From owner-freebsd-pf@FreeBSD.ORG Mon Sep 29 22:02:04 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A3A251065693 for ; Mon, 29 Sep 2008 22:02:04 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 7E1448FC16 for ; Mon, 29 Sep 2008 22:02:04 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTP id 1732B46B53; Mon, 29 Sep 2008 18:02:04 -0400 (EDT) Date: Mon, 29 Sep 2008 23:02:04 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Max Laier In-Reply-To: <200809292356.51500.max@love2party.net> Message-ID: References: <200809292356.51500.max@love2party.net> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-pf@freebsd.org Subject: Re: Fwd: Please test ipfw and pf uid/gid/jail rules X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2008 22:02:04 -0000 On Mon, 29 Sep 2008, Max Laier wrote: > Please help testing. It's been confirmed to work for IPFW, let's make sure > pf is in good shape, too. Thanks. A casual glance at pf.c suggests that pf(4) doesn't suffer from the "look up the inpcb even though it's passed down if the socket pointer is NULL" bug that ipfw(4) did, but confirmation that things work properly would definitely be good. Thanks, Robert N M Watson Computer Laboratory University of Cambridge > > ---------- Forwarded Message ---------- > > Subject: Please test ipfw and pf uid/gid/jail rules > Date: Monday 29 September 2008 > From: Robert Watson > To: current@freebsd.org > > > Dear all: > > Although it didn't show up in 8.x testing to date, it turned out there was a > serious stability regression in the ipfw uid/gid/jail rule implementation as a > result of moving to rwlocks for inpcbinfo and inpcb. I think I've corrected > the sources of the problem in 8.x and 7.x now, but it would be very helpful if > people who use ipfw and pf could do some extra testing of these rules with > invariants and witness enabled to see if we can't shake out any remaining > problems. > > Thanks, > > Robert N M Watson > Computer Laboratory > University of Cambridge > ------------------------------------------------------- > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News >