*Missing utilities in Solaris11 Non global zone.*

Similar Messages

• How to install JDK6 and Netbeans 6 in a non-global zone?

  Hi,
  I have a Solaris system where I want to deploy separate containers for several developers.
  I'm having difficulty in installing JDK 6 and Netbeans 6, I get lots of missing package errors in non-global zone.
  What would be the best approach for installing jdk 6 + netbeans 6 seperately for each developer?
  Thanks in advance.

  Hi
  It depends how you have created your zone, what has been inherited from the global:
  inherit-pkg-dir:
  dir: /lib
  inherit-pkg-dir:
  dir: /platform
  inherit-pkg-dir:
  dir: /sbin
  inherit-pkg-dir:
  dir: /usr
  But if you only want a jdk and netbeans, there is no really dependencies the simplest approach si to download the not packaged version and put it in /opt which is not inherited
  You just have to put a jdk in /opt/jdk1.6.0... and netbeans in /opt/netbeans-6.0..
  Don't really understand why you want a separate zone, one zone, several accounts which share the same jdk and netbeans, that's the way unix work ;)

• How to enable GUI in a non global zone in solaris11?

  How to enable graphical logon in a non global zone in solaris11, so the zone can be login by Xmanager? Thanks!

  This guide will cover how to setup a basic VNC connection to a Solaris 11 machine. There is also an optional step to allow for persistent VNC connections.
  Step 1
  Configure GDM to include ‘[security] DisallowTCP=false’ and ‘[xdmcp] Enable=true’.
  $ sudo gedit /etc/gdm/custom.conf
  # GDM configuration storage
  [daemon]
  [security]
  DisallowTCP=false
  [xdmcp]
  Enable=true
  [greeter]
  [chooser]
  [debug]
  Step 2
  Configure X-Server to accept remote connections.
  # svccfg -s application/x11/x11-server
  svc:/application/x11/x11-server> setprop options/tcp_listen = boolean: true
  svc:/application/x11/x11-server> end
  Step 3
  Configure the VNC service (you could change the ‘-geometry 1280×720′ to whatever resolution you would like).
  # svccfg -s xvnc-inetd
  svc:/application/x11/xvnc-inetd> setprop inetd_start/exec = astring: "/usr/bin/Xvnc -desktop sol11:0 -geometry 1024x768 -inetd -query localhost -once securitytypes=none"
  svc:/application/x11/xvnc-inetd> setprop inetd/wait = boolean: true
  svc:/application/x11/xvnc-inetd> end
  ** The line highlighted red is optional – only do this if you want your VNC connection to persist (as well as any potential security issues)
  or
  # svccfg -s xvnc-inetd
  svc:/application/x11/xvnc-inetd> editprop
  search for # setprop inetd_start/exec = astring: "/usr/bin/Xvnc
  copy the line, uncomment the copy, makethe changes above, write the file out.
  svcadm refresh xvnc-inetd
  Step 4
  Disable and the re-enable the GDM and VNC-inetd services for the changes to take effect.
  $ su root
  Password:
  # svcadm disable gdm xvnc-inetd; svcadm enable gdm xvnc-inetd
  If still in maintenance, reboot (I had to, don't know why).
  Step 5
  Point your favourite VNC client at your Solaris server and test if it accepts your VNC connection – you should be presented with a Username/Password login screen.
  If you performed the optional step to make your connections persist – close your favourite VNC client and then reconnect – if you remained logged in you have a persistent connections.
  Greg on said:
  After a fresh text install of Solaris-11 (11/11) both xvnc-inetd and gdm are not present. After installing them (# pkg install xvnc-inetd gdm) I can’t get gdm to start:
  # svcadm enable gdm
  # svcs gdm
  offline 10:24:03 svc:/application/graphical-login/gdm:default
  Any thoughts?
  Ron on said:
  You are missing some X packages. Do the following:
  pkg install slim_install           # installs 400+ packages
  svcadm enable gdm && exit      # gdm now works
  pkg uninstall slim_install           # uninstalls the installer package only

• Pkgmap files missing in global zone, can't build non-global zone

  My solaris 10 server is missing the pkgmap files for the packages. As a result, I can't build a non-global zone. Is there a way to recreate the pkgmap files?
  The OS on the Solaris 10 server was installed via jumpstart (initial install). However, the Jumpstart process used a Solaris 9 boot server which seems to have caused the missing pkgmap problem.
  Does anyone know of any other problems which would result from a version mismatch between a boot and installation server during the jumpstart process?

  Hi, i have problems with building transmission from svn too:
  $ versionpkg
  ==> retrieving latest revision number from svn... 3730
  ==> newer revision detected: 3730
  ==> Entering fakeroot environment
  ==> Making package: transmission-svn 3730-1 (Di 6. Nov 08:28:38 CET 2007)
  ==> Checking Runtime Dependencies...
  ==> Checking Buildtime Dependencies...
  ==> Retrieving Sources...
  ==> Validating source files with md5sums
  ==> Extracting Sources...
  ==> Removing existing pkg/ directory...
  ==> Starting build()...
  Fetching external item into 'Transmission/third-party/libevent'
  Checked out external at revision 477.
  Checked out revision 3730.
  ==> SVN checkout done or server timeout
  ==> Starting make...
  ./autogen.sh: line 16: autoreconf: command not found
  Creating aclocal.m4 ...
  Running glib-gettextize...  Ignore non-fatal messages.
  Copying file mkinstalldirs
  Copying file po/Makefile.in.in
  Please add the files
    codeset.m4 gettext.m4 glibc21.m4 iconv.m4 isc-posix.m4 lcmessage.m4
    progtest.m4
  from the /aclocal directory to your autoconf macro directory
  or directly to your aclocal.m4 file.
  You will also need config.guess and config.sub, which you can get from
  ftp://ftp.gnu.org/pub/gnu/config/.
  Making aclocal.m4 writable ...
  Running intltoolize...
  PKGBUILD: line 33: ./configure: No such file or directory
  make: *** No targets specified and no makefile found.  Stop.
  ==> ERROR: Build Failed.  Aborting...
  ==> ERROR: Reverting pkgver...
  i dont know whats up with the autoreconf
  i hope anyone can help me!
  greez

• Userdel command is missing in non-global zone

  Hi,
  I am trying to remove a user account in one of the non-global zone. But the 'userdel' command is missing in the system. This system is non-global zone. I am able to remove the same account in other non-global zone. Please find the system details:
  root@mars # uname -a
  SunOS mars 5.9 Generic_Virtual sun4u sparc SUNW,Sun-Fire
  Can you please let me know which package i have to install in this box to perform user admin activity.
  Thanks,
  Ram.

