Date: Wed, 17 Sep 2008 16:50:07 GMT From: Christian Peron <csjp@freebsd.org> To: freebsd-pf@FreeBSD.org Subject: Re: kern/127439: deadlock in pf Message-ID: <200809171650.m8HGo7F0096278@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/127439; it has been noted by GNATS. From: Christian Peron <csjp@freebsd.org> To: Geoffrey Mainland <mainland@apeiron.net> Cc: Christian Peron <csjp@freebsd.org>, FreeBSD-gnats-submit@freebsd.org Subject: Re: kern/127439: deadlock in pf Date: Wed, 17 Sep 2008 11:47:13 -0500 On Wed, Sep 17, 2008 at 12:21:15PM -0400, Geoffrey Mainland wrote: [..] > > # FTP > pass in on $ext_if inet proto tcp from any to $ext_nat \ > user proxy flags S/SA modulate state > What happens if you get rid of the "user proxy" constraint? We have had problems with these rules in the past. The truth is, they don't really work correctly anyway. But it would be interesting to see if removing the "user proxy" constraint and replacing it with a port or range removes the dead lock.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809171650.m8HGo7F0096278>