Patch-ID# 114344-17 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security arp_publish_count ipmp ipgpc ipqos dlcosmk ipsecah Synopsis: SunOS 5.9: arp, dlcosmk, ip, and ipgpc Patch Date: Mar/03/2006 Install Requirements: Reboot after installation, an alternative may be in Special Install Instructions Install in Single User Mode Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 119435 Topic: SunOS 5.9: arp, dlcosmk, ip, and ipgpc Patch *********************************************************** NOTE: This patch may contain one or more OEM-specific platform ports. See the appropriate OEM_NOTES file within the patch for information specific to these platforms. DO NOT INSTALL this patch on an OEM system if a corresponding OEM_NOTES file is not present (or is present, but instructs not to install the patch), unless the OEM vendor directs otherwise. *********************************************************** Relevant Architectures: sparc sparc.sun4u BugId's fixed with this patch: 4644731 4647361 4653899 4658177 4664957 4671440 4690625 4693464 4715897 4737760 4772797 4777791 4838049 4867136 4914143 4963675 4963771 4969154 4974963 4977677 4980989 4984037 4984625 5018661 5025728 5084344 6212756 6214946 6227733 6235832 6332525 Changes incorporated in this version: 6332525 Patches accumulated and obsoleted by this patch: 112714-02 112906-03 116536-01 117140-02 Patches which conflict with this patch: Patches required with this patch: 112233-12 (or greater) Obsoleted by: Files included with this patch: /kernel/drv/arp /kernel/drv/ip /kernel/drv/ipsecah /kernel/drv/sparcv9/arp /kernel/drv/sparcv9/ip /kernel/drv/sparcv9/ipsecah /kernel/drv/sparcv9/spdsock /kernel/drv/spdsock /kernel/ipp/dlcosmk /kernel/ipp/ipgpc /kernel/ipp/sparcv9/dlcosmk /kernel/ipp/sparcv9/ipgpc /kernel/strmod/arp /kernel/strmod/ip /kernel/strmod/ipsecah /kernel/strmod/sparcv9/arp /kernel/strmod/sparcv9/ip /kernel/strmod/sparcv9/ipsecah /usr/include/inet/ip_if.h /usr/include/ipp/ipgpc/ipgpc.h Problem Description: 6332525 When NIC goes down temporarily before accept(), tcp connection is made IDLE (from 114344-16) 6227733 need improved scalability in ipsec policy engine 4867136 ipsec_find_sel may return holding the HASH_LOCK (from 114344-15) 4690625 Logging doesn't seem to happen anymore (from 114344-14) 4658177 panic while doing ifconfig addif on a partially configured tunnel (from 114344-13) 6212756 UDP checksum 0x0000 not substituted with 0xffff for UDP over IPv6 packets (from 114344-12) 4963675 Multicast Routing does not work over IP-in-IP tunnels (e.g. ip.tunXXX) (from 114344-11) 6214946 publishing an arp entry causes source Ether Addr issue. (from 114344-10) 6235832 panic in ip module during e1000g bind processing (from 114344-09) 4653899 ARP packet processing issue 5084344 Panic caused by NULL pointer dereference in ipif_mask_reply() (from 114344-08) 4969154 ping -r (SO_DONTROUTE) to IRE_LOOPBACK/IRE_LOCAL ipif_net_type fails. (from 114344-07) 4980989 For NS not transmitted, the connectivity of IP is lost. 4737760 memory leak in nce_xmit() 4984037 ipif_lookup_onlink_addr() can return ipif_t's which are not IPIF_UP 5018661 ip goes in loop in forwarding path (from 114344-06) 4671440 broadcast packet uses deprecated interface's source address 4772797 broadcast interface response to NOLOCAL and ANYCAST needs to be fixed (from 114344-05) 4838049 Panic in module ip when running NGDR 5025728 Multicast on loopback interface supports one listener only (from 114344-04) 4693464 DL_NOTE_PHYS_ADDR notifications do not send gratuitous ARP requests (from 114344-03) 4914143 netstat takes long time to return and causes queue-ing in 'ip' syncq. (from 114344-02) 4715897 arp falsely assumes only one AR_INTERFACE_UP can occur at a time (from 114344-01) 4777791 arp_publish_count should be increased (from 112906-03) 4984625 IPP modules need to be re-compiled after a change to ill_t structure. (from 112906-02) 4664957 ipqosconf's uid filter parameter doesn't understand us (from 112906-01) This revision accumulates s9u1 feature point patch 112714-02. (from 112714-02) This revision synchronizes package version strings between s9 and s9u1. (from 112714-01) 4647361 Solaris needs IPQoS feature 4644731 IPQoS project degrades netbench performance when feature is disabled (from 116536-01) 4984625 IPP modules need to be re-compiled after a change to ill_t structure. (from 117140-02) Add dependency on 112233-12. (from 117140-01) 4963771 Memory leak in SADB EEXIST error path. 4974963 Available replacement outbound SAs are not always used 4977677 Newer SAs should be used over older ones. Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Reboot the system after patch installation. NOTE 1: To get the complete fix for bugid 4715897 (arp falsely assumes only one AR_INTERFACE_UP can occur at a time), please also install the following patch: 112904-06 (or greater) tcp patch NOTE 2: To get the complete IPQoS feature, please also install the following patches: 112920-01 (or greater) libipp patch 112905-01 (or greater) ippctl patch 112902-01 (or greater) ip patch 112927-01 (or greater) IPQos Header NOTE 3: To get the complete fix of RFE 4664957 (ipqosconf's uid filter parameter doesn't understand us), please also install the following patch: 115008-01 (or greater) ipqosconf patch NOTE 4: This patch contains updated type data for some structures contained within the 'ip' module. When debugging this module via the 'mdb' command, explicit references to the updated structures should be scoped by prefixing the name with "ip`", for example: ip`"struct ipsec_policy_s", in order to access the new type description. The updated structures are: ipsec_selkey, ipsec_policy_s, ipsec_policy_root_s, ipsec_policy_head_s. README -- Last modified date: Friday, March 3, 2006