From owner-freebsd-pf@FreeBSD.ORG  Wed Sep 17 16:50:07 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DFEFD106569C
	for <freebsd-pf@hub.freebsd.org>; Wed, 17 Sep 2008 16:50:07 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id CF79F8FC16
	for <freebsd-pf@hub.freebsd.org>; Wed, 17 Sep 2008 16:50:07 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m8HGo709096279
	for <freebsd-pf@freefall.freebsd.org>; Wed, 17 Sep 2008 16:50:07 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m8HGo7F0096278;
	Wed, 17 Sep 2008 16:50:07 GMT (envelope-from gnats)
Date: Wed, 17 Sep 2008 16:50:07 GMT
Message-Id: <200809171650.m8HGo7F0096278@freefall.freebsd.org>
To: freebsd-pf@FreeBSD.org
From: Christian Peron <csjp@freebsd.org>
Cc: 
Subject: Re: kern/127439: deadlock in pf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Christian Peron <csjp@freebsd.org>
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Sep 2008 16:50:08 -0000

The following reply was made to PR kern/127439; it has been noted by GNATS.

From: Christian Peron <csjp@freebsd.org>
To: Geoffrey Mainland <mainland@apeiron.net>
Cc: Christian Peron <csjp@freebsd.org>, FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/127439: deadlock in pf
Date: Wed, 17 Sep 2008 11:47:13 -0500

 On Wed, Sep 17, 2008 at 12:21:15PM -0400, Geoffrey Mainland wrote:
 [..]
 > 
 > # FTP
 > pass in on $ext_if inet proto tcp from any to $ext_nat \
 >   user proxy flags S/SA modulate state
 > 
 
 What happens if you get rid of the "user proxy" constraint?  We have
 had problems with these rules in the past.  The truth is, they don't
 really work correctly anyway.  But it would be interesting to see if
 removing the "user proxy" constraint and replacing it with a port or
 range removes the dead lock.