| Message ID | 20230523172314.7826-2-jonatan.schlag@ipfire.org |
|---|---|
| State | Changes Requested |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4QQh4S0cfgz3wlf for <patchwork@web04.haj.ipfire.org>; Tue, 23 May 2023 17:23:52 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4QQh4R0RbJzkG; Tue, 23 May 2023 17:23:51 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4QQh4Q72L9z2ysv; Tue, 23 May 2023 17:23:50 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4QQh4Q2CHKz2ySG for <development@lists.ipfire.org>; Tue, 23 May 2023 17:23:50 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4QQh4P6cYqz1dV; Tue, 23 May 2023 17:23:49 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1684862629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=75as6g0vB2ZxAH8acErRYeHiLa9b6WSHG374AjCT3Ks=; b=/DVw5hgqZ57ZqeG+VFmbtQtJVrI0p5/AGqxZg7xa39Lzt5ljFpJtV262J5cF4DOpBcYIFn cFThHSCmEN2qObCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1684862629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=75as6g0vB2ZxAH8acErRYeHiLa9b6WSHG374AjCT3Ks=; b=d77DEA7c/Vn0YHZZ3mHTocep1lCwAo/6kLHLJweXq6Kdd112kP2xJfzPpb9tbhUa2f80Z4 GfUUe19bzWn+tBzNY9h6aUbItvvHK8uMiYatqh3IY+iWJcJbhBQmSFgqNChghVEbCOkFRa lV14HShkH8mJf8/NwBcdMuu1TWarUcemF59C9HtIOHyV/7T5XwYzzrhc2uwtA6B317cxtP XBB/sTpeshWqpDeIgD+/IRBTcs1vpQtMfWa77wVomrnEY2H+XcEEG/3tYOpr6ywLUfweKF azYI8bvDQLXHTtySX6GwpWZiSLrDeJdo5k2yEJVMwuguWUKdfh9F2byv9kPW7w== From: Jonatan Schlag <jonatan.schlag@ipfire.org> To: development@lists.ipfire.org Subject: [Patch RFC 01/15] Remove ipsec interface creation from network startup Date: Tue, 23 May 2023 19:23:01 +0200 Message-Id: <20230523172314.7826-2-jonatan.schlag@ipfire.org> In-Reply-To: <20230523172314.7826-1-jonatan.schlag@ipfire.org> References: <20230523172314.7826-1-jonatan.schlag@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
[RFC,01/15] Remove ipsec interface creation from network startup
|
|
Commit Message
Jonatan Schlag
May 23, 2023, 5:23 p.m. UTC
This is called several times in the boot process. It also depends on
connectivity to the internet. So there is no point in calling it here
when we do not know if we even have an internet connection.
It is called in the ipsecctrl programm which is called in
the start and shutdown process of red (
/etc/init.d/networking/red.down/10-ipsec and
/etc/init.d/networking/red.up/50-ipsec).
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
---
src/initscripts/system/network | 3 ---
1 file changed, 3 deletions(-)
Comments
Hello, I disagree with this patch. I generally would like the IPsec interfaces to be around all the time whenever that is possible. Your patch changes that so that the interfaces only become available when RED connects. That might be late, or might never happen. Other software expecting those interfaces being available might have a problem then. What is the saving here? Calling one extra script? -Michael > On 23 May 2023, at 18:23, Jonatan Schlag <jonatan.schlag@ipfire.org> wrote: > > This is called several times in the boot process. It also depends on > connectivity to the internet. So there is no point in calling it here > when we do not know if we even have an internet connection. > > It is called in the ipsecctrl programm which is called in > the start and shutdown process of red ( > /etc/init.d/networking/red.down/10-ipsec and > /etc/init.d/networking/red.up/50-ipsec). > > Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> > --- > src/initscripts/system/network | 3 --- > 1 file changed, 3 deletions(-) > > diff --git a/src/initscripts/system/network b/src/initscripts/system/network > index 9ef3fb0d8..7e457edfa 100644 > --- a/src/initscripts/system/network > +++ b/src/initscripts/system/network > @@ -70,9 +70,6 @@ case "${DO}" in > fi > fi > > - # Create IPsec interfaces > - /usr/local/bin/ipsec-interfaces > - > /etc/rc.d/init.d/static-routes start > > boot_mesg "Mounting network file systems..." > -- > 2.30.2 >
diff --git a/src/initscripts/system/network b/src/initscripts/system/network index 9ef3fb0d8..7e457edfa 100644 --- a/src/initscripts/system/network +++ b/src/initscripts/system/network @@ -70,9 +70,6 @@ case "${DO}" in fi fi - # Create IPsec interfaces - /usr/local/bin/ipsec-interfaces - /etc/rc.d/init.d/static-routes start boot_mesg "Mounting network file systems..."