(no commit message)
[strongswan.git] / src / starter / netkey.c
1 /* strongSwan netkey starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id: netkey.c,v 1.4 2006/02/15 18:33:57 as Exp $
15 */
16
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <stdlib.h>
20
21 #include <freeswan.h>
22
23 #include "../pluto/constants.h"
24 #include "../pluto/defs.h"
25 #include "../pluto/log.h"
26
27 #include "files.h"
28
29 bool
30 starter_netkey_init(void)
31 {
32 struct stat stb;
33
34 if (stat(PROC_NETKEY, &stb) != 0)
35 {
36 /* af_key module makes the netkey proc interface visible */
37 if (stat(PROC_MODULES, &stb) == 0)
38 {
39 system("modprobe -qv af_key");
40 }
41
42 /* now test again */
43 if (stat(PROC_NETKEY, &stb) != 0)
44 {
45 DBG(DBG_CONTROL,
46 DBG_log("kernel appears to lack the native netkey IPsec stack")
47 )
48 return FALSE;
49 }
50 }
51
52 /* make sure that all required IPsec modules are loaded */
53 if (stat(PROC_MODULES, &stb) == 0)
54 {
55 system("modprobe -qv ah4");
56 system("modprobe -qv esp4");
57 system("modprobe -qv ipcomp");
58 system("modprobe -qv xfrm4_tunnel");
59 system("modprobe -qv xfrm_user");
60 }
61
62 DBG(DBG_CONTROL,
63 DBG_log("Found netkey IPsec stack")
64 )
65 return TRUE;
66 }
67
68 void
69 starter_netkey_cleanup(void)
70 {
71 if (system("ip xfrm state > /dev/null 2>&1") == 0)
72 {
73 system("ip xfrm state flush");
74 system("ip xfrm policy flush");
75 }
76 else if (system("type setkey > /dev/null 2>&1") == 0)
77 {
78 system("setkey -F");
79 system("setkey -FP");
80 }
81 else
82 {
83 plog("WARNING: cannot flush IPsec state/policy database");
84 }
85 }