ipsec revision 1.18 
11.1Sitojun#!/bin/sh
21.1Sitojun#
31.18Smartin# $NetBSD: ipsec,v 1.18 2020/09/08 12:52:18 martin Exp $
41.1Sitojun#
51.1Sitojun
61.1Sitojun# PROVIDE: ipsec
71.18Smartin# REQUIRE: root bootconf CRITLOCALMOUNTED tty
81.7Sthorpej# BEFORE:  DAEMON
91.1Sitojun
101.8Smycroft$_rc_subr_loaded . /etc/rc.subr
111.1Sitojun
121.1Sitojunname="ipsec"
131.6Slukemrcvar=$name
141.4Slukemstart_precmd="ipsec_prestart"
151.1Sitojunstart_cmd="ipsec_start"
161.6Slukemstop_precmd="test -f /etc/ipsec.conf"
171.1Sitojunstop_cmd="ipsec_stop"
181.1Sitojunreload_cmd="ipsec_reload"
191.1Sitojunextra_commands="reload"
201.1Sitojun
211.5Slukemipsec_prestart()
221.1Sitojun{
231.1Sitojun	if [ ! -f /etc/ipsec.conf ]; then
241.4Slukem		warn "/etc/ipsec.conf not readable; ipsec start aborted."
251.9Sapb
261.9Sapb		stop_boot
271.4Slukem		return 1
281.1Sitojun	fi
291.4Slukem	return 0
301.4Slukem}
311.4Slukem
321.12Schristosipsec_getip() {
331.14Schristos	ifconfig $1 | while IFS="${IFS}/" read what address rest; do
341.12Schristos		case "$what" in
351.15Schristos		inet)	echo "local v4_addr=$address;";;
361.15Schristos		inet6)	case "$address" in
371.16Skim			fe80:*)	;;
381.15Schristos			*)	echo "local v6_addr=$address;";;
391.15Schristos			esac;;
401.12Schristos		esac
411.12Schristos	done
421.12Schristos}
431.12Schristos
441.13Schristosipsec_load() {
451.13Schristos	if [ -z "$1" ]; then
461.13Schristos		/sbin/setkey -f /etc/ipsec.conf
471.13Schristos	else
481.15Schristos		sed	-e "s/@LOCAL_ADDR@/$1/" \
491.15Schristos			-e "s/@LOCAL_ADDR_V4@/$1/" \
501.15Schristos			-e "s/@LOCAL_ADDR_V6@/$2/" /etc/ipsec.conf | \
511.13Schristos		    /sbin/setkey -f -
521.13Schristos	fi
531.13Schristos}
541.13Schristos
551.13Schristosipsec_configure() {
561.13Schristos	while true; do
571.15Schristos		eval $(ipsec_getip "$ipsec_flags")
581.15Schristos		case "$v4_addr" in
591.13Schristos		'')		sleep 1;;
601.13Schristos		"0.0.0.0")	sleep 1;;
611.15Schristos		*)		ipsec_load "$v4_addr" "$v6_addr"; return;;
621.13Schristos		esac
631.13Schristos	done &
641.13Schristos}
651.13Schristos
661.4Slukemipsec_start()
671.4Slukem{
681.1Sitojun	echo "Installing ipsec manual keys/policies."
691.12Schristos	if [ -n "$ipsec_flags" ]; then
701.13Schristos		ipsec_configure
711.12Schristos	else
721.13Schristos		ipsec_load
731.12Schristos	fi
741.1Sitojun}
751.1Sitojun
761.1Sitojunipsec_stop()
771.1Sitojun{
781.3Sitojun	echo "Clearing ipsec manual keys/policies."
791.1Sitojun
801.1Sitojun	# still not 100% sure if we would like to do this.
811.1Sitojun	# it is very questionable to do this during shutdown session, since
821.1Sitojun	# it can hang any of remaining IPv4/v6 session.
831.1Sitojun	#
841.1Sitojun	/sbin/setkey -F
851.1Sitojun	/sbin/setkey -FP
861.1Sitojun}
871.1Sitojun
881.1Sitojunipsec_reload()
891.1Sitojun{
901.1Sitojun	echo "Reloading ipsec manual keys/policies."
911.12Schristos	ipsec_stop
921.12Schristos	ipsec_start
931.1Sitojun}
941.1Sitojun
951.1Sitojunload_rc_config $name
961.1Sitojunrun_rc_command "$1"
97