On Sat, 27 Sep 2008, Robert Watson wrote:
Rather than shadowing global variable 'lookup' in check_uidgid(),
rename
it to ugid_lookupp. This should make debugging issues with ipfw uid
rules easier.
Still panics:
Something seems odd here, we may be looking at an ipfw bug. The goal of
passing down the inpcb is that ipfw doesn't have to look it up (and hence
avoids acquiring locks in ipfw on the outbound path) -- the stack arguments
clearly show it held in ipfw, but locks are acquired anyway. This
particular change was purely cosmetic, but I'll review the ipfw code more
closely and see about a fix...
Indeed -- when an inpcb doesn't have a socket, ipfw will go ahead and do a
lookup for an inpcb even though one is passed down. I've committed a change
that short-circuits that and marks the credential lookup as failed. Give it a
try now?
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
