fixes for ipfw and pf lock ordering issues
Max Laier
max at love2party.net
Fri Sep 24 15:57:06 PDT 2004
On Saturday 25 September 2004 00:37, Christian S.J. Peron wrote:
> Good day folks, we need some beta testers
>
> Currently, those who utilize ucred based firewalling, i.e. firewall
> rules which match based on UID, GID or JAIL ID are subject to lock order
> problems which often results in the system hard locking. (when giant
> is not present ... debug.mpsafenet=1).
>
> This problem affects all FreeBSD firewalls which implement ucred based
> matching, namely ipfw and pf. The lock order problem exists due to a
> layering violation which occurs when the IP stack attempts to acquire
> locks within lower level stacks such as UDP and TCP.
For the record [just realized that we forgot]: Talking about LOR id 14-17 ...
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20040925/83411187/attachment.bin
More information about the freebsd-pf
mailing list