Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Nov 2004 21:10:22 +0100
From:      Max Laier <max@love2party.net>
To:        freebsd-net@freebsd.org
Cc:        Bryan Fullerton <fehwalker@gmail.com>
Subject:   Re: ipfw jail and debug.mpsafenet
Message-ID:  <200411102110.29751.max@love2party.net>
In-Reply-To: <35de0c3004111011412326d731@mail.gmail.com>
References:  <35de0c30041110074662654d9b@mail.gmail.com> <8AFDE7D8-3333-11D9-A34C-000A95C705DC@chittenden.org> <35de0c3004111011412326d731@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
--nextPart1333367.tAiQMdpVxz
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Wednesday 10 November 2004 20:41, Bryan Fullerton wrote:
> (gah, hit repy instead of reply all)
>
> On Wed, 10 Nov 2004 08:14:05 -0800, Sean Chittenden <sean@chittenden.org>=
=20
wrote:
> > Install the following patch from csjp@.  He'll be committing this in
> > the next week or two.  Once applied and compiled, fell free to turn
> > mpsafenet off.  :)

One thing to note here:
 debug.mpsafenet=3D1 (on)  =3D> Giant-free network (that's the one you want=
) while
 debug.mpsafenet=3D0 (off) =3D> Giant around the netstack (that's what is r=
equired=20
                            for IPFW's user/group/jail as well as PF's=20
                            user/group)

> Is the intention to MFC this to RELENG_5_3 (or RELENG_5_3_1...) or is
> this a 5.4 fix? If the latter I'll just stick with ipfw rules

This is certainly something for 5.4 as it must be tested carefully (you can=
=20
help! ;) It's not too bad to turn Giant back on unless you have a very busy=
=20
MySQL or Apache on a SMP-box, though.

> referencing the jail IP and forget about the ipfw jail option until
> it's fully cooked.

See above, testing is the only way to get it "fully cooked" in reasonable=20
time. From what I know, Christian's patch is already quite mature.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart1333367.tAiQMdpVxz
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQBBknW1XyyEoT62BG0RAl+DAJ90uw/AS/wO0SB3IWmMgWr1H4nF+gCfeAUu
kABnZS9udjYcgln1YNBFmbk=
=VhK7
-----END PGP SIGNATURE-----

--nextPart1333367.tAiQMdpVxz--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411102110.29751.max>