From owner-freebsd-isp@FreeBSD.ORG Mon Dec 12 22:54:55 2005 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2469C16A41F for ; Mon, 12 Dec 2005 22:54:55 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mail2.fluidhosting.com [204.14.90.12]) by mx1.FreeBSD.org (Postfix) with SMTP id 767D943D4C for ; Mon, 12 Dec 2005 22:54:54 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 23360 invoked by uid 399); 12 Dec 2005 22:54:53 -0000 Received: from localhost (HELO ?192.168.0.3?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 12 Dec 2005 22:54:53 -0000 Message-ID: <439DFFBB.7030002@FreeBSD.org> Date: Mon, 12 Dec 2005 14:54:51 -0800 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5 (X11/20051206) MIME-Version: 1.0 To: foobar <0xfcfb@gmx.net> References: <20051212135558.6FD6543D68@mx1.FreeBSD.org> In-Reply-To: <20051212135558.6FD6543D68@mx1.FreeBSD.org> Content-Type: multipart/mixed; boundary="------------000804080708060002030207" Cc: freebsd-isp@freebsd.org, vanhu@netasq.com Subject: Re: only reload racoon.conf? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Dec 2005 22:54:55 -0000 This is a multi-part message in MIME format. --------------000804080708060002030207 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit foobar wrote: > hy list, > > is there any possibility to RELOAD the racoon (ipsec-tools) configuration in > freebsd 5/6? > > in linux i can do "/etc/init.d/racoon reload" but freebsd seems only to > support a service restart. Adding this capability is easy in rc.d, I've added a suggested patch, and cc'ed the maintainer. Two things to note. First, I looked at the man page for racoon and it's not at all obvious to me how to get it to reload its conf file without restarting. IF it will do this by sending a 'kill -HUP ' to the pid of the racoon process, then all you have to do is add the extra_commands line to the file, and rc.subr will handle the rest. If there is some command invocation involved, I've included an example of how to make that work. The other thing to note is that rc.d scripts should never enable themselves by default. If someone can provide the information on how to get racoon to reread it's conf file, and the maintainer approves, I'll be glad to commit this update. Doug -- This .signature sanitized for your protection --------------000804080708060002030207 Content-Type: text/plain; name="racoon.sh.in.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="racoon.sh.in.diff" --- /usr/ports/security/ipsec-tools/files/racoon.sh.in Fri Dec 2 03:28:06 2005 +++ racoon.sh.in Mon Dec 12 14:52:49 2005 @@ -1,12 +1,11 @@ #!/bin/sh -# Start or stop racoon # $FreeBSD: ports/security/ipsec-tools/files/racoon.sh.in,v 1.1 2005/12/02 11:28:06 lawrance Exp $ # PROVIDE: racoon # REQUIRE: DAEMON # BEFORE: LOGIN -# KEYWORD: FreeBSD shutdown +# KEYWORD: shutdown # # NOTE for FreeBSD 5.0+: # If you want this script to start with the base rc scripts @@ -21,7 +20,7 @@ # # DO NOT CHANGE THESE DEFAULT VALUES HERE # -[ -z "$racoon_enable" ] && racoon_enable="YES" # Enable racoon +#racoon_enable="NO" # Enable racoon #racoon_program="${prefix}/sbin/racoon" # Location of racoon #racoon_flags="" # Flags to racoon program @@ -33,6 +32,14 @@ pidfile="/var/run/racoon.pid" required_files="${prefix}/etc/racoon/racoon.conf" stop_postcmd="racoon_poststop" +extra_commands=reload + +# This is only necessary if 'kill -HUP ' +# is not sufficient to reload the conf file +reload_cmd="${name}_reload" +racoon_reload () { + # Do something cool here that reloads racoon +} racoon_poststop() { /bin/rm -f ${pidfile} --------------000804080708060002030207--