From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [Patch RFC 01/15] Remove ipsec interface creation from network startup Date: Wed, 24 May 2023 09:59:42 +0100 Message-ID: <56E4412A-E930-4BB1-A5D8-2182B59F9181@ipfire.org> In-Reply-To: <20230523172314.7826-2-jonatan.schlag@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5613458723520974975==" List-Id: --===============5613458723520974975== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, I disagree with this patch. I generally would like the IPsec interfaces to be around all the time wheneve= r that is possible. Your patch changes that so that the interfaces only become available when RED= connects. That might be late, or might never happen. Other software expecting those interfaces being available might have a proble= m then. What is the saving here? Calling one extra script? -Michael > On 23 May 2023, at 18:23, Jonatan Schlag wrot= e: >=20 > This is called several times in the boot process. It also depends on > connectivity to the internet. So there is no point in calling it here > when we do not know if we even have an internet connection. >=20 > It is called in the ipsecctrl programm which is called in > the start and shutdown process of red ( > /etc/init.d/networking/red.down/10-ipsec and > /etc/init.d/networking/red.up/50-ipsec). >=20 > Signed-off-by: Jonatan Schlag > --- > src/initscripts/system/network | 3 --- > 1 file changed, 3 deletions(-) >=20 > diff --git a/src/initscripts/system/network b/src/initscripts/system/network > index 9ef3fb0d8..7e457edfa 100644 > --- a/src/initscripts/system/network > +++ b/src/initscripts/system/network > @@ -70,9 +70,6 @@ case "${DO}" in > fi > fi >=20 > - # Create IPsec interfaces > - /usr/local/bin/ipsec-interfaces > - > /etc/rc.d/init.d/static-routes start >=20 > boot_mesg "Mounting network file systems..." > --=20 > 2.30.2 >=20 --===============5613458723520974975==--