OBSOLETE Patch-ID# 148380-13
Download this patch from My Oracle Support
|
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
|
For further information on patching best practices and resources, please
see the following links:
|
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: ippool ipf
Synopsis: Obsoleted by: 148380-14 SunOS 5.10_x86: ippool patch
Date: Jan/19/2015
Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.
Solaris Release: 10_x86
SunOS Release: 5.10_x86
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patch 148379
Topic: SunOS 5.10_x86: ippool patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 18726170 19211002 19280169 19525575 19525625 19573567 19573608 19574834 19789979 19790350
Patches accumulated and obsoleted by this patch: 148331-07
Patches which conflict with this patch:
Patches required with this patch: 118855-36 120012-14 137138-09 139556-08 144501-19 (or greater)
Obsoleted by:
Files included with this patch:
/usr/include/netinet/ip_auth.h
/usr/include/netinet/ip_nat.h
/usr/include/netinet/ipf_stack.h
/usr/include/netinet/ipl.h
/usr/kernel/drv/amd64/ipf
/usr/kernel/drv/ipf
/usr/lib/ipf/amd64/auth_test
/usr/lib/ipf/amd64/ipftest
/usr/lib/ipf/i86/auth_test
/usr/lib/ipf/i86/ipftest
/usr/sbin/amd64/ipf
/usr/sbin/amd64/ipfs
/usr/sbin/amd64/ipfstat
/usr/sbin/amd64/ipmon
/usr/sbin/amd64/ipnat
/usr/sbin/amd64/ippool
/usr/sbin/i86/ipf
/usr/sbin/i86/ipfs
/usr/sbin/i86/ipfstat
/usr/sbin/i86/ipmon
/usr/sbin/i86/ipnat
/usr/sbin/i86/ippool
Problem Description:
18726170 panic in ipf nat_delrdr
19211002 ipfilter forgot to check round-robin rules stored in rrlist
19280169 all fixes for ipfilter round-robin rules should also be applied to IPv6
19525575 panic: page fault in fr_checknatout
19525625 panic: page fault in nat_addnat
19573567 ipnat parser should be able to detect duplicate bimap rules
19573608 ipfilter should use separate pointers for RDR and MAP rules
19574834 ipfilter rule survives VNIC deletion
19789979 ipfilter should not update mask value when deleting NAT rules
19790350 ipnat doesn't print usage
(from 148380-12)
17016187 buffer overrun in fac_toname of facpri.c
18341264 ipfstat not reporting log level correctly
(from 148380-11)
17008193 logsize tunable is ignored by IPF
(from 148380-10)
17056912 ipfilter may block valid ICMP echo replies
(from 148380-09)
15709147 Bad Trap panic in fr_fraglookup - probable bad ipfr_hnext pointer
15815851 IPF is a traffic load disbalancer using round-robin for rdr NAT rules
15819422 ipf fr_fraglookup loops in fragments table
(from 148380-08)
15766564 panic in ip_wput_local() ipha_src and ipha_dst are reversed
(from 148380-07)
This revision accumulates generic Sustaining patch 148331-07
into Solaris S10U11 update.
(from 148380-06)
This revision accumulates generic Sustaining patch 148331-06
into Solaris S10U11 update.
(from 148380-05)
This revision accumulates generic Sustaining patch 148331-05
into Solaris S10U11 update.
(from 148380-04)
This revision accumulates generic Sustaining patch 148331-04
into Solaris S10U11 update.
(from 148380-03)
This revision accumulates generic Sustaining patch 148331-03
into Solaris S10U11 update.
(from 148380-02)
This revision accumulates generic Sustaining patch 148331-02
into Solaris S10U11 update.
(from 148380-01)
This revision accumulates generic Sustaining patch 148331-01
into Solaris S10U11 update.
(from 148331-07)
7153517 adding some rules to ipf.conf, kernel panic in ipf module
7171465 ipnat -FC command always reports 4 entries flushed
(from 148331-06)
7132744 ipfstat -io doesn't show subgrouped rules after applying kernel patch
(from 148331-05)
7154821 auth for outbound packets - backport delta needed
(from 148331-04)
7041326 IPF auth does not work for outbound packets
(from 148331-03)
7057409 /dev/ipauth must not harm other devices
(from 148331-02)
6714319 IPFilter causes failure of IPv6 compliance tests
6813307 memory leaks at frrequest
6857600 IPFilter parser chokes on short IPv6 fragments
6897532 race condition window around fr_enable_active still opened
7033429 "keep state" directive in IPFilter rule(s) is now dropping multicast packets (UDP) randomly
7058343 IPF panic when disabled
7069945 "ipf" module seems to have triggered system panic
(from 148331-01)
7084781 ippool does not accept IPv6 addresses
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
NOTE 1: For anyone using the round-robin feature in an ipnat configuration,
it is now possible to specify a round-robin id number after the
round-robin keyword in NAT rules as follows:
rdr net1 203.1.2.3/32 port 80 -> 203.1.2.3,203.1.2.4 port 80 tcp round-robin 1
rdr net1 203.1.2.3/32 port 80 -> 203.1.2.5 port 80 tcp round-robin 1
The trailing "1" is considered the round-robin id. Supplying an id
number forces the round-robin rules with same id to act together, and
prevents other rules that match the same packets (whether or not they
are part of any load balancing) from inadvertently impacting the
round-robin operation for the specific group of rules."
README -- Last modified date: Wednesday, August 12, 2015