cvs commit: src/sys/netinet ip_fw2.c
Robert Watson
rwatson at FreeBSD.org
Tue Sep 30 16:19:58 UTC 2008
On Sun, 28 Sep 2008, Ganbold wrote:
>> Indeed -- when an inpcb doesn't have a socket, ipfw will go ahead and do a
>> lookup for an inpcb even though one is passed down. I've committed a
>> change that short-circuits that and marks the credential lookup as failed.
>> Give it a try now?
>
> Thanks a lot, Robert, it was indeed simple effective fix. So far no crash :)
> With loads like pkg_adding emacs (which adds bunch of other packages) on
> plain CURRENT, downloading FreeBSD ISO with axel (20 simultaneous
> connection) through http works fine here.
Good news. We'll want to keep an eye on this one as the 7.0 release cycle
progresses, and there may be other unexpected edge case problems from the
rwlock change. On the whole it seems to have been very successful, but the
view that -CURRENT doesn't receive a whole lot of stress testing is
reinforced...
Robert N M Watson
Computer Laboratory
University of Cambridge
>
> test# ipfw show
> 00040 1184006 673239338 allow ip from any to any uid root
> 00100 0 0 allow ip from any to any via lo0
> 00200 0 0 deny ip from any to 127.0.0.0/8
> 00300 0 0 deny ip from 127.0.0.0/8 to any
> 65000 60 7426 allow ip from any to any
> 65535 0 0 deny ip from any to any
> test#
>
>
> Ganbold
>
>>
>> Robert N M Watson
>> Computer Laboratory
>> University of Cambridge
>> _______________________________________________
>> cvs-all at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/cvs-all
>> To unsubscribe, send any mail to "cvs-all-unsubscribe at freebsd.org"
>>
>>
>>
>
>
> --
> If it ain't broke, don't fix it.
>
More information about the cvs-src
mailing list