Home | History | Annotate | Line # | Download | only in rc.d
ipsec revision 1.3.4.2 
      1  1.3.4.2  minoura #!/bin/sh
      2  1.3.4.2  minoura #
      3  1.3.4.2  minoura # $NetBSD: ipsec,v 1.3.4.2 2000/06/23 15:46:02 minoura Exp $
      4  1.3.4.2  minoura #
      5  1.3.4.2  minoura 
      6  1.3.4.2  minoura # PROVIDE: ipsec
      7  1.3.4.2  minoura # REQUIRE: root beforenetlkm mountcritlocal tty
      8  1.3.4.2  minoura 
      9  1.3.4.2  minoura #	it does not really require beforenetlkm.
     10  1.3.4.2  minoura 
     11  1.3.4.2  minoura . /etc/rc.subr
     12  1.3.4.2  minoura 
     13  1.3.4.2  minoura name="ipsec"
     14  1.3.4.2  minoura start_cmd="ipsec_start"
     15  1.3.4.2  minoura stop_precmd="checkyesno ipsec && [ -f /etc/ipsec.conf ]"
     16  1.3.4.2  minoura stop_cmd="ipsec_stop"
     17  1.3.4.2  minoura reload_precmd="$stop_precmd"
     18  1.3.4.2  minoura reload_cmd="ipsec_reload"
     19  1.3.4.2  minoura extra_commands="reload"
     20  1.3.4.2  minoura 
     21  1.3.4.2  minoura ipsec_start()
     22  1.3.4.2  minoura {
     23  1.3.4.2  minoura 	if ! checkyesno ipsec; then
     24  1.3.4.2  minoura 		return 0
     25  1.3.4.2  minoura 	fi
     26  1.3.4.2  minoura 
     27  1.3.4.2  minoura 	# if /etc/ipsec.conf isn't readable, abort the boot rather
     28  1.3.4.2  minoura 	# than risk a security problem
     29  1.3.4.2  minoura 	#
     30  1.3.4.2  minoura 	if [ ! -f /etc/ipsec.conf ]; then
     31  1.3.4.2  minoura 		err 1 "/etc/ipsec.conf not readable; ipsec start aborted."
     32  1.3.4.2  minoura 	fi
     33  1.3.4.2  minoura 	# XXX should check if ipsec.conf is secure enough
     34  1.3.4.2  minoura 	#
     35  1.3.4.2  minoura 	echo "Installing ipsec manual keys/policies."
     36  1.3.4.2  minoura 	/sbin/setkey -f /etc/ipsec.conf
     37  1.3.4.2  minoura }
     38  1.3.4.2  minoura 
     39  1.3.4.2  minoura ipsec_stop()
     40  1.3.4.2  minoura {
     41  1.3.4.2  minoura 	echo "Clearing ipsec manual keys/policies."
     42  1.3.4.2  minoura 
     43  1.3.4.2  minoura 	# still not 100% sure if we would like to do this.
     44  1.3.4.2  minoura 	# it is very questionable to do this during shutdown session, since
     45  1.3.4.2  minoura 	# it can hang any of remaining IPv4/v6 session.
     46  1.3.4.2  minoura 	#
     47  1.3.4.2  minoura 	/sbin/setkey -F
     48  1.3.4.2  minoura 	/sbin/setkey -FP
     49  1.3.4.2  minoura }
     50  1.3.4.2  minoura 
     51  1.3.4.2  minoura ipsec_reload()
     52  1.3.4.2  minoura {
     53  1.3.4.2  minoura 	echo "Reloading ipsec manual keys/policies."
     54  1.3.4.2  minoura 	/sbin/setkey -F
     55  1.3.4.2  minoura 	/sbin/setkey -FP
     56  1.3.4.2  minoura 	/sbin/setkey -f /etc/ipsec.conf
     57  1.3.4.2  minoura }
     58  1.3.4.2  minoura 
     59  1.3.4.2  minoura load_rc_config $name
     60  1.3.4.2  minoura run_rc_command "$1"
     61