From nobody Tue Mar 29 21:13:13 2022 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 481511A46546 for ; Tue, 29 Mar 2022 21:27:22 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "uucp.dinoex.sub.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KSjMD6pnlz3kkZ; Tue, 29 Mar 2022 21:27:20 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.sub.de (uucp.dinoex.org [185.220.148.12]) by uucp.dinoex.org (8.17.1/8.17.1) with ESMTPS id 22TLR4UQ080106 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 29 Mar 2022 23:27:05 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) X-Authentication-Warning: uucp.dinoex.sub.de: Host uucp.dinoex.org [185.220.148.12] claimed to be uucp.dinoex.sub.de Received: (from uucp@localhost) by uucp.dinoex.sub.de (8.17.1/8.17.1/Submit) with UUCP id 22TLR4Pi080105; Tue, 29 Mar 2022 23:27:04 +0200 (CEST) (envelope-from pmc@citylink.dinoex.sub.org) Received: from gate.intra.daemon.contact (gate-e [192.168.98.2]) by citylink.dinoex.sub.de (8.16.1/8.16.1) with ESMTP id 22TLFmEq065880; Tue, 29 Mar 2022 23:15:48 +0200 (CEST) (envelope-from peter@gate.intra.daemon.contact) Received: from gate.intra.daemon.contact (gate-e [192.168.98.2]) by gate.intra.daemon.contact (8.16.1/8.16.1) with ESMTPS id 22TLDDhW065416 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 29 Mar 2022 23:13:14 +0200 (CEST) (envelope-from peter@gate.intra.daemon.contact) Received: (from peter@localhost) by gate.intra.daemon.contact (8.16.1/8.16.1/Submit) id 22TLDDA2065415; Tue, 29 Mar 2022 23:13:13 +0200 (CEST) (envelope-from peter) Date: Tue, 29 Mar 2022 23:13:13 +0200 From: Peter To: freebsd-stable@freebsd.org Cc: "Bjoern A. Zeeb" Subject: Slow startup from D19488 (rtsol: sendmsg: Permission denied) Message-ID: List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Milter: Spamilter (Reciever: uucp.dinoex.sub.de; Sender-ip: 185.220.148.12; Sender-helo: uucp.dinoex.sub.de;) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (uucp.dinoex.org [185.220.148.12]); Tue, 29 Mar 2022 23:27:07 +0200 (CEST) X-Rspamd-Queue-Id: 4KSjMD6pnlz3kkZ X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of pmc@citylink.dinoex.sub.org designates 2a0b:f840::12 as permitted sender) smtp.mailfrom=pmc@citylink.dinoex.sub.org X-Spamd-Result: default: False [-2.02 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.90)[-0.903]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; DMARC_NA(0.00)[sub.org]; NEURAL_SPAM_SHORT(0.18)[0.181]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[4]; RCPT_COUNT_TWO(0.00)[2]; MLMMJ_DEST(0.00)[freebsd-stable]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:205376, ipnet:2a0b:f840::/32, country:DE]; RCVD_TLS_LAST(0.00)[] X-ThisMailContainsUnwantedMimeParts: N Hija, after upgrading 12.3 to stable/13, I am seeing these errors in all my jails: > Additional TCP/IP options: log_in_vain=1. > ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/c cmpat/pkg /usr/local/lib/compat/pkg > 32-bit compatibility ldconfig path: > rtsol: sendmsg on nrail1l: Permission denied > rtsol: sendmsg on nrail1l: Permission denied > rtsol: sendmsg on nrail1l: Permission denied > Starting Network: lo0 nrail1l. Searching the cause I find change 1b5be7204eaeeaf aka D19488 This doesn't work, because the firewall is not yet present. This is happening in rc.d/netif, and that must run before rc.d/ipfw in any case, because the firewall needs to see the netifs. I cannot see why this is considered an improvement, as it only gives 3 seconds of delay for each jail, and error messages. Maybe I'm doing something wrong, but honestly, I don't get it. Trying to read the differential: > Looking at the logic I changed above we invoked rtsol only if rtsold > was disabled and otherwise rtsold was started later and done it Yes, in 12.3, rtsold was started later when the firewall is loaded and it might work. Now rtsol is run earler when the firewall is NOT loaded and therefore it can NOT work. So far I do understand. What I don't understand: why this is good. And from there onward the differential talks about dhcp - but dhcp is only useful for prefix delegation, and most of my jails don't currently get delegated prefixes. Furthermore, nodes that get delegated prefixes will usually be routers, and with ipv6_gateway_enable=YES the error does not appear, i.e. this code does not even seem to be run. So I fail to imagine a usecase that this might be about. cheerio, PMc