#!/bin/bash # # rtpengine Startup script for NGCP rtpengine # # chkconfig: 345 84 16 # description: NGCP rtpengine # # processname: rtpengine # config: /etc/sysconfig/rtpengine # pidfile: /run/rtpengine.pid # ### BEGIN INIT INFO # Provides: rtpengine # Required-Start: $local_fs $network # Short-Description: NGCP rtpengine # Description: NGCP rtpengine ### END INIT INFO # Source function library. . /etc/rc.d/init.d/functions # defaults if [ -f /etc/sysconfig/rtpengine ] then . /etc/sysconfig/rtpengine else echo "Error: /etc/sysconfig/rtpengine not present" >&2 exit 6 fi rtpengine=/usr/bin/rtpengine prog=rtpengine pidfile=${PIDFILE-/run/rtpengine.pid} lockfile=${LOCKFILE-/var/lock/subsys/rtpengine} cachefile=/var/lib/ngcp-rtpengine/rtpengine.cfg TABLE=$(/usr/sbin/rtpengine-get-table --config-file="${CONFIG_FILE-/etc/rtpengine/rtpengine.conf}") PIDFILE=${pidfile} RETVAL=0 OPTS="" build_opts() { # kernel table MODULE=0 # the variable from the config is the source of truth if [[ -n "$TABLE" ]];then if [[ $TABLE -ge 0 ]];then MODULE=1 fi fi # options [[ "$FORK" == "no" ]] && OPTS+=" --foreground" [ -z "$CONFIG_FILE" ] || OPTS+=" --config-file=$CONFIG_FILE" [ -z "$CONFIG_SECTION" ] || OPTS+=" --config-section=$CONFIG_SECTION" [ -z "$PIDFILE" ] || OPTS+=" --pidfile=$PIDFILE" } start() { build_opts if [[ $MODULE == 1 ]];then echo "Loading module for in-kernel packet forwarding" rmmod xt_RTPENGINE 2> /dev/null if [[ -n "$SET_USER" ]];then if [[ -n "$SET_GROUP" ]];then proc_gid="$(grep "^$SET_GROUP:" /etc/group | cut -f3 -d:)" else proc_gid="$(id "$SET_USER" -g)" fi modprobe xt_RTPENGINE proc_uid="$(id "$SET_USER" -u)" proc_gid="$proc_gid" else modprobe xt_RTPENGINE fi if firewall-cmd --state 2>/dev/null ; then # Using firewalld # Need to check if the INPUT_prefilter chain is present (permanently) if ! firewall-cmd --permanent --direct --query-chain ipv4 filter INPUT_prefilter > /dev/null; then firewall-cmd --permanent --direct --add-chain ipv4 filter INPUT_prefilter firewall-cmd --permanent --direct --passthrough ipv4 -t filter -I INPUT -j INPUT_prefilter firewall-cmd --reload fi firewall-cmd --direct --add-chain ipv4 filter rtpengine firewall-cmd --direct --add-rule ipv4 filter INPUT_prefilter 0 -j rtpengine firewall-cmd --direct --add-rule ipv4 filter rtpengine 0 -p udp -j RTPENGINE --id "$TABLE" firewall-cmd --direct --add-rule ipv6 filter rtpengine 0 -p udp -j RTPENGINE --id "$TABLE" firewall-cmd --reload else for fw in iptables ip6tables;do # We insert the rtpengine rule at the top of the input chain if ! $fw -t filter -C INPUT -j rtpengine 2> /dev/null; then $fw -N rtpengine $fw -t filter -I INPUT -j rtpengine fi if ! $fw -I rtpengine -p udp -j RTPENGINE --id "$TABLE" 2> /dev/null; then $fw -I rtpengine -p udp -j RTPENGINE --id "$TABLE" fi done fi cat < "$cachefile" CUR_TABLE=$TABLE EOF fi echo -n $"Starting $prog: " if [[ -n "$SET_USER" ]];then # shellcheck disable=SC2086 daemon --user "$SET_USER" --pidfile="${pidfile}" "$rtpengine" $OPTS else # shellcheck disable=SC2086 daemon --pidfile="${pidfile}" "$rtpengine" $OPTS fi RETVAL=$? echo [ $RETVAL = 0 ] && touch "${lockfile}" return $RETVAL } stop() { echo -n $"Stopping $prog: " killproc -p "${pidfile}" "$rtpengine" RETVAL=$? echo if [ -f "$cachefile" ];then . "$cachefile" echo "Unloading module for in-kernel packet forwarding" echo "del $TABLE" > /proc/rtpengine/control if firewall-cmd --state 2>/dev/null; then firewall-cmd --direct --remove-rules ipv4 filter rtpengine firewall-cmd --direct --remove-rules ipv6 filter rtpengine firewall-cmd --direct --remove-rule ipv4 filter INPUT_prefilter 0 -j rtpengine firewall-cmd --direct --remove-chain ipv4 filter rtpengine firewall-cmd --reload else for fw in iptables ip6tables;do $fw -D rtpengine -p udp -j RTPENGINE --id "$CUR_TABLE" $fw -t filter -D INPUT -j rtpengine $fw -X rtpengine done fi rmmod xt_RTPENGINE rm -f "$cachefile" fi [ $RETVAL = 0 ] && rm -f "${lockfile}" "${pidfile}" } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status -p "${pidfile}" "$rtpengine" RETVAL=$? ;; restart) stop start ;; condrestart|try-restart) if status -p "${pidfile}" "$rtpengine" >&/dev/null; then stop start fi ;; *) echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|status}" RETVAL=2 esac exit $RETVAL