The Trusted Solaris tools and commands described in this section can help you debug networking problems. For information on the commands, refer to the appropriate man pages. See also "Managing Computers and Networks" in Trusted Solaris Administrator's Procedures. In addition, standard network debugging commands such as snoop(1M), ipcs(1), and netstat(1M) are available in the Trusted Solaris environment.
To get security information for the source, destination, and gateway hosts in the transmission, use tninfo(1M). You can check
whether the information that the kernel is caching is correct. This command is intended to be run at ADMIN_HIGH
and effective user ID 0. These restrictions can be overridden by the file_mac_read, sys_trans_label, and file_dac_read privileges. Use tninfo as follows:
tninfo -h [hostname ] displays the IP Address, port, and template for all hosts or the given host.
tninfo -t [ templatename ] displays the following information for all templates or the given template: host type, minimum label (in label and hex format), maximum label (in label and hex format), allowed privileges, and IP label type (RIPSO, CIPSO, or none).
tninfo -k displays kernel statistics: number of host accreditation check failures, number of network accreditation check failures, and memory allocation statistics.
To change or check network security information, use the SMC tools to access the tnrhtp, tnrhdb, and tnidb files. If you are not using the NIS+ tables for networking, these changes will take place immediately after you exit from SMC. If you are using NIS+ tables, then the changes will take place when the network daemon next polls the databases. The default is 2 seconds. Rebooting the system also puts the changes into effect. If you want to manually effect the change, you use the tnctl(1M) with the -p option on the host that needs the updated information.
To collect debugging information from the network daemon while the network is running, use tnctl(1M) with the -d option. Debugging data is written by default to the file /var/tsol/tndlog. Search the log file for failures and other symptoms of problems.
To check TSIX transmissions, use tokmapd with the -d option (or tokmapctl -d) to create a log and choose an appropriate debugging level. Debugging data is written by default to the file /var/tsol/tokmapdlog. Use snoop(1M) to make sure that both source and destination can transmit tokens.