- GRAYBYTE UNDETECTABLE CODES -

403Webshell
Server IP : 184.154.167.98  /  Your IP : 3.147.60.193
Web Server : Apache
System : Linux pink.dnsnetservice.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64
User : puertode ( 1767)
PHP Version : 8.2.26
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/sbin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /usr/sbin/ipsec
#!/usr/bin/sh
# -*- mode: sh; sh-shell: sh -*-
#
# prefix command to run stuff from our programs directory
#
# Copyright (C) 1998-2002  Henry Spencer.
# Copyright (C) 2013-2018  Tuomo Soini <tis@foobar.fi>
# Copyright (C) 2013-2016  Paul Wouters <pwouters@redhat.com>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <https://www.gnu.org/licenses/gpl2.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#

test "${IPSEC_INIT_SCRIPT_DEBUG}" && set -v -x

# where the private directory and the config files are
IPSEC_CONF="${IPSEC_CONF:-/etc/ipsec.conf}"
IPSEC_EXECDIR="${IPSEC_EXECDIR:-/usr/libexec/ipsec}"
IPSEC_SBINDIR="${IPSEC_SBINDIR:-/usr/sbin}"
IPSEC_CONFDDIR="${IPSEC_CONFDDIR:-/etc/ipsec.d}"
IPSEC_RUNDIR="${IPSEC_RUNDIR:-/run/pluto}"
IPSEC_NSSDIR="${IPSEC_NSSDIR:-/etc/ipsec.d}"
IPSEC_NSSDIR_SQL="sql:${IPSEC_NSSDIR}"
IPSEC_NSSPW="${IPSEC_CONFDDIR}/nsspassword"
DBPW=""
CACERTDIR="${IPSEC_CONFDDIR}/cacerts"
CRLDIR="${IPSEC_CONFDDIR}/crls"
CTLSOCKET="${IPSEC_RUNDIR}/pluto.ctl"

export IPSEC_EXECDIR IPSEC_CONF IPSEC_RUNDIR CTLSOCKET

# standardize PATH, and export it for everything else's benefit
PATH="${IPSEC_SBINDIR}:${PATH#${IPSEC_SBINDIR}:}"
export PATH

# suppress ElectricFence banner changing our reference testing output
export EF_DISABLE_BANNER=1

# things not to be listed in --help command list
DONTMENTION='^(ipsec|_.*|.*\.old|.*\.orig|.*~)$'

# version numbering (details filled in by build)
export IPSEC_VERSION="4.12"

set_nss_db_trusts() {
    # has to handle a NSS nick with spaces
    certutil -L -d "${IPSEC_NSSDIR_SQL}" | \
	grep -E -v '(Trust Attributes|SSL,S/MIME,JAR/XPI|^)$' | \
	awk '{$NF=""; print $0}' | \
	while read -r cert
    do
	if certutil -L -d "${IPSEC_NSSDIR_SQL}" -n "${cert}" | \
	    grep -q 'Is a CA' && \
	    [ $(certutil -L -d "${IPSEC_NSSDIR_SQL}" -n "${cert}" | grep -i -A3 'ssl flags' | grep -i 'trusted' | wc -l) -ne 2 ]
	then
	    echo "correcting trust bits for ${cert}"
	    certutil -M -d "${IPSEC_NSSDIR_SQL}" -n "${cert}" -t 'CT,,'
	fi
    done
}

ipsec_usage() {
    echo "Usage: ipsec {command} [argument] ...>"
    echo "Use --help for a list of commands, or see the ipsec(8) manual page"
    echo "Most commands have their own manual pages, e.g. ipsec_auto(8)."
    echo "See <https://libreswan.org> for more general info."
    echo "Libreswan ${IPSEC_VERSION}"
    exit 2
}

