Patch Name: PHNE_17375 Patch Description: s700 10.10 OTS/9000 C.06.00 Cumulative Mega Patch Creation Date: 98/04/22 Post Date: 99/06/01 Hardware Platforms - OS Releases: s700: 10.10 Products: OTS/9000 C.06.00 Filesets: OTS9000.APLI-PRG,C.06.00 OTS9000.OTS-KRN,C.06.00 OTS9000.OTS-MAN,C.06.00 OTS9000.OTS-RUN,C.06.00 OTS9000.ROSE-PRG,C.06.00 OTS9000.OTS-SES-PRG,C.06.00 OTS9000.XAP-PRG,C.06.00 Automatic Reboot?: Yes Status: General Release Critical: Yes PHNE_17375: PANIC HANG PHNE_15921: PANIC HANG CORRUPTION MEMORY_LEAK PHNE_11064: PANIC MEMORY_LEAK PHNE_7406: PANIC PHNE_6725: PANIC Path Name: /hp-ux_patches/s700/10.X/PHNE_17375 Symptoms: PHNE_17375: 1. otsdeles unable to delete entry in ots_dests when using lower/uppercase 2. APLI header files missing for acc or C++. 3. OTS: otsamd daemon dies causing OTS to stop working. 4. OTS code looping due to negative spinlock_depth causes system hang. 5. otsstart fails when using double digit instance number for lan card 6. Wrong error message by osiconfchk. 7. otsshowis hang or incomplete output 8. Error freeing multi-RCI entries 9. Error sending ESH after lan switchover 10. osiconfchk reports warnings about programmatic access names with ACC/X25 11. Random panic in the function GetCUD() 12. Delayed rejection of x25 con-rq with an invalid CONS NSAP. 13. osi_get_prim()/osi_get_event() does not return proper registration id or connection id when called with regid and conid parameters set to 0. (regid parameter applicable only for osi_get_event() call). The session application could dump core if subsequent session calls are made after this since the conid or regid would not be valid. 14. OTS behaviour with non-ISO8878 configuration needs to be documented. 15. System crashes with OsiChkCtx() always showing up in the stack trace. 16. XAP demo responder3 core dumps in 10.10 17. When no_of_connections is exceeded, ses_connect_id is looping. 18. osiping (1M) man page is incomplete. PHNE_15921: 1. Starting empty TCP/IP connections on Socket 102 hangs RFC1006/OTS. No further incoming connections are accepted. 2. OTS panics when an indefinite length presentation PDU is sent. 3. APLI memory leak with OVDM 4.21. When running mp_assoc_requests to a non-existent NSAP in an infinite loop, the OTS layer leaks memory till the system eventually runs out of it. 4. osiformat dumps core when formatting certain traces. 5. The commands otsaddis, otsaddroute, and otsdelroute do not work. 6. Data corruption and occasional system panic while operating in MSDSG mode. 7. osipdufmt/osiformat should also suppress ISH packets. 8. osipdufmt does not format CLNS/X.25 PDUs properly. 9. otsdeles hangs due to infinite loop in awk script. 10. i) The attribute AP_PCDL is not settable in the AP_UNBOUND state. ii) When you try to ap_bind() using an invalid NSAP, the program dumps core. 11. osipdufmt does not interpret X.25 nettl traces properly. 12. osiconf will not allow preferred multiplexing class to be set to 3. 13. A TP3 CR could be interpreted as TP2 with flow control. 14. Incorrect reason code for T-DISCONNECT-Ind. 15. OTS binds to the wrong PID with 1980 X.25 and no ISO8878. 16. APLI applications fail when an AP_CNTX_NAME of 13 or 14 characters is used. 17. Hang in otsshowes command. 18. ap_rcv() returns wrong data when receiving a large ROSE PDU resulting in a corrupted PDU. 19. otsshowes does not display NSAPs whose lengths equal 17 or 18 octets. 20. Panic in prctr42() when receiving a badly encoded echo request PDU. 21. Panic in Osxrlsrv() due to NULL q_ptr. 22. Customer would like to determine X.121 address via Session API. 23. Applications fail with snet_bind_by_pid=0 and NULL subaddress. 24. OTS needs to support 100BaseT cards. 25. Problems with otslogd. PHNE_11878: 1. The command "otsstart -i" does not work from /etc/rc.config.d/ots. 2. A subsequence number is sent out in a TP3 CR TPDU. This is a TP3 specification violation. 3. osipdufmt reports "Unknown TP option" for the parameter code 8B when formatting TP3 CR TPDUs. 4. ED/EA-TPDU is not being sent in extended format though extended format is negotiated. PHNE_11064: 1. Memory leak occurs when an application registers and deregisters using Session API's by calling osi_rgr_rq() and osi_drg_rq() in a loop continuously. 2. PHNE_8828 prevents incoming Streams X.25 OTS calls. 3. On receiving NULL data packets, the system panics. 4. 'otsdeles' does not handle alternate physical addresses properly. 5. If 'otsamd' dies, then at the first attempt to send out an RFC 1006 PDU, the system crashes. 