  Hi.
  Not.
  df -h swap - will show how many total swap now available on whole system.
  For check limit you can use for example:
  prctl -n zone.max-swap -i process $$
  Regards.

• Ssh takes me to the global zone instead of the non-global zone

  I have set up my first Solaris 10 server with a new zone. The ce device is set up on the zone as well as the global zone.
  Output from ifconfig on the global zone:
  # ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  ce0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 172.16.1.217 netmask ffffff00 broadcast 172.16.1.255
  ether 0:3:ba:f2:a1:54
  ce1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
  inet 172.16.1.199 netmask ffffff00 broadcast 172.16.1.255
  ether 0:3:ba:f2:a1:54
  Output from the non-global zone:
  # ifconfig -a
  lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
  inet 127.0.0.1 netmask ff000000
  ce1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
  inet 172.16.1.199 netmask ffff0000 broadcast 172.16.255.255
  ether 0:3:ba:f2:a1:54
  When I ssh into the non-global zone, I end up in the global zone? Can I ssh straight into the non-global zone? Am I missing something in the zone setup that keeps me from being able to ssh into the non-global zone?
  Any help is appreciated. I have been racking my brain on this for several hours.
  Thanks ahead of time.

  TAdriver wrote:
  The one thing I have found in the documentation is that if you set the network as an exclusive IP, you can only assign the physical name using zonecfg. You can't set the IP address or the default router. In fact, if you try to set either of those, you get an error saying you can't set those using an exclusive IP type.Correct. When doing a shared-IP zone, the zone has no privileges to do IP-level things. So the global zone (via the zone configuration) creates the virtual interface and sets the IP address. Then when the zone is booted, the interface is given to it.
  With an exclusive-IP zone, the zone can do all this work itself. From its perspective, it's handed an interface like a regular machine. So the IP settings are done within the zone (/etc/hosts, /etc/hostname.XXX, /etc/netmasks).
  Darren

• Non-Global Zone Routing

  I have a V20z running a global zone on an IANA private network of 172.30.0.x and nic bge0
  I also have a non-global zone on a public IP of 207.246.20.169 and nic bge1.
  I am unable to ping from one zone to the next via a gateway. Normally the global zone would use a standard gateway for that network and my public network would also use a standard gateway for that network.
  What appears to be happening is that despite what is in my /etc/defaultrouter the zone itself is the gateway.
  For example, to ping something from either zone which would require the gateway results in:
  ICMP Host Unreachable from gateway 'zone name' (zone ip address)
  What I want to happen is that the global zone honors the gateway that is normally used in this network and the non-global zone uses/honors the gateway that is normally used in that network.
  It doesn't seem to matter if I have the normal internal gateway in my /etc/defaultrouter or if I have the normal public gateway in /etc/defaultrouter or if I have both in /etc/defaultrouter (all in the global zone of course).
  Do I need to use routed to achieve this? Am I missing something here?

  I hammered the problem out by adding a static route in the global zone:
  route add 172.30.0.0 207.246.20.161
  Where 207.246.20.161 is my gateway on the public side.
  I slapped this into an /etc/init.d script in the global zone and ran it from /etc/rc2.d like the article below suggests:
  http://www.sun.com/bigadmin/content/submitted/persistent_routing.html

• Non-global zone sending TCP SYN-ACK packet over wrong interface.

  After spending many hours looking at ipmon/ethereal logs, I believe I've found
  a explanation (a bug?) for the following strange behaviour (Solaris 10u1):
  I've got a non-global zone with Apache2 with dedicated IP and bound to interface e1000g2 of a Sun X4200 box. The global zone has a different dedicated IP bound to a different interface e1000g0.
  When I point a browser at the web site, the HTML page often comes up immediately, but sometimes it will hang and only load when I press the reload browser button one or multiple times. This is reproducible with different browsers from different networks with or without DNS resolution. It's reproducible with other non-local zones configured alike and running different TCP based services (namely SSH or non-Apache HTTP).
  This is what happens in a failing case (Ethereal client dump "dump_failed.txt" and IPF log "att1.txt" lines 1-3 pp): the incoming TCP SYN comes over interface e1000g2 (correct) and is passed by IPF. However, the non-global zone sends the TCP SYN-ACK package back over interface e1000g0, which is wrong and causes IPF to fail to build a correct state entry. Then, afterwards, the response packets from the webserver will be filtered by IPF, since it has no state entry.
  In the success case (Ethereal client dump "dump_success.txt" and IPF log "att1.txt" lines 19-21 pp), the incoming TCP SYN is answered correctly by a TCP SYN-ACK both over interface e1000g2. IPF can build a state entry and all subsequent packets from the webserver reach the client.
  =====
  The non-global zone has this setup:
  zonecfg:ws1> info
  ...snip...
  net:
  address: 62.146.25.34
  physical: e1000g2
  zonecfg:ws1>
  =====
  The relevant (as of the IPF log) IPF rules are:
  rule 1: block out log all
  rule 16: pass in log quick proto tcp from any to 62.146.25.34 port = 80 keep state
  =====
  If I didn't miss an important point, I suspect this to be a bug in Zones and/or IPF.
  Any hints?
  Thx,
  Tobias
  "att1.txt":
  LINE     PACKET_DT     PACKET_FS     PACKET_IFC     RULE_NUMBER     RULE_ACTION     SOURCE_IP     SOURCE_PORT     DEST_IP     DEST_PORT     PROTOCOL     TCP_FLAGS
  1     08.05.2006 21:24:09     786741     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     S
  2     08.05.2006 21:24:09     786863     e1000g0     16     p     62.146.25.34     80     84.56.16.159     60693     tcp     AS
  3     08.05.2006 21:24:09     808218     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     A
  4     08.05.2006 21:24:09     837170     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AP
  5     08.05.2006 21:24:09     837189     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
  6     08.05.2006 21:24:09     837479     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AP
  7     08.05.2006 21:24:12     823801     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AP
  8     08.05.2006 21:24:12     823832     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
  9     08.05.2006 21:24:13     210039     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AP
  10     08.05.2006 21:24:18     839318     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AP
  11     08.05.2006 21:24:18     839351     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
  12     08.05.2006 21:24:19     970040     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AP
  13     08.05.2006 21:24:24     840073     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AF
  14     08.05.2006 21:24:30     870503     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AP
  15     08.05.2006 21:24:30     870538     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
  16     08.05.2006 21:24:33     480059     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
  17     08.05.2006 21:24:45     347464     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AF
  18     08.05.2006 21:24:45     347498     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
  19     08.05.2006 21:24:47     857068     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     S
  20     08.05.2006 21:24:47     857118     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     AS
  21     08.05.2006 21:24:47     878257     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     A
  22     08.05.2006 21:24:47     907630     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     AP
  23     08.05.2006 21:24:47     907644     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     A
  24     08.05.2006 21:24:47     907892     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     AP
  25     08.05.2006 21:24:47     976361     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     AP
  26     08.05.2006 21:24:47     976375     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     A
  27     08.05.2006 21:24:47     976487     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     AP
  28     08.05.2006 21:24:48     127599     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     A
  29     08.05.2006 21:24:54     932569     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AFP
  30     08.05.2006 21:24:54     932595     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
  31     08.05.2006 21:25:00     490052     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
  32     08.05.2006 21:25:02     980057     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     AF
  33     08.05.2006 21:25:03     1890     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     A
  34     08.05.2006 21:25:09     907916     e1000g2     16     p     84.56.16.159     60694     62.146.25.34     80     tcp     AF
  35     08.05.2006 21:25:09     907949     e1000g2     16     p     62.146.25.34     80     84.56.16.159     60694     tcp     A
  36     08.05.2006 21:25:42     948502     e1000g2     16     p     84.56.16.159     60693     62.146.25.34     80     tcp     AFP
  37     08.05.2006 21:25:42     948535     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     A
  38     08.05.2006 21:25:54     500051     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
  39     08.05.2006 21:26:54     510046     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
  40     08.05.2006 21:27:54     520041     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
  41     08.05.2006 21:28:54     530040     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
  42     08.05.2006 21:29:54     540039     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
  43     08.05.2006 21:30:54     550039     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
  44     08.05.2006 21:31:54     560041     e1000g2     1     b     62.146.25.34     80     84.56.16.159     60693     tcp     AFP
  "dump_failed.txt":
  No. Time Source Destination Protocol Info
  1 0.000000 192.168.1.101 62.146.25.34 TCP 1079 > http [SYN] Seq=0 Len=0 MSS=1460
  Frame 1 (62 bytes on wire, 62 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 48
  Identification: 0x0269 (617)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xde9d [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 0, Len: 0
  Source port: 1079 (1079)
  Destination port: http (80)
  Sequence number: 0 (relative sequence number)
  Header length: 28 bytes
  Flags: 0x0002 (SYN)
  Window size: 65535
  Checksum: 0x5c3c [correct]
  Options: (8 bytes)
  No. Time Source Destination Protocol Info
  2 0.022698 62.146.25.34 192.168.1.101 TCP http > 1079 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
  Frame 2 (62 bytes on wire, 62 bytes captured)
  Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
  Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 48
  Identification: 0x002f (47)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 50
  Protocol: TCP (0x06)
  Header checksum: 0x2ed8 [correct]
  Source: 62.146.25.34 (62.146.25.34)
  Destination: 192.168.1.101 (192.168.1.101)
  Transmission Control Protocol, Src Port: http (80), Dst Port: 1079 (1079), Seq: 0, Ack: 1, Len: 0
  Source port: http (80)
  Destination port: 1079 (1079)
  Sequence number: 0 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 28 bytes
  Flags: 0x0012 (SYN, ACK)
  Window size: 49368
  Checksum: 0xd017 [correct]
  Options: (8 bytes)
  No. Time Source Destination Protocol Info
  3 0.022749 192.168.1.101 62.146.25.34 TCP 1079 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
  Frame 3 (54 bytes on wire, 54 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0x026a (618)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xdea4 [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
  Source port: 1079 (1079)
  Destination port: http (80)
  Sequence number: 1 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0010 (ACK)
  Window size: 65535
  Checksum: 0x19dc [incorrect, should be 0xbdac]
  No. Time Source Destination Protocol Info
  4 0.022919 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
  Frame 4 (476 bytes on wire, 476 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 462
  Identification: 0x026b (619)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xdcfd [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
  Source port: 1079 (1079)
  Destination port: http (80)
  Sequence number: 1 (relative sequence number)
  Next sequence number: 423 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0018 (PSH, ACK)
  Window size: 65535
  Checksum: 0x1b82 [incorrect, should be 0xcda5]
  Hypertext Transfer Protocol
  No. Time Source Destination Protocol Info
  5 3.013084 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
  Frame 5 (476 bytes on wire, 476 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 462
  Identification: 0x0276 (630)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xdcf2 [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
  Source port: 1079 (1079)
  Destination port: http (80)
  Sequence number: 1 (relative sequence number)
  Next sequence number: 423 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0018 (PSH, ACK)
  Window size: 65535
  Checksum: 0x1b82 [incorrect, should be 0xcda5]
