Subject: Re: PR/34284 CVS commit: [netbsd-3/netbsd-4]
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yancm@sdf.lonestar.org>
List: netbsd-bugs
Date: 09/17/2006 12:30:02
The following reply was made to PR kern/34284; it has been noted by GNATS.

From: yancm@sdf.lonestar.org
To: "Geert Hendrickx" <ghen@NetBSD.org>, gnats-bugs@NetBSD.org,
	kern-bug-people@NetBSD.org, gnats-admin@NetBSD.org,
	netbsd-bugs@NetBSD.org
Cc: 
Subject: Re: PR/34284 CVS commit: [netbsd-3/netbsd-4] 
     src/sys/dist/ipf/netinet
Date: Sun, 17 Sep 2006 07:25:36 -0500 (EST)

 > On Sat, Sep 16, 2006 at 05:22:40PM -0500, yancm@sdf.lonestar.org wrote:
 > One question (regarding 3.1_RC3), is the current situation (with only half
 > of the fix applied) better or worse than before?
 
 The partial answer is that it did not work in 3_Stable and still
 does not work.
 
 So basically I think these patches represent no obvious change.
 
 They only effect ippool. I can see no reason to think they would
 introduce any recursions. This changed code only gets compiled
 if the flag "options IPFILTER_LOOKUP" gets added to the kernel
 config anyway.
 
 I pulled my patches and put the clean netbsd-3 build on my home
 network server to test, but when I saw this broke it, I pulled
 back to my patches because I want to keep my protections enabled.
 
 I am building a vmware test machine up to 3_Stable (3_RC2) right
 now and will update my answer in a few hours if anything seems worse.
 
 Thanks,
 gene