Re: Postfix timeouts

Gabriele Bulfon Thu, 24 Jan 2008 23:58:31 -0800
Wow....the list of bugs is long....and I don't understand why....do they bundle 
a modified version of ipfilter or do they build the sources with some strange 
flags????
And looking at the list....I see that even what Peter suggests (keep frags) 
would not work at all...
(
6605492 keep frag does not work with keep state for fragments
)
It seems I'll have to get my hands on all the installed machines and install 
from sources during hours I can reboot....
Gabriele.
Gabriele Bulfon - Sonicle S.r.l.
Tel +39 028246016 Int. 30 - Fax +39 028243880
Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY
http://www.sonicle.com
----------------------------------------------------------------------------------
Da: Paul B. Henson <[EMAIL PROTECTED]>
A: Gabriele Bulfon <[EMAIL PROTECTED]>
Cc: Ipfilter <[email protected]>
Data: 24 gennaio 2008 23.43.52 CET
Oggetto: Re: Postfix timeouts
On Wed, 23 Jan 2008, Gabriele Bulfon wrote:
> I see it more possible what Ken Jones said: bugs in the distribution of
> latest Solaris 10. Infact, I noticed that the machines having those
> problems are the ones I recently upgraded to new hardware and
> consequentely coming with newer releases of Solaris 10.
There are definitely lotso bugs in ipf in S10U4, including but not limited
to:
6603271 ipnat -l demonstrates inconsistent behavior and can cause system to
hang or panic
6531894 IPF blocks TCP SYN packets for connections in TIME_WAIT state some
clients can't reconnect
6605492 keep frag does not work with keep state for fragments
6593145 retransmitted ACK may initiate connection state transition
6562745 Adapt a better TCP statemachine emulation (fr_tcp_age()) from
upstream version
6562721 IPF should also check SACK when doing stateful inspection
6562648 IPF may drop connection, which chooses to scale window
6562635 TCP options are not processed correctly
6595876 state timer should be reset when retransmission is seen
6605492 keep frag does not work with keep state for fragments
I've had problems with SMTP, NFS, and a variety of other protocols <sigh>.
--
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  [EMAIL PROTECTED]
California State Polytechnic University  |  Pomona CA 91768
Re: Postfix timeouts

Reply via email to
