summaryrefslogtreecommitdiff
blob: dda1bf03156ed21060b0da890d39d3cd3f414fe2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/sbin/openrc-run
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

extra_commands="checkconfig"
extra_started_commands="reload"

: ${FWKNOPD_BINARY:=/usr/sbin/fwknopd}
: ${FWKNOPD_CONFDIR:=/etc/fwknop}
: ${FWKNOPD_CONFIG:=${FWKNOPD_CONFDIR}/fwknopd.conf}
: ${FWKNOPD_PIDFILE:=/run/fwknop/${SVCNAME}.pid}

depend() {
	after iptables ip6tables ebtables firewall
	use logger
	if [ "${rc_need+set}" = "set" ]; then
		: # Do nothing, the user has explicitly set rc_need
	elif [ -f "${FWKNOPD_CONFIG}" ]; then
		local x warn_intf
		for x in $(awk '/^[[:blank:]]*PCAP_INTF/{ sub(";$", ""); print $2 }' "${FWKNOPD_CONFIG}" 2>/dev/null); do
			warn_intf="${warn_intf} ${x}"
		done
		if [ -n "${warn_intf}" ]; then
			need net
			ewarn "You are binding an interface in PCAP_INTF statement in your fwknopd.conf!"
			ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/${SVCNAME},"
			ewarn "where FOO is the following interface(s):"
			ewarn "${warn_intf}"
		else
			# If PCAP_INTF and PCAP_FILE are not set, then fwknopd uses eth0
			if ! grep -q '^[[:blank:]]*PCAP_FILE' "${FWKNOPD_CONFIG}"; then
				need net
				ewarn "You are not binding any interface in PCAP_INTF statement in your fwknopd.conf,"
				ewarn "neither you are providing PCAP_FILE option. Thus fwknopd will listen on eth0."
				ewarn "You must add rc_need=\"net.eth0\" to your /etc/conf.d/${SVCNAME}."
			fi
		fi
	fi
}

checkconfig() {
	if [ ! -e "${FWKNOPD_CONFDIR}"/fwknopd.conf ]; then
		eerror "You need ${FWKNOPD_CONFDIR}/fwknopd.conf file to run fwknopd"
		eerror "Example is located at /etc/fwknop/fwknopd.conf.example"
		return 1
	fi

	if [ ! -e "${FWKNOPD_CONFDIR}"/access.conf ]; then
		eerror "You need ${FWKNOPD_CONFDIR}/access.conf file to run fwknopd"
		eerror "Example is located at /etc/fwknop/access.conf.example"
		return 1
	fi

	[ "${FWKNOPD_PIDFILE}" != "/run/fwknop/${SVCNAME}.pid" ] \
		&& FWKNOPD_OPTS="${FWKNOPD_OPTS} --pid-file=${FWKNOPD_PIDFILE}"

	[ "${FWKNOPD_CONFDIR}" != "/etc/fwknop" ] \
		&& FWKNOPD_OPTS="${FWKNOPD_OPTS} \
			--config=${FWKNOPD_CONFDIR}/fwknopd.conf \
			--access-file=${FWKNOPD_CONFDIR}/access.conf"

	return 0
}

start() {
	checkconfig || return 1

	ebegin "Starting ${SVCNAME}"
	start-stop-daemon --start \
		--exec ${FWKNOPD_BINARY} --pidfile ${FWKNOPD_PIDFILE} \
		-- ${FWKNOPD_OPTS}
	eend $?
}

stop() {
	if [ "${RC_CMD}" = "restart" ]; then
		checkconfig || return 1
	fi

	ebegin "Stopping ${SVCNAME}"
	start-stop-daemon --stop --pidfile ${FWKNOPD_PIDFILE}
	eend $?
}

reload() {
	checkconfig || return 1

	ebegin "Reloading ${SVCNAME} configuration"
	start-stop-daemon --signal HUP --pidfile ${FWKNOPD_PIDFILE}
	eend $?
}