Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src add rc.d/ipsec for ipsec configuration. when enabled, it wi...
details: https://anonhg.NetBSD.org/src/rev/3da871657aed
branches: trunk
changeset: 487839:3da871657aed
user: itojun <itojun%NetBSD.org@localhost>
date: Tue Jun 13 16:29:53 2000 +0000
description:
add rc.d/ipsec for ipsec configuration. when enabled, it will inject
/etc/ipsec.conf into "setkey -f". PR 9609.
diffstat:
distrib/sets/lists/etc/mi | 3 +-
etc/changelist | 3 +-
etc/rc.conf | 3 +-
etc/rc.d/DAEMON | 4 +-
etc/rc.d/Makefile | 5 ++-
etc/rc.d/ipsec | 58 +++++++++++++++++++++++++++++++++++++++++++++++
etc/rc.d/sysctl | 4 +-
7 files changed, 71 insertions(+), 9 deletions(-)
diffs (162 lines):
diff -r 544afbcbfaa2 -r 3da871657aed distrib/sets/lists/etc/mi
--- a/distrib/sets/lists/etc/mi Tue Jun 13 15:53:03 2000 +0000
+++ b/distrib/sets/lists/etc/mi Tue Jun 13 16:29:53 2000 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.58 2000/06/07 01:31:39 thorpej Exp $
+# $NetBSD: mi,v 1.59 2000/06/13 16:29:55 itojun Exp $
./.cshrc
./.profile
./dev/MAKEDEV.local
@@ -84,6 +84,7 @@
./etc/rc.d/ipfilter
./etc/rc.d/ipmon
./etc/rc.d/ipnat
+./etc/rc.d/ipsec
./etc/rc.d/kerberos
./etc/rc.d/ldconfig
./etc/rc.d/lkm1
diff -r 544afbcbfaa2 -r 3da871657aed etc/changelist
--- a/etc/changelist Tue Jun 13 15:53:03 2000 +0000
+++ b/etc/changelist Tue Jun 13 16:29:53 2000 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: changelist,v 1.13 2000/05/22 04:14:30 itojun Exp $
+# $NetBSD: changelist,v 1.14 2000/06/13 16:29:53 itojun Exp $
# from: @(#)changelist 8.1 (Berkeley) 6/9/93
#
# List of files which the security script backs up and checks
@@ -47,6 +47,7 @@
/etc/inetd.conf
/etc/ipf.conf
/etc/ipnat.conf
+/etc/ipsec.conf
/etc/ld.so.conf
/etc/lkm.conf
/etc/login.conf
diff -r 544afbcbfaa2 -r 3da871657aed etc/rc.conf
--- a/etc/rc.conf Tue Jun 13 15:53:03 2000 +0000
+++ b/etc/rc.conf Tue Jun 13 16:29:53 2000 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: rc.conf,v 1.84 2000/06/09 00:08:02 fvdl Exp $
