Patch Name: PHNE_20833 Patch Description: s700 10.01 cumulative ARPA Transport patch Creation Date: 00/03/08 Post Date: 00/04/18 Hardware Platforms - OS Releases: s700: 10.01 Products: N/A Filesets: OS-Core.CORE-KRN Networking.NET-KRN Networking.NET-RUN Automatic Reboot?: Yes Status: General Release Critical: Yes PHNE_20833: PANIC PHNE_18977: PANIC PHNE_16427: PANIC PHNE_13473: PANIC PHNE_12143: PANIC PHNE_9102: PANIC PHNE_9032: PANIC PHNE_8168: PANIC PHNE_7324: PANIC PHNE_6708: PANIC PHNE_6175: PANIC PHNE_6044: PANIC PHNE_5833: PANIC Path Name: /hp-ux_patches/s700/10.X/PHNE_20833 Symptoms: PHNE_20833: 1> SR#: 1653310896 ; DTS#: JAGab39908 ARP REPLY sent when ARP REQUEST has a source IP set to 0. 2> SR#: 8606104868 ; DTS#: JAGab72621 Big IP packets with source routing enabled can cause panic. 3> SR#: 8606104914 ; DTS#: JAGab72690 Unrecognised socket IOCTL request returns EOPNOTSUPP. 4> SR#: 8606104929 ; DTS#: JAGab72707 Attach to an address with all 1's in local interface's host id part returns error. PHNE_18977: This patch replaces PHNE_16427 See Defect Description PHNE_16427: See Defect Description PHNE_13473: See Defect Description PHNE_12143: See Defect Description PHNE_9102: See Defect Description PHNE_9032: See Defect Description PHNE_8168: See Defect Description PHNE_7324: See Defect Description PHNE_6708: See Defect Description PHNE_6175: See Defect Description PHNE_6044: See Defect Description PHNE_5833: See Defect Description Defect Description: PHNE_20833: 1> SR#: 1653310896 ; DTS#: JAGab39908 On an OTS installed machine when an ARP request with a source IP of 0.0.0.0 is received, the system logs a duplicate IP & responds with an unexpected ARP reply. Resolution: An ARP reply is sent only if a valid Interface address match is found. 2> SR#: 8606104868 ; DTS#: JAGab72621 Some raw ip packets cause panic as follows: panic+0x10 report_trap_or_int_and_panic+0xe8 trap+0xa48 $call_trap+0x20 bcopy_gr_method+0x12c m_copydata+0xf0 vtlan1_send_pkt+0x4e8 vtlan1_ac_output+0x324 unicast_ippkt+0xe0 arp_resolve+0x28c lanc_if_output+0xc8 ip_output+0x7a8 rip_output+0x120 raw_usrreq+0x220 sosend+0x6e4 sendit+0x268 sendto+0x5c syscall+0x1a4 $syscallrtn+0x0 Resolution: An IP packet length boundary check was introduced. 3> SR#: 8606104914 ; DTS#: JAGab72690 in_control() returns EOPNOTSUPP for driver specific ioctls. Resolution: Modified code to pass an unrecognized IOCTL request to the driver instead of returning EOPNOTSUPP. 4> SR#: 8606104929 ; DTS#: JAGab72707 SCO's VisionFS product fails with an error message "unable to assign requested address". Resolution: Modified code to attach an address which has all 1's in local interface's host id part. PHNE_18977: ( SR number: 5003366849 ; DTS number: INDaa27541 ) PMTU is not being resized when clients are attaching to the secondary address. Resolution: PMTU can now be resized for aliased addresses too. ( SR number: 5003430827 ; DTS number: INDaa31460 ) Panic in nmget_tcpCurrEstab(), with the stack traces of the events(0&1) as follows stack trace for event 0 crash event was a panic panic+0x10 report_trap_or_int_and_panic+0xe8 $call_trap+0x20 nmget_tcpCurrEstab+0x38 nmget_tcp+0x354 nmget+0x6c nm_ioctl+0x54 spec_ioctl+0xd4 vno_ioctl+0x98 ioctl+0x444 syscall+0x1a4 $syscallrtn+0x0 stack trace for event 1 crash event was a TOC wait_for_lock_spinner+0x2d4 wait_for_lock_4way+0x2c slu_retry+0x18 in_pcbbind+0x58 tcp_usrreq+0xb48 sobind+0x6c bind+0x6c syscall+0x1a4 $syscallrtn+0x0 Resolution: The race condition leading to the above panic has been fixed. ( SR not found ; DTS number: JAGaa26562 ) ioctl(FIOGETOWN) is not supported for sockets. Thus, we expect errno to be set to EOPNOTSUPP. This is true (or it should be) when ioctl(FIOGETOWN) is called after calling bind or connect. However, when ioctl(FIOGETOWN) is called before calling bind or connect, errno is set to EADDRNOTAVAIL. This is unexpected. Resolution: Modified code to return EOPNOTSUPP as error when ioctl commands not supported by the sockets. ( SR not found ; DTS number: JAGaa26644 ) There are two instances where "drop_location = 20" in tcp_input(). Resolution: Assigned an unused value for the second instance of drop_location. ( SR not found ; DTS number: JAGaa26645 ) There are two instances of "inst_tcpin_comefrom = 30" in tcp_input(). Resolution: Assigned an unused value for the second instance of inst_tcpin_comefrom. ( SR not found ; DTS number: JAGaa26648 ) NET_SPLX() is not done before return(NULL) when m_getclr() fails. Resolution: NET_SPLX is called before return in m_getclr(). ( SR not found ; DTS number: JAGaa26658 ) in_notify_delete_ifaddr calls NET_SPLNET() instead of