From owner-freebsd-hackers@freebsd.org  Sat Dec 22 14:01:09 2018
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8D5861354AD5
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Sat, 22 Dec 2018 14:01:09 +0000 (UTC)
 (envelope-from dch@skunkwerks.at)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
 [66.111.4.25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 388AD896A6
 for <freebsd-hackers@freebsd.org>; Sat, 22 Dec 2018 14:01:06 +0000 (UTC)
 (envelope-from dch@skunkwerks.at)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47])
 by mailout.nyi.internal (Postfix) with ESMTP id 2FBB92120D
 for <freebsd-hackers@freebsd.org>; Sat, 22 Dec 2018 09:01:06 -0500 (EST)
Received: from web6 ([10.202.2.216])
 by compute7.internal (MEProxy); Sat, 22 Dec 2018 09:01:06 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at;
 h=message-id:from:to:mime-version:content-transfer-encoding
 :content-type:subject:date; s=fm1; bh=9E3F11gFEVEwq97UoFiueu/kYs
 6ENi1pnB61zahj7ik=; b=oINC9hRtQQLdyShcD9tXBydYsNfM82KFxaojekih/G
 aL0K4Ar/Z50MbRqTW9KEfV/rM/j5CiNZkaLGFImUVwen+C2e7WQc6gzDceWrQ3uP
 kt6jPhsO7lLqjiD2Ebr/AfLsgiYWcFIsChldrf8zJhKoBS0wxks1enpXg8A0GQzo
 iZ9B+LtcE4Lji+KPcPZ0UU/Ho54Tn8oPfGPowWd1TZ9zW+4Y86C/8CwCK6+Hw/k/
 XFSDGx1B0nvqXQX1/C2RleoJGqU60mzP/ae0sTR4V1QuCwQ/pUP5sulPnO07JNS6
 AHZ0LJ3hDUgcC8eF2B+WQH2breADWOxdmW7QuLs+OO5A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-transfer-encoding:content-type
 :date:from:message-id:mime-version:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=9E3F11
 gFEVEwq97UoFiueu/kYs6ENi1pnB61zahj7ik=; b=KvY3XAiUBTxj2JHsReLJ3M
 pl6a9xYB4Rq/N9ujSgT8SWDGLVEuZykVN5AZ/Xn/iNx8I9bzPtn9WJG2pJC/nZKd
 n2Mfjv0ChBEE7Ap7vRCAKp5TDgqBo1GWq1gqc0lt8f5/I36W/bXb5V3tHDw7diUa
 ykpJ9hfd6LbP6dD73q9gXov6IljBu8s8+Jt2J75AAGC5yMoRy9EZcYxAYR1vBSD4
 RwLePFjIgXvchFAhwSBA53JBBZOp57FJScML5SWLd64i0iWZUWIsuMnlBFFXEOGX
 CXqNTDUIuw6qRx7reNfRhIOHvcDsB7FgkVBj8yULOIJvwRsokdHzF8pNrHHV64LQ
 ==
X-ME-Sender: <xms:oUMeXH42OlXzDewG2VYUgHwTZcyYQNBbUQnYNYzYrKqYwLnriq8_VA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtkedrudejjedgheelucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef
 tddtnecunecujfgurhepkffhvfgggfgtoffuffesthejredtredtjeenucfhrhhomhepff
 grvhgvucevohhtthhlvghhuhgsvghruceouggthhesshhkuhhnkhifvghrkhhsrdgrtheq
 necuffhomhgrihhnpehfrhgvvggsshgurdhorhhgpdhfrhgvshhhphhorhhtshdrohhrgh
 enucfrrghrrghmpehmrghilhhfrhhomhepuggthhesshhkuhhnkhifvghrkhhsrdgrthen
 ucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:oUMeXHV1f-CT0CUKTC3FvOVsT1Ja4eCzGzL3hpF_l5FSNpYlWLt40Q>
 <xmx:oUMeXF-fEiouXRRzOlfBSJD8-K3RjuB5BA59xe-HZ1BFwQc_24qsaw>
 <xmx:oUMeXPpWoW-0JzD50q_VEopYRh6uS4SEh88E1j4h696WTlNIZxJP8A>
 <xmx:okMeXFJvvOf6KSW5nAOaJ_KsVjPrgqLkKGvh7lZr5RKuvaEq7AJDng>
Received: by mailuser.nyi.internal (Postfix, from userid 99)
 id 864C14254; Sat, 22 Dec 2018 09:01:05 -0500 (EST)
Message-Id: <1545487265.3497867.1616158504.69E513B4@webmail.messagingengine.com>
From: Dave Cottlehuber <dch@skunkwerks.at>
To: freebsd-hackers@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-2f590f9a
Subject: rcorder for vpn-like tunnels during early rc.d startup
Date: Sat, 22 Dec 2018 15:01:05 +0100
X-Rspamd-Queue-Id: 388AD896A6
X-Spamd-Bar: -------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=skunkwerks.at header.s=fm1 header.b=oINC9hRt;
 dkim=pass header.d=messagingengine.com header.s=fm1 header.b=KvY3XAiU;
 spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 66.111.4.25
 as permitted sender) smtp.mailfrom=dch@skunkwerks.at
X-Spamd-Result: default: False [-7.18 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm1,messagingengine.com:s=fm1];
 FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.25];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[4];
 DMARC_NA(0.00)[skunkwerks.at];
 DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+];
 MX_GOOD(-0.01)[in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com];
 NEURAL_HAM_SHORT(-0.96)[-0.960,0]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US];
 IP_SCORE(-3.61)[ip: (-9.53), ipnet: 66.111.4.0/24(-4.67), asn: 11403(-3.78),
 country: US(-0.08)]; 
 RCVD_IN_DNSWL_LOW(-0.10)[25.4.111.66.list.dnswl.org : 127.0.5.1]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Dec 2018 14:01:09 -0000

I have a port[1] net/zerotier that provides a p2p layer2+ vpn via tap(4) interfaces. Ideally zerotier/zt would be available early enough during boot that later daemons such as ssh and other network services would be able to bind to those interfaces.

I've tried a variety of tricks to achieve the following outcomes:

- start after netif
- default route is available so that zt can initialise itself
- started before firewalls and later network daemons

I have this working for DHCP, but not for statically assigned IPs.

Any suggestions on what else I could try?

The patch[2] achieves this for DHCP systems, as the default route is made available during `netif`, but for statically assigned systems, it arrives later with `routing`. Trying to include routing in the REQUIRE section results in the expected circular dependency, and the startup daemon hangs in the check loop as the default route isn't available to it yet.

# rcorder /usr/local/etc/rc.d/* /etc/rc.d/* |less
rcorder: Circular dependency on provision `routing' in file `/usr/local/etc/rc.d/zerotier'.
/etc/rc.d/netif
/etc/rc.d/devd
/etc/rc.d/zfsd
/etc/rc.d/ipsec
/etc/rc.d/stf
/etc/rc.d/defaultroute
/etc/rc.d/devfs
/usr/local/etc/rc.d/zerotier
/etc/rc.d/pfsync
/etc/rc.d/pflog
/etc/rc.d/pf
/etc/rc.d/ppp
/etc/rc.d/routing
/etc/rc.d/ipfw
/etc/rc.d/netwait
/etc/rc.d/resolv

[1]: https://freshports.org/net/zerotier
[2]: https://reviews.freebsd.org/D18533
[3]: https://www.freebsd.org/cgi/man.cgi?query=if_tap

A+
Dave