Patch-ID# 114344-21 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security arp_publish_count ipmp ipgpc ipqos dlcosmk ipsecah ifconfig Synopsis: SunOS 5.9: arp, dlcosmk, ip, and ipgpc Patch Date: Aug/15/2006 Install Requirements: Reconfigure immediately after patch is installed Install in Single User Mode Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 119435 and 114348 Topic: SunOS 5.9: arp, dlcosmk, ip, and ipgpc Patch *********************************************************** NOTE: This patch may contain one or more OEM-specific platform ports. See the appropriate OEM_NOTES file within the patch for information specific to these platforms. DO NOT INSTALL this patch on an OEM system if a corresponding OEM_NOTES file is not present (or is present, but instructs not to install the patch), unless the OEM vendor directs otherwise. *********************************************************** Relevant Architectures: sparc sparc.sun4u BugId's fixed with this patch: 1148813 1240645 4075054 4294701 4327168 4341344 4396697 4417647 4425786 4475921 4479794 4488694 4532805 4532808 4532860 4559001 4587434 4592876 4635766 4637330 4637788 4639729 4644731 4647361 4648299 4648388 4653899 4658177 4660167 4661975 4664957 4671440 4673190 4675796 4676731 4678130 4685978 4688392 4688398 4688704 4690565 4690625 4691277 4693464 4694560 4699047 4701276 4703689 4703864 4705755 4715897 4726444 4728056 4728423 4728429 4728541 4737760 4751531 4763906 4772797 4773326 4775648 4775897 4777295 4777791 4783283 4796820 4798787 4799577 4803389 4804064 4804756 4806220 4808860 4817668 4825472 4828297 4834142 4836677 4837086 4838049 4859127 4863621 4865207 4867136 4879396 4914143 4915436 4929493 4959954 4963675 4963771 4969154 4971665 4974963 4977677 4980989 4984037 4984625 4995674 5005545 5013238 5018661 5018864 5019039 5025728 5035061 5049232 5062168 5073182 5073668 5078640 5084073 5084344 5096257 6195122 6212756 6214946 6220619 6227282 6227733 6229034 6231263 6235832 6241739 6257723 6302789 6331032 6332525 Changes incorporated in this version: 4825472 5019039 Patches accumulated and obsoleted by this patch: 112652-03 112698-02 112714-02 112906-03 112911-16 112914-04 113153-01 113155-01 113964-11 115016-01 116536-01 117140-02 120464-03 Patches which conflict with this patch: Patches required with this patch: 112233-12 112912-01 115683-02 (or greater) Obsoleted by: Files included with this patch: /etc/default/inetinit /etc/init.d/inetinit /etc/init.d/inetsvc /etc/init.d/network /etc/rc0.d/K42inetsvc /etc/rc0.d/K43inet /etc/rc1.d/K42inetsvc /etc/rc1.d/K43inet /etc/rc2.d/S69inet /etc/rc2.d/S72inetsvc /etc/rcS.d/K42inetsvc /etc/rcS.d/K43inet /etc/rcS.d/S30network.sh /kernel/drv/arp /kernel/drv/ip /kernel/drv/ipsecah /kernel/drv/sparcv9/arp /kernel/drv/sparcv9/ip /kernel/drv/sparcv9/ipsecah /kernel/drv/sparcv9/spdsock /kernel/drv/spdsock /kernel/ipp/dlcosmk /kernel/ipp/ipgpc /kernel/ipp/sparcv9/dlcosmk /kernel/ipp/sparcv9/ipgpc /kernel/strmod/arp /kernel/strmod/ip /kernel/strmod/ipsecah /kernel/strmod/sparcv9/arp /kernel/strmod/sparcv9/ip /kernel/strmod/sparcv9/ipsecah /sbin/ifconfig /sbin/in.mpathd /usr/include/inet/ip_if.h /usr/include/ipmp.h /usr/include/ipmp_mpathd.h /usr/include/ipmp_query.h /usr/include/ipp/ipgpc/ipgpc.h /usr/include/net/if.h /usr/lib/abi/abi_libipmp.so.1 /usr/lib/inet/in.mpathd /usr/lib/libipmp.so /usr/lib/libipmp.so.1 /usr/lib/llib-lipmp /usr/lib/llib-lipmp.ln /usr/sbin/6to4relay /usr/sbin/if_mpadm /usr/sbin/ifconfig /usr/sbin/in.routed Problem Description: 4825472 IPMPs in.mpathd causes unnecessary failovers if started without usable routers 5019039 in.mpathd induces icmp hurricanes in single-router environments (from 114344-20) 4294701 2 same routing entrys for loopback interfaces 6241739 reassembly of an ipv6 frag of frag causes fault (from 114344-19) 6257723 source address selection is wrong if IPMP is enabled 6331032 in.routed deletes aggregated passive routes through remote gateways (from 114344-18) 4796820 IPMP starts outgoing traffic on failed interface with option FAILBACK=no 5084073 Fix for 4796820 is not enough 6220619 IGMP messages are not sent out when interfaces fail over (from 114344-17) 6332525 When NIC goes down temporarily before accept(), tcp connection is made IDLE (from 114344-16) 6227733 need improved