Date: Sat, 27 Sep 2008 23:10:03 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: stable@FreeBSD.org Subject: Warning: known instability using ipfw "uid" rules Message-ID: <alpine.BSF.1.10.0809272306300.20117@fledge.watson.org>
next in thread | raw e-mail | index | archive | help
An FYI: In the past couple of days, presumably as testing of 7.x becomes more widespread, I've seen several reports of instability resulting from ipfw credential rules. For those unfamiliar with them, these allow the matching of packets in ipfw rules based on the credentials of the socket that generated them, or the credentials of the socket that likely will receive them. These problems are a side effect of elimating support for lock recursion on inpcbinfo locks as part of the UDP performance optimization work for 7.1. There are two minor TCP fixes, and a more serious ipfw bug fix, in the queue to be MFC'd in the next couple of days. Once they're fixed, please make sure any further problems with deadlocks or panics involving ipfw rules are brought to my attention. Thanks, and apologies for any inconvenience -- this issue did not arise during testing in HEAD over the course of several months, but fortunately appears fairly straight forward to resolve now that it's a bit better understood. Robert N M Watson Computer Laboratory University of Cambridge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.1.10.0809272306300.20117>