ipsec revision 136224
178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $NetBSD: ipsec,v 1.7 2002/03/22 04:33:58 thorpej Exp $ 498184Sgordon# $FreeBSD: head/etc/rc.d/ipsec 136224 2004-10-07 13:55:26Z mtm $ 578344Sobrien# 678344Sobrien 778344Sobrien# PROVIDE: ipsec 8126636Smtm# REQUIRE: root mountcritlocal 998184Sgordon# BEFORE: DAEMON 10136224Smtm# KEYWORD: nojail 1178344Sobrien 1278344Sobrien# it does not really require beforenetlkm. 1378344Sobrien 1478344Sobrien. /etc/rc.subr 1578344Sobrien 1678344Sobrienname="ipsec" 1798184Sgordonrcvar=`set_rcvar` 1878344Sobrienstart_precmd="ipsec_prestart" 1978344Sobrienstart_cmd="ipsec_start" 2078344Sobrienstop_precmd="test -f /etc/ipsec.conf" 2178344Sobrienstop_cmd="ipsec_stop" 2278344Sobrienreload_cmd="ipsec_reload" 2378344Sobrienextra_commands="reload" 24124618Smtmipsec_program="/usr/sbin/setkey" 25124618Smtm# ipsec_file is set by rc.conf 2678344Sobrien 2778344Sobrienipsec_prestart() 2878344Sobrien{ 2998184Sgordon if [ ! -f "$ipsec_file" ]; then 3098184Sgordon warn "$ipsec_file not readable; ipsec start aborted." 3178344Sobrien # 3278344Sobrien # If booting directly to multiuser, send SIGTERM to 3378344Sobrien # the parent (/etc/rc) to abort the boot 3478344Sobrien # 3578344Sobrien if [ "$autoboot" = yes ]; then 3678344Sobrien echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 3778344Sobrien kill -TERM $$ 3878344Sobrien exit 1 3978344Sobrien fi 4078344Sobrien return 1 4178344Sobrien fi 4278344Sobrien return 0 4378344Sobrien} 4478344Sobrien 4578344Sobrienipsec_start() 4678344Sobrien{ 4778344Sobrien echo "Installing ipsec manual keys/policies." 48101085Sume ${ipsec_program} -f $ipsec_file 4978344Sobrien} 5078344Sobrien 5178344Sobrienipsec_stop() 5278344Sobrien{ 5378344Sobrien echo "Clearing ipsec manual keys/policies." 5478344Sobrien 5578344Sobrien # still not 100% sure if we would like to do this. 5678344Sobrien # it is very questionable to do this during shutdown session, since 5778344Sobrien # it can hang any of remaining IPv4/v6 session. 5878344Sobrien # 59101085Sume ${ipsec_program} -F 60101085Sume ${ipsec_program} -FP 6178344Sobrien} 6278344Sobrien 6378344Sobrienipsec_reload() 6478344Sobrien{ 6578344Sobrien echo "Reloading ipsec manual keys/policies." 66101085Sume ${ipsec_program} -F 67101085Sume ${ipsec_program} -FP 68101085Sume ${ipsec_program} -f "$ipsec_file" 6978344Sobrien} 7078344Sobrien 7178344Sobrienload_rc_config $name 7278344Sobrienrun_rc_command "$1" 73