  SEQ/ACK analysis
  Hypertext Transfer Protocol
  No. Time Source Destination Protocol Info
  6 9.029003 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
  Frame 6 (476 bytes on wire, 476 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 462
  Identification: 0x027f (639)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xdce9 [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
  Source port: 1079 (1079)
  Destination port: http (80)
  Sequence number: 1 (relative sequence number)
  Next sequence number: 423 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0018 (PSH, ACK)
  Window size: 65535
  Checksum: 0x1b82 [incorrect, should be 0xcda5]
  SEQ/ACK analysis
  Hypertext Transfer Protocol
  No. Time Source Destination Protocol Info
  7 21.060827 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
  Frame 7 (476 bytes on wire, 476 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 462
  Identification: 0x0284 (644)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xdce4 [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
  Source port: 1079 (1079)
  Destination port: http (80)
  Sequence number: 1 (relative sequence number)
  Next sequence number: 423 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0018 (PSH, ACK)
  Window size: 65535
  Checksum: 0x1b82 [incorrect, should be 0xcda5]
  SEQ/ACK analysis
  Hypertext Transfer Protocol
  No. Time Source Destination Protocol Info
  8 35.561984 192.168.1.101 62.146.25.34 TCP 1079 > http [FIN, ACK] Seq=423 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
  Frame 8 (54 bytes on wire, 54 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0x029a (666)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xde74 [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 423, Ack: 1, Len: 0
  Source port: 1079 (1079)
  Destination port: http (80)
  Sequence number: 423 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0011 (FIN, ACK)
  Window size: 65535
  Checksum: 0x19dc [incorrect, should be 0xbc05]
  "dump_success.txt":
  No. Time Source Destination Protocol Info
  1 0.000000 192.168.1.101 62.146.25.34 TCP 1083 > http [SYN] Seq=0 Len=0 MSS=1460
  Frame 1 (62 bytes on wire, 62 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 48
  Identification: 0x02a3 (675)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xde63 [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 0, Len: 0
  Source port: 1083 (1083)
  Destination port: http (80)
  Sequence number: 0 (relative sequence number)
  Header length: 28 bytes
  Flags: 0x0002 (SYN)
  Window size: 65535
  Checksum: 0x70ca [correct]
  Options: (8 bytes)
  No. Time Source Destination Protocol Info
  2 0.020553 62.146.25.34 192.168.1.101 TCP http > 1083 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
  Frame 2 (62 bytes on wire, 62 bytes captured)
  Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
  Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 48
  Identification: 0x006b (107)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 50
  Protocol: TCP (0x06)
  Header checksum: 0x2e9c [correct]
  Source: 62.146.25.34 (62.146.25.34)
  Destination: 192.168.1.101 (192.168.1.101)
  Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 0, Ack: 1, Len: 0
  Source port: http (80)
  Destination port: 1083 (1083)
  Sequence number: 0 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 28 bytes
  Flags: 0x0012 (SYN, ACK)
  Window size: 49368
  Checksum: 0xb530 [correct]
  Options: (8 bytes)
  No. Time Source Destination Protocol Info
  3 0.020599 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
  Frame 3 (54 bytes on wire, 54 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0x02a4 (676)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xde6a [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
  Source port: 1083 (1083)
  Destination port: http (80)
  Sequence number: 1 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0010 (ACK)
  Window size: 65535
  Checksum: 0x19dc [incorrect, should be 0xa2c5]
  No. Time Source Destination Protocol Info
  4 0.020746 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
  Frame 4 (476 bytes on wire, 476 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 462
  Identification: 0x02a5 (677)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xdcc3 [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
  Source port: 1083 (1083)
  Destination port: http (80)
  Sequence number: 1 (relative sequence number)
  Next sequence number: 423 (relative sequence number)
  Acknowledgement number: 1 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0018 (PSH, ACK)
  Window size: 65535
  Checksum: 0x1b82 [incorrect, should be 0xb2be]
  Hypertext Transfer Protocol
  No. Time Source Destination Protocol Info
  5 0.071290 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=1 Ack=423 Win=49368 Len=0
  Frame 5 (60 bytes on wire, 60 bytes captured)
  Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
  Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0x006c (108)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 50
  Protocol: TCP (0x06)
  Header checksum: 0x2ea3 [correct]
  Source: 62.146.25.34 (62.146.25.34)
  Destination: 192.168.1.101 (192.168.1.101)
  Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 0
  Source port: http (80)
  Destination port: 1083 (1083)
  Sequence number: 1 (relative sequence number)
  Acknowledgement number: 423 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0010 (ACK)
  Window size: 49368
  Checksum: 0xe046 [correct]
  No. Time Source Destination Protocol Info
  6 0.075838 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 200 OK (text/html)
  Frame 6 (413 bytes on wire, 413 bytes captured)
  Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
  Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 399
  Identification: 0x006d (109)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 50
  Protocol: TCP (0x06)
  Header checksum: 0x2d3b [correct]
  Source: 62.146.25.34 (62.146.25.34)
  Destination: 192.168.1.101 (192.168.1.101)
  Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 359
  Source port: http (80)
  Destination port: 1083 (1083)
  Sequence number: 1 (relative sequence number)
  Next sequence number: 360 (relative sequence number)
  Acknowledgement number: 423 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0018 (PSH, ACK)
  Window size: 49368
  Checksum: 0x29b8 [correct]
  Hypertext Transfer Protocol
  Line-based text data: text/html
  No. Time Source Destination Protocol Info
  7 0.095473 192.168.1.101 62.146.25.34 HTTP GET /favicon.ico HTTP/1.1
  Frame 7 (407 bytes on wire, 407 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 393
  Identification: 0x02aa (682)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xdd03 [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 423, Ack: 360, Len: 353
  Source port: 1083 (1083)
  Destination port: http (80)
  Sequence number: 423 (relative sequence number)
  Next sequence number: 776 (relative sequence number)
  Acknowledgement number: 360 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0018 (PSH, ACK)
  Window size: 65176
  Checksum: 0x1b3d [incorrect, should be 0x1e0c]
  Hypertext Transfer Protocol
  No. Time Source Destination Protocol Info
  8 0.139786 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=360 Ack=776 Win=49368 Len=0
  Frame 8 (60 bytes on wire, 60 bytes captured)
  Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
  Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0x006e (110)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 50
  Protocol: TCP (0x06)
  Header checksum: 0x2ea1 [correct]
  Source: 62.146.25.34 (62.146.25.34)
  Destination: 192.168.1.101 (192.168.1.101)
  Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 0
  Source port: http (80)
  Destination port: 1083 (1083)
  Sequence number: 360 (relative sequence number)
  Acknowledgement number: 776 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0010 (ACK)
  Window size: 49368
  Checksum: 0xdd7e [correct]
  No. Time Source Destination Protocol Info
  9 0.144850 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 404 Not Found (text/html)
  Frame 9 (464 bytes on wire, 464 bytes captured)
  Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
  Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 450
  Identification: 0x006f (111)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 50
  Protocol: TCP (0x06)
  Header checksum: 0x2d06 [correct]
  Source: 62.146.25.34 (62.146.25.34)
  Destination: 192.168.1.101 (192.168.1.101)
  Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 410
  Source port: http (80)
  Destination port: 1083 (1083)
  Sequence number: 360 (relative sequence number)
  Next sequence number: 770 (relative sequence number)
  Acknowledgement number: 776 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0018 (PSH, ACK)
  Window size: 49368
  Checksum: 0x7a71 [correct]
  Hypertext Transfer Protocol
  Line-based text data: text/html
  No. Time Source Destination Protocol Info
  10 0.269307 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=776 Ack=770 Win=64766 [TCP CHECKSUM INCORRECT] Len=0
  Frame 10 (54 bytes on wire, 54 bytes captured)
  Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
  Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
  Version: 4
  Header length: 20 bytes
  Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
  Total Length: 40
  Identification: 0x02af (687)
  Flags: 0x04 (Don't Fragment)
  Fragment offset: 0
  Time to live: 128
  Protocol: TCP (0x06)
  Header checksum: 0xde5f [correct]
  Source: 192.168.1.101 (192.168.1.101)
  Destination: 62.146.25.34 (62.146.25.34)
  Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 776, Ack: 770, Len: 0
  Source port: 1083 (1083)
  Destination port: http (80)
  Sequence number: 776 (relative sequence number)
  Acknowledgement number: 770 (relative ack number)
  Header length: 20 bytes
  Flags: 0x0010 (ACK)
  Window size: 64766
  Checksum: 0x19dc [incorrect, should be 0x9fbe]

