From owner-cvs-src@FreeBSD.ORG  Fri Jan  7 23:09:39 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id AA63816A4CE; Fri,  7 Jan 2005 23:09:39 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9A14843D1D; Fri,  7 Jan 2005 23:09:39 +0000 (GMT)
	(envelope-from csjp@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j07N9dKi075824;
	Fri, 7 Jan 2005 23:09:39 GMT
	(envelope-from csjp@repoman.freebsd.org)
Received: (from csjp@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j07N9dXw075823;
	Fri, 7 Jan 2005 23:09:39 GMT
	(envelope-from csjp)
Message-Id: <200501072309.j07N9dXw075823@repoman.freebsd.org>
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
Date: Fri, 7 Jan 2005 23:09:39 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: RELENG_5
Subject: cvs commit: src/sys/netinet ip_fw2.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jan 2005 23:09:39 -0000

csjp        2005-01-07 23:09:39 UTC

  FreeBSD src repository

  Modified files:        (Branch: RELENG_5)
    sys/netinet          ip_fw2.c 
  Log:
  MFC v1.85
    Log:
    This commit adds a shared locking mechanism very similar to the
    mechanism used by pfil.  This shared locking mechanism will remove
    a nasty lock order reversal which occurs when ucred based rules
    are used which results in hard locks while mpsafenet=1.
  
    So this removes the debug.mpsafenet=0 requirement when using
    ucred based rules with IPFW.
  
    It should be noted that this locking mechanism does not guarantee
    fairness between read and write locks, and that it will favor
    firewall chain readers over writers. This seemed acceptable since
    write operations to firewall chains protected by this lock tend to
    be less frequent than reads.
  
    Reviewed by:    andre, rwatson
    Tested by:      myself, seanc
    Silence on:     ipfw@
    MFC after:      1 month
  
  Revision  Changes    Path
  1.70.2.8  +69 -29    src/sys/netinet/ip_fw2.c