summaryrefslogtreecommitdiff
path: root/testing/hosts/moon
diff options
context:
space:
mode:
Diffstat (limited to 'testing/hosts/moon')
-rw-r--r--testing/hosts/moon/etc/conf.d/hostname1
-rw-r--r--testing/hosts/moon/etc/conf.d/net11
-rwxr-xr-xtesting/hosts/moon/etc/init.d/iptables76
-rwxr-xr-xtesting/hosts/moon/etc/init.d/net.eth0314
-rwxr-xr-xtesting/hosts/moon/etc/init.d/net.eth1314
-rwxr-xr-xtesting/hosts/moon/etc/ipsec.conf36
-rw-r--r--testing/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem22
-rw-r--r--testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem24
-rw-r--r--testing/hosts/moon/etc/ipsec.d/private/moonKey.pem27
-rw-r--r--testing/hosts/moon/etc/ipsec.secrets7
-rwxr-xr-xtesting/hosts/moon/etc/runlevels/default/net.eth0314
-rwxr-xr-xtesting/hosts/moon/etc/runlevels/default/net.eth1314
12 files changed, 1460 insertions, 0 deletions
diff --git a/testing/hosts/moon/etc/conf.d/hostname b/testing/hosts/moon/etc/conf.d/hostname
new file mode 100644
index 000000000..78e695337
--- /dev/null
+++ b/testing/hosts/moon/etc/conf.d/hostname
@@ -0,0 +1 @@
+HOSTNAME=moon
diff --git a/testing/hosts/moon/etc/conf.d/net b/testing/hosts/moon/etc/conf.d/net
new file mode 100644
index 000000000..7dec60ba5
--- /dev/null
+++ b/testing/hosts/moon/etc/conf.d/net
@@ -0,0 +1,11 @@
+# /etc/conf.d/net:
+
+# This is basically the ifconfig argument without the ifconfig $iface
+#
+iface_lo="127.0.0.1 netmask 255.0.0.0"
+iface_eth0="PH_IP_MOON broadcast 192.168.0.255 netmask 255.255.255.0"
+iface_eth1="PH_IP1_MOON broadcast 10.1.255.255 netmask 255.255.0.0"
+
+# For setting the default gateway
+#
+gateway="eth0/192.168.0.254"
diff --git a/testing/hosts/moon/etc/init.d/iptables b/testing/hosts/moon/etc/init.d/iptables
new file mode 100755
index 000000000..7f46267c2
--- /dev/null
+++ b/testing/hosts/moon/etc/init.d/iptables
@@ -0,0 +1,76 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+opts="start stop reload"
+
+depend() {
+ before net
+ need logger
+}
+
+start() {
+ ebegin "Starting firewall"
+
+ # enable IP forwarding
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+
+ # default policy is DROP
+ /sbin/iptables -P INPUT DROP
+ /sbin/iptables -P OUTPUT DROP
+ /sbin/iptables -P FORWARD DROP
+
+ # allow esp
+ iptables -A INPUT -i eth0 -p 50 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
+
+ # allow IKE
+ iptables -A INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p udp --dport 500 --sport 500 -j ACCEPT
+
+ # allow crl fetch from winnetou
+ iptables -A INPUT -i eth0 -p tcp --sport 80 -s PH_IP_WINNETOU -j ACCEPT
+ iptables -A OUTPUT -o eth0 -p tcp --dport 80 -d PH_IP_WINNETOU -j ACCEPT
+
+ # allow ssh
+ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+ iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
+
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+
+ if [ $a == nat ]; then
+ /sbin/iptables -t nat -P PREROUTING ACCEPT
+ /sbin/iptables -t nat -P POSTROUTING ACCEPT
+ /sbin/iptables -t nat -P OUTPUT ACCEPT
+ elif [ $a == mangle ]; then
+ /sbin/iptables -t mangle -P PREROUTING ACCEPT
+ /sbin/iptables -t mangle -P INPUT ACCEPT
+ /sbin/iptables -t mangle -P FORWARD ACCEPT
+ /sbin/iptables -t mangle -P OUTPUT ACCEPT
+ /sbin/iptables -t mangle -P POSTROUTING ACCEPT
+ elif [ $a == filter ]; then
+ /sbin/iptables -t filter -P INPUT ACCEPT
+ /sbin/iptables -t filter -P FORWARD ACCEPT
+ /sbin/iptables -t filter -P OUTPUT ACCEPT
+ fi
+ done
+ eend $?
+}
+
+reload() {
+ ebegin "Flushing firewall"
+ for a in `cat /proc/net/ip_tables_names`; do
+ /sbin/iptables -F -t $a
+ /sbin/iptables -X -t $a
+ done;
+ eend $?
+ start
+}
+
diff --git a/testing/hosts/moon/etc/init.d/net.eth0 b/testing/hosts/moon/etc/init.d/net.eth0
new file mode 100755
index 000000000..fa1200242
--- /dev/null
+++ b/testing/hosts/moon/etc/init.d/net.eth0
@@ -0,0 +1,314 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+
+#NB: Config is in /etc/conf.d/net
+
+if [[ -n $NET_DEBUG ]]; then
+ set -x
+ devnull=/dev/stderr
+else
+ devnull=/dev/null
+fi
+
+# For pcmcia users. note that pcmcia must be added to the same
+# runlevel as the net.* script that needs it.
+depend() {
+ use hotplug pcmcia
+}
+
+checkconfig() {
+ if [[ -z "${ifconfig_IFACE}" ]]; then
+ eerror "Please make sure that /etc/conf.d/net has \$ifconfig_$IFACE set"
+ eerror "(or \$iface_$IFACE for old-style configuration)"
+ return 1
+ fi
+ if [[ -n "${vlans_IFACE}" && ! -x /sbin/vconfig ]]; then
+ eerror "For VLAN (802.1q) support, emerge net-misc/vconfig"
+ return 1
+ fi
+}
+
+# Fix bug 50039 (init.d/net.eth0 localization)
+# Some other commands in this script might need to be wrapped, but
+# we'll get them one-by-one. Note that LC_ALL trumps LC_anything_else
+# according to locale(7)
+ifconfig() {
+ LC_ALL=C /sbin/ifconfig "$@"
+}
+
+# setup_vars: setup variables based on $1 and content of /etc/conf.d/net
+# The following variables are set, which should be declared local by
+# the calling routine.
+# status_IFACE (up or '')
+# vlans_IFACE (space-separated list)
+# ifconfig_IFACE (array of ifconfig lines, replaces iface_IFACE)
+# dhcpcd_IFACE (command-line args for dhcpcd)
+# routes_IFACE (array of route lines)
+# inet6_IFACE (array of inet6 lines)
+# ifconfig_fallback_IFACE (fallback ifconfig if dhcp fails)
+setup_vars() {
+ local i iface="${1//\./_}"
+
+ status_IFACE="$(ifconfig ${1} 2>${devnull} | gawk '$1 == "UP" {print "up"}')"
+ eval vlans_IFACE=\"\$\{iface_${iface}_vlans\}\"
+ eval ifconfig_IFACE=( \"\$\{ifconfig_$iface\[@\]\}\" )
+ eval dhcpcd_IFACE=\"\$\{dhcpcd_$iface\}\"
+ eval routes_IFACE=( \"\$\{routes_$iface\[@\]\}\" )
+ eval inet6_IFACE=( \"\$\{inet6_$iface\[@\]\}\" )
+ eval ifconfig_fallback_IFACE=( \"\$\{ifconfig_fallback_$iface\[@\]\}\" )
+
+ # BACKWARD COMPATIBILITY: populate the ifconfig_IFACE array
+ # if iface_IFACE is set (fex. iface_eth0 instead of ifconfig_eth0)
+ eval local iface_IFACE=\"\$\{iface_$iface\}\"
+ if [[ -n ${iface_IFACE} && -z ${ifconfig_IFACE} ]]; then
+ # Make sure these get evaluated as arrays
+ local -a aliases broadcasts netmasks
+
+ # Start with the primary interface
+ ifconfig_IFACE=( "${iface_IFACE}" )
+
+ # ..then add aliases
+ eval aliases=( \$\{alias_$iface\} )
+ eval broadcasts=( \$\{broadcast_$iface\} )
+ eval netmasks=( \$\{netmask_$iface\} )
+ for ((i = 0; i < ${#aliases[@]}; i = i + 1)); do
+ ifconfig_IFACE[i+1]="${aliases[i]} ${broadcasts[i]:+broadcast ${broadcasts[i]}} ${netmasks[i]:+netmask ${netmasks[i]}}"
+ done
+ fi
+
+ # BACKWARD COMPATIBILITY: check for space-separated inet6 addresses
+ if [[ ${#inet6_IFACE[@]} == 1 && ${inet6_IFACE} == *' '* ]]; then
+ inet6_IFACE=( ${inet6_IFACE} )
+ fi
+}
+
+iface_start() {
+ local IFACE=${1} i x retval
+ checkconfig || return 1
+
+ if [[ ${ifconfig_IFACE} != dhcp ]]; then
+ # Show the address, but catch if this interface will be inet6 only
+ i=${ifconfig_IFACE%% *}
+ if [[ ${i} == *.*.*.* ]]; then
+ ebegin "Bringing ${IFACE} up (${i})"
+ else
+ ebegin "Bringing ${IFACE} up"
+ fi
+ # ifconfig does not always return failure ..
