xref: /freebsd/libexec/rc/rc.d/ipsec (revision e8d8bef961a50d4dc22501cde4fb9fb0be1b2532)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: ipsec
7# REQUIRE: FILESYSTEMS
8# BEFORE:  DAEMON mountcritremote
9# KEYWORD: nojailvnet
10
11. /etc/rc.subr
12
13name="ipsec"
14desc="Internet Protocol Security protocol"
15rcvar="ipsec_enable"
16start_precmd="ipsec_prestart"
17start_cmd="ipsec_start"
18stop_precmd="test -f $ipsec_file"
19stop_cmd="ipsec_stop"
20reload_cmd="ipsec_reload"
21extra_commands="reload"
22ipsec_program="/sbin/setkey"
23required_modules="ipsec"
24# ipsec_file is set by rc.conf
25
26ipsec_prestart()
27{
28	if [ ! -f "$ipsec_file" ]; then
29		warn "$ipsec_file not readable; ipsec start aborted."
30		stop_boot
31		return 1
32	fi
33	return 0
34}
35
36ipsec_start()
37{
38	echo "Installing ipsec manual keys/policies."
39	${ipsec_program} -f $ipsec_file
40}
41
42ipsec_stop()
43{
44	echo "Clearing ipsec manual keys/policies."
45
46	# Still not 100% sure if we would like to do this.
47	# It is very questionable to do this during shutdown session
48	# since it can hang any of the remaining IPv4/v6 sessions.
49	#
50	${ipsec_program} -F
51	${ipsec_program} -FP
52}
53
54ipsec_reload()
55{
56	echo "Reloading ipsec manual keys/policies."
57	${ipsec_program} -f "$ipsec_file"
58}
59
60load_rc_config $name
61run_rc_command "$1"
62