ipsec revision 78344
178344Sobrien#!/bin/sh 278344Sobrien# 378344Sobrien# $NetBSD: ipsec,v 1.5 2000/07/21 01:16:07 lukem Exp $ 478344Sobrien# 578344Sobrien 678344Sobrien# PROVIDE: ipsec 778344Sobrien# REQUIRE: root beforenetlkm mountcritlocal tty 878344Sobrien 978344Sobrien# it does not really require beforenetlkm. 1078344Sobrien 1178344Sobrien. /etc/rc.subr 1278344Sobrien 1378344Sobrienname="ipsec" 1478344Sobrienrcvar=$name 1578344Sobrienstart_precmd="ipsec_prestart" 1678344Sobrienstart_cmd="ipsec_start" 1778344Sobrienstop_precmd="test -f /etc/ipsec.conf" 1878344Sobrienstop_cmd="ipsec_stop" 1978344Sobrienreload_cmd="ipsec_reload" 2078344Sobrienextra_commands="reload" 2178344Sobrien 2278344Sobrienipsec_prestart() 2378344Sobrien{ 2478344Sobrien if [ ! -f /etc/ipsec.conf ]; then 2578344Sobrien warn "/etc/ipsec.conf not readable; ipsec start aborted." 2678344Sobrien # 2778344Sobrien # If booting directly to multiuser, send SIGTERM to 2878344Sobrien # the parent (/etc/rc) to abort the boot 2978344Sobrien # 3078344Sobrien if [ "$autoboot" = yes ]; then 3178344Sobrien echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 3278344Sobrien kill -TERM $$ 3378344Sobrien exit 1 3478344Sobrien fi 3578344Sobrien return 1 3678344Sobrien fi 3778344Sobrien return 0 3878344Sobrien} 3978344Sobrien 4078344Sobrienipsec_start() 4178344Sobrien{ 4278344Sobrien echo "Installing ipsec manual keys/policies." 4378344Sobrien /sbin/setkey -f /etc/ipsec.conf 4478344Sobrien} 4578344Sobrien 4678344Sobrienipsec_stop() 4778344Sobrien{ 4878344Sobrien echo "Clearing ipsec manual keys/policies." 4978344Sobrien 5078344Sobrien # still not 100% sure if we would like to do this. 5178344Sobrien # it is very questionable to do this during shutdown session, since 5278344Sobrien # it can hang any of remaining IPv4/v6 session. 5378344Sobrien # 5478344Sobrien /sbin/setkey -F 5578344Sobrien /sbin/setkey -FP 5678344Sobrien} 5778344Sobrien 5878344Sobrienipsec_reload() 5978344Sobrien{ 6078344Sobrien echo "Reloading ipsec manual keys/policies." 6178344Sobrien /sbin/setkey -F 6278344Sobrien /sbin/setkey -FP 6378344Sobrien /sbin/setkey -f /etc/ipsec.conf 6478344Sobrien} 6578344Sobrien 6678344Sobrienload_rc_config $name 6778344Sobrienrun_rc_command "$1" 68