6. The date field in osidiag when the tracing is enabled, depends on the assumption of the date field being less than the year 2000. This assumption is no longer valid as one hits the century mark. 7. System panics if the following are true: 1. Running TP3 2. OTS is rejecting a connection confirmation 3. The flag tpcons_propose_ext_fmt in ots_parms is set to 0(default). 8. ap_rcv() causes APRI application to core dump when APRI tracing is enabled. PHNE_8828: 1. Osiconf will not allow preferred multiplexing class to be set to 3. 2. Shell scripts rely on transition links in 10.X releases of OTS. 3. Osiadmin coredumps (not a panic) when you exit to a shell and return. 4. OTS - osiconf does not allow RFC1006 to be configured on some interfaces. 5. OSIDIAG allows for testing of 2 of the 5 supported LAN cards status. 6. osipdufmt -r does not put any timestamps into the formatted output, and it only formats RFC1006 PDUs. It is desirable to have other PDUs formatted as well. 7. OTS ESH packets are not sent out according to snet_esh_ctimer. If snet_esh_ctimer < 10, then ESHs are sent every 10 seconds, and it seems to use 10 second increments. 8. OTS APLI problem with encoding of CPR-PPDU - invalid PCDRL. 9. OTS could not make connection to a remote node through X.25 when the X.25 subnet was configured to use 1980 standards with a NULL subaddress and snet_bind_by_pid was set to one. 10. When OTS is configured over RK6, the IP address supplied by the application in osi_rgr_rq() is not transmitted to the peer. 11. There's an invalid TPDU number when the tpcons_propose_ext_fmt parameter is set to 1. 12. OTS does not conform to INTAP standards - ASN.1 TLV NULL values. 13. OTS returns OPI_ERR(0x8422) instead of ESPABID(0x1407) when an invalid NSAP address is used. 14. SESSION API, osi_rgr_rq() with no_of_connections parameter set to a value greater than 1024 returns osierrno : OSIEBADRNG. 15. OTS sends ESH out on the wrong lan card. 16. A TP3 CR could be interpreted as TP2 with flow control. PHNE_8223: 1. Additional Functionality: TP3 over CONS is added to OTS. 2. The retransmission timer doesn't work as expected. 3. System panicked when it was idling. Panic message: Data page fault 4. System panicked when a FTAM connection is being established. Panic message: INTERNAL ERROR: Illegal RCI operation 5. MSDSG doesn't work. 6. ots_get_layer_stats does not return 0 when successful. 7 a) osipdufmt doesn't handle -l option correctly. b) osipdufmt doesn't handle pdus across multiple X.25 packets c) odipdufmt doesn't format RFC1006 traces. 8. a) With multiple X.25 cards configured, no LAN; all cards in both CLNS and CONS subnets and any card's, other than the first's, X.121 address in the ots_dests file, a loopback(transport) test after doing an x25init of all cards will cause a system panic. b) With a single X.25 card configured in a CLNS subnet and no LAN subnet configured, the CLNS X.25 subnet will not work. One will not be able to make connections or transfer data. A simple loopback(transport) test will fail. PHNE_7782: 1. Additional Functionality: As an enhancement to OTS it now supports configuration of alternate physical addresses in dest entries associated with CONS/X.25 subnetworks. This is provided via dest_alt_phys_address lines in ots_dests. It is also supported via -a options in the otsaddes command. Otsdeles and otsshowes were also changed to support the alternate physical address functionality. Additionally the parameter snet_ises in the ots_subnets file can now be set to a value of 0. This is for FDDI and LAN. With it set to 0 no end system hellos will be generated. PHNE_7406: 1. The files OTSconfigSAP and OTSconfigSBN in /var/opt/ots are created by otsstart with global write permission. 2. The commands otsaddis, otsaddroute, and otsdelroute return the k-shell error ksh: syntax error: `else' unexpected 3. If B.10.10.09 version of X.25 is installed with OTS on an MP system then panics will occur. 4. On MP systems using RFC1006 data may be sent out of order, which manifests itself as data corruption PHNE_6725: 1. If CLNP is configured using NULL subset (subset 0), then there will be data corruption. 2. A user application using the ROSE API core-dumps if a NULL ubuf->buf pointer is used on a reject reply. 3. Session api demo program will not run over lan. Problem only shows up when rfc1006 is not configured. When you run the client demo program you will see errors osi_get_event: receives unexpected message 1407 Client: abnormal termination, exit code = -999 4. User application making a call to ap_snd() will hang. If APRI tracing is turned on, user will find that ai_putmsg() is looping. 