Patch Name: PHNE_10469 Patch Description: s700 10.16 BLS (CMW) cumulative patch Creation Date: 97/04/21 Post Date: 97/04/28 Hardware Platforms - OS Releases: s700: 10.16 Products: N/A Filesets: OS-Core.CORE-KRN BLS.BLS-CORE Networking.NET-KRN Networking.NET-PRG Automatic Reboot?: Yes Status: General Superseded Critical: Yes PHNE_10469: PANIC ARPA network panic in connect system call Path Name: /hp-ux_patches/s700/10.X/PHNE_10469 Symptoms: PHNE_10469: ARPA network panic in connect system call. PHNE_10159: Cannot set hp_syn_protect using nettune. PHNE_9987: A SYN attack can result in Denial Of Service (DOS) to legitimate users. This kernel patch PHNE_9987 is dependent upon patch PHCO_8449. You must first install patch PHCO_8449. PHNE_8071: PHCO_8449 is the first part for WWW/VV performance fix. The description is for both PHCO_8449 AND PHNE_8071: * When running WWW or Virtual Vault (VV) on CMW, it can generate network traffic such that within a short period of time, most network connect requests will either be reset or denied due to lack of kernel memory resulting in a total lack of service. Eventually, the problem will correct itself as network connect requests decrease, other system activity will replenish the kernel memory area, although not completely. * The problem occurs on the system that is accepting connections and may manifest itself in many forms. The problem is caused by the kernel memory allocator not being able to satisfy memory requests from interrupt contexts. Defect Description: PHNE_10469: An application using the socket API can corrupt the TCP hash chains causing the system to panic. PHNE_10159: nettune cannot be used to adjust so_qlimit_max, so_qlimit_min, and hp_syn_protect. PHNE_9987: A SYN attack can result in Denial Of Service (DOS) to legitimate users. PHNE_8071: The description is for both PHCO_8449 AND PHNE_8071: * The performance fix includes kernel header files, kernel source code and command kmstat(1M) and m6d(1M). The patch PHNE_8071 includes only the kernel part fix. The command fix in in PHCO_8449 fix. * The fix modified the memory allocator algorithm, incorporated WWW performance related fixes in PHNE_7324 (HP-UX 10.01). Additional changes were also made in MaxSix networking area. SR: 4701349753 Patch Files: /usr/conf/netinet/in_pcb.h /usr/conf/netinet/tcp_var.h /usr/conf/h/sec_alloc.h /usr/conf/h/scs_rec.h /usr/include/sys/scs_rec.h /usr/include/sys/sec_alloc.h /usr/include/netinet/in_pcb.h /usr/include/netinet/tcp_var.h /usr/conf/lib/libhp-ux.a(security.o) /usr/conf/lib/libhp-ux.a(init_main.o) /usr/conf/lib/libhp-ux.a(nm_tune.o) /usr/conf/lib/libinet.a(tcp_usrreq.o) /usr/conf/lib/libinet.a(tcp_subr.o) /usr/conf/lib/libinet.a(tcp_input.o) /usr/conf/lib/libinet.a(in_pcb.o) /usr/conf/lib/libsec.a(sec_tnet.o) /usr/conf/lib/libsec.a(sec_alloc.o) /usr/conf/lib/libuipc.a(uipc_socket.o) /usr/conf/lib/libuipc.a(uipc_socket2.o) what(1) Output: /usr/conf/netinet/in_pcb.h: 10 1.9 kern/netinet/in_pcb.h, hpuxsysinet, hpux_ml pmp, mlpmp23 08/01/96 09:58:14, Hewlett-Pack