PSARC 2009/542 Increase the maximum value of NGROUPS_MAX to 1024
4088757 Customer would like to increase ngroups_max more than 32
6853435 Many files incorrectly include the private <sys/cred_

PSARC 2009/542 Increase the maximum value of NGROUPS_MAX to 1024
4088757 Customer would like to increase ngroups_max more than 32
6853435 Many files incorrectly include the private <sys/cred_impl.h>

show more ...

6772643 Packets dropped at ipfil_sendpkt if interface index is set at plumb time
6891782 ipftest fails to run
6897532 Race condition window arround fr_enable_active is still opened
689763

6772643 Packets dropped at ipfil_sendpkt if interface index is set at plumb time
6891782 ipftest fails to run
6897532 Race condition window arround fr_enable_active is still opened
6897632 nic_event_v* hook should check if IPF is running before it will proceed further

show more ...

6857600 ipfilter parser chokes on short IPv6 fragments

6859479 IPF dup-to prevents packets to be forwarded to destination

6859313 large number of rules in ipfilter decreases throughput performance

6845913 fr_make_icmp_*() uses TH_SYN/TH_FIN for testing fin_flx - it's not the intention
6827271 ipfilter TCP state emulation ends up in 5/0 state (Established/Closed)
6562745 Adapt a better

6845913 fr_make_icmp_*() uses TH_SYN/TH_FIN for testing fin_flx - it's not the intention
6827271 ipfilter TCP state emulation ends up in 5/0 state (Established/Closed)
6562745 Adapt a better TCP statemachine emulation (fr_tcp_age()) from upstream version

show more ...

6688940 ipf module panicked in get_unit() on NULL pointer
6806909 panic[cpu1]/thread=c9089dc0: assertion failed: zoneid != ALL_ZONES, file: ../../common/inet/ip/ip.c
6770007 certain IPv6 NAT

6688940 ipf module panicked in get_unit() on NULL pointer
6806909 panic[cpu1]/thread=c9089dc0: assertion failed: zoneid != ALL_ZONES, file: ../../common/inet/ip/ip.c
6770007 certain IPv6 NAT rules send out packets with link-local address
6744109 incorrect processing of IPv6 fragments in IPfilter NAT v6
6807986 fin_flen serves no purpose.
6808921 some comments describing what cvwaitlock_t would be nice
6829227 ipfil_sendpkt() may trigger panic
6813307 memory leaks at frrequest

show more ...

6747420 ipfilter fr_send_reset()/fr_send_icmp() does not work for loopback clients

6681520 panic in frpr_icmp() when trying to access dblk previously freed in fr_coalesce()

6805771 lint warning introduced with 6767239

6800448 fix for 6726575 introduced floating-point into the kernel

5008943 /etc/init.d/ipfboot pause/resume functionality broken
5010756 "\" in configuration file does not work correctly
6181489 ipfilter sends out confusing messages.
6449288 Makefiles in

5008943 /etc/init.d/ipfboot pause/resume functionality broken
5010756 "\" in configuration file does not work correctly
6181489 ipfilter sends out confusing messages.
6449288 Makefiles in usr/src/cmd/ipf are missing CDDL
6449291 package prototype files in usr/src/pkgdefs/SUNWipfh missing CDDL
6508325 stale pfil-related rules in Makefile.rules
6661948 ipmon.pid file can be rendered invisible
6714319 IPFilter causes failure of IPv6 compliance tests.
6766614 fin_state costs more than it is worth
6767239 fin_nat causes more trouble than it is worth
6788299 Array overrun in ipfilter
6789766 ipfs usage output is misleading
6792026 ipnat panics in Divide zero exception

show more ...

6749429 printing out of fragment information is confused
6749445 ipfstat -f does not show ttl but rather expiration tick
6783820 IPF preauth crash
6730356 legacy test regressions: i2, i4,

6749429 printing out of fragment information is confused
6749445 ipfstat -f does not show ttl but rather expiration tick
6783820 IPF preauth crash
6730356 legacy test regressions: i2, i4, i11

show more ...

6677460 ipfilter automatic flushing of state table entries needs to work the same as it does for NAT
6566976 state limit check works when limit is reached only
6566982 state limit is not chec

6677460 ipfilter automatic flushing of state table entries needs to work the same as it does for NAT
6566976 state limit check works when limit is reached only
6566982 state limit is not check when inserting states via IOCTL

show more ...

