From owner-freebsd-net@FreeBSD.ORG  Wed Nov 10 16:14:09 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2CD7A16A4CE
	for <freebsd-net@freebsd.org>; Wed, 10 Nov 2004 16:14:09 +0000 (GMT)
Received: from mail.trippynames.com (mail.trippynames.com [38.113.223.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 08E6643D54
	for <freebsd-net@freebsd.org>; Wed, 10 Nov 2004 16:14:09 +0000 (GMT)
	(envelope-from sean@chittenden.org)
Received: from localhost (localhost [127.0.0.1])
	by mail.trippynames.com (Postfix) with ESMTP id 0C60EA6C8E;
	Wed, 10 Nov 2004 08:14:08 -0800 (PST)
Received: from mail.trippynames.com ([127.0.0.1])
 by localhost (rand.nxad.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP
 id 95317-04-2; Wed, 10 Nov 2004 08:14:06 -0800 (PST)
Received: from [192.168.123.123] (unknown [38.113.223.82])
	by mail.trippynames.com (Postfix) with ESMTP id 97F90A6C8B;
	Wed, 10 Nov 2004 08:14:06 -0800 (PST)
In-Reply-To: <35de0c30041110074662654d9b@mail.gmail.com>
References: <35de0c30041110074662654d9b@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v619)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <8AFDE7D8-3333-11D9-A34C-000A95C705DC@chittenden.org>
Content-Transfer-Encoding: 7bit
From: Sean Chittenden <sean@chittenden.org>
Date: Wed, 10 Nov 2004 08:14:05 -0800
To: Bryan Fullerton <fehwalker@gmail.com>
X-Mailer: Apple Mail (2.619)
cc: freebsd-net@freebsd.org
Subject: Re: ipfw jail and debug.mpsafenet
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2004 16:14:09 -0000

> I've upgraded my jail box to 5.3, and was thinking of updating ipfw
> rules to use the jail rule option. Both the ipfw man page and the 5.3
> Errata indicate that debug.mpsafenet must be set to 0 to prevent a
> system lock when using this rule option.
>
> Will setting debug.mpsafenet to 0 impact anything else on the box? A
> quick googling shows it could impact performance on SMP machines, but
> this is a uniproc box. Anything else I should keep an eye on?

Install the following patch from csjp@.  He'll be committing this in 
the next week or two.  Once applied and compiled, fell free to turn 
mpsafenet off.  :)

cd /usr/src/sys/netinet
fetch http://people.freebsd.org/~csjp/ip_fw2.c.1099500281.diff
patch -p0 < ip_fw2.c.1099500281.diff
cd /usr/src
make buildkernel
make installkernel
shutdown -r now
sysctl debug.mpsafenet=0

-sc

-- 
Sean Chittenden