| #
55fea89d |
| 15-Aug-2023 |
Dan Cross |
15843 automation can fix many trailing whitespace cstyle nits
Reviewed by: Andy Fiddaman <illumos@fiddaman.net>
Approved by: Dan McDonald <danmcd@mnx.io>
|
| #
5338faaa |
| 01-Jan-2020 |
Toomas Soome |
12423 ipf: variable may be used uninitialized
Reviewed by: Robert Mustacchi <rm@fingolfin.org>
Reviewed by: Gary Mills <gary_mills@fastmail.fm>
Approved by: Dan McDonald <danmcd@joyent.co
12423 ipf: variable may be used uninitialized
Reviewed by: Robert Mustacchi <rm@fingolfin.org>
Reviewed by: Gary Mills <gary_mills@fastmail.fm>
Approved by: Dan McDonald <danmcd@joyent.com>
show more ...
|
| #
af5f29dd |
| 05-May-2017 |
Toomas Soome |
8164 ipf: bad preprocessor use and need FALLTHROUGH
Reviewed by: Jason King <jason.brian.king+illumos@gmail.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Alexander Pyhal
8164 ipf: bad preprocessor use and need FALLTHROUGH
Reviewed by: Jason King <jason.brian.king+illumos@gmail.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Alexander Pyhalov <apyhalov@gmail.com>
Approved by: Hans Rosenfeld <hans.rosenfeld@joyent.com>
show more ...
|
| #
58d7f9e6 |
| 18-Mar-2015 |
Robert Mustacchi |
5734 IPFGENITER needs to know when to hit the brakes
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Reviewed by: Richard Lowe <richlow
5734 IPFGENITER needs to know when to hit the brakes
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Garrett D'Amore <garrett@damore.org>
show more ...
|
| #
f507f892 |
| 30-Nov-2009 |
Paul Wernau |
6879740 ipnat rules can't be added into IP NAT because of regression of 6792026
|
| #
e8d569f4 |
| 19-Nov-2009 |
Alexandr Nedvedicky |
6772643 Packets dropped at ipfil_sendpkt if interface index is set at plumb time
6891782 ipftest fails to run
6897532 Race condition window arround fr_enable_active is still opened
689763
6772643 Packets dropped at ipfil_sendpkt if interface index is set at plumb time
6891782 ipftest fails to run
6897532 Race condition window arround fr_enable_active is still opened
6897632 nic_event_v* hook should check if IPF is running before it will proceed further
show more ...
|
| #
150efaaf |
| 17-Feb-2009 |
Darren Reed |
6805771 lint warning introduced with 6767239
|
| #
33f2fefd |
| 27-Jan-2009 |
Darren Reed |
5008943 /etc/init.d/ipfboot pause/resume functionality broken
5010756 "\" in configuration file does not work correctly
6181489 ipfilter sends out confusing messages.
6449288 Makefiles in
5008943 /etc/init.d/ipfboot pause/resume functionality broken
5010756 "\" in configuration file does not work correctly
6181489 ipfilter sends out confusing messages.
6449288 Makefiles in usr/src/cmd/ipf are missing CDDL
6449291 package prototype files in usr/src/pkgdefs/SUNWipfh missing CDDL
6508325 stale pfil-related rules in Makefile.rules
6661948 ipmon.pid file can be rendered invisible
6714319 IPFilter causes failure of IPv6 compliance tests.
6766614 fin_state costs more than it is worth
6767239 fin_nat causes more trouble than it is worth
6788299 Array overrun in ipfilter
6789766 ipfs usage output is misleading
6792026 ipnat panics in Divide zero exception
show more ...
|
| #
ea8244dc |
| 20-Nov-2008 |
John Ojemann |
6677460 ipfilter automatic flushing of state table entries needs to work the same as it does for NAT
6566976 state limit check works when limit is reached only
6566982 state limit is not chec
6677460 ipfilter automatic flushing of state table entries needs to work the same as it does for NAT
6566976 state limit check works when limit is reached only
6566982 state limit is not check when inserting states via IOCTL
show more ...
|
| #
dc0749f3 |
| 15-Sep-2008 |
John Ojemann |
6744741 IPfilter: fr_movequeue() should be made more efficient to improve performance
|
| #
7ddc9b1a |
| 08-Sep-2008 |
Darren Reed |
PSARC/2008/219 Committed API for packet interception
PSARC/2008/335 Corrections for Committed API for packet interception
PSARC/2008/557 Revision to net instance notification API
4844507
PSARC/2008/219 Committed API for packet interception
PSARC/2008/335 Corrections for Committed API for packet interception
PSARC/2008/557 Revision to net instance notification API
4844507 Solaris needs stable interface for packet filtering software
6705155 ipf_stack_init() assumes kmem_alloc with KM_NOSLEEP never fails
show more ...
