pf: unlocked lookup
mdounin at mdounin.ru
Thu Dec 10 19:13:24 UTC 2009
On Thu, Dec 10, 2009 at 10:22:09AM -0800, Derek Kulinski wrote:
> Hello Max,
> Thursday, December 10, 2009, 9:38:41 AM, you wrote:
> > this is a generic informational message that was put into the code to figure
> > out if the hack that is "debug.pfugidhack" is actually required. You can get
> > rid of the message by setting the debug level of pf to something below "misc"
> > (e.g. pfctl -x urgent).
> Well, the hack actually is required, my system crashes when I disable
Please note that depending on workload and actual rules the hack
may do more harm than good. We had some machines which were
deadlocking in minutes with hack enabled but were almost stable
Anyway, the only safe solution right now is to avoid uid/gid rules.
More information about the freebsd-stable