Date: Tue, 30 Sep 2008 09:06:34 -0400 From: "Josh Carroll" <josh.carroll@gmail.com> To: "Robert Watson" <rwatson@freebsd.org> Cc: current@freebsd.org Subject: Re: Please test ipfw and pf uid/gid/jail rules Message-ID: <8cb6106e0809300606g10fa4991gc5bfb9664d5d7839@mail.gmail.com> In-Reply-To: <alpine.BSF.1.10.0809292127420.24341@fledge.watson.org> References: <alpine.BSF.1.10.0809292127420.24341@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Although it didn't show up in 8.x testing to date, it turned out there was a > serious stability regression in the ipfw uid/gid/jail rule implementation as > a result of moving to rwlocks for inpcbinfo and inpcb. I think I've > corrected the sources of the problem in 8.x and 7.x now, but it would be > very helpful if people who use ipfw and pf could do some extra testing of > these rules with invariants and witness enabled to see if we can't shake out > any remaining problems. I have a 7.1-PRERELEASE box on which I use pf with user/uid rules, and would be glad to test this out. I've recompiled with the usual debug options, but I was curious if I should be leaving: debug.pfugidhack=1 Alone for the testing? I assume this needs to remain set to 1? I'm not manually setting this, so I guess it is the default now (haven't looked in a while). Regards, Josh
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8cb6106e0809300606g10fa4991gc5bfb9664d5d7839>