5. In an MSDSG configuration NODE(A) <----> NODE(B) <---> NODE(C) Where: NODE(A) is configured as LAN only NODE(B) is configured as an MSDSG relay node and is configured both for X.25 CONS and LAN. NODE(C) is configured for X.25 CONS. When NODE(A) initiates a connection with NODE(C) via MSDSG on NODE(B), sometimes NODE(B) will panic when the connection disconnects. Apparently this problem is limited to situations where NODE(B) is running High Perf X.25. It doesn't seem to happen with Classic X.25. 6. User sees files with names of the form Saannnnn accumulate in /usr/spool/sockets/osi. Where: aa is a string of two alphabetic characters which may be either upper or lower case. nnnnn is a process id number. These files are created by FTAM. 7. OTS osipdufmt does not interpret X.25 nettl traces, no output is generated. 8. A kernel panic happens when no OTS subnets are configured and the user runs otsaddnsap. 9. OTS osidiag "WAN X.25 Tests" display inappropriate NSAP information. When "Connect" is selected, the test displays "x25_calling_nsap" and "x25_called_nsap" values which were choosen by osidiag, but are unlikely to be used in the test. The NSAPs should be set by the user when a "ISO 8878 Encoding" test is run. 10. A ROSE application which calls ap_rcv could go into an infinite loop. 11. Session connection rejects occur if remote vendors protocol supplies a TSDU Max Size other then NULL in the connection accept packet. 12. A ROSE application which sends data larger than 65500 bytes will get truncated packets on the receiving side. 13. In osidiag, "Status" test fails under FTAM tests. 14. A ROSE application will core-dump if a NULL ubuf pointer is used on a ROSE API call. 15. The system may hang for 30+ seconds, when using the FTAM responder accessing OTS via the XTI t_bind call with qlen greater than 8196. 16. OTS panics when FTAM attempts to open a connection. The panic occurs only when one or more CONS/X.25 subnets are configured, no LAN or CLNS/X.25 subnets are configured, the remote ftam responder is configured in remote_app, and the remote NSAP is not configured in ots_dests. The panic occurs in ERcMultiFail as a "Data page fault". 17. Additional feature: APIs for adding, deleting dynamic NSAPs and listing all NSAPs for a particular network service. These are otsaddnsap, otsdelnsap and otsshownsaps. These APIs provide the same functionality as the scripts otsaddnsap, otsdelnsap, and otsshownsaps. These routines are provided in libotsadm.a and libotsadm.sl A new header file, otsadmin.h, is also being supplied with this API. The man pages for these APIs are in the section 3 of the OTS manpages. Defect Description: PHNE_17375: 1.The problem was due to the fact that the hexadecimal value given for NSAPs was being treated in a case-sensitive manner while updating the ots_dests file. Resolution: The code was modified to treat the NSAPs in a case- insensitive manner. 2.Missing function prototypes for APLI and ROSE APIs cause errors in ANSI C and ACC compilers. Resolution: The function prototypes were added to the header files. 3.The non-availability of X.25 level 3 streams in the system resulted in the failure of open() of the X.25 device by the daemon. This caused the daemon to exit. This happens only with STREAMS/X.25. Resolution: The daemon code was modified to handle the open() failure as a transient error condition. The kernel code was also modified so as to keep track of the number of successful open()'s performed by the daemon. 4.A sanity check for high processor spl level was causing infinite looping between two OTS functions resulting in a system hang. Resolution: A counter was introduced that prevents the looping from occuring beyond a specific count, allowing the system to function, even though OTS may not function normally. 5.The code assumed single digit lan interface numbers. Resolution: The code was modified to remove dependencies on number of digits in the lan interface. 6. btlan interfaces appearing in the lanscan output cause errors in string compares in osiconfchk, osidiag etc. Resolution: Code modified to remove assumptions about the lan interface names. 7.otsshowis could not handle the records that were split across multiple lines. Also a problem of not reporting the most recently updated Snpa has been fixed. Resolution: otsshowis script was modified to handle records which were split across multiple lines. otsshowes/otsshowis scripts will now always return the most recently updated Snpa for any NSAP in case there are multiple Snpa entries. 