'\" t
.\"     Title: _STACKMANAGER
.\"    Author: Paul Wouters
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 05/13/2020
.\"    Manual: Executable programs
.\"    Source: libreswan
.\"  Language: English
.\"
.TH "_STACKMANAGER" "8" "05/13/2020" "libreswan" "Executable programs"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
ipsec__stackmanager \- internal script to bring up kernel components for Libreswan
.SH "SYNOPSIS"
.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fI_stackmanager\ start\fR\ [\-\-netkey] 
.HP \w'\fBipsec\fR\ 'u
\fBipsec\fR \fI_stackmanager\ stop\fR
.SH "DESCRIPTION"
.PP
\fIipsec _stackmanager\fR
is called from within the init sub\-system (systemd, upstart, sysv initscripts) to bring up the Libreswan kernel component as configured via the
\fIprotostack=\fR
option in the
\fIipsec\&.conf\fR
configuration file\&.
.PP
This involves loading and optionally unloading of the required kernel modules\&. Because the Linux kernel cannot autodetect most crypto related drivers on\-demand, _stackmanager handles loading the hardware random number (RNG) device drivers, OpenBSD/FreeBSD Cryptographic Framework (OCF) drivers, CryptoAPI drivers, and the modules for the specific stack (Linux NETKEY/XFM or KLIPS/MAST)\&. Probing for OCF supported hardware is not supported \- those modules must be loaded by the system before the start of the Libreswan sub system\&.
.PP
When the \-\-netkey option is given to the start command, the netkey stack is loaded regardless of the existence or contents of the ipsec\&.conf file\&. This is used for docker tests where the host system, which might not have libreswan installed, needs to run _stackmanager from the source tree to load the modules on the host so the modules are available inside the containers\&.
.SH "SEE ALSO"
.PP
\fBip\fR(8),
\fBipsec_tncfg\fR(8),
\fBipsec.conf\fR(5),
\fBipsec_addconn\fR(8),
\fBpluto\fR(8)
.SH "HISTORY"
.PP
This script was introduced in Libreswan\&. On the older Openswan systems, this functionality was split over various script files such as ipsec _startnetkey, ipsec _startklips, ipsec _realsetup and ipsec setup\&. Man page written for the Libreswan project <\m[blue]\fBhttp://www\&.libreswan\&.org/\fR\m[]> by Paul Wouters\&.
.SH "AUTHOR"
.PP
\fBPaul Wouters\fR
.RS 4
placeholder to suppress warning
.RE