blob: 9683fcd976c0eb6b89d116077bcb98ad6198fa56 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: ng_ipacct
# REQUIRE: LOGIN abi
# BEFORE: securelevel
# KEYWORD: shutdown
#
# Define these ng_ipacct_* variables in one of these files:
#
# /etc/rc.conf
# /etc/rc.conf.local
# /etc/rc.conf.d/ng_ipacct
# %%PREFIX%%/etc/ng_ipacct.conf
#
# Add the following line to enable `ng_ipacct':
#
#ng_ipacct_enable="YES"
#
# See %%PREFIX%%/etc/ng_ipacct.conf for futher reference.
. "%%RC_SUBR%%"
name="ng_ipacct"
rcvar=`set_rcvar`
# for debugging purpose you can append flag "-d" to these cmds
# or even use dumb stubs.
ngctl="/usr/sbin/ngctl"
ngctl_batch="/usr/sbin/ngctl -f-"
#ngctl_batch="cat"
ipacctctl="%%PREFIX%%/sbin/ipacctctl"
#ipacctctl="echo %%PREFIX%%/sbin/ipacctctl"
sed="/usr/bin/sed"
extra_commands="checkpoint"
start_cmd="start_cmd"
stop_cmd="stop_cmd"
checkpoint_cmd="checkpoint_cmd"
bool2int()
{
eval _value=\$${1}
case $_value in
# "yes", "true", "on", or "1"
[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
eval $1=1
;;
# "no", "false", "off", or "0"
[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
eval $1=0
;;
*)
echo "\$${1} is not set properly - see rc.conf(5)."
exit 1
;;
esac
}
start_cmd()
{
if checkyesno ng_ipacct_modules_load; then
debug "Load kld modules '${ng_ipacct_modules_list}'"
local module
for module in ${ng_ipacct_modules_list}; do
if ! /sbin/kldstat -n ${module} >/dev/null 2>&1; then
if ! /sbin/kldload ${module} >/dev/null; then
warn "can not load kld module ${module}"
fi
fi
done
fi
local iface
for iface in ${ng_ipacct_interfaces}; do
debug "start ng_ipacct interface ${iface}"
local dlt threshold verbose saveuid savetime start_script
eval dlt=\$ng_ipacct_${iface}_dlt
if [ -z "$dlt" ]; then
echo " you must define 'ng_ipacct_${iface}_dlt'"
exit 1
fi
eval start_script=\$ng_ipacct_${iface}_start
if [ -z "$start_script" ]; then
echo " you must define 'ng_ipacct_${iface}_start'"
exit 1
fi
eval threshold=\${ng_ipacct_${iface}_threshold:-"5000"}
eval verbose=\${ng_ipacct_${iface}_verbose:-"yes"}
bool2int verbose
eval saveuid=\${ng_ipacct_${iface}_saveuid:-"no"}
bool2int saveuid
eval savetime=\${ng_ipacct_${iface}_savetime:-"no"}
bool2int savetime
${sed} "s!%%iface%%!${iface}!g" <<-EOF | ${ngctl_batch}
$start_script
EOF
if ! ${ngctl} show ${iface}_ip_acct: >/dev/null 2>&1; then
warn "netgraph node '${iface}_ip_acct' did not created!"
else
${ipacctctl} ${iface}_ip_acct:${iface} dlt ${dlt}
${ipacctctl} ${iface}_ip_acct:${iface} threshold ${threshold}
${ipacctctl} ${iface}_ip_acct:${iface} verbose ${verbose}
${ipacctctl} ${iface}_ip_acct:${iface} saveuid ${saveuid}
${ipacctctl} ${iface}_ip_acct:${iface} savetime ${savetime}
eval afterstart_script=\$ng_ipacct_${iface}_afterstart_script
if [ -n "${afterstart_script}" ]; then
(set -T
trap 'exit 1' 2
${afterstart_script} ${iface})
fi
fi
done
}
checkpoint_cmd()
{
local iface
for iface in ${ng_ipacct_interfaces}; do
debug "checlpoint ng_ipacct interface ${iface}"
eval checkpoint_script=\$ng_ipacct_${iface}_checkpoint_script
if [ -n "${checkpoint_script}" ]; then
(set -T
trap 'exit 1' 2
${checkpoint_script})
fi
done
}
stop_cmd()
{
local iface
for iface in ${ng_ipacct_interfaces}; do
debug "stop ng_ipacct interface ${iface}"
local stop_script
eval stop_script=\$ng_ipacct_${iface}_stop
eval checkpoint_script=\$ng_ipacct_${iface}_checkpoint_script
if ${ngctl} show ${iface}_ip_acct: >/dev/null 2>&1; then
if [ -n "${checkpoint_script}" ]; then
(set -T
trap 'exit 1' 2
${checkpoint_script})
fi
${sed} "s!%%iface%%!${iface}!g" <<-EOF | ${ngctl_batch}
$stop_script
EOF
if ${ngctl} show ${iface}_ip_acct: >/dev/null 2>&1; then
warn "netgraph node '${iface}_ip_acct' did not destroyed!"
fi
fi
done
if checkyesno ng_ipacct_modules_load; then
debug "Unload kld module 'ng_ipacct'"
local module
for module in ng_ipacct; do
if /sbin/kldstat -n ${module} >/dev/null 2>&1; then
/sbin/kldunload ${module}
fi
done
fi
}
# read settings, set default values
if [ -f %%PREFIX%%/etc/${name}.conf ]; then
debug "Sourcing %%PREFIX%%/etc/${name}.conf"
. %%PREFIX%%/etc/${name}.conf
fi
load_rc_config $name
: ${ng_ipacct_enable="NO"}
: ${ng_ipacct_flags=""}
run_rc_command "$1"
|
