OBSOLETE Patch-ID# 112904-09 Keywords: security tcp cgtp ip ipqos pckt nexthdr ip_addr tunneling 6to4 router Synopsis: Obsoleted by: 112233-11 SunOS 5.9: tcp/ip Patch Date: Oct/14/2003 Install Requirements: Install in Single User Mode Reboot after installation Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 114337 Topic: SunOS 5.9: tcp/ip Patch *********************************************************** NOTE: This patch may contain one or more OEM-specific platform ports. See the appropriate OEM_NOTES file within the patch for information specific to these platforms. DO NOT INSTALL this patch on an OEM system if a corresponding OEM_NOTES file is not present (or is present, but instructs not to install the patch), unless the OEM vendor directs otherwise. *********************************************************** Relevant Architectures: sparc sparc.sun4u BugId's fixed with this patch: 4203748 4396697 4417647 4425786 4479794 4488694 4502640 4511634 4592876 4639079 4644731 4645471 4647361 4648388 4649557 4656795 4658216 4659882 4660167 4662169 4662866 4673676 4682913 4687850 4688392 4688398 4688704 4689309 4691577 4694560 4712511 4715897 4722897 4737656 4745039 4747714 4749268 4763402 4763813 4772712 4784039 4790941 4803645 4805135 4820199 4838367 4844839 Changes incorporated in this version: 4203748 4838367 Patches accumulated and obsoleted by this patch: 112653-04 112687-02 112701-02 112902-12 112903-03 Patches which conflict with this patch: Patches required with this patch: 112233-07 or greater 113449-02 or greater 113453-04 or greater Obsoleted by: Files included with this patch: /etc/init.d/inetsvc /etc/rc0.d/K42inetsvc /etc/rc1.d/K42inetsvc /etc/rc2.d/S72inetsvc /etc/rcS.d/K42inetsvc /kernel/drv/ip /kernel/drv/sparcv9/ip /kernel/drv/sparcv9/tcp /kernel/drv/tcp /kernel/strmod/6to4tun /kernel/strmod/ip /kernel/strmod/sparcv9/6to4tun /kernel/strmod/sparcv9/ip /kernel/strmod/sparcv9/tcp /kernel/strmod/sparcv9/tun /kernel/strmod/tcp /kernel/strmod/tun /usr/include/inet/ip.h /usr/include/inet/ip_if.h /usr/include/inet/ip_ire.h /usr/include/inet/tcp.h /usr/include/netinet/in.h /usr/include/netinet/ip6.h /usr/include/sys/dlpi.h /usr/lib/adb/ill /usr/lib/adb/ipc /usr/lib/adb/sparcv9/ill /usr/lib/adb/sparcv9/ipc /usr/lib/adb/sparcv9/tcp /usr/lib/adb/tcp Problem Description: 4203748 Need router alert in mld_sendpkt 4838367 valid router alert generates level 0 ip debug (from 112904-08) 4805135 mctl_present does not imply IPsec in use 4844839 ip_copymsg assumes that only IPsec uses M_CTL (from 112904-07) 4722897 ipcsumdbg() causes system to drop to OBP (from 112904-06) 4715897 arp falsely assumes only one AR_INTERFACE_UP can occur at a time (from 112904-05) 4747714 TCP Multidata Transmit (MDT) Project 4763813 tcp adb macro missing a couple of fields 4772712 DL_{CAPABILITY,CONTROL}_* framework needs to be re-integrated 4803645 structure tags declared extern (from 112904-04) 4737656 strqset+0x14 alignment panic (from 112904-03) 4745039 tcp_close_detached should give cluster callback before removing tcpb (from 112904-02) 4687850 TCP loopback connection stays in LAST_ACK (with the peer in FIN_WAIT_2) (from 112904-01) This patch revision was generated to accumulate and obsolete the changes introduced in Solaris Update: s9u1 feature point patches: 112701-02 (from 112701-02) This patch revision was generated to synchronize the package version string between s9 and s9u1 (from 112701-01) 4645471 CGTP feature required in Solaris 9 Update (from 112902-12) 4790941 Running cgtp duplication with functionalipv6 option causes system hang 4659882 ip_newroute_ipif creates IRE cache entries with incorrect cmask 4820199 cgtp.cmd - cgtp_func_Setsrc_01IPv4 failed in 64-bit and 32-bit 4689309 CGTP multicast IPv6 routing mechanism does not work with specific configurations (from 112902-11) 4749268 connect() to localhost fails when SO_DONTROUTE is set 4784039 connect() to `hostname` fails if SO_DONTROUTE is set (from 112902-10) 4688704 Solaris should implement 6to4 Router as per RFC3056 4688392 tun module needs more atomic operations for single counter updates 4688398 tun module needs better debugging facility 4694560 typo in kstat name for tuns_OutDiscard (noxmtbuF) 4660167 tunnel module incorrectly calls into IP (from 112902-09) 4763402 IPQoS dlcosmk does not mark packets correctly in some cases (from 112902-08) 4662866 ipif_select_source() breaks a multinetted