Patch-ID# 116965-19 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security ipv4 ipv6 addresses loopback multipathing in.mpathd Synopsis: SunOS 5.8: ip/arp/tcp/udp/tun patch Date: Mar/02/2006 Install Requirements: Reconfigure immediately after patch is installed Install in Single User Mode Solaris Release: 8 SunOS Release: 5.8 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 116966 Topic: SunOS 5.8: ip/arp/tcp/udp/tun patch ********************************************************************* NOTE: This patch may contain one or more OEM-specific platform ports. See the appropriate OEM_NOTES file within the patch for information specific to these platforms. DO NOT INSTALL this patch on an OEM system if a corresponding OEM_NOTES file is not present (or is present, but instructs not to install the patch), unless the OEM vendor directs otherwise. ********************************************************************* Relevant Architectures: sparc BugId's fixed with this patch: 1102965 4291034 4299644 4302198 4308728 4311938 4331785 4363786 4365204 4380686 4385998 4427290 4465841 4511681 4643339 4647983 4653899 4691277 4705144 4708720 4737760 4796648 4796820 4963675 4969154 4980989 4984037 5004917 5013238 5018661 5074404 5078640 5084073 5084344 5084452 5089150 6210063 6212756 6220619 6229034 6259389 6276464 6350615 6354773 Changes incorporated in this version: 4796820 5084073 6220619 Patches accumulated and obsoleted by this patch: 109050-01 109898-05 112850-01 117008-04 Patches which conflict with this patch: Patches required with this patch: 108528-29 117000-05 117350-13 (or greater) Obsoleted by: Files included with this patch: /kernel/drv/arp /kernel/drv/icmp /kernel/drv/icmp6 /kernel/drv/ip /kernel/drv/ip6 /kernel/drv/ipsecah /kernel/drv/ipsecesp /kernel/drv/rts /kernel/drv/sparcv9/arp /kernel/drv/sparcv9/icmp /kernel/drv/sparcv9/icmp6 /kernel/drv/sparcv9/ip /kernel/drv/sparcv9/ip6 /kernel/drv/sparcv9/ipsecah /kernel/drv/sparcv9/ipsecesp /kernel/drv/sparcv9/rts /kernel/drv/sparcv9/tcp /kernel/drv/sparcv9/tcp6 /kernel/drv/sparcv9/udp /kernel/drv/sparcv9/udp6 /kernel/drv/tcp /kernel/drv/tcp6 /kernel/drv/udp /kernel/drv/udp6 /kernel/strmod/arp /kernel/strmod/sparcv9/arp /kernel/strmod/sparcv9/tun /kernel/strmod/tun /sbin/in.mpathd /usr/include/inet/ip.h /usr/include/inet/tcp.h /usr/include/net/if.h /usr/lib/adb/ill /usr/lib/adb/ipc /usr/lib/adb/sparcv9/ill /usr/lib/adb/sparcv9/ipc /usr/lib/adb/tcp Problem Description: 4796820 IPMP starts outgoing traffic on failed interface with option FAILBACK=no 5084073 Fix for 4796820 is not enough 6220619 IGMP messages are not sent out when interfaces fail over. (from 116965-18) 1102965 UDP Length Checks 4708720 TCP/UDP make unwarranted ICMP M_CTL assumptions 5084452 ICMP can snipe away incipient TCP connections 6354773 some changes made by 5084452 do not work with x86 (from 116965-17) 4511681 TCP vulnerable to Denial Of Service via "ACK storm" (from 116965-16) 6350615 Patch 116965-15 has unnecessary copy of previous revision of preinstall script. This revision removes this preinstall. (from 116965-15) 6276464 Reads on a tcp endpoint with synchronous streams can return extents of the input buffer unmodified (from 116965-14) 6259389 race condition between cl_tcp_walk_list() and connection establishment (from 116965-13) 4465841 Setting of V4/v4 tunnel's tsrc and tdst values is broken (from 116965-12) 6212756 UDP checksum 0x0000 not substituted with 0xffff for UDP over IPv6 packets (from 116965-11) 4963675 Multicast Routing does not work over IP-in-IP tunnels (e.g. ip.tunXXX) (from 116965-10) 4331785 ifconfig ip.atun0 plumb (without "inet6") causes tun module assertion failure (from 116965-09) 4380686 unexpected M_IOCDATA messages cause problems for ip 4385998 When used as a module, IP discards some ioctls it doesn't understand 6210063 When removing a network route, the IRE host route entry is not removed from IRE table. (from 116965-08) 5089150 Binding to a port which has already been bound may incorrectly succeed (from 116965-07) 5074404 Some RTM_* commands return true when it shouldn't (from 116965-06) 4796648 problem when path MTU == 68 (from 116965-05) 4643339 IP service is exclusive, causing severe performance problems 4653899 ARP hurricane can deny service 5084344 Panic caused by NULL pointer dereference in ipif_mask_reply() (from 116965-04) 4969154 ping -r (SO_DONTROUTE) to IRE_LOOPBACK/IRE_LOCAL ipif_net_type fails. (from 116965-03) 4980989 For NS not transmitted, the connectivity of IP is lost. 4737760 memory leak in nce_xmit() 4984037 ipif_lookup_onlink_addr() can return ipif_t's which are not IPIF_UP 5018661 ip goes in loop in forwarding path (from 116965-02) 5004917 system performance slowly degrades to a panic (from 116965-01) 4705144 IPV4 and IPV6 behave differently with addresses assigned to loopback (from 109898-05) 4365204 panic in arp layer - stack corruption (from 109898-04) 4363786 ARP request packets should not update entries belonging to local IP addresses (from 109898-03) 4427290 ar_open failure can lead to stale queues and memory corruption (from 109898-02) 4302198 Solaris 8 kernel panic when servicing interrupt from hme device (from 109898-01) This patch revision accumulates/obsoletes feature point patch 109050-01. (from 109050-01) 4311938 Network Multipathing should be integrated into Solaris 8. 4299644 debug kernel panics; race between ip_close and ip_wsrv threads 4291034 arp: bad trap in ip while deleting logical interface during arp 4308728 ifconfig results in spurious message on the console (from 112850-01) 4647983 icmp should be QNEXTLESS (from 117008-04) 6229034 in.mpathd will abort on deferred probes with 0ms round-trip times (from 117008-03) 4691277 IPMP wraps probe sequence numbers incorrectly. (from 117008-02) 5013238 in.mpathd prints "Cannot meet requested failure detection time" frequently 5078640 in.mpathd uses the probe_interval as a global variable (from 117008-01) Internal release only. Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: Perform patch installation in single user mode. Perform a reconfiguration boot, boot -r, after patch installation. NOTE 2: To get the complete IP Multipathing support, please also install the following patches: 109900-01 (or greater) /etc/init.d/network and /etc/rcS.d/S30network.sh patch 109902-01 (or greater) /usr/lib/inet/in.ndpd patch 109904-01 (or greater) /etc/default/mpathd and /sbin/in.mpathd patch 109906-01 (or greater) ifconfig patch NOTE 3: To get the complete fix for bugid 4796820 (IPMP starts outgoing traffic on failed interface with option FAILBACK=no), please also install the following patch: 122432-01 (or greater) sockio.h patch README -- Last modified date: Thursday, March 2, 2006