src/starter/klips.c

   1 /* strongSwan KLIPS starter
   2  * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
   3  *
   4  * This program is free software; you can redistribute it and/or modify it
   5  * under the terms of the GNU General Public License as published by the
   6  * Free Software Foundation; either version 2 of the License, or (at your
   7  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   8  *
   9  * This program is distributed in the hope that it will be useful, but
  10  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  11  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * for more details.
  13  */
  14
  15 #include <sys/types.h>
  16 #include <sys/stat.h>
  17 #include <stdlib.h>
  18
  19 #include <library.h>
  20 #include <utils/debug.h>
  21
  22 #include "files.h"
  23
  24 bool starter_klips_init(void)
  25 {
  26         struct stat stb;
  27
  28         if (stat(PROC_KLIPS, &stb) != 0)
  29         {
  30                 /* ipsec module makes the pf_key proc interface visible */
  31                 if (stat(PROC_MODULES, &stb) == 0)
  32                 {
  33                         ignore_result(system("modprobe -qv ipsec"));
  34                 }
  35
  36                 /* now test again */
  37                 if (stat(PROC_KLIPS, &stb) != 0)
  38                 {
  39                         DBG2(DBG_APP, "kernel appears to lack the KLIPS IPsec stack");
  40                         return FALSE;
  41                 }
  42         }
  43
  44         /* load crypto algorithm modules */
  45         ignore_result(system("modprobe -qv ipsec_aes"));
  46         ignore_result(system("modprobe -qv ipsec_blowfish"));
  47         ignore_result(system("modprobe -qv ipsec_sha2"));
  48
  49         DBG2(DBG_APP, "found KLIPS IPsec stack");
  50         return TRUE;
  51 }
  52
  53 void starter_klips_cleanup(void)
  54 {
  55         if (system("type eroute > /dev/null 2>&1") == 0)
  56         {
  57                 ignore_result(system("spi --clear"));
  58                 ignore_result(system("eroute --clear"));
  59         }
  60         else if (system("type setkey > /dev/null 2>&1") == 0)
  61         {
  62                 ignore_result(system("setkey -F"));
  63                 ignore_result(system("setkey -FP"));
  64         }
  65         else
  66         {
  67                 DBG1(DBG_APP, "WARNING: cannot flush IPsec state/policy database");
  68         }
  69 }
  70