Patch Name: PHNE_12143 Patch Description: s700 10.01 ARPA Transport cumulative patch Creation Date: 97/08/13 Post Date: 97/08/21 Hardware Platforms - OS Releases: s700: 10.01 Products: N/A Filesets: OS-Core.CORE-KRN Networking.NET-KRN Networking.NET-RUN Automatic Reboot?: Yes Status: General Superseded Critical: Yes PHNE_12143: PANIC PHNE_9102: PANIC PHNE_9032: PANIC PHNE_8168: PANIC PHNE_7324: PANIC PHNE_6708: PANIC PHNE_6175: PANIC PHNE_6044: PANIC PHNE_5833: PANIC Path Name: /hp-ux_patches/s700/10.X/PHNE_12143 Symptoms: PHNE_12143: This patch replaces PHNE_9102. See Defect Description PHNE_9102: See Defect Description PHNE_9032: See Defect Description PHNE_8168: See Defect Description PHNE_7324: See Defect Description PHNE_6708: See Defect Description PHNE_6175: See Defect Description PHNE_6044: See Defect Description PHNE_5833: See Defect Description Defect Description: PHNE_12143: ( SR number: 5003345207 ) An application binding to a multicast address does not receive packets sent to that multicast address. ( SR number: 1653192054 ) IBM RS/6000 systems reject our arp request. ( SR number: 1653198069 ) System hangs during shutdown in sbdrop. ( SR number: 5003352872 ) Network hangs because Stream Scheduler is looping on processor 0. ( SR not found ) IP directed broadcast forwarding is not supported. ( SR number: 5003355875 ) In 10.X TCPMSS does not behave the same way as in 9.X even when PMTU is disabled. ( SR number: 1653214981 ) The problem is that ip_output is using the PMTU from the dynamic route, but TCP is not, resulting in fragmentation and sub-optimal behavior. ( SR number: 5003372144 ) A system panic was caused by null pointer derefenence during a bind(2) system call. ( SR number: 5003366898 ) Whenever the PMTU value is changed, the remote system starts logging TCP checksum errors and existing connections time out. PHNE_9102: ( SR number: 5003327973 ) Data was put in the socket buffer before calling tcp to send it out. If tcp gets an error from the interface which may be transient, tcp returns the error to the application. If the application attempts to resend the data instead of exiting, a potential data corruption situation can occur. ( SR not found ) The default for listen queue has been increased from 20 to 4K. ( SR number: 5000716316 ) System hung when doing a second connect() on the same socket. ( SR number: 1653182782 ) Fast retransmission not activated after three duplicate ACK if window scaling is on (RFC 1323). ( SR number: 4701335596 ) A syn attack can result in Denial Of Service (DOS) to legitimate users. ( SR number: 1653184861 ) Customers in 9.x can tune sb_max, but cannot do it in 10.x. ( SR number: 4701339044 ) Panic in sounlock. ( SR number: 5003345215 ) Multicast addresses don't transfer over to the new interface during switchover. PHNE_9032: ( SR number: 5003342071 ) ping can cause panic. PHNE_8168: ( SR number: 5000710814 ) An ENXIO error is presently passed from the transport layer up to the application error as a "hard", or irrecoverable error. It is left up to the application to decide how to handle this situation. This is incorrect, because ENXIO is generated by the driver(s) in situations which *may* be recoverable, such as the imfamous 82596 LAN chip error. The user will see applications fail with a connection failure error which may be accompanied by a log message from the driver indicating that some sort of hardware error has occurred. ( SR number: 4701295527 ) ENXIO bubbled upto application causing it to abort abnormally. ( SR number: 4701313866 ) Bug in source