Date: Thu, 26 Jul 2007 22:41:07 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Julian Elischer <julian@elischer.org> Cc: freebsd-net@freebsd.org, freebsd-arch@freebsd.org, freebsd-current@freebsd.org, Robert Watson <rwatson@FreeBSD.org>, freebsd-pf@freebsd.org Subject: Re: Attention pf/ipfw users with uid/gid/jail rules (Re: Reminder: NET_NEEDS_GIANT, debug.mpsafenet going away in 7.0) Message-ID: <20070727024107.GA69300@rot26.obsecurity.org> In-Reply-To: <46A100C2.1030606@elischer.org> References: <20070717131518.G1177@fledge.watson.org> <200707172342.39082.max@love2party.net> <20070720111539.U1096@fledge.watson.org> <46A100C2.1030606@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 20, 2007 at 11:36:50AM -0700, Julian Elischer wrote: > Robert Watson wrote: > > > >On Tue, 17 Jul 2007, Max Laier wrote: > > > >So far I have had 0 (zero) reports of problems since this thread began. > >Could people using uid/gid/jail rules with ipfw or pf on 7.x *please* > >try running their firewalls without debug.mpsafenet -- ignore the > >witness warnings and/or disable witness, and let us know if you > >experience deadlocks. We're reaching the very end of the merge cycle > >for 7.0, and I would really like to remove the Giant crutches (now > >effectively unused) from the network stack so it's not part of the > >ABI/API, the code is simplified and cleaned up, etc. > > > > does "problem" include a LOR message, or only a deadlock? > I've seen plenty of the first, but not the second. Various users have reported definite deadlocks relating to uid/gid firewall rules in the past. Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070727024107.GA69300>