misc/56272: Support for ipf -T at boot time

To: misc-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: misc/56272: Support for ipf -T at boot time
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Wed, 23 Jun 2021 17:50:00 +0000 (UTC)

>Number:         56272
>Category:       misc
>Synopsis:       No support for ipf -T at boot time
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 23 17:50:00 +0000 2021
>Originator:     Mouse
>Release:        NetBSD 9.1 (also 5.2, probably everything in between)
>Organization:
	Dis-
>Environment:
System: NetBSD CREDIL91.MAQSonar.com 9.1 NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020 mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
	There seems to be no way to arrange for ipf -T tunable settings
	at boot time.  Since some of them are not settable unless ipf
	is disabled, it is not enough to run ipf -T from /etc/rc.local
	or the like.

	Yes, I know ipf is not well thought of in some circles.  It's
	still present in 9.1, though.
>How-To-Repeat:
	Try to set ipf -T tunables at boot time.  Note the lack of a
	mechanism to do so before ipf is turned on by rc.d/ipfilter.
>Fix:
	Here's what I'm using.  This is from my mutant 5.2 source tree,
	but diffing my 5.2 /etc/rc.d/ipfilter against the 9.1 one, I
	see only version numbers, the REQUIRE line, one all-blank line,
	and now this, so it should work.  It looks for /etc/ipf.tune,
	each line of which is used as an ipf -T command line (except
	for comments and empty lines).

	I'm hardly wedded to this mechanism.  It just was the first
	thing that came to mind.  "It works for me."

	commit 819714fe6c6323d492f8812ab8d12d6882e675d7
	Author: Mouse <mouse%Rodents-Montreal.ORG@localhost>
	Date:   Wed Jun 23 13:09:01 2021 -0400
	
	    Add support for /etc/ipf.tune, to do ipf -T tuning at boot time.
	
	diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
	index d0daabd..80360bd 100644
	--- a/etc/rc.d/ipfilter
	+++ b/etc/rc.d/ipfilter
	@@ -30,6 +30,16 @@ ipfilter_prestart()
	 		stop_boot
	 		return 1
	 	fi
	+	if [ -f /etc/ipf.tune ]; then
	+		while read line
	+		do
	+			case "$line" in
	+				"")	;;
	+				"#"*)	;;
	+				*)	/sbin/ipf -T $line ;;
	+			esac
	+		done < /etc/ipf.tune
	+	fi
	 	return 0
	 }
	 

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Prev by Date: Re: bin/56129 (ftp(1) should keep control session duringlargexfer)
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: Re: bin/56129 (ftp(1) should keep control session duringlargexfer)
Next by Thread: Re: port-amd64/56267 (wscons can be wedged)
Indexes:

Home | Main Index | Thread Index | Old Index