Please test ipfw and pf uid/gid/jail rules

Josh Carroll josh.carroll at gmail.com
Tue Sep 30 13:30:42 UTC 2008


> Although it didn't show up in 8.x testing to date, it turned out there was a
> serious stability regression in the ipfw uid/gid/jail rule implementation as
> a result of moving to rwlocks for inpcbinfo and inpcb.  I think I've
> corrected the sources of the problem in 8.x and 7.x now, but it would be
> very helpful if people who use ipfw and pf could do some extra testing of
> these rules with invariants and witness enabled to see if we can't shake out
> any remaining problems.

I have a 7.1-PRERELEASE box on which I use pf with user/uid rules, and would
be glad to test this out. I've recompiled with the usual debug
options, but I was
curious if I should be leaving:

debug.pfugidhack=1

Alone for the testing? I assume this needs to remain set to 1? I'm not manually
setting this, so I guess it is the default now (haven't looked in a while).

Regards,
Josh


More information about the freebsd-current mailing list