OBSOLETE Patch-ID# 114344-43
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security arp_publish_count ipmp ipgpc ipqos dlcosmk ipsecah ifconfig icmp qnextless udp
Synopsis: Obsoleted by: 122300-62 SunOS 5.9: arp, dlcosmk, ip, and ipgpc Patch
Date: Mar/05/2010
Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reconfigure reboot is performed. Unless otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reconfigure reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.
Solaris Release: 9
SunOS Release: 5.9
Unbundled Product:
Unbundled Release:
Xref: This patch available for x86 as patch 119435 and 114348
Topic: SunOS 5.9: arp, dlcosmk, ip, and ipgpc Patch
*********************************************************************
NOTE: This patch may contain one or more OEM-specific platform ports.
See the appropriate OEM_NOTES file within the patch for
information specific to these platforms.
DO NOT INSTALL this patch on an OEM system if a corresponding
OEM_NOTES file is not present (or is present, but instructs not
to install the patch), unless the OEM vendor directs otherwise.
*********************************************************************
Relevant Architectures: sparc sparc.sun4u
Bugs fixed with this patch:
Changes incorporated in this version: 6634488
Patches accumulated and obsoleted by this patch: 112652-03 112698-02 112714-02 112854-02 112906-03 112911-16 112914-04 113153-01 113155-01 113459-05 113964-11 115016-01 116536-01 117140-02 118305-10 120464-03
Patches which conflict with this patch:
Patches required with this patch: 112233-12 112912-01 115683-03 (or greater)
Obsoleted by: 122300-62
Files included with this patch:
/etc/default/inetinit
/etc/init.d/inetinit
/etc/init.d/inetsvc
/etc/init.d/network
/etc/rc0.d/K42inetsvc
/etc/rc0.d/K43inet
/etc/rc1.d/K42inetsvc
/etc/rc1.d/K43inet
/etc/rc2.d/S69inet
/etc/rc2.d/S72inetsvc
/etc/rcS.d/K42inetsvc
/etc/rcS.d/K43inet
/etc/rcS.d/S30network.sh
/kernel/drv/arp
/kernel/drv/icmp
/kernel/drv/icmp6
/kernel/drv/ip
/kernel/drv/ipsecah
/kernel/drv/sparcv9/arp
/kernel/drv/sparcv9/icmp
/kernel/drv/sparcv9/icmp6
/kernel/drv/sparcv9/ip
/kernel/drv/sparcv9/ipsecah
/kernel/drv/sparcv9/spdsock
/kernel/drv/sparcv9/tcp
/kernel/drv/sparcv9/udp
/kernel/drv/spdsock
/kernel/drv/tcp
/kernel/drv/udp
/kernel/ipp/dlcosmk
/kernel/ipp/ipgpc
/kernel/ipp/sparcv9/dlcosmk
/kernel/ipp/sparcv9/ipgpc
/kernel/strmod/arp
/kernel/strmod/icmp
/kernel/strmod/icmp6
/kernel/strmod/ip
/kernel/strmod/ipsecah
/kernel/strmod/sparcv9/arp
/kernel/strmod/sparcv9/icmp
/kernel/strmod/sparcv9/icmp6
/kernel/strmod/sparcv9/ip
/kernel/strmod/sparcv9/ipsecah
/kernel/strmod/sparcv9/tcp
/kernel/strmod/sparcv9/udp
/kernel/strmod/tcp
/kernel/strmod/udp
/platform/SUNW,Ultra-Enterprise-10000/kernel/drv/idn
/platform/SUNW,Ultra-Enterprise-10000/kernel/drv/sparcv9/idn
/sbin/ifconfig
/sbin/in.mpathd
/usr/include/inet/arp.h
/usr/include/inet/common.h
/usr/include/inet/ip.h
/usr/include/inet/ip_if.h
/usr/include/inet/tcp.h
/usr/include/ipmp.h
/usr/include/ipmp_mpathd.h
