From owner-freebsd-arch@FreeBSD.ORG Tue Nov 12 04:48:17 2013 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EA609F85; Tue, 12 Nov 2013 04:48:17 +0000 (UTC) Received: from mail.allbsd.org (gatekeeper.allbsd.org [IPv6:2001:2f0:104:e001::32]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9A49D3E70; Tue, 12 Nov 2013 04:48:13 +0000 (UTC) Received: from alph.d.allbsd.org (p4181-ipbf1307funabasi.chiba.ocn.ne.jp [123.225.173.181]) (authenticated bits=128) by mail.allbsd.org (8.14.5/8.14.5) with ESMTP id rAC4lr8L062173 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 Nov 2013 13:48:04 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.d.allbsd.org (8.14.7/8.14.5) with ESMTP id rAC4lpo8042403; Tue, 12 Nov 2013 13:47:52 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Tue, 12 Nov 2013 13:47:42 +0900 (JST) Message-Id: <20131112.134742.1669584178551946391.hrs@allbsd.org> To: jhb@FreeBSD.org Subject: Re: service netif restart [iface] runs a wpa_supplicant twice From: Hiroki Sato In-Reply-To: <201311051154.18872.jhb@freebsd.org> References: <1383419596.3253.42.camel@eva02.mbsd> <201311051154.18872.jhb@freebsd.org> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.5 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart(Tue_Nov_12_13_47_42_2013_488)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.97.4 at gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (mail.allbsd.org [133.31.130.32]); Tue, 12 Nov 2013 13:48:04 +0900 (JST) X-Spam-Status: No, score=-98.8 required=13.0 tests=CONTENT_TYPE_PRESENT, QENCPTR1,SPF_SOFTFAIL,USER_IN_WHITELIST,X_CHINESE_RELAY autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on gatekeeper.allbsd.org Cc: clutton@zoho.com, adrian@FreeBSD.org, freebsd-wireless@FreeBSD.org, freebsd-arch@FreeBSD.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Nov 2013 04:48:18 -0000 ----Security_Multipart(Tue_Nov_12_13_47_42_2013_488)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit John Baldwin wrote in <201311051154.18872.jhb@freebsd.org>: jh> I also tested vlans created via vlans_ and they should use the same fix as jh> well. Note that this model is more consistent with how cloned_interfaces jh> works where ifn_start is not explicitly run when each interface is created. jh> Instead, we rely on devd kicking off pccard_ether for those as well. No, for cloned_interfaces, the ifn_start will be kicked even when devd is unavailable because rc.d/netif calls clone_up() and then ifn_start() sequentially. Since an IFNET ATTACH event is generated upon clone_up(), so actually the ifn_start() runs twice on every boot time (or rc.d/netif restart ifn). Since childif_*() is invoked at the end of ifn_*(), configuration of the child interfaces does not happen. This is the reason why there was ifn_start() in childif_create(). It is not efficient and it is reasonable to leave ifn_start() to devd if available, but it is difficult to detect it correctly because the IFNET ATTACH handler may be disabled in devd.conf. "pgrep devd" is not reliable enough. As pointed out, this duplication can be a problem when configuration is performed by a program because multiple instances of the program are invoked. In the other cases, there is no problem because ifn_start() is idempotent, though. As a workaround, dhclient is not invoked from ifconfig_up() like this: 222 if wpaif $1; then 223 /etc/rc.d/wpa_supplicant start $1 224 _cfg=0 # XXX: not sure this should count 225 elif hostapif $1; then 226 /etc/rc.d/hostapd start $1 227 _cfg=0 228 fi 229 230 if dhcpif $1; then 231 if [ $_cfg -ne 0 ] ; then 232 ${IFCONFIG_CMD} $1 up 233 fi 234 if syncdhcpif $1; then 235 /etc/rc.d/dhclient start $1 236 fi 237 _cfg=0 238 fi ifconfig_IF="DHCP" means to leave invoking dhclient to devd, and ifconfig_IF="SYNCDHCP" means rc.d/netif calls dhclient directly. I think similar workaround can be implemented for WPA and HOSTAP and solve the originally-reported problem. For inconsistency childif_*(), what do you think about integrating vlans_IF and wlans_IF into cloned_interfaces and removing the childif_*() stage in ifn_*()? We can keep vlans_IF and wlans_IF as well as introduce a new syntax into cloned_interfaces like cloned_interfaces="em0.100 em0.110 em0.myvlan ath0.wlan0" which is equivalent to vlans_em0="100 110 myvlan" wlans_ath0="wlan0" The rc.d/netif does clone_up() for the child interfaces first and then does ifn_start() for them, so # service netif restart wlan0 works as expected (tear down, recreate, and reconfigure the interface). Of course, this does not solve the duplicate invocation of the netif script. To solve it, I think we need a knob to disable IFNET events in a per-interface basis temporarily. -- Hiroki ----Security_Multipart(Tue_Nov_12_13_47_42_2013_488)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (FreeBSD) iEYEABECAAYFAlKBsu4ACgkQTyzT2CeTzy37MQCgpHsiUmxgrWJT9xbljklDRJPR r0wAnRdU90LfIZn7mgQFEwvNB42WZMGs =LYHy -----END PGP SIGNATURE----- ----Security_Multipart(Tue_Nov_12_13_47_42_2013_488)----