only reload racoon.conf?

Doug Barton dougb at FreeBSD.org
Mon Dec 12 14:54:55 PST 2005 

foobar wrote:
> hy list,
> 
> is there any possibility to RELOAD the racoon (ipsec-tools) configuration in
> freebsd 5/6?
> 
> in linux i can do "/etc/init.d/racoon reload" but freebsd seems only to
> support a service restart.

Adding this capability is easy in rc.d, I've added a suggested patch, and 
cc'ed the maintainer.

Two things to note. First, I looked at the man page for racoon and it's not 
at all obvious to me how to get it to reload its conf file without 
restarting. IF it will do this by sending a 'kill -HUP <pid>' to the pid of 
the racoon process, then all you have to do is add the extra_commands line 
to the file, and rc.subr will handle the rest. If there is some command 
invocation involved, I've included an example of how to make that work.

The other thing to note is that rc.d scripts should never enable themselves 
by default. If someone can provide the information on how to get racoon to 
reread it's conf file, and the maintainer approves, I'll be glad to commit 
this update.

Doug

-- 

     This .signature sanitized for your protection

-------------- next part --------------
--- /usr/ports/security/ipsec-tools/files/racoon.sh.in	Fri Dec  2 03:28:06 2005
+++ racoon.sh.in	Mon Dec 12 14:52:49 2005
@@ -1,12 +1,11 @@
 #!/bin/sh
 
-# Start or stop racoon
 # $FreeBSD: ports/security/ipsec-tools/files/racoon.sh.in,v 1.1 2005/12/02 11:28:06 lawrance Exp $
 
 # PROVIDE: racoon
 # REQUIRE: DAEMON
 # BEFORE: LOGIN
-# KEYWORD: FreeBSD shutdown
+# KEYWORD: shutdown
 #
 # NOTE for FreeBSD 5.0+:
 # If you want this script to start with the base rc scripts
@@ -21,7 +20,7 @@
 #
 # DO NOT CHANGE THESE DEFAULT VALUES HERE
 #
-[ -z "$racoon_enable" ] && racoon_enable="YES"	# Enable racoon
+#racoon_enable="NO"				# Enable racoon
 #racoon_program="${prefix}/sbin/racoon"		# Location of racoon
 #racoon_flags=""				# Flags to racoon program
 
@@ -33,6 +32,14 @@
 pidfile="/var/run/racoon.pid"
 required_files="${prefix}/etc/racoon/racoon.conf"
 stop_postcmd="racoon_poststop"
+extra_commands=reload
+
+# This is only necessary if 'kill -HUP <pid of racoon process>'
+# is not sufficient to reload the conf file
+reload_cmd="${name}_reload"
+racoon_reload () {
+	# Do something cool here that reloads racoon
+}
 
 racoon_poststop() {
 	/bin/rm -f ${pidfile}

More information about the freebsd-isp mailing list