6745640 The IP netinfo provider should set the family of sockaddr's it returns
6747137 zone shutdown finds free'd data in arp
6746721 NIC events are scheduled with pfhooks after protocol shut

6745640 The IP netinfo provider should set the family of sockaddr's it returns
6747137 zone shutdown finds free'd data in arp
6746721 NIC events are scheduled with pfhooks after protocol shutdown
6758618 a NULL shutdown function avoids destroy in stack closing
6758619 race condition between zone shtudown and module unloading
6761109 net_kstate_delete needs to be called from shutdown hook

show more ...

6748749 IPF: deletes NAT entry too early - packets sent by return-rst rule are sent untranslated
6752593 IPfilter: nat_touched and is_touched are no longer used, so they can be removed from head

6748749 IPF: deletes NAT entry too early - packets sent by return-rst rule are sent untranslated
6752593 IPfilter: nat_touched and is_touched are no longer used, so they can be removed from header file(s)

show more ...

6743637 ipfstat prints certain certain counters two times
6744095 fix c-style in ip_state.c in fr_matchstate() et. al.
6744100 add a comment for CR 6653172 to fil.c
6725139 OOW problem st

6743637 ipfstat prints certain certain counters two times
6744095 fix c-style in ip_state.c in fr_matchstate() et. al.
6744100 add a comment for CR 6653172 to fil.c
6725139 OOW problem still present after a patch 127888-09 has been applied
6657378 IPF address pools does not match addresses reliably for IPv6
6726717 IPF persistent tunables still don't work with stack instances
6743002 ipf_property_update() is too picky
6731974 incorrect calculation in fr_pullup
6749974 IPF does not know whether packet comes from local client (loopback) or from NIC interface

show more ...

PSARC 2008/382 Fast Reboot
6714038 Fast Reboot support for x86 platforms

6744741 IPfilter: fr_movequeue() should be made more efficient to improve performance

PSARC/2008/219 Committed API for packet interception
PSARC/2008/335 Corrections for Committed API for packet interception
PSARC/2008/557 Revision to net instance notification API
4844507

PSARC/2008/219 Committed API for packet interception
PSARC/2008/335 Corrections for Committed API for packet interception
PSARC/2008/557 Revision to net instance notification API
4844507 Solaris needs stable interface for packet filtering software
6705155 ipf_stack_init() assumes kmem_alloc with KM_NOSLEEP never fails

show more ...

6723135 IPfilter: It's possible for tcp fragments to be mishandled when nat is involved.
6716698 ipfilter: SIOCSTLCK ioctls call fr_lock() function without any error checking
6528022 IPfilter

6723135 IPfilter: It's possible for tcp fragments to be mishandled when nat is involved.
6716698 ipfilter: SIOCSTLCK ioctls call fr_lock() function without any error checking
6528022 IPfilter does not handle any bcopy failures correctly (if at all).
6714976 ipfilter: keep state doesn't interact properly with multicast

show more ...

6713984 if a nat entry is created, but the packet gets blocked, the entry should be removed
6718524 ipfilter incorrectly tracks and handles orphan state table and nat table entries
6742115 IP

6713984 if a nat entry is created, but the packet gets blocked, the entry should be removed
6718524 ipfilter incorrectly tracks and handles orphan state table and nat table entries
6742115 IPfilter: NAT entries added with SIOCSTPUT are ignored if no rules exist.
6528443 ipnat -l shows more sessions than ipf_nattable_max

show more ...

6644693 ipf panics because fnew.fin_qfm is not initialized in fr_send_ip()
6715082 ipfilter: can't delete a state entry using SIOCDELST ioctl
6732960 with a bit of massaging, a couple more NA

6644693 ipf panics because fnew.fin_qfm is not initialized in fr_send_ip()
6715082 ipfilter: can't delete a state entry using SIOCDELST ioctl
6732960 with a bit of massaging, a couple more NAT locks can be unlocked

show more ...

6726575 ipfilter needs to be able to do randomised port mapping
6730614 random port numbers are in the wrong range of numbers

PSARC 2008/250 ipv6 NAT for IPFilter
6600474 RFE: Need ipv6 support on NAT