From owner-freebsd-current@FreeBSD.ORG Tue Sep 30 13:30:42 2008 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A8EF106569A for ; Tue, 30 Sep 2008 13:30:42 +0000 (UTC) (envelope-from josh.carroll@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.226]) by mx1.freebsd.org (Postfix) with ESMTP id 21EEB8FC12 for ; Tue, 30 Sep 2008 13:30:42 +0000 (UTC) (envelope-from josh.carroll@gmail.com) Received: by wr-out-0506.google.com with SMTP id c8so1631wra.27 for ; Tue, 30 Sep 2008 06:30:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to :to:subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=X/WpDkUOMHsZwlwEv7sogwlS3SPpZvPbVnbVHGfdbAk=; b=UGnyDj4NYxTkgDTwfUrPRBYZNvZmdEqJi6BrGO+lOwixospCPvYPgXfNwMN98rqxd0 3qJYWQRDzFFKIpWYFYitP1BA2+tAxlHRUifwU3UoaacJ5flOp7+hsidDQAq+FUgr6HlT mbqSyl873bBPURTvw+fFwnmaFb1yPLXJ036xU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:cc:in-reply-to :mime-version:content-type:content-transfer-encoding :content-disposition:references; b=D5tVIvX15wESR9HAWE12i15EGoRveHjfIPJ5fSykMwU9+KDnnZASauTtOvsu0/1Uip bFEJKWTekL/vwln6cxuIsfcIANoHg4iIlA+S0f6oixQe3KSwK/5cxSHXfcjzAMZi34lL lI3l4SMqeaDTDmnZqOx7p1DJbpNH3lRSUG8Qw= Received: by 10.151.153.14 with SMTP id f14mr5839632ybo.99.1222779994610; Tue, 30 Sep 2008 06:06:34 -0700 (PDT) Received: by 10.151.11.21 with HTTP; Tue, 30 Sep 2008 06:06:34 -0700 (PDT) Message-ID: <8cb6106e0809300606g10fa4991gc5bfb9664d5d7839@mail.gmail.com> Date: Tue, 30 Sep 2008 09:06:34 -0400 From: "Josh Carroll" To: "Robert Watson" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: current@freebsd.org Subject: Re: Please test ipfw and pf uid/gid/jail rules X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: josh.carroll@gmail.com List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2008 13:30:42 -0000 > Although it didn't show up in 8.x testing to date, it turned out there was a > serious stability regression in the ipfw uid/gid/jail rule implementation as > a result of moving to rwlocks for inpcbinfo and inpcb. I think I've > corrected the sources of the problem in 8.x and 7.x now, but it would be > very helpful if people who use ipfw and pf could do some extra testing of > these rules with invariants and witness enabled to see if we can't shake out > any remaining problems. I have a 7.1-PRERELEASE box on which I use pf with user/uid rules, and would be glad to test this out. I've recompiled with the usual debug options, but I was curious if I should be leaving: debug.pfugidhack=1 Alone for the testing? I assume this needs to remain set to 1? I'm not manually setting this, so I guess it is the default now (haven't looked in a while). Regards, Josh