#!/sbin/openrc-run

name="addrwatch"
description="IPv4/IPv6 and ethernet address pairing monitoring"
description_reopen="Reopen output file"

: ${command_user:="addrwatch"}
: ${capabilities="^cap_net_raw"}
: ${error_logger="logger -t addrwatch -p daemon.err >/dev/null 2>&1"}

command="/usr/bin/addrwatch"
command_args="
	${output_file:+"--output=$output_file"}
	${sqlite_file:+"--sqlite3=$sqlite_file"}
	${hashsize:+"--hashsize=$hashsize"}
	${ratelimit:+"--ratelimit=$ratelimit"}
	$command_args
	"
command_background="yes"
pidfile="/run/$RC_SVCNAME.pid"

depend() {
	need net
	after firewall
}

start_pre() {
	yesno "${ipv4_only-}" && command_args="$command_args -4"
	yesno "${ipv6_only-}" && command_args="$command_args -6"

	local ip; for ip in ${blacklist-}; do
		command_args="$command_args --blacklist=$ip"
	done
	command_args="$command_args $interfaces"

	if [ "$output_file" ]; then
		checkpath -f -m 640 -o "$command_user" "$output_file" || return 1
	fi
}

reopen() {
	ebegin "Reopening $name output file"

	if [ "$supervisor" ]; then
		$supervisor "$RC_SVCNAME" --signal HUP
	else
		start-stop-daemon --signal HUP --pidfile "$pidfile"
	fi
	eend $?
}
