]>
git.ipfire.org Git - thirdparty/strongswan.git/blob - src/starter/klips.c
1 /* strongSwan KLIPS starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 #include <sys/types.h>
20 #include <utils/debug.h>
24 bool starter_klips_init(void)
28 if (stat(PROC_KLIPS
, &stb
) != 0)
30 /* ipsec module makes the pf_key proc interface visible */
31 if (stat(PROC_MODULES
, &stb
) == 0)
33 ignore_result(system("modprobe -qv ipsec"));
37 if (stat(PROC_KLIPS
, &stb
) != 0)
39 DBG2(DBG_APP
, "kernel appears to lack the KLIPS IPsec stack");
44 /* load crypto algorithm modules */
45 ignore_result(system("modprobe -qv ipsec_aes"));
46 ignore_result(system("modprobe -qv ipsec_blowfish"));
47 ignore_result(system("modprobe -qv ipsec_sha2"));
49 DBG2(DBG_APP
, "found KLIPS IPsec stack");
53 void starter_klips_cleanup(void)
55 if (system("type eroute > /dev/null 2>&1") == 0)
57 ignore_result(system("spi --clear"));
58 ignore_result(system("eroute --clear"));
60 else if (system("type setkey > /dev/null 2>&1") == 0)
62 ignore_result(system("setkey -F"));
63 ignore_result(system("setkey -FP"));
67 DBG1(DBG_APP
, "WARNING: cannot flush IPsec state/policy database");