xref: /freebsd/libexec/rc/rc.d/ipsec (revision 7899f917b1c0ea178f1d2be0cfb452086d079d23)
1#!/bin/sh
2#
3#
4
5# PROVIDE: ipsec
6# REQUIRE: FILESYSTEMS
7# BEFORE:  DAEMON mountcritremote
8# KEYWORD: nojailvnet
9
10. /etc/rc.subr
11
12name="ipsec"
13desc="Internet Protocol Security protocol"
14rcvar="ipsec_enable"
15start_precmd="ipsec_prestart"
16start_cmd="ipsec_start"
17stop_precmd="test -f $ipsec_file"
18stop_cmd="ipsec_stop"
19reload_cmd="ipsec_reload"
20extra_commands="reload"
21ipsec_program="/sbin/setkey"
22required_modules="ipsec"
23# ipsec_file is set by rc.conf
24
25ipsec_prestart()
26{
27	if [ ! -f "$ipsec_file" ]; then
28		warn "$ipsec_file not readable; ipsec start aborted."
29		stop_boot
30		return 1
31	fi
32	return 0
33}
34
35ipsec_start()
36{
37	echo "Installing ipsec manual keys/policies."
38	${ipsec_program} -f $ipsec_file
39}
40
41ipsec_stop()
42{
43	echo "Clearing ipsec manual keys/policies."
44
45	# Still not 100% sure if we would like to do this.
46	# It is very questionable to do this during shutdown session
47	# since it can hang any of the remaining IPv4/v6 sessions.
48	#
49	${ipsec_program} -F
50	${ipsec_program} -FP
51}
52
53ipsec_reload()
54{
55	echo "Reloading ipsec manual keys/policies."
56	${ipsec_program} -f "$ipsec_file"
57}
58
59load_rc_config $name
60
61# doesn't make sense to run in a svcj: config setting
62ipsec_svcj="NO"
63
64run_rc_command "$1"
65