Patch Name: PHNE_11985 Patch Description: s700 10.10 ARPA Transport cumulative patch Creation Date: 97/07/29 Post Date: 97/08/05 Hardware Platforms - OS Releases: s700: 10.10 Products: N/A Filesets: OS-Core.CORE-KRN Networking.NET-KRN Networking.NET-RUN Automatic Reboot?: Yes Status: General Superseded Critical: Yes PHNE_11985: PANIC PHNE_10902: PANIC PHNE_10484: PANIC PHNE_9104: PANIC PHNE_9034: PANIC PHNE_8063: PANIC PHNE_7749: PANIC PHNE_6866: PANIC Path Name: /hp-ux_patches/s700/10.X/PHNE_11985 Symptoms: PHNE_11985: This patch replaces PHNE_10902. See Defect Description. PHNE_10902: See Defect Description. PHNE_10484: See Defect Description PHNE_9104: See Defect Description PHNE_9034: See Defect Description PHNE_8063: See Defect Description PHNE_7749: See Defect Description PHNE_6866: See Defect Description Defect Description: PHNE_11985: ( SR not found ) The problem is that h/netstatistic.h tries to include "../h/mib.h" which only exists in the kernel build environment. ( SR not found ) Ping cannot work on the next available source route path because ARP cannot detect that path but insist on using the previous path which is now severed. ( SR number: 1653214981 ) The problem is that ip_output is using the PMTU from the dynamic route, but TCP is not, resulting in fragmentation and sub-optimal behavior. ( SR not found ) System hang caused by memory leak due to failed setsockopt(2) calls. ( SR number: 5003366898 ) Whenever the PMTU value is changed, and the local system is a multiple processor machine, and the connection is TCP, and the resulting fragments are less than 60 bytes, and the outbound connection is over FDDI, then the remote system starts logging TCP checksum errors and existing connections time out. PHNE_10902: ( SR number: 1653212290 ) When a system connects to a tokn ring with rif enabled and the token ring uses source route bridging, the system panics immediately after it has been connected to the ring. PHNE_10484: ( SR number: 5003320655 ) HP 9000/UX BSD ARP implementation causes caching of the least optimal path to a remote host on a Token Ring network among multiple possible paths through various source routing bridges. This is true for both outbound and inbound ARP resolution cases. In the case of outbound ARP resolution after HP 9000/UX issues an ARP broadcast request to a remote host which results in multiple requests reaching to that host, it begins to receive multiple responses, and for each such response it overwrites the cache data for that host. This results in the cache having the longest path corresponding to the last response received. Similarly, in the case of inbound ARP resolution, HP 9000/UX receives multiple ARP requests over multiple paths, and with each request it updates its cache with the path over which that request was received. This results in the cache finally containing the path over which the last request was received which may be the longest path in most cases. ( SR number: 1653198069 ) System hangs during shutdown in sbdrop. ( SR number: 5003352872 ) Network hangs because Stream Scheduler is looping on processor 0. ( SR not found ) IP directed broadcast forwarding is not supported. PHNE_9104: ( SR number: 5003318543 ) Memory leak when IPPROTO_TCP setsockopt() done on closed socket. ( SR number: 5003327973 ) Data was put in the socket buffer before calling tcp to send it out. If tcp gets an error from the interface which may be transient, tcp returns the error to the application. If the application attempts to resend the data instead of exiting, a potential data corruption situation can occur. ( SR number: 5000716316 ) System hung when doing a second connect() on the same socket. ( SR number: 1653182782 ) Fast retransmission not activated after three duplicate ACK if window scaling is on (RFC 1323). ( SR number: 4701335596 ) A syn attack can result in Denial Of Service (DOS) to legitimate users. ( SR number: 1653184861 ) Customers in 9.x can tune sb_max, but cannot do it in 10.x. ( SR not found ) IPTOS_PREC_ROUTINE was defined as 0x10. That means the LOW DELAY bit in the type of service field is also set. This makes it difficult to assign "Routine" precedence with "Normal delay" ( SR number: 4701339044 ) Panic in sounlock. ( SR number: 1653189852 ) Directed Broadcast to a different network fails. ( SR number: 5003345215 ) Multicast addresses don't transfer over to the new interface during switchover. ( SR number: 5003345207 ) An application binding to a multicast address does not receive packets sent to that multicast address. ( SR number: 1653192054 ) IBM RS/6000 systems reject our arp request. PHNE_9034: ( SR number: 5003342071 ) ping can cause panic. PHNE_8063: ( SR number: 5000710814 ) An ENXIO error is presently passed from the transport layer up to the application error as a "hard", or irrecoverable error. It is left up to the application to decide how to handle this situation. This is incorrect, because ENXIO is generated by the driver(s) in situations which *may* be recoverable, such as the imfamous 82596 LAN chip error. The user will see applications fail with a connection failure error which may be accompanied by a log message from the driver indicating that some sort of hardware error has occurred. ( SR number: 4701295527 ) ENXIO bubbled upto application causing it to abort abnormally. ( SR number: 5003309898 ) System panic during nmget() call. Probable cause: the network management accessing arp table while its being updated. ( SR not found ) data memory protection fault panic in whohas_snap8025 ( SR not found ) netstat improperly displays the interface field for clan0. ( SR number: 1653175810 ) icpm packet rerouting to 255.255.255.255 causes system hang on UP and panic on MP. ( SR not found ) For a SYN, when the socket is not found in the listen queue, we search the whole list. This takes too long. It causes performance degradation in netscape. (e.g.The above may happen when a service not started). ( SR number: 1653176644 ) Panic calling audit_send_dgram (). ( SR number: 5003326199 ) K400; 10.01; running ServiceGuard. System panics with doing a ping to a floating ip address of a package that is being shutdown. ( SR not found ) The code does not ensure that there is always space left for '\0' for the case when unit number > 9. ( SR not found ) The default for listen queue has been increased from 20 to 4K. ( SR not found ) max value of 20 for listen queue is inadequte for a number of applications. ( SR number: 4701333427 ) Possible panic in tcp_ctloutput() due to inproper locking and unlocking of inp. PHNE_7749: ( SR number: 5003292979 ) The problem is that Unix Domain sockets that pass file access rights to each other can cause system panics with the message "Data page fault". ( SR number: 4701313866 ) Bug in source code. Found through code examination. Works accidentally. ( SR number: 4701313304 ) The current code allows one to create an arp entry on a poinnt to point interface. When the time expires on this entry,an attempt is made to build a packet by calling a procedure whose pointer should be in the arpcom table. In the point to point case, that pointer is NULL which causes a panic. ( SR not found ) System will panic if a user application requests xti message size 32K or larger. ( SR number: 1653162255 ) An MP system hangs during shutdown because a process gets stuck in soclose() forever. ( SR not found ) This problem will panic a system in sosend with data page fault error. Any user using unix domain sockets could get this crash. ( SR number: 5003315358 ) There is a panic which can occur when receiving IP multicast packets on an MP system. ( SR number: 5003316810 ) System hang and network congestion. PHNE_6866: ( SR number: 5003263541 ) ICMP 12 messages are passed to applications. some applications don't know what to do with them. ( SR not found ) UDP