code. Found through code examination. Works accidentally. ( SR number: 5003315358 ) There is a panic which can occur when receiving IP multicast packets on an MP system. ( SR number: 5003316810 ) System hang and network congestion. ( SR number: 5003318543 ) Memory leak when IPPROTO_TCP setsockopt() done on clsed socket. ( SR not found ) data memory protection fault panic in whohas_snap8025 ( SR not found ) netstat improperly displays the interface field for clan0. ( SR number: 1653175810 ) icpm packet rerouting to 255.255.255.255 causes system hang on UP and panic on MP. ( SR not found ) For a SYN, when the socket is not found in the listen queue, we search the whole list. This takes too long. It causes performance degradation in netscape. (e.g.The above may happen when a service not started). ( SR number: 1653176644 ) Panic calling audit_send_dgram (). ( SR number: 5003326199 ) K400; 10.01; running ServiceGuard. System panics with doing a ping to a floating ip address of a package that is being shutdown. ( SR not found ) The code does not ensure that there is always space left for '\0' for the case when unit number > 9. ( SR not found ) max value of 20 for listen queue is inadequte for a number of applications. ( SR number: 4701333427 ) Possible panic in tcp_ctloutput() due to inproper locking and unlocking of inp. PHNE_7324: ( SR number: 4701313304 ) The current code allows one to create an arp entry on a poinnt to point interface. When the time expires on this entry,an attempt is made to build a packet by calling a procedure whose pointer should be in the arpcom table. In the point to point case, that pointer is NULL which causes a panic. ( SR number: 1653157289 ) The problem is that a t_snddis() call (using XTI) can fail with EADDRINUSE for no apparent reason. ( SR number: 4701314807 ) The problem is that an XTI application can cause a system panic with "panic: Data page fault". ( SR number: 1653162255 ) An MP system hangs during shutdown because a process gets stuck in soclose() forever. ( SR number: 5003309898 ) System panic during nmget() call. Probable cause: the network management accessing arp table while its being updated. ( SR number: 4701319897 ) tcp_iss is only incremented for tcp_slowtimo() for linear sequencing (not random sequencing). PHNE_6708: ( SR number: 5003292979 ) The problem is that Unix Domain sockets that pass file access rights to each other can cause system panics with the message "Data page fault". ( SR number: 4701316315 ) A multiprocessor system can panic by holding onto a spinlock too long. ( SR number: 1653152611 ) A bad TCPOPT_MAXSEG TCP/IP option can cause a "Conditional trap" system panic. ( SR not found ) The problem is that h/netstatistic.h tries to include "../h/mib.h" which only exists in the kernel build environment. ( SR not found ) A freshly built kernel panics on bootup. This has only been seen on an s770 (skyhawk), but it can possibly happen on other systems as well. ( SR not found ) The problem is that a system panics in sbdrop(). ( SR number: 5003298554 ) The use of multiple IP addresses on the same system is partially broken. While setting up TCP connections, we fail to discriminate between sockets listening at the same port even though they use different IP addresses. This breaks Service Guard (which uses multiple IP addresses on the same interface) and some functionality of multihomed systems. This can also be seen as a bind() problem. ( SR not found ) ICMP Host Unreachable messages can cause a system panic. PHNE_6175: ( SR number: 1653144972 ) There are cases