cvs commit: src/sys/netinet ip_fw2.c
Christian S.J. Peron
csjp at FreeBSD.org
Thu Dec 9 18:17:19 PST 2004
csjp 2004-12-10 02:17:18 UTC
FreeBSD src repository
Modified files:
sys/netinet ip_fw2.c
Log:
This commit adds a shared locking mechanism very similar to the
mechanism used by pfil. This shared locking mechanism will remove
a nasty lock order reversal which occurs when ucred based rules
are used which results in hard locks while mpsafenet=1.
So this removes the debug.mpsafenet=0 requirement when using
ucred based rules with IPFW.
It should be noted that this locking mechanism does not guarantee
fairness between read and write locks, and that it will favor
firewall chain readers over writers. This seemed acceptable since
write operations to firewall chains protected by this lock tend to
be less frequent than reads.
Reviewed by: andre, rwatson
Tested by: myself, seanc
Silence on: ipfw@
MFC after: 1 month
Revision Changes Path
1.85 +69 -29 src/sys/netinet/ip_fw2.c
More information about the cvs-all
mailing list