#!/usr/bin/openrc-run
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

extra_commands="checkconfig"
extra_started_commands="reload"

: ${FWKNOPD_BINARY:=/usr/bin/fwknopd}
: ${FWKNOPD_CONFDIR:=/etc/fwknop}
: ${FWKNOPD_CONFIG:=${FWKNOPD_CONFDIR}/fwknopd.conf}
: ${FWKNOPD_PIDFILE:=/run/fwknop/${SVCNAME}.pid}

depend() {
	after iptables ip6tables ebtables firewall
	use logger
	if [ "${rc_need+set}" = "set" ]; then
		: # Do nothing, the user has explicitly set rc_need
	elif [ -f "${FWKNOPD_CONFIG}" ]; then
		local x warn_intf
		for x in $(awk '/^[[:blank:]]*PCAP_INTF/{ sub(";$", ""); print $2 }' "${FWKNOPD_CONFIG}" 2>/dev/null); do
			warn_intf="${warn_intf} ${x}"
		done
		if [ -n "${warn_intf}" ]; then
			need net
			ewarn "You are binding an interface in PCAP_INTF statement in your fwknopd.conf!"
			ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/${SVCNAME},"
			ewarn "where FOO is the following interface(s):"
			ewarn "${warn_intf}"
		else
			# If PCAP_INTF and PCAP_FILE are not set, then fwknopd uses eth0
			if ! grep -q '^[[:blank:]]*PCAP_FILE' "${FWKNOPD_CONFIG}"; then
				need net
				ewarn "You are not binding any interface in PCAP_INTF statement in your fwknopd.conf,"
				ewarn "neither you are providing PCAP_FILE option. Thus fwknopd will listen on eth0."
				ewarn "You must add rc_need=\"net.eth0\" to your /etc/conf.d/${SVCNAME}."
			fi
		fi
	fi
}

checkconfig() {
	if [ ! -e "${FWKNOPD_CONFDIR}"/fwknopd.conf ]; then
		eerror "You need ${FWKNOPD_CONFDIR}/fwknopd.conf file to run fwknopd"
		eerror "Example is located at /etc/fwknop/fwknopd.conf.example"
		return 1
	fi

	if [ ! -e "${FWKNOPD_CONFDIR}"/access.conf ]; then
		eerror "You need ${FWKNOPD_CONFDIR}/access.conf file to run fwknopd"
		eerror "Example is located at /etc/fwknop/access.conf.example"
		return 1
	fi

	[ "${FWKNOPD_PIDFILE}" != "/run/fwknop/${SVCNAME}.pid" ] \
		&& FWKNOPD_OPTS="${FWKNOPD_OPTS} --pid-file=${FWKNOPD_PIDFILE}"

	[ "${FWKNOPD_CONFDIR}" != "/etc/fwknop" ] \
		&& FWKNOPD_OPTS="${FWKNOPD_OPTS} \
			--config=${FWKNOPD_CONFDIR}/fwknopd.conf \
			--access-file=${FWKNOPD_CONFDIR}/access.conf"

	return 0
}

start() {
	checkconfig || return 1

	ebegin "Starting ${SVCNAME}"
	supervise-daemon fwknop --start \
		fwknopd -- ${FWKNOPD_OPTS} -f
	eend $?
}

stop() {
	if [ "${RC_CMD}" = "restart" ]; then
		checkconfig || return 1
	fi

	ebegin "Stopping ${SVCNAME}"
	supervise-daemon fwknop --stop
	eend $?
}

reload() {
	checkconfig || return 1

	ebegin "Reloading ${SVCNAME} configuration"
	supervise-daemon fwknop --signal HUP
	eend $?
}
