From owner-freebsd-net@FreeBSD.ORG Wed Nov 10 20:10:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3290D16A4CE for ; Wed, 10 Nov 2004 20:10:24 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B18B43D45 for ; Wed, 10 Nov 2004 20:10:23 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.161] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CRynO-0002XH-00; Wed, 10 Nov 2004 21:10:22 +0100 Received: from [217.227.159.25] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CRynN-0007H9-00; Wed, 10 Nov 2004 21:10:22 +0100 From: Max Laier To: freebsd-net@freebsd.org Date: Wed, 10 Nov 2004 21:10:22 +0100 User-Agent: KMail/1.7.1 References: <35de0c30041110074662654d9b@mail.gmail.com> <8AFDE7D8-3333-11D9-A34C-000A95C705DC@chittenden.org> <35de0c3004111011412326d731@mail.gmail.com> In-Reply-To: <35de0c3004111011412326d731@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1333367.tAiQMdpVxz"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411102110.29751.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: Bryan Fullerton Subject: Re: ipfw jail and debug.mpsafenet X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2004 20:10:24 -0000 --nextPart1333367.tAiQMdpVxz Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Wednesday 10 November 2004 20:41, Bryan Fullerton wrote: > (gah, hit repy instead of reply all) > > On Wed, 10 Nov 2004 08:14:05 -0800, Sean Chittenden = =20 wrote: > > Install the following patch from csjp@. He'll be committing this in > > the next week or two. Once applied and compiled, fell free to turn > > mpsafenet off. :) One thing to note here: debug.mpsafenet=3D1 (on) =3D> Giant-free network (that's the one you want= ) while debug.mpsafenet=3D0 (off) =3D> Giant around the netstack (that's what is r= equired=20 for IPFW's user/group/jail as well as PF's=20 user/group) > Is the intention to MFC this to RELENG_5_3 (or RELENG_5_3_1...) or is > this a 5.4 fix? If the latter I'll just stick with ipfw rules This is certainly something for 5.4 as it must be tested carefully (you can= =20 help! ;) It's not too bad to turn Giant back on unless you have a very busy= =20 MySQL or Apache on a SMP-box, though. > referencing the jail IP and forget about the ipfw jail option until > it's fully cooked. See above, testing is the only way to get it "fully cooked" in reasonable=20 time. From what I know, Christian's patch is already quite mature. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1333367.tAiQMdpVxz Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBknW1XyyEoT62BG0RAl+DAJ90uw/AS/wO0SB3IWmMgWr1H4nF+gCfeAUu kABnZS9udjYcgln1YNBFmbk= =VhK7 -----END PGP SIGNATURE----- --nextPart1333367.tAiQMdpVxz--