Fwd: Please test ipfw and pf uid/gid/jail rules
Robert Watson
rwatson at FreeBSD.org
Mon Sep 29 22:02:04 UTC 2008
On Mon, 29 Sep 2008, Max Laier wrote:
> Please help testing. It's been confirmed to work for IPFW, let's make sure
> pf is in good shape, too. Thanks.
A casual glance at pf.c suggests that pf(4) doesn't suffer from the "look up
the inpcb even though it's passed down if the socket pointer is NULL" bug that
ipfw(4) did, but confirmation that things work properly would definitely be
good.
Thanks,
Robert N M Watson
Computer Laboratory
University of Cambridge
>
> ---------- Forwarded Message ----------
>
> Subject: Please test ipfw and pf uid/gid/jail rules
> Date: Monday 29 September 2008
> From: Robert Watson <rwatson at freebsd.org>
> To: current at freebsd.org
>
>
> Dear all:
>
> Although it didn't show up in 8.x testing to date, it turned out there was a
> serious stability regression in the ipfw uid/gid/jail rule implementation as a
> result of moving to rwlocks for inpcbinfo and inpcb. I think I've corrected
> the sources of the problem in 8.x and 7.x now, but it would be very helpful if
> people who use ipfw and pf could do some extra testing of these rules with
> invariants and witness enabled to see if we can't shake out any remaining
> problems.
>
> Thanks,
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
> -------------------------------------------------------
> --
> /"\ Best regards, | mlaier at freebsd.org
> \ / Max Laier | ICQ #67774661
> X http://pf4freebsd.love2party.net/ | mlaier at EFnet
> / \ ASCII Ribbon Campaign | Against HTML Mail and News
>
More information about the freebsd-pf
mailing list