tech-userlevel: /etc/rc.d/ scripts that depend on multiple rc configs

Subject: /etc/rc.d/ scripts that depend on multiple rc configs
To: None <tech-userlevel@netbsd.org>
From: Nino Dehne <TeCeEm@gmx.de>
List: tech-userlevel
Date: 10/01/2003 19:14:37

Hi,

today I investigated in an issue that has bothered me for some time now. 
I'm using both ipfilter and ipnat. My /etc/rc.conf contains nothing 
besides rc_configured=YES and hostname="[...]". All my rc configs live 
separately in /etc/rc.conf.d/.

The problem I was having (until now I hope) is the following:

At startup ipfilter rules would get loaded normally. However, when it 
was ipnat's turn to be configured, it would not detect that ipfilter was 
enabled per rc config. It then proceeded to try to activate ipfilter 
when it already was active (minor annoyance). Additionally, it would 
flush the previously loaded ipfilter rules (big annoyance with 
default-block ipf). This is because of the following lines in 
/etc/rc.d/ipnat:

    if ! checkyesno ipfilter || [ ! -f /etc/ipf.conf ]; then
       echo "Enabling ipfilter for NAT."
       /sbin/ipf -E -Fa
    fi

The problem as I see it: load_rc_config() at the end of /etc/rc.d/ipnat 
only loads /etc/rc.conf plus the relevant config out of /etc/rc.conf.d/ 
for _that script only_. Since I keep all my configs modular neither 
/etc/rc.conf nor /etc/rc.conf.d/ipnat set $ipfilter.

I worked around the problem by using one of 2 ways:

1. Modify /etc/rc.conf.d/ipnat to also contain ipfilter="YES"
2. Change the relevant check in /etc/rc.d/ipnat to:

    load_rc_config ipfilter
    if ! checkyesno ipfilter || [ ! -f /etc/ipf.conf ]; then
       echo "Enabling ipfilter for NAT."
       /sbin/ipf -E -Fa
    fi

I chose step 1 to be independant from modifying essential startup 
scripts. I haven't rebooted since then. All of the above I gathered from 
reading through rc scripts, i.e. it's not tested.

I'm not sure (as usual) what a general solution would be. It's clearly 
not desirable to load the whole /etc/rc.conf.d/* at each iteration of 
load_rc_config (or is it? It would adjust the functionality of 
/etc/rc.conf.d/ to that of /etc/rc.conf). Modifying each check of a 
"foreign" rc variable in all applicable rc scripts to include a 
load_rc_config $foreign also seems hackish.

Comments?