Patch-ID# 101796-01
Keywords: interopera, break, segment, syn, sid, tcp
Synopsis: Trusted Solaris 1.1: Missing SID in TCP SYN segment breaks interoperability
Date: Nov/07/94

Solaris Release: Trusted_Solaris_1.1

SunOS Release: 

Unbundled Product: 

Unbundled Release: 

Relevant Architectures: sparc
    NOTE: sun4 sun4c sun4m

BugId's fixed with this patch: 1157370

Changes incorporated in this version: 

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

sun4/OBJ/sec_socket.o
sun4c/OBJ/sec_socket.o
sun4m/OBJ/sec_socket.o

Problem Description: 

During the TSIG interoperability test in Jan, 1994, it was observed  
that other machines can use telnet and rlogin services to the
SunOS CMW machine, but not vice-versa.

The problem was traced to a missing SID on the initial TCP SYN 
segment.

Patch Installation Instructions: 

NOTE:  While reconfiguring the kernel, refer to the System and Network
       Administration Manual for SunOS 4.1, Chapter 9, "Reconfiguring
       the System Kernel." 

1.    Halt the diskless server and boot to single-user mode.

	(1) Bring your cursor down to the trusted path stripe, bring up
	    the Trusted Path menu, select utility "Shutdown Machine."

	(2) At the system prompt type:

	    boot -s

	(3) You may be asked for a password if the eprom is set to
	    secure-mode.

	(4) start csh

	    csh
        # /etc/halt

2.    These instructions assume you have copied the patch files to a
      temporary directory, such as /tmp. Because customers obtain patches
      from different sources, these instructions do not attempt to cover
      all possibilities. To give one example, if this patch is on a tar
      tape inserted in st0, you would do this:

	# cd /tmp 
        # tar xvf /dev/rst0

3.    Go to the OBJ directory for the server's architecture:
 
        # cd /usr/kvm/sys/`arch -k`/OBJ
 
4.    Save the existing version of sec_socket.o. For example:
 
   	# cp sec_socket.o sec_socket.o.FCS

5.    Copy the new object module into the OBJ directory from the
      temporary directory.  For example:

	  # cp /tmp/sun4m/OBJ/sec_socket.o .

6.    Build and install the new kernel, carefully following substeps
      6a through 6d.

6a.   Choose a name for your configuration of the system; for example,
      PATCHED.

6b.   Create the configuration file by making a copy of GENERIC
      or of an already-customized configuration file, and change the
      mode.

	# cp GENERIC PATCHED; chmod +w PATCHED

6c.   Run config on the new file:

        # /etc/config PATCHED   

      (The directory ../PATCHED will be made if it doesn't exist and
      a "make depend" will be done unless you specify a "-n" flag.)
 
6d.   Make the new system:

        # cd ../PATCHED  
        # make

7.    Save the original kernel, install the new one in /vmunix, and
      try it out:

        # mv /vmunix /vmunix.orig
        # cp vmunix /vmunix
        # /etc/halt
        ok  boot

7.   If the system does not work, halt the server, reboot from the original
      kernel, restore the original kernel, and then rebuild the new kernel:

        # /etc/halt
        ok  boot vmunix.orig -s
        #  mv /vmunix.orig /vmunix
	ok boot

      Start again with step 2 above to rebuild the kernel.

8.   Return the server to single-user mode, and configure the diskless clients.

	# /etc/halt
	ok boot -s

      For diskless clients with the same architecture as the
      server, go to step 9.

      When any diskless clients do not have the same architecture as the
      server, do step 10.

9.   For each client with the same kernel architecture as the server,
      copy the new /vmunix into the /export/root/<clientname> directory
      following substeps 10a through 10c.

10a.  Go to the client's root directory:

        # cd /export/root/<clientname>
 
10b.  Back up the current vmunix file:

        # cp vmunix vmunix.FCS

10c.  Copy the server's /vmunix to the current directory:

        # cp /vmunix vmunix

11.   For any diskless clients that do not have the same architecture
      as the server, before you build the new kernel for each
      architecture, make a copy of the sec_socket.o object file and copy the
      patched file into the appropriate OBJ directory for that
      architecture, under:

/export/exec/kvm/sun[4,4c,4m].trusted_solaris.1.1/sys/sun[4,4c,4m]/OBJ

      as described in substeps 12a through 12e.
      
12a.  Go to the appropriate OBJ directory and make a copy of the object
      file.  For example, for a sun4c:

	# cd /export/exec/kvm/sun4c.trusted_solaris.1.1/sys/sun4c/OBJ
	# cp sec_socket.o sec_socket.o.FCS

12b.  Copy the patched sec_socket.o object file from the temporary directory
      into the appropriate OBJ directory.  For example:

        # cp /tmp/sun4c/OBJ/sec_socket.o .
 
12c.  Follow Method 2 on page 244 of the SunOS 4.1 System and Network
      Administration Manual, in the section titled "Procedure for
      Reconfiguring the Kernel," to create a new kernel for the
      appropriate architecture.

13d.  Copy the new kernel to all clients with the same architecture.

13e.  Repeat steps 13a through 13e for each architecture.
 


