If setkey(8) is used without ipsec.ko loaded beforehand,

its attempt to install SA/SPD into the kernel results in cryptic EINVAL error code. Let it be a bit more user-friendly and try to load ipsec.ko automatically if it is not loaded, just like ifconfig(8) does it for modules it needs. PR: 263379 MFC after: 2 weeks
2022-05-05 19:02:29 +07:00 · 2022-05-05 19:02:29 +07:00 · 0aef862845
commit 0aef862845
parent 9f580526e4
1 changed files with 15 additions and 0 deletions
--- a/sbin/setkey/setkey.c
+++ b/sbin/setkey/setkey.c
@ -34,6 +34,8 @@

 #include <sys/types.h>
 #include <sys/param.h>
+#include <sys/linker.h>
+#include <sys/module.h>
 #include <sys/socket.h>
 #include <sys/time.h>
 #include <err.h>
@ -67,6 +69,7 @@ void shortdump_hdr(void);
 void shortdump(struct sadb_msg *);
 static void printdate(void);
 static int32_t gmt2local(time_t);
+static int modload(const char *name);

 #define MODE_SCRIPT	1
 #define MODE_CMDDUMP	2
@ -102,6 +105,17 @@ usage(void)
 	exit(1);
 }

+static int
+modload(const char *name)
+{
+	if (modfind(name) < 0)
+		if (kldload(name) < 0 || modfind(name) < 0) {
+			warn("%s: module not found", name);
+			return 0;
+	}
+	return 1;
+}
+
 int
 main(int ac, char **av)
 {
@ -165,6 +179,7 @@ main(int ac, char **av)
 		}
 	}

+	modload("ipsec");
 	so = pfkey_open();
 	if (so < 0) {
 		perror("pfkey_open");