NET_SPLX(). Resolution: The fix replaces NET_SPLX() instead of NET_SPLNET() ( SR not found ; DTS number: JAGaa26659 ) HP-UX is not restricting access to the SIOCSWITCHIFADDR ioctl to processes whose effective user ID is root. Resolution: Added superuser check. ( SR not found ; DTS number: JAGaa26667 ) TCP/UDP sockets can bind to the broadcast address of the interface and manage to send packets out with broadcast address as the source IP address of the packet, which does not comply with RFC1122. Resolution: Binding the socket with the broadcast address of the interface is avoided to comply with RFC1122. ( SR not found ; DTS number: JAGaa26671 ) Nettune does not allow tuning of udp send and receive socket buffer sizes. Resolution: added tunable control for udp_send and udp_receive. ( SR number: 5003278374 ; DTS number: JAGaa26675 ) HP-UX does not stop sending arp messages out of an interface that has been disabled via ifconfig. Resolution: Arp messages are not sent out of an interface that is down. ( SR not found ; DTS number: JAGaa26682 ) If ifconfig fails while setting one bit subnet mask, the interface is left in IP-up state, and the IP address is 0.0.0.0. Resolution: Failure in ifconfig while setting one bit subnet mask, will never leave the interface in IP-up state. ( SR not found ; DTS number: JAGaa26696 ) Multicast addresses can be added into the arp cache using SIOCSARP. Resolution: Multicast addresses are prevented from having entries in the arp cache. ( SR not found ; DTS number: JAGaa26698 ) The macro IN_MASK is not defined correctly. It defaults to a class-A netmask if the specified address is neither class-B nor class-C. Resolution: Modified the macro IN_MASK to return 0,if the specified addr is not in CLASS A, B or C networks. ( SR not found ; DTS number: JAGaa26715 ) sbwait is called inconsistently with one or two arguments. Resolution: The small performance cost in passing the 2nd arg in sbwait() has been removed. ( SR not found ; DTS number: JAGaa26722 ) bind() does not bind when structure is on local stack instead of global Resolution: Eliminated the need for applications to clear the uninitialized parts when a local sockaddr_in structure to the bind(). ( SR not found ; DTS number: JAGaa26762 ) ntimo_init() is being called twice during boot-time initialization. Resolution: Introduced a check in ntimo_init(), to avoid the initialization twice. ( SR not found ; DTS number: JAGaa26767 ) IP fragmentation timeout is not compliant to RFC-1122. Resolution: Modified the macro IPFRAGTTL to make it RFC-1122 compliant. ( SR number: 1653205393 ; DTS number: JAGaa26791 ) 9.X/10.X Syslog filling up with duplicat IP address 0.0.0.0. Resolution: Found that when a alias interface is being created and this fails an 0.0.0.0 interface was left in the interface list. This was corrected. ( SR number: 1653228965 ; DTS number: JAGaa26833 ) The default socket buffer size for UNIX domain stream sockets is not compliant with the unix(7p) manpage. Resolution: Modified the default socket buffer size in compliance with the unix(7p) manpage. ( SR not found ; DTS number: JAGaa26869 ) MP systems sometimes panic with the following stack on receiving an ICMP_REDIRECT: in_pcbfree mp_in_pcbnotify in_pcbnotify tcp_ctlinput pfctlinput icmp_input ipintr netisr_netisr. Resolution: Modified code in mp_in_pcbnotify() to unlock the socket after INPCBRC_UNREF. ( SR number: 5003350629 ; DTS number: JAGaa26904 ) SIOCGIFCONF does not return all interfaces if exact length is passed. Resolution: The boundary condition has been properly checked to fix the defect. ( SR number: 5003382861 ; DTS number: JAGaa26905 ) None of the arp cache entries are absolutely permanent.Even the permanent entries get modified if the ARP code notices a different MAC address. Resolution: Enhanced arp to add immutable ARP cache entries which never gets changed dynamically. ( SR not found ; DTS number: JAGaa27013 ) arp takes improper input if m_len is negative Resolution: Typecasted the unsigned return type to integer. ( SR not found ; DTS number: JAGaa27023 ) TCP/UDP send and receive buffers cannot be set to SB_MAX. Resolution: Modified sbreserve() and sbreserve2() to allow the networking buffers to be set to the SB_MAX value as stated by the man pages. ( SR number: 4701413534 ; DTS number: JAGaa27038 ) Implicit UDP connect results in using port number zero, when all the dynamic ports are in use. Resolution: Modified code to return an error instead of using port number zero on implicit UDP connect()'s, when all the dynamic ports are in use. ( SR not found ; DTS number: JAGaa27101 ) Network hangs when arp queue is full Resolution: To avoid a