+ ifconfig ${IFACE} ${ifconfig_IFACE} >${devnull} && \
+ ifconfig ${IFACE} up &>${devnull}
+ eend $? || return $?
+ else
+ # Check that eth0 was not brought up by the kernel ...
+ if [[ ${status_IFACE} == up ]]; then
+ einfo "Keeping kernel configuration for ${IFACE}"
+ else
+ ebegin "Bringing ${IFACE} up via DHCP"
+ /sbin/dhcpcd ${dhcpcd_IFACE} ${IFACE}
+ retval=$?
+ eend $retval
+ if [[ $retval == 0 ]]; then
+ # DHCP succeeded, show address retrieved
+ i=$(ifconfig ${IFACE} | grep -m1 -o 'inet addr:[^ ]*' |
+ cut -d: -f2)
+ [[ -n ${i} ]] && einfo " ${IFACE} received address ${i}"
+ elif [[ -n "${ifconfig_fallback_IFACE}" ]]; then
+ # DHCP failed, try fallback.
+ # Show the address, but catch if this interface will be inet6 only
+ i=${ifconfig_fallback_IFACE%% *}
+ if [[ ${i} == *.*.*.* ]]; then
+ ebegin "Using fallback configuration (${i}) for ${IFACE}"
+ else
+ ebegin "Using fallback configuration for ${IFACE}"
+ fi
+ ifconfig ${IFACE} ${ifconfig_fallback_IFACE} >${devnull} && \
+ ifconfig ${IFACE} up &>${devnull}
+ eend $? || return $?
+ else
+ return $retval
+ fi
+ fi
+ fi
+
+ if [[ ${#ifconfig_IFACE[@]} -gt 1 ]]; then
+ einfo " Adding aliases"
+ for ((i = 1; i < ${#ifconfig_IFACE[@]}; i = i + 1)); do
+ ebegin " ${IFACE}:${i} (${ifconfig_IFACE[i]%% *})"
+ ifconfig ${IFACE}:${i} ${ifconfig_IFACE[i]}
+ eend $?
+ done
+ fi
+
+ if [[ -n ${inet6_IFACE} ]]; then
+ einfo " Adding inet6 addresses"
+ for ((i = 0; i < ${#inet6_IFACE[@]}; i = i + 1)); do
+ ebegin " ${IFACE} inet6 add ${inet6_IFACE[i]}"
+ ifconfig ${IFACE} inet6 add ${inet6_IFACE[i]} >${devnull}
+ eend $?
+ done
+ fi
+
+ # Set static routes
+ if [[ -n ${routes_IFACE} ]]; then
+ einfo " Adding routes"
+ for ((i = 0; i < ${#routes_IFACE[@]}; i = i + 1)); do
+ ebegin " ${routes_IFACE[i]}"
+ /sbin/route add ${routes_IFACE[i]}
+ eend $?
+ done
+ fi
+
+ # Set default route if applicable to this interface
+ if [[ ${gateway} == ${IFACE}/* ]]; then
+ local ogw=$(/bin/netstat -rn | awk '$1 == "0.0.0.0" {print $2}')
+ local gw=${gateway#*/}
+ if [[ ${ogw} != ${gw} ]]; then
+ ebegin " Setting default gateway ($gw)"
+
+ # First delete any existing route if it was setup by kernel...
+ /sbin/route del default dev ${IFACE} &>${devnull}
+
+ # Second delete old gateway if it was set...
+ /sbin/route del default gw ${ogw} &>${devnull}
+
+ # Third add our new default gateway
+ /sbin/route add default gw ${gw} >${devnull}
+ eend $? || {
+ true # need to have some command in here
+ # Note: This originally called stop, which is obviously
+ # wrong since it's calling with a local version of IFACE.
+ # The below code works correctly to abort configuration of
+ # the interface, but is commented because we're assuming
+ # that default route failure should not cause the interface
+ # to be unconfigured.
+ #local error=$?
+ #ewarn "Aborting configuration of ${IFACE}"
+ #iface_stop ${IFACE}
+ #return ${error}
+ }
+ fi
+ fi
+
+ # Enabling rp_filter causes wacky packets to be auto-dropped by
+ # the kernel. Note that we only do this if it is not set via
+ # /etc/sysctl.conf ...
+ if [[ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter && \
+ -z "$(grep -s '^[^#]*rp_filter' /etc/sysctl.conf)" ]]; then
+ echo -n 1 > /proc/sys/net/ipv4/conf/${IFACE}/rp_filter
+ fi
+}
+
+# iface_stop: bring down an interface. Don't trust information in
+# /etc/conf.d/net since the configuration might have changed since
+# iface_start ran. Instead query for current configuration and bring
+# down the interface.
+iface_stop() {
+ local IFACE=${1} i x aliases inet6 count
+
+ # Try to do a simple down (no aliases, no inet6, no dhcp)
+ aliases="$(ifconfig | grep -o "^$IFACE:[0-9]*" | tac)"
+ inet6="$(ifconfig ${IFACE} | awk '$1 == "inet6" {print $2}')"
+ if [[ -z ${aliases} && -z ${inet6} && ! -e /var/run/dhcpcd-${IFACE}.pid ]]; then
+ ebegin "Bringing ${IFACE} down"
+ ifconfig ${IFACE} down &>/dev/null
+ eend 0
+ return 0
+ fi
+
+ einfo "Bringing ${IFACE} down"
+
+ # Stop aliases before primary interface.
+ # Note this must be done in reverse order, since ifconfig eth0:1
+ # will remove eth0:2, etc. It might be sufficient to simply remove
+ # the base interface but we're being safe here.
+ for i in ${aliases} ${IFACE}; do
+
+ # Delete all the inet6 addresses for this interface
+ inet6="$(ifconfig ${i} | awk '$1 == "inet6" {print $3}')"
+ if [[ -n ${inet6} ]]; then
+ einfo " Removing inet6 addresses"
+ for x in ${inet6}; do
+ ebegin " ${IFACE} inet6 del ${x}"
+ ifconfig ${i} inet6 del ${x}
+ eend $?
+ done
+ fi
+
+ # Stop DHCP (should be N/A for aliases)
+ # Don't trust current configuration... investigate ourselves
+ if /sbin/dhcpcd -z ${i} &>${devnull}; then
+ ebegin " Releasing DHCP lease for ${IFACE}"
+ for ((count = 0; count < 9; count = count + 1)); do
+ /sbin/dhcpcd -z ${i} &>${devnull} || break
+ sleep 1
+ done
+ [[ ${count} -lt 9 ]]
+ eend $? "Timed out"
+ fi
+ ebegin " Stopping ${i}"
+ ifconfig ${i} down &>${devnull}
+ eend 0
+ done
+
+ return 0
+}
+
+start() {
+ # These variables are set by setup_vars
+ local status_IFACE vlans_IFACE dhcpcd_IFACE
+ local -a ifconfig_IFACE routes_IFACE inet6_IFACE
+
+ # Call user-defined preup function if it exists
+ if [[ $(type -t preup) == function ]]; then
+ einfo "Running preup function"
+ preup ${IFACE} || {
+ eerror "preup ${IFACE} failed"
+ return 1
+ }
+ fi
+
+ # Start the primary interface and aliases
+ setup_vars ${IFACE}
+ iface_start ${IFACE} || return 1
+
+ # Start vlans
+ local vlan
+ for vlan in ${vlans_IFACE}; do
+ /sbin/vconfig add ${IFACE} ${vlan} >${devnull}
+ setup_vars ${IFACE}.${vlan}
+ iface_start ${IFACE}.${vlan}
+ done
+
+ # Call user-defined postup function if it exists
+ if [[ $(type -t postup) == function ]]; then
+ einfo "Running postup function"
+ postup ${IFACE}
+ fi
+}
+
+stop() {
+ # Call user-defined predown function if it exists
+ if [[ $(type -t predown) == function ]]; then
+ einfo "Running predown function"
+ predown ${IFACE}
+ fi
+
+ # Don't depend on setup_vars since configuration might have changed.
