From owner-freebsd-bugs@FreeBSD.ORG  Wed Apr 26 04:00:30 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6722116A400
	for <freebsd-bugs@hub.freebsd.org>;
	Wed, 26 Apr 2006 04:00:30 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CBBFF43D53
	for <freebsd-bugs@hub.freebsd.org>;
	Wed, 26 Apr 2006 04:00:29 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3Q40Tko005777
	for <freebsd-bugs@freefall.freebsd.org>; Wed, 26 Apr 2006 04:00:29 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3Q40TJV005773;
	Wed, 26 Apr 2006 04:00:29 GMT (envelope-from gnats)
Resent-Date: Wed, 26 Apr 2006 04:00:29 GMT
Resent-Message-Id: <200604260400.k3Q40TJV005773@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Mike Oliver <michael@gargantuan.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0D2FC16A400
	for <freebsd-gnats-submit@FreeBSD.org>;
	Wed, 26 Apr 2006 03:58:01 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9999D43D45
	for <freebsd-gnats-submit@FreeBSD.org>;
	Wed, 26 Apr 2006 03:58:00 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k3Q3w0wO093770
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 26 Apr 2006 03:58:00 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k3Q3w07J093769;
	Wed, 26 Apr 2006 03:58:00 GMT (envelope-from nobody)
Message-Id: <200604260358.k3Q3w07J093769@www.freebsd.org>
Date: Wed, 26 Apr 2006 03:58:00 GMT
From: Mike Oliver <michael@gargantuan.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Cc: 
Subject: misc/96343: patch - rc.d order change to start inet6 before pf
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2006 04:00:30 -0000


>Number:         96343
>Category:       misc
>Synopsis:       patch - rc.d order change to start inet6 before pf
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 26 04:00:29 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Mike Oliver
>Release:        CURRENT
>Organization:
>Environment:
FreeBSD gambit.gargantuan.com 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Wed Mar 15 12:56:49 EST 2006     mwoliver@gambit.gargantuan.com:/usr/obj/usr/src/sys/GAMBIT  i386
>Description:
For inet6, it looks like the link-local address isn't enough to satisfy pf so that it will load the rules, because I saw the same "rule expands to no valid combination" error when testing this config before having a non-link-local addr assigned to re0.  It looks like pf is being started after the inet config, but before the inet6 config, and since there are no non-link-local addrs assigned yet, pf is failing to load the pf.conf rules.

The attached patch to change the ordering of /etc/rc.d fixes the problem completely in my case, though I don't have a facility to test any regression to isdn or ppp.
>How-To-Repeat:
put these rules in /etc/pf.conf and reboot with current rc.d ordering -- the rules will NOT be loaded.


antispoof quick for $int_if inet
antispoof quick for $int_if inet6
antispoof quick for $ext_if inet
antispoof quick for $ext_if inet6
>Fix:
diff -ruN /etc/rc.d.orig/NETWORKING /etc/rc.d/NETWORKING
--- /etc/rc.d.orig/NETWORKING   Tue Jan 10 12:51:47 2006
+++ /etc/rc.d/NETWORKING        Mon Apr 24 13:44:25 2006
@@ -5,7 +5,7 @@
 #

 # PROVIDE: NETWORKING NETWORK
-# REQUIRE: netif routing network_ipv6 isdnd ppp
+# REQUIRE: netif network_ipv6 routing isdnd ppp
 # REQUIRE: routed mrouted route6d mroute6d

 #      This is a dummy dependency, for services which require networking
diff -ruN /etc/rc.d.orig/atm2 /etc/rc.d/atm2
--- /etc/rc.d.orig/atm2 Tue Jan 10 12:51:47 2006
+++ /etc/rc.d/atm2      Mon Apr 24 14:17:05 2006
@@ -28,7 +28,7 @@
 #

 # PROVIDE: atm2
-# REQUIRE: atm1 netif
+# REQUIRE: atm1 netif ip6addrctl
 # BEFORE:  routing
 # KEYWORD: nojail

diff -ruN /etc/rc.d.orig/ip6fw /etc/rc.d/ip6fw
--- /etc/rc.d.orig/ip6fw        Tue Jan 10 12:51:48 2006
+++ /etc/rc.d/ip6fw     Mon Apr 24 14:14:09 2006
@@ -4,8 +4,8 @@
 #

