Date: Wed, 28 Feb 2007 10:45:29 +0100 From: Andrea Venturoli <ml.diespammer@netfence.it> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-net@freebsd.org, Robert Watson <rwatson@freebsd.org> Subject: Re: LOR with divert sockets Message-ID: <45E54F39.4050204@netfence.it> In-Reply-To: <20070228084928.Y64827@maildrop.int.zabbadoz.net> References: <45E21468.4060200@netfence.it> <20070227222316.R60173@fledge.watson.org> <45E53F7D.4030703@netfence.it> <20070228084928.Y64827@maildrop.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bjoern A. Zeeb wrote: > I am unsure but this should still be true for at least RELENG_6. I > can only remember that there was work in progress but cannot remmember > things were patched and where or not... > > %man ipfw | col -b | grep -5 'Rules which use uid' | tail -7 | head -5 > > Rules which use uid, gid or jail based matching should be used only if > debug.mpsafenet=0 to avoid possible deadlocks due to layering > violations > in its implementation. > > Thanks, this is very interesting. I see this paragraph was added in 6.x, and I admit I never saw it. In fact I had been using uid rules in 5.x without any trouble. Shouldn't this be mentioned in the ERRATA document? I guess no one really reads *all* the man pages again, after an upgrade. First off, I searched for what debug.mpsafe does and came up with some vague description. Are there any reason not to disable this? Second. I grasped the idea that this is important in SMP boxes, but I'm not sure. Does it affect UP boxes too? I'm currently having: _ 1 SMP box *with* one uid rule which occasionally hangs (running INVARIANTS&Co and from which my report was taken); _ 1 SMP box *without* uid rules which occasionally hangs (running INVARIANTS&Co); _ 1 UP box *with* one uid rule which frequently hangs (I'm turning INVARIANTS&Co on this afternoon on this one); _ 1 UP box *with* one uid rule which frequently hangs (I'm turning SMP and INVARIANTS&Co on this afternoon on this one); _ 2 UP boxes *with* one uid rule which never ever hanged. IMHO the uid rule problems could explain half of the data above, but then again, I guess it can also depend on network load, hardware type or other combinations of things. If there are no bigger drawbacks (I don't care for speed as much as I do for stability), I might disable debug.mpsafenet today. Comments? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45E54F39.4050204>