ipsec_help() {
    echo "Usage: ipsec {command} [argument] ...>"
    echo "where {command} is one of:"
    echo ""
    GOTTWO=""
    for f in start stop restart status trafficstatus traffic globalstatus shuntstatus briefstatus showstates fips import initnss checknss checknflog \
	$(ls "${IPSEC_EXECDIR}" | grep -E -v -i "${DONTMENTION}"); do
	if [ -z "${GOTTWO}" ]; then
	    # first of two entries
	    GOTTWO="${f}"
	else
	    # second of two entries, we can print
	    printf "\t%s" "${GOTTWO}"
	    if [ "${#GOTTWO}" -ge 16 ]; then
		printf  "\t"
	    elif [ "${#GOTTWO}" -ge 8 ]; then
		printf "\t\t"
	    else
		printf "\t\t\t"
	    fi
	    printf "%s\n" "${f}"
	    GOTTWO=""
	fi
    done
    if [ -n "${GOTTWO}" ]; then
	# leftover entry
	printf "\t%s" "${GOTTWO}"
    fi
    echo
    echo "See also: man ipsec <command> or ipsec <command> --help"
    echo "See <https://libreswan.org/> for more general info."
    echo "Libreswan ${IPSEC_VERSION}"
    exit 2
}

# add nflog-all
nflog_nftables_add() {
    nft add table ip filter
    nft add chain ip filter ipsec-all-input "{ type filter hook input priority 0; policy accept; }"
    nft add chain ip filter ipsec-all-output "{ type filter hook output priority 0; policy accept; }"
    nft add rule ip filter ipsec-all-input meta ipsec exists log prefix "all-ipsec" group 50
    nft add rule ip filter ipsec-all-output rt ipsec exists log prefix "all-ipsec" group 50
}

nflog_nftables_delete() {
    nft delete chain ip filter ipsec-all-input
    nft delete chain ip filter ipsec-all-output
}

nflog_iptables_delete() {
    local GROUP=$1
    iptablese -D INPUT  -m policy --dir in  --pol ipsec -j NFLOG --nflog-group "${GROUP}" --nflog-prefix all-ipsec
    iptablese -D OUTPUT -m policy --dir out --pol ipsec -j NFLOG --nflog-group "${GROUP}" --nflog-prefix all-ipsec
}

ipsec_stopnflog() {
    NFGROUP=$(ASAN_OPTIONS=detect_leaks=0 "${IPSEC_EXECDIR}/addconn" --ctlsocket "${CTLSOCKET}" --configsetup | grep -v "#" | grep nflog | sed -e "s/^.*=//" -e "s/'//g");
    if [ -z "${NFGROUP}" ]; then
	exit 0
    fi
    firewall_cmd

    if [ "${FIREWALL}" = IPTABLES ]; then
        nflog_iptables_delete "${NFGROUP}"
    elif [ "${FIREWALL}" = NFTABLES ]; then
        nflog_nftables_delete
    else
        echo "unknown firewall comaand ${FIREWALL_CMD} and ${FIREWALL} expect ipables or nft"
        exit 1
    fi

    exit 0
}

checknflog_iptables() {
    if [ -n "${NFGROUP}" ]; then
	OLDNFGROUP=$(iptables -L -n | grep "all-ipsec nflog-group" | sed "s/^.* //" | tail -1);
	if [ -n "${OLDNFGROUP}" ]; then
	    if [ "${NFGROUP}" = "${OLDNFGROUP}" ]; then
		# nothing to do
		echo "nflog ipsec capture enabled on nflog:${NFGROUP}"
		exit 0
	    else
		# delete rules with old group number
		echo "deleting rules with old nflog group ${OLDNFGROUP}"
                nflog_iptables_delete "${OLDNFGROUP}"
	    fi
	fi
	# insert rules with current group number
	iptables -I INPUT  -m policy --dir in  --pol ipsec -j NFLOG --nflog-group ${NFGROUP} --nflog-prefix all-ipsec
	iptables -I OUTPUT -m policy --dir out --pol ipsec -j NFLOG --nflog-group ${NFGROUP} --nflog-prefix all-ipsec
	echo "nflog ipsec capture enabled on nflog:${NFGROUP}"
    else
	OLDNFGROUP=$(iptables -L -n | grep "all-ipsec nflog-group" | sed "s/^.* //" | tail -1);
	if [ -n "${OLDNFGROUP}" ]; then
	    echo "deleting rules with old nflog group ${OLDNFGROUP}"
        nflog_iptables_delete "${OLDNFGROUP}"
	fi
	echo "nflog ipsec capture disabled"
    fi
}

checknflog_nftables() {
    if [ -n "${NFGROUP}" ]; then
	f=$(nft list table ip filter 2>/dev/null | wc -l)
	if [ ${f} -gt 0 ]; then
	    f=$(nft list chain ip filter ipsec-all-input 2>/dev/null | wc -l)
	    if [ ${f} -gt 0 ]; then
		echo "found ipsec-all-input"
	    else
		nflog_nftables_add
	    fi
	else
	    nflog_nftables_add
	fi
    else
	nflog_nftables_delete
    fi

    # nft delete rule filter input handle 15
    # nft add rule ip filter ipsec-all-input meta ipsec exists ipsec in ip saddr 192.168.1.0/24 accept
    # nft -a list
    # nft -a list chain ip filter ipsec-all-output
    # nft delete chain ip filter ipsec-all-output
}

firewall_cmd() {
    HAVE_IPTABLES=true
    HAVE_NFTABLES=false

    if [ "${HAVE_NFTABLES}" = true ]; then
        FIREWALL=NFTABLES
    elif [ "${HAVE_IPTABLES}" = true ]; then
        FIREWALL=IPTABLES
    else
        FIREWALL=""
    fi
}

ipsec_checknflog() {
    NFGROUP=$(ASAN_OPTIONS=detect_leaks=0 "${IPSEC_EXECDIR}/addconn" --ctlsocket "${CTLSOCKET}" --configsetup | grep -v "#" | grep nflog| sed -e "s/^.*=//" -e "s/'//g");

    firewall_cmd

    if [ "${FIREWALL}" = IPTABLES ]; then
        checknflog_iptables
    elif [ "${FIREWALL}" = NFTABLES ]; then
        checknflog_nftables
    else
	FIREWALL=""
	echo "unknown firewall comaand ${FIREWALL} expect ipables or nft"
	exit 1
    fi

    exit 0
}

ipsec_sniff() {
    NFGROUP=$(ASAN_OPTIONS=detect_leaks=0 "${IPSEC_EXECDIR}/addconn" --ctlsocket "${CTLSOCKET}" --configsetup | grep -v "#" | grep nflog | sed -e "s/^.*=//" -e "s/'//g");
    tcpdump -n -i nflog:${NFGROUP}
    exit 0
}

ipsec_import() {
    if [ -z "${1}" ]; then
	echo "Usage: ipsec import [--nssdir ${IPSEC_NSSDIR}] /path/to/pkcs.12" >&2
	exit 1
    fi

    while [ ${#} -gt 0 ]; do
	case "${1}" in
	    --configdir)
		echo "ipsec import warning: --configdir is obsoleted, use --nssdir" >&2
		if [ -d "${2}" ]; then
		    IPSEC_NSSDIR="${2}"
		fi
		shift
		;;
	    -d|--nssdir)
		if [ -d "${2}" ]; then
		    IPSEC_NSSDIR="${2}"
		fi
		shift
		# A lot of nss commands use -d to specify NSS db location.
		# We use --nssdir.
		;;
	    *)
		if [ -f "${1}" ]; then
		    pkcs12bundle="${1}"
		else
		    echo "Usage: ipsec import [--nssdir ${IPSEC_NSSDIR}] /path/to/pkcs.12" >&2
		    exit 1
		fi
		;;
	esac
	shift
    done

    if [ -d "${IPSEC_NSSDIR}" -a -w "${IPSEC_NSSDIR}" ]; then
	if [ -f "${IPSEC_NSSDIR}/key4.db" -a \
	    -f "${IPSEC_NSSDIR}/cert9.db" ]
	then
	    IPSEC_NSSDIR_SQL="sql:${IPSEC_NSSDIR}"
	else
	    echo "ERROR: NSS database files are missing, import aborted." >&2
	    echo "Initialize database with command \"ipsec checknss\"." >&2
	    exit 1
	fi

	pk12util -i "${pkcs12bundle}" -d "${IPSEC_NSSDIR_SQL}"
	# check and correct trust bits
	set_nss_db_trusts
	exit 0
    else
	echo "ERROR: destination directory \"${IPSEC_NSSDIR}\" is missing or permission denied" >&2
	exit 1
    fi
}