 # PROVIDE: ip6fw
-# REQUIRE: routing
-# BEFORE: network_ipv6
+# REQUIRE: network_ipv6 routing
+# BEFORE: NETWORKING
 # KEYWORD: nojail

 . /etc/rc.subr
diff -ruN /etc/rc.d.orig/mroute6d /etc/rc.d/mroute6d
--- /etc/rc.d.orig/mroute6d     Tue Jan 10 12:51:48 2006
+++ /etc/rc.d/mroute6d  Mon Apr 24 14:05:19 2006
@@ -4,7 +4,7 @@
 #

 # PROVIDE: mroute6d
-# REQUIRE: network_ipv6
+# REQUIRE: network_ipv6 routing
 # KEYWORD: nojail

 . /etc/rc.subr
diff -ruN /etc/rc.d.orig/network_ipv6 /etc/rc.d/network_ipv6
--- /etc/rc.d.orig/network_ipv6 Tue Jan 10 12:51:48 2006
+++ /etc/rc.d/network_ipv6      Mon Apr 24 13:41:07 2006
@@ -29,7 +29,7 @@
 #

 # PROVIDE: network_ipv6
-# REQUIRE: routing
+# REQUIRE: mountcritlocal
 # KEYWORD: nojail

 . /etc/rc.subr
diff -ruN /etc/rc.d.orig/pf /etc/rc.d/pf
--- /etc/rc.d.orig/pf   Mon Apr 24 10:36:10 2006
+++ /etc/rc.d/pf        Mon Apr 24 14:12:38 2006
@@ -4,7 +4,7 @@
 #

 # PROVIDE: pf
-# REQUIRE: root mountcritlocal netif pflog pfsync
+# REQUIRE: root mountcritlocal netif network_ipv6 pflog pfsync
 # BEFORE:  routing
 # KEYWORD: nojail

diff -ruN /etc/rc.d.orig/pflog /etc/rc.d/pflog
--- /etc/rc.d.orig/pflog        Mon Apr 24 10:36:15 2006
+++ /etc/rc.d/pflog     Mon Apr 24 14:12:28 2006
@@ -4,7 +4,7 @@
 #

 # PROVIDE: pflog
-# REQUIRE: root mountcritlocal netif cleanvar
+# REQUIRE: root mountcritlocal netif network_ipv6 cleanvar
 # KEYWORD: nojail

 . /etc/rc.subr
diff -ruN /etc/rc.d.orig/pfsync /etc/rc.d/pfsync
--- /etc/rc.d.orig/pfsync       Mon Apr 24 10:36:23 2006
+++ /etc/rc.d/pfsync    Mon Apr 24 14:20:25 2006
@@ -4,7 +4,7 @@
 #

 # PROVIDE: pfsync
-# REQUIRE: root mountcritlocal netif
+# REQUIRE: root mountcritlocal netif network_ipv6
 # KEYWORD: nojail

 . /etc/rc.subr
diff -ruN /etc/rc.d.orig/route6d /etc/rc.d/route6d
--- /etc/rc.d.orig/route6d      Tue Jan 10 12:51:49 2006
+++ /etc/rc.d/route6d   Mon Apr 24 14:05:09 2006
@@ -5,7 +5,7 @@
 #

 # PROVIDE: route6d
-# REQUIRE: network_ipv6
+# REQUIRE: network_ipv6 routing
 # KEYWORD: nojail

 . /etc/rc.subr
diff -ruN /etc/rc.d.orig/routing /etc/rc.d/routing
--- /etc/rc.d.orig/routing      Tue Jan 10 12:51:49 2006
+++ /etc/rc.d/routing   Mon Apr 24 13:41:59 2006
@@ -6,7 +6,7 @@
 #

 # PROVIDE: routing
-# REQUIRE: netif ppp
+# REQUIRE: netif network_ipv6 ppp
 # KEYWORD: nojail

 . /etc/rc.subr
>Release-Note:
>Audit-Trail:
>Unformatted: