ipsec revision 78344 
178344Sobrien#!/bin/sh
278344Sobrien#
378344Sobrien# $NetBSD: ipsec,v 1.5 2000/07/21 01:16:07 lukem Exp $
478344Sobrien#
578344Sobrien
678344Sobrien# PROVIDE: ipsec
778344Sobrien# REQUIRE: root beforenetlkm mountcritlocal tty
878344Sobrien
978344Sobrien#	it does not really require beforenetlkm.
1078344Sobrien
1178344Sobrien. /etc/rc.subr
1278344Sobrien
1378344Sobrienname="ipsec"
1478344Sobrienrcvar=$name
1578344Sobrienstart_precmd="ipsec_prestart"
1678344Sobrienstart_cmd="ipsec_start"
1778344Sobrienstop_precmd="test -f /etc/ipsec.conf"
1878344Sobrienstop_cmd="ipsec_stop"
1978344Sobrienreload_cmd="ipsec_reload"
2078344Sobrienextra_commands="reload"
2178344Sobrien
2278344Sobrienipsec_prestart()
2378344Sobrien{
2478344Sobrien	if [ ! -f /etc/ipsec.conf ]; then
2578344Sobrien		warn "/etc/ipsec.conf not readable; ipsec start aborted."
2678344Sobrien			#
2778344Sobrien			# If booting directly to multiuser, send SIGTERM to
2878344Sobrien			# the parent (/etc/rc) to abort the boot
2978344Sobrien			#
3078344Sobrien		if [ "$autoboot" = yes ]; then
3178344Sobrien			echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
3278344Sobrien			kill -TERM $$
3378344Sobrien			exit 1
3478344Sobrien		fi
3578344Sobrien		return 1
3678344Sobrien	fi
3778344Sobrien	return 0
3878344Sobrien}
3978344Sobrien
4078344Sobrienipsec_start()
4178344Sobrien{
4278344Sobrien	echo "Installing ipsec manual keys/policies."
4378344Sobrien	/sbin/setkey -f /etc/ipsec.conf
4478344Sobrien}
4578344Sobrien
4678344Sobrienipsec_stop()
4778344Sobrien{
4878344Sobrien	echo "Clearing ipsec manual keys/policies."
4978344Sobrien
5078344Sobrien	# still not 100% sure if we would like to do this.
5178344Sobrien	# it is very questionable to do this during shutdown session, since
5278344Sobrien	# it can hang any of remaining IPv4/v6 session.
5378344Sobrien	#
5478344Sobrien	/sbin/setkey -F
5578344Sobrien	/sbin/setkey -FP
5678344Sobrien}
5778344Sobrien
5878344Sobrienipsec_reload()
5978344Sobrien{
6078344Sobrien	echo "Reloading ipsec manual keys/policies."
6178344Sobrien	/sbin/setkey -F
6278344Sobrien	/sbin/setkey -FP
6378344Sobrien	/sbin/setkey -f /etc/ipsec.conf
6478344Sobrien}
6578344Sobrien
6678344Sobrienload_rc_config $name
6778344Sobrienrun_rc_command "$1"
68