On Thu, May 18, 2006 at 05:01:12PM -0400, Jim Sandoz wrote: > a b wrote: > >Exactly. I have often wondered about this as well. What is the > >advantage of ripping out IPF to be on the bleeding edge? I'd really > >like to know. > ><snip> > > there are known, obvious limitations/bugs in sun's shipping product > in comparison with the "latest" ipf. why else would someone spend > a lot of time writing a web page detailing how one upgrades from > the OEM version to the current version? > > minor: > type "ipfstat -t" on an amd64 system like the v20z. > what's the TTL field look like? > it's either 0:00 or some abnormally high (>2^20) integer value. > > major: > NAT. > IPSEC panics. > handling of flags S. > coverity coverage. > > is sun's version "good enough" for production use? maybe for some. > is it optimal? no. > are there new, unfound bugs in the "latest" ipf? probably.
Same reason the first thing anyone who deals with Solaris does is install the GNU utilities and completely ignore the Solaris utilities. ;) -- Phil Dibowitz [EMAIL PROTECTED] Freeware and Technical Pages Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759
signature.asc
Description: Digital signature