+ # Investigate current configuration instead.
+ local vlan
+ for vlan in $(ifconfig | grep -o "^${IFACE}\.[^ ]*"); do
+ iface_stop ${vlan}
+ /sbin/vconfig rem ${vlan} >${devnull}
+ done
+
+ iface_stop ${IFACE} || return 1 # always succeeds, btw
+
+ # Call user-defined postdown function if it exists
+ if [[ $(type -t postdown) == function ]]; then
+ einfo "Running postdown function"
+ postdown ${IFACE}
+ fi
+}
+
+# vim:ts=4
diff --git a/testing/hosts/moon/etc/init.d/net.eth1 b/testing/hosts/moon/etc/init.d/net.eth1
new file mode 100755
index 000000000..fa1200242
--- /dev/null
+++ b/testing/hosts/moon/etc/init.d/net.eth1
@@ -0,0 +1,314 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+
+#NB: Config is in /etc/conf.d/net
+
+if [[ -n $NET_DEBUG ]]; then
+ set -x
+ devnull=/dev/stderr
+else
+ devnull=/dev/null
+fi
+
+# For pcmcia users. note that pcmcia must be added to the same
+# runlevel as the net.* script that needs it.
+depend() {
+ use hotplug pcmcia
+}
+
+checkconfig() {
+ if [[ -z "${ifconfig_IFACE}" ]]; then
+ eerror "Please make sure that /etc/conf.d/net has \$ifconfig_$IFACE set"
+ eerror "(or \$iface_$IFACE for old-style configuration)"
+ return 1
+ fi
+ if [[ -n "${vlans_IFACE}" && ! -x /sbin/vconfig ]]; then
+ eerror "For VLAN (802.1q) support, emerge net-misc/vconfig"
+ return 1
+ fi
+}
+
+# Fix bug 50039 (init.d/net.eth0 localization)
+# Some other commands in this script might need to be wrapped, but
+# we'll get them one-by-one. Note that LC_ALL trumps LC_anything_else
+# according to locale(7)
+ifconfig() {
+ LC_ALL=C /sbin/ifconfig "$@"
+}
+
+# setup_vars: setup variables based on $1 and content of /etc/conf.d/net
+# The following variables are set, which should be declared local by
+# the calling routine.
+# status_IFACE (up or '')
+# vlans_IFACE (space-separated list)
+# ifconfig_IFACE (array of ifconfig lines, replaces iface_IFACE)
+# dhcpcd_IFACE (command-line args for dhcpcd)
+# routes_IFACE (array of route lines)
+# inet6_IFACE (array of inet6 lines)
+# ifconfig_fallback_IFACE (fallback ifconfig if dhcp fails)
+setup_vars() {
+ local i iface="${1//\./_}"
+
+ status_IFACE="$(ifconfig ${1} 2>${devnull} | gawk '$1 == "UP" {print "up"}')"
+ eval vlans_IFACE=\"\$\{iface_${iface}_vlans\}\"
+ eval ifconfig_IFACE=( \"\$\{ifconfig_$iface\[@\]\}\" )
+ eval dhcpcd_IFACE=\"\$\{dhcpcd_$iface\}\"
+ eval routes_IFACE=( \"\$\{routes_$iface\[@\]\}\" )
+ eval inet6_IFACE=( \"\$\{inet6_$iface\[@\]\}\" )
+ eval ifconfig_fallback_IFACE=( \"\$\{ifconfig_fallback_$iface\[@\]\}\" )
+
+ # BACKWARD COMPATIBILITY: populate the ifconfig_IFACE array
+ # if iface_IFACE is set (fex. iface_eth0 instead of ifconfig_eth0)
+ eval local iface_IFACE=\"\$\{iface_$iface\}\"
+ if [[ -n ${iface_IFACE} && -z ${ifconfig_IFACE} ]]; then
+ # Make sure these get evaluated as arrays
+ local -a aliases broadcasts netmasks
+
+ # Start with the primary interface
+ ifconfig_IFACE=( "${iface_IFACE}" )
+
+ # ..then add aliases
+ eval aliases=( \$\{alias_$iface\} )
+ eval broadcasts=( \$\{broadcast_$iface\} )
+ eval netmasks=( \$\{netmask_$iface\} )
+ for ((i = 0; i < ${#aliases[@]}; i = i + 1)); do
+ ifconfig_IFACE[i+1]="${aliases[i]} ${broadcasts[i]:+broadcast ${broadcasts[i]}} ${netmasks[i]:+netmask ${netmasks[i]}}"
+ done
+ fi
+
+ # BACKWARD COMPATIBILITY: check for space-separated inet6 addresses
+ if [[ ${#inet6_IFACE[@]} == 1 && ${inet6_IFACE} == *' '* ]]; then
+ inet6_IFACE=( ${inet6_IFACE} )
+ fi
+}
+
+iface_start() {
+ local IFACE=${1} i x retval
+ checkconfig || return 1
+
+ if [[ ${ifconfig_IFACE} != dhcp ]]; then
+ # Show the address, but catch if this interface will be inet6 only
+ i=${ifconfig_IFACE%% *}
+ if [[ ${i} == *.*.*.* ]]; then
+ ebegin "Bringing ${IFACE} up (${i})"
+ else
+ ebegin "Bringing ${IFACE} up"
+ fi
+ # ifconfig does not always return failure ..
+ ifconfig ${IFACE} ${ifconfig_IFACE} >${devnull} && \
+ ifconfig ${IFACE} up &>${devnull}
+ eend $? || return $?
+ else
+ # Check that eth0 was not brought up by the kernel ...
+ if [[ ${status_IFACE} == up ]]; then
+ einfo "Keeping kernel configuration for ${IFACE}"
+ else
+ ebegin "Bringing ${IFACE} up via DHCP"
+ /sbin/dhcpcd ${dhcpcd_IFACE} ${IFACE}
+ retval=$?
+ eend $retval
+ if [[ $retval == 0 ]]; then
+ # DHCP succeeded, show address retrieved
+ i=$(ifconfig ${IFACE} | grep -m1 -o 'inet addr:[^ ]*' |
+ cut -d: -f2)
+ [[ -n ${i} ]] && einfo " ${IFACE} received address ${i}"
+ elif [[ -n "${ifconfig_fallback_IFACE}" ]]; then
+ # DHCP failed, try fallback.
+ # Show the address, but catch if this interface will be inet6 only
+ i=${ifconfig_fallback_IFACE%% *}
+ if [[ ${i} == *.*.*.* ]]; then
+ ebegin "Using fallback configuration (${i}) for ${IFACE}"
+ else
+ ebegin "Using fallback configuration for ${IFACE}"
+ fi
+ ifconfig ${IFACE} ${ifconfig_fallback_IFACE} >${devnull} && \
+ ifconfig ${IFACE} up &>${devnull}
+ eend $? || return $?
+ else
+ return $retval
+ fi
+ fi
+ fi
+
+ if [[ ${#ifconfig_IFACE[@]} -gt 1 ]]; then
+ einfo " Adding aliases"
+ for ((i = 1; i < ${#ifconfig_IFACE[@]}; i = i + 1)); do
+ ebegin " ${IFACE}:${i} (${ifconfig_IFACE[i]%% *})"
+ ifconfig ${IFACE}:${i} ${ifconfig_IFACE[i]}
+ eend $?
+ done
+ fi
+
+ if [[ -n ${inet6_IFACE} ]]; then
+ einfo " Adding inet6 addresses"
+ for ((i = 0; i < ${#inet6_IFACE[@]}; i = i + 1)); do
+ ebegin " ${IFACE} inet6 add ${inet6_IFACE[i]}"
+ ifconfig ${IFACE} inet6 add ${inet6_IFACE[i]} >${devnull}
+ eend $?
+ done
+ fi
+
+ # Set static routes
+ if [[ -n ${routes_IFACE} ]]; then
+ einfo " Adding routes"
+ for ((i = 0; i < ${#routes_IFACE[@]}; i = i + 1)); do
+ ebegin " ${routes_IFACE[i]}"
+ /sbin/route add ${routes_IFACE[i]}
+ eend $?
+ done
+ fi
+
+ # Set default route if applicable to this interface
+ if [[ ${gateway} == ${IFACE}/* ]]; then
+ local ogw=$(/bin/netstat -rn | awk '$1 == "0.0.0.0" {print $2}')
+ local gw=${gateway#*/}
+ if [[ ${ogw} != ${gw} ]]; then
+ ebegin " Setting default gateway ($gw)"
+
+ # First delete any existing route if it was setup by kernel...
