Date: Mon, 29 Sep 2008 23:02:04 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: Fwd: Please test ipfw and pf uid/gid/jail rules Message-ID: <alpine.BSF.1.10.0809292301220.29569@fledge.watson.org> In-Reply-To: <200809292356.51500.max@love2party.net> References: <200809292356.51500.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Sep 2008, Max Laier wrote: > Please help testing. It's been confirmed to work for IPFW, let's make sure > pf is in good shape, too. Thanks. A casual glance at pf.c suggests that pf(4) doesn't suffer from the "look up the inpcb even though it's passed down if the socket pointer is NULL" bug that ipfw(4) did, but confirmation that things work properly would definitely be good. Thanks, Robert N M Watson Computer Laboratory University of Cambridge > > ---------- Forwarded Message ---------- > > Subject: Please test ipfw and pf uid/gid/jail rules > Date: Monday 29 September 2008 > From: Robert Watson <rwatson@freebsd.org> > To: current@freebsd.org > > > Dear all: > > Although it didn't show up in 8.x testing to date, it turned out there was a > serious stability regression in the ipfw uid/gid/jail rule implementation as a > result of moving to rwlocks for inpcbinfo and inpcb. I think I've corrected > the sources of the problem in 8.x and 7.x now, but it would be very helpful if > people who use ipfw and pf could do some extra testing of these rules with > invariants and witness enabled to see if we can't shake out any remaining > problems. > > Thanks, > > Robert N M Watson > Computer Laboratory > University of Cambridge > ------------------------------------------------------- > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.1.10.0809292301220.29569>