ipsec revision 136224 
178344Sobrien#!/bin/sh
278344Sobrien#
398184Sgordon# $NetBSD: ipsec,v 1.7 2002/03/22 04:33:58 thorpej Exp $
498184Sgordon# $FreeBSD: head/etc/rc.d/ipsec 136224 2004-10-07 13:55:26Z mtm $
578344Sobrien#
678344Sobrien
778344Sobrien# PROVIDE: ipsec
8126636Smtm# REQUIRE: root mountcritlocal
998184Sgordon# BEFORE:  DAEMON
10136224Smtm# KEYWORD: nojail
1178344Sobrien
1278344Sobrien#	it does not really require beforenetlkm.
1378344Sobrien
1478344Sobrien. /etc/rc.subr
1578344Sobrien
1678344Sobrienname="ipsec"
1798184Sgordonrcvar=`set_rcvar`
1878344Sobrienstart_precmd="ipsec_prestart"
1978344Sobrienstart_cmd="ipsec_start"
2078344Sobrienstop_precmd="test -f /etc/ipsec.conf"
2178344Sobrienstop_cmd="ipsec_stop"
2278344Sobrienreload_cmd="ipsec_reload"
2378344Sobrienextra_commands="reload"
24124618Smtmipsec_program="/usr/sbin/setkey"
25124618Smtm# ipsec_file is set by rc.conf
2678344Sobrien
2778344Sobrienipsec_prestart()
2878344Sobrien{
2998184Sgordon	if [ ! -f "$ipsec_file" ]; then
3098184Sgordon		warn "$ipsec_file not readable; ipsec start aborted."
3178344Sobrien			#
3278344Sobrien			# If booting directly to multiuser, send SIGTERM to
3378344Sobrien			# the parent (/etc/rc) to abort the boot
3478344Sobrien			#
3578344Sobrien		if [ "$autoboot" = yes ]; then
3678344Sobrien			echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
3778344Sobrien			kill -TERM $$
3878344Sobrien			exit 1
3978344Sobrien		fi
4078344Sobrien		return 1
4178344Sobrien	fi
4278344Sobrien	return 0
4378344Sobrien}
4478344Sobrien
4578344Sobrienipsec_start()
4678344Sobrien{
4778344Sobrien	echo "Installing ipsec manual keys/policies."
48101085Sume	${ipsec_program} -f $ipsec_file
4978344Sobrien}
5078344Sobrien
5178344Sobrienipsec_stop()
5278344Sobrien{
5378344Sobrien	echo "Clearing ipsec manual keys/policies."
5478344Sobrien
5578344Sobrien	# still not 100% sure if we would like to do this.
5678344Sobrien	# it is very questionable to do this during shutdown session, since
5778344Sobrien	# it can hang any of remaining IPv4/v6 session.
5878344Sobrien	#
59101085Sume	${ipsec_program} -F
60101085Sume	${ipsec_program} -FP
6178344Sobrien}
6278344Sobrien
6378344Sobrienipsec_reload()
6478344Sobrien{
6578344Sobrien	echo "Reloading ipsec manual keys/policies."
66101085Sume	${ipsec_program} -F
67101085Sume	${ipsec_program} -FP
68101085Sume	${ipsec_program} -f "$ipsec_file"
6978344Sobrien}
7078344Sobrien
7178344Sobrienload_rc_config $name
7278344Sobrienrun_rc_command "$1"
73