Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Jul 2002 00:33:02 -0700
From:      Mike Makonnen <makonnen@pacbell.net>
To:        Hajimu UMEMOTO <ume@mahoroba.org>
Cc:        gordon@FreeBSD.ORG, current@FreeBSD.ORG
Subject:   Re: location of setkey in /etc/rc.d/ipsec
Message-ID:  <20020729003302.67285f6d.makonnen@pacbell.net>
In-Reply-To: <yge1y9nlvw9.wl@lyrics.mahoroba.org>
References:  <yge1y9nlvw9.wl@lyrics.mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 29 Jul 2002 00:22:46 +0900
Hajimu UMEMOTO <ume@mahoroba.org> wrote:

> Hi,
> 
> I found that setup of IPsec doesn't work correctly if you are using
> /etc/rc.d/.  While NetBSD has setkey in /sbin, FreeBSD has it in
> /usr/sbin.  However, the location is hardcoded in /etc/rc.d/ipsec.
> Here is a patch.

Thanks for spotting this. I think the following patch might be better.

Cheers,
Mike.

Index: etc/rc.d/ipsec
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/ipsec,v
retrieving revision 1.2
diff -u -r1.2 ipsec
--- etc/rc.d/ipsec	13 Jun 2002 22:14:36 -0000	1.2
+++ etc/rc.d/ipsec	29 Jul 2002 07:29:26 -0000
@@ -24,6 +24,15 @@
 reload_cmd="ipsec_reload"
 extra_commands="reload"
 
+case `${CMD_OSTYPE}` in
+FreeBSD)
+	ipsec_program="/usr/sbin/setkey"
+	;;
+NetBSD)
+	ipsec_program="/sbin/setkey"
+	;;
+esac
+
 ipsec_prestart()
 {
 	if [ ! -f "$ipsec_file" ]; then
@@ -45,7 +54,7 @@
 ipsec_start()
 {
 	echo "Installing ipsec manual keys/policies."
-	/sbin/setkey -f $ipsec_file
+	${ipsec_program} -f $ipsec_file
 }
 
 ipsec_stop()
@@ -56,16 +65,16 @@
 	# it is very questionable to do this during shutdown session, since
 	# it can hang any of remaining IPv4/v6 session.
 	#
-	/sbin/setkey -F
-	/sbin/setkey -FP
+	${ipsec_program} -F
+	${ipsec_program} -FP
 }
 
 ipsec_reload()
 {
 	echo "Reloading ipsec manual keys/policies."
-	/sbin/setkey -F
-	/sbin/setkey -FP
-	/sbin/setkey -f "$ipsec_file"
+	${ipsec_program} -F
+	${ipsec_program} -FP
+	${ipsec_program} -f "$ipsec_file"
 }
 
 load_rc_config $name

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020729003302.67285f6d.makonnen>