#
### BEGIN INIT INFO
# Provides: openvswitch-ipsec
-# Required-Start: $network $local_fs $remote_fs
+# Required-Start: $network $local_fs $remote_fs openvswitch-switch
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Open vSwitch GRE-over-IPsec daemon
+# Description: The ovs-monitor-ipsec script provides support for encrypting GRE
+# tunnels with IPsec.
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
return 0
}
+uninstall_mark_rule() {
+ iptables -D INPUT -t mangle $1 -j MARK --set-mark 1/1 || return 0
+}
+
+install_mark_rule() {
+ if ( ! iptables -C INPUT -t mangle $1 -j MARK --set-mark 1/1 2> /dev/null); then
+ iptables -A INPUT -t mangle $1 -j MARK --set-mark 1/1
+ fi
+}
+
start_server() {
if [ ! -d /var/run/openvswitch ]; then
install -d -m 755 -o root -g root /var/run/openvswitch
fi
- PYTHONPATH=/usr/share/openvswitch/python \
- /usr/share/openvswitch/scripts/ovs-monitor-ipsec \
- --pidfile-name=$PIDFILE --detach --monitor \
+ install_mark_rule "-p esp"
+ install_mark_rule "-p udp --dport 4500"
+ /usr/share/openvswitch/scripts/ovs-monitor-ipsec \
+ --pidfile=$PIDFILE --log-file --detach --monitor \
unix:/var/run/openvswitch/db.sock
return 0
if [ -e $PIDFILE ]; then
kill `cat $PIDFILE`
fi
+ uninstall_mark_rule "-p esp"
+ uninstall_mark_rule "-p udp --dport 4500"
return 0
}