network hang, schedule a netisr() when the arp queue is full. ( SR number: 5003421560 ; DTS number: JAGaa27114 ) In sendmsg(), if the data size specified is larger than the send buffer size with the rights specified, there is a data loss. Resolution: sendmsg() is made to return an EMSGSIZE error when the data size is larger than send buffer size with the rights specified. ( SR number: 1653231001 ; DTS number: JAGaa27146 ) HP-UX allows invalid netmasks to be set through the ioctl SIOCSIFNETMASK. Resolution: Introduced a check to avoid initialization of netmask to all 1's or a non-contiguous netmask. ( SR number: 5003439067 ; DTS number: JAGaa41264 ) HPUX goes into an endless loop sometimes when an attempt is made to close down a socket that is listening for connections. This problem will show up more easily when the tcp_keepstart value is tuned to a sufficiently low number. Resolution: The memory leak causing endless loop has been fixed. ( SR number: 4701404590 ; DTS number: JAGaa41628 ) When a dynamic host route is added by the OS then it panics sometimes if the socket that is using that route is terminated. Resolution: The race condition between in_pcbfree and rt_pmtu_timer_this has been fixed. ( SR number: 5003443655 ; DTS number: JAGaa44124 ) The number of outstanding xti connection indications can exceed the backlog limit set by an application thus causing the tli library to fail a t_listen() with the TQFULL error. Resolution: The fix is to force xtiso to send only a fixed amount (equal to backlog) of outstanding connection indications upstream. ( SR number: 5003443713 ; DTS number: JAGaa44208 ) A number of tcp connections are stuck in TIME_WAIT state and never get cleaned up because the value of tcp_keepstart is tuned to 5 seconds. Resolution: The minimum value of tcp_keep_idle should be TIMQLEN * 2 and modified code to limit tcp_keepstart to 8 seconds. ( SR number: 1653286146 ; DTS number: JAGaa44500 ) HP-UX panics intermittently with the following panic string: "panic: sbdrop". Resolution: Fixed the code to avoid panic when the socket buffer counts are awry and the socket is being closed. ( SR number: 1653286641 ; DTS number: JAGaa44778 ) HP-UX is not returning the correct error when recvmsg runs out of file descriptors(when rights are received) Resolution: unp_externalize now returns the error returned by ufalloc(). ( SR number: 5003425660 ; DTS number: JAGaa45145 ) sendto() for a multicast datagram fails with ENETUNREACH if the default route is not specified , even when the multicast interface has been provided. Resolution: Modified code in ip_output() to search an interface to be used for a multicast datagram only if it is not specified. ( SR number: 1653287524 ; DTS number: JAGaa45294 ) Route lock is not released causing the system to panic with a stack that looks partially like the one below: panic() wait_for_lock_spinner() wait_for_lock_4way() sl_retry() in_pcbconnect2() in_pcbconnect_nolock() udp_usrreq() sosend() sendit() sendto() syscall() Resolution: The ROUTE_LOCK is released before returning from ip_rtaddr(). ( SR number: 5003452474 ; DTS number: JAGaa93168 ) HP-UX gets into an infinite loop when a socket is closed abortively and will freeze a uniprocessor machine. Resolution: The hang happening during flushing the socket buffers has been fixed. ( SR number: 1653307215 ; DTS number: JAGab24836 ) In 10.20, the slow start algorithm starts off with a congestion window of one in contrast to a congestion window of two in 11.x. Resolution: The initial conjestion window used in slow-start algorithm has been made configurable. ( SR not found ; DTS number: JAGab25321 ) The panic happened with the following stack trace: q4> trace event 0 stack trace for event 0 crash event was a panic panic+0x10 report_trap_or_int_and_panic+0xe8 trap+0xa48 $call_trap+0x20 rt_pmtu_timer_this+0x180 rn_walktree+0x88 rt_pmtu_timer+0x34 net_callout+0x84 netisr_netisr+0x1bc netisr_daemon+0x68 main+0x920 $vstart+0x34 $locore+0x74 Resolution: The race condition leading to the panic has been fixed. PHNE_16427: ( SR not found ; DTS number: INDaa22630 ) An error "Invalid argument" returned from setsockopt(): rc = setsockopt(tp->task_socket, level, opt, ptr, len) with the parms: tp->task_socket = 12; level = IPPROTO_IP; ==> 0 opt = IP_RECVDSTADDR; ==> 4103 len = 4; The socket() call parms are socket(domain, type, proto) where domain = AF_INET, type = SOCK _DGRAM, proto = 0 ( SR number: 5003294777 ; DTS number: INDaa23011 ) Customer sees the values of netstat -m at unbelievable levels. 