Dear SCO Customer, The enclosed Support Level Supplement (SLS) PTF3280L, the SCO Network Maintenance Supplement for SCO UnixWare, addresses a variety of problems that have been identified in the networking components of SCO UnixWare 2.1.1 and 2.1.2. A list of issues that PTF3280L has corrected follows. Note that an expanded description of each problem is detailed later in this document. The issues that have been addressed are: - Libsocket routines re-setting file descriptor type - DOS emulations on remote systems - ftpd(1m) transfers aborting - NFS clients failing during failover to redundant system - chown & chgrp commands failing on NFS mounted filesystems - TCP/IP client programs producing messages instead of clean failure - Internet applications failing wit "accept: Protocol error' - Memory leak in sockmod - tcp driver allowing divide by zero - Assorted panics on heavily loaded systems, tcp_qdrop, in_broadcast, putnext_l, freeb, iplrput, sockmodwsrv, bcopy - System hangs associated with pressing from rlogin, using UNIX domain sockets and heavy make/break activity on tcp sockets - Printing to remote printers - Slow performance when acting as fileserver to Windows systems - Loss of date on closing UNIX Domain socket - Inaccessible NFS filesystems - Deadlock caused by udp packets with bad checksums - Incorrect output from showmount-e - Oracle 7.3.3 hangs - Deadlock in streams - Panic from sendto() on rawip - fd cache array overflowing - XDM process dies - Truncation of files delivered by CGI-bin scripts - Connection closed failures from rlogin - cpio hanging in remote shell - Incorrect behavior on gateway systems using Class C address - Performance improvement for udp connections. A list of enhancements that have been included in PTF3280L follows. Note that an expanded description of each problem is detailed later in this document. The enhancements that are included are: - Making TCP/IP keep-alive tunable - Added delayed ack functionality - BIND 4.9.6 named/named-xfer - TCP/IP RIP-2 functionality Superseded SLSs ---------------- A list of SLSs superseded by SLS PTF3280L follows: NOTE: PTF3280L can be installed after the SLSs listed below. However, these SLSs should _not_ be installed after PTF3280L has been installed. If any of these SLSs are installed after PTF3280L, the functionality of PTF3280L cannot be guaranteed. PTF3089 - SCO UnixWare NFS Attributes Supplement PTF3107 - Single UNIX Specification Supplement (UnixWare 2.1.1) PTF3120 - TCP/IP RIP-2 Supplement PTF3123B - Networking Maintenance Supplement (UnixWare 2.1.1) PTF3165 - High Volume rlogin Sessions Supplement PTF3241 - rpcbind Supplement Issues addressed ---------------- SLS PTF3280L addresses these problems: 1. Routines in libsocket fail to reset the file descriptor type after closing a file/device. As a result, upon re-allocation of the same file descriptor, failures may occur on functions with file-type specific behavior. For example, functions that read or write sockets may fail if the file descriptor in use was previously allocated for a regular or other non-socket type file. 2. A DOS emulation cannot be executed on a remote system. After starting an interactive shell on a remote system using xterm(1), executing the dos(1) command to run the DOS emulation on the remote system will fail and may produce a core dump. 3. An ftpd(1m) transfer may abort and produce an error indicating that a socket operation was attempted on a non-socket device. This problem is one manifestation of the problem described above in number 1. This specific problem has been found and reported multiple times. This separate problem description is included to emphasize that this SLS addresses the ftpd problem. 4. During a failover to the redundant system, NFS clients using NFS-mounted filesystems may fail with this error message: NFS 151 Error The failing process will not continue and data corruption may result. 5. For files on NFS-mounted filesystems, the chown(1) and chgrp(1) commands will fail. When executed as the "root" user, chown makes "root" the file owner no matter what owner is specified on the command line. The chgrp command will not change the file group value no matter which user executes the command. 6. A TCP/IP client program, failing to reconnect on an endpoint on which a disconnect request has been sent, continuously produces messages from the server system instead of failing with a T_DISCONNECT status. 7. An Internet application may fail with this message: accept: Protocol error Server processes requesting many disconnects may produce this error. 