8.A bug in the procedure ERcMultiResolve() (used to remove a multi-RCI entry) leaves the routing cache structures in an inconsistent state. Resolution: Fix involves changing for loop to dynamically check for rccb->rccb_equiv instead of the variable rccb_root. 9.In the event of a LAN card switchover, OTS searches for the interface on which the ESH has to be broadcast. A bug in the search algorithm results in either no ESH being broadcast or multiple ESHs going out on the same interface. Resolution: Fix involves correcting the for loop to increment latp after every iteration. 10.OTS was capable of working only with Classic X.25 and STREAMS X.25 drivers. osiconfchk would report warnings while verifying the ACC/X.25 driver configuration. Resolution: OTS has now been enhanced to work with ACC/X.25 driver as well. 11.The dereferencing of the NULL message pointer passed to the function GetCUD() caused the system to panic. GetCUD() is invoked with a NULL message pointer only in certain specific conditions with STREAMS X.25. Resolution: A check has been added in the function ignore_and_log() to test the validity of the message pointer before passing it as an argument to OTSConnectIndication(), which inturn invokes GetCUD(). 12.When snet_allow_x25_1984/88 is set to 1 on the initiator m/c and a new connection is requested with an invalid NSAP but with the correct x.121 address, there is no immediate rejection of the connection request. This problem occurs only on STREAMS/X.25. Resolution: The fix changes the way of rejecting a connection in case of the STREAMS/X.25 interface. 13.The problem was due to the registration id and connection id not being updated with the proper values before returning to the user. Resolution: The problem has now been fixed by ensuring that the registration id and connection id values are updated, before returning from the osi_get_prim() and osi_get_event() calls. 14.Behaviour of OTS in a non-ISO8878 configuration was not documented. Resolution: A document summarizing the behaviour of OTS in a non-ISO8878 configuration is now available under /opt/ots/doc. 15.The problem was due to dereferencing an invalid pointer. This happened due to the context cleanup not being complete when the context is in O_DIS state. Resolution: The problem has been fixed by ensuring that the context cleanup is complete. 16. The contents of a buffer passed to the XAP application was invalid. The application dumps core when accessing this buffer. This defect is applicable only in 10.10 Resolution: The fix is to check for the validity of the buffer before passing it to the application. 17. The problem was due to an ESCONID being sent up from the kernel, but the session library being unable to handle the same due to lack of resources. Resolution: The problem was fixed by having the library handle this situation and not allow the ESCONID to go upto the user application. 18.The man page for osiping had not been updated to document the steps required to be followed in order to use osiping. Resolution: The man page has now been updated. PHNE_15921: 1. When the TCP/IP connections were closed, the cleanup of the allocated contexts being done was inadequate. This caused subsequent incoming connections on port 102 to hang. 2. The decoding of the indefinite length presentation PDU was erroneous. This led to improper indexing into the buffers, resulting in a system panic. 3. When connecting to a non-existent RFC1006 NSAP, an error is detected, but the interaction buffers were not being released. This led to the memory leak and the subsequent hang. 4. This was due to the improper indexing into the buffer used for decoding the PDU. 5. The scripts for otsaddis, otsaddroute, and otsdelroute were missing a necessary "then" within the elif loop. 6. A missing call to create a trace header in the module tr4sub.c was resulting in memory corruption of OTS data structures. This only happened when the MSDSG relay function was operating and was associated only with disconnect processing. 7. This is an enhancement for osipdufmt/osiformat to suppress ISH packets as well as ESH packets when it is invoked with the -e option. 8. The CLNS/X.25 traces contain the CLNP header, and so the formatting must start from the Network layer. Hence, the "-t" option to osiformat in format_x25_trace function in osipdufmt script has been removed. 9. otsdeles script used to hang while processing the last ES entry, due to an infinite 'while' loop. 10. i) The sap number which was to be passed as a parameter to one of the functions invoked while setting the attribute AP_PCDL was unavailable in the AP_UNBOUND state. However, in this particular function the sap number is not being used for any processing other than printing the value of the sap number. Hence, this variable has been made settable. ii) One of the parameters to the function ai_reg_paddr() called by ap_bind() was missing. This resulted in the core dump. 11. This was due to changes made in the X.25 nettl trace format between 9.0 and 10.0. The awk script which converts X.25 nettl traces into the format expected by osiformat has been fixed. 