ipsec revision 168531 
178344Sobrien#!/bin/sh
278344Sobrien#
398184Sgordon# $NetBSD: ipsec,v 1.7 2002/03/22 04:33:58 thorpej Exp $
498184Sgordon# $FreeBSD: head/etc/rc.d/ipsec 168531 2007-04-09 08:53:40Z des $
578344Sobrien#
678344Sobrien
778344Sobrien# PROVIDE: ipsec
8168531Sdes# REQUIRE: FILESYSTEMS
9151272Spjd# BEFORE:  DAEMON mountcritremote
10136224Smtm# KEYWORD: nojail
1178344Sobrien
1278344Sobrien. /etc/rc.subr
1378344Sobrien
1478344Sobrienname="ipsec"
1598184Sgordonrcvar=`set_rcvar`
1678344Sobrienstart_precmd="ipsec_prestart"
1778344Sobrienstart_cmd="ipsec_start"
18154770Spjdstop_precmd="test -f $ipsec_file"
1978344Sobrienstop_cmd="ipsec_stop"
2078344Sobrienreload_cmd="ipsec_reload"
2178344Sobrienextra_commands="reload"
22151270Spjdipsec_program="/sbin/setkey"
23124618Smtm# ipsec_file is set by rc.conf
2478344Sobrien
2578344Sobrienipsec_prestart()
2678344Sobrien{
2798184Sgordon	if [ ! -f "$ipsec_file" ]; then
2898184Sgordon		warn "$ipsec_file not readable; ipsec start aborted."
2978344Sobrien			#
3078344Sobrien			# If booting directly to multiuser, send SIGTERM to
3178344Sobrien			# the parent (/etc/rc) to abort the boot
3278344Sobrien			#
3378344Sobrien		if [ "$autoboot" = yes ]; then
3478344Sobrien			echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
3578344Sobrien			kill -TERM $$
3678344Sobrien			exit 1
3778344Sobrien		fi
3878344Sobrien		return 1
3978344Sobrien	fi
4078344Sobrien	return 0
4178344Sobrien}
4278344Sobrien
4378344Sobrienipsec_start()
4478344Sobrien{
4578344Sobrien	echo "Installing ipsec manual keys/policies."
46101085Sume	${ipsec_program} -f $ipsec_file
4778344Sobrien}
4878344Sobrien
4978344Sobrienipsec_stop()
5078344Sobrien{
5178344Sobrien	echo "Clearing ipsec manual keys/policies."
5278344Sobrien
5378344Sobrien	# still not 100% sure if we would like to do this.
5478344Sobrien	# it is very questionable to do this during shutdown session, since
5578344Sobrien	# it can hang any of remaining IPv4/v6 session.
5678344Sobrien	#
57101085Sume	${ipsec_program} -F
58101085Sume	${ipsec_program} -FP
5978344Sobrien}
6078344Sobrien
6178344Sobrienipsec_reload()
6278344Sobrien{
6378344Sobrien	echo "Reloading ipsec manual keys/policies."
64101085Sume	${ipsec_program} -f "$ipsec_file"
6578344Sobrien}
6678344Sobrien
6778344Sobrienload_rc_config $name
6878344Sobrienrun_rc_command "$1"
69