+ /sbin/route del default dev ${IFACE} &>${devnull}
+
+ # Second delete old gateway if it was set...
+ /sbin/route del default gw ${ogw} &>${devnull}
+
+ # Third add our new default gateway
+ /sbin/route add default gw ${gw} >${devnull}
+ eend $? || {
+ true # need to have some command in here
+ # Note: This originally called stop, which is obviously
+ # wrong since it's calling with a local version of IFACE.
+ # The below code works correctly to abort configuration of
+ # the interface, but is commented because we're assuming
+ # that default route failure should not cause the interface
+ # to be unconfigured.
+ #local error=$?
+ #ewarn "Aborting configuration of ${IFACE}"
+ #iface_stop ${IFACE}
+ #return ${error}
+ }
+ fi
+ fi
+
+ # Enabling rp_filter causes wacky packets to be auto-dropped by
+ # the kernel. Note that we only do this if it is not set via
+ # /etc/sysctl.conf ...
+ if [[ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter && \
+ -z "$(grep -s '^[^#]*rp_filter' /etc/sysctl.conf)" ]]; then
+ echo -n 1 > /proc/sys/net/ipv4/conf/${IFACE}/rp_filter
+ fi
+}
+
+# iface_stop: bring down an interface. Don't trust information in
+# /etc/conf.d/net since the configuration might have changed since
+# iface_start ran. Instead query for current configuration and bring
+# down the interface.
+iface_stop() {
+ local IFACE=${1} i x aliases inet6 count
+
+ # Try to do a simple down (no aliases, no inet6, no dhcp)
+ aliases="$(ifconfig | grep -o "^$IFACE:[0-9]*" | tac)"
+ inet6="$(ifconfig ${IFACE} | awk '$1 == "inet6" {print $2}')"
+ if [[ -z ${aliases} && -z ${inet6} && ! -e /var/run/dhcpcd-${IFACE}.pid ]]; then
+ ebegin "Bringing ${IFACE} down"
+ ifconfig ${IFACE} down &>/dev/null
+ eend 0
+ return 0
+ fi
+
+ einfo "Bringing ${IFACE} down"
+
+ # Stop aliases before primary interface.
+ # Note this must be done in reverse order, since ifconfig eth0:1
+ # will remove eth0:2, etc. It might be sufficient to simply remove
+ # the base interface but we're being safe here.
+ for i in ${aliases} ${IFACE}; do
+
+ # Delete all the inet6 addresses for this interface
+ inet6="$(ifconfig ${i} | awk '$1 == "inet6" {print $3}')"
+ if [[ -n ${inet6} ]]; then
+ einfo " Removing inet6 addresses"
+ for x in ${inet6}; do
+ ebegin " ${IFACE} inet6 del ${x}"
+ ifconfig ${i} inet6 del ${x}
+ eend $?
+ done
+ fi
+
+ # Stop DHCP (should be N/A for aliases)
+ # Don't trust current configuration... investigate ourselves
+ if /sbin/dhcpcd -z ${i} &>${devnull}; then
+ ebegin " Releasing DHCP lease for ${IFACE}"
+ for ((count = 0; count < 9; count = count + 1)); do
+ /sbin/dhcpcd -z ${i} &>${devnull} || break
+ sleep 1
+ done
+ [[ ${count} -lt 9 ]]
+ eend $? "Timed out"
+ fi
+ ebegin " Stopping ${i}"
+ ifconfig ${i} down &>${devnull}
+ eend 0
+ done
+
+ return 0
+}
+
+start() {
+ # These variables are set by setup_vars
+ local status_IFACE vlans_IFACE dhcpcd_IFACE
+ local -a ifconfig_IFACE routes_IFACE inet6_IFACE
+
+ # Call user-defined preup function if it exists
+ if [[ $(type -t preup) == function ]]; then
+ einfo "Running preup function"
+ preup ${IFACE} || {
+ eerror "preup ${IFACE} failed"
+ return 1
+ }
+ fi
+
+ # Start the primary interface and aliases
+ setup_vars ${IFACE}
+ iface_start ${IFACE} || return 1
+
+ # Start vlans
+ local vlan
+ for vlan in ${vlans_IFACE}; do
+ /sbin/vconfig add ${IFACE} ${vlan} >${devnull}
+ setup_vars ${IFACE}.${vlan}
+ iface_start ${IFACE}.${vlan}
+ done
+
+ # Call user-defined postup function if it exists
+ if [[ $(type -t postup) == function ]]; then
+ einfo "Running postup function"
+ postup ${IFACE}
+ fi
+}
+
+stop() {
+ # Call user-defined predown function if it exists
+ if [[ $(type -t predown) == function ]]; then
+ einfo "Running predown function"
+ predown ${IFACE}
+ fi
+
+ # Don't depend on setup_vars since configuration might have changed.
+ # Investigate current configuration instead.
+ local vlan
+ for vlan in $(ifconfig | grep -o "^${IFACE}\.[^ ]*"); do
+ iface_stop ${vlan}
+ /sbin/vconfig rem ${vlan} >${devnull}
+ done
+
+ iface_stop ${IFACE} || return 1 # always succeeds, btw
+
+ # Call user-defined postdown function if it exists
+ if [[ $(type -t postdown) == function ]]; then
+ einfo "Running postdown function"
+ postdown ${IFACE}
+ fi
+}
+
+# vim:ts=4
diff --git a/testing/hosts/moon/etc/ipsec.conf b/testing/hosts/moon/etc/ipsec.conf
new file mode 100755
index 000000000..a0e97e057
--- /dev/null
+++ b/testing/hosts/moon/etc/ipsec.conf
@@ -0,0 +1,36 @@
+# /etc/ipsec.conf - strongSwan IPsec configuration file
+
+version 2.0 # conforms to second version of ipsec.conf specification
+
+config setup
+ plutodebug=control
+ crlcheckinterval=180
+ strictcrlpolicy=no
+
+conn %default
+ ikelifetime=60m
+ keylife=20m
+ rekeymargin=3m
+ keyingtries=1
+ left=192.168.0.1
+ leftnexthop=%direct
+ leftcert=moonCert.pem
+ leftid=@moon.strongswan.org
+ leftfirewall=yes
+
+conn net-net
+ leftsubnet=10.1.0.0/16
+ right=192.168.0.2
+ rightsubnet=10.2.0.0/16
+ rightid=@sun.strongswan.org
+ auto=add
+
+conn host-host
+ right=192.168.0.2
+ rightid=@sun.strongswan.org
+ auto=add
+
+conn rw
+ leftsubnet=10.1.0.0/16
+ right=%any
+ auto=add
diff --git a/testing/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
new file mode 100644
index 000000000..0de3b268d
--- /dev/null
+++ b/testing/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtTCCAp2gAwIBAgIBADANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA0MDkxMDExMDE0NVoXDTE0MDkwODExMDE0NVowRTELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9u
