**************************** ECO SUMMARY INFORMATION **************************** Release Date: 12-AUG-2005 Kit Name: DEC-AXPVMS-TCPIPJA_ECO-V0504-155-4.PCSI Kit Applies To: OpenVMS ALPHA V7.3-2, V7.3-1 Approximate Kit Size: 134928 blocks Installation Rating: INSTALL_2 Superseded Kits: None. Mandatory Kit Dependencies: None. Optional Kit Dependencies: None. TCPIPJAALP_E05A54.PCSI-DCX_AXPEXE Checksum: 3839114189 ======================================================================= Hewlett-Packard OpenVMS ECO Cover Letter ======================================================================= ECO NUMBER: TCPIPJAALP_E05A54 PRODUCT: HP TCP/IP Services/Japanese for OpenVMS Alpha V5.4 UPDATE PRODUCT: HP TCP/IP Services/Japanese for OpenVMS Alpha V5.4 1 KIT NAME: DEC-AXPVMS-TCPIPJA_ECO-V0504-155-4 2 KIT DESCRIPTION: 2.1 Installation Rating: INSTALL_2 : This installation rating, based upon current CLD information, is provided to serve as a guide to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) _____________________________ Note _____________________________ This ECO kit can be applied only to Japanese language variant of TCP/IP Services for OpenVMS Alpha V5.4. _________________________________________________________________ 2.2 Reboot Requirement: A reboot is necessary after installation of this kit. 2.3 New functionality or new hardware support provided: No. 3 FILES PATCHED OR REPLACED: Refer to the release notes included in this kit. 4 PROBLEMS ADDRESSED IN THIS KIT Release Notes for HP TCP/IP Services for OpenVMS V5.4 Update ECO 5 -- DEC-AXPVMS-TCPIPJA_ECO-V0504-155-4.PCSI -------------------------------------------------------------- (c) 2005 Hewlett-Packard Development Company, L.P. UNIX[R] is a registered trademark of The Open Group. Microsoft[R] is a US registered trademark of Microsoft Corporation. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Proprietary computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The HP TCP/IP Services for OpenVMS documentation is available on CD-ROM. ------------------------------------------------------------------------------- TCP/IP Services V5.4 ECO 5 SSH Motif Requirement: The minimum DECwindows Motif requirement is 1.3 ------------------------------------------------------------------------------- -------------------------------------------------------------- 1: Dependency for ECO 5 installation on Motif image when using SSH: 1.1 Problem Description on OpenVMS 7.3-2 without DECwindows Motif started: The following error is seen in the startup log for the SSH server (file TCPIP$SSH_HOME:TCPIP$SSH_RUN.LOG) on OpenVMS 7.3-2 with DECwindows Motif V1.3 or later installed but not started: %DCL-W-ACTIMAGE, error activating image DECW$SETSHODISSHR -CLI-E-IMGNAME, image file SYS$SHARE:DECW$SETSHODISSHR.EXE;1 -SYSTEM-F-PRIVINSTALL, shareable images must be installed to run privileged image Solution: Execute the command: $ INSTAll ADD SYS$SHARE:DECW$SETSHODISSHR.EXE To make this solution permanent, add the command to the appropriate file in the OpenVMS startup sequence, e.g., SYS$MANAGER:SYSTARTUP_VMS.COM: Notes: - This problem does not affect the ssh server (e.g., $ SSH {remotehostname} command. - The solution does not permit X11 forwarding to work. To activate that functionality you must install and startup DECwindows Motif V1.3 or later. 1.2 Problem Description on OpenVMS 7.3-1: The following error is seen in the startup log for the SSH server (file TCPIP$SSH_HOME:TCPIP$SSH_RUN.LOG), and also on using the ssh server command $ SSH {remotehostname} on OpenVMS 7.3-1 systems with DECwindows Motif version less than V1.3 (e.g., V1.2-6): %DCL-W-ACTIMAGE, error activating image DECW$SETSHODISSHR -CLI-E-IMAGEFNF, image file not found Solution: 1. Copy the file SYS$SHARE:DECW$SETSHODISSHR.EXE from a system which has Motif V1.3 or later. The destination directory is SYS$SHARE (e.g., SYS$COMMON:[SYSLIB]). Make sure the copied file has W:RE protection. Note, the ECO 1 and ECO 2 kits available on ftp://ftp.itrc.hp.com/openvms_patches/alpha/V7.3-2/ do NOT contain the file. 2. Execute the command: $ INSTALL ADD SYS$SHARE:DECW$SETSHODISSHR.EXE To make this solution permanent, add the command to the appropriate file in the OpenVMS startup sequence, e.g., SYS$MANAGER:SYSTARTUP_VMS.COM: Note that this solution does not permit X11 forwarding to work. To activate that functionality you must install and startup DECwindows Motif V1.3 or later. ------------------------------------------------------------------------------- PREVIOUSLY UNDOCUMENTED BEHAVIOR: ------------------------------------------------------------------------------- -------------------------------------------------------------- 1: Dependency for PPP on OpenVMS 7.2-2 and above -------------------------------------------------------------- IPCP negotiation of IP address between PC client and OpenVMS PPP server fails to assign client an IP address. Many problems were fixed in the OpenVMS PPPDRIVER. All customers running PPP on OpenVMS versions 7.3 and higher must install a patch for PPPDRIVER. Alpha OpenVMS kit (minimum version) ----- ----------------------------- 7.3 VMS73_PPPD-V0200 -------------------------------------------------------------- 2: SMTP dependency on OpenVMS Kits -------------------------------------------------------------- Problem: When you compose a mail message in OpenVMS mail and enter an SMTP address at the To: prompt and at the Cc: prompt, the address originally entered at the Cc: prompt is not put into a Cc: RFC header in the SMTP message but is instead put into the To: RFC header. Dependencies: For this fix to be effective the following OpenVMS kits must be installed. Alpha OpenVMS kit (minimum version) ----- ----------------------------- 7.3 VMS73_MAIL-V0100 -------------------------------------------------------------- 3: PTRs 30-10-194/30-10-174 IMAP Dependency on OpenVMS Kits -------------------------------------------------------------- The underlying OpenVMS problem has been fixed in OpenVMS versions 7.3-1 and later. For users running earlier versions of OpenVMS, the following two steps must be performed to enable IMAP upload support: 1) Install the following patch if running on VMS V7.3: Alpha OpenVMS kit (minimum version) ----- ----------------------------- 7.3 VMS73_SYSLOA-V0300 NOTE: This patch need only be installed on the system or systems that are running the IMAP server. Cluster nodes that are not running the IMAP server are not required to install the patch. 2) Add this line to your TCPIP$IMAP.CONF file: Upload-Supported: TRUE WARNING: Do not set the Upload-Supported configuration parameter on an unpatched system running an OpenVMS version prior to 7.3-1 -------------------------------------------------------------- 4: Inability of New IMAP Clients to Connect -------------------------------------------------------------- Problem: Inability of new IMAP clients to connect and of some connected clients to open additional folders. Problem detail: The IMAP server supports an application-specific limit on the number of connections an IMAP server process can handle before it forces the kernel to create a new IMAP server process. This value is set in the TCPIP$IMAP.CONF file to 25 (Max-Connections:25). The service limit default value (currently 16) should not be less than the application limit of 25. In fact it should be set much higher, or a server hang can result. As an example, Netscape uses five connections. Therefore, any more than 3 concurrently attached IMAP Netscape clients would exhaust the default 16-connection limit. Workaround: 1) Update the IMAP service limit from 16 to 1600: $ tcpip set service imap/limit=1600 $ tcpip show service imap/full/perm 2) Stop IMAP: $ @sys$startup:TCPIP$IMAP_SHUTDOWN 3) Wait until there are no more IMAP processes left. Enter the following command to make sure all IMAP processes are gone. $ SHOW SYSTEM/PROCESS=*IMAP* 4) Start IMAP: $ @sys$startup:TCPIP$IMAP_STARTUP -------------------------------------------------------------- 5: PTR 75-86-140 nslookup via TELNET Fails on V7.3-1 -------------------------------------------------------------- This problem was reported on OpenVMS V7.3-1 with TCP/IP V5.3. The symptom is that nslookup in interactive mode failed when connected via TELNET. Problem detail: For a system that is, for example, accessed via TELNET (rather than SET HOST) that also has set the SYSGEN parameter MAXBUF to greater than 32K, if a C program is executed that uses a C runtime call (such as getc or gets) to read data from the terminal, this problem can occur. The C program may return a generic user I/O error message rather than the specific errors returned by RMS. (The TT driver returns an SS$_IVBUFLEN error. RMS returns RMS-F-QIO in the RAB$L_STS, and SYS-F-IVBUFLEN in the RAB$L_STV to the caller.) Workaround: Reduce the MAXBUF SYSGEN parameter to 32K. This is a dynamic parameter so no reboot is required. After the remedial kit is installed, MAXBUF can be reset to some higher value. Solution: Install the remedial kit: OpenVMS kit VMS731_RMS-V0100 -------------------------------------------------------------- 6: PTR 70-5-2210 ARP Timeouts Not Tunable over 32767 -------------------------------------------------------------- The ARP timeouts arpkillc, arpkilli, and arprefresh are limited to 32767 seconds. This known problem was introduced in V5.3 SSB. -------------------------------------------------------------- 7: PTRs 70-5-2191 and 70-5-2194 SMTP Mail Hang -------------------------------------------------------------- 70-5-2191/CFS-96560: TCP/IP V5.3 ECO1 incoming SMTP mail job stalls during processing. This is because mail hangs on $BRKTHRU, which is called from MAILSHRP with VMS73-SYS patch. 70-5-2194/CFS-96677: SMTP mail hangs with AXPVMS VMS73_SYS V5.0. Solution: Alpha OpenVMS kit (minimum version) ----- ----------------------------- 7.3 VMS73_SYS-V0600 7.3-1 VMS731_SYS-V0300 -------------------------------------------------------------- 8: PTR 70-5-2259 NFS Client Restriction -------------------------------------------------------------- The MOUNT command used by the NFS client is restricted to 255 characters in total length. Depending on where the 255 character limit is reached in the command line, the command might generate an error message. Abbreviate some of the parameter names until the total length is less than or equal to 255 characters. -------------------------------------------------------------- 9: Changes to KERNEL parameter defaults -------------------------------------------------------------- The following sysconfig default settings were changed in previous releases but not documented in the V5.4 release notes: TCP/IP V5.1 changed the defaults that affect the ephemeral (non-privileged) port numbers assigned to sockets. The changes were made to match IANA recommendations. The following changes were carried over to V5.4: ipport_userreserved_min (1024 -> 49152) ipport_userreserved (5000 -> 65535) V5.4 changed the following default setting to comply with RFC 1122. It increases the initial keepalive probe from 75 seconds to 2 hours. tcp_keepidle (150 -> 14400) -------------------------------------------------------------- 10: SMTP receiver doesn't check recipient deliverability -------------------------------------------------------------- Problem: The SMTP receiver does not check to see if the recipient email address in the RCPT TO SMTP protocol command is deliverable (for example that the user account exists on the system). This check is instead deferred to the processing of the mail message in the SMTP queue by the SMTP symbiont process. By this time, the host has taken responsibility for the message and, if there is a problem delivering the message, must bounce the message itself. This behavior is more problematic when the system receives SPAM. SPAM arrives on the host for a non-existent user and is bounced by your host's symbiont process to the email address in the SPAM's Return-Path: header. The SPAM's Return-Path: header contains an invalid email address, so the bounced SPAM is in turn bounced back to your host's POSTMASTER account. The POSTMASTER account's mail is forwarded to the SYSTEM account, which means that the SYSTEM user must constantly separate these doubly bounced SPAMs from their valid email. Solution: The SMTP receiver has been changed to check to see if the recipient email address in the RCPT TO SMTP protocol command is deliverable. This solves the problem by not letting the SPAM for the unknown user onto the host in the first place. A configuration option now exists to turn this new feature on and off. The option is called Symbiont-Checks-Deliverability and is entered in the SMTP.CONFIG SMTP configuration file. Setting this option to TRUE preserves the old behavior - where the receiver does not check the deliverability of RCPT TO recipients, deferring to the symbiont. Setting Symbiont-Checks-Deliverability to FALSE turns on the new behavior, telling the receiver to check the deliverability of RCPT TO recipients itself. To preserve existing behavior, this option is set by default to TRUE for TCP/IP Services Version 5.4. For future versions it will default to FALSE. -------------------------------------------------------------- 11: CERT updates for OpenVMS TCP/IP Service V5.4 SSH: -------------------------------------------------------------- 1. SSRT3629A/B: Code checked; not vulnerable 2. CERT CA-2003-24: OpenSSH only; not vulnerable 3. CERT CA-2002-36: The worst case effect of the vulnerability is a denial of service (DoS) for a single connection of one of these types: - the server process that is handling a connection from a malicious client - the client process that is connecting to a malicious server In either case it is not possible for a malicious remote host to gain access to the OpenVMS host (that is, to execute arbitrary code). The ability of an OpenVMS server to receive a new connection is not affected. 