etc/rc.d/ipsec

1.1  itojun #!/bin/sh
1.1  itojun #
1.3  itojun # $NetBSD: ipsec,v 1.3 2000/06/14 03:24:16 itojun Exp $
1.1  itojun #
1.1  itojun
1.1  itojun # PROVIDE: ipsec
1.1  itojun # REQUIRE: root beforenetlkm mountcritlocal tty
1.1  itojun
1.1  itojun #	it does not really require beforenetlkm.
1.1  itojun
1.1  itojun . /etc/rc.subr
1.1  itojun
1.1  itojun name="ipsec"
1.1  itojun start_cmd="ipsec_start"
1.1  itojun stop_precmd="checkyesno ipsec && [ -f /etc/ipsec.conf ]"
1.1  itojun stop_cmd="ipsec_stop"
1.1  itojun reload_precmd="$stop_precmd"
1.1  itojun reload_cmd="ipsec_reload"
1.1  itojun extra_commands="reload"
1.1  itojun
1.1  itojun ipsec_start()
1.1  itojun {
1.1  itojun 	if ! checkyesno ipsec; then
1.1  itojun 		return 0
1.1  itojun 	fi
1.1  itojun
1.1  itojun 	# if /etc/ipsec.conf isn't readable, abort the boot rather
1.1  itojun 	# than risk a security problem
1.1  itojun 	#
1.1  itojun 	if [ ! -f /etc/ipsec.conf ]; then
1.1  itojun 		err 1 "/etc/ipsec.conf not readable; ipsec start aborted."
1.1  itojun 	fi
1.2  itojun 	# XXX should check if ipsec.conf is secure enough
1.2  itojun 	#
1.1  itojun 	echo "Installing ipsec manual keys/policies."
1.1  itojun 	/sbin/setkey -f /etc/ipsec.conf
1.1  itojun }
1.1  itojun
1.1  itojun ipsec_stop()
1.1  itojun {
1.3  itojun 	echo "Clearing ipsec manual keys/policies."
1.1  itojun
1.1  itojun 	# still not 100% sure if we would like to do this.
1.1  itojun 	# it is very questionable to do this during shutdown session, since
1.1  itojun 	# it can hang any of remaining IPv4/v6 session.
1.1  itojun 	#
1.1  itojun 	/sbin/setkey -F
1.1  itojun 	/sbin/setkey -FP
1.1  itojun }
1.1  itojun
1.1  itojun ipsec_reload()
1.1  itojun {
1.1  itojun 	echo "Reloading ipsec manual keys/policies."
1.1  itojun 	/sbin/setkey -F
1.1  itojun 	/sbin/setkey -FP
1.1  itojun 	/sbin/setkey -f /etc/ipsec.conf
1.1  itojun }
1.1  itojun
1.1  itojun load_rc_config $name
1.1  itojun run_rc_command "$1"