OBSOLETE Patch-ID# 119435-29

Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.

For further information on patching best practices and resources, please see the following links:

Keywords: security ip ipsec_find_sel ipmp nic phyints arp_publish_count modulo udp tcp packet icmp
Synopsis: Obsoleted by: 122301-62 SunOS 5.9_x86: ip patch
Date: Mar/05/2010

Install Requirements: After installing this patch on an active boot environment, the system will be in a potentially inconsistent state until a reconfigure reboot is performed. Unless otherwise specified in the Special Install Instructions below, it is normally safe to apply further patches prior to initiating the reboot due to the relatively small footprint of the patch utilities. Normal operations must not be resumed until after the reconfigure reboot is performed.
Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 9_x86

SunOS Release: 5.9_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 114344

Topic: SunOS 5.9_x86: ip patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR #	Bug #
4157198	14966504
4294701	15007791
4511681	15082228
4658177	15101720
4685978	15107849
4690625	15109083
4691277	15109264
4708720	15113470
4727825	15118172
4758660	15127195
4773220	15131802
4775897	15132578
4777295	15132968
4796820	15139090
4803389	15141509
4808860	15143274
4825472	15148627
4834142	15151226
4837086	15152207
4846184	15155001
4867136	15160982
4956997	15186216
4963675	15188138
4978063	15192082
5013238	15201358
5019039	15202911
5078640	15220211
5079629	15220598
5084073	15222049
5084452	15222151
5089150	15223604
5094229	15225165
6176096	15231135
6210681	15241869
6212756	15242583
6214946	15243341
6220619	15245740
6227733	15248674
6229034	15249251
6235832	15252029
6240205	15253852
6241739	15254515
6251862	15258802
6257723	15261102
6259389	15261569
6259467	15261586
6276464	15268158
6301112	15277944
6310343	15281461
6313308	15282740
6332525	15290260
6354773	15299554
6395535	15317498
6395540	15317503
6402737	15320941
6459412	15345279
6463069	15347087
6493627	15361245
6507173	15368520
6521112	15376634
6532784	15383014
6561086	15399137
6564842	15401235
6621380	15433609
6634488	15441199
6673488	15463934
6708106	15483672
6741377	15504073

Changes incorporated in this version: 6634488

Patches accumulated and obsoleted by this patch: 114859-04 114925-07 115013-01 115015-01 117470-09 119446-02

Patches which conflict with this patch:

Patches required with this patch: 115684-02 117172-17 (or greater)

Obsoleted by: 122301-62

Files included with this patch:

/kernel/drv/arp
/kernel/drv/icmp
/kernel/drv/ip
/kernel/drv/ipsecah
/kernel/drv/spdsock
/kernel/drv/tcp
/kernel/drv/udp
/kernel/strmod/arp
/kernel/strmod/icmp
/kernel/strmod/ip
/kernel/strmod/ipsecah
/kernel/strmod/tcp
/kernel/strmod/udp
/sbin/in.mpathd
/usr/include/inet/arp.h
/usr/include/inet/common.h
/usr/include/inet/ip.h
/usr/include/inet/ip_if.h
/usr/include/inet/tcp.h
/usr/include/ipmp.h
/usr/include/ipmp_mpathd.h
/usr/include/ipmp_query.h
/usr/include/net/if.h
/usr/include/netinet/in.h
/usr/lib/abi/abi_libipmp.so.1
/usr/lib/adb/tcp
/usr/lib/inet/in.mpathd
/usr/lib/libipmp.so
/usr/lib/libipmp.so.1
/usr/lib/llib-lipmp
/usr/lib/llib-lipmp.ln
/usr/sbin/if_mpadm

Problem Description:

6634488 bind() to a reserved port fails on Solaris 9 when euid is 0
 
(from 119435-28)
 
6741377 in.mpathd dumps core when running in a Solaris 8 branded zone
 
(from 119435-27)
 
6708106 IPMP standby interface responds to the multicast ping requests
 
(from 119435-26)
 
6673488 IPsec and IP need to disallow self-encapsulated packets without IPsec protection
 
(from 119435-25)
 