4. CERT CA-2001-35: Affects SSH version 1 only, which is not supported; not vulnerable 5. CERT CA-1999-15: RSAREF2 library not used; not vulnerable 6. CERT CA-1998-03: Old versions (1.2.17 through 1.2.21) referenced, current release based on much newer code; not vulnerable -------------------------------------------------------------- 12: IPv6 documentation changes (TCPIP_BUGS Note 3040): -------------------------------------------------------------- 1.a. Guide to IPv6, Section 2.5.1 Run TCPIP$IP6_SETUP to Configure Host Update IPv6 host configuration procedure as shown here: Configuring an IPv6 Host To configure your system as an IPv6 host, do the following: 1. Invoke the TCPIP$IP6_SETUP configuration procedure by entering the following command: $ @SYS$MANAGER:TCPIP$IP6_SETUP 2. Choose to configure the system as an IPv6 host by taking the default to the following prompt (press Return or enter NO): Configure this system as an IPv6 router? [NO]: 3. Indicate whether you want to configure a 6to4 interface by responding to the following prompt: Configure a 6to4 interface? [NO]: A 6to4 interface is needed if this host is connected to an IPv4-only network and needs to communicate with other 6to4 or native IPv6 sites. If this system is a host within a 6to4 site, do not create a 6to4 interface; a 6to4 address is automatically configured on this system using standard IPv6 mechanisms. If you do not want to configure a 6to4 interface, press Return. The configuration procedure goes to step 8. If you want to configure a 6to4 interface, enter YES. The configuration procedure then displays the 6to4 tunnel interface, as shown here: The 6to4 tunnel is: TN1 You will be prompted to enter information about the 6to4 interface in subsequent steps. 4. Enter this host's IPv4 address in response to the following prompt: Enter this node's IPv4 address to use when generating your site's 6to4 prefix: Enter the IPv4 address in dotted-decimal format (d.d.d.d). The configuration procedure automatically generates a 6to4 site prefix based on the IPv4 address entered, and displays the prefix as shown here: Your 6to4 site prefix is: 2002:x:x::/48 5. Enter the address prefix for the 6to4 tunnel in response to the following prompt: Enter an address prefix to use on interface TN1 [2002:x:x::/64]: You can accept the IPv6 address prefix generated in the previous step by taking the default. ________________________ Note ________________________ The high-order 48 bits of the 6to4 address prefix must be the same as your 6to4 site prefix. ______________________________________________________ 6. Indicate whether you want to configure a 6to4 relay router: Configure a 6to4 relay router? [NO]: A relay router is needed to connect your system to native IPv6 sites. If you do not configure a relay router, your system can connect to other 6to4 sites but not to native IPv6 sites. If you do not want to configure a 6to4 relay router, press Return. The configuration procedure goes to step 8. If you want to configure a 6to4 relay router, enter YES. 7. Specify the address of a relay router: Enter the 6to4 address of a 6to4 relay router [2002:C058:6301::]: The address of the default relay router is displayed. To use the default, press Return. Otherwise, enter the 6to4 unicast address of a 6to4 relay router. 8. For each network interface on your system, the configuration procedure asks whether you want to enable IPv6 on that interface, as shown below, where ddn is the internet interface name, such as WE0: Enable IPv6 on interface ddn? [YES]: If you want to enable IPv6 on this interface, press Return; if you do not, enter NO. If your system has multiple interfaces, the configuration procedure repeats this question for each interface. 9. Indicate whether you want to configure an automatic tunnel by responding to the following prompt: Configure an IPv6 over IPv4 automatic tunnel interface? [NO]: If you do not want to configure an automatic tunnel, press Return; the configuration procedure goes to step 11. If you want to configure an automatic tunnel, enter YES; the configuration procedure displays the automatic tunnel interface as shown here, and then prompts you for the tunnel's address in step 10. The automatic tunnel is: TN0 ________________________ Note ________________________ Because of potential IPv4-compatible address routing problems, HP recommends that you avoid using automatic tunnels. ______________________________________________________ 10. Enter the IPv4 address to use when constructing the automatic tunnel's endpoint. Enter this node's IPv4 address to use when creating your automatic tunnel: Enter the IPv4 address in dotted-decimal format (d.d.d.d). 11. Indicate whether you want to create an IPv6 over IPv4 configured tunnel, by responding to the following prompt: Create IPv6 over IPv4 configured tunnels? [NO]: If you want to create an IPv6 over IPv4 configured tunnel, enter YES and press Return. You will be prompted for information about this tunnel in subsequent steps. If you do not want to create an IPv6 over IPv4 configured tunnel, press Return; the procedure goes to step 16. 12. Enter the tunnel's source IPv4 address in response to the following prompt: Enter the source IPv4 address of tunnel ITn: Enter the tunnel's source IPv4 address in dotted-decimal format (d.d.d.d). 13. Enter the tunnel's destination IPv4 address in response to the following prompt: Enter the destination IPv4 address of tunnel ITn: Enter the tunnel's destination IPv4 address in dotted-decimal format (d.d.d.d). The tunnel's destination address must differ from the source address entered in the previous step. 14. Enter an address prefix to use on the tunnel interface in response to the following prompt: Enter an address prefix to use on interface ITn [DONE]: If a router is not advertising a global address prefix on this tunnel interface, enter a 64-bit address prefix. You can configure multiple address prefixes for this configured tunnel. You will be prompted for additional address prefixes until you enter DONE. If you do not want the host to use an IPv6 address prefix on the tunnel interface, press Return. 15. Indicate whether you want to create another IPv6 over IPv4 configured tunnel, by responding to the following prompt: Create another IPv6 over IPv4 configured tunnel? [NO]: If you want to create another IPv6 over IPv4 configured tunnel, enter YES and press Return. The configuration procedure repeats steps 12 through 14 for each additional configured tunnel you choose to create. If you do not want to create another IPv6 over IPv4 configured tunnel, press Return. 16. Indicate whether you want to create an IPv6 over IPv6 configured tunnel, by responding to the following prompt: Create IPv6 over IPv6 configured tunnels? [NO]: If you want to create an IPv6 over IPv6 configured tunnel, enter YES and press Return. You will be prompted for information about this tunnel in subsequent steps. If you do not want to create an IPv6 over IPv6 configured tunnel, press Return; the configuration procedure goes to step 21. 17. Enter the tunnel's source IPv6 address in response to the following prompt: Enter the source IPv6 address of tunnel ITn: Enter the source IPv6 address of the designated tunnel. 18. Enter the tunnel's destination IPv6 address in response to the following prompt: Enter the destination IPv6 address of tunnel ITn: Enter the destination IPv6 address of the designated tunnel. The tunnel's destination address must differ from the source address entered in the previous step. 19. Enter an address prefix to use on the tunnel interface in response to the following prompt: Enter an address prefix to use on interface ITn [DONE]: If a router is not advertising a global address prefix on this tunnel interface, enter a 64-bit address prefix. You can configure multiple address prefixes for this configured tunnel. You will be prompted for additional address prefixes until you enter DONE. If you do not want the host to use an IPv6 address prefix on the tunnel interface, press Return. 20. Indicate whether you want to create another IPv6 over IPv6 configured tunnel, by responding to the following prompt: Create another IPv6 over IPv6 configured tunnel? [NO]: If you want to create another IPv6 over IPv6 configured tunnel, enter YES and press Return. The configuration procedure repeats steps 17 through 19 for each additional configured tunnel you choose to create. If you do not want to create another IPv6 over IPv6 configured tunnel, press Return. 21. Indicate whether you want to define manual IPv6 routes by responding to the following prompt: Configure manual IPv6 routes? [NO]: If you want to define a manual IPv6 route to an adjacent router or remote IPv6 network, enter YES; subsequent prompts will ask you for information about the route. Otherwise, press Return; the configuration procedure goes to step 26. 22. Indicate the address prefix of a destination IPv6 network by responding to the following prompt: Enter the destination network address prefix: Enter the address prefix of the destination IPv6 network, or enter DEFAULT for the default route. 23. Enter the name of the interface through which you will send traffic to the remote IPv6 network and press Return. Enter interface to use when forwarding messages: 24. Enter the link-local IPv6 address of the first router in the path to the destination network. This address together with the IPv6 address prefix constitute the static routing table entry. Enter the next node's IPv6 address: If the next node is on the same link as this node or is reachable through a configured tunnel, enter the link- local address. If the next node is reachable through an automatic tunnel, enter the IPv4-compatible IPv6 address. For all other connections, enter the IPv6 address. 25. Indicate whether you want to define another manual IPv6 route to an adjacent router or remote IPv6 network by responding to the following prompt: Configure another manual IPv6 route? [NO]: If you want to define another manual IPv6 route, enter YES and press Return. The configuration procedure repeats steps 22 through 24 for each additional manual IPv6 route you choose to define. If you do not want to define another manual IPv6 route, press Return. 26. The configuration procedure displays a summary of your new IPv6 host configuration, as shown in the following example: You configured this node as a IPv6 host with the following: Daemons: ND6HOST Dynamic Updates Disabled Interfaces: WE0 Dynamic Address Configuration Enabled TN1 6to4 Tunneling Enabled using 5.6.7.8 Prefix 2002:506:708::/64 Relay Router 2002:90A:B0C:1::1 Manual Routes: 2002::/16 TN1 FE80::5.6.7.8 DEFAULT TN1 2002:90A:B0C:1::1 27. Indicate whether you want to create a new host configuration file based on the choices you have made, by responding to the following prompt: Create new IPv6 network configuration files? [YES]: If you are not satisfied with the configuration, enter NO; the configuration procedure will end immediately without changing the current IPv6 network configuration. If you are satisfied with the configuration, press Return. The configuration procedure creates new host configuration file and then displays the following message: A new IPv6 configuration file, SYS$SYSTEM:TCPIP$INET6_CONFIG.DAT, has been created. The previous configuration file (if any) has been renamed to SYS$SYSTEM:TCPIP$INET6_CONFIG.DAT_OLD. This new IPv6 network configuration will become active the next time TCP/IP Services for OpenVMS is started. 1.b. Guide to IPv6, Section 2.6.1 Running TCPIP$IP6_SETUP to Configure Router Update IPv6 router configuration procedure as shown here: Configuring an IPv6 Router To configure your system as an IPv6 router, do the following: 1. Invoke the TCPIP$IP6_SETUP configuration procedure by entering the following command: $ @SYS$MANAGER:TCPIP$IP6_SETUP 2. Choose to configure the system as an IPv6 router by entering YES and pressing Return at the following prompt: Configure this system as an IPv6 router? [NO]: 3. Indicate whether you want to configure a 6to4 interface by responding to the following prompt: Configure a 6to4 interface? [NO]: A 6to4 interface is needed to configure a border router. If you do not want to configure a 6to4 interface, press Return. The configuration procedure goes to step 7. If you want to configure a 6to4 interface, enter YES and press Return. The configuration procedure then displays the 6to4 tunnel interface, as shown here: The 6to4 tunnel is: TN1 You will be prompted to enter information about the 6to4 interface in subsequent steps. 