+Z1N3YW4gUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/y
+X2LqPVZuWLPIeknK86xhz6ljd3NNhC2z+P1uoCP3sBMuZiZQEjFzhnKcbXxCeo2f
+FnvhOOjrrisSuVkzuu82oxXD3fIkzuS7m9V4E10EZzgmKWIf+WuNRfbgAuUINmLc
+4YGAXBQLPyzpP4Ou48hhz/YQo58Bics6PHy5v34qCVROIXDvqhj91P8g+pS+F21/
+7P+CH2jRcVIEHZtG8M/PweTPQ95dPzpYd2Ov6SZ/U7EWmbMmT8VcUYn1aChxFmy5
+gweVBWlkH6MP+1DeE0/tL5c87xo5KCeGK8Tdqpe7sBRC4pPEEHDQciTUvkeuJ1Pr
+K+1LwdqRxo7HgMRiDw8CAwEAAaOBrzCBrDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud
+DwQEAwIBBjAdBgNVHQ4EFgQUXafdcAZRMn7ntm2zteXgYOouTe8wbQYDVR0jBGYw
+ZIAUXafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYD
+VQQKExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3Qg
+Q0GCAQAwDQYJKoZIhvcNAQEEBQADggEBAJrXTj5gWS37myHHhii9drYwkMFyDHS/
+lHU8rW/drcnHdus507+qUhNr9SiEAHg4Ywj895UDvT0a1sFaw44QyEa/94iKA8/n
++g5kS1IrKvWu3wu8UI3EgzChgHV3cncQlQWbK+FI9Y3Ax1O1np1r+wLptoWpKKKE
+UxsYcxP9K4Nbyeon0AIHOajUheiL3t6aRc3m0o7VU7Do6S2r+He+1Zq/nRUfFeTy
+0Atebkn8tmUpPSKWaXkmwpVNrjZ1Qu9umAU+dtJyhzL2zmnyhPC4VqpsKCOp7imy
+gKZvUIKPm1zyf4T+yjwxwkiX2xVseoM3aKswb1EoZFelHwndU7u0GQ8=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem
new file mode 100644
index 000000000..d8fbfa1c9
--- /dev/null
+++ b/testing/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDTCCAvWgAwIBAgIBAzANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJDSDEZ
+MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
+b290IENBMB4XDTA0MDkxMDExMTcyNVoXDTA5MDkwOTExMTcyNVowRjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHDAaBgNVBAMTE21vb24u
+c3Ryb25nc3dhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv
+ri4QmsCnG0N7bxqeUZTQhcmZ/iyN4RsmHwFsiOc06xpnZ7Fbx9gzi/OswU6KGL+F
+f9PfvOY36bDTZU8V2QaL30RQUXz3JlG+jUyP9zjqlhsvVYS/cImvqgo3uUkQ0YCD
+v2SafTlaQfBOaPFElNEP/H2YSiyB6X80IcHsOMYpskVqPY8785FehjF+pxuyRCK+
+9HXmd+iWdnC09u4qgKRa3L0IamU3q1/BK/afkHK2IAIN4YgM7GzepHVD0f7Exf9U
+esJEeh4hDZwSjcMzdybrY9XBxzGqLGPOF128jr+5weUZiBW+RzeBw/gsK1nSPeuX
+Od2lPJjTGj+6V3YK6qibAgMBAAGjggEFMIIBATAJBgNVHRMEAjAAMAsGA1UdDwQE
+AwIDqDAdBgNVHQ4EFgQU5eQQh2wqxL6thUlCpt52WDA6n8EwbQYDVR0jBGYwZIAU
+XafdcAZRMn7ntm2zteXgYOouTe+hSaRHMEUxCzAJBgNVBAYTAkNIMRkwFwYDVQQK
+ExBMaW51eCBzdHJvbmdTd2FuMRswGQYDVQQDExJzdHJvbmdTd2FuIFJvb3QgQ0GC
+AQAwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA5BgNVHR8EMjAwMC6g
+LKAqhihodHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW4uY3JsMA0G
+CSqGSIb3DQEBBAUAA4IBAQAvLykhZnqldrsMcbYB36WzWKk+hOihr5dU3fv8Z4ec
+tsa3gzxXSefDCxGoezVJ4QXdpdNxxFn31A+r1gxKyGI5JL6EyWz6Y462zp9lE7nW
+EIC4ldJwxAXqzDEMcJphO29hApyU9TWsWDa4kL5AKtLFLwH3/Uv/jAzAy+qXIO8h
+wLtB+wcmhSo8OFY9kX/cyhht7eb7yD/r2e3wVBOCRk7jePe4yWhN8NJAKwfrEd1K
+iGq15ymdmeomhplHRsLZwA2VsCspUNZ/eXjG21s3nEoxcCOcQUz3Q7q4ZgBTZoCW
+kAc6FQ5zxoZrmzNWFqzb06jmUVlt7baGtdjT7rEt+dcp
+-----END CERTIFICATE-----
diff --git a/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem
new file mode 100644
index 000000000..89197a447
--- /dev/null
+++ b/testing/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAr64uEJrApxtDe28anlGU0IXJmf4sjeEbJh8BbIjnNOsaZ2ex
+W8fYM4vzrMFOihi/hX/T37zmN+mw02VPFdkGi99EUFF89yZRvo1Mj/c46pYbL1WE
+v3CJr6oKN7lJENGAg79kmn05WkHwTmjxRJTRD/x9mEosgel/NCHB7DjGKbJFaj2P
+O/ORXoYxfqcbskQivvR15nfolnZwtPbuKoCkWty9CGplN6tfwSv2n5BytiACDeGI
+DOxs3qR1Q9H+xMX/VHrCRHoeIQ2cEo3DM3cm62PVwccxqixjzhddvI6/ucHlGYgV
+vkc3gcP4LCtZ0j3rlzndpTyY0xo/uld2CuqomwIDAQABAoIBAECAVQ1npCA2lFo3
+erByB49f75sIhVc6NPuUGrO8uBbn0vPwUGAASdLzKW5eMvXlDDx5qFLXSjdxJ6kV
+4ymEWzDzsmNC5/zeJtkti9S30j/fCPAiF/Ep4oOKjOHUt4zjPqoglVFbdLk8yHwh
+b6Pcd73E2GAXq6uvDTMYydhvJ+KaozAfbXmQ9vf3HbneI6xmgAug209Cu+gpMspW
+4IunMMY/668neRmM7jh+4JNLMqJhCrmQpLkIlRux2yNFzxkF8RrqptGzaLf4KxNF
+rRRUThHUfWmB/EvggzJgUMuVA2Pa0bKNvBbbQuwPqXMxLHMGBjvJ8wimsLzJZeXL
+fgsyPKECgYEA5x//2cmlKL3LbprRpfSzVOPqM3OSeEqseQtPun9Gs7WNVZZVc/ZJ
+O2hjdc9qDGjak3lDSwVbYl8B1kqfGTTLB1sl2171aDJQOWdNV3WQtexUKEhC4Ewn
+yXEDoVGAXJtiCj34QYHjoMEHUqfabKyWKUcaK8hbMsOhYPOorfLXg9MCgYEAwpaP
+W68NJGu5Zxsdz62rOiPNb58cuoxLDZsJ1sMKJO7BdPIqTZ0oGNdgt5phyc3ROBSH
+cjqZdzpim1gXGm4ocGvwg3APNQN6DLBknJNZmHzPd7RLSz2UxhTHRTfHAltQPcmW
+cJVBHsrsS0QnvDndXfzLuLq12S6UZasR5eBdcxkCgYEAizBuOI6DdGG4nceG8lbH
+mRwY8xtq3h66d7skLMBxp9ByaVS76bYsrCZVn6Fl0EtlNuMUb52uRzPIO3F9FwUA
+MFHoHpC1YibKwYdAwKcAm07T7950x/eVDm+NLB2VHDBHfruLQogiubEF4/VKSaA2
+Xm1/iVaD9bJzAZw7vWY9/BkCgYB/Xe9uErGmgkB0BaLIuiNWxfKFOn+id4v01uNk
+yHtOW10TgCNCdDi3sdpjs1CIuAhXDdDuav7itLuwdMOCkFI16+EdF29Mwv7TaW4h
+sq01i5R9BO03zZIg6Z7ZZr4Dg+OM3fNzs65RSn/KcE0V/kYwa/So8MVw5/VIauYn
+MmnYmQKBgDEFWQPyPH242olRqtE0yDp8qVHEjJp7mU822YFbyCyAUnttqOS+/5/u
+Z7H95QZHGaQESL1tcNnaiRASJAKDWjKOdM/TTotWjCn65v+DHvgk/IJeYJVHoGBS
+pBE+wJ8AZJu3t9GVp3PxFxHIjxUrEKG0rli7bYv8F245+Wx8DeXI
+-----END RSA PRIVATE KEY-----
diff --git a/testing/hosts/moon/etc/ipsec.secrets b/testing/hosts/moon/etc/ipsec.secrets
new file mode 100644
index 000000000..c90b4c4a3
--- /dev/null
+++ b/testing/hosts/moon/etc/ipsec.secrets
@@ -0,0 +1,7 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+: RSA moonKey.pem
+
+
+
+
diff --git a/testing/hosts/moon/etc/runlevels/default/net.eth0 b/testing/hosts/moon/etc/runlevels/default/net.eth0
new file mode 100755
index 000000000..fa1200242
--- /dev/null
+++ b/testing/hosts/moon/etc/runlevels/default/net.eth0
@@ -0,0 +1,314 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+
+#NB: Config is in /etc/conf.d/net
+
+if [[ -n $NET_DEBUG ]]; then
+ set -x
+ devnull=/dev/stderr
+else
+ devnull=/dev/null
+fi
+
+# For pcmcia users. note that pcmcia must be added to the same
+# runlevel as the net.* script that needs it.