/usr/include/ipmp_query.h
/usr/include/ipp/ipgpc/ipgpc.h
/usr/include/net/if.h
/usr/include/netinet/in.h
/usr/lib/abi/abi_libipmp.so.1
/usr/lib/adb/sparcv9/tcp
/usr/lib/adb/tcp
/usr/lib/inet/in.mpathd
/usr/lib/libipmp.so
/usr/lib/libipmp.so.1
/usr/lib/llib-lipmp
/usr/lib/llib-lipmp.ln
/usr/sbin/6to4relay
/usr/sbin/if_mpadm
/usr/sbin/ifconfig
/usr/sbin/in.routed
Problem Description:
6634488 bind() to a reserved port fails on Solaris 9 when euid is 0
(from 114344-42)
6827495 IDN fails after installing 114344-37 on Solaris 9, E10k. WARNING: mod_load: cannot load module 'idn'
(from 114344-41)
6741377 in.mpathd dumps core when running in a Solaris 8 branded zone
(from 114344-40)
6706648 security: patch 114344-35 overwrites modified /etc/default/inetinit
(from 114344-39)
6708106 IPMP standby interface responds to the multicast ping requests
(from 114344-38)
6673488 IPsec and IP need to disallow self-encapsulated packets without IPsec protection
(from 114344-37)
6507173 sockets should allocate minor numbers from higher order arena
(from 114344-36)
4956997 DL_{EN,DIS}ABMULTI_REQ handling in IP is out-of-order
(from 114344-35)
6402737 IP spends too much time identifying bad remote host when under SYN attack
(from 114344-34)
6621380 panic in ip_rput_local_options caused by IP-in-IP packet
(from 114344-33)
5079629 multicast joins may fail due to holes in ARP and IP
(from 114344-32)
4773220 provide API to set source address of UDP/IPv4 datagrams
6240205 IP fragments issue
6564842 assertion failed: ire->ire_type != 0x0020, file: ../../common/inet/ip/ip.c, line : 4253
(from 114344-31)
6532784 no-op SIOCSLIFFLAGS from in.mpathd impacts performance under stress tests
(from 114344-30)
6498249 ripv2 client not updating network route with lower metric
(from 114344-29)
6561086 patch 114344-25 affects Oracle/RAC performance dramatically
(from 114344-28)
6459412 ip_strict_dst_multihoming does not handle multiple i/f with same IP address
(from 114344-27)
4758660 panic in IP forwarding path after unplumb due to stale b_queue
(from 114344-26)
6544921 security: patch 114344-25 overwrites modified /etc/init.d/inetinit
(from 114344-25)
6176096 issues with IP fragment handling
6210681 null pointer in ill_frag_free_pkts
6259467 ill_frag_prune() can be invoked with negative number as second argument
(from 114344-24)
6510392 unneeded hard dependency on 112903-03 caused conflict in audits, 114344-23 failed release
(from 114344-23)
4157198 ARP cache inconsistency between ARP and IP modules
4978063 SO_DONTROUTE option causes ARP traffic for every frame
6309829 memory leak in in.routed
6318725 in.routed walk_bad core dump
6463069 fix for CR 4157198 causes neg_advice_on_R1_{conn_a,conn_p,est} test failure
(from 114344-22)
6301112 Mangled Neighbor Solicitation messages out of Solaris in IPMP configuration with IPv6
6310343 IPMP selects failed interfaces link local address
6395535 IPMP configured system will reply with MAC/Link local address mismatch for ICMP echo reply
(from 114344-21)