where we can get FIN_WAIT_2 connections that never go away. We need a timer that customers can set to remove these connections. ( SR number: 5003285718 ) An ICMP Net Redirect causes a host route to be added, but the host route has a net address instead of a full IP address. ( SR number: 1653145037 ) Customer hit a panic in kernel socket code. See submitter text for detail. ( SR not found ) The problem is that a partner needs support in the BSD networking stack in order to implement a secure firewall product. They need the right hooks in our kernel. ( SR number: 4701308023 ) The problem is that the system panics upon receipt of a particular type of packet. ( SR number: 5003292524 ) 10.01:Data Segmentation fault in ip_output(). Caused by ping -rp PHNE_6044: ( SR not found ) The problem is that a system with a lot of network connections can panic with "INHEAD held too long". ( SR not found ) TCP/IP performance suffers on systems with a lot of listening and connected sockets. This is noticable on WWW servers which handle a lot of connection requests. ( SR number: 4701303230 ) System paniced after turning networking tracing in a MP system. This type of panic has been duplicated in all 10.X releases. PHNE_5833: ( SR not found ) The problem is that "lanconfig lan0 -rif" makes the ethernet interface lan0 unusable. Carriage returns in a telnet session take about 1 minute to respond. ( SR number: 5003247148 ) ( SR number: 5003263541 ) ICMP 12 messages are passed to applications. some applications don't know what to do with them. ( SR number: 5003264713 ) The listen socket queue limit is only 20 and should be increased. The system administrator should be able to change the maximum. ( SR number: 5003264739 ) The problem is seen when we try to close a file with valid file pointer but invalid cred field. ( SR number: 5003270058 ) The problem is that removing a route that has an active connection network connection over it can cause a system panic. This has been reproduced on a gateway system (at least 2 network interfaces) that is forwarding packets from one network to the other. This has caused the IP forwarding mechanism to panic and the ARP mechanism to panic. This problem can cause panics elsewhere, too. ( SR not found ) The problem is that exercising Unix domain sockets causes a system panic. Specifically, if one socket working as a server (is "connected to" by a client socket) connects to another socket working as a server, the system panics. ( SR number: 1653134999 ) System panics when there are no lan i/fs configured, and nmget(GP_ip) is used to get "IP" MIB information. ( SR not found ) The problem is that IP packets coming in on a fast interface occasionally get dropped for no reason. ( SR number: 5003275438 ) With the 10.x release, ifconfig restricts configuration of the local IP address to not allow all ones or all zeros in the network, subnet, or host portions of the IP address. Furthermore, a one bit subnet is not allowed. Customers migrating from 9.X to 10.X who are currently using all ones or all zeros in these portions of their addresses will get "address not available" errors when doing ifconfig. ( SR not found ) The problem, as reported by the submitter, is that the system panics with "spin_deadlock_failure". A diagnostic message in the msgbuf is "Trying to get spinlock beta semaphore spinlock when spinlock unp_misc_lock is held." ( SR not found ) Problems are noted in the following areas: a). Default TCP MSS should be 536 as per RFC 1122 b). They want to use the Interface's MTU for negotiating a TCP