| #
94bdecd9 |
| 19-Sep-2014 |
Rob Gulewich <robert.gulewich@joyent.com> |
5198 Want alternate global zone rule set for each ipf netstack
5197 Global zone should be able to manage NGZ ipf state
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Robert Mustac
5198 Want alternate global zone rule set for each ipf netstack
5197 Global zone should be able to manage NGZ ipf state
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Reviewed by: Darren Reed <darrenr@fastmail.net>
Approved by: Richard Lowe <richlowe@richlowe.net>
show more ...
|
| #
14d3298e |
| 21-Sep-2009 |
Alexandr Nedvedicky <Alexandr.Nedvedicky@Sun.COM> |
6859313 large number of rules in ipfilter decreases throughput performance
|
| #
8ad74188 |
| 23-Oct-2008 |
Darren Reed <Darren.Reed@Sun.COM> |
6745640 The IP netinfo provider should set the family of sockaddr's it returns
6747137 zone shutdown finds free'd data in arp
6746721 NIC events are scheduled with pfhooks after protocol shutdown
675
6745640 The IP netinfo provider should set the family of sockaddr's it returns
6747137 zone shutdown finds free'd data in arp
6746721 NIC events are scheduled with pfhooks after protocol shutdown
6758618 a NULL shutdown function avoids destroy in stack closing
6758619 race condition between zone shtudown and module unloading
6761109 net_kstate_delete needs to be called from shutdown hook
show more ...
|
| #
40cdc2e8 |
| 26-Sep-2008 |
Alexandr Nedvedicky <Alexandr.Nedvedicky@Sun.COM> |
6743637 ipfstat prints certain certain counters two times
6744095 fix c-style in ip_state.c in fr_matchstate() et. al.
6744100 add a comment for CR 6653172 to fil.c
6725139 OOW problem still present
6743637 ipfstat prints certain certain counters two times
6744095 fix c-style in ip_state.c in fr_matchstate() et. al.
6744100 add a comment for CR 6653172 to fil.c
6725139 OOW problem still present after a patch 127888-09 has been applied
6657378 IPF address pools does not match addresses reliably for IPv6
6726717 IPF persistent tunables still don't work with stack instances
6743002 ipf_property_update() is too picky
6731974 incorrect calculation in fr_pullup
6749974 IPF does not know whether packet comes from local client (loopback) or from NIC interface
show more ...
|
| #
19397407 |
| 23-Sep-2008 |
Sherry Moore <Sherry.Moore@Sun.COM> |
PSARC 2008/382 Fast Reboot
6714038 Fast Reboot support for x86 platforms
|
| #
7ddc9b1a |
| 08-Sep-2008 |
Darren Reed <Darren.Reed@Sun.COM> |
PSARC/2008/219 Committed API for packet interception
PSARC/2008/335 Corrections for Committed API for packet interception
PSARC/2008/557 Revision to net instance notification API
4844507 Solaris need
PSARC/2008/219 Committed API for packet interception
PSARC/2008/335 Corrections for Committed API for packet interception
PSARC/2008/557 Revision to net instance notification API
4844507 Solaris needs stable interface for packet filtering software
6705155 ipf_stack_init() assumes kmem_alloc with KM_NOSLEEP never fails
show more ...
|
| #
cbded9ae |
| 19-Jul-2008 |
dr146992 <none@none> |
6719268 enabling ipfilter causes up to 80% or more drop in packet throughput for multi-stream workloads
6721215 ipfilter panic in ipf:fr_derefrule after restoring state table
6723213 IPfilter: NAT su
6719268 enabling ipfilter causes up to 80% or more drop in packet throughput for multi-stream workloads
6721215 ipfilter panic in ipf:fr_derefrule after restoring state table
6723213 IPfilter: NAT suffers performance hit by holding exclusive locks longer than required
show more ...
