Patch Name: PHNE_14504 Patch Description: s700 10.20 cumulative ARPA Transport patch Creation Date: 98/03/11 Post Date: 98/03/20 Hardware Platforms - OS Releases: s700: 10.20 Products: N/A Filesets: OS-Core.CORE-KRN Networking.NET-KRN Automatic Reboot?: Yes Status: General Superseded Critical: Yes PHNE_14504: PANIC PHNE_13469: PANIC PHNE_13289: PANIC PHNE_13245: PANIC PHNE_12407: PANIC PHNE_11530: PANIC PHNE_9106: PANIC PHNE_9098: PANIC PHNE_9036: PANIC Path Name: /hp-ux_patches/s700/10.X/PHNE_14504 Symptoms: PHNE_14504: This patch replaces PHNE_13469. See Defect Description PHNE_13469: See Defect Description PHNE_13289: See Defect Description PHNE_13245: See Defect Description PHNE_12407: See Defect Description PHNE_11530: See Defect Description PHNE_9106: See Defect Description PHNE_9098: See Defect Description PHNE_9036: See Defect Description Defect Description: PHNE_14504: ( SR number: 5003402677 ) Net_untimeout returns incorrect value. It causes processes hung when access NFS. ( SR number: 1653232538 ) udp_usrreq cause system panic ( SR number: 4701371914 ) Netscape askes an API interface to get tcp state. ( SR number: 5003401802 ) mbuf offset is not a word alignment value. ( SR number: 5003408328 ) In certain configurations a system may go down with a message of "m_free: freeing free mbuf". The stack will look like; panic+0x10 m_free+0x28 m_freem_train+0x1c unicast_ippkt+0x71c arp_resolve+0x288 lanc_if_output+0x48 ip_output+0x60c udp_output+0x1f8 ku_sendto_mbuf+0x8c svckudp_send+0x158 svc_sendreply+0x5c svckudp_send+0x158 svc_sendreply+0x5c The configuration would be that a system would have a packet come in on one interface type and go out of a different one. I.E. FDDI vs ETHER. PHNE_13469: ( SR number: 5003366906 ) Netstat -m display incorrect socket structure count. ( SR number: 1653234245 ) When Service Guard requests a switch between two interfaces and the TARGET is not available then the ifnet structures get corrupted. Later when these are used the system will crash. ( SR number: 1653239764 ) If the system is a single processor machine they may see it hang. It will still respond to "ping" but the console and all other activity will stop. If the system is a multiprocessor machine the customer may see that one processor is 100% busy running netisr. The rest of the system will be working OK with the exception of the one processor being out of the picture. Networking may be slow or not working at all. Netstat will show one of this systems IP addresses connected to itsself along with the local and remote port being the same. The state of the socket will be SYN_RCVD. PHNE_13289: ( SR number: 1653227116 ) The tcp retransmission timer range is not tuneable. The tcp_rexmt_min global was added. PHNE_13245: ( SR number: 4701350173 ) System panic during start-up, due to lack of defensive check in IP interrupt processing. ( SR number: 5003361691 ) Nettune can not tune sb_max. ( SR number: 5003379529 ) Customer wants to have more IP addresses available than what RFC 1122 will allow. ( SR number: 5003384719 ) Customer is running out of outbound ports on hp-ux. The system is bounded by the low port number of 1024 and the high port number of 5000. Need more ports. ( SR number: 1653229633 ) When using Service Guard in a spanning tree environment it is possible to loose the unsoliticited ARP_REQUESTS sent out when an IP address moves from interface to interface. ( SR number: 4701345082 ) If connections in TIME_WAIT reuse the same port, the socket options will get lost. PHNE_12407: ( SR number: 5003314351 ) Allow different subnets for IP aliases. ( SR number: 1653163436 ) TCP client is connected to itself hangs the session. ( SR number: 1653204198 ) Additional urgent byte may be sent in AF_INET/STREAM socket if send buffer is much larger than 64K bytes. ( SR number: 1653214981 ) The problem is that ip_output is using the