#! /bin/sh
# Copyright (c) 2001-2002 SuSE GmbH Nuernberg, Germany.
#
# Author: Michal Ludvig <feedback@suse.de>, 2004
#
# /etc/init.d/ipsec-tools
# and its symbolic link
# /usr/sbin/rcipsec-tools
#
# System startup script for the IPsec key management daemon
#
### BEGIN INIT INFO
# Provides: racoon
# Required-Start: $remote_fs $named $syslog
# Required-Stop: $remote_fs $named $syslog
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Description: IPsec key management daemon
### END INIT INFO
SETKEY="IPsec policies"
SETKEY_BIN=/usr/sbin/setkey
SETKEY_CONF=/etc/racoon/setkey.conf
RACOON="IPsec IKE daemon (racoon)"
RACOON_BIN=/usr/sbin/racoon
RACOON_CONF=/etc/racoon/racoon.conf
RACOON_PIDFILE=/var/run/racoon.pid
test -x $SETKEY_BIN || exit 5
test -x $RACOON_BIN || exit 5
test -f /etc/sysconfig/racoon && . /etc/sysconfig/racoon
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v ditto but be verbose in local rc status
# rc_status -v -r ditto and clear the local rc status
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num><num>
# rc_reset clear local rc status (overall remains)
# rc_exit exit appropriate to overall rc status
. /etc/rc.status
# First reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signalling is not supported) are
# considered a success.
case "$1" in
start)
# Setting up SPD policies is not required.
if [ -f $SETKEY_CONF ]; then
echo -n "Setting up $SETKEY"
$SETKEY_BIN $SETKEY_OPTIONS -f $SETKEY_CONF
rc_status -v
rc_reset
fi
echo -n "Starting $RACOON "
## If there is no conf file, skip starting of ddtd
## and return with "program not configured"
if ! [ -f $RACOON_CONF ]; then
echo -e -n "... no configuration file found"
rc_status -s
# service is not configured
rc_failed 6
rc_exit
fi
# startproc should return 0, even if service is
# already running to match LSB spec.
startproc $RACOON_BIN $RACOON_OPTIONS -f $RACOON_CONF
rc_status -v
;;
stop)
echo -n "Shutting down $RACOON"
## Stop daemon with killproc(8) and if this fails
## set echo the echo return value.
killproc -p $RACOON_PIDFILE -TERM $RACOON_BIN
# Remember status and be verbose
rc_status -v
rc_reset
# Flush SPD policies if required
if [ -n "$SETKEY_FLUSH_OPTIONS" ]; then
echo -n "Flushing $SETKEY"
$SETKEY_BIN $SETKEY_FLUSH_OPTIONS
rc_status -v
fi
;;
try-restart)
## Stop the service and if this succeeds (i.e. the
## service was running before), start it again.
$0 stop && $0 start
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
force-reload)
## Signal the daemon to reload its config. Most daemons
## do this on signal 1 (SIGHUP).
## If it does not support it, restart.
echo -n "Reload service $RACOON"
killproc -p $RACOON_PIDFILE -HUP $RACOON_BIN
rc_status -v
;;
reload)
## Like force-reload, but if daemon does not support
## signalling, do nothing (!)
echo -n "Reload service $RACOON"
killproc -p $RACOON_PIDFILE -HUP $RACOON_BIN
rc_status -v
;;
status)
echo -n "Checking for $RACOON: "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Status has a slightly different for the status command:
# 0 - service running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running
checkproc -p $RACOON_PIDFILE $RACOON_BIN
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload,
## give out the argument which is required for a reload.
test "$RACOON_CONF" -nt "$RACOON_PIDFILE" && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit