net.eth0 does not provide 'net'. Any attempts to make it provide net run up against some code which is apparently intended to kludge around errors during shutdown, but it happens before the dependancies are loaded. As such, things that depend on net can start before the network is actually started, and things that must happen first might not.
you really need to provide information here on what the bug is and how you're experiencing it ... what you've provided so far isnt really clear
Depending upon what services I have starting in runlevel default, (but not in an apparently deterministic fashion), iptables will start either before or after net; it's supposed to start before net. I have syslog configured to listen to a port so that it can receive syslog data from my other hosts; as such, it requires net. It also may start before or after net. If it starts before net, it will fail to start. So far, I have not had other services which depend upon net attempt to start before net. I suspect that's due to luck. If I add 'provide net' to /etc/init.d/net.eth0, depscan.sh reports, "cannot add provide 'net', as a service with that same name exists!". In /lib/rcscripts/awk/gendepends.awk, lines 408-411, net is added if it's not provided. This appears to be to make shutdown quieter; if I comment this out, and 'provide net' in net.eth0, it works fine, except that shutdown complains bitterly. Given this is in an END block, I'm not certain why this is happening before net is provided by net.eth0.
I think I understand what's going on, after looking at this code a bit more - it doesn't catch the new service before that check, because that service was added in this run level, and it doesn't actually add the new services until right after that code. I should be able to produce a patch tomorrow evening.
Created attachment 44611 [details, diff] Changes to /lib/rcscripts/awk/gendepends.awk Check for 'net', and add it if it doesn't exist, *AFTER* running through all the service provides, rather than before.
Comment on attachment 44611 [details, diff] Changes to /lib/rcscripts/awk/gendepends.awk This patch does not provide reliable results after more testing. Also, more testing has shown that syslog-ng can at least occasionally start successfully before net, so my primary motivation fixing this situation is iptables and net.
Created attachment 45042 [details, diff] Patches to dependancy scanning awk scripts 'Before' seems to have difficulty. I'm not sure what the issue is. However, I realized that fixing it wasn't worth my time - before does not provide the functionality that I feel iptables needs; it has no effect on shutdown order, as far as I can determine. As such, the following patch adds the 'needsme' directive. This indicates that another service, much to its surprise, is dependent upon the service calling needsme. Thus, if iptables indicates that net.eth[0-9]* needs it, it will start before any of them start, and they will shut down before it, unless the iptables shutdown is accomplished by pause. If iptables isn't installed, or isn't started at that runlevel, there shouldn't be a dependency error. This also eliminates a needless parsing of /sbin/functions.sh when converting the dependencies from .ebuild to awk-comprehendible.
*** Bug 68198 has been marked as a duplicate of this bug. ***
*** Bug 84783 has been marked as a duplicate of this bug. ***
Is there any progress on this? I'm not particularly happy that iptables just started after net.eth?. This is a security concern and should be dealt with as such.
This is still a problem with sys-apps/baselayout-1.11.13, and I do agree it is a security problem and should be dealt with as such.
As a temporary workaround, you could add iptables/ip6tables to boot instead of default. So it will be started before network... Work for me, but it's only a workaround, starting iptables at boot runlevel cannot be satisfactory.
This has been opened over 2 years now, and without any comment in almost a year. Any progress on this at all?
It is fixed in baselayout-1.12.x.
And it's really fixed in baselayout-1.13.0_alpha7