|
| #
882bd30b |
| 15-Jun-2007 |
dr146992 <none@none> |
6565376 NULL pointer panic in fr_authexpire
|
| #
23f4867f |
| 22-May-2007 |
nordmark <none@none> |
6555071 system panics on access to freed netstack instance
|
| #
f4b3ec61 |
| 20-Jan-2007 |
dh155122 <none@none> |
PSARC 2006/366 IP Instances
6289221 RFE: Need virtualized ip-stack for each local zone
6512601 panic in ipsec_in_tag - allocation failure
6514637 error message from dhcpagent: add_pkt_opt: option typ
PSARC 2006/366 IP Instances
6289221 RFE: Need virtualized ip-stack for each local zone
6512601 panic in ipsec_in_tag - allocation failure
6514637 error message from dhcpagent: add_pkt_opt: option type 60 is missing required value
6364643 RFE: allow persistent setting of interface flags per zone
6307539 RFE: Invalid network address causes zone boot failure
5041214 Allow IPMP configuration with zones
5005887 RFE: zoneadmd should support plumbing an interface via DHCP
4991139 RFE: zones should provide a mechanism to configure a defaultrouter for a zone
6218378 zoneadmd doesn't set the netmask for non-loopback addresses hosted on lo0
4963280 zones: need to virtualize the IPv6 default address selection mechanism
4963285 zones: need support of stateless address autoconfiguration for IPv6
5048068 zones don't boot if one of its interfaces has failed
5057154 RFE: ability to change interface status from within a zone
4963287 zones should support the plumbing of the first (and only) logical interface
4978517 TCP privileged port space should be partitioned per zone
5023347 zones don't work well with network routes other than default
4963372 investigate whether global zone can act as a router for local zones
6378364 RFE: Allow each zone to have its own virtual IPFilter
show more ...
|
| #
08ee25ae |
| 29-Oct-2006 |
dr146992 <none@none> |
6343157 svcadm disable ipfilter does not flush the rules
6484763 PFHOOKS breaks post-ACQUIRE ESP processing
6485599 msgpullup/pullupmsg now implies either M_DATA or M_MULTIDATA
6485731 panic in fil.c
6343157 svcadm disable ipfilter does not flush the rules
6484763 PFHOOKS breaks post-ACQUIRE ESP processing
6485599 msgpullup/pullupmsg now implies either M_DATA or M_MULTIDATA
6485731 panic in fil.c trying to release ipf_mutex while not held
6485761 ipfilter kernel module always enables itself on load
6485781 mutex_enter: bad mutex in ipflog_read
6485943 MSG_FWCOOKED_* survived attempted genocide
6486513 too much of a good thing can be bad
6486575 use ipf -D twice will panic the system
6487360 physical_in hook inserted twice into ip_input() for onnv putback
show more ...
|
| #
381a2a9a |
| 21-Oct-2006 |
dr146992 <none@none> |
PSARC/2005/334 Packet Filtering Hooks
PSARC/2006/321 ARP packet filtering Hooks
6401219 use of pullupmsg() considered destructive - clears h/w checksum flags
6418698 PSARC/2005/334 - Packet Filtering
PSARC/2005/334 Packet Filtering Hooks
PSARC/2006/321 ARP packet filtering Hooks
6401219 use of pullupmsg() considered destructive - clears h/w checksum flags
6418698 PSARC/2005/334 - Packet Filtering Hooks API
6449290 package prototype files in usr/src/pkgdefs/SUNWipfr missing CDDL
6449292 package prototype files in usr/src/pkgdefs/SUNWipfu missing CDDL
6449296 Makefiles for ipf kernel module building missing CDDL
6473996 "fastroute" + "nat" packets cause memory leaks in ipfilter
--HG--
rename : usr/src/cmd/ipf/etc/pfil.ap.sh => deleted_files/usr/src/cmd/ipf/etc/pfil.ap.sh
rename : usr/src/cmd/ipf/pfild/Makefile => deleted_files/usr/src/cmd/ipf/pfild/Makefile
rename : usr/src/cmd/ipf/pfild/pfild.c => deleted_files/usr/src/cmd/ipf/pfild/pfild.c
rename : usr/src/cmd/ipf/pfild/vas.c => deleted_files/usr/src/cmd/ipf/pfild/vas.c
rename : usr/src/cmd/ipf/svc/pfil => deleted_files/usr/src/cmd/ipf/svc/pfil
rename : usr/src/cmd/ipf/svc/pfil.xml => deleted_files/usr/src/cmd/ipf/svc/pfil.xml
rename : usr/src/uts/common/inet/pfil/compat.h => deleted_files/usr/src/uts/common/inet/pfil/compat.h
rename : usr/src/uts/common/inet/pfil/ndd.c => deleted_files/usr/src/uts/common/inet/pfil/ndd.c
rename : usr/src/uts/common/inet/pfil/os.h => deleted_files/usr/src/uts/common/inet/pfil/os.h
rename : usr/src/uts/common/inet/pfil/pfil.c => deleted_files/usr/src/uts/common/inet/pfil/pfil.c
rename : usr/src/uts/common/inet/pfil/pfil.conf => deleted_files/usr/src/uts/common/inet/pfil/pfil.conf
rename : usr/src/uts/common/inet/pfil/pfil.h => deleted_files/usr/src/uts/common/inet/pfil/pfil.h
rename : usr/src/uts/common/inet/pfil/pfild.h => deleted_files/usr/src/uts/common/inet/pfil/pfild.h
rename : usr/src/uts/common/inet/pfil/pfildrv.c => deleted_files/usr/src/uts/common/inet/pfil/pfildrv.c
rename : usr/src/uts/common/inet/pfil/pfilstream.c => deleted_files/usr/src/uts/common/inet/pfil/pfilstream.c
rename : usr/src/uts/common/inet/pfil/pkt.c => deleted_files/usr/src/uts/common/inet/pfil/pkt.c
rename : usr/src/uts/common/inet/pfil/qif.c => deleted_files/usr/src/uts/common/inet/pfil/qif.c
rename : usr/src/uts/common/inet/pfil/qif.h => deleted_files/usr/src/uts/common/inet/pfil/qif.h
rename : usr/src/uts/intel/pfil/Makefile => deleted_files/usr/src/uts/intel/pfil/Makefile
rename : usr/src/uts/sparc/pfil/Makefile => deleted_files/usr/src/uts/sparc/pfil/Makefile
rename : usr/src/uts/common/inet/pfil/misc.c => usr/src/uts/common/inet/ipf/misc.c
show more ...
|
| #
ab25eeb5 |
| 19-Jul-2006 |
yz155240 <none@none> |
PSARC 2006/082 IP Filter Code Merge on ip_fil4.1.9
4912568 ipftest ipf ipfstat ipnat ippool need a non-name resolution flag
5040248 ipfs -W fails to save kernel state tables
5081834 syntax parser rep
PSARC 2006/082 IP Filter Code Merge on ip_fil4.1.9
4912568 ipftest ipf ipfstat ipnat ippool need a non-name resolution flag
5040248 ipfs -W fails to save kernel state tables
5081834 syntax parser reports wrong error position and line number
5094575 keyword "netmask" is un-supported in ipnat.conf (4)
6181751 ipf parser fails on wrong subnet notations
6181773 ipf parser fails on wrong port ranges
6248745 ipnat drops packets if the IP header is not 32 bit aligned
6340621 RFE: IP Filter code merge on ip_fil4.1.9
6359805 ipf command incorrectly check options in rules and core dumps
6395837 ipnat tcpudp parsing is incomplete
6426469 IPFilter rejects IPv6 neighbour discovery packets
6447872 usr/src/common/ipf/ip_compat.h should not be CDDL
--HG--
rename : usr/src/common/ipf/bpf-ipf.h => usr/src/uts/common/inet/ipf/bpf-ipf.h
rename : usr/src/common/ipf/fil.c => usr/src/uts/common/inet/ipf/fil.c
rename : usr/src/common/ipf/ip_auth.c => usr/src/uts/common/inet/ipf/ip_auth.c
rename : usr/src/common/ipf/ip_fil_solaris.c => usr/src/uts/common/inet/ipf/ip_fil_solaris.c
rename : usr/src/common/ipf/ip_frag.c => usr/src/uts/common/inet/ipf/ip_frag.c
rename : usr/src/common/ipf/ip_htable.c => usr/src/uts/common/inet/ipf/ip_htable.c
rename : usr/src/common/ipf/ip_log.c => usr/src/uts/common/inet/ipf/ip_log.c
rename : usr/src/common/ipf/ip_lookup.c => usr/src/uts/common/inet/ipf/ip_lookup.c
rename : usr/src/common/ipf/ip_nat.c => usr/src/uts/common/inet/ipf/ip_nat.c
rename : usr/src/common/ipf/ip_pool.c => usr/src/uts/common/inet/ipf/ip_pool.c
rename : usr/src/common/ipf/ip_proxy.c => usr/src/uts/common/inet/ipf/ip_proxy.c
rename : usr/src/common/ipf/ip_state.c => usr/src/uts/common/inet/ipf/ip_state.c
rename : usr/src/common/ipf/ipf.h => usr/src/uts/common/inet/ipf/ipf.h
rename : usr/src/common/ipf/ipmon.h => usr/src/uts/common/inet/ipf/ipmon.h
rename : usr/src/common/ipf/ipt.h => usr/src/uts/common/inet/ipf/ipt.h
rename : usr/src/common/ipf/Makefile => usr/src/uts/common/inet/ipf/netinet/Makefile
rename : usr/src/common/ipf/ip_auth.h => usr/src/uts/common/inet/ipf/netinet/ip_auth.h
rename : usr/src/common/ipf/ip_compat.h => usr/src/uts/common/inet/ipf/netinet/ip_compat.h
rename : usr/src/common/ipf/ip_fil.h => usr/src/uts/common/inet/ipf/netinet/ip_fil.h
rename : usr/src/common/ipf/ip_frag.h => usr/src/uts/common/inet/ipf/netinet/ip_frag.h
rename : usr/src/common/ipf/ip_ftp_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_ftp_pxy.c
rename : usr/src/common/ipf/ip_h323_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_h323_pxy.c
rename : usr/src/common/ipf/ip_htable.h => usr/src/uts/common/inet/ipf/netinet/ip_htable.h
rename : usr/src/common/ipf/ip_ipsec_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_ipsec_pxy.c
rename : usr/src/common/ipf/ip_irc_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_irc_pxy.c
rename : usr/src/common/ipf/ip_lookup.h => usr/src/uts/common/inet/ipf/netinet/ip_lookup.h
rename : usr/src/common/ipf/ip_nat.h => usr/src/uts/common/inet/ipf/netinet/ip_nat.h
rename : usr/src/common/ipf/ip_netbios_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_netbios_pxy.c
rename : usr/src/common/ipf/ip_pool.h => usr/src/uts/common/inet/ipf/netinet/ip_pool.h
rename : usr/src/common/ipf/ip_proxy.h => usr/src/uts/common/inet/ipf/netinet/ip_proxy.h
rename : usr/src/common/ipf/ip_raudio_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_raudio_pxy.c
rename : usr/src/common/ipf/ip_rcmd_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_rcmd_pxy.c
rename : usr/src/common/ipf/ip_rpcb_pxy.c => usr/src/uts/common/inet/ipf/netinet/ip_rpcb_pxy.c
rename : usr/src/common/ipf/ip_state.h => usr/src/uts/common/inet/ipf/netinet/ip_state.h
rename : usr/src/common/ipf/ipl.h => usr/src/uts/common/inet/ipf/netinet/ipl.h
rename : usr/src/common/ipf/opts.h => usr/src/uts/common/inet/ipf/opts.h
rename : usr/src/common/ipf/radix.c => usr/src/uts/common/inet/ipf/radix.c
rename : usr/src/common/ipf/radix.h => usr/src/uts/common/inet/ipf/radix.h
rename : usr/src/common/ipf/solaris.c => usr/src/uts/common/inet/ipf/solaris.c
rename : usr/src/uts/common/inet/ipf/compat.h => usr/src/uts/common/inet/pfil/compat.h
rename : usr/src/uts/common/inet/ipf/misc.c => usr/src/uts/common/inet/pfil/misc.c
rename : usr/src/uts/common/inet/ipf/ndd.c => usr/src/uts/common/inet/pfil/ndd.c
rename : usr/src/uts/common/inet/ipf/os.h => usr/src/uts/common/inet/pfil/os.h
rename : usr/src/uts/common/inet/ipf/pfil.c => usr/src/uts/common/inet/pfil/pfil.c
rename : usr/src/uts/common/inet/ipf/pfil.conf => usr/src/uts/common/inet/pfil/pfil.conf
rename : usr/src/uts/common/inet/ipf/pfil.h => usr/src/uts/common/inet/pfil/pfil.h
rename : usr/src/common/ipf/pfild.h => usr/src/uts/common/inet/pfil/pfild.h
rename : usr/src/uts/common/inet/ipf/pfildrv.c => usr/src/uts/common/inet/pfil/pfildrv.c
rename : usr/src/uts/common/inet/ipf/pfilstream.c => usr/src/uts/common/inet/pfil/pfilstream.c
rename : usr/src/uts/common/inet/ipf/pkt.c => usr/src/uts/common/inet/pfil/pkt.c
rename : usr/src/uts/common/inet/ipf/qif.c => usr/src/uts/common/inet/pfil/qif.c
rename : usr/src/uts/common/inet/ipf/qif.h => usr/src/uts/common/inet/pfil/qif.h
show more ...
|