From owner-freebsd-current  Mon Jul 29  0:27:55 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id C8C4937B400; Mon, 29 Jul 2002 00:27:51 -0700 (PDT)
Received: from mta7.pltn13.pbi.net (mta7.pltn13.pbi.net [64.164.98.8])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 68A2B43E65; Mon, 29 Jul 2002 00:27:51 -0700 (PDT)
	(envelope-from mtm@pacbell.net)
Received: from kokeb.ambesa.net ([64.173.9.202])
 by mta7.pltn13.pbi.net (iPlanet Messaging Server 5.1 (built May  7 2001))
 with ESMTP id <0H000020F22E8T@mta7.pltn13.pbi.net>; Mon,
 29 Jul 2002 00:27:51 -0700 (PDT)
Received: from kokeb.ambesa.net (crunch@localhost [IPv6:::1])
	by kokeb.ambesa.net (8.12.5/8.12.5) with ESMTP id g6T7X4nF020150; Mon,
 29 Jul 2002 00:33:04 -0700 (PDT envelope-from mtm@kokeb.ambesa.net)
Received: (from mtm@localhost)	by kokeb.ambesa.net (8.12.5/8.12.5/Submit)
 id g6T7X2gU020149; Mon, 29 Jul 2002 00:33:02 -0700 (PDT)
Date: Mon, 29 Jul 2002 00:33:02 -0700
From: Mike Makonnen <makonnen@pacbell.net>
Subject: Re: location of setkey in /etc/rc.d/ipsec
In-reply-to: <yge1y9nlvw9.wl@lyrics.mahoroba.org>
To: Hajimu UMEMOTO <ume@mahoroba.org>
Cc: gordon@FreeBSD.ORG, current@FreeBSD.ORG
Message-id: <20020729003302.67285f6d.makonnen@pacbell.net>
MIME-version: 1.0
X-Mailer: Sylpheed version 0.7.8 (GTK+ 1.2.10; i386-portbld-freebsd5.0)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
References: <yge1y9nlvw9.wl@lyrics.mahoroba.org>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Mon, 29 Jul 2002 00:22:46 +0900
Hajimu UMEMOTO <ume@mahoroba.org> wrote:

> Hi,
> 
> I found that setup of IPsec doesn't work correctly if you are using
> /etc/rc.d/.  While NetBSD has setkey in /sbin, FreeBSD has it in
> /usr/sbin.  However, the location is hardcoded in /etc/rc.d/ipsec.
> Here is a patch.

Thanks for spotting this. I think the following patch might be better.

Cheers,
Mike.

Index: etc/rc.d/ipsec
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/ipsec,v
retrieving revision 1.2
diff -u -r1.2 ipsec
--- etc/rc.d/ipsec	13 Jun 2002 22:14:36 -0000	1.2
+++ etc/rc.d/ipsec	29 Jul 2002 07:29:26 -0000
@@ -24,6 +24,15 @@
 reload_cmd="ipsec_reload"
 extra_commands="reload"
 
+case `${CMD_OSTYPE}` in
+FreeBSD)
+	ipsec_program="/usr/sbin/setkey"
+	;;
+NetBSD)
+	ipsec_program="/sbin/setkey"
+	;;
+esac
+
 ipsec_prestart()
 {
 	if [ ! -f "$ipsec_file" ]; then
@@ -45,7 +54,7 @@
 ipsec_start()
 {
 	echo "Installing ipsec manual keys/policies."
-	/sbin/setkey -f $ipsec_file
+	${ipsec_program} -f $ipsec_file
 }
 
 ipsec_stop()
@@ -56,16 +65,16 @@
 	# it is very questionable to do this during shutdown session, since
 	# it can hang any of remaining IPv4/v6 session.
 	#
-	/sbin/setkey -F
-	/sbin/setkey -FP
+	${ipsec_program} -F
+	${ipsec_program} -FP
 }
 
 ipsec_reload()
 {
 	echo "Reloading ipsec manual keys/policies."
-	/sbin/setkey -F
-	/sbin/setkey -FP
-	/sbin/setkey -f "$ipsec_file"
+	${ipsec_program} -F
+	${ipsec_program} -FP
+	${ipsec_program} -f "$ipsec_file"
 }
 
 load_rc_config $name

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message