cvs commit: src/sys/netinet ip_fw2.c
Roman Kurakin
rik at inse.ru
Tue Sep 30 17:13:59 UTC 2008
Roman Divacky wrote:
> On Tue, Sep 30, 2008 at 05:19:57PM +0100, Robert Watson wrote:
>
>> On Sun, 28 Sep 2008, Ganbold wrote:
>>
>>
>>>> Indeed -- when an inpcb doesn't have a socket, ipfw will go ahead and do
>>>> a lookup for an inpcb even though one is passed down. I've committed a
>>>> change that short-circuits that and marks the credential lookup as
>>>> failed. Give it a try now?
>>>>
>>> Thanks a lot, Robert, it was indeed simple effective fix. So far no crash
>>> :) With loads like pkg_adding emacs (which adds bunch of other packages)
>>> on plain CURRENT, downloading FreeBSD ISO with axel (20 simultaneous
>>> connection) through http works fine here.
>>>
>> Good news. We'll want to keep an eye on this one as the 7.0 release cycle
>> progresses, and there may be other unexpected edge case problems from the
>> rwlock change. On the whole it seems to have been very successful, but the
>> view that -CURRENT doesn't receive a whole lot of stress testing is
>> reinforced...
>>
>
> I think this is a little different case... I guess people are willing to
> test -CURRENT on their desktops etc. but not on "servers". ie. when you
> have immediate access to the machine you easily use -CURRENT but not
> on the remote server.
>
> Also, people don't tend to run firewalls on their desktops (as opposed to
> servers where they dont). This is why I think this bug slipped. Not that
> -CURRENT is so badly tested...
>
It looks that people are not so paranoid as they should be ...
But probably they paranoid enough to not use the current ;-)
rik
> roman
>
More information about the cvs-src
mailing list