Home | History | Annotate | Line # | Download | only in rc.d
ipsec revision 1.12 
      1   1.1    itojun #!/bin/sh
      2   1.1    itojun #
      3  1.12  christos # $NetBSD: ipsec,v 1.12 2013/06/14 16:37:55 christos Exp $
      4   1.1    itojun #
      5   1.1    itojun 
      6   1.1    itojun # PROVIDE: ipsec
      7  1.11   tsutsui # REQUIRE: root bootconf mountcritlocal tty
      8   1.7   thorpej # BEFORE:  DAEMON
      9   1.1    itojun 
     10   1.8   mycroft $_rc_subr_loaded . /etc/rc.subr
     11   1.1    itojun 
     12   1.1    itojun name="ipsec"
     13   1.6     lukem rcvar=$name
     14   1.4     lukem start_precmd="ipsec_prestart"
     15   1.1    itojun start_cmd="ipsec_start"
     16   1.6     lukem stop_precmd="test -f /etc/ipsec.conf"
     17   1.1    itojun stop_cmd="ipsec_stop"
     18   1.1    itojun reload_cmd="ipsec_reload"
     19   1.1    itojun extra_commands="reload"
     20   1.1    itojun 
     21   1.5     lukem ipsec_prestart()
     22   1.1    itojun {
     23   1.1    itojun 	if [ ! -f /etc/ipsec.conf ]; then
     24   1.4     lukem 		warn "/etc/ipsec.conf not readable; ipsec start aborted."
     25   1.9       apb 
     26   1.9       apb 		stop_boot
     27   1.4     lukem 		return 1
     28   1.1    itojun 	fi
     29   1.4     lukem 	return 0
     30   1.4     lukem }
     31   1.4     lukem 
     32  1.12  christos ipsec_getip() {
     33  1.12  christos 	ifconfig $1 | while read what address rest; do
     34  1.12  christos 		case "$what" in
     35  1.12  christos 		inet)	echo "$address";;
     36  1.12  christos 		esac
     37  1.12  christos 	done
     38  1.12  christos }
     39  1.12  christos 
     40   1.4     lukem ipsec_start()
     41   1.4     lukem {
     42   1.1    itojun 	echo "Installing ipsec manual keys/policies."
     43  1.12  christos 	if [ -n "$ipsec_flags" ]; then
     44  1.12  christos 		sed -e "s/@LOCAL_ADDR@/$(ipsec_getip "$ipsec_flags")/" \
     45  1.12  christos 		    < /etc/ipsec.conf | /sbin/setkey -f -
     46  1.12  christos 	else
     47  1.12  christos 		/sbin/setkey -f /etc/ipsec.conf
     48  1.12  christos 	fi
     49   1.1    itojun }
     50   1.1    itojun 
     51   1.1    itojun ipsec_stop()
     52   1.1    itojun {
     53   1.3    itojun 	echo "Clearing ipsec manual keys/policies."
     54   1.1    itojun 
     55   1.1    itojun 	# still not 100% sure if we would like to do this.
     56   1.1    itojun 	# it is very questionable to do this during shutdown session, since
     57   1.1    itojun 	# it can hang any of remaining IPv4/v6 session.
     58   1.1    itojun 	#
     59   1.1    itojun 	/sbin/setkey -F
     60   1.1    itojun 	/sbin/setkey -FP
     61   1.1    itojun }
     62   1.1    itojun 
     63   1.1    itojun ipsec_reload()
     64   1.1    itojun {
     65   1.1    itojun 	echo "Reloading ipsec manual keys/policies."
     66  1.12  christos 	ipsec_stop
     67  1.12  christos 	ipsec_start
     68   1.1    itojun }
     69   1.1    itojun 
     70   1.1    itojun load_rc_config $name
     71   1.1    itojun run_rc_command "$1"
     72