ipsec_checknss() {
    local file
    while [ ${#} -gt 0 ]; do
	case "${1}" in
	    --checknss|checknss)
		cmd=checknss
		;;
	    --initnss|initnss)
		cmd=initnss
		;;
	    --settrusts)
	        set_trusts=yes
		;;
	    --configdir)
		echo "ipsec ${cmd} warning: --configdir is obsoleted, use --nssdir" >&2
		IPSEC_NSSDIR="${2}"
		shift
		;;
	    -d|--nssdir)
		# A lot of nss commands use -d to specify NSS db location.
		# We use --nssdir.
		IPSEC_NSSDIR="${2}"
		shift
		;;
	    *)
		echo "Usage: ipsec ${cmd} [--nssdir ${IPSEC_NSSDIR}]" >&2
		exit 1
		;;
	esac
	shift
    done

    if [ -d "${IPSEC_NSSDIR}" -a -w "${IPSEC_NSSDIR}" ]; then
	IPSEC_NSSDIR_SQL="sql:${IPSEC_NSSDIR}"
	# Handle nssdir default change from /etc/ipsec.d to /var/lib/ipsec/nss
	if [ "${IPSEC_CONFDDIR}" != "${IPSEC_NSSDIR}" -a \
	    "${cmd}" = "checknss" ]
	then
	    # Check for legacy nss db format in old location and give failure
	    # We can't handle two operations at same time.
	    if [ -f "${IPSEC_CONFDDIR}/cert8.db" -a \
		! -f "${IPSEC_CONFDDIR}/cert9.db" -a \
		! -f "${IPSEC_NSSDIR}/cert9.db" ]
	    then
		echo "Failure - we cannot handle both nss db format conversion and nss db move to new location in one run." >&2
		echo "Run \"ipsec checknss --nssdir ${IPSEC_CONFDDIR}\" manually first to convert db format" >&2
		exit 4
	    fi
	    for file in cert9.db key4.db pkcs11.txt; do
		if [ -f "${IPSEC_CONFDDIR}/${file}" -a \
		    ! -f "${IPSEC_NSSDIR}/${file}" ]
		then
		    if ! mv "${IPSEC_CONFDDIR}/${file}" \
			"${IPSEC_NSSDIR}/${file}"
		    then
			echo "Failed to mv ${IPSEC_CONFDDIR}/${file} ${IPSEC_NSSDIR}/${file}" >&2
			exit 4
		    fi
		fi
	    done
	fi
	# if we have old database
	if [ -f "${IPSEC_NSSDIR}/cert8.db" -o \
	    -f "${IPSEC_NSSDIR}/key3.db" -o \
	    -f "${IPSEC_NSSDIR}/secmod.db" ]
	then
	    if [ ! -f "${IPSEC_NSSDIR}/cert9.db" -o \
		! -f "${IPSEC_NSSDIR}/key4.db" ]; then
		IMPORTDBPW=""
		NSSTMP=$(mktemp -d /tmp/ipsec_nss_tmp.XXXXXXXXXX)
		if [ $? -gt 0 ]; then
		    echo "Failed to create temporary directory for NSS db migration" >&2
		    exit 4
		fi
		# save current umask
		umask=$(umask)
		# set safe umask
		umask 077
		echo "Migrating NSS db to ${IPSEC_NSSDIR_SQL}"
		# this section works around a few certutil quirks
		# to maintain the current password and merge keys
		certutil -N -d sql:"${NSSTMP}" --empty-password
		if [ $? -gt 0 ]; then
		    echo "Failed to initialize nss database sql:${NSSTMP}" >&2
		    exit 4
		fi
		if [ -f "${IPSEC_NSSPW}" ]; then
		    # Look for FIPS format of token:pw, or just the pw
		    grep -q ':' "${IPSEC_NSSPW}"
		    if [ $? -eq 0 ]; then
