]>
git.ipfire.org Git - people/ms/strongswan.git/blob - programs/starter/klips.c
1 /* strongSwan KLIPS starter
2 * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * RCSID $Id: klips.c,v 1.8 2006/02/15 18:33:57 as Exp $
17 #include <sys/types.h>
24 #include "../pluto/constants.h"
25 #include "../pluto/defs.h"
26 #include "../pluto/log.h"
33 static int _klips_module_loaded
= 0;
36 starter_klips_init(void)
40 if (stat(PROC_IPSECVERSION
, &stb
) != 0)
42 if (stat(PROC_MODULES
, &stb
) == 0)
45 unsetenv("MODULECONF");
46 system("depmod -a >/dev/null 2>&1");
47 system("modprobe -qv ipsec");
49 if (stat(PROC_IPSECVERSION
, &stb
) == 0)
51 _klips_module_loaded
= 1;
56 DBG_log("kernel appears to lack KLIPS")
62 /* make sure that all available crypto algorithms are loaded */
63 if (stat(PROC_MODULES
, &stb
) == 0)
65 system("modprobe -qv ipsec_aes");
66 system("modprobe -qv ipsec_serpent");
67 system("modprobe -qv ipsec_twofish");
68 system("modprobe -qv ipsec_blowfish");
69 system("modprobe -qv ipsec_sha2");
72 starter_klips_clear();
75 DBG_log("Found KLIPS IPsec stack")
81 _sysflags (char *name
, int value
)
83 int res
= starter_exec("echo %d >%s/%s 2>/dev/null"
84 , value
? 1 : 0, PROC_SYSFLAGS
, name
);
87 plog("can't set sysflag %s to %d", name
, value
? 1 : 0);
91 starter_klips_set_config(starter_config_t
*cfg
)
95 _sysflags("icmp", cfg
->setup
.fragicmp
);
96 _sysflags("inbound_policy_check", 1);
97 /* _sysflags("no_eroute_pass", 0); */
98 /* _sysflags("opportunistic", 0); */
99 _sysflags("tos", cfg
->setup
.hidetos
);
101 starter_exec("%s/klipsdebug --none", IPSEC_EXECDIR
);
102 for (l
= cfg
->setup
.klipsdebug
; l
&& *l
; l
++)
104 if ((streq(*l
, "none")) || (streq(*l
, "all")))
105 starter_exec("%s/klipsdebug --%s", IPSEC_EXECDIR
, *l
);
107 starter_exec("%s/klipsdebug --set %s", IPSEC_EXECDIR
, *l
);
110 starter_exec("%s/eroute --del --eraf inet --src 0/0 --dst 0/0 2>/dev/null"
112 starter_exec("%s/eroute --label packetdefault --replace --eraf inet "
113 "--src 0/0 --dst 0/0 --said %%%s", IPSEC_EXECDIR
114 , cfg
->setup
.packetdefault
? cfg
->setup
.packetdefault
: "drop");
118 starter_klips_clear(void)
120 system(IPSEC_EXECDIR
"/eroute --clear");
121 system(IPSEC_EXECDIR
"/spi --clear");
122 system(IPSEC_EXECDIR
"/klipsdebug --none");
126 starter_klips_cleanup(void)
128 starter_klips_clear();
129 if (_klips_module_loaded
)
131 system("rmmod ipsec");
132 _klips_module_loaded
= 0;