Re: racoon and bug 372665

["Milan P. Stanic" <mps@oss.co.yu>]

On Tue, Mar 06, 2007 at 11:02:35AM +0530, Ganesan Rajagopal wrote:
> >>>>> "Milan" == Milan P Stanic <mps@oss.co.yu> writes:
> Some daemons _need_ to be started from /etc/rcS.d (udev for
> example). Another good example is portmap for nfs. If you're mounting nfs
> volumes over IPsec then, racoon needs to start to setup the IPsec tunnel.

I don't think so (except maybe udev, but servers can happily work without
udev). What is the reason to start nfs from "one time initialization"
subsystem? Portmap and nfs can be started in runlevel 2 to 5.

What if someone mount nfs over ppp tunneled through ssh? Should we than
stard sshd from /etc/rcS.d/? What's with other VPN daemons like OpenVPN,
VPNC, TINC ...?

> > My mistake. I should say boot process. Sorry for inconvenience.
> 
> I understood that. I am still not clear why it would interfere with the boot
> process. 

I'll try to reproduce it under UML at the weekend.

> > That was with racoon patched to work under runit (or other supervisor
> > software like daemontools). When I reinstalled racoon from testing
> > it doesn't block booting process. But that gives mi a hint. If some
> > daemon process could not be started (for whatever reason) it should
> > not block the booting.
> 
> racoon should come up just fine even if it fails to negotiate any
> tunnels. Any way, the default policy does not even setup any tunnels.

As I said in previous post it was my mistake. racoon comes up fine.
The problem is in that if it is started from /etc/rcS.d/ when runit
tries to start racoon it fails because racoon is running already.

> Let me know if you're still stuck; I can try your patches in a test
> setup with runit when I find some time.

I'll post patch to ipsec-devel list (you are subscribed, IIRC) in a few
days (I want to test it a little) but if you want tell me and I will
send ti to you in private mail.