PMTU from the dynamic route, but TCP is not, resulting in fragmentation and sub-optimal behavior. ( SR number: 5003366898 ) Whenever the PMTU value is changed, the remote system starts logging TCP checksum errors and existing connections time out. ( SR number: 1653221549 ) The catalyst 5000's system does not reply HP-UX ARP request. ( SR number: 4701362756 ) poll() is not supported on 800 H/W ( SR number: 4701363333 ) The problem reported by the customer is that they are seeing their nfs deamons hang. The nfsd's are hanging because they sleep until the driver or other lower layer has released the memory for the packet that was sent down. This memory is not being freed. Hence the hang. PHNE_11530: ( SR number: 5003320655 ) HP 9000/UX BSD ARP implementation causes caching of the least optimal path to a remote host on a Token Ring network among multiple possible paths through various source routing bridges. This is true for both outbound and inbound ARP This is true for both outbound and inbound ARP resolution cases. In the case of outbound ARP resolution, after HP 9000/UX issues an ARP broadcast request to a remote host which results in multiple requests reaching to that host, it begins to receive multiple responses, and for each such response it overwrites the cache data for that host. This results in the cache having the longest path corresponding to the last response received. Similarly, in the case of inbound ARP resolution, HP 9000/UX receives multiple ARP requests over multiple paths, and with each request it updates its cache with the path over which that request was received. This results in the cache finally containing the path over which the last request was received which may be the longest path in most cases. ( SR number: 5003355875 ) In 10.X TCPMSS does not behave the same way as in 9.X even when PMTU is disabled. ( SR not found ) System hang caused by memory leak due to failed setsockopt(2) calls. ( SR number: 5003372144 ) A system panic was caused by null pointer derefenence during a bind(2) system call. PHNE_9106: ( SR not found ) This fix allows to tune the tcp hash table size. ( SR number: 5003345207 ) An application binding to a multicast address does not receive packets sent to that multicast address. ( SR number: 1653192054 ) IBM RS/6000 systems reject our arp request. ( SR number: 1653198069 ) System hangs during shutdown in sbdrop. ( SR number: 5003352872 ) Network hangs because Stream Scheduler is looping on processor 0. ( SR not found ) IP directed broadcast forwarding is not supported. PHNE_9098: ( SR number: 5000710814 ) An ENXIO error is presently passed from the transport layer up to the application error as a "hard", or irrecoverable error. It is left up to the application to decide how to handle this situation. This is incorrect, because ENXIO is generated by the driver(s) in situations which *may* be recoverable, such as the imfamous 82596 LAN chip error. The user will see applications fail with a connection failure error which may be accompanied by a log message from the driver indicating that some sort of hardware error has occurred. ( SR number: 4701313866 ) Bug in source code. Found through code examination. Works accidentally. ( SR not found ) In 10.20, in threaded environment, Unp_externalize() can no longer depend on file descriptor state being the same because another thread of the same process can change things. ( SR number: 5003316810 ) System hang and network congestion. ( SR number: 5003318543 ) Memory leak when IPPROTO_TCP setsockopt() done on closed socket. ( SR not found ) netstat improperly displays the interface field for clan0. ( SR not found ) Add protocol switch entries for Raptor. ( SR number: 1653175810 ) icpm packet rerouting to 255.255.255.255 causes system hang on UP and panic on MP. ( SR not found ) For a SYN, when the socket is not found in the listen queue, we