+depend() {
+ use hotplug pcmcia
+}
+
+checkconfig() {
+ if [[ -z "${ifconfig_IFACE}" ]]; then
+ eerror "Please make sure that /etc/conf.d/net has \$ifconfig_$IFACE set"
+ eerror "(or \$iface_$IFACE for old-style configuration)"
+ return 1
+ fi
+ if [[ -n "${vlans_IFACE}" && ! -x /sbin/vconfig ]]; then
+ eerror "For VLAN (802.1q) support, emerge net-misc/vconfig"
+ return 1
+ fi
+}
+
+# Fix bug 50039 (init.d/net.eth0 localization)
+# Some other commands in this script might need to be wrapped, but
+# we'll get them one-by-one. Note that LC_ALL trumps LC_anything_else
+# according to locale(7)
+ifconfig() {
+ LC_ALL=C /sbin/ifconfig "$@"
+}
+
+# setup_vars: setup variables based on $1 and content of /etc/conf.d/net
+# The following variables are set, which should be declared local by
+# the calling routine.
+# status_IFACE (up or '')
+# vlans_IFACE (space-separated list)
+# ifconfig_IFACE (array of ifconfig lines, replaces iface_IFACE)
+# dhcpcd_IFACE (command-line args for dhcpcd)
+# routes_IFACE (array of route lines)
+# inet6_IFACE (array of inet6 lines)
+# ifconfig_fallback_IFACE (fallback ifconfig if dhcp fails)
+setup_vars() {
+ local i iface="${1//\./_}"
+
+ status_IFACE="$(ifconfig ${1} 2>${devnull} | gawk '$1 == "UP" {print "up"}')"
+ eval vlans_IFACE=\"\$\{iface_${iface}_vlans\}\"
+ eval ifconfig_IFACE=( \"\$\{ifconfig_$iface\[@\]\}\" )
+ eval dhcpcd_IFACE=\"\$\{dhcpcd_$iface\}\"
+ eval routes_IFACE=( \"\$\{routes_$iface\[@\]\}\" )
+ eval inet6_IFACE=( \"\$\{inet6_$iface\[@\]\}\" )
+ eval ifconfig_fallback_IFACE=( \"\$\{ifconfig_fallback_$iface\[@\]\}\" )
+
+ # BACKWARD COMPATIBILITY: populate the ifconfig_IFACE array
+ # if iface_IFACE is set (fex. iface_eth0 instead of ifconfig_eth0)
+ eval local iface_IFACE=\"\$\{iface_$iface\}\"
+ if [[ -n ${iface_IFACE} && -z ${ifconfig_IFACE} ]]; then
+ # Make sure these get evaluated as arrays
+ local -a aliases broadcasts netmasks
+
+ # Start with the primary interface
+ ifconfig_IFACE=( "${iface_IFACE}" )
+
+ # ..then add aliases
+ eval aliases=( \$\{alias_$iface\} )
+ eval broadcasts=( \$\{broadcast_$iface\} )
+ eval netmasks=( \$\{netmask_$iface\} )
+ for ((i = 0; i < ${#aliases[@]}; i = i + 1)); do
+ ifconfig_IFACE[i+1]="${aliases[i]} ${broadcasts[i]:+broadcast ${broadcasts[i]}} ${netmasks[i]:+netmask ${netmasks[i]}}"
+ done
+ fi
+
+ # BACKWARD COMPATIBILITY: check for space-separated inet6 addresses
+ if [[ ${#inet6_IFACE[@]} == 1 && ${inet6_IFACE} == *' '* ]]; then
+ inet6_IFACE=( ${inet6_IFACE} )
+ fi
+}
+
+iface_start() {
+ local IFACE=${1} i x retval
+ checkconfig || return 1
+
+ if [[ ${ifconfig_IFACE} != dhcp ]]; then
+ # Show the address, but catch if this interface will be inet6 only
+ i=${ifconfig_IFACE%% *}
+ if [[ ${i} == *.*.*.* ]]; then
+ ebegin "Bringing ${IFACE} up (${i})"
+ else
+ ebegin "Bringing ${IFACE} up"
+ fi
+ # ifconfig does not always return failure ..
+ ifconfig ${IFACE} ${ifconfig_IFACE} >${devnull} && \
+ ifconfig ${IFACE} up &>${devnull}
+ eend $? || return $?
+ else
+ # Check that eth0 was not brought up by the kernel ...
+ if [[ ${status_IFACE} == up ]]; then
+ einfo "Keeping kernel configuration for ${IFACE}"
+ else
+ ebegin "Bringing ${IFACE} up via DHCP"
+ /sbin/dhcpcd ${dhcpcd_IFACE} ${IFACE}
+ retval=$?
+ eend $retval
+ if [[ $retval == 0 ]]; then
+ # DHCP succeeded, show address retrieved
+ i=$(ifconfig ${IFACE} | grep -m1 -o 'inet addr:[^ ]*' |
+ cut -d: -f2)
+ [[ -n ${i} ]] && einfo " ${IFACE} received address ${i}"
+ elif [[ -n "${ifconfig_fallback_IFACE}" ]]; then
+ # DHCP failed, try fallback.
+ # Show the address, but catch if this interface will be inet6 only
+ i=${ifconfig_fallback_IFACE%% *}
+ if [[ ${i} == *.*.*.* ]]; then
+ ebegin "Using fallback configuration (${i}) for ${IFACE}"
+ else
+ ebegin "Using fallback configuration for ${IFACE}"
+ fi
+ ifconfig ${IFACE} ${ifconfig_fallback_IFACE} >${devnull} && \
+ ifconfig ${IFACE} up &>${devnull}
+ eend $? || return $?
+ else
+ return $retval
+ fi
+ fi
+ fi
+
+ if [[ ${#ifconfig_IFACE[@]} -gt 1 ]]; then
+ einfo " Adding aliases"
+ for ((i = 1; i < ${#ifconfig_IFACE[@]}; i = i + 1)); do
+ ebegin " ${IFACE}:${i} (${ifconfig_IFACE[i]%% *})"
+ ifconfig ${IFACE}:${i} ${ifconfig_IFACE[i]}
+ eend $?
+ done
+ fi
+
+ if [[ -n ${inet6_IFACE} ]]; then
+ einfo " Adding inet6 addresses"
+ for ((i = 0; i < ${#inet6_IFACE[@]}; i = i + 1)); do
+ ebegin " ${IFACE} inet6 add ${inet6_IFACE[i]}"
+ ifconfig ${IFACE} inet6 add ${inet6_IFACE[i]} >${devnull}
+ eend $?
+ done
+ fi
+
+ # Set static routes
+ if [[ -n ${routes_IFACE} ]]; then
+ einfo " Adding routes"
+ for ((i = 0; i < ${#routes_IFACE[@]}; i = i + 1)); do
+ ebegin " ${routes_IFACE[i]}"
+ /sbin/route add ${routes_IFACE[i]}
+ eend $?
+ done
+ fi
+
+ # Set default route if applicable to this interface
+ if [[ ${gateway} == ${IFACE}/* ]]; then
+ local ogw=$(/bin/netstat -rn | awk '$1 == "0.0.0.0" {print $2}')
+ local gw=${gateway#*/}
+ if [[ ${ogw} != ${gw} ]]; then
+ ebegin " Setting default gateway ($gw)"
+
+ # First delete any existing route if it was setup by kernel...
+ /sbin/route del default dev ${IFACE} &>${devnull}
+
+ # Second delete old gateway if it was set...
+ /sbin/route del default gw ${ogw} &>${devnull}
+
+ # Third add our new default gateway
+ /sbin/route add default gw ${gw} >${devnull}
+ eend $? || {
+ true # need to have some command in here
+ # Note: This originally called stop, which is obviously
+ # wrong since it's calling with a local version of IFACE.
+ # The below code works correctly to abort configuration of
+ # the interface, but is commented because we're assuming
+ # that default route failure should not cause the interface
+ # to be unconfigured.
+ #local error=$?
+ #ewarn "Aborting configuration of ${IFACE}"
+ #iface_stop ${IFACE}
+ #return ${error}
+ }
+ fi
+ fi
+
+ # Enabling rp_filter causes wacky packets to be auto-dropped by
+ # the kernel. Note that we only do this if it is not set via
+ # /etc/sysctl.conf ...
+ if [[ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter && \
+ -z "$(grep -s '^[^#]*rp_filter' /etc/sysctl.conf)" ]]; then
+ echo -n 1 > /proc/sys/net/ipv4/conf/${IFACE}/rp_filter
+ fi
+}
+
+# iface_stop: bring down an interface. Don't trust information in
+# /etc/conf.d/net since the configuration might have changed since
+# iface_start ran. Instead query for current configuration and bring
+# down the interface.
