From owner-freebsd-current@FreeBSD.ORG  Sat Nov 15 15:22:23 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7E46A16A4CE; Sat, 15 Nov 2003 15:22:23 -0800 (PST)
Received: from razorbill.mail.pas.earthlink.net
	(razorbill.mail.pas.earthlink.net [207.217.121.248])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B7D9543F85; Sat, 15 Nov 2003 15:22:22 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from user-2ivfj2j.dialup.mindspring.com ([165.247.204.83]
	helo=mindspring.com)
	by razorbill.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)	id 1AL9jc-0002Yj-00; Sat, 15 Nov 2003 15:21:45 -0800
Message-ID: <3FB6B4FE.4C1AF03C@mindspring.com>
Date: Sat, 15 Nov 2003 15:21:34 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Hajimu UMEMOTO <ume@mahoroba.org>
References: <E1AGIbn-0001Ux-7o@cub.org.ua> <ygefzgpq508.wl%ume@mahoroba.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a4d7b71d7f311faea59861bd8e785b0ae3350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
cc: FreeBSD-gnats-submit@freebsd.org
cc: Kostyuk Oleg <cub@cub.org.ua>
cc: freebsd-current@freebsd.org
Subject: Re: /etc/rc.d/ipsec starts not in time
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Nov 2003 23:22:23 -0000

Hajimu UMEMOTO wrote:
> >>>>> Kostyuk Oleg <cub@cub.org.ua> said:
> 
> cub>    Problem is in order of starting /etc/rc.d/ipsec.
> cub>    It must start BEFORE any network interaction,
> cub>    may be even before configuring interfaces.
> cub>    But I not sure in case with diskless mashines.
> 
> cub>    -# BEFORE:  DAEMON
> cub>    +# BEFORE:  NETWORK
> 
> It is not sufficient.  There is setkey(8) in /usr/sbin.  It means that
> we cannot protect NFS exported /usr by IPsec.  If there is no
> objection, I wish to move setkey(8) into /sbin like NetBSD did.

This type of order inversion is common.

Can we simply delay exportation until later in the boot process?
Wouldn't this have the same effect?

-- Terry