Patch Name: PHNE_12903 Patch Description: s700 10.10 ARPA Transport cumulative patch Creation Date: 97/10/16 Post Date: 97/10/21 Hardware Platforms - OS Releases: s700: 10.10 Products: N/A Filesets: OS-Core.CORE-KRN Networking.NET-KRN Networking.NET-RUN Automatic Reboot?: Yes Status: General Superseded Critical: Yes PHNE_12903: PANIC PHNE_11985: PANIC PHNE_10902: PANIC PHNE_10484: PANIC PHNE_9104: PANIC PHNE_9034: PANIC PHNE_8063: PANIC PHNE_7749: PANIC PHNE_6866: PANIC Path Name: /hp-ux_patches/s700/10.X/PHNE_12903 Symptoms: PHNE_12903: This patch replaces PHNE_11985 See Defect Description PHNE_11985: See Defect Description. PHNE_10902: See Defect Description. PHNE_10484: See Defect Description PHNE_9104: See Defect Description PHNE_9034: See Defect Description PHNE_8063: See Defect Description PHNE_7749: See Defect Description PHNE_6866: See Defect Description Defect Description: PHNE_12903: ( SR number: 1653163436 ) TCP client is connected to itself hangs the session. ( SR number: 1653204198 ) Additional urgent byte may be sent in AF_INET/STREAM socket if send buffer is much larger than 64K bytes. ( SR number: 4701350173 ) System panic during start-up, due to lack of defensive check in IP interrupt processing. ( SR number: 5003361691 ) Nettune can not tune sb_max. ( SR number: 1653221549 ) The catalyst 5000's system does not reply HP-UX ARP request. ( SR number: 4701363333 ) The problem reported by the customer is that they are seeing their nfs deamons hang. The nfsd's are hanging because they sleep until the driver or other lower layer has released the memory for the packet that was sent down. This memory is not being freed. Hence the hang. ( SR number: 5003384719 ) Customer is running out of outbound ports on 10.20 hp-ux. The system is bounded by the low port number of 1024 and the high port number of 5000. Need more ports. ( SR number: 1653232538 ) udp_usrreq cause system panic PHNE_11985: ( SR not found ) The problem is that h/netstatistic.h tries to include "../h/mib.h" which only exists in the kernel build environment. ( SR not found ) Ping cannot work on the next available source route path because ARP cannot detect that path but insist on using the previous path which is now severed. ( SR number: 1653214981 ) The problem is that ip_output is using the PMTU from the dynamic route, but TCP is not, resulting in fragmentation and sub-optimal behavior. ( SR not found ) System hang caused by memory leak due to failed setsockopt(2) calls. ( SR number: 5003366898 ) Whenever the PMTU value is changed, and the local system is a multiple processor machine, and the connection is TCP, and the resulting fragments are less than 60 bytes, and the outbound connection is over FDDI, then the remote system starts logging TCP checksum errors and existing connections time out. PHNE_10902: ( SR number: 1653212290 ) When a system connects to a tokn ring with rif enabled and the token ring uses source route bridging, the system panics immediately after it has been connected to the ring. PHNE_10484: ( SR number: 5003320655 ) HP 9000/UX BSD ARP implementation causes caching of the least optimal path to a remote host on a Token Ring network among multiple possible paths through various source routing bridges. This is true for both outbound and inbound ARP resolution cases. In the case of outbound ARP resolution after HP 9000/UX issues an ARP broadcast request to a remote host which results in multiple requests reaching to that host, it begins to receive multiple responses, and for each such response it overwrites the cache data for that host. This results in the cache having the longest path corresponding to the last response received. Similarly, in the case of inbound ARP resolution, HP 9000/UX receives multiple ARP requests over multiple paths, and with each request it updates its cache with the path over which that request was received. This results in the cache finally containing the path over which the last request was received which may be the longest path in most cases. ( SR number: 1653198069 ) System hangs during shutdown in sbdrop. ( SR number: 5003352872 ) Network hangs because Stream Scheduler is looping on processor 0. ( SR not found ) IP directed broadcast