Patch-ID# 116966-16 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security ipv4 ipv6 addresses loopback ip_rput_data_v6() multipathing Synopsis: SunOS 5.8_x86: ip/arp/tcp/udp/tun patch Date: Mar/06/2006 Install Requirements: Reconfigure immediately after patch is installed Install in Single User Mode Solaris Release: 8_x86 SunOS Release: 5.8_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 116965 Topic: SunOS 5.8_x86: ip/arp/tcp/udp/tun patch Relevant Architectures: i386 BugId's fixed with this patch: 4291034 4299644 4302198 4308728 4311938 4331785 4363786 4365204 4380686 4385998 4427290 4465841 4511681 4643339 4647983 4653899 4705144 4737760 4796648 4963675 4969154 4980989 4984037 5004917 5018661 5074404 5084344 5089150 6210063 6212756 6259389 6276464 Changes incorporated in this version: 4511681 Patches accumulated and obsoleted by this patch: 109051-01 109899-05 112851-01 Patches which conflict with this patch: Patches required with this patch: 108529-29 117001-05 117351-13 (or greater) Obsoleted by: Files included with this patch: /kernel/drv/arp /kernel/drv/icmp /kernel/drv/icmp6 /kernel/drv/ip /kernel/drv/ip6 /kernel/drv/ipsecah /kernel/drv/ipsecesp /kernel/drv/rts /kernel/drv/tcp /kernel/drv/tcp6 /kernel/drv/udp /kernel/drv/udp6 /kernel/strmod/arp /kernel/strmod/tun /usr/include/inet/ip.h /usr/include/inet/tcp.h /usr/lib/adb/ill /usr/lib/adb/ipc /usr/lib/adb/tcp Problem Description: 4511681 TCP vulnerable to Denial Of Service via "ACK storm" (from 116966-15) 6276464 Reads on a tcp endpoint with synchronous streams can return extents of the input buffer unmodified (from 116966-14) 6259389 race condition between cl_tcp_walk_list() and connection establishment (from 116966-13) 4465841 Setting of V4/v4 tunnel's tsrc and tdst values is broken (from 116966-12) 6212756 UDP checksum 0x0000 not substituted with 0xffff for UDP over IPv6 packets (from 116966-11) 4963675 Multicast Routing does not work over IP-in-IP tunnels (e.g. ip.tunXXX) (from 116966-10) 4331785 ifconfig ip.atun0 plumb (without "inet6") causes tun module assertion failure (from 116966-09) 4380686 unexpected M_IOCDATA messages cause problems for ip 4385998 When used as a module, IP discards some ioctls it doesn't understand 6210063 When removing a network route, the IRE host route entry is not removed from IRE table. (from 116966-08) 5089150 Binding to a port which has already been bound may incorrectly succeed (from 116966-07) 5074404 Some RTM_* commands return true when they shouldn't (from 116966-06) 4796648 problem when path MTU == 68 (from 116966-05) 4643339 IP service is exclusive, causing severe performance problems 4653899 ARP hurricane can deny service 5084344 Panic caused by NULL pointer dereference in ipif_mask_reply() (from 116966-04) 4969154 ping -r (SO_DONTROUTE) to IRE_LOOPBACK/IRE_LOCAL ipif_net_type fails. (from 116966-03) 4980989 For NS not transmitted, the connectivity of IP is lost. 4737760 memory leak in nce_xmit() 4984037 ipif_lookup_onlink_addr() can return ipif_t's which are not IPIF_UP 5018661 ip goes in loop in forwarding path (from 116966-02) 5004917 system performance slowly degrades to a panic (from 116966-01) 4705144 IPV4 and IPV6 behave differently with addresses assigned to loopback (from 109899-05) 4365204 panic in arp layer - stack corruption (from 109899-04) 4363786 ARP request packets should not update entries belonging to local IP addresses (from 109899-03) 4427290 ar_open failure can lead to stale queues and memory corruption (from 109899-02) 4302198 Solaris 8 kernel panic when servicing interrupt from hme device (from 109899-01) This revision accumulates feature point patch 109051-01. (from 109051-01) 4311938 Network Multipathing should be integrated into Solaris 8 4299644 debug kernel panics; race between ip_close and ip_wsrv threads 4291034 arp: bad trap in ip while deleting logical interface during arp 4308728 ifconfig results in spurious message on the console (from 112851-01) 4647983 icmp should be QNEXTLESS Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: Perform patch installation in single user mode and do a reconfiguration boot (boot -r) after patch installation. NOTE 2: To get the complete IP Multipathing support, please also install the following patches: 109901-01 (or greater) /etc/init.d/network and /etc/rcS.d/S30network.sh patch 109903-01 (or greater) in.ndpd patch 109905-01 (or greater) mpathd and in.mpathd patch 109907-01 (or greater) ifconfig patch README -- Last modified date: Monday, March 6, 2006