search the whole list. This takes too long. It causes performance degradation in netscape. (e.g.The above may happen when a service not started). ( SR number: 1653176644 ) Panic calling audit_send_dgram (). ( SR number: 5003327973 ) Data was put in the socket buffer before calling tcp to send it out. If tcp gets an error from the interface which may be transient, tcp returns the error to the application. If the application attempts to resend the data instead of exiting, a potential data corruption situation can occur. ( SR number: 5003326199 ) K400; 10.01; running ServiceGuard. System panics with doing a ping to a floating ip address of a package that is being shutdown. ( SR not found ) The code does not ensure that there is always space left for '\0' for the case when unit number > 9. ( SR not found ) The default for listen queue has been increased from 20 to 4K. ( SR not found ) max value of 20 for listen queue is inadequte for a number of applications. ( SR not found ) In tcp_close, we tie up the locks too long since we do a forward search to determine whether an inpcb belong to the hash list or not. ( SR not found ) Using Fibre Channel driver, with Service Guard caused a memory leak resultin in a hang. ( SR number: 4701333427 ) Possible panic in tcp_ctloutput() due to inproper locking and unlocking of inp. ( SR number: 5000716316 ) System hung when doing a second connect() on the same socket. ( SR number: 1653182782 ) Fast retransmission not activated after three duplicate ACK if window scaling is on (RFC 1323). ( SR number: 4701335596 ) A syn attack can result in Denial Of Service (DOS) to legitimate users. ( SR number: 1653184861 ) Customers in 9.x can tune sb_max, but cannot do it in 10.x. ( SR not found ) IPTOS_PREC_ROUTINE was defined as 0x10. That means the LOW DELAY bit in the type of service field is also set. This makes it difficult to assign "Routine" precedence with "Normal delay". ( SR number: 4701339044 ) Panic in sounlock. ( SR number: 1653189852 ) Directed Broadcast to a different network fails. ( SR number: 5003345215 ) Multicast addresses don't transfer over to the new interface during switchover. PHNE_9036: ( SR number: 5003342071 ) ping can cause panic. SR: 5000710814 4701313866 5003316810 5003318543 5003320655 1653175810 5003314351 1653176644 5003327973 5003326199 4701333427 5000716316 1653182782 1653163436 4701335596 1653184861 5003342071 4701339044 1653189852 5003345215 5003345207 1653192054 1653198069 5003352872 4701345082 5003355875 1653204198 4701350173 1653214981 5003366906 5003372144 5003366898 5003361691 1653221549 5003379529 4701362756 4701363333 1653227116 5003384719 1653229633 1653232538 1653234245 4701371914 1653239764 5003401802 5003408328 5003402677 Patch Files: /usr/conf/lib/libinet.a(udp_usrreq.o) /usr/conf/lib/libinet.a(tcp_usrreq.o) /usr/conf/lib/libinet.a(tcp_timer.o) /usr/conf/lib/libinet.a(tcp_subr.o) /usr/conf/lib/libinet.a(tcp_output.o) /usr/conf/lib/libinet.a(tcp_input.o) /usr/conf/lib/libhp-ux.a(nm_tune.o) /usr/conf/lib/libinet.a(ip_output.o) /usr/conf/lib/libinet.a(ip_input.o) /usr/conf/lib/libinet.a(ip_icmp.o) /usr/conf/lib/libinet.a(in_proto.o) /usr/conf/lib/libinet.a(in_pcb.o) /usr/conf/lib/libinet.a(in.o) /usr/conf/lib/libinet.a(if_ether.o) /usr/conf/lib/libnet.a(route.o) /usr/conf/lib/libuipc.a(netisr.o) /usr/conf/lib/libhp-ux.a(dgram_aud.o) /usr/conf/lib/libuipc.a(sys_socket.o) /usr/conf/lib/libuipc.a(uipc_socket2.o) /usr/conf/lib/libuipc.a(uipc_usrreq.o) /usr/conf/lib/libuipc.a(uipc_socket.o) /usr/conf/lib/libuipc.a(uipc_syscall.o) /usr/conf/lib/libtpiso.a(xtiso.o) what(1) Output: /usr/conf/lib/libinet.a(udp_usrreq.o): PHNE_14504 udp_usrreq.c $Revision: 1.8.112.11 $ $Dat e: 98/02/20 10:51:54 $ /usr/conf/lib/libinet.a(tcp_usrreq.o): PHNE_14504 tcp_usrreq.c $Revision: 1.10.112.11 $ $Da te: 98/01/12 18:24:30 $ /usr/conf/lib/libinet.a(tcp_timer.o): PHNE_14504 