#!/bin/sh
# $FreeBSD: head/security/suricata/files/suricata.in 402907 2015-12-04 05:42:17Z koobs $

# PROVIDE: suricata
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown

# Add the following lines to /etc/rc.conf to enable suricata:
# suricata_enable (bool):	Set to YES to enable suricata
# 				Default: NO
# suricata_flags (str):		Extra flags passed to suricata
#				Default: -D -q
# suricata_interface (str):	Network interface to sniff
#				Default: "" 
# suricata_conf (str):		Suricata configuration file
#				Default: ${PREFIX}/etc/suricata/suricata.yaml
# suricata_divertport (int):	Port to create divert socket (Inline Mode)
#				Default: 8000
# suricata_netmap (str):	Set to YES to enable netmap (Inline Mode)
#				Default: NO


. /etc/rc.subr

name="suricata"
rcvar=suricata_enable

command="%%PREFIX%%/bin/suricata"

load_rc_config $name

[ -z "$suricata_enable" ]	&& suricata_enable="NO"
[ -z "$suricata_conf" ]		&& suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml"
[ -z "$suricata_flags" ]	&& suricata_flags="-D"
[ -z "$suricata_divertport" ]	&& suricata_divertport="8000"
[ -z "$suricata_netmap" ]	&& suricata_netmap="NO"

if [ -n "$suricata_interface" ]; then
	suricata_flags="$suricata_flags -i $suricata_interface"
elif [ "$suricata_netmap" != "NO" ]; then
	suricata_flags="$suricata_flags --netmap"
else
	suricata_flags="$suricata_flags -d $suricata_divertport"
	info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
fi

pidfile="/var/run/suricata.pid"
suricata_flags="$suricata_flags --pidfile $pidfile"

[ -n "$suricata_conf" ]	&& suricata_flags="$suricata_flags -c $suricata_conf"

run_rc_command "$1"