%%M%	%I%	%E% SMI"
@@ -74,6 +74,27 @@ smf_is_nonglobalzone() {
 	return 1
 }
 
+# smf_configure_ip
+#
+#  Returns zero (success) if this zone needs IP to be configured i.e.
+#  the global zone or has an exclusive stack.  1 otherwise.
+#
+smf_configure_ip() {
+	[ "${SMF_ZONENAME:=`/sbin/zonename`}" = "global" -o \
+	 `/sbin/zonename -t` = exclusive ] && return 0
+	return 1
+}
+
+# smf_dont_configure_ip
+#
+#  Inverse of smf_configure_ip
+#
+smf_dont_configure_ip() {
+	[ "${SMF_ZONENAME:=`/sbin/zonename`}" != "global" -a \
+	 `/sbin/zonename -t` = shared ] && return 0
+	return 1
+}
+
 # smf_is_system_labeled
 #
 #  Returns zero (success) if system is labeled (aka Trusted Extensions).