Bug ID: 6564748 Fragments can be mishandled by ipfilter when using a custom NAT proxy

Bug ID	6564748
Synopsis	Fragments can be mishandled by ipfilter when using a custom NAT proxy
State	10-Fix Delivered (Fix available in build)
Category:Subcategory	network:ipfilter
Keywords	rtiq_reviewed
Responsible Engineer	Zhijun Fu
Reported Against
Duplicate Of
Introduced In	solaris_10
Commit to Fix	snv_71
Fixed In	snv_71
Release Fixed	solaris_nevada(snv_71) , solaris_10u5(s10u5_01) (Bug ID:2151087)
Related Bugs
Submit Date	1-June-2007
Last Update Date	7-September-2007
Description	If a packet is fragmented and the fragments are routed to a machine with ipfilter, the first packet is apparently intercepted while the remaining fragments pass through, which should not happen.
Work Around	The workaround for this bug is to always add NAT entries with SIOCPUTENT that have an associated NAT rule with them - ie. fill out the ipn_ipnat field in the nat_save_t and set ipn_nat.nat_ptr = &ipn_ipnat
Comments	N/A

OpenSolaris