From owner-freebsd-rc@FreeBSD.ORG  Sat Oct 27 21:30:01 2012
Return-Path: <owner-freebsd-rc@FreeBSD.ORG>
Delivered-To: freebsd-rc@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id A5254E5
 for <freebsd-rc@hub.freebsd.org>; Sat, 27 Oct 2012 21:30:01 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (unknown [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id 898F18FC16
 for <freebsd-rc@hub.freebsd.org>; Sat, 27 Oct 2012 21:30:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q9RLU1w0085931
 for <freebsd-rc@freefall.freebsd.org>; Sat, 27 Oct 2012 21:30:01 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q9RLU1C8085928;
 Sat, 27 Oct 2012 21:30:01 GMT (envelope-from gnats)
Date: Sat, 27 Oct 2012 21:30:01 GMT
Message-Id: <201210272130.q9RLU1C8085928@freefall.freebsd.org>
To: freebsd-rc@FreeBSD.org
Cc: 
From: Chris Rees <utisoft@gmail.com>
Subject: Re: conf/167566
X-BeenThere: freebsd-rc@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Chris Rees <utisoft@gmail.com>
List-Id: "Discussion related to /etc/rc.d design and implementation."
 <freebsd-rc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-rc>,
 <mailto:freebsd-rc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-rc>
List-Post: <mailto:freebsd-rc@freebsd.org>
List-Help: <mailto:freebsd-rc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-rc>,
 <mailto:freebsd-rc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Oct 2012 21:30:01 -0000

The following reply was made to PR conf/167566; it has been noted by GNATS.

From: Chris Rees <utisoft@gmail.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: conf/167566
Date: Sat, 27 Oct 2012 22:29:03 +0100

 >  Which module do you refer in "...the module is loaded, ...",
 >  ipfw_nat.ko or ipdivert.ko?
 >
 >  In my understanding the problem occurs only when ipfw attempts to
 >  load firewall rules including a "divert" directive and ipdivert.ko is
 >  not loaded at that time.  natd(8) also requires ipdivert.ko, but
 >  rc.d/natd already has required_modules="ipdivert".
 >  firewall_nat_enable is a knob for in-kernel NAT (this requires
 >  ipfw_nat.ko), so more orthogonal way would be like the following
 >  patch:
 >
 >  http://people.allbsd.org/~hrs/FreeBSD/ipfw.20121028-1.diff
 >
 >  It is still unclear to me what is harmful with "checkyesno
 >  natd_enable" here.  Can you elaborate it a little more?
 
 Check rcorder:
 
 [crees@pegasus]~% rcorder /etc/rc.d/* | grep -E 'natd|ipfw'
 /etc/rc.d/ipfw
 /etc/rc.d/natd
 
 That means that natd doesn't run until after ipfw.  This means that on
 boot, when ipfw runs, neither ipfw_nat nor ipdivert are installed,
 *regardless of the state of natd_enable*.
 
 Therefore, checkyesno natd_enable does not guarantee that either
 ipfw_nat or ipdivert is loaded *at the time rc.d/ipfw is run*.
 
 Chris