diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-04-12 20:30:08 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-04-12 20:30:08 +0000 |
commit | b0d8ed94fe9e74afb49fdf5f11e4add29879c65c (patch) | |
tree | b20167235628771046e940a82a906a6d0991ee4a /src/starter/netkey.c | |
parent | ea939d07c84d2a8e51215458063fc05e9c399290 (diff) | |
download | vyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.tar.gz vyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.1.1)
Diffstat (limited to 'src/starter/netkey.c')
-rw-r--r-- | src/starter/netkey.c | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/src/starter/netkey.c b/src/starter/netkey.c new file mode 100644 index 000000000..d0b8e0a2c --- /dev/null +++ b/src/starter/netkey.c @@ -0,0 +1,85 @@ +/* strongSwan netkey starter + * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + * + * RCSID $Id: netkey.c,v 1.4 2006/02/15 18:33:57 as Exp $ + */ + +#include <sys/types.h> +#include <sys/stat.h> +#include <stdlib.h> + +#include <freeswan.h> + +#include "../pluto/constants.h" +#include "../pluto/defs.h" +#include "../pluto/log.h" + +#include "files.h" + +bool +starter_netkey_init(void) +{ + struct stat stb; + + if (stat(PROC_NETKEY, &stb) != 0) + { + /* af_key module makes the netkey proc interface visible */ + if (stat(PROC_MODULES, &stb) == 0) + { + system("modprobe -qv af_key"); + } + + /* now test again */ + if (stat(PROC_NETKEY, &stb) != 0) + { + DBG(DBG_CONTROL, + DBG_log("kernel appears to lack the native netkey IPsec stack") + ) + return FALSE; + } + } + + /* make sure that all required IPsec modules are loaded */ + if (stat(PROC_MODULES, &stb) == 0) + { + system("modprobe -qv ah4"); + system("modprobe -qv esp4"); + system("modprobe -qv ipcomp"); + system("modprobe -qv xfrm4_tunnel"); + system("modprobe -qv xfrm_user"); + } + + DBG(DBG_CONTROL, + DBG_log("Found netkey IPsec stack") + ) + return TRUE; +} + +void +starter_netkey_cleanup(void) +{ + if (system("ip xfrm state > /dev/null 2>&1") == 0) + { + system("ip xfrm state flush"); + system("ip xfrm policy flush"); + } + else if (system("type setkey > /dev/null 2>&1") == 0) + { + system("setkey -F"); + system("setkey -FP"); + } + else + { + plog("WARNING: cannot flush IPsec state/policy database"); + } +} |