4825472 IPMPs in.mpathd causes unnecessary failovers if started without usable routers
5019039 in.mpathd induces icmp hurricanes in single-router environments
(from 114344-20)
4294701 2 same routing entries for loopback interfaces
6241739 reassembly of an ipv6 frag of frag causes fault
(from 114344-19)
6257723 source address selection is wrong if IPMP is enabled
6331032 in.routed deletes aggregated passive routes through remote gateways
(from 114344-18)
4796820 IPMP starts outgoing traffic on failed interface with option FAILBACK=no
5084073 fix for 4796820 is not enough
6220619 IGMP messages are not sent out when interfaces fail over
(from 114344-17)
6332525 when NIC goes down temporarily before accept(), tcp connection is made IDLE
(from 114344-16)
6227733 need improved scalability in ipsec policy engine
4867136 ipsec_find_sel may return holding the HASH_LOCK
(from 114344-15)
4690625 logging doesn't seem to happen anymore
(from 114344-14)
4658177 panic while doing ifconfig addif on a partially configured tunnel
(from 114344-13)
6212756 UDP checksum 0x0000 not substituted with 0xffff for UDP over IPv6 packets
(from 114344-12)
4963675 Multicast Routing does not work over IP-in-IP tunnels (e.g. ip.tunXXX)
(from 114344-11)
6214946 publishing an ARP entry causes source Ether Addr issue
(from 114344-10)
6235832 panic in IP module during e1000g bind processing
(from 114344-09)
4653899 ARP packet processing issue
5084344 panic caused by NULL pointer dereference in ipif_mask_reply()
(from 114344-08)
4969154 ping -r (SO_DONTROUTE) to IRE_LOOPBACK/IRE_LOCAL ipif_net_type fails
(from 114344-07)
4980989 for NS not transmitted, the connectivity of IP is lost
4737760 memory leak in nce_xmit()
4984037 ipif_lookup_onlink_addr() can return ipif_t's which are not IPIF_UP
5018661 IP goes in loop in forwarding path
(from 114344-06)
4671440 broadcast packet uses deprecated interface's source address
4772797 broadcast interface response to NOLOCAL and ANYCAST needs to be fixed
(from 114344-05)
4838049 panic in module IP when running NGDR
5025728 multicast on loopback interface supports one listener only
(from 114344-04)
4693464 DL_NOTE_PHYS_ADDR notifications do not send gratuitous ARP requests
(from 114344-03)
4914143 netstat takes long time to return and causes queue-ing in 'ip' syncq
(from 114344-02)
4715897 ARP falsely assumes only one AR_INTERFACE_UP can occur at a time
(from 114344-01)
4777791 arp_publish_count should be increased
(from 112906-03)
4984625 IPP modules need to be re-compiled after a change to ill_t structure
(from 112906-02)
4664957 ipqosconf's uid filter parameter doesn't understand us
(from 112906-01)
This revision accumulates S9U1 feature point patch 112714-02.
(from 112714-02)
This revision synchronizes package version strings between s9 and s9u1.
(from 112714-01)
4647361 Solaris needs IPQoS feature
4644731 IPQoS project degrades netbench performance when feature is disabled
(from 116536-01)
4984625 IPP modules need to be re-compiled after a change to ill_t structure
(from 117140-02)
Add dependency on 112233-12.