forwarding is not supported. PHNE_9104: ( SR number: 5003318543 ) Memory leak when IPPROTO_TCP setsockopt() done on closed socket. ( SR number: 5003327973 ) Data was put in the socket buffer before calling tcp to send it out. If tcp gets an error from the interface which may be transient, tcp returns the error to the application. If the application attempts to resend the data instead of exiting, a potential data corruption situation can occur. ( SR number: 5000716316 ) System hung when doing a second connect() on the same socket. ( SR number: 1653182782 ) Fast retransmission not activated after three duplicate ACK if window scaling is on (RFC 1323). ( SR number: 4701335596 ) A syn attack can result in Denial Of Service (DOS) to legitimate users. ( SR number: 1653184861 ) Customers in 9.x can tune sb_max, but cannot do it in 10.x. ( SR not found ) IPTOS_PREC_ROUTINE was defined as 0x10. That means the LOW DELAY bit in the type of service field is also set. This makes it difficult to assign "Routine" precedence with "Normal delay" ( SR number: 4701339044 ) Panic in sounlock. ( SR number: 1653189852 ) Directed Broadcast to a different network fails. ( SR number: 5003345215 ) Multicast addresses don't transfer over to the new interface during switchover. ( SR number: 5003345207 ) An application binding to a multicast address does not receive packets sent to that multicast address. ( SR number: 1653192054 ) IBM RS/6000 systems reject our arp request. PHNE_9034: ( SR number: 5003342071 ) ping can cause panic. PHNE_8063: ( SR number: 5000710814 ) An ENXIO error is presently passed from the transport layer up to the application error as a "hard", or irrecoverable error. It is left up to the application to decide how to handle this situation. This is incorrect, because ENXIO is generated by the driver(s) in situations which *may* be recoverable, such as the imfamous 82596 LAN chip error. The user will see applications fail with a connection failure error which may be accompanied by a log message from the driver indicating that some sort of hardware error has occurred. ( SR number: 4701295527 ) ENXIO bubbled upto application causing it to abort abnormally. ( SR number: 5003309898 ) System panic during nmget() call. Probable cause: the network management accessing arp table while its being updated. ( SR not found ) data memory protection fault panic in whohas_snap8025 ( SR not found ) netstat improperly displays the interface field for clan0. ( SR number: 1653175810 ) icpm packet rerouting to 255.255.255.255 causes system hang on UP and panic on MP. ( SR not found ) For a SYN, when the socket is not found in the listen queue, we search the whole list. This takes too long. It causes performance degradation in netscape. (e.g.The above may happen when a service not started). ( SR number: 1653176644 ) Panic calling audit_send_dgram (). ( SR number: 5003326199 ) K400; 10.01; running ServiceGuard. System panics with doing a ping to a floating ip address of a package that is being shutdown. ( SR not found ) The code does not ensure that there is always space left for '\0' for the case when unit number > 9. ( SR not found ) The default for listen queue has been increased from 20 to 4K. ( SR not found ) max value of 20 for listen queue is inadequte for a number of applications. ( SR number: 4701333427 ) Possible panic in tcp_ctloutput() due to inproper locking and unlocking of inp. PHNE_7749: ( SR number: 5003292979 ) The problem is that Unix Domain sockets that pass file access rights to each other can cause system panics with the message "Data page fault". ( SR number: 4701313866 ) Bug in source code. Found through code examination. Works accidentally. ( SR number: 4701313304 ) The current code allows one to create an arp entry on a poinnt to point interface. When the time expires on this entry,an attempt is made to build a packet by calling a procedure whose pointer should be in the arpcom table. In the point to point case, that pointer is NULL which causes a panic. ( SR not found ) System will panic if a user application requests xti message size 32K or larger. ( SR number: 1653162255 ) An MP system hangs during shutdown because a process gets stuck in