Patch-ID# 119435-14

NOTE:
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Keywords: security ip ipsec_find_sel ipmp nic phyints ip arp_publish_count arp
Synopsis: SunOS 5.9_x86: ip patch
Date: Jan/08/2007


Install Requirements: Reconfigure after installation                      
                      Install in Single User Mode                      
                      
Solaris Release: 9_x86

SunOS Release: 5.9_x86

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for SPARC as patch 114344

Topic: SunOS 5.9_x86: ip patch

Relevant Architectures: i386

BugId's fixed with this patch: 4157198 4294701 4658177 4685978 4690625 4691277 4775897 4777295 4796820 4803389 4808860 4825472 4834142 4837086 4867136 4963675 4978063 5013238 5019039 5078640 5084073 6212756 6214946 6220619 6227733 6229034 6235832 6241739 6257723 6301112 6310343 6332525 6395535 6463069 6493627

Changes incorporated in this version: 6493627

Patches accumulated and obsoleted by this patch: 114925-07 115013-01 115015-01 119446-02

Patches which conflict with this patch: 

Patches required with this patch: 115684-02 117172-17 (or greater)

Obsoleted by: 

Files included with this patch: 

/kernel/drv/arp
/kernel/drv/ip
/kernel/drv/ipsecah
/kernel/drv/spdsock
/kernel/strmod/arp
/kernel/strmod/ip
/kernel/strmod/ipsecah
/sbin/in.mpathd
/usr/include/inet/arp.h
/usr/include/inet/ip_if.h
/usr/include/ipmp.h
/usr/include/ipmp_mpathd.h
/usr/include/ipmp_query.h
/usr/include/net/if.h
/usr/lib/abi/abi_libipmp.so.1
/usr/lib/inet/in.mpathd
/usr/lib/libipmp.so
/usr/lib/libipmp.so.1
/usr/lib/llib-lipmp
/usr/lib/llib-lipmp.ln
/usr/sbin/if_mpadm

Problem Description:

6493627 119435-13 needs to accumulate 119446-02
 
(from 119435-13)
 
4157198 ARP cache inconsistency between arp and ip modules
4978063 SO_DONTROUTE option causes ARP traffic for every frame
6463069 fix for CR 4157198 causes neg_advice_on_R1_{conn_a,conn_p,est} test failure
 
(from 119435-12)
 
6301112 Mangled Neighbor Solicitation messages out of Solaris in an IPMP configuration with IPv6
6310343 IPMP selects failed interfaces link local address.
6395535 IPMP configured system will reply with MAC/Link local address mismatch for ICMP echo reply
 
(from 119435-11)
 
4825472 IPMPs in.mpathd causes unnecessary failovers if started without usable routers
5019039 in.mpathd induces icmp hurricanes in single-router environments
 
(from 119435-10)
 
4294701 2 same routing entries for loopback interfaces
6241739 reassembly of an ipv6 frag of frag causes fault
 
(from 119435-09)
 
        This revision addresses patch construction issues.
 
(from 119435-08)
 
6257723 source address selection is wrong if IPMP is enabled.
 
(from 119435-07)
 
4796820 IPMP starts outgoing traffic on failed interface with option FAILBACK=no
5084073 Fix for 4796820 is not enough
6220619 IGMP messages are not sent out when interfaces fail over
6332525 When NIC goes down temporarily before accept(), tcp connection is made IDLE
 
(from 119435-06)
 
6227733 need improved scalability in ipsec policy engine
4867136 ipsec_find_sel may return holding the HASH_LOCK
 
(from 119435-05)
 
4690625 Logging doesn't seem to happen anymore
 
(from 119435-04)
 
4658177 panic while doing ifconfig addif on a partially configured tunnel
 
(from 119435-03)
 
6212756 UDP checksum 0x0000 not substituted with 0xffff for UDP over IPv6 packets
 
(from 119435-02)
 
4963675 Multicast Routing does not work over IP-in-IP tunnels (e.g. ip.tunXXX)
 
(from 119435-01)
 
6235832 panic in ip module during e1000g bind processing
 
(from 114925-07)
 
6229034 in.mpathd will abort on deferred probes with 0ms round-trip times
 
(from 114925-06)
 
4691277 IPMP wraps probe sequence numbers incorrectly.
 
(from 114925-05)
 
5013238 in.mpathd prints "Cannot meet requested failure detection time" frequently
5078640 in.mpathd uses the probe_interval as a global variable
 
(from 114925-04)
 
4837086 CMSG_FIRSTHDR should return NULL when controllen == 0
 
(from 114925-03)
 
4803389 in.mpathd's lightweight router target selection logic KO'd by 4673190
4834142 redundant call to phyint_repaired() in initifs() can "lose" a probe
 
(from 114925-02)
 
4777295 PSARC/2002/615 IP Multipathing Query Interface
4775897 events for the ipmp anonymous group should be just like named groups
 
(from 114925-01)
 
4685978 IPMP does not detect NIC repair when only one of the two targets is up
4808860 mpathd deletes target list of phyints in all groups when link fails in one group
 
(from 115013-01)
 
4777295 PSARC/2002/615 IP Multipathing Query Interface
4775897 events for the ipmp anonymous group should be just like named groups
 
(from 115015-01)
 
4777295 PSARC/2002/615 IP Multipathing Query Interface
4775897 events for the ipmp anonymous group should be just like named groups
 
(from 119446-02)
 
4157198 ARP cache inconsistency between arp and ip modules
4978063 SO_DONTROUTE option causes ARP traffic for every frame
 
(from 119446-01)
 
6214946 publishing an arp entry causes source Ether Addr issue

Patch Installation Instructions:
--------------------------------
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
 
Perform patch installation in single user mode.
Perform a reconfiguration boot, boot -r, after patch installation.
 
NOTE 1:  To get the complete fix for bug 4837086 (CMSG_FIRSTHDR should return
         NULL when controllen == 0), please also install the following patches:
 
         114348-05 (or greater)  in.routed patch
         114442-02 (or greater)  ifconfig patch
         116018-02 (or greater)  in.ndpd patch
         116507-02 (or greater)  traceroute patch
         116775-01 (or greater)  ping patch
         116777-01 (or greater)  mipagent patch
         116779-01 (or greater)  in.ripngd patch
 
NOTE 2:  Installing this patch will permanently move /sbin/in.mpathd to
         the new location /usr/lib/inet/in.mpathd.  /sbin/in.mpathd will
         then be replaced by a symlink to this new location.
         Backing this patch out will restore the original in.mpathd binary,
         but the positional change described above will not be undone.
 
NOTE 3:  To get the complete fix for bug 4796820 (IPMP starts outgoing traffic
         on failed interface with option FAILBACK=no), please also install the
         following patch:
 
         122674-01 (or greater)  sockio.h header patch

README -- Last modified date:  Monday, January 8, 2007