From owner-freebsd-rc@FreeBSD.ORG Sun Apr 27 11:37:52 2008 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C2C211065676; Sun, 27 Apr 2008 11:37:52 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 969B48FC1F; Sun, 27 Apr 2008 11:37:52 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3RBbqYf019628; Sun, 27 Apr 2008 11:37:52 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3RBbqBV019624; Sun, 27 Apr 2008 11:37:52 GMT (envelope-from gavin) Date: Sun, 27 Apr 2008 11:37:52 GMT Message-Id: <200804271137.m3RBbqBV019624@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org, oberman@es.net, gavin@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: conf/123119: [patch] rc script for ipfw does not handle IPv6 X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Apr 2008 11:37:52 -0000 Synopsis: [patch] rc script for ipfw does not handle IPv6 State-Changed-From-To: open->feedback State-Changed-By: gavin State-Changed-When: Sun Apr 27 11:35:43 UTC 2008 State-Changed-Why: To submitter: as far as I can tell, starting and stopping the IPv6 firewall is correctly handled in /etc/rc.d/ip6fw. Is there a reason why you believe this is broken? http://www.freebsd.org/cgi/query-pr.cgi?pr=123119 From owner-freebsd-rc@FreeBSD.ORG Sun Apr 27 21:40:21 2008 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 506551065675 for ; Sun, 27 Apr 2008 21:40:21 +0000 (UTC) (envelope-from SRS0=480fc8d3dfad2223885008caa09511eec116b709=684=es.net=oberman@es.net) Received: from postal1.es.net (postal3.es.net [IPv6:2001:400:14:3::8]) by mx1.freebsd.org (Postfix) with ESMTP id EFA3E8FC21 for ; Sun, 27 Apr 2008 21:40:20 +0000 (UTC) (envelope-from SRS0=480fc8d3dfad2223885008caa09511eec116b709=684=es.net=oberman@es.net) Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by postal3.es.net (Postal Node 3) with ESMTP (SSL) id HZP82602; Sun, 27 Apr 2008 14:40:02 -0700 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 9F4CA45010; Sun, 27 Apr 2008 14:40:02 -0700 (PDT) To: gavin@FreeBSD.org In-Reply-To: Your message of "Sun, 27 Apr 2008 11:37:52 GMT." <200804271137.m3RBbqBV019624@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1209332402_73640P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Sun, 27 Apr 2008 14:40:02 -0700 From: "Kevin Oberman" Message-Id: <20080427214002.9F4CA45010@ptavv.es.net> X-Sender-IP: 198.128.4.29 X-Sender-Domain: es.net X-Recipent: ; ; ; X-Sender: X-To_Name: X-To_Domain: freebsd.org X-To: gavin@FreeBSD.org X-To_Email: gavin@FreeBSD.org X-To_Alias: gavin Cc: freebsd-ipfw@FreeBSD.org, freebsd-rc@FreeBSD.org Subject: Re: conf/123119: [patch] rc script for ipfw does not handle IPv6 X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Apr 2008 21:40:21 -0000 --==_Exmh_1209332402_73640P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Sun, 27 Apr 2008 11:37:52 GMT > From: gavin@FreeBSD.org > > Synopsis: [patch] rc script for ipfw does not handle IPv6 > > State-Changed-From-To: open->feedback > State-Changed-By: gavin > State-Changed-When: Sun Apr 27 11:35:43 UTC 2008 > State-Changed-Why: > To submitter: as far as I can tell, starting and stopping the IPv6 > firewall is correctly handled in /etc/rc.d/ip6fw. Is there a reason > why you believe this is broken? > > http://www.freebsd.org/cgi/query-pr.cgi?pr=123119 ip6fw was added to the system back with V5.0 days (not fun days for FreeBSD) when ipfw was two separate modules, one for IPv4 and another for IPv6. makonnen wrote the required script for the IPv6 module back in 2002 and it has lived on with mostly small fixes to deal with changes in the startup scripts. Back in 2006, ipfw was re-worked to make it dual stack and it now is a single module with a single management CLI, ipfw(8) and rules for IPv4 and IPv6 can all be included in a single configuration file. It really makes no sense to have two very similar startup scripts, one with a fairly non-intuitive name, for a single function. It continues the approach that IPv6 is to be treated as something separate and not an integrated part of the OS and I see no real purpose served by the separation. Now that I have looked at ip6fw, I can see that the fix I recommended is not adequate, although it will prevent the problem I ran into when I thought I was stopping all of ipfw, only to find that I was still blocked from the system (except via the console). In my spare time (translate that to "it may take a while"), I'll look at a merge of the two rc scripts so that those with separate configuration files won't find things broken. (I suspect that there are not too many of those, but their firewalls really need to be preserved.) It looks simple on the surface, but I suspect there are a few corner cases that might be a bit tricky. I may even be able to come up with a solution to NDP (the IPv6 replacement for ARP) being blocked if the system is booted with the normal "block by default" configuration. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1209332402_73640P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFIFPKykn3rs5h7N1ERAhEyAJ49cHZzpREJuVpZZaWFPi+wPXeRdwCfZ8xF 4tKp7GL6KKu9rlTnZNiSlgg= =8Fba -----END PGP SIGNATURE----- --==_Exmh_1209332402_73640P-- From owner-freebsd-rc@FreeBSD.ORG Mon Apr 28 11:07:09 2008 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 683CC1065676 for ; Mon, 28 Apr 2008 11:07:09 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5D5598FC13 for ; Mon, 28 Apr 2008 11:07:09 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3SB79GH056248 for ; Mon, 28 Apr 2008 11:07:09 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3SB78GT056244 for freebsd-rc@FreeBSD.org; Mon, 28 Apr 2008 11:07:08 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 28 Apr 2008 11:07:08 GMT Message-Id: <200804281107.m3SB78GT056244@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-rc@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 11:07:09 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/98758 rc [jail] [patch] Templatize 'jail_fstab' in /etc/rc.d/ja o conf/98846 rc [jail] [patch] Templatize 'jail_rootdir' in /etc/rc.d/ o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/122036 rc [rc.d]: Mounting at boot with ZFS causes a halt in boo o conf/122215 rc startup script for hostid fails in single user 6 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} f bin/65258 rc [patch] [request] save /etc/rc.firewall from changing o conf/73677 rc [patch] add support for powernow states to power_profi o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o conf/88913 rc [patch] wrapper support for rc.subr o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/103486 rc [rc.d] [jail] [patch] rc.d/jail: mount fstab after dev o conf/103489 rc [rc.d] [jail] [patch] named_chroot_autoupdate doesn't o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa f conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/114119 rc [jail] [patch] [request] /etc/rc.d/jail improvements f o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/118385 rc [patch] [rc] /etc/rc.d/motd doesn't work on custom sys o conf/119076 rc [patch] [rc] /etc/rc.d/netif tries to remove alias add o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120431 rc [patch] devfs.rules are not initialized under certain o bin/121101 rc [patch] named(8): named_chroot_autoupdate forgets prot o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/122170 rc [patch] [request] New feature: notify admin via page o o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122478 rc typo in ftp-proxy rc script o conf/122528 rc [geli] [request] geli rc script should require syscons 42 problems total. From owner-freebsd-rc@FreeBSD.ORG Mon Apr 28 12:13:28 2008 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 110DD1065672; Mon, 28 Apr 2008 12:13:28 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 085AB8FC13; Mon, 28 Apr 2008 12:13:28 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (gavin@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3SCDRPe066592; Mon, 28 Apr 2008 12:13:27 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3SCDR2o066588; Mon, 28 Apr 2008 12:13:27 GMT (envelope-from gavin) Date: Mon, 28 Apr 2008 12:13:27 GMT Message-Id: <200804281213.m3SCDR2o066588@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org, oberman@es.net, gavin@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: conf/123119: [patch] rc script for ipfw does not handle IPv6 X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Apr 2008 12:13:28 -0000 Synopsis: [patch] rc script for ipfw does not handle IPv6 State-Changed-From-To: feedback->open State-Changed-By: gavin State-Changed-When: Mon Apr 28 12:11:36 UTC 2008 State-Changed-Why: Response received from submitter: -------- Forwarded Message -------- From: Kevin Oberman Cc: freebsd-rc@FreeBSD.org, freebsd-ipfw@FreeBSD.org Date: Sun, 27 Apr 2008 14:40:02 -0700 > To submitter: as far as I can tell, starting and stopping the IPv6 > firewall is correctly