History log of /illumos-gate/usr/src/uts/common/inet/ipf/netinet/ip_fil.h (Results 1 – 25 of 27)
Revision Date Author Comments
# ae7a42b1 22-Feb-2018 Toomas Soome

9181 ipf: this use of "defined" may not be portable
Reviewed by: Yuri Pankov <yuripv@yuripv.net>
Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
Reviewed by: Alexander Pyhalov <apy

9181 ipf: this use of "defined" may not be portable
Reviewed by: Yuri Pankov <yuripv@yuripv.net>
Reviewed by: Andrew Stormont <andyjstormont@gmail.com>
Reviewed by: Alexander Pyhalov <apyhalov@gmail.com>
Approved by: Gordon Ross <gwr@nexenta.com>

show more ...


# af5f29dd 05-May-2017 Toomas Soome

8164 ipf: bad preprocessor use and need FALLTHROUGH
Reviewed by: Jason King <jason.brian.king+illumos@gmail.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Alexander Pyhal

8164 ipf: bad preprocessor use and need FALLTHROUGH
Reviewed by: Jason King <jason.brian.king+illumos@gmail.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Alexander Pyhalov <apyhalov@gmail.com>
Approved by: Hans Rosenfeld <hans.rosenfeld@joyent.com>

show more ...


# 5c5f1371 08-Jul-2012 Richard Lowe

2976 remove useless offsetof() macros
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>
Reviewed by: Andy Stormont <andyjstormont@

2976 remove useless offsetof() macros
Reviewed by: Josef 'Jeff' Sipek <jeffpc@josefsipek.net>
Reviewed by: Igor Kozhukhov <ikozhukhov@gmail.com>
Reviewed by: Andy Stormont <andyjstormont@gmail.com>
Approved by: Dan McDonald <danmcd@omniti.com>

show more ...


# 94bdecd9 19-Sep-2014 Rob Gulewich

5198 Want alternate global zone rule set for each ipf netstack
5197 Global zone should be able to manage NGZ ipf state
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: R

5198 Want alternate global zone rule set for each ipf netstack
5197 Global zone should be able to manage NGZ ipf state
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Reviewed by: Darren Reed <darrenr@fastmail.net>
Approved by: Richard Lowe <richlowe@richlowe.net>

show more ...


# 9c70e5c3 16-May-2011 Richard Lowe

1829 ipf and gcc4 could get along better
Reviewed by: Jason King <jason.brian.king@gmail.com>
Reviewed by: Joshua M. Clulow <josh@sysmgr.org>
Reviewed by: Robert Mustacchi <rm@joyent.com>

1829 ipf and gcc4 could get along better
Reviewed by: Jason King <jason.brian.king@gmail.com>
Reviewed by: Joshua M. Clulow <josh@sysmgr.org>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Gordon Ross <gwr@nexenta.com>

show more ...


# d0dd088c 10-May-2010 Alexandr Nedvedicky

6912962 Need to compute chksum for packet duped on loopback interface
6929403 IPF should discard packet silently on OOW event


# de22af4e 26-Apr-2010 John Ojemann

6918206 Packets double counted on with "call now" rules
6918859 pools should track bytes as well as packets for better usability
6921174 ippool -ld crashes if nodes are inserted with ioctl an

6918206 Packets double counted on with "call now" rules
6918859 pools should track bytes as well as packets for better usability
6921174 ippool -ld crashes if nodes are inserted with ioctl and policy rules are not in place

show more ...


# e8d569f4 19-Nov-2009 Alexandr Nedvedicky

6772643 Packets dropped at ipfil_sendpkt if interface index is set at plumb time
6891782 ipftest fails to run
6897532 Race condition window arround fr_enable_active is still opened
689763

6772643 Packets dropped at ipfil_sendpkt if interface index is set at plumb time
6891782 ipftest fails to run
6897532 Race condition window arround fr_enable_active is still opened
6897632 nic_event_v* hook should check if IPF is running before it will proceed further

show more ...