(from 117140-01)
4963771 memory leak in SADB EEXIST error path
4974963 available replacement outbound SAs are not always used
4977677 newer SAs should be used over older ones
(from 120464-03)
6302789 in.routed deletes network routes configured in /etc/gateways after 5 min. on x86
(from 120464-02)
6229034 in.mpathd will abort on deferred probes with 0ms round-trip times
(from 120464-01)
5062168 network/physical unconditionally tries to configure all interfaces
(from 112911-16)
5096257 in.routed does not support more than 8 default routes
6231263 default router specified in /etc/gateways removed by in.routed in 5 minutes
6227282 bug in in.routed:walk_bad()
(from 112911-15)
4691277 IPMP wraps probe sequence numbers incorrectly
(from 112911-14)
4783283 in.routed doesn't allow passive or external default route
4863621 in.routed does not configure routing properly
4817668 in.routed can send conflicting information by RDISC and RIP
4879396 in.routed needs to join mcast group when promoting IS_DUP intf to lead intf
4678130 in.routed whines about expired redirects
6195122 in.routed does not pick alternatives to bad routes properly
4775648 in.routed should log address that causes trouble
4763906 in.routed complains it's "unable to obtain kstats for"
4675796 in.routed far too aggressive in marking interfaces as broken
4703864 routed should have remote TRACEON with RIP disabled
4806220 in.routed complains when it tries to join a group multiple times
4799577 missing error string in log message
4728429 in.routed -t doesn't turn on tracing
4728541 noise from in.routed while running cgtp tests
5073668 in.routed dumps core
4637330 new in.routed rdisc behavior is bad
4703689 messages extracted from rtquery has I18N problem
5005545 in.routed diagnostic message needs more info
4995674 in.routed fails to add routing entries if I/F is unplumbed/plumbed < 2 minutes
4751531 in.routed is mishandling redirects
4828297 in.routed deleting route for local subnet
4798787 in.routed sends incorrect routing socket messages
4648299 in.routed fails to discover default router on multi-homed host via discovery
5018864 in.routed is not parsing rip advs correctly
(from 112911-13)
5013238 in.mpathd prints "Cannot meet requested failure detection time" frequently
5078640 in.mpathd uses probe_interval as global variable
(from 112911-12)
5049232 in.routed drops core
(from 112911-11)
4995674 in.routed fails to add routing entries if I/F unplumbed/plumbed < 2 minutes
5073182 install ifconfig patch unexpectedly overwritten preserve config file
(from 112911-10)
5035061 in.routed deleted passive routes through remote gateways
(from 112911-09)
4783283 in.routed doesn't allow passive or external default route
5018864 in.routed is not parsing rip advs correctly
4971665 default routes on multihomed machine dwindles to 1 for 30 sec
(from 112911-08)
4915436 in.routed should stop talking trash during network errors
(from 112911-07)
4773326 PSARC 2003/325 Set hostname locally when not provided by dhcp server
4837086 CMSG_FIRSTHDR should return NULL when controllen == 0
(from 112911-06)
4929493 Network Client Mode does not work in Solaris 8/9
(from 112911-05)
4959954 circular patch dependency exists amongst patches 112911 112914 113964
(from 112911-04)
4777295 IP Multipathing Query Interface
4775897 events for IPMP anonymous group should be just like named groups
(from 112911-03)
4688704 Solaris should implement 6to4 Router as per RFC3056
4688392 tun module needs more atomic operations for single counter updates
4688398 tun module needs better debugging facility
4694560 typo in kstat name for tuns_OutDiscard (noxmtbuF)
4660167 tunnel module incorrectly calls into IP
(from 112911-02)
This revision accumulates S9U2 feature point patch 113155-01.
(from 112911-01)
This revision accumulates S9U1 feature point patch 112652-03.
(from 112652-03)
This revision synchronizes package version strings between S9 and S9U1.