4. Enter this router's IPv4 address in response to the following prompt: Enter this node's IPv4 address to use when generating your site's 6to4 prefix: The IPv4 address must be in dotted-decimal format (d.d.d.d). The configuration procedure automatically generates a 6to4 site prefix based on the IPv4 address entered, and displays the prefix as shown here: Your 6to4 site prefix is: 2002:x:x::/48 This site prefix is advertised to hosts on the interfaces attached to the IPv6 site. This address must be a valid, globally unique IPv4 address configured on the router's interface to the IPv4 network. 5. Indicate whether you want this system to function as a 6to4 relay router: Configure a 6to4 relay router? [NO]: If hosts in this border router's 6to4 site need to communicate with native IPv6 sites (IPv6 only), enter YES and press Return. If you do not want the system to function as a 6to4 relay router, press Return. The configuration procedure goes to step 7. 6. Specify the address of a relay router: Enter the 6to4 address of a 6to4 relay router [2002:C058:6301::]: The address of the default relay router is displayed. To use the default, press Return. Otherwise, enter the 6to4 unicast address of a 6to4 relay router. 7. For each network interface on your system, the configuration procedure asks whether you want to enable IPv6 on that interface, as shown below, where ddn is the internet interface name, such as WE0: Enable IPv6 on interface ddn? [YES]: If you want to enable IPv6 on this interface, press Return; if you do not, enter NO. For each interface, the configuration procedure repeats steps 7 through 9. 8. Indicate whether you want the router to run the RIPng protocol on the designated interface by responding to the following prompt: Enable RIPng on interface ddn? [YES]: If you want the router to run the RIPng protocol, press Return; otherwise, enter NO and press Return. The RIPng protocol allows this router to exhange IPv6 routes with other routers. 9. Indicate whether you want the router to advertise an IPv6 address prefix on the designated interface, by responding to the following prompt: Enter an address prefix to advertise on interface ddn [DONE]: If you want the router to advertise an IPv6 address prefix, enter a 64-bit address prefix for the interface and press Return. You can configure multiple address prefixes for this interface. You will be prompted for additional address prefixes until you enter DONE. If you do not want the router to advertise an IPv6 address prefix on the designated interface, enter DONE and press Return. 10. Indicate whether you want to configure an automatic tunnel by responding to the following prompt: Configure an IPv6 over IPv4 automatic tunnel interface? [NO]: If you do not want to configure an automatic tunnel, press Return; the configuration procedure goes to step 12. If you want to configure an automatic tunnel, enter YES; the configuration procedure displays the automatic tunnel interface as shown here, and then prompts you for the tunnel's address in step 11. The automatic tunnel is: TN0 ________________________ Note ________________________ Because of potential IPv4-compatible address routing problems, HP recommends that you avoid using automatic tunnels. ______________________________________________________ 11. Enter the IPv4 address to use when constructing the automatic tunnel's endpoint. Enter this node's IPv4 address to use when creating your automatic tunnel: Enter the IPv4 address in dotted-decimal format (d.d.d.d). 12. Indicate whether you want to create an IPv6 over IPv4 configured tunnel, by responding to the following prompt: Create IPv6 over IPv4 configured tunnels? [NO]: If you want to create an IPv6 over IPv4 configured tunnel, enter YES and press Return. You will be prompted for information about this tunnel in subsequent steps. If you do not want to create an IPv6 over IPv4 configured tunnel, press Return; the configuration procedure goes to step 18. 13. Enter the tunnel's source IPv4 address in response to the following prompt: Enter the source IPv4 address of tunnel ITn: Enter the tunnel's source IPv4 address in dotted-decimal format (d.d.d.d). 14. Enter the tunnel's destination IPv4 address in response to the following prompt: Enter the destination IPv4 address of tunnel ITn: Enter the tunnel's destination IPv4 address in dotted-decimal format (d.d.d.d). The tunnel's destination address must differ from the source address entered in the previous step. 15. Indicate whether you want to enable the RIPng protocol on the designated interface by responding to the following prompt: Enable RIPng on interface ITn? [YES]: Press Return if you want to enable the RIPng protocol on this interface; enter NO and press Return if you do not. The RIPng protocol allows this router to exhange IPv6 routes with other routers. 16. Indicate whether you want the router to advertise an IPv6 address prefix on the tunnel interface, by responding to the following prompt: Enter an address prefix to advertise on interface ITn? [DONE]: If you want the router to advertise an IPv6 address prefix, enter a 64-bit address prefix for the designated interface and press Return. You can configure multiple address prefixes for this interface. You will be prompted for additional address prefixes until you enter DONE. If you do not want the router to use an IPv6 address prefix on the tunnel interface, enter DONE. 17. Indicate whether you want to create another IPv6 over IPv4 configured tunnel, by responding to the following prompt: Create another IPv6 over IPv4 configured tunnel? [NO]: If you want to create another IPv6 over IPv4 configured tunnel, enter YES and press Return. The configuration procedure repeats steps 13 through 16 for each additional configured tunnel you choose to create. If you do not want to create another IPv6 over IPv4 configured tunnel, press Return. 18. Indicate whether you want to create an IPv6 over IPv6 configured tunnel, by responding to the following prompt: Create IPv6 over IPv6 configured tunnels? [NO]: If you want to create an IPv6 over IPv6 configured tunnel, enter YES and press Return. You will be prompted to enter information about this tunnel in subsequent steps. If you do not want to create an IPv6 over IPv6 configured tunnel, press Return; the configuration procedure goes to step 24. 19. Enter the tunnel's source IPv6 address in response to the following prompt: Enter the source IPv6 address of tunnel ITn: Enter the source IPv6 address of the designated tunnel. 20. Enter the tunnel's destination IPv6 address in response to the following prompt: Enter the destination IPv6 address of tunnel ITn: Enter the destination IPv6 address of the designated tunnel. The tunnel's destination address must differ from the source address entered in the previous step. 21. Indicate whether you want to enable the RIPng protocol on the interface by responding to the following prompt: Enable RIPng on interface ITn? [YES]: Press Return if you want to enable the RIPng protocol on this interface; enter NO and press Return if you do not. The RIPng protocol allows this router to exhange IPv6 routes with other routers. 22. Indicate whether you want the router to advertise an IPv6 address prefix on the tunnel interface, by responding to the following prompt: Enter an address prefix to advertise on interface ITn [DONE]: If you want the router to advertise an IPv6 address prefix, enter a 64-bit address prefix for the designated interface and press Return. You can configure multiple address prefixes for this interface. You will be prompted for additional address prefixes until you enter DONE. If you do not want the router to use an IPv6 address prefix on the tunnel interface, enter DONE. 23. Indicate whether you want to create another IPv6 over IPv6 configured tunnel, by responding to the following prompt: Create another IPv6 over IPv6 configured tunnel? [NO]: If you want to create another IPv6 over IPv6 configured tunnel, enter YES and press Return. The configuration procedure repeats steps 19 through 22 for each additional configured tunnel you choose to create. If you do not want to create another IPv6 over IPv6 configured tunnel, press Return. 24. Indicate whether you want to define manual IPv6 routes by responding to the following prompt: Configure manual IPv6 routes? [NO]: If you want to define a manual IPv6 route to an adjacent router or remote IPv6 network, enter YES; subsequent prompts will ask you for information about the route. Otherwise, press Return; the configuration procedure goes to step 29. 25. Indicate the address prefix of a destination IPv6 network by responding to the following prompt: Enter the destination network address prefix: Enter the address prefix of the destination IPv6 network, or enter DEFAULT for the default route. 26. Enter the name of the interface through which you will send traffic to the remote IPv6 network and press Return. Enter interface to use when forwarding messages: 27. Enter the link-local IPv6 address of the first router in the path to the destination network. This address together with the IPv6 address prefix constitute the static routing table entry. Enter the next node's IPv6 address: If the next node is on the same link as this node or is reachable through a configured tunnel, enter the link- local address. If the next node is reachable through an automatic tunnel, enter the IPv4-compatible IPv6 address. For all other connections, enter the IPv6 address. 28. Indicate whether you want to define another manual IPv6 route to an adjacent router or remote IPv6 network by responding to the following prompt: Configure another manual IPv6 route? [NO]: If you want to define another manual IPv6 route, enter YES and press Return. The configuration procedure repeats steps 25 through 27 for each additional manual IPv6 route you choose to define. If you do not want to define another manual IPv6 route, press Return. 29. The configuration procedure displays a summary of your new IPv6 router configuration, as shown in the following example: You configured this node as a IPv6 router with the following: Daemons: IP6RTRD Interfaces: WE0 RIP Enabled IT0 RIP Enabled Tunnel Source ::1 Tunnel Destination ::2 Prefix AAAA::/64 Prefix BBBB::/64 TN1 6to4 Tunneling Enabled using 1.2.3.4 Relay Router 2002:C058:6301:: Manual Routes: ::4/64 WE0 ::5 30. Indicate whether you want to create new router configuration files based on the choices you have made, by responding to the following prompt: Create new IPv6 network configuration files? [YES]: If you are not satisfied with the configuration, enter NO; the configuration procedure will end immediately without changing the current IPv6 network configuration. If you are satisfied with the configuration, press Return. The configuration procedure creates new router configuration files and then displays the following message: A new IPv6 configuration file, SYS$SYSTEM:TCPIP$INET6_CONFIG.DAT, has been created. The previous configuration file (if any) has been renamed to SYS$SYSTEM:TCPIP$INET6_CONFIG.DAT_OLD. A new IPv6 configuration file, SYS$SYSTEM:TCPIP$IP6RTRD.CONF, has been created. The previous configuration file (if any) has been renamed to SYS$SYSTEM:TCPIP$IP6RTRD.CONF_OLD. This new IPv6 network configuration will become active the next time TCP/IP Services for OpenVMS is started. -------------------------------------------------------------- 13: Updates for SSH2 release notes -------------------------------------------------------------- 1 New Version of SSH The SSH service has been upgraded to Version 3.2. This upgrade introduces changes to the SSH utilities. For more information about the SSH utilities, use the -h flag on the utility command line. For example: $ SSH -h 1.1 SSH Supports IPv6 The version of SSH in the current release of TCP/IP Services supports IPv6 environments. In order for SSH to work in the IPv6 environment, the service must be set to IPv6. To display the setting for SSH, enter the following commands: $ TCPIP TCPIP> SHOW SERVICE SSH /FULL If the IPv6 flag is not included, enter the following command: TCPIP> SET SERVICE SSH /FLAG=IPV6 1.2 SSH Port Forwarding SSH for OpenVMS supports UNIX-like port forwarding commands, including the -x and +x flags, as well as the ForwardX11 configuration keyword. For more information about using SSH port forwarding, see; o Section 5.4 1.3 SSH File Transfers The maximum file size for SSH file copy operations has been increased, with the maximum size dependent on the capability of the remote host. When both client and server are this release of OpenVMS the maximum is above 16 gigabytes. In addition, the speed of file transfers has increased depending on available resources, CPU, network conditions, and so forth. For specific restrictions, see Section 4.13. 1.4 SSH Batch Jobs With this version of TCP/IP Services, you can use SSH commands in batch jobs. For specific restrictions in the use of batch jobs for SSH sessions, see Section 4.10. 2 Installing Over V5.3 Early Adopter's Kit (EAKs) If you have installed the SSH for OpenVMS EAK, you must use the PCSI REMOVE command to remove the EAK before you install TCP/IP Services V5.5. 2.1 Disabling or Enabling SSH Server When you use the TCPIP$CONFIG.COM configuration procedure to disable or enable the SSH server, the following prompt is displayed: * Create a new default Server host key? [YES]: Unless you have a specific reason for creating a new default server host key, you should enter "N" at this prompt. If you accept the default, clients with the old key will need to obtain the new key. For more information, see Section 4.6. 