Date: Sat, 11 Feb 2012 11:32:57 -0800 From: Josh Paetzel <jpaetzel@freebsd.org> To: Jilles Tjoelker <jilles@stack.nl> Cc: freebsd-rc@freebsd.org Subject: Re: Fwd: Commit approval requested Message-ID: <4F36C269.9060201@freebsd.org> In-Reply-To: <20110701205529.GA93981@stack.nl> References: <4E0E1CFA.1080904@freebsd.org> <20110701205529.GA93981@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------030106020900080405000307
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
On 07/01/2011 13:55, Jilles Tjoelker wrote:
> On Fri, Jul 01, 2011 at 02:16:10PM -0500, Josh Paezel wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>
>> This patch is in production at an organization which uses both single
>> and multiple pflog devices on a range of devices. (eg: it doesn't break
>> current configurations)
>
>> It allows multiple pflog devices as well as multiple ftp-proxy instances.
>
>> The patch was submitted as a PR conf/158181
>
>> I've applied the patch to a HEAD svn co and regenerated the patch with
>> svn diff from that.
>
> Comments are inline. Note that I have not tested the patch nor any
> proposed changes.
>
I have applied the changes suggested and am pinging the submitter to
give it a try, just mailing it here for a review as well to catch any
glaring issues I've caused or missed.
--
Thanks,
Josh Paetzel
FreeBSD -- The power to serve
--------------030106020900080405000307
Content-Type: text/plain;
name="pflog.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="pflog.txt"
Index: share/man/man5/rc.conf.5
===================================================================
--- share/man/man5/rc.conf.5 (revision 231526)
+++ share/man/man5/rc.conf.5 (working copy)
@@ -880,6 +880,33 @@
This variable contains additional flags passed to the
.Xr pflogd 8
program.
+.It Va pflog_instances
+.Pq Vt str
+If logging to more than one
+.Xr pflog 4
+interface is desired,
+.Va pflog_instances
+is set to the list of
+.Xr pflogd 8
+instances that should be started at system boot time. If
+.Va pflog_instances
+is set, for each whitespace-separated
+.Ar element
+in the list,
+.Ao Ar element Ac Ns Va _dev
+and
+.Ao Ar element Ac Ns Va _logfile
+elements are assumed to exist.
+.Ao Ar element Ac Ns Va _dev
+must contain the
+.Xr pflog 4
+interface to be watched by the named
+.Xr pflogd 8
+instance.
+.Ao Ar element Ac Ns Va _logfile
+must contain the name of the logfile that will be used by the
+.Xr pflogd 8
+instance.
.It Va ftpproxy_enable
.Pq Vt bool
Set to
@@ -898,6 +925,19 @@
This variable contains additional flags passed to the
.Xr ftp-proxy 8
program.
+.It Va ftpproxy_instances
+.Pq Vt str
+Empty by default. If multiple instances of
+.Xr ftp-proxy 8
+are desired at boot time,
+.Va ftpproxy_instances
+should contain a whitespace-seperated list of instance names. For each
+.Ar element
+in the list, a variable named
+.Ao Ar element Ac Ns Va _flags
+should be defined, containing the command-line flags to be passed to the
+.Xr ftp-proxy 8
+instance.
.It Va pfsync_enable
.Pq Vt bool
Set to
Index: etc/rc.d/ftp-proxy
===================================================================
--- etc/rc.d/ftp-proxy (revision 231526)
+++ etc/rc.d/ftp-proxy (working copy)
@@ -12,6 +12,66 @@
name="ftpproxy"
rcvar="ftpproxy_enable"
command="/usr/sbin/ftp-proxy"
+start_postcmd="ftp_proxy_poststart"
+stop_postcmd="ftp_proxy_poststop"
load_rc_config $name
-run_rc_command "$1"
+
+ftp_proxy_poststart() {
+ local ps_pid
+ cmd_string=${procname:-${command}}
+ cmd_string=${cmd_string##*/}
+ eval flag_string=\"\$${name}_flags\"
+ # Determine the pid.
+ ps_pid=$(pgrep -f "$cmd_string.*$flag_string")
+ # Write the pidfile depending on $pidfile status.
+ echo $ps_pid > ${pidfile:-"/var/run/$name.pid"}
+}
+
+ftp_proxy_poststop() {
+ rm ${pidfile:-"/var/run/$name.pid"}
+}
+
+# Allow ftp-proxy to start up in two different ways. The typical behavior
+# is to start up one instance of ftp-proxy by setting ftpproxy_enable and
+# ftpproxy_flags. The alternate behavior allows multiple instances of ftp-
+# proxy to be started, allowing different types of proxy behavior. To use the
+# new behavior, a list of instances must be defined, and a list of flags for
+# each instance. For example, if we want to start two instances of ftp-proxy,
+# foo and bar, we would set the following vars.
+# ftpproxy_enable="YES"
+# ftpproxy_instances="foo bar"
+# ftpproxy_foo="<arguments for foo>"
+# ftpproxy_bar="<arguments for bar>"
+#
+# Starting more than one ftp-proxy?
+if [ -n "${ftpproxy_instances}" ]; then
+ # Iterate through instance list.
+ for i in $ftpproxy_instances; do
+ # Set flags for this instance.
+ eval ftpproxy_flags=\$ftpproxy_${i}
+ # Define a unique pid file name.
+ pidfile="/var/run/ftp-proxy.$i.pid"
+ run_rc_command "$1"
+ ftp_proxy_poststart
+ done
+else
+ # Traditional single-instance behavior
+ run_rc_command "$1"
+fi
+
+# Stopping more than one ftp-proxy?
+if [ -n "${ftpproxy_instances}" ]; then
+ # Iterate through instance list.
+ for i in $ftpproxy_instances; do
+ # Set flags for this instance.
+ eval ftpproxy_flags=\$ftpproxy_${i}
+ # Define a unique pid file name.
+ pidfile="/var/run/ftp-proxy.$i.pid"
+ run_rc_command "$1"
+ ftp_proxy_poststop
+ done
+else
+ # Traditional single-instance behavior
+ run_rc_command "$1"
+fi
Index: etc/rc.d/pflog
===================================================================
--- etc/rc.d/pflog (revision 231526)
+++ etc/rc.d/pflog (working copy)
@@ -24,25 +24,41 @@
{
load_kld pflog || return 1
- # set pflog0 interface to up state
- if ! ifconfig pflog0 up; then
- warn 'could not bring up pflog0.'
+ # set pflog_dev interface to up state
+ if ! ifconfig $pflog_dev up; then
+ warn "could not bring up $pflog_dev."
return 1
fi
# prepare the command line for pflogd
- rc_flags="-f $pflog_logfile $rc_flags"
+ rc_flags="-f $pflog_logfile -i $pflog_dev $rc_flags"
# report we're ready to run pflogd
return 0
}
+pflog_poststart() {
+ # Allow child pflogd to settle
+ sleep 0.10
+ # More elegant(?) method for getting a unique pid
+ if [ -f /var/run/pflogd.pid ]; then
+ mv /var/run/pflogd.pid $pidfile
+ else
+ warn "/var/run/pflogd.pid does not exist. Too fast."
+ fi
+}
+
pflog_poststop()
{
- if ! ifconfig pflog0 down; then
- warn 'could not bring down pflog0.'
+ if ! ifconfig $pflog_dev down; then
+ warn "could not bring down $pflog_dev."
return 1
fi
+
+ if [ -n "$pflog_instances" ]; then
+ rm $pidfile
+ fi
+
return 0
}
@@ -53,4 +69,33 @@
}
load_rc_config $name
-run_rc_command "$1"
+
+# Check if spawning multiple pflogd
+echo "Starting pflogd: $pflog_instances"
+if [ -n "$pflog_instances" ]; then
+ start_postcmd="pflog_poststart"
+ # Interate through requested instances.
+ for i in $pflog_instances; do
+ # Set required variables
+ eval pflog_dev=\$pflog_${i}_dev
+ eval pflog_logfile=\$pflog_${i}_logfile
+ eval pflog_flags=\$pflog_${i}_flags
+ # Check that required vars have non-zero length, warn if not.
+ if [ -z "$pflog_dev" ]; then
+ warn "pflog_dev not set"
+ continue
+ fi
+ if [ -z "$pflog_logfile" ]; then
+ warn "pflog_logfile not set"
+ continue
+ fi
+ # pflogd sets a pidfile, but the name is hardcoded. Concoct a
+ # unique pidfile name.
+ pidfile="/var/run/pflogd.$i.pid"
+ run_rc_command "$1"
+ done
+else
+ # Typical case, spawn single instance only.
+ pflog_dev=${pflog_dev:-"pflog0"}
+ run_rc_command "$1"
+fi
--------------030106020900080405000307--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F36C269.9060201>