  lev wrote:This performance regression renders openvpn with a tun adapter unusable if client and server use kernel 3.14 .
  Thus I created a bug report: https://bugs.archlinux.org/task/40089
  i actually noticed it to be an "either-or" type of thing; my Windows clients were seeing the same thing coming off a 3.14 openvpn server.
  yeah, weird issue. like i noticed spurts of even-powers-of-2 sized packets
  Client connecting to 10.10.10.6, TCP port 5001
  TCP window size: 416 KByte
  [ 3] local 10.10.10.1 port 40643 connected with 10.10.10.6 port 5001
  [ ID] Interval Transfer Bandwidth
  [ 3] 0.0- 2.0 sec 512 KBytes 2.10 Mbits/sec
  [ 3] 2.0- 4.0 sec 0.00 Bytes 0.00 bits/sec
  [ 3] 4.0- 6.0 sec 0.00 Bytes 0.00 bits/sec
  [ 3] 6.0- 8.0 sec 0.00 Bytes 0.00 bits/sec
  [ 3] 8.0-10.0 sec 128 KBytes 524 Kbits/sec
  [ 3] 10.0-12.0 sec 128 KBytes 524 Kbits/sec
  [ 3] 12.0-14.0 sec 512 KBytes 2.10 Mbits/sec
  [ 3] 14.0-16.0 sec 128 KBytes 524 Kbits/sec
  [ 3] 16.0-18.0 sec 512 KBytes 2.10 Mbits/sec
  [ 3] 18.0-20.0 sec 128 KBytes 524 Kbits/sec
  [ 3] 20.0-22.0 sec 384 KBytes 1.57 Mbits/sec
  [ 3] 22.0-24.0 sec 256 KBytes 1.05 Mbits/sec
  [ 3] 24.0-26.0 sec 512 KBytes 2.10 Mbits/sec
  [ 3] 26.0-28.0 sec 384 KBytes 1.57 Mbits/sec
  [ 3] 28.0-30.0 sec 256 KBytes 1.05 Mbits/sec
  [ 3] 30.0-32.0 sec 128 KBytes 524 Kbits/sec
  [ 3] 32.0-34.0 sec 640 KBytes 2.62 Mbits/sec
  [ 3] 34.0-36.0 sec 384 KBytes 1.57 Mbits/sec
  [ 3] 36.0-38.0 sec 384 KBytes 1.57 Mbits/sec
  [ 3] 38.0-40.0 sec 384 KBytes 1.57 Mbits/sec
  [ 3] 40.0-42.0 sec 128 KBytes 524 Kbits/sec

