From owner-freebsd-stable@FreeBSD.ORG  Thu Dec 10 19:13:24 2009
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 11FBD106566B
	for <freebsd-stable@freebsd.org>; Thu, 10 Dec 2009 19:13:24 +0000 (UTC)
	(envelope-from mdounin@mdounin.ru)
Received: from mdounin.cust.ramtel.ru (mdounin.cust.ramtel.ru [81.19.69.81])
	by mx1.freebsd.org (Postfix) with ESMTP id C54698FC16
	for <freebsd-stable@freebsd.org>; Thu, 10 Dec 2009 19:13:23 +0000 (UTC)
Received: from mdounin.ru (mdounin.cust.ramtel.ru [81.19.69.81])
	by mdounin.cust.ramtel.ru (Postfix) with ESMTP id DE71D17041;
	Thu, 10 Dec 2009 21:55:24 +0300 (MSK)
Date: Thu, 10 Dec 2009 21:55:24 +0300
From: Maxim Dounin <mdounin@mdounin.ru>
To: Derek Kulinski <takeda@takeda.tk>
Message-ID: <20091210185524.GB33752@mdounin.ru>
References: <20091210034512.GA28864@chinatsu.takeda.tk>
	<200912101838.42013.max@love2party.net>
	<124905177.20091210102209@takeda.tk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <124905177.20091210102209@takeda.tk>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: Max Laier <max@love2party.net>, freebsd-stable@freebsd.org
Subject: Re: pf: unlocked lookup
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2009 19:13:24 -0000

Hello!

On Thu, Dec 10, 2009 at 10:22:09AM -0800, Derek Kulinski wrote:

> Hello Max,
> 
> Thursday, December 10, 2009, 9:38:41 AM, you wrote:
> 
> > this is a generic informational message that was put into the code to figure
> > out if the hack that is "debug.pfugidhack" is actually required.  You can get
> > rid of the message by setting the debug level of pf to something below "misc"
> > (e.g. pfctl -x urgent).
> 
> Well, the hack actually is required, my system crashes when I disable
> it.

Please note that depending on workload and actual rules the hack 
may do more harm than good.  We had some machines which were 
deadlocking[1] in minutes with hack enabled but were almost stable 
without it.

Anyway, the only safe solution right now is to avoid uid/gid rules.

[1] 
http://lists.freebsd.org/pipermail/freebsd-net/2009-October/023350.html

Maxim Dounin