			cut -d':' -f2 "${IPSEC_NSSPW}" \
			    > "${NSSTMP}/nsspassword.txt"
			cut -d':' -f2 "${IPSEC_NSSPW}" \
			    >> "${NSSTMP}/nsspassword.txt"
		    else
			cat "${IPSEC_NSSPW}" > "${NSSTMP}/nsspassword.txt"
			cat "${IPSEC_NSSPW}" >> "${NSSTMP}/nsspassword.txt"
		    fi
		    # For the empty password prompt:
		    printf "\n\n" > "${NSSTMP}/nsspassword2.txt"
		    # Change blank pw to the current, and use
		    # for certutil --upgrade-merge
		    certutil -W -d sql:"${NSSTMP}" \
			-f "${NSSTMP}/nsspassword2.txt" \
			-@ "${NSSTMP}/nsspassword.txt"
		    DBPW="-f ${NSSTMP}/nsspassword.txt -@ ${NSSTMP}/nsspassword.txt"
		    IMPORTDBPW="-f ${NSSTMP}/nsspassword.txt"
		fi
		# restore umask
		umask ${umask}
		certutil --upgrade-merge --source-dir "${IPSEC_NSSDIR}" \
		    -d sql:"${NSSTMP}" --upgrade-id pluto ${DBPW}
		rc=$?
		if [ ${rc} -ne 0 ]; then
		    echo "NSS upgrade failed. You should run certutil --upgrade-merge manually against ${IPSEC_NSSDIR_SQL}"
		    exit ${rc}
		fi
		# import cacerts and crls
		if [ -d "${CACERTDIR}" ]; then
		    for file in "${CACERTDIR}"/*; do
			if [ -f "${file}" ]; then
			    filename=$(basename "${file}")
			    name=${filename%%.*}
			    certutil -A -i "${file}" -d sql:"${NSSTMP}" -n "${name}" -t 'CT,,' ${IMPORTDBPW}
			    [ $? -eq 0 ] || printf "%s\n" "${file}"
			fi
		    done
		fi
		if [ -d "${CRLDIR}" ]; then
		    for file in "${CRLDIR}"/*; do
			if [ -f "${file}" ]; then
			    crlutil -I -i "${file}" -d sql:"${NSSTMP}" -B ${IMPORTDBPW}
			    [ $? -eq 0 ] || printf "%s\n" "${file}"
			fi
		    done
		fi
		cp "${NSSTMP}"/*.db "${NSSTMP}"/*.txt "${IPSEC_NSSDIR}"
		rm -f "${NSSTMP}"/*.txt "${NSSTMP}"/*.db
		rmdir "${NSSTMP}"
		echo "NSS upgrade complete"
	    fi
	    exit 0
	fi	# old database
	if [ -f "${IPSEC_NSSDIR}/cert9.db" -o -f "${IPSEC_NSSDIR}/key4.db" ]; then
	    if [ "${cmd}" = "initnss" ]; then
		echo "NSS database already initialised - aborted"
		echo "To wipe the old NSS database, issue: rm ${IPSEC_NSSDIR}/*.db"
		exit 42
	    else
		if [ "${set_trusts}" = "yes" ]; then
		    set_nss_db_trusts
		fi
		exit 0
	    fi
	fi
	echo "Initializing NSS database"
	echo ""
	certutil -N -d "${IPSEC_NSSDIR_SQL}" --empty-password
	if [ $? -gt 0 ]; then
	    echo "Failed to initialize nss database ${IPSEC_NSSDIR_SQL}" >&2
	    exit 4
	fi
	restorecon="$(which restorecon 2>/dev/null)"
	if [ -n "${restorecon}" -a -x "${restorecon}" ]; then
	    "${restorecon}" -Rv "${IPSEC_NSSDIR}"
	fi
	exit 0
    else
	echo "ERROR: destination directory \"${IPSEC_NSSDIR}\" is missing or permission denied" >&2
	exit 1
    fi
}