environment (from 112902-07) 4691577 ASSERT(ire->ire_type == IRE_CACHE) fails in ire_cache_cleanup() when forwarding (from 112902-06) 4662169 changing ip_addr on one logical I/F can cause pkt loss via other I/F on the phys (from 112902-05) 4656795 Directed broadcast forwarding does not work. (from 112902-04) 4511634 Overloading of test and data IP address for single adapter group ( FIX FOR 4724336 WAS BACKED OUT FROM THIS REVISION ) 4724336 ipsec vs cgtp duplication testcase failures (from 112902-03) 4712511 Cannot setup ipqos on S9U1 b7. (from 112902-02) 4502640 IP should avoid triggering spanning-tree hold-down periods when possible 4639079 panic after removing logical interface 4658216 Existence of ipsec policy creates bypass of ipqos policy 4673676 panic with assertion failure nexthdr != IPPROTO_FRAGMENT, in ip6.c, line3611 4682913 IPQoS causes a netbench regression in S9U1 (from 112902-01) This patch revision was generated to accumulate and obsolete the changes introduced in Solaris Update: s9u1 feature point patches: 112653-04 (from 112653-04) 4649557 assertion failed: CLASSD(group), file: ../../common/inet/ip_ire.c (from 112653-03) This patch revision was generated to synchronize the package version string between s9 and s9u1 (from 112653-02) 4479794 Can't configure tunnels over IPv6 4396697 IPv6 tunnel support needed 4425786 ifconfig prints tunnel addresses incorrectly 4417647 snoop handles unknown IPv6 destination options incorrectly 4592876 in.ndpd daemonizes too soon 4648388 snoop's parsing of tunnel encap limit dst opts goes off into the weeds 4645471 CGTP feature required in Solaris 9 Update 4647361 Solaris needs IPQoS feature 4644731 IPQoS project degrades netbench performance when feature is disabled (from 112653-01) 4488694 No mechanism to indicate if an interface supports CoS marking or not (from 112903-03) 4688704 Solaris should implement 6to4 Router as per RFC3056 4688392 tun module needs more atomic operations for single counter updates 4688398 tun module needs better debugging facility 4694560 typo in kstat name for tuns_OutDiscard (noxmtbuF) 4660167 tunnel module incorrectly calls into IP (from 112903-02) This revision was included in S9 Update2 but ended up incorporating no new content; it has the same net effect as installing revision -01. (from 112903-01) This patch revision was generated to accumulate and obsolete the changes introduced in Solaris Update: s9u1 feature point patches: 112687-02 (from 112687-02) This patch revision was generated to synchronize the package version string between s9 and s9u1 (from 112687-01) 4479794 Can't configure tunnels over IPv6 4396697 IPv6 tunnel support needed 4425786 ifconfig prints tunnel addresses incorrectly 4417647 snoop handles unknown IPv6 destination options incorrectly 4592876 in.ndpd daemonizes too soon 4648388 snoop's parsing of tunnel encap limit dst opts goes off into the weeds Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: NOTE1: To get the complete CoS RFE 4488694 (No mechanism to indicate if an interface supports CoS marking or not) , please install patch 112911-01 (or newer). NOTE2: To get the complete CGTP feature, please install the following patches: 112904-01 (or newer) tcp 112917-01 (or newer) ifrt 112918-01 (or newer) route 112919-01 (or newer) netstat NOTE3: To get the complete Packet Tunneling over IPv6 feature, please install the following patches: 112912-01 (or newer) libinetcfg.so.1 112911-01 (or newer) ifconfig 112915-01 (or newer) snoop 112928-01 (or newer) in.ndpd NOTE4: To get the complete IPQoS feature, please install the following patches: 112920-01 (or newer) libipp 112905-01 (or newer) ippctl 112906-01 (or newer) ipgpc 112927-01 (or newer) IPQos Header 112233-01 (or newer) KU Patch NOTE6: To get the complete fix for bugid 4511634, please install the following patches: 112854-02 (or newer) 113459-01 (or newer) 113964-01 (or newer) NOTE7: To get the complete 6to4 Router feature, please install the following patches: 112911-03 (or newer) ifconfig 113964-01 (or newer) 6to4relay patch NOTE8: To get the complete fix of TCP Multidata Transmit feature, please install the following patches: 113449-02 (or newer) gld patch 113453-04 (or newer) sockfs patch 112233-07 (or newer) Kernel Update patch NOTE9: To get the complete fix for 4715897, please install 114344-02 (or newer) arp patch README -- Last modified date: Tuesday, December 23, 2003