starter: Use kernel interfaces to flush SAD and SPD.
[strongswan.git] / src / starter / netkey.c
1 /* strongSwan netkey starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include <sys/types.h>
16 #include <sys/stat.h>
17 #include <stdlib.h>
18
19 #include <freeswan.h>
20 #include <hydra.h>
21
22 #include "../pluto/constants.h"
23 #include "../pluto/defs.h"
24 #include "../pluto/log.h"
25
26 #include "files.h"
27
28 bool
29 starter_netkey_init(void)
30 {
31 struct stat stb;
32
33 if (stat(PROC_NETKEY, &stb) != 0)
34 {
35 /* af_key module makes the netkey proc interface visible */
36 if (stat(PROC_MODULES, &stb) == 0)
37 {
38 ignore_result(system("modprobe -qv af_key"));
39 }
40
41 /* now test again */
42 if (stat(PROC_NETKEY, &stb) != 0)
43 {
44 DBG(DBG_CONTROL,
45 DBG_log("kernel appears to lack the native netkey IPsec stack")
46 )
47 return FALSE;
48 }
49 }
50
51 /* make sure that all required IPsec modules are loaded */
52 if (stat(PROC_MODULES, &stb) == 0)
53 {
54 ignore_result(system("modprobe -qv ah4"));
55 ignore_result(system("modprobe -qv esp4"));
56 ignore_result(system("modprobe -qv ipcomp"));
57 ignore_result(system("modprobe -qv xfrm4_tunnel"));
58 ignore_result(system("modprobe -qv xfrm_user"));
59 }
60
61 DBG(DBG_CONTROL,
62 DBG_log("Found netkey IPsec stack")
63 )
64 return TRUE;
65 }
66
67 void
68 starter_netkey_cleanup(void)
69 {
70 hydra->kernel_interface->flush_sas(hydra->kernel_interface);
71 hydra->kernel_interface->flush_policies(hydra->kernel_interface);
72 }