TCP/IP Connections to and from Low Numbered Ports Occasionally Hang (Solaris, IPSEC) (Doc ID 1012141.1)

Last updated on JULY 29, 2016

Applies to:

Solaris Operating System - Version 10 3/05 and later
All Platforms

Symptoms

User applications which use RPC(remote procedure call) or specifically bind to available low number ports, suffer from intermittent connection failures.

Example applications in this category include NFS, Veritas Netbackup, rsh, rcp, "all the RSHELL commands"

Changes

 First, check all entries in /etc/inet/ipsecinit.conf for rules applying to services using privileged ports between 512 and 1023 (also any defined in ndd /dev/tcp tcp_extra_priv_ports).

 [ Also check whether ipsecesp and ipsecah are present in the kernel (use modinfo -l), if they are not then you have a different problem. ]

Verify that the services listed in ipsecinit.conf are indeed in use on the system by checking /etc/inetd.conf and netstat -an for listeners.  If there is a listener then the above mentioned (casual users of low port numbers) programs will not be allowed to bind to the port as it is already in use.  This means they will never have their connections unexpectedly intercepted by ipsec, i.e. you will not see this problem.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms