2012-05-04 20:17, Michael T. Davis wrote:
Where might we find the full thread of this topic?
+1
> Reading between
the lines, is it recommended that we should not enable NIC-based offload
processing under ipfilter?
That's what we had to do (on OpenSolaris SXCE). You can google up
many hits on "dohwcksum ipfilter" keywords, including PhilDev's
IPFilter FAQ. And yes, the problem is very old:
http://www.phildev.net/ipf/IPFsolaris.html#solaris15
http://mail.opensolaris.org/pipermail/networking-discuss/2005-September/000192.html
http://mail.opensolaris.org/pipermail/networking-discuss/2006-March/000953.html
http://comments.gmane.org/gmane.comp.security.firewalls.ipfilter/6026
"As is known, ipfilter NAT does not work correctly with hardware
checksumming."
http://www.colby.edu/personal/j/jaearick/sysadmin/sol10.ipfilter.upgrade
We could go on and on :)
//Jim
