xref: /freebsd/libexec/rc/rc.d/pflog (revision e32fecd0c2c3ee37c47ee100f169e7eb0282a873)
1#!/bin/sh
2#
3# $FreeBSD$
4#
5
6# PROVIDE: pflog
7# REQUIRE: FILESYSTEMS netif
8# KEYWORD: nojailvnet
9
10. /etc/rc.subr
11
12name="pflog"
13desc="Packet filter logging interface"
14rcvar="pflog_enable"
15command="/sbin/pflogd"
16pidfile="/var/run/pflogd.pid"
17start_precmd="pflog_prestart"
18stop_postcmd="pflog_poststop"
19extra_commands="reload resync"
20
21# for backward compatibility
22resync_cmd="pflog_resync"
23
24pflog_prestart()
25{
26	load_kld pflog || return 1
27
28	# create pflog_dev interface if needed
29	if ! ifconfig $pflog_dev > /dev/null 2>&1; then
30		if ! ifconfig $pflog_dev create; then
31			warn "could not create $pflog_dev."
32			return 1
33		fi
34	fi
35
36	# set pflog_dev interface to up state
37	if ! ifconfig $pflog_dev up; then
38		warn "could not bring up $pflog_dev."
39		return 1
40	fi
41
42	# -p flag requires stripping pidfile's leading /var/run and trailing .pid
43	pidfile=$(echo $pidfile | sed -e 's|/var/run/||' -e 's|.pid$||')
44
45	# prepare the command line for pflogd
46	rc_flags="-p $pidfile -f $pflog_logfile -i $pflog_dev $rc_flags"
47
48	# report we're ready to run pflogd
49	return 0
50}
51
52pflog_poststop()
53{
54	if ! ifconfig $pflog_dev down; then
55		warn "could not bring down $pflog_dev."
56		return 1
57	fi
58
59	if [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then
60		rm $pidfile
61	fi
62
63	return 0
64}
65
66# for backward compatibility
67pflog_resync()
68{
69	run_rc_command reload
70}
71
72load_rc_config $name
73
74# Check if spawning multiple pflogd and told what to spawn
75if [ -n "$2" ]; then
76	# Set required variables
77	eval pflog_dev=\$pflog_${2}_dev
78	eval pflog_logfile=\$pflog_${2}_logfile
79	eval pflog_flags=\$pflog_${2}_flags
80	# Check that required vars have non-zero length, warn if not.
81	if [ -z $pflog_dev ]; then
82		warn "pflog_dev not set"
83		continue
84	fi
85	if [ -z $pflog_logfile ]; then
86		warn "pflog_logfile not set"
87		continue
88	fi
89
90	# Provide a unique pidfile name for pflogd -p <pidfile> flag
91	pidfile="/var/run/pflogd.$2.pid"
92
93	# Override service name and execute command
94	name=$pflog_dev
95	run_rc_command "$1"
96# Check if spawning multiple pflogd and not told what to spawn
97elif [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then
98	# Interate through requested instances.
99	for i in $pflog_instances; do
100		/etc/rc.d/pflog $1 $i
101	done
102else
103	# Typical case, spawn single instance only.
104	pflog_dev=${pflog_dev:-"pflog0"}
105	run_rc_command "$1"
106fi
107