conversion from 8 spaces to 4 spaces per tab
[strongswan.git] / src / starter / netkey.c
1 /* strongSwan netkey starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 *
14 * RCSID $Id$
15 */
16
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <stdlib.h>
20
21 #include <freeswan.h>
22
23 #include "../pluto/constants.h"
24 #include "../pluto/defs.h"
25 #include "../pluto/log.h"
26
27 #include "files.h"
28
29 bool
30 starter_netkey_init(void)
31 {
32 struct stat stb;
33
34 if (stat(PROC_NETKEY, &stb) != 0)
35 {
36 /* af_key module makes the netkey proc interface visible */
37 if (stat(PROC_MODULES, &stb) == 0)
38 {
39 ignore_result(system("modprobe -qv af_key"));
40 }
41
42 /* now test again */
43 if (stat(PROC_NETKEY, &stb) != 0)
44 {
45 DBG(DBG_CONTROL,
46 DBG_log("kernel appears to lack the native netkey IPsec stack")
47 )
48 return FALSE;
49 }
50 }
51
52 /* make sure that all required IPsec modules are loaded */
53 if (stat(PROC_MODULES, &stb) == 0)
54 {
55 ignore_result(system("modprobe -qv ah4"));
56 ignore_result(system("modprobe -qv esp4"));
57 ignore_result(system("modprobe -qv ipcomp"));
58 ignore_result(system("modprobe -qv xfrm4_tunnel"));
59 ignore_result(system("modprobe -qv xfrm_user"));
60 }
61
62 DBG(DBG_CONTROL,
63 DBG_log("Found netkey IPsec stack")
64 )
65 return TRUE;
66 }
67
68 void
69 starter_netkey_cleanup(void)
70 {
71 if (system("ip xfrm state > /dev/null 2>&1") == 0)
72 {
73 ignore_result(system("ip xfrm state flush"));
74 ignore_result(system("ip xfrm policy flush"));
75 }
76 else if (system("type setkey > /dev/null 2>&1") == 0)
77 {
78 ignore_result(system("setkey -F"));
79 ignore_result(system("setkey -FP"));
80 }
81 else
82 {
83 plog("WARNING: cannot flush IPsec state/policy database");
84 }
85 }