MSS, rather than the IP default of 536, when connecting systems on different subnets. Note that only the default TCP MSS change is required for 10.x because PMTU provides the functionality requested in item "b". ( SR not found ) The problem is that an illegal reference is made to t_template of the tcpcb after the template has been freed. This is a TCP/IP race condition. SR: 5000710814 5003247148 5003263541 5003264713 5003264739 5003270058 4701295527 1653134999 5003275438 4701303230 1653144972 5003285718 1653145037 4701308023 5003292524 5003292979 4701316315 1653152611 4701313866 5003298554 4701313304 1653157289 4701314807 1653162255 5003309898 4701319897 5003315358 5003316810 5003318543 1653175810 1653176644 5003327973 5003326199 4701333427 5000716316 1653182782 4701335596 1653184861 5003342071 4701339044 5003345215 5003345207 1653192054 1653198069 5003352872 5003355875 1653214981 5003372144 5003366898 Patch Files: /usr/conf/lib/libinet.a(udp_usrreq.o) /usr/conf/lib/libinet.a(tcp_usrreq.o) /usr/conf/lib/libinet.a(tcp_timer.o) /usr/conf/lib/libinet.a(tcp_subr.o) /usr/conf/lib/libinet.a(tcp_output.o) /usr/conf/lib/libinet.a(tcp_input.o) /usr/conf/lib/libhp-ux.a(nm_tune.o) /usr/conf/lib/libhp-ux.a(nm_gen.o) /usr/conf/lib/libinet.a(ip_output.o) /usr/conf/lib/libinet.a(ip_input.o) /usr/conf/lib/libinet.a(ip_icmp.o) /usr/conf/lib/libinet.a(in_proto.o) /usr/conf/lib/libinet.a(in_pcb.o) /usr/conf/lib/libinet.a(in.o) /usr/conf/lib/libinet.a(if_ether.o) /usr/conf/lib/libnet.a(route.o) /usr/conf/lib/libuipc.a(netisr.o) /usr/conf/lib/libnet.a(if_ni.o) /usr/conf/lib/libnet.a(if_loop.o) /usr/conf/lib/libnet.a(if.o) /usr/conf/lib/libhp-ux.a(dgram_aud.o) /usr/conf/lib/libhp-ux.a(netfunc.o) /usr/conf/lib/libuipc.a(sys_socket.o) /usr/conf/lib/libuipc.a(uipc_init.o) /usr/conf/lib/libuipc.a(uipc_socket2.o) /usr/conf/lib/libuipc.a(uipc_usrreq.o) /usr/conf/lib/libuipc.a(uipc_socket.o) /usr/conf/lib/libuipc.a(uipc_syscall.o) /usr/conf/lib/libtpiso.a(xtiso.o) /usr/conf/master.d/net what(1) Output: /usr/conf/lib/libinet.a(udp_usrreq.o): PHNE_12143 udp_usrreq.c $Revision: 1.6.101.12 $ $Dat e: 97/06/25 08:17:23 $ /usr/conf/lib/libinet.a(tcp_usrreq.o): PHNE_12143 tcp_usrreq.c $Revision: 1.7.101.13 $ $Dat e: 96/09/26 16:51:17 $ /usr/conf/lib/libinet.a(tcp_timer.o): PHNE_12143 tcp_timer.c $Revision: 1.5.101.10 $ /usr/conf/lib/libinet.a(tcp_subr.o): PHNE_12143 tcp_subr.c $Revision: 1.5.101.12 $ $Date: 97/04/25 15:11:20 $ /usr/conf/lib/libinet.a(tcp_output.o): PHNE_12143 tcp_output.c $Revision: 1.5.101.5 $ $Date : 96/05/13 09:58:56 $ /usr/conf/lib/libinet.a(tcp_input.o): PHNE_12143 tcp_input.c $Revision: 1.8.101.25 $ $Date : 97/07/09 14:39:10 $ /usr/conf/lib/libhp-ux.a(nm_tune.o): PHNE_12143 nm_tune.c $Revision: 1.2.101.4 $ /usr/conf/lib/libhp-ux.a(nm_gen.o): PHNE_12143 nm_gen.c $Revision: 1.3.101.3 $ /usr/conf/lib/libinet.a(ip_output.o): PHNE_12143 ip_output.c $Revision: 1.5.101.7 $ $Date: 96/01/23 15:37:38 $ /usr/conf/lib/libinet.a(ip_input.o): PHNE_12143 ip_input.c $Revision: 1.5.101.10 $ $Date: 97/01/21 18:54:49 $ /usr/conf/lib/libinet.a(ip_icmp.o): PHNE_12143 ip_icmp.c $Revision: 1.6.101.3 $ /usr/conf/lib/libinet.a(in_proto.o): PHNE_12143 in_proto.c $Revision: 1.3.101.3 $ $Date: 95/11/17 16:56:32 $ /usr/conf/lib/libinet.a(in_pcb.o): PHNE_12143 in_pcb.c $Revision: 1.7.101.12 $ $Date: 9 6/12/17 19:40:27 $ /usr/conf/lib/libinet.a(in.o): PHNE_12143 in.c $Revision: 1.6.101.14 $ $Date: 96/12 /06 10:36:26 $ /usr/conf/lib/libinet.a(if_ether.o): PHNE_12143 if_ether.c $Revision: 1.7.101.14 $ /usr/conf/lib/libnet.a(route.o): PHNE_12143 route.c $Revision: 1.6.101.17 $ /usr/conf/lib/libuipc.a(netisr.o): PHNE_12143 netisr.c $Revision: 1.9.101.4 $ /usr/conf/lib/libnet.a(if_ni.o): PHNE_12143 if_ni.c $Revision: 1.7.101.1 $ $Date: 94/ 10/04 11:51:49 $ /usr/conf/lib/libnet.a(if_loop.o): PHNE_12143 if_loop.c $Revision: 1.5.101.4 $ $Date: 9 5/12/29 12:50:39 $ /usr/conf/lib/libnet.a(if.o): PHNE_12143 if.c $Revision: 1.4.101.5 $ /usr/conf/lib/libhp-ux.a(dgram_aud.o): PHNE_12143 dgram_aud.c $Revision: 1.2.101.2 $ $Date: 96/08/02 21:07:13 $ /usr/conf/lib/libhp-ux.a(netfunc.o): PHNE_12143 netfunc.c $Revision: 1.4.101.3 $ /usr/conf/lib/libuipc.a(sys_socket.o): PHNE_12143 sys_socket.c $Revision: 1.5.101.4 $ /usr/conf/lib/libuipc.a(uipc_init.o): FILESET BSDIPC-SOCKET: lib uipc: Version: A.10.00 PHNE_12143 uipc_init.c $Date: 95/08/09 14:12:14 $ $R evision: 1.5.101.3 $ /usr/conf/lib/libuipc.a(uipc_socket2.o): PHNE_12143 uipc_socket2.c $Revision: 1.7.101.7 $ $Da te: 96/12/16 18:47:24 $ /usr/conf/lib/libuipc.a(uipc_usrreq.o): PHNE_12143 uipc_usrreq.c $Revision: 1.5.101.11 $ /usr/conf/lib/libuipc.a(uipc_socket.o): PHNE_12143 uipc_socket.c $Revision: 1.8.101.13 $ $Da te: 97/06/05 14:29:11 $ /usr/conf/lib/libuipc.a(uipc_syscall.o): PHNE_12143 uipc_syscall.c $Revision: 1.7.101.5 $ $Da te: 96/12/16 10:10:20 $ /usr/conf/lib/libtpiso.a(xtiso.o): PHNE_12143 xtiso.c $Revision: 1.2.101.5 $ $Date: 97/ 01/28 17:39:29 $ /usr/conf/master.d/net: $Revision: 1.2.101.3 $ cksum(1) Output: 873146954 14268 /usr/conf/lib/libinet.a(udp_usrreq.o) 53655594 11872 /usr/conf/lib/libinet.a(tcp_usrreq.o) 2567555334 15360 /usr/conf/lib/libinet.a(tcp_timer.o) 3863478853 9952 /usr/conf/lib/libinet.a(tcp_subr.o) 674269696 7584 /usr/conf/lib/libinet.a(tcp_output.o) 27207929 21864 /usr/conf/lib/libinet.a(tcp_input.o) 1565379915 9208 /usr/conf/lib/libhp-ux.a(nm_tune.o) 933471637 7272 /usr/conf/lib/libhp-ux.a(nm_gen.o) 3405860130 11960 /usr/conf/lib/libinet.a(ip_output.o) 3683581184 17364 /usr/conf/lib/libinet.a(ip_input.o) 2250893857 7308 /usr/conf/lib/libinet.a(ip_icmp.o) 4045826164 2780 /usr/conf/lib/libinet.a(in_proto.o) 3980091990 15000 /usr/conf/lib/libinet.a(in_pcb.o) 2091079186 16392 /usr/conf/lib/libinet.a(in.o) 1911914939 43144 /usr/conf/lib/libinet.a(if_ether.o) 192646195 17984 /usr/conf/lib/libnet.a(route.o) 3527663611 7748 /usr/conf/lib/libuipc.a(netisr.o) 3169952825 10504 /usr/conf/lib/libnet.a(if_ni.o) 3381411436 5648 /usr/conf/lib/libnet.a(if_loop.o) 666393067 7504 /usr/conf/lib/libnet.a(if.o) 675032466 2312 /usr/conf/lib/libhp-ux.a(dgram_aud.o) 2086052618 960 /usr/conf/lib/libhp-ux.a(netfunc.o) 3841537419 4104 /usr/conf/lib/libuipc.a(sys_socket.o) 858358191 3612 /usr/conf/lib/libuipc.a(uipc_init.o) 484922100 18708 /usr/conf/lib/libuipc.a(uipc_socket2.o) 2617411303 12572 /usr/conf/lib/libuipc.a(uipc_usrreq.o) 2593746856 20916 /usr/conf/lib/libuipc.a(uipc_socket.o) 3433872519 13640 /usr/conf/lib/libuipc.a(uipc_syscall.o) 1280355086 57300 /usr/conf/lib/libtpiso.a(xtiso.o) 3823741558 5070 /usr/conf/master.d/net Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_5833 PHNE_6044 PHNE_6175 PHNE_6708 PHNE_7324 PHNE_8168 PHNE_9032 PHNE_9102 Equivalent Patches: None Patch Package Size: 490 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_12143 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_12143.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_12143.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_12143. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_12143.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_12143.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None