Added --digest-file and --pid-file args
Added --digest-file and --pid-file args so that the user can easily alter these paths from the command line.
This commit is contained in:
Michael Rash
parent
6f699f7e5d
commit
44598fd7dd
@ -37,7 +37,7 @@ COMMAND-LINE OPTIONS
|
|||||||
*-a, --access-file*='<access-file>'::
|
*-a, --access-file*='<access-file>'::
|
||||||
Specify the location of the 'access.conf' file. If this option is
|
Specify the location of the 'access.conf' file. If this option is
|
||||||
not given, 'fwknopd' will use the compile-time default location (typically
|
not given, 'fwknopd' will use the compile-time default location (typically
|
||||||
'@sysconfdir@/fwknop/access.conf'.
|
'@sysconfdir@/fwknop/access.conf').
|
||||||
|
|
||||||
*-c, --config*='<config-file>'::
|
*-c, --config*='<config-file>'::
|
||||||
Specify the location of the 'fwknopd.conf' file. If this option is
|
Specify the location of the 'fwknopd.conf' file. If this option is
|
||||||
@ -48,6 +48,11 @@ COMMAND-LINE OPTIONS
|
|||||||
Specify the number of candidate SPA packets to process and exit when
|
Specify the number of candidate SPA packets to process and exit when
|
||||||
this limit is reached.
|
this limit is reached.
|
||||||
|
|
||||||
|
*-d, --digest-file*='<digest-file>'::
|
||||||
|
Specify the location of the 'digest.cache' file. If this option is
|
||||||
|
not given, 'fwknopd' will use the compile-time default location (typically
|
||||||
|
'@localstatedir@/run/fwknop/digest.cache).
|
||||||
|
|
||||||
*-D, --Dump-config*::
|
*-D, --Dump-config*::
|
||||||
Dump the configuration values that *fwknopd* derives from the
|
Dump the configuration values that *fwknopd* derives from the
|
||||||
'fwknopd.conf' (or override files) and 'access.conf' on stderr.
|
'fwknopd.conf' (or override files) and 'access.conf' on stderr.
|
||||||
@ -87,6 +92,11 @@ COMMAND-LINE OPTIONS
|
|||||||
'fwknopd.conf' file with values from the specified file. Multiple
|
'fwknopd.conf' file with values from the specified file. Multiple
|
||||||
override config files can be given as a comma-separated list.
|
override config files can be given as a comma-separated list.
|
||||||
|
|
||||||
|
*-p, --pid-file*='<pid-file>'::
|
||||||
|
Specify the location of the 'fwknopd.pid' file. If this option is
|
||||||
|
not given, 'fwknopd' will use the compile-time default location (typically
|
||||||
|
'@localstatedir@/run/fwknop/fwknopd.pid).
|
||||||
|
|
||||||
*-P, --pcap-filter*='<filter>'::
|
*-P, --pcap-filter*='<filter>'::
|
||||||
Specify a Berkeley packet filter statement on the *fwknopd* command
|
Specify a Berkeley packet filter statement on the *fwknopd* command
|
||||||
line. This overrides the value of the PCAP_FILTER variable taken
|
line. This overrides the value of the PCAP_FILTER variable taken
|
||||||
|
|||||||
@ -116,7 +116,7 @@ enum {
|
|||||||
|
|
||||||
/* Our getopt_long options string.
|
/* Our getopt_long options string.
|
||||||
*/
|
*/
|
||||||
#define GETOPTS_OPTION_STRING "a:c:C:Dfhi:Kl:O:P:RSvV"
|
#define GETOPTS_OPTION_STRING "a:c:C:d:Dfhi:Kl:O:p:P:RSvV"
|
||||||
|
|
||||||
/* Our program command-line options...
|
/* Our program command-line options...
