Slow startup from D19488 (rtsol: sendmsg: Permission denied)

From: Peter <>
Date: Tue, 29 Mar 2022 21:13:13 UTC

  after upgrading 12.3 to stable/13, I am seeing these
errors in all my jails:

> Additional TCP/IP options: log_in_vain=1.
> ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
     /usr/local/lib/c cmpat/pkg /usr/local/lib/compat/pkg
> 32-bit compatibility ldconfig path:
> rtsol: sendmsg on nrail1l: Permission denied
> rtsol: sendmsg on nrail1l: Permission denied
> rtsol: sendmsg on nrail1l: Permission denied
> Starting Network: lo0 nrail1l.

Searching the cause I find change  1b5be7204eaeeaf  aka  D19488

This doesn't work, because the firewall is not yet present. This is
happening in rc.d/netif, and that must run before rc.d/ipfw in any
case, because the firewall needs to see the netifs.

I cannot see why this is considered an improvement, as it only gives
3 seconds of delay for each jail, and error messages. 
Maybe I'm doing something wrong, but honestly, I don't get it.

Trying to read the differential:

> Looking at the logic I changed above we invoked rtsol only if rtsold
> was disabled and otherwise rtsold was started later and done it

Yes, in 12.3, rtsold was started later when the firewall is loaded and
it might work. Now rtsol is run earler when the firewall is NOT loaded
and therefore it can NOT work.

So far I do understand. What I don't understand: why this is good.

And from there onward the differential talks about dhcp - but dhcp is
only useful for prefix delegation, and most of my jails don't currently
get delegated prefixes. Furthermore, nodes that get delegated prefixes
will usually be routers, and with ipv6_gateway_enable=YES the error does
not appear, i.e. this code does not even seem to be run.

So I fail to imagine a usecase that this might be about.