summaryrefslogtreecommitdiff
path: root/src/starter/netkey.c
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2007-04-12 20:30:08 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2007-04-12 20:30:08 +0000
commitb0d8ed94fe9e74afb49fdf5f11e4add29879c65c (patch)
treeb20167235628771046e940a82a906a6d0991ee4a /src/starter/netkey.c
parentea939d07c84d2a8e51215458063fc05e9c399290 (diff)
downloadvyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.tar.gz
vyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.zip
[svn-upgrade] Integrating new upstream version, strongswan (4.1.1)
Diffstat (limited to 'src/starter/netkey.c')
-rw-r--r--src/starter/netkey.c85
1 files changed, 85 insertions, 0 deletions
diff --git a/src/starter/netkey.c b/src/starter/netkey.c
new file mode 100644
index 000000000..d0b8e0a2c
--- /dev/null
+++ b/src/starter/netkey.c
@@ -0,0 +1,85 @@
+/* strongSwan netkey starter
+ * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: netkey.c,v 1.4 2006/02/15 18:33:57 as Exp $
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <stdlib.h>
+
+#include <freeswan.h>
+
+#include "../pluto/constants.h"
+#include "../pluto/defs.h"
+#include "../pluto/log.h"
+
+#include "files.h"
+
+bool
+starter_netkey_init(void)
+{
+ struct stat stb;
+
+ if (stat(PROC_NETKEY, &stb) != 0)
+ {
+ /* af_key module makes the netkey proc interface visible */
+ if (stat(PROC_MODULES, &stb) == 0)
+ {
+ system("modprobe -qv af_key");
+ }
+
+ /* now test again */
+ if (stat(PROC_NETKEY, &stb) != 0)
+ {
+ DBG(DBG_CONTROL,
+ DBG_log("kernel appears to lack the native netkey IPsec stack")
+ )
+ return FALSE;
+ }
+ }
+
+ /* make sure that all required IPsec modules are loaded */
+ if (stat(PROC_MODULES, &stb) == 0)
+ {
+ system("modprobe -qv ah4");
+ system("modprobe -qv esp4");
+ system("modprobe -qv ipcomp");
+ system("modprobe -qv xfrm4_tunnel");
+ system("modprobe -qv xfrm_user");
+ }
+
+ DBG(DBG_CONTROL,
+ DBG_log("Found netkey IPsec stack")
+ )
+ return TRUE;
+}
+
+void
+starter_netkey_cleanup(void)
+{
+ if (system("ip xfrm state > /dev/null 2>&1") == 0)
+ {
+ system("ip xfrm state flush");
+ system("ip xfrm policy flush");
+ }
+ else if (system("type setkey > /dev/null 2>&1") == 0)
+ {
+ system("setkey -F");
+ system("setkey -FP");
+ }
+ else
+ {
+ plog("WARNING: cannot flush IPsec state/policy database");
+ }
+}