starter.c files.h \
parser/parser.c parser/lexer.c parser/conf_parser.c parser/conf_parser.h \
args.c args.h confread.c confread.h keywords.c keywords.h cmp.c cmp.h \
-invokecharon.c invokecharon.h starterstroke.c starterstroke.h \
-netkey.c netkey.h klips.c klips.h
+invokecharon.c invokecharon.h starterstroke.c starterstroke.h
LOCAL_SRC_FILES := $(filter %.c,$(starter_SOURCES))
starter_SOURCES = \
starter.c files.h \
args.c args.h confread.c confread.h keywords.c keywords.h cmp.c cmp.h \
-invokecharon.c invokecharon.h starterstroke.c starterstroke.h \
-netkey.c netkey.h klips.c klips.h
+invokecharon.c invokecharon.h starterstroke.c starterstroke.h
# parser is also used by tests
noinst_LTLIBRARIES = libstarter.la
#ifndef _STARTER_FILES_H_
#define _STARTER_FILES_H_
-#define PROC_NETKEY "/proc/net/pfkey"
-#define PROC_KLIPS "/proc/net/pf_key"
-#define PROC_MODULES "/proc/modules"
-
#define CONFIG_FILE IPSEC_CONFDIR "/ipsec.conf"
#define SECRETS_FILE IPSEC_CONFDIR "/ipsec.secrets"
extern char *cmd;
extern char *pid_file;
-#define DYNIP_DIR IPSEC_PIDDIR "/dynip"
-
#endif /* _STARTER_FILES_H_ */
-
+++ /dev/null
-/* strongSwan KLIPS starter
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-
-#include <library.h>
-#include <utils/debug.h>
-
-#include "files.h"
-
-bool starter_klips_init(void)
-{
- struct stat stb;
-
- if (stat(PROC_KLIPS, &stb) != 0)
- {
- /* ipsec module makes the pf_key proc interface visible */
- if (stat(PROC_MODULES, &stb) == 0)
- {
- ignore_result(system("modprobe -qv ipsec"));
- }
-
- /* now test again */
- if (stat(PROC_KLIPS, &stb) != 0)
- {
- DBG2(DBG_APP, "kernel appears to lack the KLIPS IPsec stack");
- return FALSE;
- }
- }
-
- /* load crypto algorithm modules */
- ignore_result(system("modprobe -qv ipsec_aes"));
- ignore_result(system("modprobe -qv ipsec_blowfish"));
- ignore_result(system("modprobe -qv ipsec_sha2"));
-
- DBG2(DBG_APP, "found KLIPS IPsec stack");
- return TRUE;
-}
-
-void starter_klips_cleanup(void)
-{
- if (system("type eroute > /dev/null 2>&1") == 0)
- {
- ignore_result(system("spi --clear"));
- ignore_result(system("eroute --clear"));
- }
- else if (system("type setkey > /dev/null 2>&1") == 0)
- {
- ignore_result(system("setkey -F"));
- ignore_result(system("setkey -FP"));
- }
- else
- {
- DBG1(DBG_APP, "WARNING: cannot flush IPsec state/policy database");
- }
-}
-
+++ /dev/null
-/* strongSwan KLIPS initialization and cleanup
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef _STARTER_KLIPS_H_
-#define _STARTER_KLIPS_H_
-
-extern bool starter_klips_init (void);
-extern void starter_klips_cleanup (void);
-
-#endif /* _STARTER_KLIPS_H_ */
-
+++ /dev/null
-/* strongSwan netkey starter
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <stdlib.h>
-
-#include <library.h>
-#include <utils/debug.h>
-
-#include "files.h"
-
-bool starter_netkey_init(void)
-{
- struct stat stb;
-
- if (stat(PROC_NETKEY, &stb) != 0)
- {
- /* af_key module makes the netkey proc interface visible */
- if (stat(PROC_MODULES, &stb) == 0)
- {
- ignore_result(system("modprobe -qv af_key"));
- }
-
- /* now test again */
- if (stat(PROC_NETKEY, &stb) != 0)
- {
- DBG2(DBG_APP, "kernel appears to lack the native netkey IPsec stack");
- return FALSE;
- }
- }
-
- /* make sure that all required IPsec modules are loaded */
- if (stat(PROC_MODULES, &stb) == 0)
- {
- ignore_result(system("modprobe -qv ah4"));
- ignore_result(system("modprobe -qv esp4"));
- ignore_result(system("modprobe -qv ipcomp"));
- ignore_result(system("modprobe -qv xfrm4_tunnel"));
- ignore_result(system("modprobe -qv xfrm_user"));
- }
-
- DBG2(DBG_APP, "found netkey IPsec stack");
- return TRUE;
-}
+++ /dev/null
-/* strongSwan netkey initialization and cleanup
- * Copyright (C) 2001-2002 Mathieu Lafon - Arkoon Network Security
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef _STARTER_NETKEY_H_
-#define _STARTER_NETKEY_H_
-
-extern bool starter_netkey_init (void);
-
-#endif /* _STARTER_NETKEY_H_ */
-
#include "files.h"
#include "starterstroke.h"
#include "invokecharon.h"
-#include "netkey.h"
-#include "klips.h"
#include "cmp.h"
#ifndef LOG_AUTHPRIV
exit(LSB_RC_INVALID_ARGUMENT);
}
-#ifndef SKIP_KERNEL_IPSEC_MODPROBES
- /* determine if we have a native netkey IPsec stack */
- if (!starter_netkey_init())
- {
- DBG1(DBG_APP, "no netkey IPsec stack detected");
- if (!starter_klips_init())
- {
- DBG1(DBG_APP, "no KLIPS IPsec stack detected");
- DBG1(DBG_APP, "no known IPsec stack detected, ignoring!");
- }
- }
-#endif
-
last_reload = time_monotonic(NULL);
if (check_pid(starter_pid_file))