3 SSH Configuration Files Must Be Updated The SSH client and server on this version of TCP/IP Services cannot use configuration files from previous versions of SSH. If the SSH client and server detect systemwide configuration files from an older version of SSH, the client will start, but the server will fail to start. Both will issue the following warning message: the client will display it at the terminal, and the server will write it to the file TCPIP$SSH_HOME:TCPIP$SSH_RUN.LOG: You may have an old style configuration file. Please follow the instructions in the release notes to use the new configuration files. If the SSH client detects a user-specific configuration file from an older version of SSH, the SSH client will display the warning and will allow the user to proceed. To preserve the modifications made to the SSH server configuration file and the SSH client configuration file, you must edit the templates provided with the new version of SSH, as follows: 1. Extract the template files using the following commands; be sure to include the dot character when specifying the file names SSH2_CONFIG. and SSHD2_CONFIG. : $ LIBRARY/EXTRACT=SSH2_CONFIG SYS$LIBRARY:TCPIP$TEMPLATES.TLB - _$ /OUT=TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSH2_CONFIG. $ LIBRARY/EXTRACT=SSHD2_CONFIG SYS$LIBRARY:TCPIP$TEMPLATES.TLB - _$ /OUT=TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG. These commands copy the new template files into the SSH2 configuration directory with a new version number. 2. Copy the modifications made in the old versions of the configuration files to the new versions. 3. Restart SSH using the following command: $ @SYS$STARTUP:TCPIP$SSH_SHUTDOWN.COM $ @SYS$STARTUP:TCPIP$SSH_CLIENT_SHUTDOWN.COM $ @SYS$STARTUP:TCPIP$SSH_STARTUP.COM $ @SYS$STARTUP:TCPIP$SSH_CLIENT_STARTUP.COM 4 SSH Problems and Restrictions This section contains the following information: o SSH-related security advisories (Section 4.1) o SSH general notes and restrictions (Section 4.2) o UNIX features that are not supported by SSH (Section 4.3) o SSH command syntax notes and restrictions (Section 4.4) o SSH authentication notes and restrictions (Section 4.5) o SSH keys notes and restrictions (Section 4.6) o SSH session restrictions (Section 4.7) o SSH messages notes and restrictions (Section 4.8) o SSH remote command notes and restrictions (Section 4.9) o SSH batch mode restrictions (Section 4.10) o X11 port forwarding restrictions (Section 4.11) o File transfer restrictions (all file sizes) (Section 4.12) o File transfer restrictions (large files) (Section 4.13) ________________________ Note ________________________ References to SSH, SCP, or SFTP commands also imply SSH2, SCP2, and SFTP2, respectively. ______________________________________________________ 4.1 SSH-Related Security Advisories Computer Emergency Readiness Team (CERT[R]) advisories are issued by the CERT Coordination Center (CERT/CC), a center of Internet security expertise located at the Software Engineering Institute, a federally-funded research and development center operated by Carnegie Mellon University. CERT advisories are a core component of the Technical Cyber Security Alerts document featured by the United States Computer Emergency Readiness Team (US-CERT), which provides timely information about current security issues, vulnerabilities, and exploits. CERT and HP Software Security Response Team (SSRT) security advisories might be prompted by SSH activity. CERT advisories are documented at the following CERT/CC web site: http://www.cert.org/advisories. Table 1 provides brief interpretations of several SSH- related advisories: Table_1_CERT/SSRT_Network_Security_Advisories______________ Advisory__________Impact_on_OpenVMS________________________ CERT CA-2003-24 OpenSSH only; OpenVMS is not vulnerable. Table_1_(Cont.)_CERT/SSRT_Network_Security_Advisories______ Advisory__________Impact_on_OpenVMS________________________ CERT CA-2002-36 A worst case consequence of this vulnerability is a denial of service (DoS) for a single connection of one of the following types: o Server process handling a connection from a malicious client o Client process connecting to a malicious server In either case, a malicious remote host cannot gain access to the OpenVMS host (for example, to execute arbitrary code), and the OpenVMS server is still able to receive a new connection. CERT-2001-35 OpenVMS is not vulnerable. Affects SSH Version 1 only, which is not supported. CERT CA-1999-15 RSAREF2 library is not used; OpenVMS is not vulnerable. SSRT3629A/B_______OpenVMS_is_not_vulnerable._______________ 4.2 SSH General Notes and Restrictions This section includes general notes and restrictions that are not specific to a particular SSH application. o The UNIX path /etc is interpreted by the OpenVMS SSH server as TCPIP$SSH_DEVICE:[TCPIP$SSH]. o The following images are not included in this release: - TCPIP$SSH_SSH-CERTENROLL2.EXE This image provides certificate enrollment. - TCPIP$SSH_SSH-DUMMY-SHELL.EXE This image provides access to systems where only file transfer functionality is permitted. - TCPIP$SSH_SSH-PROBE2.EXE This image provides the ssh-probe2 command, which sends a query packet as a UDP datagram to servers and then displays the address and the SSH version number of the servers that respond to the query. 4.3 UNIX Features That are Not Supported by SSH This section describes features that are expected in a UNIX environment but are not supported by SSH for OpenVMS. o The server configuration parameter PermitRootLogin is not supported. o The client configuration parameter EnforceSecureRutils is not supported. o There is no automatic mapping from the UNIX ROOT account to the OpenVMS SYSTEM account. o The SSH1 protocol suite is not supported for terminal sessions, remote command execution, and file transfer operations. Parameters unique to SSH1 in the server and client configuration files are ignored. 4.4 SSH Command Syntax This section includes notes and restrictions pertaining to command syntax. o From a non-OpenVMS client, if you use OpenVMS syntax for names (such as device names), enclose the names in single quotation marks to prevent certain characters from being interpreted as they would be on a UNIX system. For example, in the following command, UNIX interprets the dollar sign ($) as a terminator in the device name SYS$SYSDEVICE:[user], resulting in SYS:[user]. # ssh user@vmssystem directory SYS$SYSDEVICE:[user] To avoid this problem, enter the command using the following format: # ssh user@vmssystem directory 'SYS$SYSDEVICE:[user]' 4.5 SSH Authentication This section includes notes and restrictions pertaining to SSH authentication. o This version of SSH does not support Kerberos-based authentication. o The location of the SHOSTS.EQUIV file has been moved from TCPIP$SSH_DEVICE:[TCPIP$SSH] to TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]. o If hostbased authentication does not work, the SSH server may have failed to match the host name sent by the client with the one it finds in DNS/BIND. You can check whether this problem exists by comparing the output of the following commands (ignoring differences in case of the output text): - On the server host: $ TCPIP TCPIP> SHOW HOST client-ip-address - On the client host: $ write sys$output - $_ "''f$trnlnm("TCPIP$INET_HOST")'.''f$trnlnm("TCPIP$INET_DOMAIN")'" If the two strings do not match, you should check the host name and domain configuration on the client host. It may be necessary to reconfigure and restart TCP/IP Services on the client host. o If the user default directory in the SYSUAF user record is specified with angle brackets (for example, ) instead of square brackets ([user-name]), hostkey authentication fails. To solve this problem, change the user record to use square brackets. o The pairing of user name and UIC in the OpenVMS rights database, as displayed by the AUTHORIZE utility's SHOW /IDENTIFIER command, must match the pairing in the SYSUAF record for that user name. If the pairings do not match, the following message error is displayed when the user attempts to establish an SSH session: Received signal 10, SIGBUS: invalid access to memory objects. To solve this, use the AUTHORIZE utility to correct the pairing of user name and UIC value in the OpenVMS rights database. 4.6 SSH Keys This section includes notes and restrictions pertaining to SSH keys. o SSH client users can copy their own customized version of the SSH2_CONFIG. file and modify the value of the variable StrictHostKeyChecking. By setting the value of this variable to "no" the user can enable the client to automatically copy the public key (without being prompted for confirmation) from an SSH server when contacting that server for the first time. A system manager can tighten security by setting the StrictHostKeyChecking variable to "yes" in the systemwide SSH2_CONFIG. file, and forcing users to use only the systemwide version of the file. In this case, to copy the public key from the server, users (and the system manager) must use another mechanism (for example, a privileged user can manually copy the public key). To enforce this tighter security response, the system manager can perform the following steps: 1. Edit TCPIP$SSH_DEVICE:[TCPIP$SSH]SSH2_CONFIG. to include the following line: StrictHostKeyChecking yes 2. Restrict user access to TCPIP$SSH_DEVICE:[TCPIP$SSH]SSH2_CONFIG. For example: $ SET SECURITY/PROTECTION=(G,W) TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSH2_CONFIG.; 3. Edit the SYS$STARTUP:TCPIP$SSH_CLIENT_STARTUP.COM command procedure to install the SSH server image with the READALL privilege. In the following example, change the existing line to the replacement line, as indicated: . . . $ image = f$edit("sys$system:tcpip$ssh_ssh2.exe","upcase") $! call install_image 'image' "" <== existing line $ call install_image 'image' "readall" <== replacement . . . 4. Enable the SSH client, as described in the HP TCP/IP Services for OpenVMS Guide to SSH. ________________________ Note ________________________ Steps 2 and 3 involve modification of system files. Therefore, it may be necessary to repeat the modifications after a future update of TCP/IP Services. ______________________________________________________ o SSH_ADD works correctly only with key files listed in IDENTIFICATION. file. It does not accept a key file name as a parameter and does not automatically add key files found in the [username.SSH2] directory. o Do not use the SSH_KEYGEN -e option (used to edit the comment or passphrase of the key). This option does not work. o With this release, the default size of keys generated by the SSH_KEYGEN utility is 2048 bits (for earlier releases, the default size was 1024 bits). Consequently, generation of keys takes longer - sometimes five to ten times longer. On slow systems, or during SSH configuration, key generation may seem to be hanging when it is not. No progress indicator is displayed. During SSH configuration, the following messages indicate the keys are being generated: Creating private key file: TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]HOSTKEY Creating public key file: TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]HOSTKEY.PUB 4.7 SSH Sessions This section includes restrictions pertaining to SSH sessions. o In an SSH session on the OpenVMS server, the originating client host name and the user name or port identification are not available. For example, in a TELNET session, the OpenVMS DCL command SHOW TERMINAL displays the following information about a UNIX client: Remote Port Info: Host: unixsys.myco.com Port:2728 Likewise, information about an OpenVMS client appears as: Remote Port Info: Host: mysys.com Locn:_RTA4:/USER Neither of these lines are displayed in a similar SSH session. o Starting SSH sessions recursively (for example, starting one SSH session from within an existing SSH session) creates a layer of sessions. Logging out of the innermost session may return to a layer other than the one from which the session was started. o Cutting and pasting from SSH terminal sessions on an OpenVMS server can cause data truncation. When this happens, the following error message is displayed: -SYSTEM-W-DATAOVERUN, data overrun o You cannot shut down an OpenVMS system from an SSH session by executing the command: $ @SYS$SYSTEM:SHUTDOWN.COM The phase of shutdown that stops user processes disconnects the SSH session. However, the following command works: $ MCR SYSMAN SHUTDOWN NODE /{qualifiers} where the possible /{qualifiers} map directly to the options provided by SHUTDOWN.COM. o SSH escape sequences are not fully supported. For example, you may have to enter the Escape . (escape character followed by a space and a period) exit sequence twice for it to take effect. On exit, the terminal is left in NOECHO and PASTHRU mode. o On certain non-OpenVMS clients, after attempting to exit from an SFTP session, you must press Enter an extra time to return to the operating system prompt. 