#!/bin/sh
PATH=/sbin:/usr/sbin:/bin:/usr/bin

cd /etc/sysconfig/network-scripts
. network-functions

IPSECADM=/usr/sbin/ipsecadm
IP=/sbin/ip

CONFIG=$1
[ -f "$CONFIG" ] || CONFIG="ifcfg-$1"
source_config

if [ -z "$TUNLOCAL" ]; then
 echo "missing TUNLOCAL" 
 exit 1
fi

if [ -z "$PHYSLOCAL" ]; then
 echo "missing PHYSLOCAL" 
 exit 1
fi

if [ -z "$PHYSREMOTE" ]; then
 echo "missing PHYSREMOTE"
 exit 1
fi

if [ -z "$SPI" ]; then
 echo "missing SPI"
 exit 1
fi

[ -x "$IPSECADM" ] || {
 echo "$IPSECADM does not exist or is not executable"
 echo "ifdown-ipsectun for $DEVICE exiting"
 logger -p daemon.info -t ifdown-ipsectun "$IPSECADM does not exist or is not executable for $DEVICE"
 exit 1
}
[ -x "$IP" ] || {
 echo "$IP does not exist or is not executable"
 echo "ifdown-ipsectun for $DEVICE exiting"
 logger -p daemon.info -t ifdown-ipsectun "$IP does not exist or is not executable for $DEVICE"
 exit 1
}

$IP link set dev $DEVICE down
$IP address del $TUNLOCAL dev $DEVICE
$IPSECADM tunnel del $DEVICE
$IPSECADM sa del --src=$PHYSLOCAL --dst=$PHYSREMOTE --spi=$SPI --duplex
exec /etc/sysconfig/network-scripts/ifdown-post "ifcfg-$DEVICE" "$2"
