Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Sep 2008 21:13:53 +0400
From:      Roman Kurakin <rik@inse.ru>
To:        Roman Divacky <rdivacky@FreeBSD.org>
Cc:        cvs-src@FreeBSD.org, Ganbold <ganbold@micom.mng.net>, src-committers@FreeBSD.org, Robert Watson <rwatson@FreeBSD.org>, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/netinet ip_fw2.c
Message-ID:  <48E25E51.5060502@inse.ru>
In-Reply-To: <20080930162606.GA46594@freebsd.org>
References:  <200809271014.m8RAENka041457@repoman.freebsd.org> <48DE5C4F.8040807@micom.mng.net> <alpine.BSF.1.10.0809272013380.20117@fledge.watson.org> <alpine.BSF.1.10.0809272032440.20117@fledge.watson.org> <48DF2010.6030309@micom.mng.net> <alpine.BSF.1.10.0809301719090.75798@fledge.watson.org> <20080930162606.GA46594@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Roman Divacky wrote:
> On Tue, Sep 30, 2008 at 05:19:57PM +0100, Robert Watson wrote:
>   
>> On Sun, 28 Sep 2008, Ganbold wrote:
>>
>>     
>>>> Indeed -- when an inpcb doesn't have a socket, ipfw will go ahead and do 
>>>> a lookup for an inpcb even though one is passed down.  I've committed a 
>>>> change that short-circuits that and marks the credential lookup as 
>>>> failed. Give it a try now?
>>>>         
>>> Thanks a lot, Robert, it was indeed simple effective fix. So far no crash 
>>> :) With loads like pkg_adding emacs (which adds bunch of other packages) 
>>> on plain CURRENT, downloading FreeBSD ISO with axel (20 simultaneous 
>>> connection) through http works fine here.
>>>       
>> Good news.  We'll want to keep an eye on this one as the 7.0 release cycle 
>> progresses, and there may be other unexpected edge case problems from the 
>> rwlock change.  On the whole it seems to have been very successful, but the 
>> view that -CURRENT doesn't receive a whole lot of stress testing is 
>> reinforced...
>>     
>
> I think this is a little different case... I guess people are willing to
> test -CURRENT on their desktops etc. but not on "servers". ie. when you
> have immediate access to the machine you easily use -CURRENT but not
> on the remote server.
>
> Also, people don't tend to run firewalls on their desktops (as opposed to
> servers where they dont). This is why I think this bug slipped. Not that 
> -CURRENT is so badly tested...
>   
It looks that people are not so paranoid as they should be ...
But probably they paranoid enough to not use the current ;-)

rik
> roman
>   




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48E25E51.5060502>