diff options
author | csjp <csjp@FreeBSD.org> | 2004-10-09 20:07:33 +0000 |
---|---|---|
committer | csjp <csjp@FreeBSD.org> | 2004-10-09 20:07:33 +0000 |
commit | 379f33f67e63494274ecc8fbe38edfbb09fd113e (patch) | |
tree | 3121d2a0c170abafd426ea454a352d218750bd6f /sbin | |
parent | 76d153d5cade06f73d4e0f5fcfd11070e73a09f0 (diff) | |
download | FreeBSD-src-379f33f67e63494274ecc8fbe38edfbb09fd113e.zip FreeBSD-src-379f33f67e63494274ecc8fbe38edfbb09fd113e.tar.gz |
Add a note to the man page warning users about possible lock order
reversals+system lock ups if they are using ucred based rules
while running with debug.mpsafenet=1.
I am working on merging a shared locking mechanism into ipfw which
should take care of this problem, but it still requires a bit more
testing and review.
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index e756807..e37b890 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -972,10 +972,14 @@ Matches all TCP or UDP packets sent by or received for a A .Ar group may be specified by name or number. +This option should be used only if debug.mpsafenet=0 to avoid +lock ordering issues which could result in system hard locks. .It Cm jail Ar prisonID Matches all TCP or UDP packets sent by or received for the jail whos prison ID is .Ar prisonID . +This option should be used only if debug.mpsafenet=0 to avoid +lock ordering issues which could result in system hard locks. .It Cm icmptypes Ar types Matches ICMP packets whose ICMP type is in the list .Ar types . @@ -1300,6 +1304,8 @@ Match all TCP or UDP packets sent by or received for a A .Ar user may be matched by name or identification number. +This option should be used only if debug.mpsafenet=0 to avoid +lock ordering issues which could result in system hard locks. .It Cm verrevpath For incoming packets, a routing table lookup is done on the packet's source address. @@ -2335,6 +2341,10 @@ the sleep terminates thus restoring the previous situation. .Xr sysctl 8 , .Xr syslogd 8 .Sh BUGS +Lock ordering issues could result in system hard locks if rules which +contain UID, GID or jail ID constraints and used with debug.mpsafenet +set to 1. +.Pp The syntax has grown over the years and sometimes it might be confusing. Unfortunately, backward compatibility prevents cleaning up mistakes made in the definition of the syntax. |