<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
 Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 Use is subject to license terms.

 CDDL HEADER START

 The contents of this file are subject to the terms of the
 Common Development and Distribution License, Version 1.0 only
 (the "License").  You may not use this file except in compliance
 with the License.

 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 or http://www.opensolaris.org/os/licensing.
 See the License for the specific language governing permissions
 and limitations under the License.

 When distributing Covered Code, include this CDDL HEADER in each
 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 If applicable, add the following below this CDDL HEADER, with the
 fields enclosed by brackets "[]" replaced with your own identifying
 information: Portions Copyright [yyyy] [name of copyright owner]

 CDDL HEADER END

    NOTE:  This service manifest is not editable; its contents will
    be overwritten by package or patch operations, including
    operating system upgrade.  Make customizations in a different
    file.

  To use this service, do the following:
    1) Copy this file to /var/svc/manifest/network/network-anon.xml
       with read permissions (444) only
    2) As root, run:
         svccfg import /var/svc/manifest/network/network-anon.xml
    3) Copy the network-anon script to /lib/svc/method/network-anon
       with read and execute permissions (555) only
       This script just runs the appropriate ndd command.

#!/sbin/sh

. /lib/svc/share/smf_include.sh

/usr/sbin/ndd -set /dev/udp udp_smallest_anon_port 32800

# Clear exit status.
exit $SMF_EXIT_OK

    4) As root, run:
         svcadm enable anon
    5) Daemons already running that have anonymous ports assigned and
       which fall between 32767 and the new value of
       udp_smallest_anon_port
       will need to be restarted to release the ports and use the new
       parameter value. Rebooting would also guarentee this happens.

  Alternatively, do this during jumpstart:
    - Install this file as /var/svc/manifest/network/network-anon.xml
    - Place the appropriate shell script at /lib/svc/method/network-anon
    - Enable the anon service

  This service attempts to assure that an additional range of anonymous
  ports for UDP traffic are protected by setting the network parameter
  udp_smallest_anon_port
  while delaying the startup of various system daemons that use an
  anonymous port until the parameter is set properly. The SNMP daemons
  are the most notable cases that must be delayed, though there may be
  other daemons, and especially those that are customer installed.

  The actual value assigned to udp_smallest_anon_port is defined in the
  method file /lib/svc/method/network/network-anon .

  There is no a priori way to guarantee either that this script will
  catch all possible daemons using anon ports or the timing of any
  particular daemon starting up against others (except via explicit SMF
  dependency definitions). If it is suspected that some daemon is using
  an anonymous port below the new value of the parameter (lsof from
  sunfreeware.com is your friend), then copy one of the "dependent" (NOT
  "dependency") blocks below and change the name and FMRI fields as
  appropriate to make that service dependent upon this one.

-->

<service_bundle type='manifest' name='network-anon'>

<service
	name='network/anon'
	type='service'
	version='1'>

	<create_default_instance enabled='false' />

	<!-- Wait for local filesystems to be available -->
	<dependency
		name='fs-local'
		grouping='require_all'
		restart_on='none'
		type='service'>
		<service_fmri value='svc:/system/filesystem/local' />
	</dependency>

	<!-- run the method before daemons start -->
	<!-- add dependent blocks here for other daemons as needed -->
	<!-- copy one of the below blocks, then change name and FMRI -->

	<!-- sma - snmpd is the primary daemon -->
	<dependent
		name='anon_sma'
		grouping='optional_all'
		restart_on='none'>
		<service_fmri value='svc:/application/management/sma' />
	</dependent>

	<!-- seaport - snmpdx and dim are dependent on seaport -->
	<dependent
		name='anon_seaport'
		grouping='optional_all'
		restart_on='none'>
		<service_fmri value='svc:/application/management/seaport' />
	</dependent>

	<!-- end of dependent blocks -->

	<exec_method
		type='method'
		name='start'
		exec='/lib/svc/method/network-anon'
		timeout_seconds='300' />

	<exec_method
		type='method'
		name='stop'
		exec=':true'
		timeout_seconds='60' />

	<!--
             Re-running the script shouldn't interrupt service, so just
	     do so when the admin runs "svcadm refresh anon".
	-->
	<exec_method
		type='method'
		name='refresh'
		exec='/lib/svc/method/network-anon'
		timeout_seconds='300' />

	<property_group name='startd' type='framework'>
		<propval name='duration' type='astring' value='transient' />
	</property_group>

	<stability value='Unstable' />

	<template>
		<common_name>
			<loctext xml:lang='C'> network specific ndd commands
			</loctext>
		</common_name>
		<documentation>
			<manpage title='ndd' section='1M'
				manpath='/usr/share/man' />
		</documentation>
	</template>
</service>

</service_bundle>
