ipsec revision 151272
198184Sgordon#!/bin/sh 298184Sgordon# 398184Sgordon# $NetBSD: ipsec,v 1.7 2002/03/22 04:33:58 thorpej Exp $ 498184Sgordon# $FreeBSD: head/etc/rc.d/ipsec 151272 2005-10-12 22:14:44Z pjd $ 598184Sgordon# 698184Sgordon 7151806Syar# PROVIDE: ipsec 898184Sgordon# REQUIRE: root mountcritlocal 9136224Smtm# BEFORE: DAEMON mountcritremote 1098184Sgordon# KEYWORD: nojail 1198184Sgordon 12118099Smbr# it does not really require beforenetlkm. 1398184Sgordon 1498184Sgordon. /etc/rc.subr 1598184Sgordon 1698184Sgordonname="ipsec" 1798184Sgordonrcvar=`set_rcvar` 18112849Smtmstart_precmd="ipsec_prestart" 1998184Sgordonstart_cmd="ipsec_start" 2098184Sgordonstop_precmd="test -f /etc/ipsec.conf" 2198184Sgordonstop_cmd="ipsec_stop" 22104980Sschweikhreload_cmd="ipsec_reload" 23104980Sschweikhextra_commands="reload" 2498184Sgordonipsec_program="/sbin/setkey" 2598184Sgordon# ipsec_file is set by rc.conf 2698184Sgordon 2798184Sgordonipsec_prestart() 2898184Sgordon{ 2998184Sgordon if [ ! -f "$ipsec_file" ]; then 3098184Sgordon warn "$ipsec_file not readable; ipsec start aborted." 3198184Sgordon # 3298184Sgordon # If booting directly to multiuser, send SIGTERM to 3398184Sgordon # the parent (/etc/rc) to abort the boot 3498184Sgordon # 3598184Sgordon if [ "$autoboot" = yes ]; then 3698184Sgordon echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" 3798184Sgordon kill -TERM $$ 38143688Sru exit 1 39128714Sphk fi 40128714Sphk return 1 41128714Sphk fi 42143688Sru return 0 43143688Sru} 44156030Swkoszek 4598184Sgordonipsec_start() 4698184Sgordon{ 4798184Sgordon echo "Installing ipsec manual keys/policies." 4898184Sgordon ${ipsec_program} -f $ipsec_file 4998184Sgordon} 5098184Sgordon 5198184Sgordonipsec_stop() 5298184Sgordon{ 53112849Smtm echo "Clearing ipsec manual keys/policies." 54112849Smtm 55112849Smtm # still not 100% sure if we would like to do this. 56112849Smtm # it is very questionable to do this during shutdown session, since 5798184Sgordon # it can hang any of remaining IPv4/v6 session. 58112849Smtm # 59112849Smtm ${ipsec_program} -F 60112849Smtm ${ipsec_program} -FP 6198184Sgordon} 6298184Sgordon 63112849Smtmipsec_reload() 64112849Smtm{ 65112849Smtm echo "Reloading ipsec manual keys/policies." 66112849Smtm ${ipsec_program} -F 67112849Smtm ${ipsec_program} -FP 68128714Sphk ${ipsec_program} -f "$ipsec_file" 69128714Sphk} 70128714Sphk 71112849Smtmload_rc_config $name 72112849Smtmrun_rc_command "$1" 7398184Sgordon