Date: Thu, 10 Dec 2009 21:55:24 +0300 From: Maxim Dounin <mdounin@mdounin.ru> To: Derek Kulinski <takeda@takeda.tk> Cc: Max Laier <max@love2party.net>, freebsd-stable@freebsd.org Subject: Re: pf: unlocked lookup Message-ID: <20091210185524.GB33752@mdounin.ru> In-Reply-To: <124905177.20091210102209@takeda.tk> References: <20091210034512.GA28864@chinatsu.takeda.tk> <200912101838.42013.max@love2party.net> <124905177.20091210102209@takeda.tk>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! On Thu, Dec 10, 2009 at 10:22:09AM -0800, Derek Kulinski wrote: > Hello Max, > > Thursday, December 10, 2009, 9:38:41 AM, you wrote: > > > this is a generic informational message that was put into the code to figure > > out if the hack that is "debug.pfugidhack" is actually required. You can get > > rid of the message by setting the debug level of pf to something below "misc" > > (e.g. pfctl -x urgent). > > Well, the hack actually is required, my system crashes when I disable > it. Please note that depending on workload and actual rules the hack may do more harm than good. We had some machines which were deadlocking[1] in minutes with hack enabled but were almost stable without it. Anyway, the only safe solution right now is to avoid uid/gid rules. [1] http://lists.freebsd.org/pipermail/freebsd-net/2009-October/023350.html Maxim Dounin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091210185524.GB33752>