fixes for ipfw and pf lock ordering issues

Max Laier max at love2party.net
Fri Sep 24 15:57:06 PDT 2004


On Saturday 25 September 2004 00:37, Christian S.J. Peron wrote:
> Good day folks, we need some beta testers
>
> Currently, those who utilize ucred based firewalling, i.e. firewall
> rules which match based on UID, GID or JAIL ID are subject to lock order
> problems which often results in the system hard locking. (when giant
> is not present ... debug.mpsafenet=1).
>
> This problem affects all FreeBSD firewalls which implement ucred based
> matching, namely ipfw and pf. The lock order problem exists due to a
> layering violation which occurs when the IP stack attempts to acquire
> locks within lower level stacks such as UDP and TCP.

For the record [just realized that we forgot]: Talking about LOR id 14-17 ...

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20040925/83411187/attachment.bin


More information about the freebsd-ipfw mailing list