# 72680cf5 16-Jun-2009 Darren Reed

6688940 ipf module panicked in get_unit() on NULL pointer
6806909 panic[cpu1]/thread=c9089dc0: assertion failed: zoneid != ALL_ZONES, file: ../../common/inet/ip/ip.c
6770007 certain IPv6 NAT

6688940 ipf module panicked in get_unit() on NULL pointer
6806909 panic[cpu1]/thread=c9089dc0: assertion failed: zoneid != ALL_ZONES, file: ../../common/inet/ip/ip.c
6770007 certain IPv6 NAT rules send out packets with link-local address
6744109 incorrect processing of IPv6 fragments in IPfilter NAT v6
6807986 fin_flen serves no purpose.
6808921 some comments describing what cvwaitlock_t would be nice
6829227 ipfil_sendpkt() may trigger panic
6813307 memory leaks at frrequest

show more ...


# a1173273 22-May-2009 Alexandr Nedvedicky

6747420 ipfilter fr_send_reset()/fr_send_icmp() does not work for loopback clients


# 33f2fefd 27-Jan-2009 Darren Reed

5008943 /etc/init.d/ipfboot pause/resume functionality broken
5010756 "\" in configuration file does not work correctly
6181489 ipfilter sends out confusing messages.
6449288 Makefiles in

5008943 /etc/init.d/ipfboot pause/resume functionality broken
5010756 "\" in configuration file does not work correctly
6181489 ipfilter sends out confusing messages.
6449288 Makefiles in usr/src/cmd/ipf are missing CDDL
6449291 package prototype files in usr/src/pkgdefs/SUNWipfh missing CDDL
6508325 stale pfil-related rules in Makefile.rules
6661948 ipmon.pid file can be rendered invisible
6714319 IPFilter causes failure of IPv6 compliance tests.
6766614 fin_state costs more than it is worth
6767239 fin_nat causes more trouble than it is worth
6788299 Array overrun in ipfilter
6789766 ipfs usage output is misleading
6792026 ipnat panics in Divide zero exception

show more ...


# 43412a42 29-Dec-2008 Darren Reed

6749429 printing out of fragment information is confused
6749445 ipfstat -f does not show ttl but rather expiration tick
6783820 IPF preauth crash
6730356 legacy test regressions: i2, i4,

6749429 printing out of fragment information is confused
6749445 ipfstat -f does not show ttl but rather expiration tick
6783820 IPF preauth crash
6730356 legacy test regressions: i2, i4, i11

show more ...


# ea8244dc 20-Nov-2008 John Ojemann

6677460 ipfilter automatic flushing of state table entries needs to work the same as it does for NAT
6566976 state limit check works when limit is reached only
6566982 state limit is not chec

6677460 ipfilter automatic flushing of state table entries needs to work the same as it does for NAT
6566976 state limit check works when limit is reached only
6566982 state limit is not check when inserting states via IOCTL

show more ...


# 40cdc2e8 26-Sep-2008 Alexandr Nedvedicky

6743637 ipfstat prints certain certain counters two times
6744095 fix c-style in ip_state.c in fr_matchstate() et. al.
6744100 add a comment for CR 6653172 to fil.c
6725139 OOW problem st

6743637 ipfstat prints certain certain counters two times
6744095 fix c-style in ip_state.c in fr_matchstate() et. al.
6744100 add a comment for CR 6653172 to fil.c
6725139 OOW problem still present after a patch 127888-09 has been applied
6657378 IPF address pools does not match addresses reliably for IPv6
6726717 IPF persistent tunables still don't work with stack instances
6743002 ipf_property_update() is too picky
6731974 incorrect calculation in fr_pullup
6749974 IPF does not know whether packet comes from local client (loopback) or from NIC interface

show more ...


# 7ddc9b1a 08-Sep-2008 Darren Reed

PSARC/2008/219 Committed API for packet interception
PSARC/2008/335 Corrections for Committed API for packet interception
PSARC/2008/557 Revision to net instance notification API
4844507

PSARC/2008/219 Committed API for packet interception
PSARC/2008/335 Corrections for Committed API for packet interception
PSARC/2008/557 Revision to net instance notification API
4844507 Solaris needs stable interface for packet filtering software
6705155 ipf_stack_init() assumes kmem_alloc with KM_NOSLEEP never fails

show more ...