|
| #
bb1d9de5 |
| 28-Aug-2008 |
John Ojemann |
6723135 IPfilter: It's possible for tcp fragments to be mishandled when nat is involved.
6716698 ipfilter: SIOCSTLCK ioctls call fr_lock() function without any error checking
6528022 IPfilter
6723135 IPfilter: It's possible for tcp fragments to be mishandled when nat is involved.
6716698 ipfilter: SIOCSTLCK ioctls call fr_lock() function without any error checking
6528022 IPfilter does not handle any bcopy failures correctly (if at all).
6714976 ipfilter: keep state doesn't interact properly with multicast
show more ...
|
| #
5b48165c |
| 28-Aug-2008 |
John Ojemann |
6713984 if a nat entry is created, but the packet gets blocked, the entry should be removed
6718524 ipfilter incorrectly tracks and handles orphan state table and nat table entries
6742115 IP
6713984 if a nat entry is created, but the packet gets blocked, the entry should be removed
6718524 ipfilter incorrectly tracks and handles orphan state table and nat table entries
6742115 IPfilter: NAT entries added with SIOCSTPUT are ignored if no rules exist.
6528443 ipnat -l shows more sessions than ipf_nattable_max
show more ...
|
| #
90907f62 |
| 14-Aug-2008 |
John Ojemann |
6644693 ipf panics because fnew.fin_qfm is not initialized in fr_send_ip()
6715082 ipfilter: can't delete a state entry using SIOCDELST ioctl
6732960 with a bit of massaging, a couple more NA
6644693 ipf panics because fnew.fin_qfm is not initialized in fr_send_ip()
6715082 ipfilter: can't delete a state entry using SIOCDELST ioctl
6732960 with a bit of massaging, a couple more NAT locks can be unlocked
show more ...
|
| #
ab073b32 |
| 01-Aug-2008 |
dr146992 |
6726575 ipfilter needs to be able to do randomised port mapping
6730614 random port numbers are in the wrong range of numbers
|
| #
d6c23f6f |
| 24-Jul-2008 |
yx160601 |
PSARC 2008/250 ipv6 NAT for IPFilter
6600474 RFE: Need ipv6 support on NAT
|
| #
cbded9ae |
| 18-Jul-2008 |
dr146992 |
6719268 enabling ipfilter causes up to 80% or more drop in packet throughput for multi-stream workloads
6721215 ipfilter panic in ipf:fr_derefrule after restoring state table
6723213 IPfilter
6719268 enabling ipfilter causes up to 80% or more drop in packet throughput for multi-stream workloads
6721215 ipfilter panic in ipf:fr_derefrule after restoring state table
6723213 IPfilter: NAT suffers performance hit by holding exclusive locks longer than required
show more ...
|
| #
786c7074 |
| 30-Apr-2008 |
jojemann |
6685076 ippool and other ipf utilities have possible race condition
6685092 ipfilter list processing function(s) have unsafe edge case(s)
|
| #
27dbc409 |
| 26-Mar-2008 |
an207044 |
6679754 Never ending chksum IPF storry continues - ICMP chksums are wrong
|
| #
17977493 |
| 21-Mar-2008 |
an207044 |
6629154 IPF NAT checksum evergreen - TCP hdr checksum is broken ... (fix lint)
|
| #
3c50f6d6 |
| 21-Mar-2008 |
an207044 |
6629154 IPF NAT checksum evergreen - TCP hdr checksum is broken on ce NICs
6641267 race condition nat_flushtable() and fr_check()
|
| #
8899fcfa |
| 14-Jan-2008 |
jojemann |
6500393 ipfilter should detect connection mix ups as result of redirection
6505444 ipnat doesn't accept multiple rdr rules with the same "ipmask dport -> ip" and different rdrports
|
| #
90b0a856 |
| 06-Nov-2007 |
jojemann |
6603271 ipnat -l demonstrates inconsistent behavior and can cause system to hang or panic
|
| #
24109627 |
| 17-Oct-2007 |
yx160601 |
6513019 wrong tcp checksum for nat ftp proxy when using e1000g
6529942 Flushing IPv6 filter rules causes panic
6575084 IPfilter's disguise just doesn't add up (and this synopsis isn't very he
6513019 wrong tcp checksum for nat ftp proxy when using e1000g
6529942 Flushing IPv6 filter rules causes panic
6575084 IPfilter's disguise just doesn't add up (and this synopsis isn't very helpful)
show more ...
|
| #
0e01ff8b |
| 15-Sep-2007 |
dr146992 |
6588495 IP can use the wrong interface for filtering/qos
6599516 locking in fr_natderef causes lock contention and performance drop
|