Date: Tue, 30 Sep 2008 00:08:35 +0200 From: Max Laier <max@love2party.net> To: Robert Watson <rwatson@freebsd.org> Cc: freebsd-pf@freebsd.org Subject: Re: Fwd: Please test ipfw and pf uid/gid/jail rules Message-ID: <200809300008.36074.max@love2party.net> In-Reply-To: <alpine.BSF.1.10.0809292301220.29569@fledge.watson.org> References: <200809292356.51500.max@love2party.net> <alpine.BSF.1.10.0809292301220.29569@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 30 September 2008 00:02:04 Robert Watson wrote: > On Mon, 29 Sep 2008, Max Laier wrote: > > Please help testing. It's been confirmed to work for IPFW, let's make > > sure pf is in good shape, too. Thanks. > > A casual glance at pf.c suggests that pf(4) doesn't suffer from the "look > up the inpcb even though it's passed down if the socket pointer is NULL" > bug that ipfw(4) did, but confirmation that things work properly would > definitely be good. http://www.freebsd.org/cgi/query-pr.cgi?pr=127439 looks like it could be related. I think I see what's happening there, but unfortunately I don't have any time to look into it myself at the moment. Might be a while before I get to it so additional eyes are certainly appreciated! > Thanks, > > Robert N M Watson > Computer Laboratory > University of Cambridge > > > ---------- Forwarded Message ---------- > > > > Subject: Please test ipfw and pf uid/gid/jail rules > > Date: Monday 29 September 2008 > > From: Robert Watson <rwatson@freebsd.org> > > To: current@freebsd.org > > > > > > Dear all: > > > > Although it didn't show up in 8.x testing to date, it turned out there > > was a serious stability regression in the ipfw uid/gid/jail rule > > implementation as a result of moving to rwlocks for inpcbinfo and inpcb. > > I think I've corrected the sources of the problem in 8.x and 7.x now, but > > it would be very helpful if people who use ipfw and pf could do some > > extra testing of these rules with invariants and witness enabled to see > > if we can't shake out any remaining problems. > > > > Thanks, > > > > Robert N M Watson > > Computer Laboratory > > University of Cambridge > > ------------------------------------------------------- > > -- > > /"\ Best regards, | mlaier@freebsd.org > > \ / Max Laier | ICQ #67774661 > > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > > / \ ASCII Ribbon Campaign | Against HTML Mail and News -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809300008.36074.max>