# bb1d9de5 28-Aug-2008 John Ojemann

6723135 IPfilter: It's possible for tcp fragments to be mishandled when nat is involved.
6716698 ipfilter: SIOCSTLCK ioctls call fr_lock() function without any error checking
6528022 IPfilter

6723135 IPfilter: It's possible for tcp fragments to be mishandled when nat is involved.
6716698 ipfilter: SIOCSTLCK ioctls call fr_lock() function without any error checking
6528022 IPfilter does not handle any bcopy failures correctly (if at all).
6714976 ipfilter: keep state doesn't interact properly with multicast

show more ...


# 5b48165c 28-Aug-2008 John Ojemann

6713984 if a nat entry is created, but the packet gets blocked, the entry should be removed
6718524 ipfilter incorrectly tracks and handles orphan state table and nat table entries
6742115 IP

6713984 if a nat entry is created, but the packet gets blocked, the entry should be removed
6718524 ipfilter incorrectly tracks and handles orphan state table and nat table entries
6742115 IPfilter: NAT entries added with SIOCSTPUT are ignored if no rules exist.
6528443 ipnat -l shows more sessions than ipf_nattable_max

show more ...


# ab073b32 01-Aug-2008 dr146992

6726575 ipfilter needs to be able to do randomised port mapping
6730614 random port numbers are in the wrong range of numbers


# d6c23f6f 24-Jul-2008 yx160601

PSARC 2008/250 ipv6 NAT for IPFilter
6600474 RFE: Need ipv6 support on NAT


# cbded9ae 18-Jul-2008 dr146992

6719268 enabling ipfilter causes up to 80% or more drop in packet throughput for multi-stream workloads
6721215 ipfilter panic in ipf:fr_derefrule after restoring state table
6723213 IPfilter

6719268 enabling ipfilter causes up to 80% or more drop in packet throughput for multi-stream workloads
6721215 ipfilter panic in ipf:fr_derefrule after restoring state table
6723213 IPfilter: NAT suffers performance hit by holding exclusive locks longer than required

show more ...


# f17d2b41 15-May-2008 an207044

6505685 Problems with applying "to" rule in IP Filter
6562635 TCP options are not processed correctly
6562648 IPF may drop connection, which chooses to scale window
6562721 IPF should als

6505685 Problems with applying "to" rule in IP Filter
6562635 TCP options are not processed correctly
6562648 IPF may drop connection, which chooses to scale window
6562721 IPF should also check SACK when doing stateful inspection
6595876 state timer should be reset when retransmission is seen
6651775 ipf does not handle half estab. connections well (conn. hangs with connection match result 4/0)

show more ...


# 786c7074 30-Apr-2008 jojemann

6685076 ippool and other ipf utilities have possible race condition
6685092 ipfilter list processing function(s) have unsafe edge case(s)


# 90b0a856 06-Nov-2007 jojemann

6603271 ipnat -l demonstrates inconsistent behavior and can cause system to hang or panic


# 966f126d 10-Mar-2007 zf203873

6528779 mdb findleaks reports memory leak in ipfilter


# f4b3ec61 20-Jan-2007 dh155122

PSARC 2006/366 IP Instances
6289221 RFE: Need virtualized ip-stack for each local zone
6512601 panic in ipsec_in_tag - allocation failure
6514637 error message from dhcpagent: add_pkt_opt

PSARC 2006/366 IP Instances
6289221 RFE: Need virtualized ip-stack for each local zone
6512601 panic in ipsec_in_tag - allocation failure
6514637 error message from dhcpagent: add_pkt_opt: option type 60 is missing required value
6364643 RFE: allow persistent setting of interface flags per zone
6307539 RFE: Invalid network address causes zone boot failure
5041214 Allow IPMP configuration with zones
5005887 RFE: zoneadmd should support plumbing an interface via DHCP
4991139 RFE: zones should provide a mechanism to configure a defaultrouter for a zone
6218378 zoneadmd doesn't set the netmask for non-loopback addresses hosted on lo0
4963280 zones: need to virtualize the IPv6 default address selection mechanism
4963285 zones: need support of stateless address autoconfiguration for IPv6
5048068 zones don't boot if one of its interfaces has failed
5057154 RFE: ability to change interface status from within a zone
4963287 zones should support the plumbing of the first (and only) logical interface
4978517 TCP privileged port space should be partitioned per zone
5023347 zones don't work well with network routes other than default
4963372 investigate whether global zone can act as a router for local zones
6378364 RFE: Allow each zone to have its own virtual IPFilter

show more ...


12