4294967270 mapped pages in use ( SR number: 1653174441 ; DTS number: INDaa25119 ) nettune does not support the configuration of tcp_fin_wait_timer. ( SR number: 4701371914 ; DTS number: INDaa28993 ) Enhancement request of API : use getsockopt to get TCP state. ( SR number: 5003396937 ; DTS number: INDaa29248 ) nettune does not support disabling of IP Directed broadcast forwarding. ( SR number: 5003401802 ; DTS number: INDaa29743 ) Bad mbuf offset alignment causes Data memory protection fault panic in icmp_error(). Stack Trace : ----------- Data memory protection fault panic+0x10 report_trap_or_int_and_panic+0xe8 interrupt+0x458 $ihndlr_rtn+0x0 icmp_error+0x244 ip_dooptions+0x260 ipintr+0xc2c netisr_netisr+0x208 netisr+0x28 inttr_emulate_save_fpu+0xf0 ni_write+0x364 spec_rdwr+0x69c vno_rw+0xb8 rwuio+0xc4 writev+0xb0 syscall+0x1a4 ( SR number: 5003429464 ; DTS number: INDaa31420 ) The system panics with one of the two stacks (listed below) while running with AF_UNIX sockets. Either: panic() m_free() m_freem() uipc_usrreq() soo_stat() fstat_common() fstat() syscall() $syscallrtn() or: sounlock() mp_socket_unlock() uipc_usrreq() sosend() sendit() sendto() syscall() $syscallrtn() ( SR number: 5003433490 ; DTS number: INDaa31638 ) System may panic with the following stack; panic+0x0010 report_trap_or_int_and_panic+0x008c trap+0x072c $thndlr_rtn+0x0000 sounlock+0x00ac ckuwakeup+0x004c net_callout+0x0078 netisr_netisr+0x01ac netisr_daemon+0x0118 main+0x0900 $ vstart+0x003d PHNE_13473: ( SR number: 1653163436 ; DTS number: INDaa25115 ) TCP client is connected to itself hangs the session. ( SR number: 1653204198 ; DTS number: INDaa26665 ) Additional urgent byte may be sent in AF_INET/STREAM socket if send buffer is much larger than 64K bytes. ( SR number: 4701350173 ; DTS number: INDaa26913 ) System panic during start-up, due to lack of defensive check in IP interrupt processing. ( SR number: 5003366906 ; DTS number: INDaa27509 ) Netstat -m display incorrect socket structure count. ( SR number: 5003361691 ; DTS number: INDaa27808 ) Nettune can not tune sb_max. ( SR number: 1653221549 ; DTS number: INDaa27809 ) The catalyst 5000's system does not reply HP-UX ARP request. ( SR number: 5003379529 ; DTS number: INDaa27952 ) Customer wants to have more IP addresses available than what RFC 1122 will allow. ( SR number: 4701363333 ; DTS number: INDaa28081 ) The problem reported by the customer is that they are seeing their nfs deamons hang. The nfsd's are hanging because they sleep until the driver or other lower layer has released the memory for the packet that was sent down. This memory is not being freed. Hence the hang. ( SR number: 5003384719 ; DTS number: INDaa28504 ) Customer is running out of outbound ports on hp-ux. The system is bounded by the low port number of 1024 and the high port number of 5000. Need more ports. ( SR number: 1653234245 ; DTS number: INDaa28951 ) When Service Guard requests a switch between two interfaces and the TARGET is not available then the ifnet structures get corrupted. Later when these are used the system will crash. ( SR number: 1653239764 ; DTS number: INDaa29253 ) If the system is a single processor machine they may see it hang. It will still respond to "ping" but the console and all other activity will stop. If the system is a multiprocessor machine the customer may see that one processor is 100% busy running netisr. The rest of the system will be working OK with the exception of the one processor being out of the picture. Networking may be slow or not working at all. Netstat will show one of this systems IP addresses connected to itsself along with the local and remote port being the same. The state of the socket will be SYN_RCVD. PHNE_12143: ( SR number: 5003345207 ; DTS number: INDaa25720 ) An application binding to a multicast address does not receive packets sent to that multicast address. ( SR number: 1653192054 ; DTS number: INDaa25760 ) IBM RS/6000 systems reject our arp request. ( SR number: 1653198069 ; DTS number: INDaa26155 ) System hangs during shutdown in sbdrop. ( SR number: 5003352872 ; DTS number: INDaa26215 ) Network hangs because Stream Scheduler is looping on processor 0. ( SR not found ; DTS number: INDaa26243 ) IP directed broadcast forwarding is not supported. ( SR number: 5003355875 ; DTS number: INDaa26445 ) In 10.X TCPMSS does not behave the same way as in 9.X even when PMTU is disabled. ( SR number: 1653214981 ; DTS number: INDaa27440 ) The problem is that ip_output is using the PMTU from the dynamic route, but TCP is not, resulting in fragmentation and sub-optimal behavior. ( SR number: 5003372144 ; DTS number: INDaa27528 ) A system panic was caused by null pointer derefenence during a bind(2) system call. ( SR number: 5003366898 ; DTS