+iface_stop() {
+ local IFACE=${1} i x aliases inet6 count
+
+ # Try to do a simple down (no aliases, no inet6, no dhcp)
+ aliases="$(ifconfig | grep -o "^$IFACE:[0-9]*" | tac)"
+ inet6="$(ifconfig ${IFACE} | awk '$1 == "inet6" {print $2}')"
+ if [[ -z ${aliases} && -z ${inet6} && ! -e /var/run/dhcpcd-${IFACE}.pid ]]; then
+ ebegin "Bringing ${IFACE} down"
+ ifconfig ${IFACE} down &>/dev/null
+ eend 0
+ return 0
+ fi
+
+ einfo "Bringing ${IFACE} down"
+
+ # Stop aliases before primary interface.
+ # Note this must be done in reverse order, since ifconfig eth0:1
+ # will remove eth0:2, etc. It might be sufficient to simply remove
+ # the base interface but we're being safe here.
+ for i in ${aliases} ${IFACE}; do
+
+ # Delete all the inet6 addresses for this interface
+ inet6="$(ifconfig ${i} | awk '$1 == "inet6" {print $3}')"
+ if [[ -n ${inet6} ]]; then
+ einfo " Removing inet6 addresses"
+ for x in ${inet6}; do
+ ebegin " ${IFACE} inet6 del ${x}"
+ ifconfig ${i} inet6 del ${x}
+ eend $?
+ done
+ fi
+
+ # Stop DHCP (should be N/A for aliases)
+ # Don't trust current configuration... investigate ourselves
+ if /sbin/dhcpcd -z ${i} &>${devnull}; then
+ ebegin " Releasing DHCP lease for ${IFACE}"
+ for ((count = 0; count < 9; count = count + 1)); do
+ /sbin/dhcpcd -z ${i} &>${devnull} || break
+ sleep 1
+ done
+ [[ ${count} -lt 9 ]]
+ eend $? "Timed out"
+ fi
+ ebegin " Stopping ${i}"
+ ifconfig ${i} down &>${devnull}
+ eend 0
+ done
+
+ return 0
+}
+
+start() {
+ # These variables are set by setup_vars
+ local status_IFACE vlans_IFACE dhcpcd_IFACE
+ local -a ifconfig_IFACE routes_IFACE inet6_IFACE
+
+ # Call user-defined preup function if it exists
+ if [[ $(type -t preup) == function ]]; then
+ einfo "Running preup function"
+ preup ${IFACE} || {
+ eerror "preup ${IFACE} failed"
+ return 1
+ }
+ fi
+
+ # Start the primary interface and aliases
+ setup_vars ${IFACE}
+ iface_start ${IFACE} || return 1
+
+ # Start vlans
+ local vlan
+ for vlan in ${vlans_IFACE}; do
+ /sbin/vconfig add ${IFACE} ${vlan} >${devnull}
+ setup_vars ${IFACE}.${vlan}
+ iface_start ${IFACE}.${vlan}
+ done
+
+ # Call user-defined postup function if it exists
+ if [[ $(type -t postup) == function ]]; then
+ einfo "Running postup function"
+ postup ${IFACE}
+ fi
+}
+
+stop() {
+ # Call user-defined predown function if it exists
+ if [[ $(type -t predown) == function ]]; then
+ einfo "Running predown function"
+ predown ${IFACE}
+ fi
+
+ # Don't depend on setup_vars since configuration might have changed.
+ # Investigate current configuration instead.
+ local vlan
+ for vlan in $(ifconfig | grep -o "^${IFACE}\.[^ ]*"); do
+ iface_stop ${vlan}
+ /sbin/vconfig rem ${vlan} >${devnull}
+ done
+
+ iface_stop ${IFACE} || return 1 # always succeeds, btw
+
+ # Call user-defined postdown function if it exists
+ if [[ $(type -t postdown) == function ]]; then
+ einfo "Running postdown function"
+ postdown ${IFACE}
+ fi
+}
+
+# vim:ts=4
diff --git a/testing/hosts/moon/etc/runlevels/default/net.eth1 b/testing/hosts/moon/etc/runlevels/default/net.eth1
new file mode 100755
index 000000000..fa1200242
--- /dev/null
+++ b/testing/hosts/moon/etc/runlevels/default/net.eth1
@@ -0,0 +1,314 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+
+#NB: Config is in /etc/conf.d/net
+
+if [[ -n $NET_DEBUG ]]; then
+ set -x
+ devnull=/dev/stderr
+else
+ devnull=/dev/null
+fi
+
+# For pcmcia users. note that pcmcia must be added to the same
+# runlevel as the net.* script that needs it.
+depend() {
+ use hotplug pcmcia
+}
+
+checkconfig() {
+ if [[ -z "${ifconfig_IFACE}" ]]; then
+ eerror "Please make sure that /etc/conf.d/net has \$ifconfig_$IFACE set"
+ eerror "(or \$iface_$IFACE for old-style configuration)"
+ return 1
+ fi
+ if [[ -n "${vlans_IFACE}" && ! -x /sbin/vconfig ]]; then
+ eerror "For VLAN (802.1q) support, emerge net-misc/vconfig"
+ return 1
+ fi
+}
+
+# Fix bug 50039 (init.d/net.eth0 localization)
+# Some other commands in this script might need to be wrapped, but
+# we'll get them one-by-one. Note that LC_ALL trumps LC_anything_else
+# according to locale(7)
+ifconfig() {
+ LC_ALL=C /sbin/ifconfig "$@"
+}
+
+# setup_vars: setup variables based on $1 and content of /etc/conf.d/net
+# The following variables are set, which should be declared local by
+# the calling routine.
+# status_IFACE (up or '')
+# vlans_IFACE (space-separated list)
+# ifconfig_IFACE (array of ifconfig lines, replaces iface_IFACE)
+# dhcpcd_IFACE (command-line args for dhcpcd)
+# routes_IFACE (array of route lines)
+# inet6_IFACE (array of inet6 lines)
+# ifconfig_fallback_IFACE (fallback ifconfig if dhcp fails)
+setup_vars() {
+ local i iface="${1//\./_}"
+
+ status_IFACE="$(ifconfig ${1} 2>${devnull} | gawk '$1 == "UP" {print "up"}')"
+ eval vlans_IFACE=\"\$\{iface_${iface}_vlans\}\"
+ eval ifconfig_IFACE=( \"\$\{ifconfig_$iface\[@\]\}\" )
+ eval dhcpcd_IFACE=\"\$\{dhcpcd_$iface\}\"
+ eval routes_IFACE=( \"\$\{routes_$iface\[@\]\}\" )
+ eval inet6_IFACE=( \"\$\{inet6_$iface\[@\]\}\" )
+ eval ifconfig_fallback_IFACE=( \"\$\{ifconfig_fallback_$iface\[@\]\}\" )
+
+ # BACKWARD COMPATIBILITY: populate the ifconfig_IFACE array
+ # if iface_IFACE is set (fex. iface_eth0 instead of ifconfig_eth0)
+ eval local iface_IFACE=\"\$\{iface_$iface\}\"
+ if [[ -n ${iface_IFACE} && -z ${ifconfig_IFACE} ]]; then
+ # Make sure these get evaluated as arrays
+ local -a aliases broadcasts netmasks
+
+ # Start with the primary interface
+ ifconfig_IFACE=( "${iface_IFACE}" )
+
+ # ..then add aliases
+ eval aliases=( \$\{alias_$iface\} )
+ eval broadcasts=( \$\{broadcast_$iface\} )
+ eval netmasks=( \$\{netmask_$iface\} )
+ for ((i = 0; i < ${#aliases[@]}; i = i + 1)); do
+ ifconfig_IFACE[i+1]="${aliases[i]} ${broadcasts[i]:+broadcast ${broadcasts[i]}} ${netmasks[i]:+netmask ${netmasks[i]}}"
+ done
+ fi
+
+ # BACKWARD COMPATIBILITY: check for space-separated inet6 addresses
+ if [[ ${#inet6_IFACE[@]} == 1 && ${inet6_IFACE} == *' '* ]]; then
+ inet6_IFACE=( ${inet6_IFACE} )
+ fi
+}
+
+iface_start() {
+ local IFACE=${1} i x retval
+ checkconfig || return 1
+
+ if [[ ${ifconfig_IFACE} != dhcp ]]; then
+ # Show the address, but catch if this interface will be inet6 only
+ i=${ifconfig_IFACE%% *}
+ if [[ ${i} == *.*.*.* ]]; then
+ ebegin "Bringing ${IFACE} up (${i})"
+ else
+ ebegin "Bringing ${IFACE} up"
+ fi
+ # ifconfig does not always return failure ..
