10696600cSBjoern A. Zeeb#!/bin/sh 20696600cSBjoern A. Zeeb# 30696600cSBjoern A. Zeeb# 40696600cSBjoern A. Zeeb 50696600cSBjoern A. Zeeb# PROVIDE: pflog 60696600cSBjoern A. Zeeb# REQUIRE: FILESYSTEMS netif 70696600cSBjoern A. Zeeb# KEYWORD: nojailvnet 80696600cSBjoern A. Zeeb 90696600cSBjoern A. Zeeb. /etc/rc.subr 100696600cSBjoern A. Zeeb 110696600cSBjoern A. Zeebname="pflog" 120696600cSBjoern A. Zeebdesc="Packet filter logging interface" 130696600cSBjoern A. Zeebrcvar="pflog_enable" 140696600cSBjoern A. Zeebcommand="/sbin/pflogd" 150696600cSBjoern A. Zeebpidfile="/var/run/pflogd.pid" 160696600cSBjoern A. Zeebstart_precmd="pflog_prestart" 170696600cSBjoern A. Zeebstop_postcmd="pflog_poststop" 180696600cSBjoern A. Zeebextra_commands="reload resync" 190696600cSBjoern A. Zeeb 20*f99f0ee1SAlexander Leidinger# no svcj options needed 21*f99f0ee1SAlexander Leidinger: ${pflog_svcj_options:=""} 22*f99f0ee1SAlexander Leidinger 230696600cSBjoern A. Zeeb# for backward compatibility 240696600cSBjoern A. Zeebresync_cmd="pflog_resync" 250696600cSBjoern A. Zeeb 260696600cSBjoern A. Zeebpflog_prestart() 270696600cSBjoern A. Zeeb{ 280696600cSBjoern A. Zeeb load_kld pflog || return 1 290696600cSBjoern A. Zeeb 300696600cSBjoern A. Zeeb # create pflog_dev interface if needed 310696600cSBjoern A. Zeeb if ! ifconfig $pflog_dev > /dev/null 2>&1; then 320696600cSBjoern A. Zeeb if ! ifconfig $pflog_dev create; then 330696600cSBjoern A. Zeeb warn "could not create $pflog_dev." 340696600cSBjoern A. Zeeb return 1 350696600cSBjoern A. Zeeb fi 360696600cSBjoern A. Zeeb fi 370696600cSBjoern A. Zeeb 380696600cSBjoern A. Zeeb # set pflog_dev interface to up state 390696600cSBjoern A. Zeeb if ! ifconfig $pflog_dev up; then 400696600cSBjoern A. Zeeb warn "could not bring up $pflog_dev." 410696600cSBjoern A. Zeeb return 1 420696600cSBjoern A. Zeeb fi 430696600cSBjoern A. Zeeb 440696600cSBjoern A. Zeeb # -p flag requires stripping pidfile's leading /var/run and trailing .pid 450696600cSBjoern A. Zeeb pidfile=$(echo $pidfile | sed -e 's|/var/run/||' -e 's|.pid$||') 460696600cSBjoern A. Zeeb 470696600cSBjoern A. Zeeb # prepare the command line for pflogd 480696600cSBjoern A. Zeeb rc_flags="-p $pidfile -f $pflog_logfile -i $pflog_dev $rc_flags" 490696600cSBjoern A. Zeeb 500696600cSBjoern A. Zeeb # report we're ready to run pflogd 510696600cSBjoern A. Zeeb return 0 520696600cSBjoern A. Zeeb} 530696600cSBjoern A. Zeeb 540696600cSBjoern A. Zeebpflog_poststop() 550696600cSBjoern A. Zeeb{ 560696600cSBjoern A. Zeeb if ! ifconfig $pflog_dev down; then 570696600cSBjoern A. Zeeb warn "could not bring down $pflog_dev." 580696600cSBjoern A. Zeeb return 1 590696600cSBjoern A. Zeeb fi 600696600cSBjoern A. Zeeb 610696600cSBjoern A. Zeeb if [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then 620696600cSBjoern A. Zeeb rm $pidfile 630696600cSBjoern A. Zeeb fi 640696600cSBjoern A. Zeeb 650696600cSBjoern A. Zeeb return 0 660696600cSBjoern A. Zeeb} 670696600cSBjoern A. Zeeb 680696600cSBjoern A. Zeeb# for backward compatibility 690696600cSBjoern A. Zeebpflog_resync() 700696600cSBjoern A. Zeeb{ 710696600cSBjoern A. Zeeb run_rc_command reload 720696600cSBjoern A. Zeeb} 730696600cSBjoern A. Zeeb 740696600cSBjoern A. Zeebload_rc_config $name 750696600cSBjoern A. Zeeb 76*f99f0ee1SAlexander Leidinger# precmd is not compatible with svcj 77*f99f0ee1SAlexander Leidingerpflog_svcj="NO" 78*f99f0ee1SAlexander Leidinger 790696600cSBjoern A. Zeeb# Check if spawning multiple pflogd and told what to spawn 800696600cSBjoern A. Zeebif [ -n "$2" ]; then 810696600cSBjoern A. Zeeb # Set required variables 820696600cSBjoern A. Zeeb eval pflog_dev=\$pflog_${2}_dev 830696600cSBjoern A. Zeeb eval pflog_logfile=\$pflog_${2}_logfile 840696600cSBjoern A. Zeeb eval pflog_flags=\$pflog_${2}_flags 850696600cSBjoern A. Zeeb # Check that required vars have non-zero length, warn if not. 860696600cSBjoern A. Zeeb if [ -z $pflog_dev ]; then 870696600cSBjoern A. Zeeb warn "pflog_dev not set" 880696600cSBjoern A. Zeeb continue 890696600cSBjoern A. Zeeb fi 900696600cSBjoern A. Zeeb if [ -z $pflog_logfile ]; then 910696600cSBjoern A. Zeeb warn "pflog_logfile not set" 920696600cSBjoern A. Zeeb continue 930696600cSBjoern A. Zeeb fi 940696600cSBjoern A. Zeeb 950696600cSBjoern A. Zeeb # Provide a unique pidfile name for pflogd -p <pidfile> flag 960696600cSBjoern A. Zeeb pidfile="/var/run/pflogd.$2.pid" 970696600cSBjoern A. Zeeb 980696600cSBjoern A. Zeeb # Override service name and execute command 990696600cSBjoern A. Zeeb name=$pflog_dev 1000696600cSBjoern A. Zeeb run_rc_command "$1" 1010696600cSBjoern A. Zeeb# Check if spawning multiple pflogd and not told what to spawn 1020696600cSBjoern A. Zeebelif [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then 1030696600cSBjoern A. Zeeb # Interate through requested instances. 1040696600cSBjoern A. Zeeb for i in $pflog_instances; do 1050696600cSBjoern A. Zeeb /etc/rc.d/pflog $1 $i 1060696600cSBjoern A. Zeeb done 1070696600cSBjoern A. Zeebelse 1080696600cSBjoern A. Zeeb # Typical case, spawn single instance only. 1090696600cSBjoern A. Zeeb pflog_dev=${pflog_dev:-"pflog0"} 1100696600cSBjoern A. Zeeb run_rc_command "$1" 1110696600cSBjoern A. Zeebfi 112