number: INDaa27749 ) Whenever the PMTU value is changed, the remote system starts logging TCP checksum errors and existing connections time out. PHNE_9102: ( SR number: 5003327973 ; DTS number: INDaa24727 ) Data was put in the socket buffer before calling tcp to send it out. If tcp gets an error from the interface which may be transient, tcp returns the error to the application. If the application attempts to resend the data instead of exiting, a potential data corruption situation can occur. ( SR not found ; DTS number: INDaa24843 ) The default for listen queue has been increased from 20 to 4K. ( SR number: 5000716316 ; DTS number: INDaa25002 ) System hung when doing a second connect() on the same socket. ( SR number: 1653182782 ; DTS number: INDaa25005 ) Fast retransmission not activated after three duplicate ACK if window scaling is on (RFC 1323). ( SR number: 4701335596 ; DTS number: INDaa25125 ) A syn attack can result in Denial Of Service (DOS) to legitimate users. ( SR number: 1653184861 ; DTS number: INDaa25164 ) Customers in 9.x can tune sb_max, but cannot do it in 10.x. ( SR number: 4701339044 ; DTS number: INDaa25467 ) Panic in sounlock. ( SR number: 5003345215 ; DTS number: INDaa25698 ) Multicast addresses don't transfer over to the new interface during switchover. PHNE_9032: ( SR number: 5003342071 ; DTS number: INDaa25456 ) ping can cause panic. PHNE_8168: ( SR number: 5000710814 ; DTS number: INDaa20102 ) An ENXIO error is presently passed from the transport layer up to the application error as a "hard", or irrecoverable error. It is left up to the application to decide how to handle this situation. This is incorrect, because ENXIO is generated by the driver(s) in situations which *may* be recoverable, such as the imfamous 82596 LAN chip error. The user will see applications fail with a connection failure error which may be accompanied by a log message from the driver indicating that some sort of hardware error has occurred. ( SR number: 4701295527 ; DTS number: INDaa21296 ) ENXIO bubbled upto application causing it to abort abnormally. ( SR number: 4701313866 ; DTS number: INDaa22779 ) Bug in source code. Found through code examination. Works accidentally. ( SR number: 5003315358 ; DTS number: INDaa24234 ) There is a panic which can occur when receiving IP multicast packets on an MP system. ( SR number: 5003316810 ; DTS number: INDaa24262 ) System hang and network congestion. ( SR number: 5003318543 ; DTS number: INDaa24355 ) Memory leak when IPPROTO_TCP setsockopt() done on clsed socket. ( SR not found ; DTS number: INDaa24390 ) data memory protection fault panic in whohas_snap8025 ( SR not found ; DTS number: INDaa24426 ) netstat improperly displays the interface field for clan0. ( SR number: 1653175810 ; DTS number: INDaa24600 ) icpm packet rerouting to 255.255.255.255 causes system hang on UP and panic on MP. ( SR not found ; DTS number: INDaa24633 ) For a SYN, when the socket is not found in the listen queue, we search the whole list. This takes too long. It causes performance degradation in netscape. (e.g.The above may happen when a service not started). ( SR number: 1653176644 ; DTS number: INDaa24653 ) Panic calling audit_send_dgram (). ( SR number: 5003326199 ; DTS number: INDaa24752 ) K400; 10.01; running ServiceGuard. System panics with doing a ping to a floating ip address of a package that is being shutdown. ( SR not found ; DTS number: INDaa24826 ) The code does not ensure that there is always space left for '\0' for the case when unit number > 9. ( SR not found ; DTS number: INDaa24847 ) max value of 20 for listen queue is inadequte for a number of applications. ( SR number: 4701333427 ; DTS number: INDaa24947 ) Possible panic in tcp_ctloutput() due to inproper locking and unlocking of inp. PHNE_7324: ( SR number: 4701313304 ; DTS number: INDaa23143 ) The current code allows one to create an arp entry on a poinnt to point interface. When the time expires on this entry,an attempt is made to build a packet by calling a procedure whose pointer should be in the arpcom table. In the point to point case, that pointer is NULL which causes a panic. ( SR number: 1653157289 ; DTS number: INDaa23255 ) The problem is that a t_snddis() call (using XTI) can fail with EADDRINUSE for no apparent reason. ( SR number: 4701314807 ; DTS number: INDaa23375 ) The problem is that an XTI application can cause a system panic with "panic: Data page fault". ( SR number: 1653162255 ; DTS number: INDaa23550 ) An MP system hangs during shutdown because a process gets stuck in soclose() forever. ( SR number: 5003309898 ; DTS number: INDaa23835 ) System panic during