From owner-freebsd-rc@FreeBSD.ORG Mon Nov 17 11:06:56 2008 Return-Path: Delivered-To: freebsd-rc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92235106567C for ; Mon, 17 Nov 2008 11:06:56 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 80FF68FC29 for ; Mon, 17 Nov 2008 11:06:56 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAHB6uqF082645 for ; Mon, 17 Nov 2008 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAHB6uGp082641 for freebsd-rc@FreeBSD.org; Mon, 17 Nov 2008 11:06:56 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 17 Nov 2008 11:06:56 GMT Message-Id: <200811171106.mAHB6uGp082641@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-rc@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-rc@FreeBSD.org X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2008 11:06:56 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o conf/128299 rc [patch] /etc/rc.d/geli does not mount partitions using o conf/127917 rc [patch] dumpon rejects on start with physmem>swap even o bin/126562 rc rcorder(8) fails to run unrelated startup scripts when f conf/126392 rc rc.conf ifconfig_xx keywords cannot be escaped o bin/126324 rc [patch] rc.d/tmp: Prevent mounting /tmp in second tim o conf/124747 rc [patch] savecore can't create dump from encrypted swap o conf/124248 rc [patch] add support for nice value for rc.d/jail + rc. o conf/123734 rc [patch] Chipset VIA CX700 requires extra initializatio o conf/123222 rc [patch] Add rtprio(1)/idprio(1) support to rc.subr(8). o conf/122477 rc [patch] /etc/rc.d/mdconfig and mdconfig2 are ignoring o conf/122170 rc [patch] [request] New feature: notify admin via page o o conf/122036 rc [rc.d]: Mounting at boot with ZFS causes a halt in boo o kern/121566 rc [nfs] [request] [patch] ethernet iface should be broug o conf/120431 rc [patch] devfs.rules are not initialized under certain o conf/120406 rc [devd] [patch] Handle newly attached pcm devices (eg. o conf/120228 rc [zfs] [patch] Split ZFS volume startup / ease ZFS swap o conf/120194 rc [patch] UFS volumes on ZVOLs cannot be fsck'd at boot o conf/119874 rc [patch] "/etc/rc.d/pf reload" fails if there are macro o conf/119076 rc [patch] [rc] /etc/rc.d/netif tries to remove alias add o bin/118325 rc [patch] [request] new periodic script to test statuses o conf/118255 rc savecore never finding kernel core dumps (rcorder prob o conf/117935 rc [patch] ppp fails to start at boot because of missing o conf/114119 rc [jail] [patch] [request] /etc/rc.d/jail improvements f o conf/113915 rc [patch] ndis wireless driver fails to associate when i o conf/109980 rc /etc/rc.d/netif restart doesn't destroy cloned_interfa o conf/109562 rc [rc.d] [patch] [request] Make rc.d/devfs usable from c o conf/106009 rc [ppp] [patch] [request] Fix pppoed startup script to p o conf/105689 rc [ppp] [request] syslogd starts too late at boot o conf/105568 rc [patch] [request] Add more flexibility to rc.conf, to o conf/105145 rc [ppp] [patch] [request] add redial function to rc.d/pp o conf/104549 rc [patch] rc.d/nfsd needs special _find_processes functi o conf/103489 rc [rc.d] [jail] [patch] named_chroot_autoupdate doesn't o conf/103486 rc [rc.d] [jail] [patch] rc.d/jail: mount fstab after dev o conf/102700 rc [geli] [patch] Add encrypted /tmp support to GELI/GBDE o conf/99721 rc [patch] /etc/rc.initdiskless problem copy dotfile in s o conf/99444 rc [patch] Enhancement: rc.subr could easily support star o conf/98846 rc [jail] [patch] Templatize 'jail_rootdir' in /etc/rc.d/ o conf/98758 rc [jail] [patch] Templatize 'jail_fstab' in /etc/rc.d/ja o conf/96343 rc [patch] rc.d order change to start inet6 before pf o conf/93815 rc [patch] Adds in the ability to save ipfw rules to rc.d o conf/92523 rc [patch] allow rc scripts to kill process after a timeo o conf/89870 rc [patch] [request] make netif verbose rc.conf toggle o conf/89061 rc [patch] IPv6 6to4 auto-configuration enhancement o conf/88913 