4.8 SSH Messages This section includes notes and restrictions pertaining to SSH session messages. o Normally, the translation of the system logical name SYS$ANNOUNCE is displayed after authentication is complete. In this version of SSH, no automated mechanism exists for displaying this text as a prelogin banner. To provide a prelogin banner from a text file, create the file SSH_BANNER_MESSAGE. containing the text to be displayed before login. To enter multiple lines in the banner text, make sure each line ends with an explicit carriage-return character except the last line. Save the banner message file in the TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2] directory, with privileges that allow it to be read by the user account [TCPIP$SSH]. If you do not use the default file name and location for the message banner file, define them using the BannerMessageFile option in the TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG. file. Specify the location and file name of your banner message file as the argument to the option using one of the following formats: BannerMessageFile TCPIP$SSH_DEVICE:[TCPIP$SSH]BANNER1.TXT BannerMessageFile /TCPIP$SSH_DEVICE/TCPIP$SSH/BANNER2.TXT BannerMessageFile /etc/banner3.txt Note that the argument may be in either OpenVMS or UNIX format and is not case sensitive. (If multiple definitions for the same option are included in the configuration file, the last one listed will take effect.) o Some SSH informational, warning, and error message codes are truncated in the display. For example: %TCPIP-E-SSH_FC_ERR_NO_S, file doesn't exist o Some SSH log and trace output messages, and informational, warning, and error messages display file specifications as UNIX path names. o During certain error conditions or while exiting from an SSH session, SSH displays signal information (as displayed on a UNIX system). For example, pressing Ctrl/C results in the following message: Received signal 2, SIGINT: Interactive attention signal. You can ignore such messages. o When you log out, the message "Connection to hostname closed." may overwrite the last line of the logout message, as in the following example from an SSH session established with host tst1: $ LOGOUT Connection to tst1 closed.at 7-AUG-2003 14:37:15.01 4.9 SSH Remote Commands This section includes notes and restrictions pertaining to SSH remote commands. o Command lines for remote command execution through SSH are limited to 153 characters. o After you execute an SSH remote command, you may need to press the Enter key to get back to the DCL prompt. o When you execute remote commands on the OpenVMS SSH server, the log file TCPIP$SSH_RCMD.LOG is created in the directory defined by the logical name SYS$LOGIN for your user account. This log file is not purged automatically. o When you execute remote commands on an OpenVMS SSH client connected to a non-OpenVMS SSH server, output may not be displayed correctly. For example, sequential lines might be offset as if missing a linefeed, as in the following example: $ ssh user@unixhost ls -a user's password: Authentication successful. . .. .TTauthority .Xauthority .cshrc .dt .dtprofile To display the output correctly, use the -t option with the command, as in the following command example: $ ssh -t user@unixhost ls -a o Any OpenVMS command that refreshes the display can have unexpected results when executed as a remote SSH command. For example, the following command exhibits this behavior: $ MONITOR PROCESS /TOPCPU Executed locally, this command displays a bar chart that is continuously updated. When executed as a remote command, it displays each update sequentially. In addition, you cannot terminate the command using Ctrl/C. 4.10 SSH Batch Mode This section includes batch mode restrictions. o Because the SSH, SFTP, and SCP commands are implemented by code ported from UNIX sources, they do not support all of the standard OpenVMS behaviors for SYS$INPUT, SYS$OUTPUT, and SYS$ERROR in command procedures. For example: - SYS$INPUT is not the default batch command procedure. - Output written to a batch log file or other SYS$OUTPUT file may have an extra (ASCII decimal 13) or other explicit formatting characters. - You can direct SYS$OUTPUT to a file, as in the following example: $ ASSIGN OUT.DAT SYS$OUTPUT o When you run these commands from an interactive command procedure, you should use the explicit UNIX batch mode flags, as listed in the following table: ________________________________________________________ For..._____________________Use..._______________________ SSH (remote command -o batchmode yes execution or port forwarding), SCP, "-B" SFTP,______________________"-B"_{batchfile}_____________ o If you use the SSH command in batch mode with an interactive session (that is, not for remote command execution or setting up port forwarding), the batch job hangs. If the "-S" option is used in an interactive SSH session, or with an SSH command executed interactively in a DCL command procedure, the terminal session hangs. Ctrl/Y and Ctrl/C will not restore the DCL prompt. To release the hung terminal session, you must restart the SSH client and server. o For the SFTP command, note the following: - If the command is used without a "-B" {batchfile} option, SFTP uses the following file by default: SYS$LOGIN:TCPIP$SFTP_BATCHFILE.TXT. - The batchfile used for the "-B" option must either have stream_lf record format, or each of its lines except the last must end with a line feed (, ASCII decimal 10). This restriction applies also the default batchfile SYS$LOGIN:TCPIP$SFTP_BATCHFILE.TXT. - If a file name is specified for the "-B" option it must be in UNIX format, e.g., the default file noted above: /SYS$LOGIN/TCPIP$SFTP_BATCHFILE.TXT or an alternate: /DISK1$/MYDIR/MYSUBDIR/SFTP.BAT o When running in batch mode: - The SFTP command displays the final state-of-progress indicator; the SCP command does not. - The SSH command will not prompt for a password, password update, or passphrase. If one is required, the batch job fails. - The SSH command will not cause a new host key to be saved if the value of StrictHostkeyChecking is "no;" SSH will not prompt for one if the value is "ask." For other notes and restrictions pertaining to keys, see Section 4.6. - If an ls command is contained in the SFTP batch input, and the interactive output requires input from the keyboard to continue, then some of the output lines might be omitted from the batch log file. 4.11 SSH X11 Port Forwarding This section includes X11 port forwarding restrictions and problems. The following notes apply: 1. The ssh client may be an OpenVMS or a non-OpenVMS system 2. The X11 server may be the same as the ssh client, or may be different 3. The ssh server is an OpenVMS system 4. The X11 client runs on the ssh server. 5. X11 connections may be "chained" (see below), in which case the X11 client runs on the final sshserver, while the X11 server is still defined as in 2 above. More complicated configurations may be possible, but are not supported. o To use X11 forwarding in native mode, the OpenVMS ssh server/X11 client must be running DECwindows MOTIF Version 1.3 or higher. In addition, the X Authority utility (xauth) is required on that systems. For more information on X11 and the xauth utility, see the HP DECwindows Motif for OpenVMS documentation, especially the New Features guide. Also see the description below on the new DecwXauthLockAction configuration variable. o You must set the display variable on your ssh client. This variable is the address of the X11 server, which may or may not be be the same as the sshclient. On an OpenVMS system, you can use the following commands, where Xserver is the name or IP address of the X11 server: $ SET DISPLAY/CREATE/TRANSPORT=TCPIP/NODE=Xserver In this example, the Xserver can be that of the ssh server. $ SET DISPLAY/CREATE/TRANSPORT=LOCAL In this example, the Xserver is ssh server. You can verify that the variable is set correctly by using the following DCL commands: $ SHOW DISPLAY $ SHOW LOGICAL DECW$DISPLAY On a UNIX system, depending on the shell in use, you may be able to use the following command: >setenv DISPLAY Xserver:0.0 To use local transport, use the following UNIX command: >setenv DISPLAY :0.0 o It is possible to "chain" X11 port forwarding across multiple systems, even if the intermediate systems are not running the X11 server. For example, from SYSTEM1 you can use SSH to connect to SYSTEM2, and then from SYSTEM2 connect to SYSTEM3. An X11 client application running on SYSTEM3 will be displayed securely on SYSTEM1. o With this release, X11 port forwarding creates a WS device on the ssh server/X11 client, the same kind of device created by a standard DCL $ SET DISPLAY command. This change makes it possible to check the status of the display on that system with a $ SHOW DISPLAY command. It also makes it possible to chain creation of displays through the DCL $ CREATE TERM/DETACH command; i.e., 1. To issue this command to create a display 2. From the display thus created, issue another $ CREATE TERM/DETACH 3. Continue to repeat step 2 (until resource or other limitations prevent continuing). Also, the use of the WS device makes it possible to run an X11 client application from within a command procedure that can be started as an SSH remote command. For example, on an ssh server/x11 client, create the command procedure SYS$LOGIN:CLOCK.COM: $ MCR DECW$CLOCK On the ssh client/x11 server, execute the following command: $ SSH {ssh-server-name} @SYS$LOGIN:CLOCK.COM As long as authentication and other session conditions are set up correctly, the decw$clock application displays on the X11 server. o It is possible that an ssh server session startup may encounter a lock on the xauthority file held by another users. The new variable DecwXauthLockAction is supported to handle this situation; see below for details. The following is documentation included in the new SSHD2_CONFIG. file: # V5.5-05 # Valid options are: # none: no special action (default) # This option is also in effect if there is no value specified, or if # the variable is commented out. # break: break lock (xauth -b) # ignore: ignore lock (xauth -i) # file: use alternate xauth filename (xauth -f {filename}) # # DecwXauthLockAction none Note that there is a risk to using the "break" or "ignore" options. The general rule is that whichever user exits last will write a version of the xauth file which includes only the contents at the time it opened the file + any changes that user made. Any changes from other user(s) are lost. Thus using the "break" or "ignore" options may cause data loss, especially if the user's display station is active as an X11 server. For the typical ssh user, the display host is single user system and is his or her dedicated display device; in that case the ignore option may cause no problems. An alternative to "break" and "ignore" is the "file" option. In this case, session which starts while the xauth file is locked will write to a different xauth file, to be used only by that session. The file is located in the user's SYS$LOGIN, and has a name in the format: DECW$XAUTHORITY.DECW$XAUTHnnnnnnnn where nnnnnnnn is the 8 digit hex value of the pid of the ssh server process which handles a terminal session for each user. Because of the unique filename, the xauth file will be used by a user for a single ssh session. Hence there will be no conflict with either the default xauth file or xauth files for different users. One restriction with the "file" option, that does not apply to the "break" or "ignore" options: $ CREATE/TERM does not work. Notes: - "none" is the default, since in many cases sites will not experience xauth locking problems. - The following logicals are associated with X11 forwarding: - DECW$DISPLAY, the same one created by a standard DCL $ SET DISPLAY command - DECW$XAUTH logical, used to tell the xauth utility to use a non-default xauth file Both of these logicals are in the job logical name table. For more on xauth and interaction of ssh and X11, see the DECwindows/Motif documentation, especially the New Features guide, and the O'Reilly SSH book. 4.12 SSH File Transfer (All File Sizes) This section includes SSH restrictions pertaining to file transfer operations. o On OpenVMS, setting the ForcePTTYAllocation keyword to "yes" in the SSH2_CONFIG. file can result in failures when performing file copy operations. (In other implementations of SSH, setting the keyword ForcePTTYAllocation to "yes" in the SSH2_CONFIG. file has the same effect as using the -t option to the SSH command.) o Packet-related warnings may appear when using the SFTP and SCP commands on an OpenVMS SSH client to access an OpenSSH server, as in the following example: sftp> ls . .bash_logout .login Warning: packet length mismatch: expected 27, got 8; connection to non-standard server? After a pause, the following message is displayed: sftp> Warning: packet length mismatch: expected 23, got 8; connection to non-standard server? The operation on OpenVMS succeeds despite the warnings. You can ignore the warnings. With this release, the default is to suppress these warning whenever possible. To display the warnings, use the following DCL command: $ DEFINE/SYSTEM TCPIP$SSH_TOLERANT_PROTOCOL_STATUS 0 To retain this assignment through each reboot, add this command to the appropriate startup command procedure. o In general file transfer is limited to OpenVMS files with the following record formats (as displayed by the DIRECTORY/FULL command): - STREAM_LF - Fixed-length 512-byte records o Files with the following record formats are supported for a "get" from an OpenVMS ssh server: - Variable length - VFC Files with record attributes "carriage return carriage control" and "FORTRAN carriage control" are supported. Examples of a file "get": - In SFTP: sftp> get file1.txt - In SCP: $ SCP {remote-ssh-server}:file.txt local.txt o Not all variants of UNIX path names are supported when referring to files on OpenVMS clients and servers. o The SCP and SFTP commands from the following Windows clients have been tested and interoperate correctly with the OpenVMS SSH server: - PuTTY - SSH Communications Other versions and other clients may work, depending on protocol implementation and factors such as whether the client can handle OpenVMS-format file specifications. o When using the SFTP command, pressing Ctrl/C does not display "Cancel" as expected. Also, Ctrl/T does not work as in DCL to display a status line; instead, it switches two adjacent characters, as on UNIX systems. Other problems with character handling have been fixed with this release, as reported in Section 5. o The SFTP ls command pauses for an extended time after displaying a page of data and then continues with the next page. o Using SCP or SFTP command to copy a file back to itself (either in local mode, or by connecting back to the client host) fails with the following error: %TCPIP-E-SSH_FC_ERR_INVA, file record format invalid for copy o The SCP command issued from a client using SSH protocol version 1 will not work with the OpenVMS SSH server, which does not support SSH protocol version 1. 