From be0cdeb6900afcf576829cc65bfac348ee0943f6 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 22 Oct 2018 08:48:14 +0000
Subject: [PATCH] rc: improvements in FreeBSD startup scripting; closes #2569

* Use rcorder to correctly order the startup sequence, which
  will avoid further workarounds in plugins.
* Defer the execution of /etc/rc.d/ipfw due to bug #2569,
  while also removing the previous non-functional workaround.
---
 src/etc/inc/system.inc |  6 +-----
 src/etc/rc.freebsd     | 21 ++++++++++++++++++---
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index 594525092..dd1d594c3 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -987,6 +987,7 @@ function system_kernel_configure($verbose = false)
         log_error(sprintf('Loading %s cryptographic accelerator module.', $config['system']['crypto_hardware']));
         $mods[] = $config['system']['crypto_hardware'];
     }
+
     if (!empty($config['system']['cryptodev_enable'])) {
         log_error('Loading cryptodev kernel module.');
         $mods[] = 'cryptodev';
@@ -997,11 +998,6 @@ function system_kernel_configure($verbose = false)
         $mods[] = $config['system']['thermal_hardware'];
     }
 
-    if ((new \OPNsense\TrafficShaper\TrafficShaper())->isEnabled() || (new \OPNsense\CaptivePortal\CaptivePortal())->isEnabled()) {
-        $mods[] = "ipfw";
-        $mods[] = "dummynet";
-    }
-
     foreach ($mods as $mod) {
         mwexecf('/sbin/kldload %s', $mod, true);
     }
diff --git a/src/etc/rc.freebsd b/src/etc/rc.freebsd
index 935627721..cc64fb64b 100755
--- a/src/etc/rc.freebsd
+++ b/src/etc/rc.freebsd
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Copyright (c) 2015-2017 Ad Schellevis <ad@opnsense.org>
-# Copyright (c) 2015-2017 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2015-2018 Franco Fichtner <franco@opnsense.org>
 #
 # Redistribution and use in source and binary forms, with or without
 # modification, are permitted provided that the following conditions
@@ -26,6 +26,8 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 
+RCORDER="rcorder -s nostart -s firstboot"
+
 # check which services to enable
 if [ -f /etc/rc.conf ]; then
 	. /etc/rc.conf
@@ -66,7 +68,20 @@ rc_enabled()
 	return 0
 }
 
-rc_filenames="$(ls /etc/rc.d/[a-z]* /usr/local/etc/rc.d/[a-z]* 2> /dev/null || true)"
+rc_filenames="$(${RCORDER} /etc/rc.d/[a-z]* /usr/local/etc/rc.d/[a-z]* 2> /dev/null)"
+rc_filenames_defer="
+/etc/rc.d/ipfw
+"
+
+for rc_filename in ${rc_filenames_defer}; do
+	# exclude deferred scripts from first pass, appended last instead
+	rc_filenames=$(echo "${rc_filenames}" | grep -v "^${rc_filename}$")
+done
+
+if [ -z "${1}" ]; then
+	echo "Error: no action argument given"
+	exit 1
+fi
 
 # run our bootstrap command on startup
 if [ "${1}" == "start" ]; then
@@ -84,7 +99,7 @@ if [ "${1}" == "start" ]; then
 fi
 
 # pass all commands to script now
-for rc_filename in ${rc_filenames}; do
+for rc_filename in ${rc_filenames} ${rc_filenames_defer}; do
 	eval "$(grep "^name[[:blank:]]*=" ${rc_filename})"
 
 	if ! rc_enabled ${rc_filename} ${name}; then