+ ifconfig ${IFACE} ${ifconfig_IFACE} >${devnull} && \
+ ifconfig ${IFACE} up &>${devnull}
+ eend $? || return $?
+ else
+ # Check that eth0 was not brought up by the kernel ...
+ if [[ ${status_IFACE} == up ]]; then
+ einfo "Keeping kernel configuration for ${IFACE}"
+ else
+ ebegin "Bringing ${IFACE} up via DHCP"
+ /sbin/dhcpcd ${dhcpcd_IFACE} ${IFACE}
+ retval=$?
+ eend $retval
+ if [[ $retval == 0 ]]; then
+ # DHCP succeeded, show address retrieved
+ i=$(ifconfig ${IFACE} | grep -m1 -o 'inet addr:[^ ]*' |
+ cut -d: -f2)
+ [[ -n ${i} ]] && einfo " ${IFACE} received address ${i}"
+ elif [[ -n "${ifconfig_fallback_IFACE}" ]]; then
+ # DHCP failed, try fallback.
+ # Show the address, but catch if this interface will be inet6 only
+ i=${ifconfig_fallback_IFACE%% *}
+ if [[ ${i} == *.*.*.* ]]; then
+ ebegin "Using fallback configuration (${i}) for ${IFACE}"
+ else
+ ebegin "Using fallback configuration for ${IFACE}"
+ fi
+ ifconfig ${IFACE} ${ifconfig_fallback_IFACE} >${devnull} && \
+ ifconfig ${IFACE} up &>${devnull}
+ eend $? || return $?
+ else
+ return $retval
+ fi
+ fi
+ fi
+
+ if [[ ${#ifconfig_IFACE[@]} -gt 1 ]]; then
+ einfo " Adding aliases"
+ for ((i = 1; i < ${#ifconfig_IFACE[@]}; i = i + 1)); do
+ ebegin " ${IFACE}:${i} (${ifconfig_IFACE[i]%% *})"
+ ifconfig ${IFACE}:${i} ${ifconfig_IFACE[i]}
+ eend $?
+ done
+ fi
+
+ if [[ -n ${inet6_IFACE} ]]; then
+ einfo " Adding inet6 addresses"
+ for ((i = 0; i < ${#inet6_IFACE[@]}; i = i + 1)); do
+ ebegin " ${IFACE} inet6 add ${inet6_IFACE[i]}"
+ ifconfig ${IFACE} inet6 add ${inet6_IFACE[i]} >${devnull}
+ eend $?
+ done
+ fi
+
+ # Set static routes
+ if [[ -n ${routes_IFACE} ]]; then
+ einfo " Adding routes"
+ for ((i = 0; i < ${#routes_IFACE[@]}; i = i + 1)); do
+ ebegin " ${routes_IFACE[i]}"
+ /sbin/route add ${routes_IFACE[i]}
+ eend $?
+ done
+ fi
+
+ # Set default route if applicable to this interface
+ if [[ ${gateway} == ${IFACE}/* ]]; then
+ local ogw=$(/bin/netstat -rn | awk '$1 == "0.0.0.0" {print $2}')
+ local gw=${gateway#*/}
+ if [[ ${ogw} != ${gw} ]]; then
+ ebegin " Setting default gateway ($gw)"
+
+ # First delete any existing route if it was setup by kernel...
+ /sbin/route del default dev ${IFACE} &>${devnull}
+
+ # Second delete old gateway if it was set...
+ /sbin/route del default gw ${ogw} &>${devnull}
+
+ # Third add our new default gateway
+ /sbin/route add default gw ${gw} >${devnull}
+ eend $? || {
+ true # need to have some command in here
+ # Note: This originally called stop, which is obviously
+ # wrong since it's calling with a local version of IFACE.
+ # The below code works correctly to abort configuration of
+ # the interface, but is commented because we're assuming
+ # that default route failure should not cause the interface
+ # to be unconfigured.
+ #local error=$?
+ #ewarn "Aborting configuration of ${IFACE}"
+ #iface_stop ${IFACE}
+ #return ${error}
+ }
+ fi
+ fi
+
+ # Enabling rp_filter causes wacky packets to be auto-dropped by
+ # the kernel. Note that we only do this if it is not set via
+ # /etc/sysctl.conf ...
+ if [[ -e /proc/sys/net/ipv4/conf/${IFACE}/rp_filter && \
+ -z "$(grep -s '^[^#]*rp_filter' /etc/sysctl.conf)" ]]; then
+ echo -n 1 > /proc/sys/net/ipv4/conf/${IFACE}/rp_filter
+ fi
+}
+
+# iface_stop: bring down an interface. Don't trust information in
+# /etc/conf.d/net since the configuration might have changed since
+# iface_start ran. Instead query for current configuration and bring
+# down the interface.
+iface_stop() {
+ local IFACE=${1} i x aliases inet6 count
+
+ # Try to do a simple down (no aliases, no inet6, no dhcp)
+ aliases="$(ifconfig | grep -o "^$IFACE:[0-9]*" | tac)"
+ inet6="$(ifconfig ${IFACE} | awk '$1 == "inet6" {print $2}')"
+ if [[ -z ${aliases} && -z ${inet6} && ! -e /var/run/dhcpcd-${IFACE}.pid ]]; then
+ ebegin "Bringing ${IFACE} down"
+ ifconfig ${IFACE} down &>/dev/null
+ eend 0
+ return 0
+ fi
+
+ einfo "Bringing ${IFACE} down"
+
+ # Stop aliases before primary interface.
+ # Note this must be done in reverse order, since ifconfig eth0:1
+ # will remove eth0:2, etc. It might be sufficient to simply remove
+ # the base interface but we're being safe here.
+ for i in ${aliases} ${IFACE}; do
+
+ # Delete all the inet6 addresses for this interface
+ inet6="$(ifconfig ${i} | awk '$1 == "inet6" {print $3}')"
+ if [[ -n ${inet6} ]]; then
+ einfo " Removing inet6 addresses"
+ for x in ${inet6}; do
+ ebegin " ${IFACE} inet6 del ${x}"
+ ifconfig ${i} inet6 del ${x}
+ eend $?
+ done
+ fi
+
+ # Stop DHCP (should be N/A for aliases)
+ # Don't trust current configuration... investigate ourselves
+ if /sbin/dhcpcd -z ${i} &>${devnull}; then
+ ebegin " Releasing DHCP lease for ${IFACE}"
+ for ((count = 0; count < 9; count = count + 1)); do
+ /sbin/dhcpcd -z ${i} &>${devnull} || break
+ sleep 1
+ done
+ [[ ${count} -lt 9 ]]
+ eend $? "Timed out"
+ fi
+ ebegin " Stopping ${i}"
+ ifconfig ${i} down &>${devnull}
+ eend 0
+ done
+
+ return 0
+}
+
+start() {
+ # These variables are set by setup_vars
+ local status_IFACE vlans_IFACE dhcpcd_IFACE
+ local -a ifconfig_IFACE routes_IFACE inet6_IFACE
+
+ # Call user-defined preup function if it exists
+ if [[ $(type -t preup) == function ]]; then
+ einfo "Running preup function"
+ preup ${IFACE} || {
+ eerror "preup ${IFACE} failed"
+ return 1
+ }
+ fi
+
+ # Start the primary interface and aliases
+ setup_vars ${IFACE}
+ iface_start ${IFACE} || return 1
+
+ # Start vlans
+ local vlan
+ for vlan in ${vlans_IFACE}; do
+ /sbin/vconfig add ${IFACE} ${vlan} >${devnull}
+ setup_vars ${IFACE}.${vlan}
+ iface_start ${IFACE}.${vlan}
+ done
+
+ # Call user-defined postup function if it exists
+ if [[ $(type -t postup) == function ]]; then
+ einfo "Running postup function"
+ postup ${IFACE}
+ fi
+}
+
+stop() {
+ # Call user-defined predown function if it exists
+ if [[ $(type -t predown) == function ]]; then
+ einfo "Running predown function"
+ predown ${IFACE}
+ fi
+
+ # Don't depend on setup_vars since configuration might have changed.
+ # Investigate current configuration instead.
+ local vlan
+ for vlan in $(ifconfig | grep -o "^${IFACE}\.[^ ]*"); do
+ iface_stop ${vlan}
+ /sbin/vconfig rem ${vlan} >${devnull}
+ done
+
+ iface_stop ${IFACE} || return 1 # always succeeds, btw
+
+ # Call user-defined postdown function if it exists
+ if [[ $(type -t postdown) == function ]]; then
+ einfo "Running postdown function"
+ postdown ${IFACE}
+ fi
+}
+
+# vim:ts=4