kernel: Disable TCP_SIGNATURE in preparation for removing IPSEC.

[dragonfly.git] / etc / rc.d / ipsec

#!/bin/sh
#
# $NetBSD: ipsec,v 1.7 2002/03/22 04:33:58 thorpej Exp $
# $FreeBSD: src/etc/rc.d/ipsec,v 1.5 2003/02/16 20:46:08 mtm Exp $
# $DragonFly: src/etc/rc.d/ipsec,v 1.5 2005/11/19 21:47:32 swildner Exp $
#

# PROVIDE: ipsec
# REQUIRE: root mountcritlocal tty
# BEFORE:  DAEMON

. /etc/rc.subr

name="ipsec"
rcvar=`set_rcvar`
start_precmd="ipsec_prestart"
start_cmd="ipsec_start"
stop_precmd="test -f /etc/ipsec.conf"
stop_cmd="ipsec_stop"
reload_cmd="ipsec_reload"
extra_commands="reload"
ipsec_program="/usr/sbin/setkey"
# ipsec_file is set by rc.conf

ipsec_prestart()
{
        if [ ! -f "$ipsec_file" ]; then
                warn "$ipsec_file not readable; ipsec start aborted."
                        #
                        # If booting directly to multiuser, send SIGTERM to
                        # the parent (/etc/rc) to abort the boot
                        #
                if [ "$autoboot" = yes ]; then
                        echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
                        kill -TERM $$
                        exit 1
                fi
                return 1
        fi
        return 0
}

ipsec_start()
{
        echo "Installing ipsec manual keys/policies."
        ${ipsec_program} -f $ipsec_file
}

ipsec_stop()
{
        echo "Clearing ipsec manual keys/policies."

        # still not 100% sure if we would like to do this.
        # it is very questionable to do this during shutdown session, since
        # it can hang any of remaining IPv4/v6 session.
        #
        ${ipsec_program} -F
        ${ipsec_program} -FP
}

ipsec_reload()
{
        echo "Reloading ipsec manual keys/policies."
        ${ipsec_program} -F
        ${ipsec_program} -FP
        ${ipsec_program} -f "$ipsec_file"
}

load_rc_config $name
run_rc_command "$1"