Fwd: Please test ipfw and pf uid/gid/jail rules

Max Laier max at love2party.net
Mon Sep 29 22:08:38 UTC 2008 

On Tuesday 30 September 2008 00:02:04 Robert Watson wrote:
> On Mon, 29 Sep 2008, Max Laier wrote:
> > Please help testing.  It's been confirmed to work for IPFW, let's make
> > sure pf is in good shape, too.  Thanks.
>
> A casual glance at pf.c suggests that pf(4) doesn't suffer from the "look
> up the inpcb even though it's passed down if the socket pointer is NULL"
> bug that ipfw(4) did, but confirmation that things work properly would
> definitely be good.

http://www.freebsd.org/cgi/query-pr.cgi?pr=127439 looks like it could be 
related.  I think I see what's happening there, but unfortunately I don't have 
any time to look into it myself at the moment.  Might be a while before I get 
to it so additional eyes are certainly appreciated!

> Thanks,
>
> Robert N M Watson
> Computer Laboratory
> University of Cambridge
>
> > ----------  Forwarded Message  ----------
> >
> > Subject: Please test ipfw and pf uid/gid/jail rules
> > Date: Monday 29 September 2008
> > From: Robert Watson <rwatson at freebsd.org>
> > To: current at freebsd.org
> >
> >
> > Dear all:
> >
> > Although it didn't show up in 8.x testing to date, it turned out there
> > was a serious stability regression in the ipfw uid/gid/jail rule
> > implementation as a result of moving to rwlocks for inpcbinfo and inpcb. 
> > I think I've corrected the sources of the problem in 8.x and 7.x now, but
> > it would be very helpful if people who use ipfw and pf could do some
> > extra testing of these rules with invariants and witness enabled to see
> > if we can't shake out any remaining problems.
> >
> > Thanks,
> >
> > Robert N M Watson
> > Computer Laboratory
> > University of Cambridge
> > -------------------------------------------------------
> > --
> > /"\  Best regards,                      | mlaier at freebsd.org
> > \ /  Max Laier                          | ICQ #67774661
> > X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
> > / \  ASCII Ribbon Campaign              | Against HTML Mail and News

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

More information about the freebsd-pf mailing list