8. Socket device driver code (sockmod) allows memory leakage. 9. TCP device driver code (tcp) allows division by zero, which may lead to a system PANIC. 10. A number of PANICs have been seen on heavily loaded systems: PANIC in tcp_qdrop() when referencing a NULL pointer PANIC in in_broadcast() PANIC in putnext_l() PANIC in freeb() called from strgetmsg() PANIC in iplrput() PANIC in sockmodwsrv() PANIC in bcopy() when called by icmp_error() 11. System Hangs: Pressing from an rlogin connection causes an MP system to hang. Using UNIX domain sockets can cause the system to hang. When there are a lot of TCP/IP connections being made or broken, the system can appear to hang. You can still ping the system but no new connections can be made and no console input is accepted. 12. When printing to a network printer using lpd, printing can stop if the printer runs out of paper and is power-cycled. 13. If the UnixWare system is acting as a fileserver to Windows systems that are using Microsoft Access, and the transport is set to NetBIOS, loading a database from the server is very slow - much slower than if the transport is set to NetBEUI. 14. When using UNIX Domain Sockets, data written to a socket will be lost if the socket is immediately closed after the write. This can also be seen as SO_LINGER not working on UNIX Domain sockets. 15. Filesystems shared over NFS are inaccessible. This is seen if the NFS client is a UnixWare 1.14 system, but has also been seen from other operating systems. This problem is seen as a rpcbind failure on the client system. 16. There is potential for a deadlock situation if a udp packet is received with a bad checksum. 17. showmount -e shows everything exported to everybody. If you share a resource and restrict the read/write list, showmount will say 'everyone' can access the share. For example: # share -F nfs -o rw=client /tmp # showmount -e export list for server: /tmp (everyone) with PTF3280L installed: # showmount -e export list for server: /tmp client 18. Oracle 7.3.3 can hang recv(), recv() should return 0 when no messages are available to be received and the peer has performed an orderly shutdown. However, on versions of libsocket that exhibit this problem, the first call to recv() will return 0, but a subsequent call will sleep in getmsg(). Enhancements ------------ 1. The TCPIP keep-alive values are now tunable in: /etc/conf/pack.d/tcp/space.c Here is an excerpt from the space.c file that explains this: /* * If a connection is idle (no segments received) for * TCP_TV_KEEP_INIT amount of time, but not yet established, * then we drop the connection. Once the connection is * established, if the connection is idle for TCP_TV_KEEP_IDLE * time (and keepalives have been enabled on the socket), we * begin to probe the connection. We force the peer to send * us a segment by sending: * * This segment is (deliberately) outside the window, and should * elicit an ack segment in response from the peer. If we did not * get a response to the first probe we will send a maximum of * TCP_TV_KEEPCNT probes at TCP_TV_KEEPINTVL intervals. If, despite * the keepalive initiated segments we cannot elicit a response * from the peer, drop the connection after TCP_TV_KEEPCNT probes. * * NOTE: Changing any these default settings impacts all * TCP/IP Services and is NOT RECOMMENDED. * * If these values are changed, the UnixWare kernel must be rebuilt * to incorporate these changes. To do this, execute the following * command as "root": * * /etc/conf/bin/idbuild -B * * After this command is done, a system reboot will be needed to * install the new kernel. */ #define TCP_TV_KEEP_INIT 75 /* represented in seconds */ #define TCP_TV_KEEP_IDLE 120 /* represented in minutes */ #define TCP_TV_KEEPCNT 8 /* keep alive probe count */ #define TCP_TV_KEEPINTVL 75 /* represented in seconds */ short tcp_tv_keep_init = (TCP_TV_KEEP_INIT * PR_SLOWHZ); int tcp_keepidle = (TCP_TV_KEEP_IDLE * 60 * PR_SLOWHZ); int tcp_tv_keepcnt = TCP_TV_KEEPCNT; int tcp_keepintvl = (TCP_TV_KEEPINTVL * PR_SLOWHZ); 2. Added delayed ack functionality is tunable in /etc/conf/pack.d/tcp/space.c To enable delayed acks, edit the space.c and set: int delayed_acks = 1; To disable delayed acks, edit the space.c and set: int delayed_acks = 0; Setting the delayed_acks option will cause TCP/IP not to send a packet just containing an ACK in response to an incoming packet. TCP/IP will start a timer and send the ACK when the time expires. It does this as it expects data to be sent out and in that case, it will piggy-back the ACK onto the outgoing data and clear the timer. 