3 # Copyright (c) 2007, 2009 Javier Fernandez-Sanguino <jfs@debian.org>
5 # This is free software; you may redistribute it and/or modify
6 # it under the terms of the GNU General Public License as
7 # published by the Free Software Foundation; either version 2,
8 # or (at your option) any later version.
10 # This is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
15 # You should have received a copy of the GNU General Public License with
16 # the Debian operating system, in /usr/share/common-licenses/GPL; if
17 # not, write to the Free Software Foundation, Inc., 59 Temple Place,
18 # Suite 330, Boston, MA 02111-1307 USA
21 # Provides: openvswitch-ipsec
22 # Required-Start: $network $local_fs $remote_fs openvswitch-switch
23 # Required-Stop: $remote_fs
24 # Default-Start: 2 3 4 5
26 # Short-Description: Open vSwitch GRE-over-IPsec daemon
27 # Description: The ovs-monitor-ipsec script provides support for encrypting GRE
31 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
33 DAEMON=/usr/share/openvswitch/scripts/ovs-monitor-ipsec # Daemon's location
34 NAME=ovs-monitor-ipsec # Introduce the short server's name here
35 LOGDIR=/var/log/openvswitch # Log directory to use
37 PIDFILE=/var/run/openvswitch/$NAME.pid
39 test -x $DAEMON || exit 0
41 . /lib/lsb/init-functions
43 DODTIME=10 # Time to wait for the server to die, in seconds
44 # If this value is set too low you might not
45 # let some servers to die gracefully and
46 # 'restart' will not work
51 # Check if a given process pid's cmdline matches a given name
54 [ -z "$pid" ] && return 1
55 [ ! -d /proc/$pid ] && return 1
56 cmd=`cat /proc/$pid/cmdline | tr "\000" " "|cut -d " " -f 2`
57 # Is this the expected server
58 [ "$cmd" != "$name" ] && return 1
63 # Check if the process is running looking at /proc
64 # (works for all users)
66 # No pidfile, probably no daemon present
67 [ ! -f "$PIDFILE" ] && return 1
69 running_pid $pid $DAEMON || return 1
73 uninstall_mark_rule() {
74 iptables -D INPUT -t mangle $1 -j MARK --set-mark 1/1 || return 0
78 if ( ! iptables -C INPUT -t mangle $1 -j MARK --set-mark 1/1 2> /dev/null); then
79 iptables -A INPUT -t mangle $1 -j MARK --set-mark 1/1
84 if [ ! -d /var/run/openvswitch ]; then
85 install -d -m 755 -o root -g root /var/run/openvswitch
88 install_mark_rule "-p esp"
89 install_mark_rule "-p udp --dport 4500"
90 /usr/share/openvswitch/scripts/ovs-monitor-ipsec \
91 --pidfile=$PIDFILE --log-file --detach --monitor \
92 unix:/var/run/openvswitch/db.sock
98 if [ -e $PIDFILE ]; then
101 uninstall_mark_rule "-p esp"
102 uninstall_mark_rule "-p udp --dport 4500"
108 # Force the process to die killing it manually
109 [ ! -e "$PIDFILE" ] && return
118 echo "Cannot kill $NAME (pid=$pid)!"
129 log_daemon_msg "Starting $NAME"
130 # Check if it's running first
132 log_progress_msg "apparently already running"
136 if start_server && running ; then
137 # It's ok, the server started and is running
140 # Either we could not start it or it is not running
142 # NOTE: Some servers might die some time after they start,
143 # this code does not try to detect this and might give
144 # a false positive (use 'status' for that)
149 log_daemon_msg "Stopping $NAME"
151 # Only stop the server if we see it running
155 # If it's not running don't do anything
156 log_progress_msg "apparently not running"
162 # First try to stop gracefully the program
165 # If it's still running try to kill it more forcefully
166 log_daemon_msg "Stopping (force) $NAME"
171 restart|force-reload)
172 log_daemon_msg "Restarting $NAME"
174 # Wait some sensible amount, some server need this
175 [ -n "$DODTIME" ] && sleep $DODTIME
181 log_daemon_msg "Checking status of $NAME"
183 log_progress_msg "running"
186 log_progress_msg "apparently not running"
191 # Use this if the daemon cannot reload
193 log_warning_msg "Reloading $NAME daemon: not implemented, as the daemon"
194 log_warning_msg "cannot re-read the config file (use restart)."
197 N=/etc/init.d/openvswitch-ipsec
198 echo "Usage: $N {start|stop|force-stop|restart|force-reload|status}" >&2