Package: racoon Version: 1:0.7.3-15 Severity: normal We have forgotten to adapt the init script for proper cooperation with GNU/kFreeBSD. Presently the script test the presence of "/proc/net/pfkey", which is not implemented for GNU/kFreeBSD.
I include a difference file that produces a
functional startup in my system. Before judging
it as complete, it should also be tested (to deny
starting) on a GNU/kFreeBSD system where the kernel
lacks the configuration for IPsec. I have reasons
to believe that the present mechanism should be
sufficient, but it must be checked first.
The use of "set -e" forced me to use the construct
result=0
setkey -DP >/dev/null || result=$?
in order to capture the exit code.
Best regards,
Mats Erik Andersson, DM
--- /etc/init.d/racoon.orig 2011-02-05 14:19:37.000000000 +0100
+++ /etc/init.d/racoon 2011-02-16 20:59:30.000000000 +0100
@@ -54,13 +54,23 @@
return 0
}
-if ! check_kernel ; then
+if [ "$(uname -s)" = "Linux" ] && ! check_kernel ; then
echo "racoon - IKE keying daemon will not be started as $PROC_FILE is
not" 1>&2
echo " available or a suitable 2.6 (or 2.4 with IPSEC
backport)" 1>&2
echo " kernel with af_key.[k]o module is not installed." 1>&2
exit 0
fi
+if [ "$(uname -s)" = "GNU/kFreeBSD" ]; then
+ result=0
+ setkey -DP >/dev/null || result=$?
+ if [ $result -ne 0 ]; then
+ echo "racoon - IKE keying daemon will not be started as this
kFreeBSD kernel" 1>&2
+ echo "is not compiled with support for IPsec." 1>&2
+ exit 0;
+ fi
+fi
+
case $CONFIG_MODE in
racoon-tool)
# /usr/sbin/racoon-tool command complies with Debian Policy so just do this:
signature.asc
Description: Digital signature
