ipfw jail and debug.mpsafenet
Sean Chittenden
sean at chittenden.org
Wed Nov 10 08:14:09 PST 2004
> I've upgraded my jail box to 5.3, and was thinking of updating ipfw
> rules to use the jail rule option. Both the ipfw man page and the 5.3
> Errata indicate that debug.mpsafenet must be set to 0 to prevent a
> system lock when using this rule option.
>
> Will setting debug.mpsafenet to 0 impact anything else on the box? A
> quick googling shows it could impact performance on SMP machines, but
> this is a uniproc box. Anything else I should keep an eye on?
Install the following patch from csjp at . He'll be committing this in
the next week or two. Once applied and compiled, fell free to turn
mpsafenet off. :)
cd /usr/src/sys/netinet
fetch http://people.freebsd.org/~csjp/ip_fw2.c.1099500281.diff
patch -p0 < ip_fw2.c.1099500281.diff
cd /usr/src
make buildkernel
make installkernel
shutdown -r now
sysctl debug.mpsafenet=0
-sc
--
Sean Chittenden
More information about the freebsd-net
mailing list