From owner-freebsd-pf@FreeBSD.ORG Fri Jul 20 18:36:18 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E33E16A41F for ; Fri, 20 Jul 2007 18:36:18 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outV.internet-mail-service.net (outV.internet-mail-service.net [216.240.47.245]) by mx1.freebsd.org (Postfix) with ESMTP id 1DF0713C46B for ; Fri, 20 Jul 2007 18:36:18 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.32) with ESMTP; Fri, 20 Jul 2007 11:36:17 -0700 Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id 429B2125A23; Fri, 20 Jul 2007 11:36:17 -0700 (PDT) Message-ID: <46A100C2.1030606@elischer.org> Date: Fri, 20 Jul 2007 11:36:50 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.4 (Macintosh/20070604) MIME-Version: 1.0 To: Robert Watson References: <20070717131518.G1177@fledge.watson.org> <200707172342.39082.max@love2party.net> <20070720111539.U1096@fledge.watson.org> In-Reply-To: <20070720111539.U1096@fledge.watson.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-arch@freebsd.org, freebsd-current@freebsd.org, freebsd-pf@freebsd.org, freebsd-net@freebsd.org Subject: Re: Attention pf/ipfw users with uid/gid/jail rules (Re: Reminder: NET_NEEDS_GIANT, debug.mpsafenet going away in 7.0) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jul 2007 18:36:18 -0000 Robert Watson wrote: > > On Tue, 17 Jul 2007, Max Laier wrote: > > So far I have had 0 (zero) reports of problems since this thread began. > Could people using uid/gid/jail rules with ipfw or pf on 7.x *please* > try running their firewalls without debug.mpsafenet -- ignore the > witness warnings and/or disable witness, and let us know if you > experience deadlocks. We're reaching the very end of the merge cycle > for 7.0, and I would really like to remove the Giant crutches (now > effectively unused) from the network stack so it's not part of the > ABI/API, the code is simplified and cleaned up, etc. > does "problem" include a LOR message, or only a deadlock? I've seen plenty of the first, but not the second.