Mercurial Mercurial > sustaining > oi_151a > sfw-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
usr/src/cmd/tor/tor.sh
author Jon Tibble <meths@btinternet.com>
Fri, 10 Feb 2012 16:19:42 +0000
branchoi_151a
changeset 114 b6d40d0a7b17
parent 0 b34509ac961f
permissions -rwxr-xr-x
Added tag oi_151a_prestable1 for changeset b1282e88c680

#!/sbin/sh
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident	"@(#)tor.sh	1.1	09/05/14 SMI"
#

. /lib/svc/share/smf_include.sh

# SMF_FMRI is the name of the target service. This allows multiple instances 
# to use the same script.

if [ -z "$SMF_FMRI" ]; then
	echo "SMF framework variables are not initialized."
	exit $SMF_EXIT_ERR
fi

tor_start() 	{
	# Raise the number of file descriptors
	/usr/bin/ulimit -n 1024 2>&1 > /dev/null
	/usr/lib/tor 2>&1 > /dev/null
}
	
tor_stop()	{
	/usr/bin/pkill -x tor 2>&1 > /dev/null
}

#
# Parse the various "*Port" and "*ListenAddress" parameters
# from the Tor config file (/etc/torrc) and create IPF rules.
#
find_ports()
{
	port=$1
	addr=$2

	# If this is non-zero, it is in use.
	p=`grep "^$port" /etc/torrc 2>/dev/null | \
		awk '{print $2}'`

	if [ ! -z "$p" ]; then
		echo "# Tor $port rules" >> ipf_file
	fi

	for i in $p; do
		generate_rules $FMRI $policy "tcp" "any" $i $ipf_file
	done

	# Alternate *Address parameter may specify another port
	a=`grep "^$addr" /etc/torrc 2>/dev/null | \
		awk '{print $2}'`

	if [ ! -z "$a" ]; then
		echo "# Tor $addr rules" >> $ipf_file
	fi

	for i in $a; do
		p=`echo "$i" | sed -e 's/.*://'`
		ip=`echo "$i" | sed -e 's/:.*//'`
		#
		# We don't need to add 0.0.0.0 IP
		#
		if [ "$ip" = "0.0.0.0" ]; then
			ip=''
		fi
		if [ ! -z "$p" ]; then
			generate_rules $FMRI $policy "tcp" "any" $ip $p $ipf_file
		fi
	done
	return $?
}

create_ipf_rules()
{
	FMRI=$1

	#
	# If Tor is not configured, there are no rules to add
	#
	if [  ! -f /etc/torrc ]; then
		return;
	fi

	ipf_file=`fmri_to_file ${FMRI} $IPF_SUFFIX`
	policy=`get_policy ${FMRI}`

	echo "# $FMRI" >$ipf_file

	#
	# Tor may be configured to listen on a specific Port or
	# it may be configured to a specific interface:port combination
	# so we look for both parameters for the various Tor ports in the
	# config file.
	#
	find_ports SocksPort SocksListenAddress

	find_ports ORPort ORListenAddress

	find_ports DirPort DirListenAddress

	find_ports HiddenServicePort __no_addr_param__

	find_ports ControlPort __no_addr_param__
}

case "$1" in
'start')
	tor_start 
	;;

'stop')
	tor_stop
	;;

'ipfilter')
	create_ipf_rules $2
	;;

*)
	echo "Usage: $0 {start|stop|ipfilter}"
	exit 1
	;;

esac
exit $SMF_EXIT_OK
sustaining/oi_151a/sfw-gate