# Check for no options at all and return usage.
if [ -z "${1}" ]; then
    ipsec_usage
fi

while [ ${#} -gt 0 ]; do
    case "${1}" in
	--rundir)
	    RUNDIR="${2}"
	    CTLSOCKET="${RUNDIR}/pluto.ctl"
	    export CTLSOCKET
	    shift;
	    shift;
	    ;;
	--ctlsocket)
	    CTLSOCKET="${2}"
	    export CTLSOCKET
	    shift;
	    shift;
	    ;;
	whack)
	    # Whack command is special because --ctlsocket is a whack cmdline option
	    # We need to make sure we don't give it twice
	    shift
	    if echo "${@}" | grep -q -- --ctlsocket; then
		exec "${IPSEC_EXECDIR}/whack" "${@}"
	    else
		exec "${IPSEC_EXECDIR}/whack" --ctlsocket "${CTLSOCKET}" "${@}"
	    fi
	    exit 0
	    ;;
	status|--status)
	    cmd="whack"
	    whackoption="--status"
	    shift
	    ;;
	trafficstatus|--trafficstatus|traffic)
	    cmd="whack"
	    whackoption="--trafficstatus"
	    shift
	    ;;
	fipsstatus|--fipsstatus|fips)
	    cmd="whack"
	    whackoption="--fipsstatus"
	    shift
	    ;;
	globalstatus|--globalstatus)
	    cmd="whack"
	    whackoption="--globalstatus"
	    shift
	    ;;
	shuntstatus|--shuntstatus)
	    cmd="whack"
	    whackoption="--shuntstatus"
	    shift
	    ;;
	briefstatus|--briefstatus)
	    cmd="whack"
	    whackoption="--briefstatus"
	    shift
	    ;;
	showstates|--showstates)
	    cmd="whack"
	    whackoption="--showstates"
	    shift
	    ;;
	start|--start)
	    cmd="setup"
	    setupoption="--start"
	    shift
	    ;;
	stop|--stop)
	    cmd="setup"
	    setupoption="--stop"
	    shift
	    ;;
	letsencrypt)
	    shift
	    exec "${IPSEC_EXECDIR}/letsencrypt" "${@}"
	    ;;
	restart|--restart)
	    cmd="setup"
	    setupoption="--restart"
	    shift
	    ;;
	help|--help)
	    # if cmd is unset, this is help for ipsec command
	    if [ -z "${cmd}" ]; then
		ipsec_help
	    fi
	    ;;
    	version|--version|--versioncode)
	    # some ubuntu/debian scripts use --versioncode, so let's keep the alias
	    echo "Libreswan ${IPSEC_VERSION}"
	    exit 0
	    ;;
	--directory)
	    printf "%s\n" "${IPSEC_EXECDIR}"
	    exit 0
	    ;;
	--stopnflog|stopnflog)
	    ipsec_stopnflog
	    ;;
	--checknflog|checknflog|nflog)
	    ipsec_checknflog
	    ;;
	sniff|--sniff)
	    ipsec_sniff
	    ;;
	import|--import)
	    shift
	    ipsec_import "${@}"
	    ;;
	checknss|--checknss|initnss|--initnss)
	    ipsec_checknss "${@}"
	    ;;
	secrets)
	    cmd="whack"
	    whackoption="--rereadsecrets"
	    shift
	    ;;
	rereadcrls|--rereadcrls)
	    echo "ipsec auto: --rereadcrls and /etc/ipsec.d/crls/ are obsoleted. did you mean: ipsec crls"
	    exit 1
	    ;;
	crls|fetchcrls)
	    cmd="whack"
	    whackoption="--fetchcrls"
	    shift
	    ;;
	unbound|--unbound)
	    # activate the unbound ipsec module
	    unbound-control set_option ipsecmod-enabled: yes
	    exit $?
	    ;;
	--*)
	    printf "%s: unknown option \"%s\" (perhaps command name was omitted?)\n" "${0}" "${1}" >&2
	    exit 1
	    ;;
	*)
	    cmd="${1}"
	    shift
	    if [ -x "${IPSEC_EXECDIR}/${cmd}" ]; then
		exec "${IPSEC_EXECDIR}/${cmd}" "${@}"
	    else
		printf "%s: unknown IPsec command \"%s\" (\"ipsec --help\" for list)\n" "${0}" "${cmd}" >&2
		exit 1
	    fi
	    ;;
    esac
done

case "${cmd}" in
    setup)
	exec "${IPSEC_EXECDIR}/setup" "${setupoption}"
	;;
    whack)
	exec "${IPSEC_EXECDIR}/whack" --ctlsocket "${CTLSOCKET}" "${whackoption}"
	;;
esac

Youez - 2016 - github.com/yon3zu
LinuXploit