12. The JAM screen regular expression was not updated to reflect the multiplexing class when it was set to 3. 13. Combining TRS_FLW (defined as 0x10) with TRS_CLASS2 (defined as 0x20), will conflict with newly added TRS_CLASS3 (0x30). TRS_FLW was redefined as 0x08 to avoid the conflict. 14. Reason code of 0xF9 (protocol error) was being reported when the timer for connect confirmation pops. This is fixed to return 0xF3 (invalid address/permanent transport error). 15. The problem was due to not explicitly checking for the non-availability of ISO8878 when binding to X.25 PIDs. This led OTS to bind to the wrong PID even though ISO8878 was not in use. 16. Due to a wrong check used for the objid length within APLI library, the wrong buffer was being used, leading to a badly encoded objid. This caused applications to fail. 17. The output from otsop was such that the record spilled over to a new line. The awk script failed to process this properly and went into an infinite loop causing the hang. 18. The offset into APLI's private buffer was not getting updated properly. This resulted in APLI using the wrong offset to copy data to the user buffer and thus, corrupting the PDU. The problem is seen only when using ROSE operations with indefinite length encoding for the encoded PDU. 19. The problem was again due to the awk script being unable to process records split across multiple lines. The fix for SR #1653228213 has fixed this problem also. 20. The panic was caused due to the dereferencing of a null buffer pointer. 21. The lower mux read service procedure of OTS was invoked by STREAMS when the mux was in the process of being unlinked. The q_ptr was freed during the processing of the UNLINK ioctl by OTS. The panic was due to the dereferencing of this NULL q_ptr on invocation of the service procedure during UNLINK. 22. The Session library has been modified to provide the X.121 address of the remote client to the server application, after a successful session connect indication. This enhancement is valid only when the network layer is CONS/X.25. 23. OTS did not support X.25 subnets configured with a combination of snet_bind_by_pid set to 0 and NULL subaddress. If configured in this manner, OTS would receive all incoming X.25 connect indications and would not initiate a TRANSIENT_REJECT if the connect indication was not meant for OTS. 24. This is an enhancement. Patch 'postinstall' script has been modified to support installation of OTS over all the 100BaseT interfaces. 25. Calling otslogd with incorrect options resulted in unpredictable behavior. PHNE_11878: 1. The problem was due to the adb script in otsstart. Now, the same has been replaced by otsop command. 2. The parameter code for the TTR timer sent out in the TP3 CR TPDU was wrongly encoded as 8A, while it should have been 8B. The code 8A stands for subsequence number, which is optional under TP4, but not used in TP3. 3. The changes made for fixing TP3 spec violation led to this. osiformat could not understand the parameter code 8B. So it was reporting it as "Unknown TP option". 4. In class 2, for ED/EA TPDUs, no check was being done to find whether extended format has been negotiated. This caused these TPDUs to be encoded in the normal format even though extended format was negotiated. PHNE_11064: 1. An application wishing to register itself calls osi_rgr_rq() which allocates memory. When deregistering, osi_drg_rq() is called which should deallocate the resources, but doesn't do do it. This was causing a memory leak. 2. The logic of deciding whether X.25 subnet was configured for 1984 or 1988 was defective due to which incoming Streams X.25 OTS calls weren't being routed up properly. 3. On receiving NULL data packets, an attempt is made to dereference a NULL data buffer pointer, which results in a panic. 4. The algorithm used to find the presence of 'dest_alt_phys_address' lines in an ES entry was defective due to which the otsdeles was unable to properly handle alternate physical addresses. 5. When 'otsamd', which is the controlling daemon, dies, it triggers off an unplumbing of the stream. When 'putnext' is attempted, there is an invalid Q pointer which triggers the panic. 6. The onset of the year 2000 would result in major problems with the date field and other date related impacts. If tracing is turned on when osidiag is invoked, the year field of the FORMATTER FILTER i.e. time_from