How to Compare Trusted Network Database <meta http-equiv="refresh" content="0;url='http://www.oracle.com/pls/topic/lookup?ctx=solaris11'"> Information With the Kernel Cache (Solaris Trusted Extensions Administrator's Procedures)

Solaris Trusted Extensions Administrator's Procedures

How to Compare Trusted Network Database Information With the Kernel Cache

The network databases might contain information that is not cached in the kernel. This procedure checks that the information is identical. When you use the Solaris Management Console to update the network, the kernel cache is updated with network database information. The tninfo command is useful during testing and for debugging.

Before You Begin

You must be in the global zone in a role that can check network settings. The Security Administrator role and the System Administrator role can check these settings.

In a terminal window, run the tninfo command.
- tninfo -h hostname displays the IP address and template for the specified host.
- tninfo -t templatename displays the following information:
  template: template-name host_type: either CIPSO or UNLABELED doi: 1 min_sl: minimum-label hex: minimum-hex-label max_sl: maximum-label hex:maximum-hex-label
- tninfo -m zone-name displays the multilevel port (MLP) configuration of a zone.

Example 19–16 Displaying Multilevel Ports on a Host

In this example, a system is configured with several labeled zones. All zones share the same IP address. Some zones are also configured with zone-specific addresses. In this configuration, the TCP port for web browsing, port 8080, is an MLP on a shared interface in the public zone. The administrator has also set up telnet, TCP port 23, to be an MLP in the public zone. Because these two MLPs are on a shared interface, no other zone, including the global zone, can receive packets on the shared interface on ports 8080 and 23.

In addition, the TCP port for ssh, port 22, is a per-zone MLP in the public zone. The public zone's ssh service can receive any packets on its zone-specific address within the address's label range.

The following command shows the MLPs for the public zone:

$ tninfo -m public
private: 22/tcp
shared:  23/tcp;8080/tcp

The following command shows the MLPs for the global zone. Note that ports 23 and 8080 cannot be MLPs in the global zone because the global zone shares the same address with the public zone:

$ tninfo -m global
private: 111/tcp;111/udp;514/tcp;515/tcp;631/tcp;2049/tcp;
         6000-6003/tcp;38672/tcp;60770/tcp;
shared:  6000-6003/tcp