Hey Max, thanks big-time for the help!
It's been just over 2 weeks with no LORs and no lockups. I've read the
man page probably a hundred times when setting up pf, but never saw the
bug. Wanted to confirm the fix with anyone else that may be struggling
like I was.
Would it be out of the question to throw a notice to syslog() if the
user or group filter? That would have saved me months of frustration.
Brad
Max Laier wrote:
From pf.conf(5):
BUGS
Due to a lock order reversal (LOR) with the socket layer, the use of the
group and user filter parameter in conjuction with a Giant-free netstack
can result in a deadlock. If you have to use group or user you must set
debug.mpsafenet to ``0'' from the loader(8), for the moment. This work-
around will still produce the LOR, but Giant will protect from the dead-
lock.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
