From 2ba1e4ec7f86dae67ab295ff58d3a82ca0a869ac Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 8 May 2020 09:36:09 +0200
Subject: [PATCH] rc: implement inline variables for skip and defer #4093

Future use cases are dhcp6c and unbound...
---
 src/etc/rc.freebsd                            | 54 +++++++++++--------
 .../service/templates/OPNsense/IPFW/rc.conf.d |  2 +-
 2 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/src/etc/rc.freebsd b/src/etc/rc.freebsd
index e7b6654ce..805654afb 100755
--- a/src/etc/rc.freebsd
+++ b/src/etc/rc.freebsd
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Copyright (c) 2015-2017 Ad Schellevis <ad@opnsense.org>
-# Copyright (c) 2015-2019 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2015-2020 Franco Fichtner <franco@opnsense.org>
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -43,6 +43,7 @@ rc_enabled()
 {
 	rc_filename=${1}
 	name=${2}
+	variable=${3}
 
 	# check if service has a name
 	if [ -z "${name}" ]; then
@@ -50,39 +51,50 @@ rc_enabled()
 		return 1
 	fi
 
-	# check if service has a variable
 	rcvar=
-	eval "$(grep "^rcvar[[:blank:]]*=" ${rc_filename})"
+
+	# check if service has a variable
+	if [ -z "${variable}" ]; then
+		eval "$(grep "^rcvar[[:blank:]]*=" ${rc_filename})"
+	else
+		rcvar="${name}_${variable}"
+	fi
+
 	if [ -z "${rcvar}" ]; then
 		# FreeBSD does this, leave here for debugging
 		#echo "Error: no rcvar set in $rc_filename"
 		return 1
 	fi
 
-	# check if service is enabled
+	# check if variable is enabled
 	eval "enabled=\$${rcvar}"
-	if [ "${enabled}" != "YES" ]; then
-		return 1
-	fi
 
-	return 0
+	case "${enabled}" in
+	[Yy][Ee][Ss])
+		return 0
+		;;
+	*)
+		return 1
+		;;
+	esac
 }
 
 rc_filenames="$(${RCORDER} /etc/rc.d/[a-z]* /usr/local/etc/rc.d/[a-z]* 2> /dev/null)"
-# XXX a better way would be ${name}_defer="YES" in rc.conf
-rc_filenames_defer="
-/etc/rc.d/ipfw
-/usr/local/etc/rc.d/captiveportal
-"
-# XXX a better way would be ${name}_skip="YES" in rc.conf
-rc_filenames_skip="
-/usr/local/etc/rc.d/dhcp6c
-/usr/local/etc/rc.d/syslog-ng
-"
+rc_filenames_defer=
+rc_filenames_skip=
 
-for rc_filename in ${rc_filenames_defer} ${rc_filenames_skip}; do
-	# exclude deferred scripts from first pass, appended last instead
-	rc_filenames=$(echo "${rc_filenames}" | grep -v "^${rc_filename}$")
+for rc_filename in ${rc_filenames}; do
+	eval "$(grep "^name[[:blank:]]*=" ${rc_filename})"
+
+	if rc_enabled ${rc_filename} ${name} defer; then
+		rc_filenames_defer="${rc_filenames_defer} ${rc_filename}"
+		rc_filenames=$(echo "${rc_filenames}" | grep -v "^${rc_filename}$")
+	fi
+
+	if rc_enabled ${rc_filename} ${name} skip; then
+		rc_filenames_skip="${rc_filenames_skip} ${rc_filename}"
+		rc_filenames=$(echo "${rc_filenames}" | grep -v "^${rc_filename}$")
+	fi
 done
 
 if [ -z "${1}" ]; then
diff --git a/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d b/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d
index 4187621a4..1e0be2bc0 100644
--- a/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d
+++ b/src/opnsense/service/templates/OPNsense/IPFW/rc.conf.d
@@ -18,6 +18,6 @@
 {%     endif %}
 {% endif %}
 dummynet_enable="YES"
-firewall_defer="YES"
 firewall_enable="{% if shapers or cp_zones %}YES{% else %}NO{% endif %}"
 firewall_script="/usr/local/etc/rc.ipfw"
+ipfw_defer="YES"