From owner-cvs-src@FreeBSD.ORG  Fri Dec 10 02:17:18 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id DC66316A4CE; Fri, 10 Dec 2004 02:17:18 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C4F4643D1D; Fri, 10 Dec 2004 02:17:18 +0000 (GMT)
	(envelope-from csjp@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id iBA2HIRL008475;
	Fri, 10 Dec 2004 02:17:18 GMT
	(envelope-from csjp@repoman.freebsd.org)
Received: (from csjp@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id iBA2HI2L008474;
	Fri, 10 Dec 2004 02:17:18 GMT
	(envelope-from csjp)
Message-Id: <200412100217.iBA2HI2L008474@repoman.freebsd.org>
From: "Christian S.J. Peron" <csjp@FreeBSD.org>
Date: Fri, 10 Dec 2004 02:17:18 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sys/netinet ip_fw2.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2004 02:17:19 -0000

csjp        2004-12-10 02:17:18 UTC

  FreeBSD src repository

  Modified files:
    sys/netinet          ip_fw2.c 
  Log:
  This commit adds a shared locking mechanism very similar to the
  mechanism used by pfil.  This shared locking mechanism will remove
  a nasty lock order reversal which occurs when ucred based rules
  are used which results in hard locks while mpsafenet=1.
  
  So this removes the debug.mpsafenet=0 requirement when using
  ucred based rules with IPFW.
  
  It should be noted that this locking mechanism does not guarantee
  fairness between read and write locks, and that it will favor
  firewall chain readers over writers. This seemed acceptable since
  write operations to firewall chains protected by this lock tend to
  be less frequent than reads.
  
  Reviewed by:    andre, rwatson
  Tested by:      myself, seanc
  Silence on:     ipfw@
  MFC after:      1 month
  
  Revision  Changes    Path
  1.85      +69 -29    src/sys/netinet/ip_fw2.c