tcp_timer.c $Revision: 1.8.112.4 $ /usr/conf/lib/libinet.a(tcp_subr.o): PHNE_14504 tcp_subr.c $Revision: 1.8.112.10 $ $Date: 97/12/02 08:07:47 $ /usr/conf/lib/libinet.a(tcp_output.o): PHNE_14504 tcp_output.c $Revision: 1.6.112.5 $ $Date : 97/08/05 18:02:43 $ /usr/conf/lib/libinet.a(tcp_input.o): PHNE_14504 tcp_input.c $Revision: 1.11.112.20 $ $Dat e: 97/12/08 10:38:26 $ /usr/conf/lib/libhp-ux.a(nm_tune.o): PHNE_14504 nm_tune.c $Revision: 1.3.112.8 $ /usr/conf/lib/libinet.a(ip_output.o): PHNE_14504 ip_output.c $Revision: 1.7.112.6 $ $Date: 96/11/05 15:13:12 $ /usr/conf/lib/libinet.a(ip_input.o): PHNE_14504 ip_input.c $Revision: 1.8.112.10 $ $Date: 97/10/24 12:08:39 $ /usr/conf/lib/libinet.a(ip_icmp.o): PHNE_14504 ip_icmp.c $Revision: 1.9.112.5 $ /usr/conf/lib/libinet.a(in_proto.o): PHNE_14504 in_proto.c $Revision: 1.4.112.4 $ $Date: 96/08/19 18:40:49 $ /usr/conf/lib/libinet.a(in_pcb.o): PHNE_14504 in_pcb.c $Revision: 1.10.112.9 $ $Date: 9 7/09/19 15:06:35 $ /usr/conf/lib/libinet.a(in.o): PHNE_14504 in.c $Revision: 1.9.112.13 $ $Date: 97/11 /19 10:25:46 $ /usr/conf/lib/libinet.a(if_ether.o): PHNE_14504 if_ether.c $Revision: 1.10.112.14 $ /usr/conf/lib/libnet.a(route.o): PHNE_14504 route.c $Revision: 1.8.112.8 $ /usr/conf/lib/libuipc.a(netisr.o): PHNE_14504 netisr.c $Revision: 1.12.112.8 $ /usr/conf/lib/libhp-ux.a(dgram_aud.o): PHNE_14504 dgram_aud.c $Revision: 1.3.112.2 $ $Date: 96/08/02 20:37:56 $ /usr/conf/lib/libuipc.a(sys_socket.o): PHNE_14504 sys_socket.c $Revision: 1.7.112.4 $ /usr/conf/lib/libuipc.a(uipc_socket2.o): PHNE_14504 uipc_socket2.c $Revision: 1.10.112.8 $ $D ate: 96/12/16 18:32:48 $ /usr/conf/lib/libuipc.a(uipc_usrreq.o): PHNE_14504 uipc_usrreq.c $Revision: 1.8.112.6 $ /usr/conf/lib/libuipc.a(uipc_socket.o): PHNE_14504 uipc_socket.c $Revision: 1.11.112.12 $ $D ate: 97/12/08 16:47:30 $ /usr/conf/lib/libuipc.a(uipc_syscall.o): PHNE_14504 uipc_syscall.c $Revision: 1.10.112.4 $ $D ate: 96/12/16 10:45:36 $ /usr/conf/lib/libtpiso.a(xtiso.o): PHNE_14504 xtiso.c $Revision: 1.4.112.6 $ $Date: 97/ 01/28 17:34:36 $ cksum(1) Output: 4056387834 15256 /usr/conf/lib/libinet.a(udp_usrreq.o) 1116356401 11776 /usr/conf/lib/libinet.a(tcp_usrreq.o) 539725119 13352 /usr/conf/lib/libinet.a(tcp_timer.o) 4009418834 10952 /usr/conf/lib/libinet.a(tcp_subr.o) 2042242727 7520 /usr/conf/lib/libinet.a(tcp_output.o) 3818116056 21336 /usr/conf/lib/libinet.a(tcp_input.o) 3472505775 9880 /usr/conf/lib/libhp-ux.a(nm_tune.o) 81037245 12424 /usr/conf/lib/libinet.a(ip_output.o) 1938961453 17588 /usr/conf/lib/libinet.a(ip_input.o) 3218472839 7344 /usr/conf/lib/libinet.a(ip_icmp.o) 1702011506 3188 /usr/conf/lib/libinet.a(in_proto.o) 1197796398 16404 /usr/conf/lib/libinet.a(in_pcb.o) 3119281078 16364 /usr/conf/lib/libinet.a(in.o) 3885384014 47392 /usr/conf/lib/libinet.a(if_ether.o) 1643543376 17908 /usr/conf/lib/libnet.a(route.o) 2742594751 8892 /usr/conf/lib/libuipc.a(netisr.o) 998479832 2504 /usr/conf/lib/libhp-ux.a(dgram_aud.o) 2938806309 4184 /usr/conf/lib/libuipc.a(sys_socket.o) 678700174 21456 /usr/conf/lib/libuipc.a(uipc_socket2.o) 1866585241 13004 /usr/conf/lib/libuipc.a(uipc_usrreq.o) 4015980778 21020 /usr/conf/lib/libuipc.a(uipc_socket.o) 348833725 17108 /usr/conf/lib/libuipc.a(uipc_syscall.o) 1163018262 60068 /usr/conf/lib/libtpiso.a(xtiso.o) Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_9036 PHNE_9098 PHNE_9106 PHNE_11530 PHNE_12407 PHNE_13245 PHNE_13289 PHNE_13469 Equivalent Patches: None Patch Package Size: 450 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_14504 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_14504.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_14504.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_14504. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_14504.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_14504.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None