• Ssh to non-global zone

  Hi,
  I have a Solaris 11.1 T4 server. I created a 'flar' from a Solaris 10 (U7) server and created a Solaris 10 zone on the T4.
  zonecfg has the IP address configured (can't copy and paste) correctly.
  The global zone has net1:1 configured with the IP address, however net1 is 0.0.0.0.
  I can ping the IP address, but attempts to ssh to the address receive the 'connection refused' error.
  On the non-global zone I tried to start ssh unsuccessfully without errors...
  What else am I missing?
  Cheers
  Craig.

  Hi.
  Try connect to zone's console ( zlogin -C ) . Possible zone not fully installed.
  Show result of :
  svcs -xv
  What errors or messages happens when you try start ssh service ?
  Regards.

• After installing 137137-09 patch OK in global zone, bad in non global zone

  Hi all,
  scratching my head with this one.
  Installed 137137-09 fine on Sun Fire V210. Machine has one non global zone running a proxy server (nothing very exciting there!). non global zone has a local filesystem attached, but don't think this is the issue (on my test V210 I created the same sort of filesystem and was unable to replicate the problem :( ).
  So 137137-09 is fine in the global zone (I had the non global zone halted when patch installed) it is also installed in the non global zone (ie, when zone boots it says it's at rev 137137-09 via uname) in the patch log in the non global zone I get this:
  PKG=SUNWust2.v
  Original package not installed.
  pkgadd: ERROR: ERROR: unable to get zone brand: zonecfg_get_brand: No such zone configured
  This appears to be an attempt to install the same architecture and
  version of a package which is already installed. This installation
  will attempt to overwrite this package.
  /usr/local/zones/cotchin/lu/dev/.SUNW_patches_1000109009-1847556-000000d3e42faa84/137137-09/FJSVcpcu/install/checkinstall: /usr/local/zones/cotchin/lu/dev/.SUNW_patches_1000109009-1847556-000000d3e42faa84/137137-09/FJSVcpcu/install/checkinstall: cannot open
  pkgadd: ERROR: checkinstall script did not complete successfully
  Dryrun complete.
  No changes were made to the system.
  I'm not sure if the branding error is causing the checkinstall postpatch script error or if they are not related. There doesn't seem to be any obvious permissions problems that I can find. I have checked that all the pkg and patch patches are up to date on the system. Searching on the brand error gives me a link to a problem with 127127-11, but that was installed on the system before the local zone was created and all the other seemingly appropriate patches (eg: 119254) are all up to date or at a higher revision than recommended.
  I see the same problem on a M5000 which has two non global zones on it.
  Both machines had the Solaris 10 50/08 update bundle applied when it came out,a nd have had recommended patch sets applied at regular intervals since.
  This issue only came to light when trying the latest bundles with 138888-01/02 in it, and those fail to install on the global zones because the non global zone install dies claiming 137137-09 is not installed (which is plainly wrong).
  I've tried to recreate this on a test server but unfortunately everything works as it should, even though the test server has a similar history in terms of patches and original setup to the others.
  I'm planning to try to detatch the non global zone and try an attach -u to see if it will update the patches properly, but I'm not holding out much hope on that one (I need to wait for a mainteiance window when I can take the zone down in a couple of days).
  Any ideas?

  Well, I am following up to my own post it seems I have determined what is causing the problem, or at least situations where the problem can be reproduced which I have been able to do on my test system.
  It seems that if the zone container's zonepath is in /usr (eg: /usr/zones, /usr/local/zones, or some other path under /usr) the patchadd of 137137-09 will fail with the log similar to posted above, and this will stop further kernel patches (eg: 138888-02) being added.
  The test system had everything patched to current and searching the web I can't find any other instances of this being an issue, but I have reproduced this problem on my test machine (which worked OK because it's test zones were in a filesystem mounted as /zones). When I used zoneadd -z <zonename> move to a zone in /usr/local and applied 137137-09 the same problem came up.
  Not sure what is causing this issue.. I imagine it might have to do with some sort of confusion with the patch utilities and the read-only loopback filesystems in the sparse root zone but I can't bs sure.
  Maybe someone at sun will see this and figure out what the deal is :)
  When I moved my test zone back to /zones the patch applied perfectly so it's definitely having it in /usr or /usr/local (I tried both locations, even though they are seperate ufs filesystems on my test server).
  Oh I am running DiskSuite to mirror filesystems on my V210's which may or may not have anything to do with it.
  Hope this helps someone in the future at least!

• Not all non-global zones updated for DST

  We have one server with Solaris 10 and four non-global zones. I installed patch 122032-03 to the global zone and it installed successfull, according to the log. With the DST change on 3/11, TWO of the non-global zones and the global zone updated correctly to daylight time, but the other TWO non-global zone DID NOT. Does anyone know what would cause this?
  I have also tried to manually change the time on the two non-global zones and have not been able to; as root I get the message "not owner"
  ainsworth:hughesm> su -
  Password:
  Sun Microsystems Inc. SunOS 5.10 Generic January 2005
  You have mail.
  # date
  Tue Mar 13 12:02:45 PST 2007
  # date -u
  Tue Mar 13 20:03:16 GMT 2007
  # date
  Tue Mar 13 12:04:31 PST 2007
  # date 0313130007
  date: Not owner
  usage: date [-u] mmddHHMM[[cc]yy][.SS]
  date [-u] [+format]
  date -a [-]sss[.fff]
  Fortunately, these were just test zones. They were set up by a previous admin to be used for pgpftp, so I'm wondering if there are some special configurations for security that is preventing the time change.