scalability in ipsec policy engine 4867136 ipsec_find_sel may return holding the HASH_LOCK (from 114344-15) 4690625 Logging doesn't seem to happen anymore (from 114344-14) 4658177 panic while doing ifconfig addif on a partially configured tunnel (from 114344-13) 6212756 UDP checksum 0x0000 not substituted with 0xffff for UDP over IPv6 packets (from 114344-12) 4963675 Multicast Routing does not work over IP-in-IP tunnels (e.g. ip.tunXXX) (from 114344-11) 6214946 publishing an arp entry causes source Ether Addr issue (from 114344-10) 6235832 panic in ip module during e1000g bind processing (from 114344-09) 4653899 ARP packet processing issue 5084344 Panic caused by NULL pointer dereference in ipif_mask_reply() (from 114344-08) 4969154 ping -r (SO_DONTROUTE) to IRE_LOOPBACK/IRE_LOCAL ipif_net_type fails (from 114344-07) 4980989 For NS not transmitted, the connectivity of IP is lost 4737760 memory leak in nce_xmit() 4984037 ipif_lookup_onlink_addr() can return ipif_t's which are not IPIF_UP 5018661 ip goes in loop in forwarding path (from 114344-06) 4671440 broadcast packet uses deprecated interface's source address 4772797 broadcast interface response to NOLOCAL and ANYCAST needs to be fixed (from 114344-05) 4838049 Panic in module ip when running NGDR 5025728 Multicast on loopback interface supports one listener only (from 114344-04) 4693464 DL_NOTE_PHYS_ADDR notifications do not send gratuitous ARP requests (from 114344-03) 4914143 netstat takes long time to return and causes queue-ing in 'ip' syncq (from 114344-02) 4715897 arp falsely assumes only one AR_INTERFACE_UP can occur at a time (from 114344-01) 4777791 arp_publish_count should be increased (from 112906-03) 4984625 IPP modules need to be re-compiled after a change to ill_t structure (from 112906-02) 4664957 ipqosconf's uid filter parameter doesn't understand us (from 112906-01) This revision accumulates s9u1 feature point patch 112714-02. (from 112714-02) This revision synchronizes package version strings between s9 and s9u1. (from 112714-01) 4647361 Solaris needs IPQoS feature 4644731 IPQoS project degrades netbench performance when feature is disabled (from 116536-01) 4984625 IPP modules need to be re-compiled after a change to ill_t structure (from 117140-02) Add dependency on 112233-12. (from 117140-01) 4963771 Memory leak in SADB EEXIST error path 4974963 Available replacement outbound SAs are not always used 4977677 Newer SAs should be used over older ones (from 120464-03) 6302789 in.routed deletes network routes configured in /etc/gateways after 5 min on x86 (from 120464-02) 6229034 in.mpathd will abort on deferred probes with 0ms round-trip times (from 120464-01) 5062168 network/physical unconditionally tries to configure all interfaces (from 112911-16) 5096257 in.routed does not support more than 8 default routes 6231263 default router specified in /etc/gateways is removed by in.routed in 5 min 6227282 bug in in.routed:walk_bad() (from 112911-15) 4691277 IPMP wraps probe sequence numbers incorrectly (from 112911-14) 4783283 in.routed doesn't allow passive or external default route 4863621 in.routed does not configure routing properly 4817668 in.routed can send conflicting information by RDISC and RIP 4879396 in.routed needs to join mcast group when promoting IS_DUP intf to lead intf 4678130 in.routed whines about expired redirects 6195122 in.routed does not pick alternatives to bad routes properly 4775648 in.routed should log address that causes trouble 4763906 in.routed complains it's "unable to obtain kstats for" 4675796 in.routed far too aggressive in marking interfaces as broken 4703864 routed should have remote TRACEON with RIP disabled 4806220 in.routed complains when it tries to join a group multiple times 4799577 missing error string in log message 4728429 in.routed -t doesn't turn on tracing 4728541 noise from in.routed while running cgtp tests 5073668 in.routed dumps core 4637330 new in.routed rdisc behavior is bad 4703689 Messages extracted from rtquery has I18N problem 5005545 in.routed diagnostic message needs more info 4995674 in.routed fails to add routing entries if I/F is unplumbed/plumbed < 2 minutes 4751531 in.routed is mishandling redirects 4828297 in.routed deleting route for local subnet 4798787 in.routed sends incorrect routing socket messages.. 