diff options
Diffstat (limited to 'libexec/rc/rc.d/ipsec')
| -rwxr-xr-x | libexec/rc/rc.d/ipsec | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/libexec/rc/rc.d/ipsec b/libexec/rc/rc.d/ipsec new file mode 100755 index 000000000000..0e7ad213ce67 --- /dev/null +++ b/libexec/rc/rc.d/ipsec @@ -0,0 +1,64 @@ +#!/bin/sh +# +# + +# PROVIDE: ipsec +# REQUIRE: FILESYSTEMS +# BEFORE: DAEMON mountcritremote +# KEYWORD: nojailvnet + +. /etc/rc.subr + +name="ipsec" +desc="Internet Protocol Security protocol" +rcvar="ipsec_enable" +start_precmd="ipsec_prestart" +start_cmd="ipsec_start" +stop_precmd="test -f $ipsec_file" +stop_cmd="ipsec_stop" +reload_cmd="ipsec_reload" +extra_commands="reload" +ipsec_program="/sbin/setkey" +required_modules="ipsec" +# ipsec_file is set by rc.conf + +ipsec_prestart() +{ + if [ ! -f "$ipsec_file" ]; then + warn "$ipsec_file not readable; ipsec start aborted." + stop_boot + return 1 + fi + return 0 +} + +ipsec_start() +{ + echo "Installing ipsec manual keys/policies." + ${ipsec_program} -f $ipsec_file +} + +ipsec_stop() +{ + echo "Clearing ipsec manual keys/policies." + + # Still not 100% sure if we would like to do this. + # It is very questionable to do this during shutdown session + # since it can hang any of the remaining IPv4/v6 sessions. + # + ${ipsec_program} -F + ${ipsec_program} -FP +} + +ipsec_reload() +{ + echo "Reloading ipsec manual keys/policies." + ${ipsec_program} -f "$ipsec_file" +} + +load_rc_config $name + +# doesn't make sense to run in a svcj: config setting +ipsec_svcj="NO" + +run_rc_command "$1" |