From owner-freebsd-pf@FreeBSD.ORG Wed Jan 30 01:35:06 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD28616A418 for ; Wed, 30 Jan 2008 01:35:06 +0000 (UTC) (envelope-from bill.marquette@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.245]) by mx1.freebsd.org (Postfix) with ESMTP id 62BB413C447 for ; Wed, 30 Jan 2008 01:35:06 +0000 (UTC) (envelope-from bill.marquette@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so14373anc.13 for ; Tue, 29 Jan 2008 17:35:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=8ryLlP+vIYdO/Pjs9adLy9xwCOAEHh00A8rsoB9bbvc=; b=Pbpu1E+CQCvdoBP6WXNn2Xcu3iNr1QUFe5xHHc0LXKrKnat2M2cN1Lif74miPPUH6i/jT8Hvk4apyd+fmZCiHn66FVkiSIu+XAQtoNXOff/s8e2On0B0ZmmzEVmFTAIUCwdQmy/uK/LH76ktSNvrs2F9BMDKORbBak9gmQob8Fg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rNqDMtUJj7AWwP3FoCaB0Ra2rd572C6tNfleO4sL2vwXVA9+M4eyh1ktKtM4yHVpYxrHYnuLXJ58yxJZpFKxrvZ2Rz77QoAHySOto9IGHZCpZi4zhoU7MQfd+tAeeG8pfu5n0qoWLpuLQUdYnJAb6Edju7VOntTW80HJWtLb/pc= Received: by 10.100.7.1 with SMTP id 1mr265829ang.73.1201656905553; Tue, 29 Jan 2008 17:35:05 -0800 (PST) Received: by 10.100.231.6 with HTTP; Tue, 29 Jan 2008 17:35:05 -0800 (PST) Message-ID: <55e8a96c0801291735g4a356d17p2871b6673e446cb5@mail.gmail.com> Date: Tue, 29 Jan 2008 19:35:05 -0600 From: "Bill Marquette" To: "Max Laier" In-Reply-To: <32841.192.168.4.151.1201635351.squirrel@router.laiers.local> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <55e8a96c0801291037r7bd013cfr6f3c6448024afd42@mail.gmail.com> <32841.192.168.4.151.1201635351.squirrel@router.laiers.local> Cc: "freebsd-pf@freebsd.org" Subject: Re: LOR in pf on 6.2 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jan 2008 01:35:06 -0000 On Jan 29, 2008 1:35 PM, Max Laier wrote: > From the pf.conf(5) in RELENG_6_2: > > BUGS > Due to a lock order reversal (LOR) with the socket layer, the use of the > group and user filter parameter in conjuction with a Giant-free netstack > can result in a deadlock. If you have to use group or user you must set > debug.mpsafenet to ``0'' from the loader(8), for the moment. This work- > around will still produce the LOR, but Giant will protect from the dead- > lock. Crud, didn't see that...I was suspecting the user/group code. Thanks Max, I'll pull that from our ruleset immediately. --Bill