soclose() forever. ( SR not found ) This problem will panic a system in sosend with data page fault error. Any user using unix domain sockets could get this crash. ( SR number: 5003315358 ) There is a panic which can occur when receiving IP multicast packets on an MP system. ( SR number: 5003316810 ) System hang and network congestion. PHNE_6866: ( SR number: 5003263541 ) ICMP 12 messages are passed to applications. some applications don't know what to do with them. ( SR not found ) UDP sockets are unable to send all 1's limited broadcasts. This directly affects DHCP, because the DHCP server then cannot reply to a DHCP request with an all 1's limited broadcast as it should. Some DHCP clients require this. ( SR number: 1653144972 ) There are cases where we can get FIN_WAIT_2 connections that never go away. We need a timer that customers can set to remove these connections. ( SR number: 5003285718 ) An ICMP Net Redirect causes a host route to be added, but the host route has a net address instead of a full IP address. ( SR number: 1653145037 ) Customer hit a panic in kernel socket code. See submitter text for detail. ( SR not found ) The problem is that a partner needs support in the BSD networking stack in order to implement a secure firewall product. They need the right hooks in our kernel. ( SR number: 4701308023 ) The problem is that the system panics upon receipt of a particular type of packet. ( SR number: 4701316315 ) A multiprocessor system can panic by holding onto a spinlock too long. ( SR number: 1653152611 ) A bad TCPOPT_MAXSEG TCP/IP option can cause a "Conditional trap" system panic. ( SR not found ) The problem is that h/netstatistic.h tries to include "../h/mib.h" which only exists in the kernel build environment. ( SR not found ) The problem is that a system panics in sbdrop(). ( SR number: 5003298554 ) The use of multiple IP addresses on the same system is partially broken. While setting up TCP connections, we fail to discriminate between sockets listening at the same port even though they use different IP addresses. This breaks Service Guard (which uses multiple IP addresses on the same interface) and some functionality of multihomed systems. This can also be seen as a bind() problem. ( SR number: 1653157289 ) The problem is that a t_snddis() call (using XTI) can fail with EADDRINUSE for no apparent reason. ( SR not found ) The problem is that a system panics in unp_gc(). This can be worked around by setting unpgc_disabled. SR: 5000710814 5003263541 4701295527 1653144972 5003285718 1653145037 4701308023 5003292979 4701316315 1653152611 4701313866 5003298554 4701313304 1653157289 1653162255 5003309898 5003315358 5003316810 5003318543 5003320655 1653175810 1653176644 5003327973 5003326199 4701333427 5000716316 1653182782 1653163436 4701335596 1653184861 5003342071 4701339044 1653189852 5003345215 5003345207 1653192054 1653198069 5003352872 5003355875 1653204198 4701350173 1653212290 1653214981 5003366898 5003361691 1653221549 4701363333 5003384719 1653232538 Patch Files: /usr/conf/lib/libinet.a(udp_usrreq.o) /usr/conf/lib/libinet.a(tcp_usrreq.o) /usr/conf/lib/libinet.a(tcp_timer.o) /usr/conf/lib/libinet.a(tcp_subr.o) /usr/conf/lib/libinet.a(tcp_output.o) /usr/conf/lib/libinet.a(tcp_input.o) /usr/conf/lib/libhp-ux.a(nm_tune.o) /usr/conf/lib/libhp-ux.a(nm_gen.o) /usr/conf/lib/libinet.a(ip_output.o) /usr/conf/lib/libinet.a(ip_input.o) /usr/conf/lib/libinet.a(ip_icmp.o) /usr/conf/lib/libinet.a(in_proto.o) /usr/conf/lib/libinet.a(in_pcb.o) /usr/conf/lib/libinet.a(in.o) /usr/conf/lib/libinet.a(if_ether.o) /usr/conf/lib/libnet.a(route.o) /usr/conf/lib/libuipc.a(netisr.o) /usr/conf/lib/libnet.a(if.o) /usr/conf/lib/libhp-ux.a(dgram_aud.o) /usr/conf/lib/libhp-ux.a(netfunc.o) /usr/conf/lib/libuipc.a(uipc_socket2.o) /usr/conf/lib/libuipc.a(uipc_usrreq.o) /usr/conf/lib/libuipc.a(uipc_socket.o) /usr/conf/lib/libuipc.a(uipc_syscall.o) /usr/conf/lib/libtpiso.a(xtiso.o) /usr/conf/master.d/net what(1) Output: /usr/conf/lib/libinet.a(udp_usrreq.o): PHNE_12903 udp_usrreq.c $Revision: 1.7.102.17 $ $Dat e: 97/10/15 14:47:49 $ /usr/conf/lib/libinet.a(tcp_usrreq.o): PHNE_12903 tcp_usrreq.c $Revision: 1.8.102.12 $ $Dat e: 96/09/27 08:42:00 $ /usr/conf/lib/libinet.a(tcp_timer.o): PHNE_12903 