(from 112652-02)
4479794 can't configure tunnels over IPv6
4396697 IPv6 tunnel support needed
4425786 ifconfig prints tunnel addresses incorrectly
4417647 snoop handles unknown IPv6 destination options incorrectly
4592876 in.ndpd daemonizes too soon
4648388 snoop's parsing of tunnel encap limit dst opts goes off into the weeds
(from 112652-01)
4488694 no mechanism to indicate if interface supports CoS marking or not
(from 113155-01)
4661975 in.mpathd needs to be dynamically linked
4676731 PSARC/2002/137 IPMP Asynchronous Event Definitions
(from 113964-11)
4865207 system drops into the single-user mode with invalid /etc/hostname.xxx
(from 113964-10)
4859127 in.routed -T /var/tmp/tracefile -zzzz dumps core
(from 113964-09)
4828297 in.routed deleting route for local subnet
4836677 in.routed core dumps on Sun Cluster with SCI interfaces
(from 113964-08)
4803389 in.mpathd's lightweight router target selection logic KO'd by 4673190
4834142 redundant call to phyint_repaired() in initifs() can "lose" a probe
(from 113964-07)
4777295 IP Multipathing Query Interface
4775897 events for IPMP anonymous group should be just like named groups
(from 113964-06)
4685978 IPMP does not detect NIC repair when only one of two targets is up
4808860 mpathd deletes target list of phyints in all groups when link fails in one group
(from 113964-05)
4804756 patch 112914-04 fails during Live Upgrade
(from 113964-04)
4804064 'Bad string' is displayed on console
(from 113964-03)
4673190 RDISC of in.routed needs support of multiple default routes with same pref value
4728056 in.routed may core if fix_up_ip_forwarding() fails
4705755 in.routed: remote queries rely on proxy ARP incorrectly
(from 113964-02)
4699047 in.routed observed ripping up interface routes
4726444 interface routes appear to be ripped up
4639729 in.routed sends useless RTM_ADD daemon.error messages to syslog
4728423 sending two SIGUSR1 signals to in.routed causes termination
(from 113964-01)
4688704 Solaris should implement 6to4 Router as per RFC3056
4688392 tun module needs more atomic operations for single counter updates
4688398 tun module needs better debugging facility
4694560 typo in kstat name for tuns_OutDiscard (noxmtbuF)
4660167 tunnel module incorrectly calls into IP
(from 112914-04)
4690565 in.routed[126]: setsockopt(IP_ADD_MEMBERSHIP RIP): Address already in use
(from 112914-03)
This revision accumulates S9U2 feature point patch 113153-01.
(from 112914-02)
4701276 in.routed core dumps in Sun Cluster
(from 112914-01)
This revision accumulates S9U1 feature point patch 112698-02.
(from 112698-02)
This revision synchronizes package version strings between S9 and S9U1.
(from 112698-01)
1148813 subnet routes turn into host routes (routed)
1240645 in.routed: add support for subnet number of all 0's or all 1's per RFC 1812
4075054 Solaris 2.6 doesn't deliver routing daemon to support variable length subnet
4327168 in.routed replies for RIP cmd request with norip option
4341344 in.rdisc does not generate advertisements with lifetime of zero
4475921 in.routed rtlookup in addrouteforif() has poor error checking
4532805 ip_icmp.h is missing some necessary definitions
4532808 in.routed is not lint-clean
4532860 snoop should support RIPv2
4559001 <protocols/routed.h> needs RIP-2 definitions
4587434 net/route.h should have latest BSD RTAX_* defines
4637330 new in.routed rdisc behavior is bad
4635766 in.routed loses control when ripped off
4637788 in.routed aggregating away learned routes because of static default route
4648299 in.routed fails to discover default router on multi-homed host via discovery
(from 113153-01)
4661975 in.mpathd needs to be dynamically linked
4676731 PSARC/2002/137 IPMP Asynchronous Event Definitions
(from 115016-01)
4777295 IP Multipathing Query Interface
4775897 events for IPMP anonymous group should be just like named groups
(from 112854-02)
4511634 overloading of test and data IP address for single adapter group
(from 112854-01)
4647983 icmp should be QNEXTLESS
(from 113459-05)
6313308 Solaris 9 UDP anonymous port assigned used/unavailable ports
(from 113459-04)
4708720 TCP/UDP make unwarranted ICMP M_CTL assumptions
(from 113459-03)
6251862 invalid UDP length and checksum
(from 113459-02)
4727825 local bound port hashing does not work effectively on Intel systems
(from 113459-01)
4511634 overloading of test and data IP address for single adapter group
(from 118305-10)
6521112 data corruption may occur when packet with invalid timestamp value is sent
