pf: unlocked lookup
Derek Kulinski
takeda at takeda.tk
Thu Dec 10 18:22:16 UTC 2009
Hello Max,
Thursday, December 10, 2009, 9:38:41 AM, you wrote:
> this is a generic informational message that was put into the code to figure
> out if the hack that is "debug.pfugidhack" is actually required. You can get
> rid of the message by setting the debug level of pf to something below "misc"
> (e.g. pfctl -x urgent).
Well, the hack actually is required, my system crashes when I disable
it.
> The pfugidhack is automatically enabled when you use rules with user or group
> filters. These rules are a layering violation and the hack is required to
> make them work. I'd rather get rid of them altogether, but since it is a much
> demanded functionality we introduced the workaround instead.
> Just lower the debugging level (s.a.), ignore the messages, or rebuild your
> kernel/pf module with the respective DPRINTF lines (sys/contrib/pf/net/pf.c)
> commented out. I might just move them to the loud level in the main tree,
> though.
So if I understand correctly, chances of fixing the workaround are
really small?
At least now I know how to disable those messages, thanks.
--
Best regards,
Derek mailto:takeda at takeda.tk
Come to think of it, there are already a million monkeys on a million typewriters, and Usenet is *nothing* like Shakespeare.
-- Blair Houghton
More information about the freebsd-stable
mailing list