nmget() call. Probable cause: the network management accessing arp table while its being updated. ( SR number: 4701319897 ; DTS number: INDaa23961 ) tcp_iss is only incremented for tcp_slowtimo() for linear sequencing (not random sequencing). PHNE_6708: ( SR number: 5003292979 ; DTS number: INDaa22516 ) The problem is that Unix Domain sockets that pass file access rights to each other can cause system panics with the message "Data page fault". ( SR number: 4701316315 ; DTS number: INDaa22636 ) A multiprocessor system can panic by holding onto a spinlock too long. ( SR number: 1653152611 ; DTS number: INDaa22733 ) A bad TCPOPT_MAXSEG TCP/IP option can cause a "Conditional trap" system panic. ( SR not found ; DTS number: INDaa22766 ) The problem is that h/netstatistic.h tries to include "../h/mib.h" which only exists in the kernel build environment. ( SR not found ; DTS number: INDaa22855 ) A freshly built kernel panics on bootup. This has only been seen on an s770, but it can possibly happen on other systems as well. ( SR not found ; DTS number: INDaa22918 ) The problem is that a system panics in sbdrop(). ( SR number: 5003298554 ; DTS number: INDaa23055 ) The use of multiple IP addresses on the same system is partially broken. While setting up TCP connections, we fail to discriminate between sockets listening at the same port even though they use different IP addresses. This breaks Service Guard (which uses multiple IP addresses on the same interface) and some functionality of multihomed systems. This can also be seen as a bind() problem. ( SR not found ; DTS number: INDaa23056 ) ICMP Host Unreachable messages can cause a system panic. PHNE_6175: ( SR number: 1653144972 ; DTS number: INDaa22104 ) There are cases where we can get FIN_WAIT_2 connections that never go away. We need a timer that customers can set to remove these connections. ( SR number: 5003285718 ; DTS number: INDaa22105 ) An ICMP Net Redirect causes a host route to be added, but the host route has a net address instead of a full IP address. ( SR number: 1653145037 ; DTS number: INDaa22343 ) Customer hit a panic in kernel socket code. See submitter text for detail. ( SR not found ; DTS number: INDaa22401 ) The problem is that a partner needs support in the BSD networking stack in order to implement a secure firewall product. They need the right hooks in our kernel. ( SR number: 4701308023 ; DTS number: INDaa22483 ) The problem is that the system panics upon receipt of a particular type of packet. ( SR number: 5003292524 ; DTS number: INDaa22502 ) 10.01:Data Segmentation fault in ip_output(). Caused by ping -rp PHNE_6044: ( SR not found ; DTS number: INDaa21673 ) The problem is that a system with a lot of network connections can panic with "INHEAD held too long". ( SR not found ; DTS number: INDaa21748 ) TCP/IP performance suffers on systems with a lot of listening and connected sockets. This is noticable on WWW servers which handle a lot of connection requests. ( SR number: 4701303230 ; DTS number: INDaa21976 ) System paniced after turning networking tracing in a MP system. This type of panic has been duplicated in all 10.X releases. PHNE_5833: ( SR not found ; DTS number: INDaa18133 ) The problem is that "lanconfig lan0 -rif" makes the ethernet interface lan0 unusable. Carriage returns in a telnet session take about 1 minute to respond. ( SR number: 5003247148 ; DTS number: INDaa20391 ) ( SR number: 5003263541 ; DTS number: INDaa21046 ) ICMP 12 messages are passed to applications. some applications don't know what to do with them. ( SR number: 5003264713 ; DTS number: INDaa21047 ) The listen socket queue limit is only 20 and should be increased. The system administrator should be able to change the maximum. ( SR number: 5003264739 ; DTS number: INDaa21048 ) The problem is seen when we try to close a file with valid file pointer but invalid cred field. ( SR number: 5003270058 ; DTS number: INDaa21265 ) The problem is that removing a route that has an active connection network connection over it can cause a system panic. This has been reproduced on a gateway system (at least 2 network interfaces) that is forwarding packets from one network to the other. This has caused the IP forwarding mechanism to panic and the ARP mechanism to panic. This problem can cause panics elsewhere, too. ( SR not found ; DTS number: INDaa21297 ) The problem is that exercising Unix domain sockets causes a system panic. Specifically, if one socket working as a server (is "connected to" by a client socket) connects to another socket working as a server, the system panics. ( SR number: 1653134999 ; DTS number: INDaa21334 ) System panics when there are no lan i/fs configured, and nmget(GP_ip) is used to get "IP" MIB information. ( SR not found ; DTS number: INDaa21512 ) The problem is that IP packets coming in on a fast interface occasionally get dropped for no reason. ( SR number: 5003275438 ; DTS number: INDaa21578 ) With the 10.x release, ifconfig restricts configuration of the local IP address to not allow all ones or all zeros in the network, subnet, or host portions of the IP address. Furthermore, a one bit subnet is not allowed. Customers migrating from 9.X to 10.X who are currently using all ones or all zeros in these portions of their addresses will get "address not available" errors when doing ifconfig. ( SR not found ; DTS number: INDaa21588 ) The problem, as reported by the submitter, is that the system panics with "spin_deadlock_failure". A diagnostic message in the msgbuf is "Trying to get spinlock beta semaphore spinlock when spinlock unp_misc_lock is held." ( SR not found ; DTS number: INDaa21610 ) Problems are noted in the following areas: a). Default TCP MSS should be 536 as per RFC 1122 b). They want to use the Interface's MTU for negotiating a TCP MSS, rather than the IP default of 536, when connecting systems on different subnets. Note that only the default TCP MSS change is required for 10.x because PMTU provides the functionality requested in item "b". ( SR not found ; DTS number: INDaa21615 ) The problem is that an illegal reference is made to t_template of the tcpcb after the template has been freed. This is a TCP/IP race condition. SR: 5000710814 5003247148 5003263541 5003264713 5003264739 5003270058 4701295527 1653134999 5003275438 4701303230 1653144972 5003285718 1653145037 4701308023 5003292524 5003292979 4701316315 1653152611 4701313866 5003294777 5003298554 4701313304 1653157289 4701314807 1653162255 5003309898 4701319897 5003315358 5003316810 5003318543 1653175810 1653176644 5003327973 5003326199 4701333427 5000716316 1653182782 1653163436 1653174441 4701335596 1653184861 5003342071 4701339044 5003345215 5003345207 1653192054 1653198069 5003352872 5003355875 1653204198 4701350173 1653214981 5003366906 5003372144 5003366849 5003366898 5003361691 1653221549 5003379529 4701363333 5003384719 1653234245 4701371914 5003396937 1653239764 5003401802 5003429464 5003430827 5003433490 5003278374 1653205393 1653228965 5003350629 5003382861 4701413534 5003421560 1653231001 5003439067 4701404590 5003443655 5003443713 1653286146 1653286641 5003425660 1653287524 5003452474 1653307215 1653310896 8606104868 8606104914 8606104929 Patch Files: /usr/conf/lib/libinet.a(udp_usrreq.o) /usr/conf/lib/libinet.a(tcp_usrreq.o) /usr/conf/lib/libinet.a(tcp_timer.o) /usr/conf/lib/libinet.a(tcp_subr.o) /usr/conf/lib/libinet.a(tcp_output.o) /usr/conf/lib/libinet.a(tcp_input.o) /usr/conf/lib/libinet.a(raw_ip.o) /usr/conf/lib/libhp-ux.a(nm_tune.o) /usr/conf/lib/libinet.a(nm_tcp.o) /usr/conf/lib/libhp-ux.a(nm_gen.o) /usr/conf/lib/libinet.a(ip_output.o) /usr/conf/lib/libinet.a(ip_input.o) /usr/conf/lib/libinet.a(ip_icmp.o) /usr/conf/lib/libinet.a(in_proto.o) /usr/conf/lib/libinet.a(in_pcb.o) /usr/conf/lib/libinet.a(in.o) /usr/conf/lib/libinet.a(if_ether.o) /usr/conf/lib/libnet.a(route.o) /usr/conf/lib/libuipc.a(netisr.o) /usr/conf/lib/libnet.a(if_ni.o) /usr/conf/lib/libnet.a(if_loop.o) /usr/conf/lib/libnet.a(if.o) /usr/conf/lib/libhp-ux.a(dgram_aud.o) /usr/conf/lib/libhp-ux.a(netfunc.o) /usr/conf/lib/libuipc.a(sys_socket.o) /usr/conf/lib/libuipc.a(uipc_init.o) /usr/conf/lib/libuipc.a(uipc_socket2.o) /usr/conf/lib/libuipc.a(uipc_usrreq.o) /usr/conf/lib/libhp-ux.a(uipc_mbuf.o) /usr/conf/lib/libuipc.a(uipc_socket.o) /usr/conf/lib/libuipc.a(uipc_syscall.o) /usr/conf/lib/libtpiso.a(xtiso.o) /usr/conf/master.d/net what(1) Output: /usr/conf/lib/libinet.a(udp_usrreq.o): PHNE_20833 udp_usrreq.c $Revision: 1.6.101.12 $ $Da te: 97/06/25 08:17:23 $ /usr/conf/lib/libinet.a(tcp_usrreq.o): PHNE_20833 tcp_usrreq.c $Revision: 1.7.101.14 $ $Da te: 98/01/13 13:00:26 $ /usr/conf/lib/libinet.a(tcp_timer.o): PHNE_20833 tcp_timer.c $Revision: 1.5.101.11 $ /usr/conf/lib/libinet.a(tcp_subr.o): PHNE_20833 tcp_subr.c $Revision: 1.5.101.13 $ $Date : 99/07/05 00:02:55 $ /usr/conf/lib/libinet.a(tcp_output.o): PHNE_20833 tcp_output.c $Revision: 1.5.101.6 $ $Dat e: 97/09/05 09:40:05 $ /usr/conf/lib/libinet.a(tcp_input.o): PHNE_20833 tcp_input.c $Revision: 1.8.101.30 $ $Dat e: 99/07/05 00:01:49 $ /usr/conf/lib/libinet.a(raw_ip.o): PHNE_20833 raw_ip.c $Revision: 1.4.101.2 $ /usr/conf/lib/libhp-ux.a(nm_tune.o): PHNE_20833 nm_tune.c $Revision: 1.2.101.11 $ /usr/conf/lib/libinet.a(nm_tcp.o): PHNE_20833 nm_tcp.c $Revision: 1.3.101.3 $ /usr/conf/lib/libhp-ux.a(nm_gen.o): PHNE_20833 nm_gen.c $Revision: 1.3.101.3 $ /usr/conf/lib/libinet.a(ip_output.o): PHNE_20833 ip_output.c $Revision: 1.5.101.9 $ $Date : 99/09/16 00:18:21 $ /usr/conf/lib/libinet.a(ip_input.o): PHNE_20833 ip_input.c $Revision: 1.5.101.14 $ $Date : 99/03/08 04:38:25 $ /usr/conf/lib/libinet.a(ip_icmp.o): PHNE_20833 ip_icmp.c $Revision: 1.6.101.4 $ /usr/conf/lib/libinet.a(in_proto.o): PHNE_20833 in_proto.c $Revision: 1.3.101.3 $ $Date: 95/11/17 16:56:32 $ /usr/conf/lib/libinet.a(in_pcb.o): PHNE_20833 in_pcb.c $Revision: 1.7.101.21 $ $Date: 99/08/31 02:16:07 $ /usr/conf/lib/libinet.a(in.o): PHNE_20833 in.c $Revision: 1.6.101.25 $ $Date: 99/1 2/20 12:51:59 $ /usr/conf/lib/libinet.a(if_ether.o): PHNE_20833 if_ether.c $Revision: 1.7.101.23 $ /usr/conf/lib/libnet.a(route.o): PHNE_20833 route.c $Revision: 1.6.101.20 $ /usr/conf/lib/libuipc.a(netisr.o): PHNE_20833 netisr.c $Revision: 1.9.101.6 $ /usr/conf/lib/libnet.a(if_ni.o): PHNE_20833 if_ni.c $Revision: 1.7.101.2 $ $Date: 98 /03/27 13:49:16 $ /usr/conf/lib/libnet.a(if_loop.o): PHNE_20833 if_loop.c $Revision: 1.5.101.4 $ $Date: 95/12/29 12:50:39 $ /usr/conf/lib/libnet.a(if.o): PHNE_20833 if.c $Revision: 1.4.101.5 $ /usr/conf/lib/libhp-ux.a(dgram_aud.o): PHNE_20833 dgram_aud.c $Revision: 1.2.101.2 $ $Date : 96/08/02 21:07:13 $ /usr/conf/lib/libhp-ux.a(netfunc.o): PHNE_20833 netfunc.c $Revision: 1.4.101.3 $ /usr/conf/lib/libuipc.a(sys_socket.o): PHNE_20833 sys_socket.c $Revision: 1.5.101.4 $ /usr/conf/lib/libuipc.a(uipc_init.o): FILESET BSDIPC-SOCKET: lib uipc: Version: A.10.00 PHNE_20833 uipc_init.c $Date: 98/09/02 15:48 :39 $ $Revision: 1.5.101.4 $ /usr/conf/lib/libuipc.a(uipc_socket2.o): PHNE_20833 uipc_socket2.c $Revision: 1.7.101.13 $ $ Date: 99/03/23 00:39:24 $ /usr/conf/lib/libuipc.a(uipc_usrreq.o): PHNE_20833 uipc_usrreq.c $Revision: 1.5.101.16 $ /usr/conf/lib/libhp-ux.a(uipc_mbuf.o): PHNE_20833 uipc_mbuf.c $Revision: 1.7.101.8 $ $Date : 98/03/27 14:00:51 $ /usr/conf/lib/libuipc.a(uipc_socket.o): PHNE_20833 uipc_socket.c $Revision: 1.8.101.16 $ $D ate: 98/09/02 15:49:54 $ /usr/conf/lib/libuipc.a(uipc_syscall.o): PHNE_20833 uipc_syscall.c $Revision: 1.7.101.5 $ $D ate: 96/12/16 10:10:20 $ /usr/conf/lib/libtpiso.a(xtiso.o): PHNE_20833 xtiso.c $Revision: 1.2.101.6 $ $Date: 99 /02/21 22:50:03 $ /usr/conf/master.d/net: $Revision: 1.2.101.3 $ cksum(1) Output: 1927984516 14276 /usr/conf/lib/libinet.a(udp_usrreq.o) 2444543219 11916 /usr/conf/lib/libinet.a(tcp_usrreq.o) 2082850483 15332 /usr/conf/lib/libinet.a(tcp_timer.o) 1737499157 10028 /usr/conf/lib/libinet.a(tcp_subr.o) 2284286370 7608 /usr/conf/lib/libinet.a(tcp_output.o) 1254533153 22040 /usr/conf/lib/libinet.a(tcp_input.o) 3583028924 3292 /usr/conf/lib/libinet.a(raw_ip.o) 1548654904 10052 /usr/conf/lib/libhp-ux.a(nm_tune.o) 2082907288 4104 /usr/conf/lib/libinet.a(nm_tcp.o) 1509124419 7284 /usr/conf/lib/libhp-ux.a(nm_gen.o) 3652753421 12048 /usr/conf/lib/libinet.a(ip_output.o) 128861001 17464 /usr/conf/lib/libinet.a(ip_input.o) 2194416993 7412 /usr/conf/lib/libinet.a(ip_icmp.o) 3261261984 2784 /usr/conf/lib/libinet.a(in_proto.o) 2160587335 15500 /usr/conf/lib/libinet.a(in_pcb.o) 2157540184 15976 /usr/conf/lib/libinet.a(in.o) 3204375690 44732 /usr/conf/lib/libinet.a(if_ether.o) 1603453343 18200 /usr/conf/lib/libnet.a(route.o) 2040146823 7812 /usr/conf/lib/libuipc.a(netisr.o) 2800086678 10604 /usr/conf/lib/libnet.a(if_ni.o) 1486823955 5660 /usr/conf/lib/libnet.a(if_loop.o) 704209128 7512 /usr/conf/lib/libnet.a(if.o) 1041544486 2312 /usr/conf/lib/libhp-ux.a(dgram_aud.o) 3463026811 960 /usr/conf/lib/libhp-ux.a(netfunc.o) 1749305701 4112 /usr/conf/lib/libuipc.a(sys_socket.o) 2418177040 3684 /usr/conf/lib/libuipc.a(uipc_init.o) 2049200391 19164 /usr/conf/lib/libuipc.a(uipc_socket2.o) 1250885447 13200 /usr/conf/lib/libuipc.a(uipc_usrreq.o) 2936458487 12764 /usr/conf/lib/libhp-ux.a(uipc_mbuf.o) 1210005338 20824 /usr/conf/lib/libuipc.a(uipc_socket.o) 363060853 13640 /usr/conf/lib/libuipc.a(uipc_syscall.o) 3115511869 57352 /usr/conf/lib/libtpiso.a(xtiso.o) 3823741558 5070 /usr/conf/master.d/net Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_5833 PHNE_6044 PHNE_6175 PHNE_6708 PHNE_7324 PHNE_8168 PHNE_9032 PHNE_9102 PHNE_12143 PHNE_13473 PHNE_16427 PHNE_18977 Equivalent Patches: PHNE_20188: s800: 10.01 Patch Package Size: 510 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_20833 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_20833.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_20833. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_20833.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_20833.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None