From owner-freebsd-current@FreeBSD.ORG  Wed Jun  6 15:13:24 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 01C0916A400;
	Wed,  6 Jun 2007 15:13:24 +0000 (UTC)
	(envelope-from tillman@seekingfire.com)
Received: from mail.seekingfire.com (thoth.seekingfire.com [24.89.83.9])
	by mx1.freebsd.org (Postfix) with ESMTP id 95F7F13C4DE;
	Wed,  6 Jun 2007 15:13:23 +0000 (UTC)
	(envelope-from tillman@seekingfire.com)
Received: by mail.seekingfire.com (Postfix, from userid 500)
	id E26443982C; Wed,  6 Jun 2007 08:48:35 -0600 (CST)
Date: Wed, 6 Jun 2007 08:48:35 -0600
From: Tillman Hodgson <tillman@seekingfire.com>
To: Max Laier <max@love2party.net>
Message-ID: <20070606144835.GI47770@seekingfire.com>
References: <20070417153357.GA1335@seekingfire.com>
	<200704182213.50663.max@love2party.net>
	<20070418214855.GQ1225@seekingfire.com>
	<200706061629.21923.max@love2party.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200706061629.21923.max@love2party.net>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
X-GPG-Key-ID: 828AFC7B
X-GPG-Fingerprint: 5584 14BA C9EB 1524 0E68  F543 0F0A 7FBC 828A FC7B
X-GPG-Key: http://www.seekingfire.com/personal/gpg_key.asc
X-Urban-Legend: There is lots of hidden information in headers
X-Tillman-rules: yes he does
User-Agent: Mutt/1.5.15 (2007-04-06)
Cc: Tai-hwa Liang <avatar@mmlab.cse.yzu.edu.tw>, freebsd-current@freebsd.org,
	freebsd-pf@freebsd.org
Subject: Re: USER/GROUP rules on the chopping Block [ Re: Panic on boot
	with April 16 src (lengthy info attached) ]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2007 15:13:24 -0000

On Wed, Jun 06, 2007 at 04:29:12PM +0200, Max Laier wrote:
> After several attempts to fix user/group rules which ended like the most 
> recent one - cited below - with *ZERO* feedback, I won't waste anymore 
> effort.  Either somebody steps up, does proper testing and reports back, 
> or user/group rules go!  End of story!
> 
> This is not personal against Tillman - he just happend to be the most 
> recent one to hit the problem.
> 
> On Wednesday 18 April 2007, Tillman Hodgson wrote:
> > On Wed, Apr 18, 2007 at 10:13:42PM +0200, Max Laier wrote:
> > > On Wednesday 18 April 2007 21:28, Tillman Hodgson wrote:
> > > > Oh, interesting! I'm rebuilding right now with that option :-)
> > > > I'll report back in a few days how it goes.
> > >
> > > Actually, could you test this?  It should enable the hack on the fly
> > > as a user/group rule is added.  See "sysctl debug.pfugidhack" or
> > > "pfctl -x misc" to confirm it's on.
> >
> > Sure, I've restarted the build with this patch.
> 
> and again ... the thread ends here - zero feedback received :-(  Does 
> anyone care about user/group rules at all?  If so - speak up now or I'll 
> just disable them with the upcoming update!!!


I think you might have missed some posts :-) I successfully built with
that patch and reported it:

  Date: Thu, 19 Apr 2007 08:50:57 -0600
  From: Tillman Hodgson <tillman@seekingfire.com>
  Subject: Re: Panic on boot with April 16 src (lengthy info attached)

I also reported a week later (after a series of network-heavy daily
backup jobs) that it's been stable for the week.

  Date: Thu, 26 Apr 2007 18:08:43 -0600
  From: Tillman Hodgson <tillman@seekingfire.com>
  Subject: Re: Panic on boot with April 16 src (lengthy info attached)

I didn't get a reply to either email and had (wrongly) assumed that it
had been dropped on your end. Perhaps we just crossed wires :-)

I'd be glad to forward those emails to you if you'd find them helpful.
There's not that much info in them though and I think the fact that I've
been running with the patch since then with no problems is probably more
important:

[root@athena ~]# uptime
 8:40AM  up 48 days, 28 secs, 10 users, load averages: 0.19, 0.15, 0.09

If there's any particular information you'd like (such as from pfctl,
sysctl, or whatever) let me know. It's stable, and PF is working well
for me, so it seems good with my workload.

-T


-- 
"The important thing is not to stop questioning. Curiosity has its own
 reason for existing."
    -- Albert Einstein