3. SLS PTF3280L includes BIND 4.9.6 named/named-xfer and associated binaries. They have been released to address the security problems documented in the recent CERT advisory. Note that BIND 4.9.6 is more particular about the contents of your zone files and will stop errors missed by older versions of named. Refer to the BIND operators guide (BIND-OP-Guide.ps) found in /var/adm. If you rely on SCCS to generate your SOA serial numbers, make sure you read section 6.5.3, as things may no longer work as you expect. Start by deploying 4.9.6 on any primaries you manage, then check syslog (or osmlog) for any named warnings. Clean up your zone files, then 'more' 4.9.6 out onto the other name servers you maintain. The BIND homepage is located at: http://www.isc.org/bind.html 4. TCP/IP RIP-2 SLS PTF3280L contains TCP/IP RIP-2 functionality. This allows subnets to be used in routing policy decisions. This enables different subnet masks to be used on physically connected networks and allows packets to be successfully routed between different parts of the network. Most computer internetworks use the same class of addressing, with an implicit netmask, depending only on the class of the network address used. This limits the physical number of connections that can be made to such a network, and if physical space is limited it can cause a shortage of network addresses to occur. One way to avoid this shortage is to split a network into subnets of the same class of addresses. This allows several subnets to be used as the primary allocation method for network addresses. The maximum number of physical network addresses available within one of these subnets can be chosen by careful planning when designing the subnet layout. The physical number is limited by the number of bits used in the subnet mask. A full discussion of the routing choice and setup is beyond the scope of this text. However, this topic is covered in most reference materials on network management. Contents -------- /etc/conf/pack.d/icmp/Driver_atup.o /etc/conf/pack.d/icmp/Driver_mp.o /etc/conf/pack.d/inet/Driver_atup.o /etc/conf/pack.d/inet/Driver_mp.o /etc/conf/pack.d/io/Driver_atup.o /etc/conf/pack.d/io/Driver_mp.o /etc/conf/pack.d/ip/Driver_atup.o /etc/conf/pack.d/ip/Driver_mp.o /etc/conf/pack.d/krpc/Driver_atup.o /etc/conf/pack.d/krpc/Driver_mp.o /etc/conf/pack.d/nfs/Driver_atup.o /etc/conf/pack.d/nfs/Driver_mp.o /etc/conf/pack.d/sockmod/Driver_atup.o /etc/conf/pack.d/sockmod/Driver_mp.o /etc/conf/pack.d/specfs/Driver_atup.o /etc/conf/pack.d/specfs/Driver_mp.o /etc/conf/pack.d/tcp/Driver_atup.o /etc/conf/pack.d/tcp/Driver_mp.o /etc/conf/pack.d/tcp/space.c /etc/conf/pack.d/udp/Driver_atup.o /etc/conf/pack.d/udp/Driver_mp.o /usr/lib/libsocket.so /usr/lib/tcpip.so /usr/lib/resolv.so /usr/lib/libsocket.so.1 /usr/lib/libsocket.so.2 /usr/lib/nfs/mountd /usr/sbin/rpcbind /usr/sbin/named-xfer /usr/sbin/dig /usr/sbin/nslookup /usr/sbin/in.named /usr/lib/nslookup.help /var/adm/BIND-OP-Guide.ps Software Notes and Recommendations ---------------------------------- PTF3280L should only be installed on these releases: SCO UnixWare Personal Edition Release 2.1.1, 2.1.2 SCO UnixWare Application Server Release 2.1.1, 2.1.2 PTF3280L should be removed prior to installing the osmp package and then re-installed afterwards. Installation Instructions ------------------------- 1. Become root and create a new directory by typing the following: $ su Password: # mkdir /tmp/pkg # chmod 700 /tmp/pkg # cd /tmp/pkg 2. Download the ptf3280l.Z and the ptf3280l.txt files to the newly created /tmp/pkg directory on your machine. 3. Read the Release Notes contained in the ptf3280l.txt file. 4. Uncompress the file by typing: # uncompress /tmp/pkg/ptf3280l.Z 5. Enter run-level 1 by typing: # shutdown -i1 6. Add the package to your system by using the pkgadd command: # pkgadd -d /tmp/pkg/ptf3280l Note: A system reboot is required following installation of SLS PTF3280L. Removal Instructions -------------------- 1. Become root by typing these commands: $ su Password: 2. Enter run-level 1 by typing: # shutdown -i1 3. Remove the package from your system by using the pkgrm command: # pkgrm ptf3280l Note: A system reboot is required following removal of SLS PTF3280L. If you have questions regarding this SLS, or the product on which it is installed, please contact your software supplier. We appreciate your business. SCO Support Services