  Thanks for replying.
  I rebooted from the global zone. All the zones have the same uptime as the global zone, except one that was rebooted more recently.
  Quick question - how do I tell if it's a sparse zone or full zone?
  One of the zones that the time change worked on:
  $ zdump -v US/Pacific | grep 2007
  US/Pacific Tue Mar 13 22:37:59 2007 UTC = Tue Mar 13 15:37:59 2007 PDT isdst=1
  US/Pacific Sun Mar 11 09:59:59 2007 UTC = Sun Mar 11 01:59:59 2007 PST isdst=0
  US/Pacific Sun Mar 11 10:00:00 2007 UTC = Sun Mar 11 03:00:00 2007 PDT isdst=1
  US/Pacific Sun Nov 4 08:59:59 2007 UTC = Sun Nov 4 01:59:59 2007 PDT isdst=1
  US/Pacific Sun Nov 4 09:00:00 2007 UTC = Sun Nov 4 01:00:00 2007 PST isdst=0
  tsbackup:hughesm> cd /usr/share/lib/zoneinfo; ls -al | grep Pac
  drwxr-xr-x 2 root bin 1024 Jan 19 11:19 Pacific
  cathedral:hughesm> cd /usr/share/lib/zoneinfo; ls -al | grep Pac (the global zone)
  drwxr-xr-x 2 root bin 1024 Jan 19 11:19 Pacific
  One zone that didn't work: (the other one that did not work is the same)
  # zdump -v US/Pacific | grep 2007
  US/Pacific Tue Mar 13 22:45:33 2007 UTC = Tue Mar 13 14:45:33 2007 PST isdst=0
  US/Pacific Sun Apr 1 09:59:59 2007 UTC = Sun Apr 1 01:59:59 2007 PST isdst=0
  US/Pacific Sun Apr 1 10:00:00 2007 UTC = Sun Apr 1 03:00:00 2007 PDT isdst=1
  US/Pacific Sun Oct 28 08:59:59 2007 UTC = Sun Oct 28 01:59:59 2007 PDT isdst=1
  US/Pacific Sun Oct 28 09:00:00 2007 UTC = Sun Oct 28 01:00:00 2007 PST isdst=0
  # uname -a
  SunOS albina 5.10 Generic_118822-02 sun4u sparc SUNW,Ultra-4
  # cd /usr/share/lib/zoneinfo (non-global zone that did not update)
  # ls -al | grep Pac
  drwxr-xr-x 2 root bin 1024 Apr 20 2005 Pacific
  I was thinking of trying to apply the patch within the zone itself, but when I tried smpatch analyze, it didn't list it:
  # smpatch analyze
  120900-04 SunOS 5.10: libzonecfg Patch
  121133-02 SunOS 5.10: zones library and zones utility patch
  119254-27 SunOS 5.10: Install and Patch Utilities Patch
  119574-02 SunOS 5.10: su patch
  121453-02 SunOS 5.10: Sun Update Connection Client Foundation
  121118-08 SunOS 5.10: Sun Update Connection System Client 1.0.8
  121081-05 SunOS 5.10: Connected Customer Agents 1.1.0
  122231-01 SunOS 5.10 Sun Connection agents, transport certificate update
  I attempted to add the patch using smpatch, but I've never run it here before so it's probably not configured right:
  # smpatch update -i 122032-03
  122032-03 cannot be validated.
  com.sun.patchpro.model.PatchProRuntimeException: Unexpected throwable
  at com.sun.patchpro.cli.PatchServices.waitForThread(PatchServices.java:1284)
  at com.sun.patchpro.cli.PatchServices.installPatches(PatchServices.java:1121)
  at com.sun.patchpro.cli.PatchServices.main(PatchServices.java:510)
  Caused by:
  java.lang.Throwable: ERROR: Failed to validate the digital signature(s).
  at com.sun.patchpro.model.PatchProModel$InnerDownloadPatchThread.downloadPatchFailed(PatchProModel.java:2855)
  at com.sun.patchpro.server.GroupPatchDownloader.dispatchFailedEvent(GroupPatchDownloader.java:384)
  at com.sun.patchpro.server.GroupPatchDownloader.downloadPatchFailed(GroupPatchDownloader.java:335)
  at com.sun.patchpro.server.ServerPatchServiceProvider.dispatchFailedEvent(ServerPatchServiceProvider.java:2577
  at com.sun.patchpro.server.ServerPatchServiceProvider.validatePatchBundle(ServerPatchServiceProvider.java:2196
  at com.sun.patchpro.server.ServerPatchServiceProvider.requestDownload(ServerPatchServiceProvider.java:1780)
  at com.sun.patchpro.server.ServerPatchServiceProvider.performDownloadPatches(ServerPatchServiceProvider.java:1
  2)
  at com.sun.patchpro.server.ServerPatchServiceProvider.downloadPatches(ServerPatchServiceProvider.java:860)
  at com.sun.patchpro.server.PatchServerProxy.downloadPatches(PatchServerProxy.java:142)
  at com.sun.patchpro.server.GroupPatchDownloader.downloadPatches(GroupPatchDownloader.java:124)
  at com.sun.patchpro.model.PatchProModel.performPatchDownload(PatchProModel.java:1932)
  at com.sun.patchpro.model.PatchProStateMachine$10.run(PatchProStateMachine.java:526)
  at com.sun.patchpro.util.State.run(State.java:266)
  at java.lang.Thread.run(Thread.java:595)
  So then I attempted to add the patch using patchadd:
  # patchadd 122032-03
  Validating patches...
  Loading patches installed on the system...
  Done!
  Loading patches requested to install.
  Done!
  Checking patches that you specified for installation.
  Done!
  Global patches.
  0 Patch 122032-03 is for global zone only - cannot be installed on local zone.
  No patches to install.
  under /var/sadm/patch/122032-03 on the Global zone, the log shows:
  -rw-r--r-- 1 root root 2666 Jan 19 11:19 log
  This appears to be an attempt to install the same architecture and
  version of a package which is already installed. This installation
  will attempt to overwrite this package.
  WARNING: /usr/share/lib/zoneinfo/Africa/Timbuktu <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Argentina/ComodRivadavia <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Indiana/Indianapolis <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/America/Indianapolis <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Kentucky/Louisville <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/America/Louisville <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/CST6CDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/EST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/EST5EDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/Europe/Belfast <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/HST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/MST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/MST7MDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/PST8PDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/Pacific/Yap <no longer a regular file>
  Dryrun complete.
  No changes were made to the system.
  This appears to be an attempt to install the same architecture and
  version of a package which is already installed. This installation
  will attempt to overwrite this package.
  WARNING: /usr/share/lib/zoneinfo/Africa/Timbuktu <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Argentina/ComodRivadavia <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Indiana/Indianapolis <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/America/Indianapolis <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/America/Kentucky/Louisville <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/America/Louisville <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/CST6CDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/EST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/EST5EDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/Europe/Belfast <no longer a regular file>
  WARNING: /usr/share/lib/zoneinfo/HST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/MST <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/MST7MDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/PST8PDT <no longer a linked file>
  WARNING: /usr/share/lib/zoneinfo/Pacific/Yap <no longer a regular file>
  Installation of <SUNWcsu> was successful.
  On the non-global zones, either there is nothing under /var/sadm/patch or there isn't even a patch directory under /var/sadm. Is there somewhere else to look?
  Thanks.

• Non-global zones & vlan

  I'm in a zoning frenzy now and has created a zone that connects to a vlan interface "ceXXX000". The zone is reachable from within it's subnet but could not route traffic beyond the gateway (which cannot be set). Any ideas? I left the vlan interface as 0.0.0.0 since the global zone does not need to talk in that VLAN.
  Also, while changing the IP of the non-global zone, I missed "zoneadm halt". That resulted in the zone not being able to boot (or do anything). Rebooting recovers the zone(s). Is there anyway to work around that? zoneadmd was running for the zone.
  The machine is b63.

  I'm in a zoning frenzy now and has created a zone that
  connects to a vlan interface "ceXXX000". The zone is
  reachable from within it's subnet but could not route
  traffic beyond the gateway (which cannot be set). Any
  ideas? I left the vlan interface as 0.0.0.0 since
  the global zone does not need to talk in that VLAN.You need to add the default gateway for the zone manually, in the global zone:
  # route add default <gateway> -ifp ceXXX000You can only do this when the zone is in the "ready" state .This is not very convenient, we'll try to improve this in the future (not in the initial release of Solaris 10 though).
  Also, while changing the IP of the non-global zone, I
  missed "zoneadm halt". That resulted in the zone not
  being able to boot (or do anything). Rebooting
  recovers the zone(s). Is there anyway to work around
  that? zoneadmd was running for the zone.Did you change the IP address in the zone configuration (using zonecfg) or directly using ifconfig? There is a known bug when you set the IP address in zonecfg to one that's already configured on another interface (this bug will be fixed in the next Solaris Express release). Otherwise, can you post the output of "pstack" on the zoneadmd process? Thanks.
  Blaise

• Zfs package difference in Global and Non-Global zones

  I have a T2000 hosting many zones. The Global zone and all but one Non-Global zone has 3 zfs packages installed SUNWzfskr, SUNWzfsr, SUNWzfsu). Becuase this one non-global zone is missing the zfs packages, kernel patch 120011-14 also didn't install on that single non-global zone.
  I am curious, can i install SUNWzfskr, SUNWzfsr, SUNWzfsu on the non-global zone that is missing the packages?
  Any ideas how to resolve the kernel patch descrepancy between the global and non-global zone?

  patch 122640-05 installs the SUNWzfskr SUNWzfsr SUNWzfsu packages if they are not already installed on the system.

• Changing process.max-file-descriptor  in non global zone

  Hello Folks,
  I have non global zone.
  i wanted to change process.max-file-descriptor to 8192 so i issued the below command
  projmod -s -K 'process.max-file-descriptor=(basic,8192,deny)' default
  i have rebooted zone, after reboot system is not showing the value as 8192.
  can u someone help me to find out the missed

  # id -p
  uid=0(root) gid=0(root) projid=1(user.root)
  # prctl -P $$ | grep file
  process.max-file-descriptor basic 256 - deny 19452
  process.max-file-descriptor privileged 65536 - deny -
  process.max-file-descriptor system 2147483647 max deny -
  process.max-file-size privileged 9223372036854775807 max deny,signal=XFSZ -
  process.max-file-size system 9223372036854775807 max deny -
  # ulimit -n
  256
  # cat /etc/project | grep file
  default:3::::process.max-file-descriptor=(basic,8192,deny)
  #

• Add tape device to non-global zone

  Hi,
  I have a SCSI attached Ultrium tape device attached and configured against the global zone.
  The /dev/rmt/0* definitions in the global zone are links to ../../devices/pci@2*
  I need to be able to use this tape device from the non-global zones.
  To enable this, I have done the following:
  zonecfg -z <zone name>
  add device
  set match=/dev/rmt/0
  end
  verify
  commit
  exit
  I repeated the above for /dev/rmt/0m and /dev/rmt/0mn
  Then I restarted the zone with the command:
  zoneadm -z <zone name> reboot
  After the reboot, I can see the device when using "mt -f /dev/rmt/0 status", but whenever I try to write a SAP brbackup to the new (initialised and not write protected) tape within the drive I get the following error:
  BR0278E Command output of 'LANG=C cd /oracle/<SID>/sapbackup && /usr/sap/<SID>/SYS/exe/run/brtools -f detach LANG=C cpio -iuvB .tape
  sh: /dev/rmt/0mn: cannot open
  BR0280I BRBACKUP time stamp: 2012-04-04 08.21.41
  BR0279E Return code from 'LANG=C cd /oracle/<SID>/sapbackup && /usr/sap/<SID>/SYS/exe/run/brtools -f detach LANG=C cpio -iuvB .tape.
  BR0359E Restore of /oracle/<SID>/sapbackup/.tape.hdr0 from /dev/rmt/0mn failed due to previous errors
  Have I created the device incorrectly, or does anyone have any ideas what could be the reason the write fails?
  Any help appreciated.
  Edited by: user11329299 on 04-Apr-2012 01:09

  Hi,
  Just to bring you up to speed, I have now fixed the issue.
  The resolution was all within the iniSID.sap file that the backup is using. I have changed a number of parameters within this file:
  1.     tape_copy_cmd = dd (was cpio)
  2.     rewind = "mt     -f $ rew; sleep 30" (was " mt -f $ rew")
  3.     rewind_offline = "mt -f $ offline; sleep 30" (was "mt -f $ offline")
  4.     tape_pos_cmd = "mt -f $ fsf $: sleep 30" (was "mt -f $ fsf $")
  5.     tape_size = 500G (was 18000M)
  After making those changes, the backup started from within DB13. I believe that the main culprit was the tape_copy_cmd, but the others were changed to allow the tape drive time to become online again after any query.