a b wrote:
Exactly. I have often wondered about this as well. What is the
advantage of ripping out IPF to be on the bleeding edge? I'd really
like to know.
<snip>
there are known, obvious limitations/bugs in sun's shipping product
in comparison with the "latest" ipf. why else would someone spend
a lot of time writing a web page detailing how one upgrades from
the OEM version to the current version?
minor:
type "ipfstat -t" on an amd64 system like the v20z.
what's the TTL field look like?
it's either 0:00 or some abnormally high (>2^20) integer value.
major:
NAT.
IPSEC panics.
handling of flags S.
coverity coverage.
is sun's version "good enough" for production use? maybe for some.
is it optimal? no.
are there new, unfound bugs in the "latest" ipf? probably.
jim