6507173 sockets should allocate minor numbers from higher order arena
 
(from 119435-24)
 
4956997 DL_{EN,DIS}ABMULTI_REQ handling in IP is out-of-order
 
(from 119435-23)
 
6402737 IP spends too much time identifying bad remote host when under SYN attack
 
(from 119435-22)
 
6621380 panic in ip_rput_local_options caused by IP-in-IP packet
 
(from 119435-21)
 
5079629 multicast joins may fail due to holes in ARP and IP
 
(from 119435-20)
 
4773220 provide API to set source address of UDP/IPv4 datagrams
6240205 IP fragments issue
6564842 assertion failed: ire->ire_type != 0x0020, file: ../../common/inet/ip/ip.c, line : 4253
 
(from 119435-19)
 
6532784 no-op SIOCSLIFFLAGS from in.mpathd impacts performance under stress tests
 
(from 119435-18)
 
6561086 patch 114344-25 affects Oracle/RAC performance dramatically
 
(from 119435-17)
 
6459412 ip_strict_dst_multihoming does not handle multiple i/f with same IP address
 
(from 119435-16)
 
4758660 panic in IP forwarding path after unplumb due to stale b_queue
 
(from 119435-15)
 
6176096 issues with IP fragment handling
6210681 null pointer in ill_frag_free_pkts
6259467 ill_frag_prune() can be invoked with negative number as second argument
 
(from 119435-14)
 
6493627 119435-13 needs to accumulate 119446-02
 
(from 119435-13)
 
4157198 ARP cache inconsistency between ARP and IP modules
4978063 SO_DONTROUTE option causes ARP traffic for every frame
6463069 fix for CR 4157198 causes neg_advice_on_R1_{conn_a,conn_p,est} test failure
 
(from 119435-12)
 
6301112 Mangled Neighbor Solicitation messages out of Solaris in IPMP configuration with IPv6
6310343 IPMP selects failed interfaces link local address
6395535 IPMP configured system will reply with MAC/Link local address mismatch for ICMP echo reply
 
(from 119435-11)
 
4825472 IPMPs in.mpathd causes unnecessary failovers if started without usable routers
5019039 in.mpathd induces icmp hurricanes in single-router environments
 
(from 119435-10)
 
4294701 2 same routing entries for loopback interfaces
6241739 reassembly of an ipv6 frag of frag causes fault
 
(from 119435-09)
 
        This revision addresses patch construction issues.
 
(from 119435-08)
 
6257723 source address selection is wrong if IPMP is enabled
 
(from 119435-07)
 
4796820 IPMP starts outgoing traffic on failed interface with option FAILBACK=no
5084073 fix for 4796820 is not enough
6220619 IGMP messages are not sent out when interfaces fail over
6332525 when NIC goes down temporarily before accept(), tcp connection is made IDLE
 
(from 119435-06)
 
6227733 need improved scalability in ipsec policy engine
4867136 ipsec_find_sel may return holding the HASH_LOCK
 
(from 119435-05)
 
4690625 logging doesn't seem to happen anymore
 
(from 119435-04)
 
4658177 panic while doing ifconfig addif on a partially configured tunnel
 
(from 119435-03)
 
6212756 UDP checksum 0x0000 not substituted with 0xffff for UDP over IPv6 packets
 
(from 119435-02)
 
4963675 Multicast Routing does not work over IP-in-IP tunnels (e.g. ip.tunXXX)
 
(from 119435-01)
 
6235832 panic in IP module during e1000g bind processing
 
(from 114925-07)
 
6229034 in.mpathd will abort on deferred probes with 0ms round-trip times
 
(from 114925-06)
 
4691277 IPMP wraps probe sequence numbers incorrectly
 
(from 114925-05)
 
5013238 in.mpathd prints "Cannot meet requested failure detection time" frequently
5078640 in.mpathd uses probe_interval as global variable
 
(from 114925-04)
 
4837086 CMSG_FIRSTHDR should return NULL when controllen == 0
 
(from 114925-03)
 
4803389 in.mpathd's lightweight router target selection logic KO'd by 4673190
4834142 redundant call to phyint_repaired() in initifs() can "lose" a probe
 
(from 114925-02)
 
4777295 IP Multipathing Query Interface
4775897 events for IPMP anonymous group should be just like named groups
 
(from 114925-01)
 
4685978 IPMP does not detect NIC repair when only one of two targets is up
4808860 mpathd deletes target list of phyints in all groups when link fails in one group
 
(from 115013-01)
 
4777295 IP Multipathing Query Interface
4775897 events for the IPMP anonymous group should be just like named groups
 
(from 115015-01)
 
4777295 IP Multipathing Query Interface
4775897 events for IPMP anonymous group should be just like named groups
 
(from 119446-02)
 
4157198 ARP cache inconsistency between ARP and IP modules
4978063 SO_DONTROUTE option causes ARP traffic for every frame
 
(from 119446-01)
 
6214946 publishing an arp entry causes source Ether Addr issue
 
(from 114859-04)
 
6313308 Solaris 9 UDP anonymous port assigned used/unavailable ports
 
(from 114859-03)
 
4708720 TCP/UDP make unwarranted ICMP M_CTL assumptions
 
(from 114859-02)
 
6251862 invalid UDP length and checksum
 
(from 114859-01)
 
4727825 local bound port hashing does not work effectively on Intel systems
 
(from 117470-09)
 
6521112 data corruption may occur when packet with invalid timestamp value is sent
 
(from 117470-08)
 
6395540 system hangs sending one urgent byte beyond zero send window
 
(from 117470-07)
 
4708720 TCP/UDP make unwarranted ICMP M_CTL assumptions
5084452 ICMP can snipe away incipient TCP connections
6354773 some changes made by 5084452 do not work with x86
 
(from 117470-06)
 
4511681 TCP vulnerable to Denial Of Service via "ACK storm"
 
(from 117470-05)
 
6276464 reads on tcp endpoint with synchronous streams can return extents of input buffer unmodified
 
(from 117470-04)
 
6259389 race condition between cl_tcp_walk_list() and connection establishment
 
(from 117470-03)
 
5094229 driver hangs when accessing tt_open
 
(from 117470-02)
 
4846184 slow receiving process causes timer based ACKing
 
(from 117470-01)
 
5089150 binding to port which has already been bound may incorrectly succeed

Patch Installation Instructions:

--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.

Special Install Instructions:

-----------------------------
 
Not all patches listed in this section as needed for the completion
of a fix or feature, may be available at the same time as this patch.
This allows the remaining fixes/features to be made available sooner.
 
NOTE 1:  To get the complete fix for 4837086 (CMSG_FIRSTHDR should return
         NULL when controllen == 0), please also install the following patches:
 
         114348-05 (or greater)  in.routed patch
         114442-02 (or greater)  ifconfig patch
         116018-02 (or greater)  in.ndpd patch
         116507-02 (or greater)  traceroute patch
         116775-01 (or greater)  ping patch
         116777-01 (or greater)  mipagent patch
         116779-01 (or greater)  in.ripngd patch
 
NOTE 2:  Installing this patch will permanently move /sbin/in.mpathd to the
         new location /usr/lib/inet/in.mpathd.  /sbin/in.mpathd will then be
         replaced by a symlink to this new location.
 
         Backing this patch out will restore the original in.mpathd binary,
         but the positional change described above will not be undone.
 
NOTE 3:  To get the complete fix for 4796820 (IPMP starts outgoing traffic
         on failed interface with option FAILBACK=no), please also install
         the following patch:
 
         122674-01 (or greater)  sockio.h header patch
 
NOTE 4:  To get the complete fix for 6176096 (issues with IP fragment
         handling), please also install the following patch:
 
         122301-04 (or greater)  kernel patch
 
NOTE 5:  To get the complete fix for 6402737 (IP spends too much time
         identifying bad remote host when under SYN attack), please also
         install the following patch:
 
         122301-25 (or greater)  Kernel Patch

README -- Last modified date: Saturday, November 10, 2012