From owner-dev-commits-src-branches@freebsd.org  Fri Jul 16 06:42:03 2021
Return-Path: <owner-dev-commits-src-branches@freebsd.org>
Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id DC5C665C144;
 Fri, 16 Jul 2021 06:42:03 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4GR1qv5pcpz3Gvl;
 Fri, 16 Jul 2021 06:42:03 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:5])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AE4EA18AFF;
 Fri, 16 Jul 2021 06:42:03 +0000 (UTC) (envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
 by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 16G6g39E001209;
 Fri, 16 Jul 2021 06:42:03 GMT (envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
 by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 16G6g39O001208;
 Fri, 16 Jul 2021 06:42:03 GMT (envelope-from git)
Date: Fri, 16 Jul 2021 06:42:03 GMT
Message-Id: <202107160642.16G6g39O001208@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
 dev-commits-src-branches@FreeBSD.org
From: Eugene Grosbein <eugen@FreeBSD.org>
Subject: git: c403205e553e - stable/13 - ipfw: reload sysctl.conf variables if
 needed
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: eugen
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: c403205e553ee7402ab1adf6da4a8dbd722f8608
Auto-Submitted: auto-generated
X-BeenThere: dev-commits-src-branches@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Commits to the stable branches of the FreeBSD src repository
 <dev-commits-src-branches.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/dev-commits-src-branches/>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Help: <mailto:dev-commits-src-branches-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/dev-commits-src-branches>, 
 <mailto:dev-commits-src-branches-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2021 06:42:03 -0000

The branch stable/13 has been updated by eugen:

URL: https://cgit.FreeBSD.org/src/commit/?id=c403205e553ee7402ab1adf6da4a8dbd722f8608

commit c403205e553ee7402ab1adf6da4a8dbd722f8608
Author:     Eugene Grosbein <eugen@FreeBSD.org>
AuthorDate: 2021-05-17 21:03:15 +0000
Commit:     Eugene Grosbein <eugen@FreeBSD.org>
CommitDate: 2021-07-16 06:40:39 +0000

    ipfw: reload sysctl.conf variables if needed
    
    Currently ipfw has multiple components that are not parts
    of GENERIC kernel like dummynet etc. They can bring in important
    sysctls if enabled with rc.conf(5) and loaded with ipfw startup script
    by means of "required_modules" after initial consult
    with /etc/sysctl.conf at boot time. Here is an example of one
    increasing limit for dummynet hold queues that defaults to 100:
    
    net.inet.ip.dummynet.pipe_slot_limit=1000
    
    This makes it possible to use ipfw/dummynet rules such as:
    
    ipfw pipe 1 config bw 50Mbit/s queue 1000
    
    Such rule is rejected unless above sysctl is applied.
    Another example is a group of net.inet.ip.alias.* sysctls
    created after libalias.ko loaded as dependency of ipfw_nat.
    
    This is not a problem if corresponding code compiled in custom kernel
    so sysctls exist when sysctl.conf is read early or kernel modules
    loaded with a loader. This change makes it work also for GENERIC
    and modules loaded by means of rc.conf(5) settings.
    
    (cherry picked from commit f5b5de1a3210234f3a6864c88a2d3e11ac2dbf04)
---
 libexec/rc/rc.d/ipfw | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/libexec/rc/rc.d/ipfw b/libexec/rc/rc.d/ipfw
index fd1c97671d70..22b65d2908cb 100755
--- a/libexec/rc/rc.d/ipfw
+++ b/libexec/rc/rc.d/ipfw
@@ -47,7 +47,7 @@ ipfw_prestart()
 
 ipfw_start()
 {
-	local   _firewall_type
+	local   _firewall_type _module _sysctl_reload
 
 	if [ -n "${1}" ]; then
 		_firewall_type=$1
@@ -55,6 +55,19 @@ ipfw_start()
 		_firewall_type=${firewall_type}
 	fi
 
+	_sysctl_reload=no
+	for _module in ${required_modules}
+	do
+		if kldstat -qn ${_module}; then
+			_sysctl_reload=yes
+			break
+		fi
+	done
+
+	if [ ${_sysctl_reload} = yes ]; then
+		/etc/rc.d/sysctl reload
+	fi
+
 	# set the firewall rules script if none was specified
 	[ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall