Patch Name: PHNE_19937 Patch Description: s700 10.20 cumulative ARPA Transport patch Creation Date: 99/09/20 Post Date: 99/09/22 Repost: 00/09/28 A problem has been discovered in superseding patch PHNE_20832 that can cause a system memory shortage and consequest system hang. The problem only exists with uniprocessor systems. PHNE_19937 does not exhibit this same problem and is being re-released until a replacement patch is available. Hardware Platforms - OS Releases: s700: 10.20 Products: N/A Filesets: OS-Core.CORE-KRN Networking.NET-KRN Automatic Reboot?: Yes Status: General Superseded Critical: Yes PHNE_19937: PANIC PHNE_19117: PANIC PHNE_17731: PANIC PHNE_17096: PANIC PHNE_16237: PANIC PHNE_15581: PANIC PHNE_14916: PANIC PHNE_14504: PANIC PHNE_13469: PANIC PHNE_13289: PANIC PHNE_13245: PANIC PHNE_12407: PANIC PHNE_11530: PANIC PHNE_9106: PANIC PHNE_9098: PANIC PHNE_9036: PANIC Path Name: /hp-ux_patches/s700/10.X/PHNE_19937 Symptoms: PHNE_19937: This patch replaces PHNE_19117 See Defect Description PHNE_19117: See Defect Description PHNE_17731: See Defect Description PHNE_17096: See Defect Description PHNE_16237: See Defect Description PHNE_15581: See Defect Description PHNE_14916: See Defect Description PHNE_14504: See Defect Description PHNE_13469: See Defect Description PHNE_13289: See Defect Description PHNE_13245: See Defect Description PHNE_12407: See Defect Description PHNE_11530: See Defect Description PHNE_9106: See Defect Description PHNE_9098: See Defect Description PHNE_9036: See Defect Description Defect Description: PHNE_19937: ( SR number: 8606104868 ; DTS number: JAGab72621 ) Some raw ip packets cause panic as follows: panic+0x10 report_trap_or_int_and_panic+0xe8 trap+0xa48 $call_trap+0x20 bcopy_gr_method+0x12c m_copydata+0xf0 vtlan1_send_pkt+0x4e8 vtlan1_ac_output+0x324 unicast_ippkt+0xe0 arp_resolve+0x28c lanc_if_output+0xc8 ip_output+0x7a8 rip_output+0x120 raw_usrreq+0x220 sosend+0x6e4 sendit+0x268 sendto+0x5c syscall+0x1a4 $syscallrtn+0x0 Resolution: The problem is due to the overflowing of ip_len field in the IP header. Appropriate bound check is introduced in rip_output() and ip_insertoptions() to handle this. ( SR number: 8606104929 ; DTS number: JAGab72707 ) Bind does not allow to bind to a broadcast address. Resolution: Removed the condition which checks for binding to a broadcast address. PHNE_19117: ( SR not found ; DTS number: JAGaa26562 ) ioctl(FIOGETOWN) is not supported for sockets. Thus, we expect errno to be set to EOPNOTSUPP. This is true (or it should be) when ioctl(FIOGETOWN) is called after calling bind or connect. However, when ioctl(FIOGETOWN) is called before calling bind or connect, errno is set to EADDRNOTAVAIL. This is unexpected. Resolution: Modified code to return EOPNOTSUPP as error when ioctl commands not supported by the sockets. ( SR not found ; DTS number: JAGaa26658 ) in_notify_delete_ifaddr calls NET_SPLNET() instead of NET_SPLX(). Resolution: The fix replaces NET_SPLX() instead of NET_SPLNET() ( SR not found ; DTS number: JAGaa26659 ) HP-UX is not restricting access to the SIOCSWITCHIFADDR ioctl to processes whose effective user ID is root. Resolution: Added superuser check. ( SR not found ; DTS number: JAGaa26667 ) TCP/UDP sockets can bind to the broadcast address of the interface and manage to send packets out with broadcast address as the source IP address of the packet, which does not comply with RFC1122. Resolution: Binding the socket with the broadcast address of the interface is avoided to comply with RFC1122. ( SR not found ; DTS number: JAGaa26671 ) Nettune does not allow tuning of udp send and receive socket buffer sizes. Resolution: added tunable control for udp_send and udp_receive. ( SR number: 5003278374 ; DTS number: JAGaa26675 ) HP-UX does not stop sending arp messages out of an interface that has been disabled via ifconfig. Resolution: Arp messages are not sent out of an interface that is down. ( SR not found ; DTS number: JAGaa26682 ) If ifconfig fails while setting one bit subnet mask, the interface is left in IP-up state, and the IP address is 0.0.0.0. Resolution: Failure in ifconfig while setting one bit subnet mask, will never leave the interface in IP-up state. ( SR not found ; DTS number: JAGaa26696 ) Multicast addresses can be added into the arp cache using SIOCSARP. Resolution: Multicast addresses are prevented from having entries in the arp cache. ( SR not found ; DTS number: JAGaa26698 ) The macro IN_MASK is not defined correctly. It defaults to a class-A netmask if the specified address is neither class-B nor class-C. Resolution: Modified the macro IN_MASK to return 0,if the specified addr is not in CLASS A, B or C networks. ( SR not found ; DTS number: JAGaa26715 ) sbwait is called inconsistently with one or two arguments. Resolution: The small performance cost in passing the 2nd arg in sbwait() has been removed. ( SR not found ; DTS number: JAGaa26767 ) IP fragmentation timeout is not compliant to RFC-1122. Resolution: Modified the macro IPFRAGTTL in ip_input.c to make it RFC-1122 compliant. ( SR number: 1653228965 ; DTS number: JAGaa26833 ) The default socket buffer size for UNIX domain stream sockets is not compliant with the unix(7p) manpage. Resolution: Modified the default socket buffer size in compliance with the unix(7p) manpage. ( SR number: 5003350629 ; DTS number: JAGaa26904 ) SIOCGIFCONF does not return all interfaces if exact length is passed. Resolution: The boundary condition has been properly checked to fix the defect. ( SR not found ; DTS number: JAGaa27012 ) ARP in HPUX is not replying correctly to the host, who is using same ip address of this machine. Resolution: Fixed an error in a bcopy and duplicate ip sender was responded to. ( SR not found ; DTS number: JAGaa27013 ) arp takes improper input if m_len is negative Resolution: Type mismatch was found as the cause and fixed. ( SR number: 1653231001 ; DTS number: JAGaa27146 ) HP-UX allows invalid netmasks to be set through the ioctl SIOCSIFNETMASK. Resolution: Introduced a check to avoid initialization of netmask to all 1's or a non-contiguous netmask. ( SR number: 5003439067 ; DTS number: JAGaa41264 ) HPUX goes into an endless loop sometimes when an attempt is made to close down a socket that is listening for connections. This problem will show up more easily when the tcp_keepstart value is tuned to a sufficiently low number. Resolution: The memory leak causing endless loop has been fixed. ( SR number: 1653275693 ; DTS number: JAGaa41744 ) NFS client hangs at clntkudp_callit(). Resolution: The hang happening in the interrupt timeout routines has been resolved. ( SR number: 5003441188 ; DTS number: JAGaa43526 ) HP-UX has problems allocating TCP source port numbers. Resolution: The algorithm to allocate port numbers was changed. ( SR number: 5003452474 ; DTS number: JAGaa93168 ) HP-UX gets into an infinite loop when a socket is closed abortively and will freeze a uniprocessor machine. Resolution: The hang happening during flushing the socket buffers has been fixed. ( SR number: 1653307215 ; DTS number: JAGab24836 ) In 10.20, the slow start algorithm starts off with a congestion window of one in contrast to a congestion window of two in 11.x. Resolution: The initial conjestion window used in slow-start algorithm has been made configurable. ( SR not found ; DTS number: JAGab25321 ) The panic happened with the following stack trace: q4> trace event 0 stack trace for event 0 crash event was a panic panic+0x10 report_trap_or_int_and_panic+0xe8 trap+0xa48 $call_trap+0x20 rt_pmtu_timer_this+0x180 rn_walktree+0x88 rt_pmtu_timer+0x34 net_callout+0x84 netisr_netisr+0x1bc netisr_daemon+0x68 main+0x920 $vstart+0x34 $locore+0x74 Resolution: The race condition leading to the panic has been fixed. PHNE_17731: ( SR not found ; DTS number: JAGaa26722 ) if an application passes a local sockaddr_in structure to the bind system call without clearing the uninitialized parts, then bind will sometimes fail. ( SR not found ; DTS number: JAGaa26762 ) ntimo_init() is being called twice during boot-time initialization. ( SR number: 5003382861 ; DTS number: JAGaa26905 ) None of the arp cache entries are absolutely permanent.Even the permanent entries get modified if the ARP code notices a different MAC address. ( SR number: 4701413534 ; DTS number: JAGaa27038 ) Implicit UDP connect results in using port number zero, when all the dynamic ports are in use. ( SR number: 5003406975 ; DTS number: JAGaa27184 ) Connection is never terminated by hpux if it the remote side is no longer accesible, e.g. PC client is powred off. ( SR not found ; DTS number: JAGaa27216 ) Potential race between systems during a connect can hang the systems or make them very slow. ( SR number: 5003443655 ; DTS number: JAGaa44124 ) The number of outstanding xti connection indications can exceed the backlog limit set by an application thus causing the the library to fail a t_listen() with the TQFULL error. ( SR number: 1653286641 ; DTS number: JAGaa44778 ) HP-UX is not returning the correct error when recvmsg runs out of file descriptors(when rights are received) ( SR number: 5003425660 ; DTS number: JAGaa45145 ) sendto() for a multicast datagram fails with ENETUNREACH if the default route is not specified , even when the multicast interface has been provided. ( SR number: 1653248880 ; DTS number: INDaa29722 ) Panic caused with the following stack when the customer tried to delete an interface. panic() report_trap_or_int_and_panic() trap() $RDB_trap_patch() sounlock() in_notify_delete_ifaddr() in_siocdelifaddr() in_control() udp_usrreq() ifioctl() soo_ioctl() ioctl() syscall() $syscallrtn ( SR number: 1653205393 ; DTS number: JAGaa26791 ) Syslog filling up with duplicate IP address 0.0.0.0 with messages on the console ARP packet duplicate IP address: 0.0.0.0 from 0020-afc9-d660 ARP packet duplicate IP address: 0.0.0.0 from 00a0-24f0-2766 PHNE_17096: ( SR number: 1653174441 ; DTS number: INDaa25119 ) nettune does not support the configuration of tcp_fin_wait_timer. ( SR number: 5003366849 ; DTS number: INDaa27541 ) PMTU is not being resized when clients are attaching to the secondary address. ( SR number: 5003430827 ; DTS number: INDaa31460 ) Panic in nmget_tcpCurrEstab(), with the stack traces of the events(0&1) as follows stack trace for event 0 crash event was a panic panic+0x10 report_trap_or_int_and_panic+0xe8 $call_trap+0x20 nmget_tcpCurrEstab+0x38 nmget_tcp+0x354 nmget+0x6c nm_ioctl+0x54 spec_ioctl+0xd4 vno_ioctl+0x98 ioctl+0x444 syscall+0x1a4 $syscallrtn+0x0 stack trace for event 1 crash event was a TOC wait_for_lock_spinner+0x2d4 wait_for_lock_4way+0x2c slu_retry+0x18 in_pcbbind+0x58 tcp_usrreq+0xb48 sobind+0x6c bind+0x6c syscall+0x1a4 $syscallrtn+0x0 ( SR number: 5003433490 ; DTS number: INDaa31638 ) System may panic with the following stack; panic+0x0010 report_trap_or_int_and_panic+0x008c trap+0x072c $thndlr_rtn+0x0000 sounlock+0x00ac ckuwakeup+0x004c net_callout+0x0078 netisr_netisr+0x01ac netisr_daemon+0x0118 main+0x0900 $ vstart+0x003d ( SR not found ; DTS number: JAGaa26869 ) MP systems sometimes panic with the following stack on receiving an ICMP_REDIRECT: in_pcbfree mp_in_pcbnotify in_pcbnotify tcp_ctlinput pfctlinput icmp_input ipintr netisr_netisr. ( SR not found ; DTS number: JAGaa27023 ) TCP/UDP send and receive buffers cannot be set to SB_MAX. ( SR number: 5003421560 ; DTS number: JAGaa27114 ) In sendmsg(), if the data size specified is larger than the send buffer size with the rights specified, there is a data loss. ( SR number: 4701404590 ; DTS number: JAGaa41628 ) When a dynamic host route is added by the OS then it panics sometimes if the socket that is using that route is terminated. ( SR not found ; DTS number: JAGaa41637 ) There is no way currently to retrieve the IP type of service value stored in the IP packet that contains the SYN at connection time. ( SR number: 5003443713 ; DTS number: JAGaa44208 ) A number of tcp connections are stuck in TIME_WAIT state and never get cleaned up because the value of tcp_keepstart is tuned to 5 seconds. ( SR number: 1653286146 ; DTS number: JAGaa44500 ) HP-UX panics intermittently with the following panic string: "panic: sbdrop". PHNE_16237: ( SR not found ; DTS number: INDaa22630 ) An error "Invalid argument" returned from setsockopt(): rc = setsockopt(tp->task_socket, level, opt, ptr, len) with the parms: tp->task_socket = 12; level = IPPROTO_IP; ==> 0 opt = IP_RECVDSTADDR; ==> 4103 len = 4; The socket() call parms are socket(domain, type, proto) where domain = AF_INET, type = SOCK _DGRAM, proto = 0 ( SR number: 5003396937 ; DTS number: INDaa29248 ) nettune does not support disabling of IP Directed broadcast forwarding. ( SR number: 5003423665 ; DTS number: INDaa30931 ) After an IP packet with source route or record route options is received, the system may panic in wait_for_lock_spinner() called from ip_rtaddr(), ip_output(), or elsewhere. ( SR number: 5003429464 ; DTS number: INDaa31420 ) The system panics with one of the two stacks (listed below) while running with AF_UNIX sockets. Either: panic() m_free() m_freem() uipc_usrreq() soo_stat() fstat_common() fstat() syscall() $syscallrtn() or: sounlock() mp_socket_unlock() uipc_usrreq() sosend() sendit() sendto() syscall() $syscallrtn() PHNE_15581: ( SR number: 5003417410 ; DTS number: INDaa30415 ) IP multicasting does not work in a SG environment after a local network interface switch. ( SR number: 5003417477 ; DTS number: INDaa30445 ) Network may hang indefinitely when ARP interrupt queue is full. When it happens, the netisr may be idle and yet the ARP input interrupt queue is also full. ( SR number: 5003418228 ; DTS number: INDaa30448 ) The UDP checksum may not be set on outgoing IP multicast datagrams. This may happen if the IP_MULTICAST_IF socket option has been used to set an outgoing interface which does not support the checksum-offload (CKO) feature, and the datagram would have otherwise been sent out an interface which does support CKO. PHNE_14916: ( SR number: 5003294777 ; DTS number: INDaa23011 ) netstat -m occasionally reports unbelievable statistics, e.g.: "4294967270 mapped pages in use" ( SR not found ; DTS number: INDaa30014 ) HP-UX does not have token ring multicast support for drivers that support multicasting. ( SR number: 5003409268 ; DTS number: INDaa30038 ) UDP datagrams are occasionally being dropped on MP machines running 10.20. An inbound UDP packet which is sent to a valid local port results in the system returning an ICMP_UNREACH_PORT ICMP message. This occurs when the system is sending a UDP packet from the local port at the same time that the inbound packet arrives. ( SR number: 5003411926 ; DTS number: INDaa30157 ) A panic can occur in sounlock() because of a race between two processes trying to access the same AF_UNIX socket. The stack trace is: sounlock unp_connect uipc_usrreq soconnect connect syscall PHNE_14504: ( SR number: 1653232538 ; DTS number: INDaa28825 ) udp_usrreq cause system panic ( SR number: 4701371914 ; DTS number: INDaa28993 ) HP-UX does not have support for a socket API interface to get the TCP state. ( SR number: 5003401802 ; DTS number: INDaa29743 ) Bad mbuf offset alignment causes Data memory protection fault panic in icmp_error(). Stack Trace : ----------- Data memory protection fault panic+0x10 report_trap_or_int_and_panic+0xe8 interrupt+0x458 $ihndlr_rtn+0x0 icmp_error+0x244 ip_dooptions+0x260 ipintr+0xc2c netisr_netisr+0x208 netisr+0x28 inttr_emulate_save_fpu+0xf0 ni_write+0x364 spec_rdwr+0x69c vno_rw+0xb8 rwuio+0xc4 writev+0xb0 syscall+0x1a4 ( SR number: 5003408328 ; DTS number: INDaa29959 ) A system that has packets coming in on one interface type (i.e. Ethernet) and going out on another interface type (i.e. FDDI) can panic with a message of "m_free: freeing free mbuf". The stack trace is: panic+0x10 m_free+0x28 m_freem_train+0x1c unicast_ippkt+0x71c arp_resolve+0x288 lanc_if_output+0x48 ip_output+0x60c udp_output+0x1f8 ku_sendto_mbuf+0x8c svckudp_send+0x158 svc_sendreply+0x5c svckudp_send+0x158 svc_sendreply+0x5c PHNE_13469: ( SR number: 5003366906 ; DTS number: INDaa27509 ) Netstat -m displays an incorrect number of socket structures. ( SR number: 1653234245 ; DTS number: INDaa28951 ) When Service Guard requests a switch between two interfaces and the TARGET is not available, the ifnet structures may become corrupted. The system will crash when these structures are used later. ( SR number: 1653239764 ; DTS number: INDaa29253 ) If there is at least one IP packet on the ipintrq, one processor on an MP machine will do nothing but run netisr. Networking may be slow or appear to not work at all. The same problem causes single-processor machines to appear to be hung, but the machines will respond to ping. Netstat will show at least one SYN_RCVD socket where the local and remote addresses and ports are the same. PHNE_13289: ( SR number: 1653227116 ; DTS number: INDaa28439 ) The TCP retransmission timer range is not tuneable. PHNE_13245: ( SR number: 4701350173 ; DTS number: INDaa26913 ) The system panics during start-up due to a lack of defensive checks in IP interrupt processing. ( SR number: 5003361691 ; DTS number: INDaa27808 ) Nettune cannot tune sb_max. ( SR number: 5003379529 ; DTS number: INDaa27952 ) A customer wants to have more available IP addresses than what RFC 1122 will allow. ( SR number: 5003384719 ; DTS number: INDaa28504 ) A customer is running out of outbound ports, since the system is bounded by the port numbers 1024 to 5000. ( SR number: 1653229633 ; DTS number: INDaa28537 ) When using Service Guard in a spanning tree environment it is possible to lose the unsoliticited ARP_REQUESTS sent out when an IP address moves from one interface to another. ( SR number: 4701345082 ; DTS number: INDaa26302 ) If connections in TIME_WAIT reuse the same port, the socket options will get lost. PHNE_12407: ( SR number: 5003314351 ; DTS number: INDaa24634 ) HP-UX does not allow different subnets for IP aliases. ( SR number: 1653163436 ; DTS number: INDaa25115 ) A TCP client that is connected to itself will hang the session. ( SR number: 1653204198 ; DTS number: INDaa26665 ) An additional urgent byte could be sent in an AF_INET/STREAM socket if the send buffer is much larger than 64K bytes. ( SR number: 1653214981 ; DTS number: INDaa27440 ) ip_output() is using the PMTU from the dynamic route, but TCP is not, resulting in fragmentation and sub-optimal behavior. ( SR number: 5003366898 ; DTS number: INDaa27749 ) Whenever the PMTU value is changed, the remote system starts logging TCP checksum errors and existing connections time out. ( SR number: 1653221549 ; DTS number: INDaa27809 ) A Catalyst 5000's system does not reply to an HP-UX ARP request. ( SR number: 4701362756 ; DTS number: INDaa28061 ) poll() is not supported on series 800 machines. ( SR number: 4701363333 ; DTS number: INDaa28081 ) nfsd's are hanging because they sleep until the driver or other lower layer has released the memory for the packet that was sent down. This memory is not being freed. PHNE_11530: ( SR number: 5003320655 ; DTS number: INDaa24498 ) The HP 9000/UX BSD ARP implementation causes caching of the least optimal path to a remote host on a Token Ring network among multiple possible paths through various source routing bridges. This is true for both outbound and inbound ARP resolution cases. In the case of outbound ARP resolution, after HP 9000/UX issues an ARP broadcast request to a remote host which results in multiple requests reaching to that host, it begins to receive multiple responses, and for each such response it overwrites the cache data for that host. This results in the cache having the longest path corresponding to the last response received. Similarly, in the case of inbound ARP resolution, HP 9000/UX receives multiple ARP requests over multiple paths, and with each request it updates its cache with the path over which that request was received. This results in the cache finally containing the path over which the last request was received which may be the longest path in most cases. ( SR number: 5003355875 ; DTS number: INDaa26445 ) In 10.X TCP MSS does not behave the same way as in 9.X even when PMTU is disabled. ( SR not found ; DTS number: INDaa27510 ) The system may hang due to a memory leak caused by failed setsockopt(2) calls. ( SR number: 5003372144 ; DTS number: INDaa27528 ) The system will panic due to a null pointer dereference during a bind(2) system call. PHNE_9106: ( SR not found ; DTS number: INDaa25576 ) HP-UX does not allow tuning of the TCP hash table size. ( SR number: 5003345207 ; DTS number: INDaa25720 ) An application that is bound to a multicast address does not receive packets sent to that multicast address. ( SR number: 1653192054 ; DTS number: INDaa25760 ) IBM RS/6000 systems reject our arp requests. ( SR number: 1653198069 ; DTS number: INDaa26155 ) The system hangs in sbdrop() during shutdown. ( SR number: 5003352872 ; DTS number: INDaa26215 ) Network hangs because Stream Scheduler is looping on processor 0. ( SR not found ; DTS number: INDaa26243 ) HP-UX does not support IP directed broadcast forwarding. PHNE_9098: ( SR number: 5000710814 ; DTS number: INDaa20102 ) An ENXIO error is presently passed from the transport layer up to the application error as a "hard", or irrecoverable error. It is left up to the application to decide how to handle this situation. This is incorrect, because ENXIO is generated by the driver(s) in situations which *may* be recoverable, such as the imfamous 82596 LAN chip error. The user will see applications fail with a connection failure error which may be accompanied by a log message from the driver indicating that some sort of hardware error has occurred. ( SR number: 4701313866 ; DTS number: INDaa22779 ) Bug in source code. Found through code examination. Works accidentally. ( SR not found ; DTS number: INDaa24148 ) In a threaded environment, unp_externalize() can no longer depend on the file descriptor state being the same because another thread of the same process can change the state. ( SR number: 5003316810 ; DTS number: INDaa24262 ) System hang and network congestion. ( SR number: 5003318543 ; DTS number: INDaa24355 ) A memory leak occurs when an IPPROTO_TCP setsockopt() is done on a closed socket. ( SR not found ; DTS number: INDaa24426 ) netstat improperly displays the interface field for clan0. ( SR not found ; DTS number: INDaa24561 ) HP-UX does not have protocol switch entries for Raptor. ( SR number: 1653175810 ; DTS number: INDaa24600 ) ICMP packets sent to 255.255.255.255 cause system hangs on UP machines and a panic on MP machines. ( SR not found ; DTS number: INDaa24633 ) For a SYN, when the socket is not found in the listen queue, we search the whole list. This takes too long. It causes performance degradation in netscape. The above may happen when a service is not started. ( SR number: 1653176644 ; DTS number: INDaa24653 ) A panic occurs when we call audit_send_dgram (). ( SR number: 5003327973 ; DTS number: INDaa24727 ) Data is put in the socket buffer before calling TCP to send it out. If TCP gets an error from the interface (which may be transient), TCP returns the error to the application. If the application attempts to resend the data instead of exiting, potential data corruption can occur. ( SR number: 5003326199 ; DTS number: INDaa24752 ) A K400 system running ServiceGuard on 10.01 panics when pinging a floating ip address of a package that is being shutdown. ( SR not found ; DTS number: INDaa24826 ) The code does not ensure that there is always space left for '\0' for the case when an interface's unit number > 9. ( SR not found ; DTS number: INDaa24843 The default for a listen() queue has been increased from 20 to 4K. ( SR not found ; DTS number: INDaa24847 ) The maximum value of 20 for a listen() queue is inadequate for many applications. ( SR not found ; DTS number: INDaa24859 ) In tcp_close, we tie up the locks too long since we do a forward search to determine whether an inpcb belong to the hash list or not. ( SR not found ; DTS number: INDaa24936 ) Using a Fibre Channel driver with Service Guard causes a memory leak resulting in a hang. ( SR number: 4701333427 ; DTS number: INDaa24947 ) tcp_ctloutput() may cause a panic due to inproper locking and unlocking of inp. ( SR number: 5000716316 ; DTS number: INDaa25002 ) The system will hang when a second connect() is called on the same socket. ( SR number: 1653182782 ; DTS number: INDaa25005 ) Fast retransmission is not activated after three duplicate ACKs if window scaling is on (RFC 1323). ( SR number: 4701335596 ; DTS number: INDaa25125 ) A syn attack can result in Denial Of Service (DOS) to legitimate users. ( SR number: 1653184861 ; DTS number: INDaa25164 ) Customers in 9.x can tune sb_max, but cannot do it in 10.x. ( SR not found ; DTS number: INDaa25166 ) IPTOS_PREC_ROUTINE was defined as 0x10. That means the LOW DELAY bit in the type of service field is also set. This makes it difficult to assign "Routine" precedence with "Normal delay". ( SR number: 4701339044 ; DTS number: INDaa25467 ) A panic will occur in sounlock() when an application forks off multiple processes that call accept() on the same socket. ( SR number: 1653189852 ; DTS number: INDaa25498 ) A directed broadcast to a different network fails. ( SR number: 5003345215 ; DTS number: INDaa25698 ) Multicast addresses don't transfer over to the new interface during switchover. PHNE_9036: ( SR number: 5003342071 ; DTS number: INDaa25456 ) ping with illegal packets can cause panic. SR: 5000710814 4701313866 5003294777 5003316810 5003318543 5003320655 1653175810 5003314351 1653176644 5003327973 5003326199 4701333427 5000716316 1653182782 1653163436 1653174441 4701335596 1653184861 5003342071 4701339044 1653189852 5003345215 5003345207 1653192054 1653198069 5003352872 4701345082 5003355875 1653204198 4701350173 1653214981 5003366906 5003372144 5003366849 5003366898 5003361691 1653221549 5003379529 4701362756 4701363333 1653227116 5003384719 1653229633 1653232538 1653234245 4701371914 5003396937 1653239764 1653248880 5003401802 5003408328 5003409268 5003411926 5003417410 5003417477 5003418228 5003423665 5003429464 5003430827 5003433490 5003278374 1653205393 1653228965 5003350629 5003382861 4701413534 5003421560 1653231001 5003406975 5003439067 4701404590 1653275693 5003441188 5003443655 5003443713 1653286146 1653286641 5003425660 5003452474 1653307215 8606104929 8606104868 Patch Files: /usr/conf/lib/libinet.a(udp_usrreq.o) /usr/conf/lib/libinet.a(tcp_usrreq.o) /usr/conf/lib/libinet.a(tcp_timer.o) /usr/conf/lib/libinet.a(tcp_subr.o) /usr/conf/lib/libinet.a(tcp_output.o) /usr/conf/lib/libinet.a(tcp_input.o) /usr/conf/lib/libinet.a(raw_ip.o) /usr/conf/lib/libhp-ux.a(nm_tune.o) /usr/conf/lib/libinet.a(nm_tcp.o) /usr/conf/lib/libinet.a(ip_output.o) /usr/conf/lib/libinet.a(ip_mroute.o) /usr/conf/lib/libinet.a(ip_input.o) /usr/conf/lib/libinet.a(ip_icmp.o) /usr/conf/lib/libinet.a(in_proto.o) /usr/conf/lib/libinet.a(in_pcb.o) /usr/conf/lib/libinet.a(in.o) /usr/conf/lib/libinet.a(if_ether.o) /usr/conf/lib/libnet.a(route.o) /usr/conf/lib/libuipc.a(netisr.o) /usr/conf/lib/libnet.a(if_ni.o) /usr/conf/lib/libnet.a(if.o) /usr/conf/lib/libhp-ux.a(dgram_aud.o) /usr/conf/lib/libuipc.a(sys_socket.o) /usr/conf/lib/libuipc.a(uipc_init.o) /usr/conf/lib/libuipc.a(uipc_socket2.o) /usr/conf/lib/libuipc.a(uipc_usrreq.o) /usr/conf/lib/libhp-ux.a(uipc_mbuf.o) /usr/conf/lib/libuipc.a(uipc_socket.o) /usr/conf/lib/libuipc.a(uipc_syscall.o) /usr/conf/lib/libtpiso.a(xtiso.o) what(1) Output: /usr/conf/lib/libinet.a(udp_usrreq.o): PHNE_19937 udp_usrreq.c $Revision: 1.8.112.12 $ $Da te: 98/03/17 18:21:37 $ /usr/conf/lib/libinet.a(tcp_usrreq.o): PHNE_19937 tcp_usrreq.c $Revision: 1.10.112.11 $ $D ate: 98/01/12 18:24:30 $ /usr/conf/lib/libinet.a(tcp_timer.o): PHNE_19937 tcp_timer.c $Revision: 1.8.112.6 $ /usr/conf/lib/libinet.a(tcp_subr.o): PHNE_19937 tcp_subr.c $Revision: 1.8.112.11 $ $Date : 99/07/04 23:05:45 $ /usr/conf/lib/libinet.a(tcp_output.o): PHNE_19937 tcp_output.c $Revision: 1.6.112.6 $ $Dat e: 99/02/14 23:09:25 $ /usr/conf/lib/libinet.a(tcp_input.o): PHNE_19937 tcp_input.c $Revision: 1.11.112.23 $ $Da te: 99/07/04 22:53:44 $ /usr/conf/lib/libinet.a(raw_ip.o): PHNE_19937 raw_ip.c $Revision: 1.5.112.2 $ /usr/conf/lib/libhp-ux.a(nm_tune.o): PHNE_19937 nm_tune.c $Revision: 1.3.112.12 $ /usr/conf/lib/libinet.a(nm_tcp.o): PHNE_19937 nm_tcp.c $Revision: 1.4.112.2 $ /usr/conf/lib/libinet.a(ip_output.o): PHNE_19937 ip_output.c $Revision: 1.7.112.8 $ $Date : 99/09/15 23:41:34 $ /usr/conf/lib/libinet.a(ip_mroute.o): PHNE_19937 ip_mroute.c $Revision: 1.3.112.3 $ IPM3. 3 /usr/conf/lib/libinet.a(ip_input.o): PHNE_19937 ip_input.c $Revision: 1.8.112.12 $ $Date : 99/03/08 03:56:53 $ /usr/conf/lib/libinet.a(ip_icmp.o): PHNE_19937 ip_icmp.c $Revision: 1.9.112.5 $ /usr/conf/lib/libinet.a(in_proto.o): PHNE_19937 in_proto.c $Revision: 1.4.112.4 $ $Date: 96/08/19 18:40:49 $ /usr/conf/lib/libinet.a(in_pcb.o): PHNE_19937 in_pcb.c $Revision: 1.10.112.18 $ $Date: 99/08/31 01:33:14 $ /usr/conf/lib/libinet.a(in.o): PHNE_19937 in.c $Revision: 1.9.112.23 $ $Date: 99/0 4/20 22:31:16 $ /usr/conf/lib/libinet.a(if_ether.o): PHNE_19937 if_ether.c $Revision: 1.10.112.22 $ /usr/conf/lib/libnet.a(route.o): PHNE_19937 route.c $Revision: 1.8.112.11 $ /usr/conf/lib/libuipc.a(netisr.o): PHNE_19937 netisr.c $Revision: 1.12.112.11 $ /usr/conf/lib/libnet.a(if_ni.o): PHNE_19937 if_ni.c $Revision: 1.8.112.3 $ $Date: 98 /03/27 11:50:24 $ /usr/conf/lib/libnet.a(if.o): PHNE_19937 if.c $Revision: 1.7.112.3 $ /usr/conf/lib/libhp-ux.a(dgram_aud.o): PHNE_19937 dgram_aud.c $Revision: 1.3.112.2 $ $Date : 96/08/02 20:37:56 $ /usr/conf/lib/libuipc.a(sys_socket.o): PHNE_19937 sys_socket.c $Revision: 1.7.112.4 $ /usr/conf/lib/libuipc.a(uipc_init.o): FILESET BSDIPC-SOCKET: lib uipc: Version: A.10.00 PHNE_19937 uipc_init.c $Date: 98/04/07 22:39:36 $ $ Revision: 1.7.112.2 $ /usr/conf/lib/libuipc.a(uipc_socket2.o): PHNE_19937 uipc_socket2.c $Revision: 1.10.112.14 $ $Date: 99/03/23 00:42:50 $ /usr/conf/lib/libuipc.a(uipc_usrreq.o): PHNE_19937 uipc_usrreq.c $Revision: 1.8.112.11 $ /usr/conf/lib/libhp-ux.a(uipc_mbuf.o): PHNE_19937 uipc_mbuf.c $Revision: 1.9.112.5 $ $Date : 98/03/27 12:57:17 $ /usr/conf/lib/libuipc.a(uipc_socket.o): PHNE_19937 uipc_socket.c $Revision: 1.11.112.15 $ $ Date: 98/12/13 20:30:26 $ /usr/conf/lib/libuipc.a(uipc_syscall.o): PHNE_19937 uipc_syscall.c $Revision: 1.10.112.4 $ $ Date: 96/12/16 10:45:36 $ /usr/conf/lib/libtpiso.a(xtiso.o): PHNE_19937 xtiso.c $Revision: 1.4.112.7 $ $Date: 99 /02/21 22:45:54 $ cksum(1) Output: 269022645 15232 /usr/conf/lib/libinet.a(udp_usrreq.o) 2312593986 11776 /usr/conf/lib/libinet.a(tcp_usrreq.o) 3683078859 13300 /usr/conf/lib/libinet.a(tcp_timer.o) 763094167 11016 /usr/conf/lib/libinet.a(tcp_subr.o) 3453448939 7576 /usr/conf/lib/libinet.a(tcp_output.o) 947498699 21544 /usr/conf/lib/libinet.a(tcp_input.o) 70784795 3556 /usr/conf/lib/libinet.a(raw_ip.o) 3397717475 10224 /usr/conf/lib/libhp-ux.a(nm_tune.o) 386227038 4372 /usr/conf/lib/libinet.a(nm_tcp.o) 1348356726 12476 /usr/conf/lib/libinet.a(ip_output.o) 931582300 21020 /usr/conf/lib/libinet.a(ip_mroute.o) 3996677328 17620 /usr/conf/lib/libinet.a(ip_input.o) 2456830096 7344 /usr/conf/lib/libinet.a(ip_icmp.o) 841526862 3192 /usr/conf/lib/libinet.a(in_proto.o) 3894076684 17656 /usr/conf/lib/libinet.a(in_pcb.o) 100453324 18212 /usr/conf/lib/libinet.a(in.o) 1653864221 48028 /usr/conf/lib/libinet.a(if_ether.o) 3022712420 18132 /usr/conf/lib/libnet.a(route.o) 2707109367 9000 /usr/conf/lib/libuipc.a(netisr.o) 614208087 10504 /usr/conf/lib/libnet.a(if_ni.o) 2352083450 7468 /usr/conf/lib/libnet.a(if.o) 2571876144 2504 /usr/conf/lib/libhp-ux.a(dgram_aud.o) 543536996 4196 /usr/conf/lib/libuipc.a(sys_socket.o) 4197014603 4404 /usr/conf/lib/libuipc.a(uipc_init.o) 1605141630 21708 /usr/conf/lib/libuipc.a(uipc_socket2.o) 3843618546 13480 /usr/conf/lib/libuipc.a(uipc_usrreq.o) 2957393674 12692 /usr/conf/lib/libhp-ux.a(uipc_mbuf.o) 1003360707 21300 /usr/conf/lib/libuipc.a(uipc_socket.o) 2026765486 17108 /usr/conf/lib/libuipc.a(uipc_syscall.o) 1451391028 60120 /usr/conf/lib/libtpiso.a(xtiso.o) Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_9036 PHNE_9098 PHNE_9106 PHNE_11530 PHNE_12407 PHNE_13245 PHNE_13289 PHNE_13469 PHNE_14504 PHNE_14916 PHNE_15581 PHNE_16237 PHNE_17096 PHNE_17731 PHNE_19117 Equivalent Patches: None Patch Package Size: 530 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_19937 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_19937.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_19937. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_19937.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_19937.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None