Date: Fri, 29 Jun 2012 15:27:18 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r237791 - projects/pf/head/contrib/pf/man Message-ID: <201206291527.q5TFRIqD053656@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Fri Jun 29 15:27:17 2012 New Revision: 237791 URL: http://svn.freebsd.org/changeset/base/237791 Log: The locking problem between pf and PCBs no longer exists. Modified: projects/pf/head/contrib/pf/man/pf.conf.5 Modified: projects/pf/head/contrib/pf/man/pf.conf.5 ============================================================================== --- projects/pf/head/contrib/pf/man/pf.conf.5 Fri Jun 29 15:24:55 2012 (r237790) +++ projects/pf/head/contrib/pf/man/pf.conf.5 Fri Jun 29 15:27:17 2012 (r237791) @@ -28,7 +28,7 @@ .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd May 28 2012 +.Dd June 29 2012 .Dt PF.CONF 5 .Os .Sh NAME @@ -1421,7 +1421,7 @@ has the socket open where the packet is (depending on which socket is local). This is in addition to the normal information logged. .Pp -Due to the problems described in the BUGS section only the first packet +Only the first packet logged via .Ar log (all, user) will have the user credentials logged when using stateful matching. @@ -3040,22 +3040,6 @@ Protocol name database. .It Pa /etc/services Service name database. .El -.Sh BUGS -Due to a lock order reversal (LOR) with the socket layer, the use of the -.Ar group -and -.Ar user -filter parameter in conjuction with a Giant-free netstack -can result in a deadlock. -A workaround is available under the -.Va debug.pfugidhack -sysctl which is automatically enabled when a -.Ar user -/ -.Ar group -rule is added or -.Ar log (user) -is specified. .Sh SEE ALSO .Xr altq 4 , .Xr carp 4 ,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206291527.q5TFRIqD053656>