tcp_timer.c $Revision: 1.6.102.9 $ /usr/conf/lib/libinet.a(tcp_subr.o): PHNE_12903 tcp_subr.c $Revision: 1.6.102.12 $ $Date: 97/04/25 15:00:05 $ /usr/conf/lib/libinet.a(tcp_output.o): PHNE_12903 tcp_output.c $Revision: 1.6.102.4 $ $Date : 97/09/05 09:32:50 $ /usr/conf/lib/libinet.a(tcp_input.o): PHNE_12903 tcp_input.c $Revision: 1.9.102.22 $ $Date : 97/08/21 17:06:07 $ /usr/conf/lib/libhp-ux.a(nm_tune.o): PHNE_12903 nm_tune.c $Revision: 1.2.102.6 $ /usr/conf/lib/libhp-ux.a(nm_gen.o): PHNE_12903 nm_gen.c $Revision: 1.3.102.3 $ /usr/conf/lib/libinet.a(ip_output.o): PHNE_12903 ip_output.c $Revision: 1.6.102.7 $ $Date: 96/11/05 15:32:08 $ /usr/conf/lib/libinet.a(ip_input.o): PHNE_12903 ip_input.c $Revision: 1.6.102.18 $ $Date: 97/09/05 08:42:34 $ /usr/conf/lib/libinet.a(ip_icmp.o): PHNE_12903 ip_icmp.c $Revision: 1.7.102.6 $ /usr/conf/lib/libinet.a(in_proto.o): PHNE_12903 in_proto.c $Revision: 1.3.102.6 $ $Date: 96/02/15 18:47:54 $ /usr/conf/lib/libinet.a(in_pcb.o): PHNE_12903 in_pcb.c $Revision: 1.8.102.16 $ $Date: 9 7/09/23 11:04:02 $ /usr/conf/lib/libinet.a(in.o): PHNE_12903 in.c $Revision: 1.7.102.14 $ $Date: 96/12 /06 10:13:04 $ /usr/conf/lib/libinet.a(if_ether.o): PHNE_12903 if_ether.c $Revision: 1.8.102.21 $ /usr/conf/lib/libnet.a(route.o): PHNE_12903 route.c $Revision: 1.7.102.18 $ /usr/conf/lib/libuipc.a(netisr.o): PHNE_12903 netisr.c $Revision: 1.10.102.8 $ /usr/conf/lib/libnet.a(if.o): PHNE_12903 if.c $Revision: 1.5.102.7 $ /usr/conf/lib/libhp-ux.a(dgram_aud.o): PHNE_12903 dgram_aud.c $Revision: 1.2.102.3 $ $Date: 96/08/02 20:45:40 $ /usr/conf/lib/libhp-ux.a(netfunc.o): PHNE_12903 netfunc.c $Revision: 1.4.102.3 $ /usr/conf/lib/libuipc.a(uipc_socket2.o): PHNE_12903 uipc_socket2.c $Revision: 1.8.102.12 $ $D ate: 96/12/16 18:30:42 $ /usr/conf/lib/libuipc.a(uipc_usrreq.o): PHNE_12903 uipc_usrreq.c $Revision: 1.6.102.15 $ /usr/conf/lib/libuipc.a(uipc_socket.o): PHNE_12903 uipc_socket.c $Revision: 1.9.102.21 $ $Da te: 97/07/03 08:43:25 $ /usr/conf/lib/libuipc.a(uipc_syscall.o): PHNE_12903 uipc_syscall.c $Revision: 1.8.102.9 $ $Da te: 96/12/16 10:27:59 $ /usr/conf/lib/libtpiso.a(xtiso.o): PHNE_12903 xtiso.c $Revision: 1.2.102.9 $ $Date: 97/ 01/28 17:24:53 $ /usr/conf/master.d/net: $Revision: 1.2.102.3 $ cksum(1) Output: 1923592112 15272 /usr/conf/lib/libinet.a(udp_usrreq.o) 595105563 12040 /usr/conf/lib/libinet.a(tcp_usrreq.o) 1616397521 15452 /usr/conf/lib/libinet.a(tcp_timer.o) 1983226508 10060 /usr/conf/lib/libinet.a(tcp_subr.o) 2355576904 6644 /usr/conf/lib/libinet.a(tcp_output.o) 3299927208 21944 /usr/conf/lib/libinet.a(tcp_input.o) 2353887980 9672 /usr/conf/lib/libhp-ux.a(nm_tune.o) 2098318776 7576 /usr/conf/lib/libhp-ux.a(nm_gen.o) 2309042919 12756 /usr/conf/lib/libinet.a(ip_output.o) 703077848 17820 /usr/conf/lib/libinet.a(ip_input.o) 3138243112 7432 /usr/conf/lib/libinet.a(ip_icmp.o) 407650484 2988 /usr/conf/lib/libinet.a(in_proto.o) 787929833 15040 /usr/conf/lib/libinet.a(in_pcb.o) 1309246531 16228 /usr/conf/lib/libinet.a(in.o) 1731459903 47000 /usr/conf/lib/libinet.a(if_ether.o) 46760257 18080 /usr/conf/lib/libnet.a(route.o) 349950906 7876 /usr/conf/lib/libuipc.a(netisr.o) 3941292599 7552 /usr/conf/lib/libnet.a(if.o) 1057435705 2508 /usr/conf/lib/libhp-ux.a(dgram_aud.o) 2864913071 1112 /usr/conf/lib/libhp-ux.a(netfunc.o) 3662361400 21720 /usr/conf/lib/libuipc.a(uipc_socket2.o) 3169842896 13060 /usr/conf/lib/libuipc.a(uipc_usrreq.o) 1924502184 21828 /usr/conf/lib/libuipc.a(uipc_socket.o) 1188859142 18024 /usr/conf/lib/libuipc.a(uipc_syscall.o) 3649586849 61908 /usr/conf/lib/libtpiso.a(xtiso.o) 2304715148 5070 /usr/conf/master.d/net Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_6866 PHNE_7749 PHNE_8063 PHNE_9034 PHNE_9104 PHNE_10484 PHNE_10902 PHNE_11985 Equivalent Patches: None Patch Package Size: 480 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_12903 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_12903.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_12903.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_12903. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_12903.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_12903.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None