handled in /etc/rc.d/ip6fw. Is there a reason > why you believe this is broken? ip6fw was added to the system back with V5.0 days (not fun days for FreeBSD) when ipfw was two separate modules, one for IPv4 and another for IPv6. makonnen wrote the required script for the IPv6 module back in 2002 and it has lived on with mostly small fixes to deal with changes in the startup scripts. Back in 2006, ipfw was re-worked to make it dual stack and it now is a single module with a single management CLI, ipfw(8) and rules for IPv4 and IPv6 can all be included in a single configuration file. It really makes no sense to have two very similar startup scripts, one with a fairly non-intuitive name, for a single function. It continues the approach that IPv6 is to be treated as something separate and not an integrated part of the OS and I see no real purpose served by the separation. Now that I have looked at ip6fw, I can see that the fix I recommended is not adequate, although it will prevent the problem I ran into when I thought I was stopping all of ipfw, only to find that I was still blocked from the system (except via the console). In my spare time (translate that to "it may take a while"), I'll look at a merge of the two rc scripts so that those with separate configuration files won't find things broken. (I suspect that there are not too many of those, but their firewalls really need to be preserved.) It looks simple on the surface, but I suspect there are a few corner cases that might be a bit tricky. I may even be able to come up with a solution to NDP (the IPv6 http://www.freebsd.org/cgi/query-pr.cgi?pr=123119 From owner-freebsd-rc@FreeBSD.ORG Tue Apr 29 17:08:23 2008 Return-Path: Delivered-To: freebsd-rc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 54F7B1065673; Tue, 29 Apr 2008 17:08:23 +0000 (UTC) (envelope-from nork@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2AFB98FC0C; Tue, 29 Apr 2008 17:08:23 +0000 (UTC) (envelope-from nork@FreeBSD.org) Received: from freefall.freebsd.org (nork@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3TH8N1n021684; Tue, 29 Apr 2008 17:08:23 GMT (envelope-from nork@freefall.freebsd.org) Received: (from nork@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3TH8N2Z021680; Tue, 29 Apr 2008 17:08:23 GMT (envelope-from nork) Date: Tue, 29 Apr 2008 17:08:23 GMT Message-Id: <200804291708.m3TH8N2Z021680@freefall.freebsd.org> To: nork@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-rc@FreeBSD.org From: nork@FreeBSD.org Cc: Subject: Re: conf/123222: Add rtprio(1)/idprio(1) support to rc.subr(8). X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2008 17:08:23 -0000 Synopsis: Add rtprio(1)/idprio(1) support to rc.subr(8). Responsible-Changed-From-To: freebsd-bugs->freebsd-rc Responsible-Changed-By: nork Responsible-Changed-When: Tue Apr 29 17:07:25 UTC 2008 Responsible-Changed-Why: Over to rc.subr(8) maintainers. http://www.freebsd.org/cgi/query-pr.cgi?pr=123222 From owner-freebsd-rc@FreeBSD.ORG Wed Apr 30 08:20:06 2008 Return-Path: Delivered-To: freebsd-rc@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E5F06106566B for ; Wed, 30 Apr 2008 08:20:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id BB14A8FC1F for ; Wed, 30 Apr 2008 08:20:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3U8K6aL007863 for ; Wed, 30 Apr 2008 08:20:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3U8K6p0007862; Wed, 30 Apr 2008 08:20:06 GMT (envelope-from gnats) Date: Wed, 30 Apr 2008 08:20:06 GMT Message-Id: <200804300820.m3U8K6p0007862@freefall.freebsd.org> To: freebsd-rc@FreeBSD.org From: Kris Kennaway Cc: Subject: Re: conf/123222: Add rtprio(1)/idprio(1) support to rc.subr(8). X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Kris Kennaway List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2008 08:20:07 -0000 The following reply was made to PR conf/123222; it has been noted by GNATS. From: Kris Kennaway To: Norikatsu Shigemura Cc: FreeBSD-gnats-submit@FreeBSD.org Subject: Re: conf/123222: Add rtprio(1)/idprio(1) support to rc.subr(8). Date: Wed, 30 Apr 2008 10:14:59 +0200 Norikatsu Shigemura wrote: >> Description: > I want to run some daemons with rtprio(1)/idprio(1) like nice(1). > So I made patches to support rtprio(1)/idprio(1) to rc.subr(8). idprio is dangerous and should not be used unless you are sure you know what you're doing (it can cause deadlocks from priority inversion). There might be similar issues with rtprio. Kris