From owner-freebsd-net@FreeBSD.ORG  Fri Jul 27 02:41:08 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3A33616A417;
	Fri, 27 Jul 2007 02:41:08 +0000 (UTC)
	(envelope-from kris@obsecurity.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.freebsd.org (Postfix) with ESMTP id 25ACE13C459;
	Fri, 27 Jul 2007 02:41:08 +0000 (UTC)
	(envelope-from kris@obsecurity.org)
Received: from rot26.obsecurity.org (elvis.mu.org [192.203.228.196])
	by elvis.mu.org (Postfix) with ESMTP id 440EB1A3C1A;
	Thu, 26 Jul 2007 19:41:05 -0700 (PDT)
Received: by rot26.obsecurity.org (Postfix, from userid 1001)
	id E5DDABBB1; Thu, 26 Jul 2007 22:41:07 -0400 (EDT)
Date: Thu, 26 Jul 2007 22:41:07 -0400
From: Kris Kennaway <kris@obsecurity.org>
To: Julian Elischer <julian@elischer.org>
Message-ID: <20070727024107.GA69300@rot26.obsecurity.org>
References: <20070717131518.G1177@fledge.watson.org>
	<200707172342.39082.max@love2party.net>
	<20070720111539.U1096@fledge.watson.org>
	<46A100C2.1030606@elischer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <46A100C2.1030606@elischer.org>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-net@freebsd.org, freebsd-arch@freebsd.org,
	freebsd-current@freebsd.org, Robert Watson <rwatson@FreeBSD.org>,
	freebsd-pf@freebsd.org, Max Laier <max@love2party.net>
Subject: Re: Attention pf/ipfw users with uid/gid/jail rules (Re: Reminder:
	NET_NEEDS_GIANT, debug.mpsafenet going away in 7.0)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jul 2007 02:41:08 -0000

On Fri, Jul 20, 2007 at 11:36:50AM -0700, Julian Elischer wrote:
> Robert Watson wrote:
> >
> >On Tue, 17 Jul 2007, Max Laier wrote:
> >
> >So far I have had 0 (zero) reports of problems since this thread began. 
> >Could people using uid/gid/jail rules with ipfw or pf on 7.x *please* 
> >try running their firewalls without debug.mpsafenet -- ignore the 
> >witness warnings and/or disable witness, and let us know if you 
> >experience deadlocks.  We're reaching the very end of the merge cycle 
> >for 7.0, and I would really like to remove the Giant crutches (now 
> >effectively unused) from the network stack so it's not part of the 
> >ABI/API, the code is simplified and cleaned up, etc.
> >
> 
> does "problem" include a LOR message, or only a deadlock?
> I've seen plenty of the first, but not the second.

Various users have reported definite deadlocks relating to uid/gid
firewall rules in the past.

Kris