On Wed, 23 Jan 2008, Gabriele Bulfon wrote: > I see it more possible what Ken Jones said: bugs in the distribution of > latest Solaris 10. Infact, I noticed that the machines having those > problems are the ones I recently upgraded to new hardware and > consequentely coming with newer releases of Solaris 10.
There are definitely lotso bugs in ipf in S10U4, including but not limited to: 6603271 ipnat -l demonstrates inconsistent behavior and can cause system to hang or panic 6531894 IPF blocks TCP SYN packets for connections in TIME_WAIT state some clients can't reconnect 6605492 keep frag does not work with keep state for fragments 6593145 retransmitted ACK may initiate connection state transition 6562745 Adapt a better TCP statemachine emulation (fr_tcp_age()) from upstream version 6562721 IPF should also check SACK when doing stateful inspection 6562648 IPF may drop connection, which chooses to scale window 6562635 TCP options are not processed correctly 6595876 state timer should be reset when retransmission is seen 6605492 keep frag does not work with keep state for fragments I've had problems with SMTP, NFS, and a variety of other protocols <sigh>. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768