rc [patch] wrapper support for rc.subr o conf/85819 rc [patch] script allowing multiuser mode in spite of fsc o kern/81006 rc ipnat not working with tunnel interfaces on startup o conf/77663 rc Suggestion: add /etc/rc.d/addnetswap after addcritremo o conf/73677 rc [patch] add support for powernow states to power_profi o conf/58939 rc [patch] dumb little hack for /etc/rc.firewall{,6} o conf/56934 rc [patch] rc.firewall rules for natd expect an interface o conf/45226 rc [patch] Fix for rc.network, ppp-user annoyance o conf/44170 rc [patch] Add ability to run multiple pppoed(8) on start 52 problems total. From owner-freebsd-rc@FreeBSD.ORG Tue Nov 18 21:36:45 2008 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 242791065677 for ; Tue, 18 Nov 2008 21:36:45 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.cksoft.de (mail.cksoft.de [62.111.66.27]) by mx1.freebsd.org (Postfix) with ESMTP id D1B3A8FC17 for ; Tue, 18 Nov 2008 21:36:44 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from localhost (amavis.str.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 1628141C65F; Tue, 18 Nov 2008 22:20:06 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([62.111.66.27]) by localhost (amavis.str.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id T2uHWruoCepg; Tue, 18 Nov 2008 22:20:05 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id B242141C65E; Tue, 18 Nov 2008 22:20:05 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 3A960444888; Tue, 18 Nov 2008 21:19:32 +0000 (UTC) Date: Tue, 18 Nov 2008 21:19:32 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Gert Doering In-Reply-To: <20081106125643.GG8535@greenie.muc.de> Message-ID: <20081118211827.O61259@maildrop.int.zabbadoz.net> References: <20081106125643.GG8535@greenie.muc.de> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-rc@freebsd.org, gert@space.net Subject: Re: rcorder pf vs. network_ipv6 on 6.3-RELEASE X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion related to /etc/rc.d design and implementation." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2008 21:36:45 -0000 On Thu, 6 Nov 2008, Gert Doering wrote: Hi, > (bear with me, I'm normally not working on that part of the system, and > I'm normally not subscribed to this list - so if I violate any sort of > netiquette, I'm sorry for it). > > I ran into a problem with one of our FreeBSD 6.3-RELEASE machines today, > and checking 7.0-RELEASE, the problem is similar over there. > > The issue I have is that /etc/rc.d/pf is run *before* /etc/rc.d/network_ipv6 > (because network_ipv6 demands so). > > pf: > > # PROVIDE: pf > # REQUIRE: root FILESYSTEMS netif pflog pfsync > # BEFORE: routing > > network_ipv6: > > # PROVIDE: network_ipv6 > # REQUIRE: routing > > The problem comes up if you have pf(4) IPv6 rules that tack to an interface, > as in: > > pass in on $ext_if proto tcp from any to $ext_if port 443 keep state > > if that rule is loaded *before* the interface gets configured, pf will > not re-sync afterwards, so the firewall rule is ignored. > > > It can be worked around by putting "to ($ext_if)" into the pf(4) rules, > but there might be circumstances where this is not desirable ("if the > address changes, this is exceptional circumstances and we want to know!"), > and the current boot order takes away the decision from the user how > to write his pf(4) rules. > > > I tried to change the PROVIDE/REQUIRE/BEFORE statements in "pf" and > "network_ipv6" to force execution of network_ipv6 before pf, but failed > (rcorder complains about circular dependencies and I can't see why). > > So I'm handing this problem to you guys - please consider whether this > should be changed (execute all IP configuration before all firewall stuff), > and if yes, how to do it "right". > > thanks, > > gert > Is freebsd-rc@ alive and could anyone with sufficient rc-foo look at this? /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.