Date: Wed, 26 Apr 2006 03:58:00 GMT From: Mike Oliver <michael@gargantuan.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/96343: patch - rc.d order change to start inet6 before pf Message-ID: <200604260358.k3Q3w07J093769@www.freebsd.org> Resent-Message-ID: <200604260400.k3Q40TJV005773@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 96343 >Category: misc >Synopsis: patch - rc.d order change to start inet6 before pf >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Apr 26 04:00:29 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Mike Oliver >Release: CURRENT >Organization: >Environment: FreeBSD gambit.gargantuan.com 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Wed Mar 15 12:56:49 EST 2006 mwoliver@gambit.gargantuan.com:/usr/obj/usr/src/sys/GAMBIT i386 >Description: For inet6, it looks like the link-local address isn't enough to satisfy pf so that it will load the rules, because I saw the same "rule expands to no valid combination" error when testing this config before having a non-link-local addr assigned to re0. It looks like pf is being started after the inet config, but before the inet6 config, and since there are no non-link-local addrs assigned yet, pf is failing to load the pf.conf rules. The attached patch to change the ordering of /etc/rc.d fixes the problem completely in my case, though I don't have a facility to test any regression to isdn or ppp. >How-To-Repeat: put these rules in /etc/pf.conf and reboot with current rc.d ordering -- the rules will NOT be loaded. antispoof quick for $int_if inet antispoof quick for $int_if inet6 antispoof quick for $ext_if inet antispoof quick for $ext_if inet6 >Fix: diff -ruN /etc/rc.d.orig/NETWORKING /etc/rc.d/NETWORKING --- /etc/rc.d.orig/NETWORKING Tue Jan 10 12:51:47 2006 +++ /etc/rc.d/NETWORKING Mon Apr 24 13:44:25 2006 @@ -5,7 +5,7 @@ # # PROVIDE: NETWORKING NETWORK -# REQUIRE: netif routing network_ipv6 isdnd ppp +# REQUIRE: netif network_ipv6 routing isdnd ppp # REQUIRE: routed mrouted route6d mroute6d # This is a dummy dependency, for services which require networking diff -ruN /etc/rc.d.orig/atm2 /etc/rc.d/atm2 --- /etc/rc.d.orig/atm2 Tue Jan 10 12:51:47 2006 +++ /etc/rc.d/atm2 Mon Apr 24 14:17:05 2006 @@ -28,7 +28,7 @@ # # PROVIDE: atm2 -# REQUIRE: atm1 netif +# REQUIRE: atm1 netif ip6addrctl # BEFORE: routing # KEYWORD: nojail diff -ruN /etc/rc.d.orig/ip6fw /etc/rc.d/ip6fw --- /etc/rc.d.orig/ip6fw Tue Jan 10 12:51:48 2006 +++ /etc/rc.d/ip6fw Mon Apr 24 14:14:09 2006 @@ -4,8 +4,8 @@ # # PROVIDE: ip6fw -# REQUIRE: routing -# BEFORE: network_ipv6 +# REQUIRE: network_ipv6 routing +# BEFORE: NETWORKING # KEYWORD: nojail . /etc/rc.subr diff -ruN /etc/rc.d.orig/mroute6d /etc/rc.d/mroute6d --- /etc/rc.d.orig/mroute6d Tue Jan 10 12:51:48 2006 +++ /etc/rc.d/mroute6d Mon Apr 24 14:05:19 2006 @@ -4,7 +4,7 @@ # # PROVIDE: mroute6d -# REQUIRE: network_ipv6 +# REQUIRE: network_ipv6 routing # KEYWORD: nojail . /etc/rc.subr diff -ruN /etc/rc.d.orig/network_ipv6 /etc/rc.d/network_ipv6 --- /etc/rc.d.orig/network_ipv6 Tue Jan 10 12:51:48 2006 +++ /etc/rc.d/network_ipv6 Mon Apr 24 13:41:07 2006 @@ -29,7 +29,7 @@ # # PROVIDE: network_ipv6 -# REQUIRE: routing +# REQUIRE: mountcritlocal # KEYWORD: nojail . /etc/rc.subr diff -ruN /etc/rc.d.orig/pf /etc/rc.d/pf --- /etc/rc.d.orig/pf Mon Apr 24 10:36:10 2006 +++ /etc/rc.d/pf Mon Apr 24 14:12:38 2006 @@ -4,7 +4,7 @@ # # PROVIDE: pf -# REQUIRE: root mountcritlocal netif pflog pfsync +# REQUIRE: root mountcritlocal netif network_ipv6 pflog pfsync # BEFORE: routing # KEYWORD: nojail diff -ruN /etc/rc.d.orig/pflog /etc/rc.d/pflog --- /etc/rc.d.orig/pflog Mon Apr 24 10:36:15 2006 +++ /etc/rc.d/pflog Mon Apr 24 14:12:28 2006 @@ -4,7 +4,7 @@ # # PROVIDE: pflog -# REQUIRE: root mountcritlocal netif cleanvar +# REQUIRE: root mountcritlocal netif network_ipv6 cleanvar # KEYWORD: nojail . /etc/rc.subr diff -ruN /etc/rc.d.orig/pfsync /etc/rc.d/pfsync --- /etc/rc.d.orig/pfsync Mon Apr 24 10:36:23 2006 +++ /etc/rc.d/pfsync Mon Apr 24 14:20:25 2006 @@ -4,7 +4,7 @@ # # PROVIDE: pfsync -# REQUIRE: root mountcritlocal netif +# REQUIRE: root mountcritlocal netif network_ipv6 # KEYWORD: nojail . /etc/rc.subr diff -ruN /etc/rc.d.orig/route6d /etc/rc.d/route6d --- /etc/rc.d.orig/route6d Tue Jan 10 12:51:49 2006 +++ /etc/rc.d/route6d Mon Apr 24 14:05:09 2006 @@ -5,7 +5,7 @@ # # PROVIDE: route6d -# REQUIRE: network_ipv6 +# REQUIRE: network_ipv6 routing # KEYWORD: nojail . /etc/rc.subr diff -ruN /etc/rc.d.orig/routing /etc/rc.d/routing --- /etc/rc.d.orig/routing Tue Jan 10 12:51:49 2006 +++ /etc/rc.d/routing Mon Apr 24 13:41:59 2006 @@ -6,7 +6,7 @@ # # PROVIDE: routing -# REQUIRE: netif ppp +# REQUIRE: netif network_ipv6 ppp # KEYWORD: nojail . /etc/rc.subr >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604260358.k3Q3w07J093769>