325ce30bcc
IMPORTANT: this change has a docs/UPDATING entry! This patch performs an initial import of the infrastructure and a subset of the NetBSD set of rc startup and shutdown scripts. The "initial" refers to the fact that this is not yet a full switch to the NetBSD rc system: the MINIX ramdisk rc script, which (typically) runs as the first thing, is kept as is. After mounting the root file system, the ramdisk rc script will start the NetBSD rc infrastructure by invoking /etc/rc, however. The regular MINIX startup-and-shutdown script has been moved from /etc/rc to /etc/rc.minix, and is now invoked as part of the NetBSD rc infrastructure through a bridge rc script /etc/rc.d/minixrc. /etc/rc.minix invokes /usr/etc/rc as before. Switching over the ramdisk to the NetBSD system and decomposing the MINIX rc.minix script into smaller components are left to future work. Also, the current pkgsrc etc/rc.d auto-start functionality is left as is, even though it should be removed (see the etc/usr/rc comment). Change-Id: Ia96cae7c426e94b85c67978dc1307dacc4b09fc5
91 lines
1.5 KiB
Bash
Executable File
91 lines
1.5 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $NetBSD: ipsec,v 1.13 2013/09/12 19:52:50 christos Exp $
|
|
#
|
|
|
|
# PROVIDE: ipsec
|
|
# REQUIRE: root bootconf mountcritlocal tty
|
|
# BEFORE: DAEMON
|
|
|
|
$_rc_subr_loaded . /etc/rc.subr
|
|
|
|
name="ipsec"
|
|
rcvar=$name
|
|
start_precmd="ipsec_prestart"
|
|
start_cmd="ipsec_start"
|
|
stop_precmd="test -f /etc/ipsec.conf"
|
|
stop_cmd="ipsec_stop"
|
|
reload_cmd="ipsec_reload"
|
|
extra_commands="reload"
|
|
|
|
ipsec_prestart()
|
|
{
|
|
if [ ! -f /etc/ipsec.conf ]; then
|
|
warn "/etc/ipsec.conf not readable; ipsec start aborted."
|
|
|
|
stop_boot
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
ipsec_getip() {
|
|
ifconfig $1 | while read what address rest; do
|
|
case "$what" in
|
|
inet) echo "$address";;
|
|
esac
|
|
done
|
|
}
|
|
|
|
ipsec_load() {
|
|
if [ -z "$1" ]; then
|
|
/sbin/setkey -f /etc/ipsec.conf
|
|
else
|
|
sed -e "s/@LOCAL_ADDR@/$1/" < /etc/ipsec.conf | \
|
|
/sbin/setkey -f -
|
|
fi
|
|
}
|
|
|
|
ipsec_configure() {
|
|
while true; do
|
|
local addr="$(ipsec_getip "$ipsec_flags")"
|
|
case "$addr" in
|
|
'') sleep 1;;
|
|
"0.0.0.0") sleep 1;;
|
|
*) ipsec_load "$addr"; return;;
|
|
esac
|
|
done &
|
|
}
|
|
|
|
ipsec_start()
|
|
{
|
|
echo "Installing ipsec manual keys/policies."
|
|
if [ -n "$ipsec_flags" ]; then
|
|
ipsec_configure
|
|
else
|
|
ipsec_load
|
|
fi
|
|
}
|
|
|
|
ipsec_stop()
|
|
{
|
|
echo "Clearing ipsec manual keys/policies."
|
|
|
|
# still not 100% sure if we would like to do this.
|
|
# it is very questionable to do this during shutdown session, since
|
|
# it can hang any of remaining IPv4/v6 session.
|
|
#
|
|
/sbin/setkey -F
|
|
/sbin/setkey -FP
|
|
}
|
|
|
|
ipsec_reload()
|
|
{
|
|
echo "Reloading ipsec manual keys/policies."
|
|
ipsec_stop
|
|
ipsec_start
|
|
}
|
|
|
|
load_rc_config $name
|
|
run_rc_command "$1"
|