#include <sys/types.h>
#include <sys/stat.h>
#include <signal.h>
+
#include "setuid.h"
+#include "netutil.h"
/*
This module is responsible for start stop of the vpn system.
"/usr/sbin/ipsec down %s >/dev/null", name);
safe_system(command);
- // Reload the configuration into the daemon.
- safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+ // Reload the configuration into the daemon (#10339).
+ ipsec_reload();
// Bring the connection up again.
snprintf(command, STRING_SIZE - 1,
safe_system(command);
// Reload, so the connection is dropped.
- safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+ ipsec_reload();
+}
+
+void ipsec_reload() {
+ /* Re-read all configuration files and secrets and
+ * reload the daemon (#10339).
+ */
+ safe_system("/usr/sbin/ipsec rereadall >/dev/null 2>&1");
+ safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
}
int main(int argc, char *argv[]) {
}
if (strcmp(argv[1], "R") == 0) {
- safe_system("/usr/sbin/ipsec reload >/dev/null 2>&1");
+ ipsec_reload();
exit(0);
}
findkey(kv, "GREEN_DEV", if_green);
if (VALID_DEVICE(if_green))
enable_green++;
- else
- fprintf(stderr, "IPSec enabled on green but green interface is invalid or not found\n");
// Check if ORANGE is enabled.
findkey(kv, "ORANGE_DEV", if_orange);
if (VALID_DEVICE(if_orange))
enable_orange++;
- else
- fprintf(stderr, "IPSec enabled on orange but orange interface is invalid or not found\n");
// Check if BLUE is enabled.
findkey(kv, "BLUE_DEV", if_blue);
if (VALID_DEVICE(if_blue))
enable_blue++;
- else
- fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
freekeyvalues(kv);