4648299 in.routed fails to discover default router on multi-homed host via discovery 5018864 in.routed is not parsing rip advs correctly (from 112911-13) 5013238 in.mpathd prints "Cannot meet requested failure detection time" frequently 5078640 in.mpathd uses the probe_interval as a global variable (from 112911-12) 5049232 in.routed drops core (from 112911-11) 4995674 in.routed fails to add routing entries if I/F is unplumbed/plumbed < 2 minutes 5073182 Install ifconfig patch unexpectedly overwritten the preserve config file (from 112911-10) 5035061 in.routed deleted passive routes through remote gateways (from 112911-09) 4783283 in.routed doesn't allow passive or external default route 5018864 in.routed is not parsing rip advs correctly 4971665 Default routes on multihomed machine dwindles to 1 for 30 sec (from 112911-08) 4915436 in.routed should stop talking trash during network errors (from 112911-07) 4773326 PSARC 2003/325 Set hostname locally when not provided by dhcp server 4837086 CMSG_FIRSTHDR should return NULL when controllen == 0 (from 112911-06) 4929493 Network Client Mode does not work in Solaris 8/9 (from 112911-05) 4959954 Circular patch dependency exists between patches 112911 112914 113964 (from 112911-04) 4777295 PSARC/2002/615 IP Multipathing Query Interface 4775897 events for the ipmp anonymous group should be just like named groups (from 112911-03) 4688704 Solaris should implement 6to4 Router as per RFC3056 4688392 tun module needs more atomic operations for single counter updates 4688398 tun module needs better debugging facility 4694560 typo in kstat name for tuns_OutDiscard (noxmtbuF) 4660167 tunnel module incorrectly calls into IP (from 112911-02) This revision accumulates S9U2 feature point patch 113155-01. (from 112911-01) This revision accumulates S9U1 feature point patch 112652-03. (from 112652-03) This revision synchronizes the package version strings between S9 and S9U1. (from 112652-02) 4479794 Can't configure tunnels over IPv6 4396697 IPv6 tunnel support needed 4425786 ifconfig prints tunnel addresses incorrectly 4417647 snoop handles unknown IPv6 destination options incorrectly 4592876 in.ndpd daemonizes too soon 4648388 snoop's parsing of tunnel encap limit dst opts goes off into the weeds (from 112652-01) 4488694 No mechanism to indicate if an interface supports CoS marking or not (from 113155-01) 4661975 in.mpathd needs to be dynamically linked 4676731 PSARC/2002/137 IPMP Asynchronous Event Definitions (from 113964-11) 4865207 The system drops into the single-user mode with an invalid /etc/hostname.xxx (from 113964-10) 4859127 in.routed -T /var/tmp/tracefile -zzzz dumps core (from 113964-09) 4828297 in.routed deleting route for local subnet 4836677 in.routed core dumps on Sun Cluster with SCI interfaces (from 113964-08) 4803389 in.mpathd's lightweight router target selection logic KO'd by 4673190 4834142 redundant call to phyint_repaired() in initifs() can "lose" a probe (from 113964-07) 4777295 IP Multipathing Query Interface 4775897 events for the ipmp anonymous group should be just like named groups (from 113964-06) 4685978 IPMP does not detect NIC repair when only one of the two targets is up 4808860 mpathd deletes target list of phyints in all groups when link fails on one group (from 113964-05) 4804756 Patch#112914-04 fails during live upgrade (from 113964-04) 4804064 'Bad string' is displayed in Console (from 113964-03) 4673190 RDISC of in.routed needs support of multiple default routes with same pref value 4728056 in.routed may core if fix_up_ip_forwarding() fails 4705755 in.routed: remote queries rely on proxy ARP incorrectly (from 113964-02) 4699047 in.routed observed ripping up interface routes 4726444 Interface routes appear to be ripped up 4639729 in.routed sends useless RTM_ADD daemon.error messages to syslog 4728423 sending two SIGUSR1 signals to in.routed causes termination (from 113964-01) 4688704 Solaris should implement 6to4 Router as per RFC3056 4688392 tun module needs more atomic operations for single counter updates 4688398 tun module needs better debugging facility 4694560 typo in kstat name for tuns_OutDiscard (noxmtbuF) 4660167 tunnel module incorrectly calls into IP (from 112914-04) 4690565 in.routed[126]: setsockopt(IP_ADD_MEMBERSHIP RIP): Address already