Attention pf/ipfw users with uid/gid/jail rules (Re: Reminder:
NET_NEEDS_GIANT, debug.mpsafenet going away in 7.0)
Kris Kennaway
kris at obsecurity.org
Fri Jul 27 02:41:08 UTC 2007
On Fri, Jul 20, 2007 at 11:36:50AM -0700, Julian Elischer wrote:
> Robert Watson wrote:
> >
> >On Tue, 17 Jul 2007, Max Laier wrote:
> >
> >So far I have had 0 (zero) reports of problems since this thread began.
> >Could people using uid/gid/jail rules with ipfw or pf on 7.x *please*
> >try running their firewalls without debug.mpsafenet -- ignore the
> >witness warnings and/or disable witness, and let us know if you
> >experience deadlocks. We're reaching the very end of the merge cycle
> >for 7.0, and I would really like to remove the Giant crutches (now
> >effectively unused) from the network stack so it's not part of the
> >ABI/API, the code is simplified and cleaned up, etc.
> >
>
> does "problem" include a LOR message, or only a deadlock?
> I've seen plenty of the first, but not the second.
Various users have reported definite deadlocks relating to uid/gid
firewall rules in the past.
Kris
More information about the freebsd-current
mailing list