+# $NetBSD: rc.conf,v 1.85 2000/06/13 16:29:53 itojun Exp $
#
# see rc.conf(5) for more information.
@@ -58,6 +58,7 @@
# Networking startup
ipfilter=NO # uses /etc/ipf.conf
ipnat=NO # uses /etc/ipnat.conf
+ipsec=NO # uses /etc/ipsec.conf
ipmon=NO ipmon_flags="-sn" # syslog ipfilter messages
auto_ifconfig=YES # config all avail. interfaces
net_interfaces="" # used only if above is NO
diff -r 544afbcbfaa2 -r 3da871657aed etc/rc.d/DAEMON
--- a/etc/rc.d/DAEMON Tue Jun 13 15:53:03 2000 +0000
+++ b/etc/rc.d/DAEMON Tue Jun 13 16:29:53 2000 +0000
@@ -1,12 +1,12 @@
#!/bin/sh
#
-# $NetBSD: DAEMON,v 1.1 2000/03/13 04:03:52 lukem Exp $
+# $NetBSD: DAEMON,v 1.2 2000/06/13 16:29:54 itojun Exp $
#
# PROVIDE: DAEMON
# REQUIRE: named sysctl cleartmp ldconfig accounting amd virecover ypbind
# REQUIRE: ipnat ipmon savecore pwcheck quota databases network dmesg
-# REQUIRE: aftermountlkm nfslocking
+# REQUIRE: aftermountlkm nfslocking ipsec
# This is a dummy dependancy, to ensure that daemons are run
# _after_ the above are.
diff -r 544afbcbfaa2 -r 3da871657aed etc/rc.d/Makefile
--- a/etc/rc.d/Makefile Tue Jun 13 15:53:03 2000 +0000
+++ b/etc/rc.d/Makefile Tue Jun 13 16:29:53 2000 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.6 2000/06/02 22:54:11 fvdl Exp $
+# $NetBSD: Makefile,v 1.7 2000/06/13 16:29:54 itojun Exp $
FILES= DAEMON LOGIN SERVERS accounting amd apmd bootparams bootconf.sh ccd \
cleartmp cron dhclient dhcpd dhcrelay dmesg fsck.sh gated inetd \
- ipfilter ipmon ipnat kerberos ldconfig lkm1 lkm2 lkm3 local lpd mopd \
+ ipfilter ipmon ipnat ipsec kerberos ldconfig lkm1 lkm2 lkm3 local \
+ lpd mopd \
motd mountall mountcritlocal mountcritremote mountd mrouted named \
network nfsd nfslocking ntpd ntpdate rpcbind postfix ppp pwcheck quota \
raidframe rarpd rbootd root route6d routed rtadvd rtsold rwho savecore \
diff -r 544afbcbfaa2 -r 3da871657aed etc/rc.d/ipsec
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/etc/rc.d/ipsec Tue Jun 13 16:29:53 2000 +0000
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# $NetBSD: ipsec,v 1.1 2000/06/13 16:29:54 itojun Exp $
+#
+
+# PROVIDE: ipsec
+# REQUIRE: root beforenetlkm mountcritlocal tty
+
+# it does not really require beforenetlkm.
+
+. /etc/rc.subr
+
+name="ipsec"
+start_cmd="ipsec_start"
+stop_precmd="checkyesno ipsec && [ -f /etc/ipsec.conf ]"
+stop_cmd="ipsec_stop"
+reload_precmd="$stop_precmd"
+reload_cmd="ipsec_reload"
+extra_commands="reload"
+
+ipsec_start()
+{
+ if ! checkyesno ipsec; then
+ return 0
+ fi
+
+ # if /etc/ipsec.conf isn't readable, abort the boot rather
+ # than risk a security problem
+ #
+ if [ ! -f /etc/ipsec.conf ]; then
+ err 1 "/etc/ipsec.conf not readable; ipsec start aborted."
+ fi
+ echo "Installing ipsec manual keys/policies."
+ /sbin/setkey -f /etc/ipsec.conf
+}
+
+ipsec_stop()
+{
+ echo "Clearing ipesc manual keys/policies."
+
+ # still not 100% sure if we would like to do this.
+ # it is very questionable to do this during shutdown session, since
+ # it can hang any of remaining IPv4/v6 session.
+ #
+ /sbin/setkey -F
+ /sbin/setkey -FP
+}
+
+ipsec_reload()
+{
+ echo "Reloading ipsec manual keys/policies."
+ /sbin/setkey -F
+ /sbin/setkey -FP
+ /sbin/setkey -f /etc/ipsec.conf
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff -r 544afbcbfaa2 -r 3da871657aed etc/rc.d/sysctl
--- a/etc/rc.d/sysctl Tue Jun 13 15:53:03 2000 +0000
+++ b/etc/rc.d/sysctl Tue Jun 13 16:29:53 2000 +0000
@@ -1,10 +1,10 @@
#!/bin/sh
#
-# $NetBSD: sysctl,v 1.7 2000/05/13 08:45:09 lukem Exp $
+# $NetBSD: sysctl,v 1.8 2000/06/13 16:29:55 itojun Exp $
#
# PROVIDE: sysctl
-# REQUIRE: root ipnat
+# REQUIRE: root ipnat ipsec
. /etc/rc.subr
Home |
Main Index |
Thread Index |
Old Index