sockets are unable to send all 1's limited broadcasts. This directly affects DHCP, because the DHCP server then cannot reply to a DHCP request with an all 1's limited broadcast as it should. Some DHCP clients require this. ( SR number: 1653144972 ) There are cases where we can get FIN_WAIT_2 connections that never go away. We need a timer that customers can set to remove these connections. ( SR number: 5003285718 ) An ICMP Net Redirect causes a host route to be added, but the host route has a net address instead of a full IP address. ( SR number: 1653145037 ) Customer hit a panic in kernel socket code. See submitter text for detail. ( SR not found ) The problem is that a partner needs support in the BSD networking stack in order to implement a secure firewall product. They need the right hooks in our kernel. ( SR number: 4701308023 ) The problem is that the system panics upon receipt of a particular type of packet. ( SR number: 4701316315 ) A multiprocessor system can panic by holding onto a spinlock too long. ( SR number: 1653152611 ) A bad TCPOPT_MAXSEG TCP/IP option can cause a "Conditional trap" system panic. ( SR not found ) The problem is that h/netstatistic.h tries to include "../h/mib.h" which only exists in the kernel build environment. ( SR not found ) The problem is that a system panics in sbdrop(). ( SR number: 5003298554 ) The use of multiple IP addresses on the same system is partially broken. While setting up TCP connections, we fail to discriminate between sockets listening at the same port even though they use different IP addresses. This breaks Service Guard (which uses multiple IP addresses on the same interface) and some functionality of multihomed systems. This can also be seen as a bind() problem. ( SR number: 1653157289 ) The problem is that a t_snddis() call (using XTI) can fail with EADDRINUSE for no apparent reason. ( SR not found ) The problem is that a system panics in unp_gc(). This can be worked around by setting unpgc_disabled. SR: 5000710814 5003263541 4701295527 1653144972 5003285718 1653145037 4701308023 5003292979 4701316315 1653152611 4701313866 5003298554 4701313304 1653157289 1653162255 5003309898 5003315358 5003316810 5003318543 5003320655 1653175810 1653176644 5003327973 5003326199 4701333427 5000716316 1653182782 4701335596 1653184861 5003342071 4701339044 1653189852 5003345215 5003345207 1653192054 1653198069 5003352872 5003355875 1653212290 1653214981 5003366898 Patch Files: /usr/conf/lib/libinet.a(udp_usrreq.o) /usr/conf/lib/libinet.a(tcp_usrreq.o) /usr/conf/lib/libinet.a(tcp_timer.o) /usr/conf/lib/libinet.a(tcp_subr.o) /usr/conf/lib/libinet.a(tcp_output.o) /usr/conf/lib/libinet.a(tcp_input.o) /usr/conf/lib/libhp-ux.a(nm_tune.o) /usr/conf/lib/libhp-ux.a(nm_gen.o) /usr/conf/lib/libinet.a(ip_output.o) /usr/conf/lib/libinet.a(ip_input.o) /usr/conf/lib/libinet.a(ip_icmp.o) /usr/conf/lib/libinet.a(in_proto.o) /usr/conf/lib/libinet.a(in_pcb.o) /usr/conf/lib/libinet.a(in.o) /usr/conf/lib/libinet.a(if_ether.o) /usr/conf/lib/libnet.a(route.o) /usr/conf/lib/libuipc.a(netisr.o) /usr/conf/lib/libnet.a(if.o) /usr/conf/lib/libhp-ux.a(dgram_aud.o) /usr/conf/lib/libhp-ux.a(netfunc.o) /usr/conf/lib/libuipc.a(uipc_socket2.o) /usr/conf/lib/libuipc.a(uipc_usrreq.o) /usr/conf/lib/libuipc.a(uipc_socket.o) /usr/conf/lib/libuipc.a(uipc_syscall.o) /usr/conf/lib/libtpiso.a(xtiso.o) /usr/conf/master.d/net what(1) Output: /usr/conf/lib/libinet.a(udp_usrreq.o): PHNE_11985 udp_usrreq.c $Revision: 1.7.102.16 $ $Dat e: 97/07/24 14:04:37 $ /usr/conf/lib/libinet.a(tcp_usrreq.o): PHNE_11985 tcp_usrreq.c $Revision: 1.8.102.12 $ $Dat e: 96/09/27 08:42:00 $ /usr/conf/lib/libinet.a(tcp_timer.o): PHNE_11985 tcp_timer.c $Revision: 1.6.102.9 $ /usr/conf/lib/libinet.a(tcp_subr.o): PHNE_11985 tcp_subr.c $Revision: 1.6.102.12 $ $Date: 97/04/25 15:00:05 $ /usr/conf/lib/libinet.a(tcp_output.o): PHNE_11985 tcp_output.c $Revision: 1.6.102.3 $ $Date : 96/05/13 10:04:29 $ /usr/conf/lib/libinet.a(tcp_input.o): PHNE_11985 tcp_input.c $Revision: 1.9.102.21 $ $Date : 97/07/18 14:34:07 $ /usr/conf/lib/libhp-ux.a(nm_tune.o): PHNE_11985 nm_tune.c $Revision: 1.2.102.4 $ /usr/conf/lib/libhp-ux.a(nm_gen.o): PHNE_11985 nm_gen.c $Revision: 1.3.102.3 $ /usr/conf/lib/libinet.a(ip_output.o): PHNE_11985 ip_output.c $Revision: 1.6.102.7 $ $Date: 96/11/05 15:32:08 $ /usr/conf/lib/libinet.a(ip_input.o): PHNE_11985 ip_input.c $Revision: 1.6.102.17 $ $Date: 97/05/01 11:35:46 $ /usr/conf/lib/libinet.a(ip_icmp.o): PHNE_11985 ip_icmp.c $Revision: 1.7.102.6 $ /usr/conf/lib/libinet.a(in_proto.o): PHNE_11985 in_proto.c $Revision: 1.3.102.6 $ $Date: 96/02/15 18:47:54 $ /usr/conf/lib/libinet.a(in_pcb.o): PHNE_11985 in_pcb.c $Revision: 1.8.102.15 $ $Date: 9 6/12/17 19:35:38 $ /usr/conf/lib/libinet.a(in.o): PHNE_11985 in.c $Revision: 1.7.102.14 $ $Date: 96/12 /06 10:13:04 $ /usr/conf/lib/libinet.a(if_ether.o): PHNE_11985 if_ether.c $Revision: 1.8.102.19 $ /usr/conf/lib/libnet.a(route.o): PHNE_11985 route.c $Revision: 1.7.102.18 $ /usr/conf/lib/libuipc.a(netisr.o): PHNE_11985 netisr.c $Revision: 1.10.102.8 $ /usr/conf/lib/libnet.a(if.o): PHNE_11985 if.c $Revision: 1.5.102.7 $ /usr/conf/lib/libhp-ux.a(dgram_aud.o): PHNE_11985 dgram_aud.c $Revision: 1.2.102.3 $ $Date: 96/08/02 20:45:40 $ /usr/conf/lib/libhp-ux.a(netfunc.o): PHNE_11985 netfunc.c $Revision: 1.4.102.3 $ /usr/conf/lib/libuipc.a(uipc_socket2.o): PHNE_11985 uipc_socket2.c $Revision: 1.8.102.12 $ $D ate: 96/12/16 18:30:42 $ /usr/conf/lib/libuipc.a(uipc_usrreq.o): PHNE_11985 uipc_usrreq.c $Revision: 1.6.102.15 $ /usr/conf/lib/libuipc.a(uipc_socket.o): PHNE_11985 uipc_socket.c $Revision: 1.9.102.21 $ $Da te: 97/07/03 08:43:25 $ /usr/conf/lib/libuipc.a(uipc_syscall.o): PHNE_11985 uipc_syscall.c $Revision: 1.8.102.9 $ $Da te: 96/12/16 10:27:59 $ /usr/conf/lib/libtpiso.a(xtiso.o): PHNE_11985 xtiso.c $Revision: 1.2.102.9 $ $Date: 97/ 01/28 17:24:53 $ /usr/conf/master.d/net: $Revision: 1.2.102.3 $ cksum(1) Output: 777773113 15264 /usr/conf/lib/libinet.a(udp_usrreq.o) 3806870822 12040 /usr/conf/lib/libinet.a(tcp_usrreq.o) 1704658101 15452 /usr/conf/lib/libinet.a(tcp_timer.o) 3830396563 10052 /usr/conf/lib/libinet.a(tcp_subr.o) 40836868 6624 /usr/conf/lib/libinet.a(tcp_output.o) 1557340390 21860 /usr/conf/lib/libinet.a(tcp_input.o) 2807623845 9360 /usr/conf/lib/libhp-ux.a(nm_tune.o) 1792701791 7576 /usr/conf/lib/libhp-ux.a(nm_gen.o) 1742108687 12756 /usr/conf/lib/libinet.a(ip_output.o) 934160168 17760 /usr/conf/lib/libinet.a(ip_input.o) 430913656 7432 /usr/conf/lib/libinet.a(ip_icmp.o) 2974010648 2988 /usr/conf/lib/libinet.a(in_proto.o) 1383677529 14912 /usr/conf/lib/libinet.a(in_pcb.o) 2578295776 16228 /usr/conf/lib/libinet.a(in.o) 2122729938 46880 /usr/conf/lib/libinet.a(if_ether.o) 1731985002 18080 /usr/conf/lib/libnet.a(route.o) 2885590388 7876 /usr/conf/lib/libuipc.a(netisr.o) 367549113 7552 /usr/conf/lib/libnet.a(if.o) 394098929 2508 /usr/conf/lib/libhp-ux.a(dgram_aud.o) 604839283 1112 /usr/conf/lib/libhp-ux.a(netfunc.o) 3964836914 21720 /usr/conf/lib/libuipc.a(uipc_socket2.o) 122041310 13060 /usr/conf/lib/libuipc.a(uipc_usrreq.o) 1517225472 21828 /usr/conf/lib/libuipc.a(uipc_socket.o) 2215275495 18024 /usr/conf/lib/libuipc.a(uipc_syscall.o) 3299641977 61908 /usr/conf/lib/libtpiso.a(xtiso.o) 2304715148 5070 /usr/conf/master.d/net Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_6866 PHNE_7749 PHNE_8063 PHNE_9034 PHNE_9104 PHNE_10484 PHNE_10902 Equivalent Patches: None Patch Package Size: 480 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_11985 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_11985.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_11985.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_11985. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_11985.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_11985.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None