in use (from 112914-03) This revision accumulates S9U2 feature point patch 113153-01. (from 112914-02) 4701276 in.routed core dumps in Sun Cluster (from 112914-01) This revision accumulates S9U1 feature point patch 112698-02. (from 112698-02) This revision synchronizes the package version strings between S9 and S9U1. (from 112698-01) 1148813 subnet routes turn into host routes (routed) 1240645 in.routed: add support for subnet number of all 0's or all 1's per RFC 1812 4075054 Solaris 2.6 doesn't deliver a routing daemon to support variable length subnet 4327168 in.routed replies for RIP cmd request with norip option 4341344 in.rdisc does not generate advertisements with a lifetime of zero 4475921 *in.routed* rtlookup in addrouteforif() has poor error checking 4532805 ip_icmp.h is missing some necessary definitions 4532808 in.routed is not lint-clean 4532860 snoop should support RIPv2 4559001 needs RIP-2 definitions 4587434 net/route.h should have latest BSD RTAX_* defines 4637330 new in.routed rdisc behavior is bad 4635766 in.routed loses control when ripped off 4637788 in.routed aggregating away learned routes because of a static default route 4648299 in.routed fails to discover default router on multi-homed host via discovery (from 113153-01) 4661975 in.mpathd needs to be dynamically linked 4676731 PSARC/2002/137 IPMP Asynchronous Event Definitions (from 115016-01) 4777295 PSARC/2002/615 IP Multipathing Query Interface 4775897 events for the ipmp anonymous group should be just like named groups Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Perform patch installation in single user mode. Perform a reconfiguration boot, boot -r, after patch installation. NOTE 1: To get the complete fix for 4715897 (arp falsely assumes only one AR_INTERFACE_UP can occur at a time), please also install the following patch: 112904-06 (or greater) tcp patch NOTE 2: To get the complete IPQoS feature, please also install the following patches: 112920-01 (or greater) libipp patch 112905-01 (or greater) ippctl patch 112904-12 (or greater) tcp patch 112927-01 (or greater) IPQos Header patch NOTE 3: To get the complete fix of RFE 4664957 (ipqosconf's uid filter parameter doesn't understand us), please also install the following patch: 115008-01 (or greater) ipqosconf patch NOTE 4: To get the complete CoS RFE 4488694 (No mechanism to indicate if an interface supports CoS marking or not), please also install the following patch: 112902-01 (or greater) ip driver patch NOTE 5: To get the complete Packet Tunneling over IPv6 feature, please also install the following patches: 112902-01 (or greater) ip driver patch 112903-01 (or greater) tun patch 112915-01 (or greater) snoop patch 112928-01 (or greater) in.ndpd patch NOTE 6: To get the complete IP Multipathing (IPMP) Async Event feature, please also install the following patch: 113464-01 (or greater) IPMP headers patch NOTE 7: To get the complete 6to4 Router feature, please also install the following patches: 112902-10 (or greater) ip patch 112903-03 (or greater) tun patch NOTE 8: Installing this patch will permanently move /sbin/in.mpathd to the new location /usr/lib/inet/in.mpathd. /sbin/in.mpathd will then be replaced by a symlink to this new location. Backing out this patch will restore the original in.mpathd binary but the positional change described above will not be undone. NOTE 9: To get the complete RIPv2 feature, please also install the following patches: 112915-01 (or greater) snoop patch 112916-01 (or greater) rtquery patch 112918-01 (or greater) route.h patch 112929-01 (or greater) RIPv2 Headers patch NOTE 10: To get the complete fix for bug 4796820 (IPMP starts outgoing traffic on failed interface with option FAILBACK=no), please also install the following patch: 122673-01 (or greater) sockio.h header patch NOTE 11: This patch contains updated type data for some structures contained within the 'ip' module. When debugging this module via the 'mdb' command, explicit references to the updated structures should be scoped by prefixing the name with "ip`", for example: ip`"struct ipsec_policy_s", in order to access the new type description. The updated structures are: ipsec_selkey, ipsec_policy_s, ipsec_policy_root_s, ipsec_policy_head_s. README -- Last modified date: Tuesday, August 15, 2006