|
||||||
*/
|
*/
|
||||||
@ -125,19 +125,21 @@ static struct option cmd_opts[] =
|
|||||||
{"access-file", 1, NULL, 'a'},
|
{"access-file", 1, NULL, 'a'},
|
||||||
{"config-file", 1, NULL, 'c'},
|
{"config-file", 1, NULL, 'c'},
|
||||||
{"packet-limit", 1, NULL, 'C'},
|
{"packet-limit", 1, NULL, 'C'},
|
||||||
|
{"digest-file", 1, NULL, 'd'},
|
||||||
{"dump-config", 0, NULL, 'D'},
|
{"dump-config", 0, NULL, 'D'},
|
||||||
{"foreground", 0, NULL, 'f'},
|
{"foreground", 0, NULL, 'f'},
|
||||||
{"help", 0, NULL, 'h'},
|
{"help", 0, NULL, 'h'},
|
||||||
{"interface", 1, NULL, 'i'},
|
{"interface", 1, NULL, 'i'},
|
||||||
{"kill", 0, NULL, 'K'},
|
{"kill", 0, NULL, 'K'},
|
||||||
|
{"fw-flush", 0, NULL, FW_FLUSH },
|
||||||
{"fw-list", 0, NULL, FW_LIST },
|
{"fw-list", 0, NULL, FW_LIST },
|
||||||
{"fw-list-all", 0, NULL, FW_LIST_ALL },
|
{"fw-list-all", 0, NULL, FW_LIST_ALL },
|
||||||
{"fw-flush", 0, NULL, FW_FLUSH },
|
|
||||||
{"gpg-home-dir", 1, NULL, GPG_HOME_DIR },
|
{"gpg-home-dir", 1, NULL, GPG_HOME_DIR },
|
||||||
{"locale", 1, NULL, 'l' },
|
{"locale", 1, NULL, 'l' },
|
||||||
{"rotate-digest-cache", 0, NULL, ROTATE_DIGEST_CACHE },
|
{"rotate-digest-cache", 0, NULL, ROTATE_DIGEST_CACHE },
|
||||||
{"override-config", 1, NULL, 'O' },
|
{"override-config", 1, NULL, 'O' },
|
||||||
{"pcap-filter", 1, NULL, 'P'},
|
{"pcap-filter", 1, NULL, 'P'},
|
||||||
|
{"pid-file", 1, NULL, 'p'},
|
||||||
{"restart", 0, NULL, 'R'},
|
{"restart", 0, NULL, 'R'},
|
||||||
{"status", 0, NULL, 'S'},
|
{"status", 0, NULL, 'S'},
|
||||||
{"verbose", 0, NULL, 'v'},
|
{"verbose", 0, NULL, 'v'},
|
||||||
|
|||||||
@ -644,6 +644,13 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
|
|||||||
case 'C':
|
case 'C':
|
||||||
opts->packet_ctr_limit = atoi(optarg);
|
opts->packet_ctr_limit = atoi(optarg);
|
||||||
break;
|
break;
|
||||||
|
case 'd':
|
||||||
|
#if USE_FILE_CACHE
|
||||||
|
set_config_entry(opts, CONF_DIGEST_FILE, optarg);
|
||||||
|
#else
|
||||||
|
set_config_entry(opts, CONF_DIGEST_DB_FILE, optarg);
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
case 'D':
|
case 'D':
|
||||||
opts->dump_config = 1;
|
opts->dump_config = 1;
|
||||||
break;
|
break;
|
||||||
@ -679,15 +686,18 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
|
|||||||
case 'K':
|
case 'K':
|
||||||
opts->kill = 1;
|
opts->kill = 1;
|
||||||
break;
|
break;
|
||||||
case 'l':
|
case 'l':
|
||||||
set_config_entry(opts, CONF_LOCALE, optarg);
|
set_config_entry(opts, CONF_LOCALE, optarg);
|
||||||
break;
|
break;
|
||||||
case 'O':
|
case 'O':
|
||||||
/* This was handled earlier */
|
/* This was handled earlier */
|
||||||
break;
|
break;
|
||||||
|
case 'p':
|
||||||
|
set_config_entry(opts, CONF_FWKNOP_PID_FILE, optarg);
|
||||||
|
break;
|
||||||
case 'P':
|
case 'P':
|
||||||
set_config_entry(opts, CONF_PCAP_FILTER, optarg);
|
set_config_entry(opts, CONF_PCAP_FILTER, optarg);
|
||||||
break;
|
break;
|
||||||
case ROTATE_DIGEST_CACHE:
|
case ROTATE_DIGEST_CACHE:
|
||||||
opts->rotate_digest_cache = 1;
|
opts->rotate_digest_cache = 1;
|
||||||
break;
|
break;
