rc: Teach netwait to wait for DAD
ClosedPublic
Actions

Authored by des on Aug 13 2025, 11:21 PM.

Details

Reviewers

Commits

rGdf70662f4704: rc: Teach netwait to wait for DAD
rGb8d62b94b994: rc: Teach netwait to wait for DAD
rG5ead817c3b7a: rc: Teach netwait to wait for DAD

Summary

In some configurations, especially in jails, it is possible for the
system to boot so fast that we end up launching daemons while duplicate
address detection is still ongoing. If that happens, said daemons may
fail to bind to IPv6 addresses, as they are still tentative. Teach the
netwait service to wait (up to 10 seconds, by default) for the tentative
flag to vanish.

MFC after: 1 week

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

des created this revision.Aug 13 2025, 11:21 PM

Herald added subscribers: ziaee, imp. · View Herald TranscriptAug 13 2025, 11:21 PM

des requested review of this revision.Aug 13 2025, 11:21 PM

Harbormaster completed remote builds in B66216: Diff 160311.Aug 13 2025, 11:21 PM

kevans added a subscriber: kevans.Aug 15 2025, 4:18 AM

kevans added inline comments.

libexec/rc/rc.d/netwait
114	Pre-existing isssue, but that seems a bit misleading? You're likely in the inner loop, in which case we'll just progress to the next $netwait_ip. It's not clear to me if the described behavior or the implemented behavior make more sense, but I guess if nobody has complained it's fine as-is.

des marked an inline comment as done.Aug 17 2025, 10:39 AM

des added inline comments.

libexec/rc/rc.d/netwait
114	yeah I can't think of a way to make it reliably dwim, except maybe rewrite in lua

olce requested changes to this revision.Sep 5 2025, 1:19 PM

olce added a reviewer: olce.

olce added a subscriber: olce.

olce added inline comments.

libexec/rc/rc.d/netwait
76
114	We could add `trap "break 2" SIGINT` before the inner loop (would work in most cases), but this doesn't solve the race that the `trap` is established slightly before (and still in force slightly after) the loop where the command should exclusively be applicable. What about just dropping all `trap break SIGINT` in the whole function, and instead use a `trap <code> SIGINT` where `<code>` possibly prints a warning message (like at this function's end; this part may as well be factored out into a separate function) and finishes with `return`. If more granularity is needed (only cancelling part of the process when hitting ^C), then just split netwait_start() into as many functions that use the technique just described.
share/man/man5/rc.conf.5
4566–4567	Helpful to introduce an acronym that is used later.

Can you clarify the scenario where this is needed? We're already sleeping for ${SYSCTL_N} net.inet6.ip6.dad_count as part of bringing up interfaces in netif_common.

In D51889#1205894, @cperciva wrote:

Can you clarify the scenario where this is needed? We're already sleeping for ${SYSCTL_N} net.inet6.ip6.dad_count as part of bringing up interfaces in netif_common.

netif_common is not used to configure jail addresses. They are configured by jail(8) when the jail starts up.

More bugs.

libexec/rc/rc.d/netwait
61	Your changes also make that line wrong which, coupled with the other problem below, explains why you didn't see any failure on testing for regular cases.