xref: /freebsd/libexec/rc/rc.d/pflog (revision e9ac41698b2f322d55ccf9da50a3596edb2c1800) 
1#!/bin/sh
2#
3#
4
5# PROVIDE: pflog
6# REQUIRE: FILESYSTEMS netif
7# KEYWORD: nojailvnet
8
9. /etc/rc.subr
10
11name="pflog"
12desc="Packet filter logging interface"
13rcvar="pflog_enable"
14command="/sbin/pflogd"
15pidfile="/var/run/pflogd.pid"
16start_precmd="pflog_prestart"
17stop_postcmd="pflog_poststop"
18extra_commands="reload resync"
19
20# no svcj options needed
21: ${pflog_svcj_options:=""}
22
23# for backward compatibility
24resync_cmd="pflog_resync"
25
26pflog_prestart()
27{
28	load_kld pflog || return 1
29
30	# create pflog_dev interface if needed
31	if ! ifconfig $pflog_dev > /dev/null 2>&1; then
32		if ! ifconfig $pflog_dev create; then
33			warn "could not create $pflog_dev."
34			return 1
35		fi
36	fi
37
38	# set pflog_dev interface to up state
39	if ! ifconfig $pflog_dev up; then
40		warn "could not bring up $pflog_dev."
41		return 1
42	fi
43
44	# -p flag requires stripping pidfile's leading /var/run and trailing .pid
45	pidfile=$(echo $pidfile | sed -e 's|/var/run/||' -e 's|.pid$||')
46
47	# prepare the command line for pflogd
48	rc_flags="-p $pidfile -f $pflog_logfile -i $pflog_dev $rc_flags"
49
50	# report we're ready to run pflogd
51	return 0
52}
53
54pflog_poststop()
55{
56	if ! ifconfig $pflog_dev down; then
57		warn "could not bring down $pflog_dev."
58		return 1
59	fi
60
61	if [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then
62		rm $pidfile
63	fi
64
65	return 0
66}
67
68# for backward compatibility
69pflog_resync()
70{
71	run_rc_command reload
72}
73
74load_rc_config $name
75
76# precmd is not compatible with svcj
77pflog_svcj="NO"
78
79# Check if spawning multiple pflogd and told what to spawn
80if [ -n "$2" ]; then
81	# Set required variables
82	eval pflog_dev=\$pflog_${2}_dev
83	eval pflog_logfile=\$pflog_${2}_logfile
84	eval pflog_flags=\$pflog_${2}_flags
85	# Check that required vars have non-zero length, warn if not.
86	if [ -z $pflog_dev ]; then
87		warn "pflog_dev not set"
88		continue
89	fi
90	if [ -z $pflog_logfile ]; then
91		warn "pflog_logfile not set"
92		continue
93	fi
94
95	# Provide a unique pidfile name for pflogd -p <pidfile> flag
96	pidfile="/var/run/pflogd.$2.pid"
97
98	# Override service name and execute command
99	name=$pflog_dev
100	run_rc_command "$1"
101# Check if spawning multiple pflogd and not told what to spawn
102elif [ "$pflog_instances" ] && [ -n "$pflog_instances" ]; then
103	# Interate through requested instances.
104	for i in $pflog_instances; do
105		/etc/rc.d/pflog $1 $i
106	done
107else
108	# Typical case, spawn single instance only.
109	pflog_dev=${pflog_dev:-"pflog0"}
110	run_rc_command "$1"
111fi
112