|
||||||
@ -750,6 +760,7 @@ usage(void)
|
|||||||
" -c, --config-file - Specify an alternate configuration file.\n"
|
" -c, --config-file - Specify an alternate configuration file.\n"
|
||||||
" -C, --packet-limit - Limit the number of candidate SPA packets to\n"
|
" -C, --packet-limit - Limit the number of candidate SPA packets to\n"
|
||||||
" process and exit when this limit is reached.\n"
|
" process and exit when this limit is reached.\n"
|
||||||
|
" -d, --digest-file - Specify an alternate digest.cache file.\n"
|
||||||
" -D, --dump-config - Dump the current fwknop configuration values.\n"
|
" -D, --dump-config - Dump the current fwknop configuration values.\n"
|
||||||
" -f, --foreground - Run fwknopd in the foreground (do not become\n"
|
" -f, --foreground - Run fwknopd in the foreground (do not become\n"
|
||||||
" a background daemon).\n"
|
" a background daemon).\n"
|
||||||
@ -761,6 +772,7 @@ usage(void)
|
|||||||
" default.\n"
|
" default.\n"
|
||||||
" -O, --override-config - Specify a file with configuration entries that will\n"
|
" -O, --override-config - Specify a file with configuration entries that will\n"
|
||||||
" overide those in fwknopd.conf\n"
|
" overide those in fwknopd.conf\n"
|
||||||
|
" -p, --pid-file - Specify an alternate fwknopd.pid file.\n"
|
||||||
" -P, --pcap-filter - Specify a Berkeley packet filter statement to\n"
|
" -P, --pcap-filter - Specify a Berkeley packet filter statement to\n"
|
||||||
" override the PCAP_FILTER variable in fwknopd.conf.\n"
|
" override the PCAP_FILTER variable in fwknopd.conf.\n"
|
||||||
" -R, --restart - Force the currently running fwknopd to restart.\n"
|
" -R, --restart - Force the currently running fwknopd to restart.\n"
|
||||||
|
|||||||
@ -167,11 +167,6 @@ main(int argc, char **argv)
|
|||||||
* in case it configured to be somewhere other than the run dir.
|
* in case it configured to be somewhere other than the run dir.
|
||||||
*/
|
*/
|
||||||
check_dir_path((const char *)opts.config[CONF_FWKNOP_RUN_DIR], "Run", 0);
|
check_dir_path((const char *)opts.config[CONF_FWKNOP_RUN_DIR], "Run", 0);
|
||||||
#if USE_FILE_CACHE
|
|
||||||
check_dir_path((const char *)opts.config[CONF_DIGEST_FILE], "Run", 1);
|
|
||||||
#else
|
|
||||||
check_dir_path((const char *)opts.config[CONF_DIGEST_DB_FILE], "Run", 1);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* Initialize the firewall rules handler based on the fwknopd.conf
|
/* Initialize the firewall rules handler based on the fwknopd.conf
|
||||||
* file, but (for iptables firewalls) don't flush any rules or create
|
* file, but (for iptables firewalls) don't flush any rules or create
|
||||||
@ -402,7 +397,7 @@ check_dir_path(const char *filepath, const char *fp_desc, unsigned char use_base
|
|||||||
if(*filepath != PATH_SEP)
|
if(*filepath != PATH_SEP)
|
||||||
{
|
{
|
||||||
log_msg(LOG_ERR,
|
log_msg(LOG_ERR,
|
||||||
"Configured %s directory (%s) is not an absolute path.", fp_desc, filepath
|
"Path '%s' is not absolute.", filepath
|
||||||
);
|
);
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user