ard ISSL */ in_pcb.h 7.3 (Berkeley) 6/29/88 plus MULTICAS T 1.0 kern/netinet/in_pcb.h, hpuxsysinet, hpux_mlpmp, mlpm p23 $Date: 97/04/16 13:51:25 $Revision: 1.9 PATCH_10.16 (PHNE_8071) /usr/include/netinet/in_pcb.h: 10 1.9 kern/netinet/in_pcb.h, hpuxsysinet, hpux_ml pmp, mlpmp23 08/01/96 09:58:14, Hewlett-Pack ard ISSL */ in_pcb.h 7.3 (Berkeley) 6/29/88 plus MULTICAS T 1.0 kern/netinet/in_pcb.h, hpuxsysinet, hpux_mlpmp, mlpm p23 $Date: 97/04/16 13:51:25 $Revision: 1.9 PATCH_10.16 (PHNE_8071) /usr/conf/h/scs_rec.h: 67 1.22 kern/h/scs_rec.h, m6co_sysheaders, hpux_ml pmp, mlpmp23 08/01/96 09:56:07, Hewlett-Pack ard ISSL */ kern/h/scs_rec.h, m6co_sysheaders, hpux_mlpmp, mlpmp 23 $Date: 97/04/1613:46:08 $Revision: 1.22 P ATCH_10.16 (PHNE_8071) /usr/include/sys/scs_rec.h: 67 1.22 kern/h/scs_rec.h, m6co_sysheaders, hpux_ml pmp, mlpmp23 08/01/96 09:56:07, Hewlett-Pack ard ISSL */ kern/h/scs_rec.h, m6co_sysheaders, hpux_mlpmp, mlpmp 23 $Date: 97/04/1613:46:08 $Revision: 1.22 P ATCH_10.16 (PHNE_8071) /usr/conf/h/sec_alloc.h: kern/h/sec_alloc.h, sysmisc, hpux_mlpmp, mlpmp23 $Da te: 97/04/16 13:46:06 $Revision: 1.10 PATCH_ 10.16 (PHNE_8071) 77 1.10 kern/h/sec_alloc.h, sysmisc, hpux_mlpmp, m lpmp23 08/01/96 09:56:06, Hewlett-Packard IS SL */ /usr/include/sys/sec_alloc.h: kern/h/sec_alloc.h, sysmisc, hpux_mlpmp, mlpmp23 $Da te: 97/04/16 13:46:06 $Revision: 1.10 PATCH_ 10.16 (PHNE_8071) 77 1.10 kern/h/sec_alloc.h, sysmisc, hpux_mlpmp, m lpmp23 08/01/96 09:56:06, Hewlett-Packard IS SL */ /usr/conf/netinet/tcp_var.h: 35 1.18 kern/netinet/tcp_var.h, hpuxsysinet, hpux_ mlpmp, mlpmp23 08/01/96 09:58:12, Hewlett-Pa ckard ISSL */ tcp_var.h 7.8 (Berkeley) 6/29/88 kern/netinet/tcp_var.h, hpuxsysinet, hpux_mlpmp, mlp mp23 $Date: 97/04/16 13:45:37 $Revision: 1.1 8 PATCH_10.16 (PHNE_8071) /usr/include/netinet/tcp_var.h: 35 1.18 kern/netinet/tcp_var.h, hpuxsysinet, hpux_ mlpmp, mlpmp23 08/01/96 09:58:12, Hewlett-Pa ckard ISSL */ tcp_var.h 7.8 (Berkeley) 6/29/88 kern/netinet/tcp_var.h, hpuxsysinet, hpux_mlpmp, mlp mp23 $Date: 97/04/16 13:45:37 $Revision: 1.1 8 PATCH_10.16 (PHNE_8071) /usr/conf/lib/libinet.a(in_pcb.o): kern/netinet/in_pcb.c, hpuxsysinet, hpux_mlpmp, mlpm p24 $Date: 97/04/16 15:18:22 $ $Revision: 1. 27.1.2 PATCH_10.16 (PHNE_10469) $ /usr/conf/lib/libhp-ux.a(init_main.o): kern/sys/init_main.c, hpuxsysinit, hpux_mlpmp, mlpmp 23 $Date: 97/04/1613:45:44 $Revision: 1.20 P ATCH_10.16 (PHNE_8071) /usr/conf/lib/libhp-ux.a(nm_tune.o): kern/netinet/nm_tune.c, hpuxsysinet, hpux_mlpmp, mlp mp23 $Date: 97/04/16 13:45:46 $ $Revision: 1 .9.1.1 PATCH_10.16 (PHNE_10159) $ /usr/conf/lib/libsec.a(sec_alloc.o): kern/sec/sec_alloc.c, sysmisc, hpux_mlpmp, mlpmp23 $ Date: 97/04/16 13:46:06 $Revision: 1.33 PATC H_10.16 (PHNE_8071) kern/sec/include_sec, sysmisc, hpux_mlpmp, mlpmp23 $ Date: 97/04/16 13:46:04 $Revision: 1.10.1.1 PATCH_10.16 (PHKL_8238) /usr/conf/lib/libsec.a(sec_tnet.o): kern/sec/sec_tnet.c, m6co_kernel, hpux_mlpmp, mlpmp2 3 $Date: 97/04/16 13:46:11 $Revision: 1.86 P ATCH_10.16 (PHNE_8071) kern/sec/include_sec, sysmisc, hpux_mlpmp, mlpmp23 $ Date: 97/04/16 13:46:04 $Revision: 1.10.1.1 PATCH_10.16 (PHKL_8238) /usr/conf/lib/libhp-ux.a(security.o): kern/debug/security.c, sysmisc, hpux_mlpmp, mlpmp23 $Date: 97/04/16 13:49:19 $Revision: 1.3 PATC H_10.16 (PHNE_8071) /usr/conf/lib/libinet.a(tcp_input.o): kern/netinet/tcp_input.c, hpuxsysinet, hpux_mlpmp, m lpmp23 $Date: 97/04/16 13:45:41 $Revision: 1 .35 PATCH_10.16 (PHNE_8071) /usr/conf/lib/libinet.a(tcp_subr.o): kern/netinet/tcp_subr.c, hpuxsysinet, hpux_mlpmp, ml pmp23 $Date: 97/04/16 13:45:41 $Revision: 1. 20 PATCH_10.16 (PHNE_8071) /usr/conf/lib/libinet.a(tcp_usrreq.o): kern/netinet/tcp_usrreq.c, hpuxsysinet, hpux_mlpmp, mlpmp23 $Date: 97/04/16 13:45:55 $Revision: 1.23 PATCH_10.16 (PHNE_8071) /usr/conf/lib/libuipc.a(uipc_socket.o): kern/sys/uipc_socket.c, hpuxsysuipc, hpux_mlpmp, mlp mp24 $Date: 97/04/16 15:18:23 $ $Revision: 1 .39.1.2 PATCH_10.16 (PHNE_10469) $ /usr/conf/lib/libuipc.a(uipc_socket2.o): kern/sys/uipc_socket2.c, hpuxsysuipc, hpux_mlpmp, ml pmp23 $Date: 97/04/16 13:45:45 $ $Revision: 1.15.1.1 PATCH_10.16 (PHNE_9987) $ cksum(1) Output: 593132748 15113 /usr/conf/netinet/in_pcb.h 766708998 13630 /usr/conf/h/scs_rec.h 4200027553 13438 /usr/conf/h/sec_alloc.h 3307417839 13437 /usr/conf/netinet/tcp_var.h 766708998 13630 /usr/include/sys/scs_rec.h 4200027553 13438 /usr/include/sys/sec_alloc.h 593132748 15113 /usr/include/netinet/in_pcb.h 3307417839 13437 /usr/include/netinet/tcp_var.h 2050462456 12696 /usr/conf/lib/libinet.a(in_pcb.o) 2932391809 17044 /usr/conf/lib/libhp-ux.a(init_main.o) 1783293389 10096 /usr/conf/lib/libhp-ux.a(nm_tune.o) 2537162876 14664 /usr/conf/lib/libsec.a(sec_alloc.o) 217854420 44296 /usr/conf/lib/libsec.a(sec_tnet.o) 542468793 148976 /usr/conf/lib/libhp-ux.a(security.o) 195625032 21520 /usr/conf/lib/libinet.a(tcp_input.o) 434703893 10136 /usr/conf/lib/libinet.a(tcp_subr.o) 2947367051 10240 /usr/conf/lib/libinet.a(tcp_usrreq.o) 646362503 26928 /usr/conf/lib/libuipc.a(uipc_socket.o) 324130076 16340 /usr/conf/lib/libuipc.a(uipc_socket2.o) Patch Conflicts: None Patch Dependencies: s700: 10.16: PHCO_8449 Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_8071 PHNE_9987 PHNE_10159 Equivalent Patches: PHNE_10470: s800: 10.16 Patch Package Size: 520 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_10469 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_10469.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_10469.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_10469. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_10469.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_10469.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Must install PHCO_8449 (replacement of PHCO_7524) before installing PHNE_10469. WARNING: The commands patch, PHCO_8449 and the corresponding kernel patches, PHNE_10469, are dependent upon one another. The system *will not work* with just one of the two patches installed - both kernel and command patches must be installed or the RESULTING SYSTEM WILL BE UNUSABLE.