(from 118305-09)
6395540 system hangs sending one urgent byte beyond zero send window
(from 118305-08)
4708720 TCP/UDP make unwarranted ICMP M_CTL assumptions
5084452 ICMP can snipe away incipient TCP connections
6354773 some changes made by 5084452 do not work with x86
(from 118305-07)
4511681 TCP vulnerable to Denial Of Service via "ACK storm"
(from 118305-06)
6276464 reads on tcp endpoint with synchronous streams can return extents of input buffer unmodified
(from 118305-05)
6259389 race condition between cl_tcp_walk_list() and connection establishment
(from 118305-04)
5094229 driver hangs when accessing tt_open
(from 118305-03)
4846184 slow receiving process causes timer based ACKing
(from 118305-02)
5089150 binding to port which has already been bound may incorrectly succeed
(from 118305-01)
4796648 problem when path MTU == 68
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: To get the complete fix for 4715897 (ARP falsely assumes only one
AR_INTERFACE_UP can occur at a time), please also install the
following patch:
112904-06 (or greater) tcp patch
NOTE 2: To get the complete IPQoS feature, please also install the
following patches:
112920-01 (or greater) libipp patch
112905-01 (or greater) ippctl patch
112904-12 (or greater) tcp patch
112927-01 (or greater) IPQos Header patch
NOTE 3: To get the complete fix of RFE 4664957 (ipqosconf's uid filter
parameter doesn't understand us), please also install the
following patch:
115008-01 (or greater) ipqosconf patch
NOTE 4: To get the complete CoS RFE 4488694 (no mechanism to indicate if an
interface supports CoS marking or not), please also install the
following patch:
112902-01 (or greater) ip driver patch
NOTE 5: To get the complete Packet Tunneling over IPv6 feature, please
also install the following patches:
112902-01 (or greater) ip driver patch
112903-01 (or greater) tun patch
112915-01 (or greater) snoop patch
112928-01 (or greater) in.ndpd patch
NOTE 6: To get the complete IP Multipathing (IPMP) Async Event feature,
please also install the following patch:
113464-01 (or greater) IPMP headers patch
NOTE 7: To get the complete 6to4 Router feature, please also install
the following patches:
112902-10 (or greater) ip patch
112903-03 (or greater) tun patch
NOTE 8: Installing this patch will permanently move /sbin/in.mpathd to the
new location /usr/lib/inet/in.mpathd. /sbin/in.mpathd will then be
replaced by a symlink to this new location.
Backing out this patch will restore the original in.mpathd binary,
but the positional change described above will not be undone.
NOTE 9: To get the complete RIPv2 feature, please also install the
following patches:
112915-01 (or greater) snoop patch
112916-01 (or greater) rtquery patch
112918-01 (or greater) route patch
112929-01 (or greater) RIPv2 Headers patch
NOTE 10: To get the complete fix for 4796820 (IPMP starts outgoing traffic
on failed interface with option FAILBACK=no), please also install
the following patch:
122673-01 (or greater) sockio.h header patch
NOTE 11: This patch contains updated type data for some structures contained
within the 'ip' module. When debugging this module via the 'mdb'
command, explicit references to the updated structures should be
scoped by prefixing the name with "ip`", for example: ip`"struct
ipsec_policy_s", in order to access the new type description.
The updated structures are: ipsec_selkey, ipsec_policy_s,
ipsec_policy_root_s, ipsec_policy_head_s.
NOTE 12: To get the complete fix for 6176096 (issues with IP fragment
handling), please also install the following patches:
115553-25 (or greater) USB Drivers and Framework Patch
122300-04 (or greater) Kernel Patch
NOTE 13: To get the complete Singleton IPMP feature, please install the
following patch:
112902-04 (or greater) kernel/drv/ip Patch
NOTE 14: To get the complete fix for 6402737 (IP spends too much time
identifying bad remote host when under SYN attack), please also
install the following patch:
122300-25 (or greater) Kernel Patch
NOTE: The list of 'patches required with this patch' (above) has been
modified from the list specified at patch creation time. The reason for
the modification is that one or more of the required patches was
either never released or withdrawn after its release. The following
substitutions (which are guaranteed to satisfy the original requirements)
were therefore made:
115683-03 replaces 115683-02
README -- Last modified date: Saturday, November 10, 2012