4.13 SSH Transferring Large Files This section includes restrictions pertaining to transferring large files: o The minimum version of DECC$SHR running on your system must VMS732-ACRTL-V0100 for OpenVMS Version 7.3-2 and VMS731-ACRTL-V0400 for OpenVMS Version 7.3-1. o You may need to adjust the user's pagefile quota (SYSUAF value for PGFLQUO) to accommodate the memory requirements of the file copy client and server. The exact value depends on system resources and virtual memory configuration. o Once a file transfer has started you can terminate it by entering . In some cases you may need to enter this sequence twice. Also, entering the sequence during a copy within an SFTP session may return you to the DCL prompt instead of to the sftp> prompt. 5 SSH Problems Fixed in This Release The following sections describe SSH problems fixed in this release. 5.1 SSH Server Does Not Allow Password Change Problem: The SSH server does not support password change requests for non-VMS clients when account passwords have expired. Solution: If the SSH configuration option AllowNonvmsLoginWith ExpiredPwd is set to "yes" and the password has expired, the server sends a request to the client to prompt the user for a new password. The user must change the password, or the account will be locked out, and the next attempt to log in will fail. However, if the OpenVMS account has the DisForce_Pwd_Change flag set in the SYSUAF, the server allows the user to log in, displaying the following message: WARNING - Your password has expired; update immediately with SET PASSWORD! The DisForce_Pwd_Change flag must be applied to each OpenVMS account individually. The default setting for the AllowNonvmsLoginWith ExpiredPwd option has been changed to "yes". If the AllowNonvmsLoginWithExpiredPwd option is set to "no", the server does not allow password authentication for non- OpenVMS clients when the password has expired. The user does not have the option to change the password. 5.2 Language Tag Support Problem: The password change request that is sent to the SSH client can include a language tag. Some clients do not support the language tag. Solution: You can control this feature using the DisableLanguageTag configuration option in the SSH server configuration file (SSHD2_CONFIG). By default, OpenVMS password change requests include the language tag. If the client that does not expect the language tab receives it, the client will issue an error message. You can disable sending the language tag by setting the DisableLanguageTag option to "yes" in the SSH server configuration file. This prevents the language tag from being included in any password change request. 5.3 Accepting Two Passwords Problem: The OpenVMS SSH server does not support a secondary password for password authentication. Solution: The SSH server detects when a user has a second password. In this case, OpenVMS prompts for the second password. If one password has expired, the user is prompted to change the password. If both passwords have expired, the user is prompted to change the first one, and then is prompted to change the second one. In order for the SSH client to accept the OpenVMS prompt for the second password, one or both of the following configuration options must be set to 2: o In the client configuration file (SSH2_CONFIG.): NumberOfPasswordPrompts o In the server configuration file (SSHD2_CONFIG.): PasswordGuesses Both configuration files may be stored in TCPIP$SSH_ DEVICE:[TCPIP$SSH.SSH2]. In addition, the user can have a client configuration file in the user-specific SSH directory ([username.SSH2]). ________________________ Note ________________________ Support for multiple passwords is not specified in any SSH-related RFC. Therefore support within clients for the OpenVMS implementation of two password support is not guaranteed. Also, display on the client side is not under the control of the OpenVMS server. ______________________________________________________ The second password prompt is enabled by forcing an error situation on OpenVMS for the first password; this is handled by the OpenVMS software internally. However, the message displayed after entering the first password depends on the client software. No intrusion record is created if authentication is enabled. However, if either password is entered incorrectly, an intrusion record is created. Some clients accept the second password request even if both passwords have expired. However, some clients do not accept the second password request; these clients function correctly when only one of the passwords has expired. 5.4 Native-Mode X11 Port Forwarding Does Not Work Problem: SSH for OpenVMS does not support the native-mode SSH mechanism for implementing X11 port forwarding (using the -x or +x SSH command options, or the ForwardX11 keyword in the client configuration file and the AllowX11Forwarding keyword in the server configuration file). SSH only supports standard port forwarding, requiring special setup actions to enable the X11 functionality. Solution: This problem is corrected in this release. 5.5 SFTP Double Echo and Key-Handling Problems Problem: Before using SFTP to connect to a remote system, characters typed at the SFTP prompt (SFTP>) are double echoed. In addition, when connected to the remote system, the left and right arrow keys do not work as expected, as well as the Ctrl/X (erase line) and Ctrl/C (exit) sequences. Solution: These problems are corrected in this release. However, pressing Ctrl/C does not display the string "Cancel". 5.6 SSH, SFTP, and SCP Commands Fail or Do Not Work Properly in Batch Mode Problem: The SSH, SCP, and SFTP commands fail or work improperly in batch mode. Solution: This problem is corrected in this release. For restrictions pertaining to batch mode, see Section 4.10. 5.7 RSA Key Types Not Accepted Problem: In prior versions of SSH for OpenVMS, RSA keys are accepted for client authentication to the server, but not accepted for server authentication to the client. Solution: Starting with this release of TCP/IP Services, both RSA and DSA key types are accepted for client authentication to the server as well as server authentication to the client. --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 BFS Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 23-DEC-2003 Alpha and VAX Problem: A binary file transfered using FTP from UNIX to OpenVMS and then copied back to UNIX via NFS is found to be a different size than the original, and a different size than reported via NFS. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15A Reference: PTR 70-5-2350 / CFS.101076 / Req Id: GB_G07470 TCPIP_BUGS Note 2906.1 ECO B 23-DEC-2003 Alpha and VAX Problem: Using SFU or HUMMINGBIRD MAESTRO NFS clients, an attempt to edit an existing file on OpenVMS NFS server using Wordpad is unsuccessful. Messages such as the following are seen on OPCOM: %TCPIP-E-CFS_DATAFAIL, failed to write file data -TCPIP-I-CFS_FILEID, file DKA200:(10252,6,0) -TCPIP-I-CFS_CLUSTER, virtual blocks 1 through 1 -SYSTEM-F-NOPRIV, insufficient privilege or object protection violation Deliverables: TCPIP$CFS_SHR.EXE V5.4-15A Reference: PTR 70-5-2367 / CFS.102003 / Req Id: DE_G07830 TCPIP_BUGS Note 2974 ECO C 23-DEC-2003 Alpha and VAX Problem: Directories are not inheriting the default version limit from the parent directory, except with an OpenVMS client. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15A Reference: PTR 70-5-2300 / CFS.99615 / Req Id: HPAQH0LHT TCPIP_BUGS Note 2996 PTR 70-5-2311 / CFS.99908 / Req Id: HPAQ403SF ECO D 23-DEC-2003 Alpha, IA64, and VAX Problem: ( 1) Performance issues ( 2) New directory and name cache inconsistencies ( 3) XQP returns SS$_UNSUPPORTED when FID_NUM is less than or equal to reserved files regardless of what is in FID_NMX ( 4) Need access to a safe copy of the original argument list in dumps ( 5) Issues in file system's time management Deliverables: TCPIP$CFS_SHR.EXE V5.4-15A Reference: TCPIP_BUGS Note 3005 ECO E 23-DEC-2003 Alpha and VAX Problem: (1) If a mapped device was not mounted, the BFS mount routine ignored the error return from the $PARSE call and then failed later because of a variable not being correctly set by $PARSE. The BFS mount routine is called for the statfs NFS procedure, for the SHOW MAP command, and so forth. (2) The wrong time granularity was being set in the BFS mount routine. The time granularity is reported to clients in the reply to the fsinfo NFS procedure call. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15A Reference: TCPIP_BUGS Note 2990 ECO F 23-DEC-2003 Alpha and VAX Problem: Directories in a container file system cannot be deleted either by UCP or by clients. The error message is "no such file" Deliverables: TCPIP$CFS_SHR.EXE V5.4-15A Reference: CFS.99613 / Req Id: HPAQH0KS8 TCPIP_BUGS Note 2830 ECO G 23-DEC-2003 Alpha, IA64, and VAX Problem: Latent support for future enhancements. Deliverables: TCPIP$UCP.EXE V5.4-15A Reference: PTR 70-5-2404 TCPIP_BUGS Note 3015 ECO H 22-FEB-2004 Alpha and VAX Problem: (1) Directories in a container file system cannot be deleted either by UCP or by clients. The error message is "no such file". (2) Directories cannot be created by UNIX clients on an ODS2 volume without the typeless_directories option, even if the specification includes ".dir". The error message is "file name too long". This bug is unreported, but is exposed by the fix for part (1). Deliverables: TCPIP$CFS_SHR.EXE V5.4-15H Reference: PTR 70-5-2299 / CFS.99613 / Req Id: HPAQH0KS8 TCPIP_BUGS Note 2830-9 PTR 30-13-177 ECO 3 updates ------------- ECO I 6-APR-2004 Alpha and VAX Problem: (1) With improved caching performance the NFS READDIR cookie is expected to be more static. When OpenVMS shuffles the content of a directory, the cookie is invalidated. While NFSv3 does support a status from READDIR v3 that is used to indicate that the cookies are invalid, there is no interface available to the kernel and user to actually sense it and no code to act. (2) Added support for ODS-5 symbolic links. (3) Added support for CASE_SENSITIVE options for ODS-5. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15I Reference: TCPIP_BUGS Note 3042 ECO I 6-APR-2004 Alpha Problem: Fixes to CASE_SENSITIVE options. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15I TCPIP$NFS_SERVICES.EXE V5.4-15C Reference: TCPIP_BUGS Note 3042-1 ECO K 29-JUN-2004 Alpha, IA64, and VAX Problem: Deliverables: TCPIP$CFS_SHR.EXE V5.4-15K TCPIP$NFS_SERVER.EXE V5.4-15D TCPIP$NFS_SERVICES.EXE V5.4-15D Reference: TCPIP_BUGS Note 3117 ECO L 1-JUL-2004 Alpha, IA64, and VAX Problem: (1) Create symlink syntax checks target of symbolic link. (2) Added NAME_CONVERSION export option for ODS-5. (3) Support to turn off symbolic links capability. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15L Reference: TCPIP_BUGS Note 3129 ECO M 20-JUL-2004 Alpha, IA64, and VAX Problem: Code cleanup. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15M Reference: TCPIP_BUGS Note 3129-2 ECO 5 updates ------------- ECO N 24-APR-2005 Alpha, IA64, and VAX Problem: Corrections to handling of mode, uid, gid, size, atime, mtime. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15N TCPIP$NFS_SERVER.EXE V5.4-15E TCPIP$NFS_SERVICES.EXE V5.4-15E Reference: PTR 70-5-2665 TCPIP_BUGS Note 3117.2 ECO N 24-APR-2005 Alpha, IA64, and VAX Problem: Added support for CASE_SENSITIVE options for ODS-5. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15N Reference: TCPIP_BUGS Note 3042.3 ECO N 25-APR-2005 Alpha, IA64, and VAX Problem: The command "mv foo.directory foo.dir.8" when issued by a UNIX client resulted in a directory named foo^.dir^.8^;.DIR;1 as seen by OpenVMS. The directory was not visible to the UNIX client. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15N Reference: TCPIP_BUGS Note 3306 ECO O 19-MAY-2005 Alpha, IA64, and VAX Problem: A chmod operation from a Unix client results in an invalid date, which may make the file seem to disappear. Deliverables: TCPIPCFS_SHR.EXE V5.4 Reference: PTR 70-5-2665 TCPIP_BUGS Note 3117.6 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 BIND9_SERVER Images --------------------------------------------------------------------------- ECO 2 updates ------------- ECO A 15-MAR-2004 Alpha and I64 Problem: BIND9 Slave server is refusing Notify requests from a zone's Master server. Deliverables: TCPIP$BIND_SERVER.EXE V5.4-15A Reference: PTR 70-5-2357 / CFS.101453 / Req Id: CH_G07608 / UCX Note 9854 TCPIP_BUGS Note 3029 ECO B 18-MAR-2004 5.3 and 5.4 Alpha only, 5.5 Al Problem: The BIND Server process could exit with one of the following footprints being logged to TCPIP$BIND_RUN.LOG: REQUIRE((((task) != 0L) && (((const isc__magic_t *)(task))->magic == ((('T')<< 24 | ('A') << 16 | ('S') << 8 | ('K')))))) failed Sun 19 03:00:13 CRITICAL: exiting (due to assertion failure) %SYSTEM-F-OPCCUS, opcode reserved to customer fault at PC=FFFFFFFF80A6C924, PS=0000001B REQUIRE(res->item_out == isc_boolean_true) failed Fri 19 13:12:04 CRITICAL: exiting (due to assertion failure) %SYSTEM-F-OPCCUS, opcode reserved to customer fault at PC=FFFFFFFF80E6C924, PS=0000001B Deliverables: TCPIP$BIND_SERVER.EXE V5.4-15B Reference: PTR 70-5-2401 / CFS.103794 TCPIP_BUGS Note 3046 ECO 5 updates ------------- ECO C 12-APR-2005 Alpha, IA64 Problem: Some resolver clients do not get responses from the BIND server after a failover event when using the cluster alias. Deliverables: TCPIP$BIND_SERVER.EXE V5.4-15C Reference: PTR 70-5-2631 / CFS.! / Req Id: ! / UCX Note ! TCPIP_BUGS Note 3219 ECO C 12-APR-2005 Alpha, IA64 Problem: Previous changes for this problem broke the BIND9_TOOLS facility. Deliverables: TCPIP$BIND_SERVER.EXE V5.4-15C Reference: PTR 70-5-2631 TCPIP_BUGS Note 3219.1 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 BIND_RESOLVER Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 18-NOV-2003 Alpha and VAX Problem: The getipnodebyaddr() routine sometimes returned the same structure twice, leading the application which called it to call freehostent() twice for the same block of memory. This led to memory corruption and subsequent anomalous behavior such as ACCVIOs following repeated getipnodebyaddr() calls for a host in the IPNODES.DAT file. Deliverables: TCPIP$IPC_SHR.EXE V5.4-15A Reference: PTR 30-5-434 TCPIP_BUGS Note 3010 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 DNFS Images --------------------------------------------------------------------------- ECO 3 updates ------------- ECO A 23-AUG-2004 Alpha, IA64, and VAX Problem: Unable to correctly access files on ODS-5 NFS drive due to command line/file name parsing errors on OpenVMS 7.3-2 or on OpenVMS V7.3-1 after installing RMS patch VMS731_RMS-V0500. Deliverables: TCPIP$DNFSACP.EXE V5.4-15A Reference: PTR 70-5-2452 / CFS.104950 / UCX Note 10088 TCPIP_BUGS Note 3154 PTR 70-5-2554 ECO A 23-AUG-2004 Alpha and VAX Problem: NFS client aborts after creating a hard link using set file /enter. Deliverables: TCPIP$DNFSACP.EXE V5.4-15A Reference: PTR 30-5-432 TCPIP_BUGS Note 3162 PTR 75-105-42 ECO B 20-SEP-2004 Alpha, IA64, and VAX Problem: Case blind lookup of files on an NFS mounted ODS-5 volume is broken since upgrade to OpenVMS V7.3-2 and on OpenVMS V7.3-1 after applying RMS patch VMS731_RMS-V0500. Deliverables: TCPIP$DNFSACP.EXE V5.4-15B Reference: PTR 70-5-2452 / CFS.104950 TCPIP_BUGS Note 3173 PTR 70-5-2554 PTR 75-107-58 ECO 5 updates ------------- ECO C 12-APR-2005 Alpha, IA64, and VAX Problem: System crashing intermittently with fatal exception when dismounting a DNFS device that was mounted with /SHARE. Deliverables: TCPIP$DNFS_MOUNT_SHR.EXE V5.4-15C Reference: PTR 70-5-2606 / CFS.QXCM1000190691 TCPIP_BUGS Note 3220 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 FAILSAFE Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 21-NOV-2003 Alpha, IA64, and VAX Problem: 1) Phantom failure occurs on a quiet LAN where there is only one IP address configured on multiple interfaces. The workaround is to configure an IP address on at least one other interface or generate periodic broadcast traffic on the LAN (e.g. with OSPF hello packets). 2) The mapping between the interface name and the OpenVMS device name is statically declared. If customers define their own ifname and OpenVMS device, then failSAFE will not start. The LAN failover device (LLA0) also has no mapping, since it was not included in the failSAFE mapping table in time for the first release. 3) A user-defined log file name can now be specified in the SYS$SYSDEVICE:[TCPIP$FSAFE]TCPIP$FAILSAFE.CONF configuration file. For file name syntax information, refer to the configuration file provided when failSAFE is configured for the first time. Deliverables: TCPIP$FAILSAFE.CONF TCPIP$FAILSAFE.EXE V5.4-15A Reference: UCX Note 10084 TCPIP_BUGS Note 3023 ECO 2 updates ------------- ECO B 24-MAR-2004 Alpha, IA64, and VAX Problem: After implementing the ECO fix described in 3023.0, the log file fills with the following error message every 30 seconds. ERROR: Broadcast failure on device _EIC13: status 8268 Deliverables: TCPIP$FAILSAFE.EXE V5.4-15B Reference: UCX Note 10084 TCPIP_BUGS Note 3023.2 ECO 5 updates ------------- ECO C 13-APR-2005 Alpha, IA64 Problem: The failSAFE service could produce a MAC broadcast storm and possibly loss of default route after the processs recovered from a lengthy suspended state. Deliverables: TCPIP$FAILSAFE.EXE V5.4-15C Reference: PTR 70-5-2749 TCPIP_BUGS Note 3274 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 FTP_CLIENT Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 19-DEC-2003 Alpha and VAX Problem: [1] Unable to get ODS-5 files from V5.3 FTP server. For example: FTP> get NAME^_SPACE.TXT 550-Failed to open DISK:[DIR]NAME^^_SPACE.TXT; for input. 550 file not found Another symptom of this problem is that mget (and wildcarded get) also fails on any ODS-5 filenames. [2] Unable to put files using '%' wildcards to a non-OpenVMS FTP server from V5.3 FTP client. For example: FTP> put *.*_%%%%%%%%;* %TCPIP-E-FTP_INPROCF, error processing input file DISK:[DIR]*.*_^%^%^%^%^%^%^%^%;* -RMS-E-FND, ACP file or directory lookup failed -SYSTEM-W-BADFILENAME, bad file name syntax [3] Unable to use '.' as a version separator when listing files on a V5.3 FTP server. For example: FTP> ls tcpip$ftp_server.log.* 200 PORT command successful. 150 Opening data connection for tcpip$ftp_server.log.* ... 550 file not found (Using ';' works, but some FTP clients do not accept ';' appearing in client commands.) All of these problems are new in V5.3 and worked fine in earlier versions. They all relate to COE/UNIX functionality added to FTP in V5.2, which was released in V5.3 to the wider audience of OpenVMS Alpha customers under the guise of "FTP Server and FTP Client Support for UNIX Path Names." As a solution, two new logicals were introduced, TCPIP$FTP_COMPAT_REV (for client) and TCPIP$FTPD_COMPAT_REV (for server) that can be set to "5.1" to restore the TCPIP V5.1 and earlier file name / path name interpretation. Deliverables: TCPIP$FTP_CHILD.EXE V5.4-15A TCPIP$FTP_SERVER.EXE V5.4-15A TCPIP$FTP_CLIENT.EXE V5.4-15A Reference: PTR 70-5-2305 / CFS.99732 / Req Id: KAOB42626 TCPIP_BUGS Note 2976 PTR 70-5-2340 / CFS.100721 / Req Id: CH_G07347 PTR 70-5-2356 / CFS.101367 / Req Id: HPAQ604HH ECO B 19-DEC-2003 Alpha and VAX Problem: Unable to reconnect to server after prior idle disconnect timeout. The following sequence of commands fails: $ ftp FTP> open xxx (*** Wait for idle disconnect timeout ***) FTP> disconnect %TCPIP-E-FTP_NETERR, I/O error on network device -SYSTEM-F-CONNECFAIL, connect to network object timed-out or failed FTP> open xxx %TCPIP-E-FTP_NETERR, I/O error on network device -SYSTEM-S-NORMAL, normal successful completion Deliverables: TCPIP$FTP_CLIENT.EXE V5.4-15A Reference: PTR 70-5-2373 / CFS.102206 / Req Id: NL_G07910 / UCX Note 9917 TCPIP_BUGS Note 2983 ECO C 22-DEC-2003 Alpha and VAX Problem: FTP (VMS-to-VMS in VMS-Plus mode) doesn't transfer a file's Longest Record Length attribute. Deliverables: TCPIP$FTP_CLIENT.EXE V5.4-15A TCPIP$FTP_CHILD.EXE V5.4-15A Reference: PTR 70-5-2390 / CFS.103251 / Req Id: CH_G08326 / UCX Note 9965 TCPIP_BUGS Note 2998 ECO 2 updates ------------- ECO D 24-MAR-2004 Alpha, IA64 Problem: After an FTP GET or MGET command issued with wildcards completes, the temporary TCPIP$FTP_TEMPnnnnnnnn.TMD files created by FTP are supposed to be deleted from the SYS$SCRATCH area. However, if no files match the wildcard criteria, FTP fails to delete any of the temporary files. (If at least one file matches the wildcard criteria, FTP does successfully delete any TCPIP$FTP_TEMPnnnnnnnn.TMD files created in SYS$SCRATCH.) Deliverables: TCPIP$FTP_CLIENT.EXE V5.4-15D Reference: PTR 70-5-2456 / CFS.105496 TCPIP_BUGS Note 3058 ECO E 14-MAY-2004 Alpha and VAX Problem: The FTP client fails to parse quoted parameter strings correctly. For example: FTP> rename "a.txt" "b.txt" The FTP client interprets the above as one parameter passed to rename. Deliverables: TCPIP$FTP_CLIENT.EXE V5.4-15E Reference: PTR 70-5-2466 / CFS.105796 TCPIP_BUGS Note 3105 PTR 70-5-2504 / CFS.106611 ECO 3 updates ------------- ECO F 11-JUN-2004 Alpha, IA64, and VAX Problem: If the following three conditions are met when using the DCL COPY/FTP command: - The source file specification contains a logical which is defined as a directory search list - The file name, type and extension are not wildcarded and - The file can be found in more than one directory in the specified search list Then, the DCL COPY/FTP command incorrectly copies all files matching the file name. This contrasts with the behavior of the DCL COPY command which will only copy the first matching file. Deliverables: TCPIP$FTP_CLIENT.EXE V5.4-15F Reference: PTR 70-5-2532 / CFS.107415 / Req Id: DE_G09744 TCPIP_BUGS Note 3112 ECO 5 updates ------------- ECO G 24-APR-2005 Alpha, IA64 Problem: FTP copies between VMS system of large (multi-gigabyte) files to a disk with highwater marking could take a long time and make the disk inaccessable to other users. This fix makes FTP a better community member. Depending upon the size of the file and the type of the output disk, file creation may still take time but the time and impact to other users should be reduced. Deliverables: [FTP_CLIENT]TCPIP$FTP_CLIENT.EXE V5.4 [FTP_SERVER]TCPIP$FTP_CHILD.EXE V5.4 Reference: TCPIP_BUGS Note 3292 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 FTP_SERVER Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 19-DEC-2003 Alpha and VAX Problem: FTP Server process fails with log showing ACCVIO occurred. Deliverables: TCPIP$FTP_SERVER.EXE V5.4-15A TCPIP$FTP_CHILD.EXE V5.4-15A Reference: PTR 70-5-2363 / CFS.101913 / Req Id: KAOB74175 / UCX Note 9893 TCPIP_BUGS Note 2941 ECO B 19-DEC-2003 Alpha and VAX Problem: [1] Unable to get ODS-5 files from V5.3 FTP server. For example: FTP> get NAME^_SPACE.TXT 550-Failed to open DISK:[DIR]NAME^^_SPACE.TXT; for input. 550 file not found A corollary to this problem is that mget (and wildcarded get) also fails on any ODS-5 filenames. [2] Unable to put files using '%' wildcards to non-OpenVMS FTP server from V5.3 FTP client. For example: FTP> put *.*_%%%%%%%%;* %TCPIP-E-FTP_INPROCF, error processing input file DISK:[DIR]*.*_^%^%^%^%^%^%^%^%;* -RMS-E-FND, ACP file or directory lookup failed -SYSTEM-W-BADFILENAME, bad file name syntax [3] Unable to use '.' as a version separator when listing files on a V5.3 FTP server. For example: FTP> ls tcpip$ftp_server.log.* 200 PORT command successful. 150 Opening data connection for tcpip$ftp_server.log.* ... 550 file not found (Using ';' works, but some FTP clients do not accept ';' appearing in client commands.) All of these problems are new in V5.3 and worked fine in earlier revisions. They all relate to COE/UNIX functionality added to FTP in V5.2 which got released in V5.3 to the wider audience of OpenVMS Alpha customers under the guise of "FTP Server and FTP Client Support for UNIX Path Names". As a solution, two new logicals, TCPIP$FTP_COMPAT_REV (for client) and TCPIP$FTPD_COMPAT_REV (for server) that can be set to "5.1" to restore the TCPIP V5.1 and earlier file name / path name interpretation. Deliverables: TCPIP$FTP_CHILD.EXE V5.4-15A TCPIP$FTP_SERVER.EXE V5.4-15A TCPIP$FTP_CLIENT.EXE V5.4-15A Reference: PTR 70-5-2305 / CFS.99732 / Req Id: KAOB42626 TCPIP_BUGS Note 2976 PTR 70-5-2340 / CFS.100721 / Req Id: CH_G07347 PTR 70-5-2356 / CFS.101367 / Req Id: HPAQ604HH ECO C 22-DEC-2003 Alpha and VAX Problem: FTP (VMS-to-VMS in VMS-Plus mode) does not transfer a file's Longest Record Length attribute. Deliverables: TCPIP$FTP_CLIENT.EXE V5.4-15A TCPIP$FTP_CHILD.EXE V5.4-15A Reference: PTR 70-5-2390 / CFS.103251 / Req Id: CH_G08326 / UCX Note 9965 TCPIP_BUGS Note 2998 ECO 2 updates ------------- ECO E 10-MAR-2004 Alpha, IA64, and VAX Problem: On an FTP client, if you use a password with an embedded space to log into an OpenVMS FTP server, the following error message will be returned in response to a DCL DIRECTORY or UNIX ls command: 500 Illegal PORT command. Deliverables: TCPIP$FTP_CHILD.EXE V5.4-15E TCPIP$FTP_SERVER.EXE V5.4-15E Reference: PTR 70-5-2410 / CFS.103944 TCPIP_BUGS Note 3063 ECO 3 updates ------------- ECO F 11-JUL-2004 Alpha, IA64, and VAX Problem: With the FTP PUT command, if the remote file specification contains a directory specification and includes two or more periods, and the characters following the last period are all numerals, FTP will incorrectly use the numeric file version as the file extension. Deliverables: TCPIP$FTP_SERVER.EXE V5.4-15F Reference: CFS.107931 / Req Id: GB_G09999 TCPIP_BUGS Note 3128 ECO 5 updates ------------- ECO G 24-APR-2005 Alpha, IA64 Problem: FTP copies between VMS system of large (multi-gigabyte) files to a disk with highwater marking could take a long time and make the disk inaccessable to other users. This fix makes FTP a better community member. Depending upon the size of the file and the type of the output disk, file creation may still take time but the time and impact to other users should be reduced. Deliverables: [FTP_CLIENT]TCPIP$FTP_CLIENT.EXE V5.4 [FTP_SERVER]TCPIP$FTP_CHILD.EXE V5.4 Reference: TCPIP_BUGS Note 3292 ECO G 24-APR-2005 Alpha, IA64 Problem: FTP writes garbage into the FTP anonymous log file when an anonymous user attempt to change working directory (CWD) fails. Deliverables: [FTP_CLIENT]TCPIP$FTP_CHILD.EXE V5.4 Reference: TCPIP_BUGS Note 3293 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 IFCONFIG Images --------------------------------------------------------------------------- ECO 2 updates ------------- ECO A 25-MAR-2004 Alpha, IA64, and VAX Problem: The ifconfig abort command displays the incorrect number of aborted connections. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15A Reference: Req Id: comp.os.vms TCPIP_BUGS Note 3071 ECO B 25-MAR-2004 Alpha, IA64, and VAX Problem: "$ ifconfig ie0 delete" only deletes active IP addresses. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15B Reference: TCPIP_BUGS Note 3075 ECO C 19-APR-2004 Alpha, IA64, and VAX Problem: 1) When an interface, under the control of failSAFE, fails or recovers an alias address, the IP address is not seen with "TCPIP SHOW INTER". (PTR 30-13-200) 2) Since a pseudo address may not be active immediately, (for example, it is a standby address) the TCPIP SET INTER command may return DEVINACT, even though the address is successfully created as a standby. (30-13-205). 3) When creating a duplicate pseudo address on a different interface, TCPIP SET INTER returns BADPARAM error. Deliverables: TCPIP$INETACP.EXE V5.4-15O TCPIP$INETACP_PERF.EXE V5.4-15O PF TCPIP$INTERNET_SERVICES.EXE V5.4-15O TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15O PF TCPIP$IFCONFIG.EXE V5.4-15C TCPIP$UCP.EXE V5.4-15D Reference: PTR 30-13-200 TCPIP_BUGS Note 3080 PTR 30-13-205 PTR 70-5-2517 / CFS.106872 / Req Id: BCGMH0CZL ECO D 20-APR-2004 Alpha, IA64, and VAX Problem: Cannot filter on address family with ifconfig. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15D Reference: TCPIP_BUGS Note 3086 ECO E 4-MAY-2004 Alpha, IA64, and VAX Problem: Using ifconfig several times from a single UCP session results in confusion when creating IP addresses. For example, when creating IP address2, it could inherit some attributes from IP address1. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15E TCPIP$UCP.EXE V5.4-15E Reference: TCPIP_BUGS Note 3088 ECO 3 updates ------------- ECO F 13-SEP-2004 Alpha, IA64, and VAX Problem: 1) When addresses are created with "aliaslist" they are created as primary addresses. They are now created as aliases. 2) Check for zero-valued host addresses. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15F Reference: PTR 70-5-2603 TCPIP_BUGS Note 3165 ECO 5 updates ------------- ECO G 12-APR-2005 Alpha, IA64 Problem: The ifconfig switch "-home" was ignored when primary addresses were created. This had a downstream affect of breaking DECnet proxies. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15G Reference: PTR 70-5-2612 TCPIP_BUGS Note 3235 ECO G 14-APR-2005 Alpha, IA64 Problem: A customer using V5.4 code has become reliant on some undocumented functionality. They have been using the 'filter' command with ifconfig to perform filtering of IP addresses. The list of filters appears in the file /etc/ifaccess.conf. This is essentially backfilling support for latent functionality. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15G TCPIP$NETSTAT.EXE V5.4-15B TCPIP$INTERNET_SERVICES.EXE V5.4-15AM DOCUMENTATION: Reference: PTR 70-5-2731 / Req Id: UCXNote:9446.3 / UCX Note GS:3282 TCPIP_BUGS Note 3235 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 IMAP Images --------------------------------------------------------------------------- ECO 5 updates ------------- ECO A 31-AUG-2004 Alpha, IA64 Problem: If an user creates a VMSmail folder parallel to the default Mail folder, with LATIN characters (on the ODS-5 Volume) in the folder name, the IMAP clients display a modified folder name. Attempts to SELECT this folder either results in a crash or selection of an non-existing folder. Deliverables: TCPIP$IMAP_SERVER.EXE V5.4-15A Reference: PTR 70-5-2587 TCPIP_BUGS Note 3160 ECO B 18-FEB-2005 Alpha, IA64 Problem: In a message, any line containing more than 255 characters (i.e. without intermediate CR/LF) gets truncated to 255. Deliverables: TCPIP$IMAP_SERVER.EXE V5.4-15B Reference: PTR 70-5-2712 / CFS.QXCM1000213788 TCPIP_BUGS Note 3257 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 INET_V54 Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 18-FEB-2004 Alpha, IA64, and VAX Problem: (1) Receive failures lose quota. (2) Receive IOSB not compliant with documentation. Deliverables: TCPIP$INETDRIVER.EXE V5.4-15A Reference: PTR 70-5-2405 / CFS.103830 TCPIP_BUGS Note 3035 ECO 2 updates ------------- ECO B 16-Apr-2004 Alpha and VAX Problem: Three problems have been found due to investigation of the above PTRs. All three affected the INETDRIVER although one of the problems actually resided in the Kernel VCI module of the TCP/IP Kernel. 1. Problem one can lead to a crash with pool corruption. 2. Problem two was that the calling sequence to routine, INETVCM$SHUTDOWN() was mis-programmed and that could also lead to a crash. 3. Problem three was that we were leaking mbuf structures each time we were executing a connect request. This could lead to serious memory shortage. Deliverables: TCPIP$INETDRIVER.EXE V5.4-15B TCPIP$INET_GLOBALS.STB TCPIP$INTERNET_SERVICES.EXE V5.4-15P TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15P PF Reference: PTR 70-5-2526 / CFS.107045 TCPIP_BUGS Note 3087 PTR 70-5-2513 / CFS.106516 ECO C 14-May-2004 Alpha and VAX Problem: Leakage of INET UCBs. Please see NET facility, ECO T (SCT 3107). Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15T TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15T PF TCPIP$INETACP.EXE V5.4-15T TCPIP$INETACP_PERF.EXE V5.4-15T PF TCPIP$INETDRIVER.EXE V5.4-15C Reference: TCPIP_BUGS Note 3107 ECO D 24-MAY-2004 Alpha and VAX Problem: Several problems: 1. System crash during shutdown in routine INETACP\INETACP$MALLOC_ACP. 2. INETACP process does not terminate after TCPIP shutdown is issued 3. System crash during shutdown in routine INTERNET_SERVICES\SOFREE. 4. INETACP process does not terminate after TCPIP shutdown is issued 5. Leakage of INET UCBs during TCPIP shutdown. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15V TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15V PF TCPIP$INETACP.EXE V5.4-15V TCPIP$INETACP_PERF.EXE V5.4-15V PF TCPIP$INETDRIVER.EXE V5.4-15D TCPIP$INETDRIVERSTOP.EXE V5.4-15D TCPIP$INET_DRIVER_SHUTDOWN.COM Reference: PTR 70-5-2536 / CFS.107462 TCPIP_BUGS Note 3109 ECO 3 updates ------------- ECO E 24-JUN-2004 Alpha and VAX and I64 Problem: Processes doing an I/O to INET devices hang in LEF mode. Deliverables: TCPIP$INETDRIVER.EXE V5.4-15E Reference: PTR 70-5-2563 TCPIP_BUGS Note 3120 ECO 5 updates ------------- ECO F 25-JAN-2005 Alpha and VAX and I64 Problem: Connections made using INET device hang Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15G TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15G TCPIP$INETDRIVER.EXE V5.4-15G Reference: PTR 70-5-2751 / CFS.STID: / UCX Note GS: TCPIP_BUGS Note 3257 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 INSTALL Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 23-DEC-2003 Alpha, IA64, and VAX Problem: The TCPIP$DEFINE_COMMANDS.COM command procedure fails to define foreign commands for DHCP-related utility programs. For example, after running the command procedure: $ @sys$manager:tcpip$define_commands.com it results in no DHCP symbols: $ show symbol dhc* %DCL-W-UNDSYM, undefined symbol - check validity and spelling The command procedure should display the following: $ show symbol dhc* DHCPCONF == "$SYS$SYSTEM:TCPIP$DHCP_CLIENT_CONF.EXE" DHCPDBD*UMP == "$SYS$SYSTEM:TCPIP$DHCP_DBDUMP.EXE" DHCPDBMOD*IFY == "$SYS$SYSTEM:TCPIP$DHCP_DBMODIFY.EXE" DHCPDBREG*ISTER == "$SYS$SYSTEM:TCPIP$DHCP_DBREGISTER.EXE" DHCPDBSH*OW == "$SYS$SYSTEM:TCPIP$DHCP_DBSHOW.EXE" DHCP*GUI == "$SYS$SYSTEM:TCPIP$DHCP_GUI.EXE" DHCPSHOWDBS == "$SYS$SYSTEM:TCPIP$DHCP_SHOWDBS.EXE" . . . Deliverables: TCPIP$DEFINE_COMMANDS.COM Reference: TCPIP_BUGS Note 3003 ECO A 23-DEC-2003 Alpha, IA64, and VAX Problem: The TCPIP$NFS_SHUTDOWN.COM service shutdown command procedure fails to delete the following file-system related logical name tables: 1. TCPIP$CFS_FILESYSTEM_DIRECTORY 2. TCPIP$CFS_PATHNAME_DIRECTORY Deliverables: TCPIP$NFS_SHUTDOWN.COM Reference: TCPIP_BUGS Note 3016 ECO A 23-DEC-2003 Alpha, IA64, and VAX Problem: The TCPIP$STARTUP.COM command procedure corrupts the message help database search list (msglib$library) when adding a new path. Deliverables: TCPIP$STARTUP.COM Reference: PTR 30-13-340 TCPIP_BUGS Note 3009 ECO B 28-JAN-2004 Alpha, IA64, and VAX Problem: The TCPIP$IP6_SETUP.COM configuration procedure needs reworking to address the following: 1. 6to4 tunnels a. Support RFC 1918 (private addresses) for 6to4 tunnels b. Correct bugs detailed in the following PTRs: - PTR 30-13-228 - valid address prefixes are rejected when configuring 6to4 tunnels - PTR 30-13-251 - grammatical errors in configuration prompts - PTR 75-83-1108 - numerous DCL errors result when "?" is entered when configuring 6to4 tunnels c. Configure all routes required for 6to4 relay router 2. Automatic tunnels a. Correctly configure tunnel's endpoint 3. Configured (manual) tunnels a. Support IPv6 over IPv6 configured tunnels b. Support all attributes for configured tunnels (i.e., address prefixes) 4. Correct errors generated in IPv6 configuration and initialization files during IPv6 host/router configuration 5. Support defining manual routes 6. Enhance configuration summary for IPv6 hosts and routers Deliverables: TCPIP$IP6_SETUP.COM Reference: PTR 30-13-228 TCPIP_BUGS Note 3040 PTR 30-13-251 PTR 75-83-1108 ECO C 11-FEB-2004 All Problem: Version 5.1 and Version 5.3 of TCP/IP Services for OpenVMS imposed restrictions on the usage of non-alphanumeric characters in SNMP community names. With Version 5.4, these restrictions have been relaxed. However, a space is not accepted in an SNMP community name. In addition, a quotation mark (") specified as part of a community name might not be handled correctly by TCPIP$CONFIG.COM. A message warns the user to check the validity of the name with the SHOW CONFIGURATION SNMP command, and if necessary, to correct the name with the SET CONFIGURATION SNMP command. Deliverables: TCPIP$CONFIG.COM Reference: PTR 70-5-2389 / UCX Note 9967 TCPIP_BUGS Note 3039 ECO D 2-MAR-2004 Alpha, IA64, and VAX Problem: After IPv6 is configured with TCPIP$IP6_SETUP.COM, the TCPIP$STARTUP command procedure: 1. Cannot create the Neighbor Discovery Daemon process TCPIP$ND6HOST on a system configured as an IPv6 host 2. Cannot create the Router Daemon process TCPIP$IPRTRD on a system configured as an IPv6 router Deliverables: TCPIP$IP6_SETUP.COM Reference: PTR 30-13-347 TCPIP_BUGS Note 3064 ECO 2 updates ------------- ECO E 21-APR-2004 Alpha, IA64, and VAX Problem: The TCPIP$NFS_CLIENT_STARTUP.COM command procedure fails to start the NFS client when a client license for TCP/IP Services is used. For example, $ @sys$startup:tcpip$nfs_client_startup.com %TCPIP-E-STARTFAIL, failed to start TCPIP$NFS_CLIENT -TCPIP-E-NOLICENSE, license check failed Deliverables: TCPIP$NFS_CLIENT_STARTUP.COM Reference: PTR 70-5-2528 / CFS.107160 / Req Id: HPAQ40552 / UCX Note 10080 TCPIP_BUGS Note 3089 ECO F 23-APR-2004 Alpha, IA64, and VAX Problem: The TCPIP$RMT_STARTUP.COM command procedure fails to start the RMT server when a client license for TCP/IP Services is used. For example, $ @sys$startup:tcpip$rmt_startup.com %TCPIP-E-STARTFAIL, failed to start TCPIP$RMT -TCPIP-E-NOLICENSE, license check failed Deliverables: TCPIP$RMT_STARTUP.COM Reference: TCPIP_BUGS Note 3091 ECO G 23-APR-2004 Alpha, IA64, and VAX Problem: The TCPIP$BOOTP_STARTUP.COM command procedure fails to start the BOOTP server when the BOOTP database file is moved from TCPIP$SYSTEM. For example, $ @sys$startup:tcpip$bootp_startup.com %TCPIP-E-STARTFAIL, failed to start TCPIP$BOOTP -TCPIP-E-NOFILE, cannot find file TCPIP$SYSTEM:TCPIP$BOOTP.DAT Deliverables: TCPIP$BOOTP_STARTUP.COM Reference: PTR 70-5-2490 / CFS.106292 / Req Id: DE_G09381 / UCX Note 10193 TCPIP_BUGS Note 3094 ECO H 5-MAY-2004 Alpha, IA64, and VAX Problem: The TCPIP$CONFIG.COM configuration procedure fails to correctly handle interface failover configuration. For example, 1. New aliases are added each time interface failover configuration is executed. As a result, redundant alias records accumulate in the configuration database. 2. Failover configuration fails to terminate when all of the available interfaces are selected. 3. Failover configuration prompts users with unnecessary and redundant questions. Deliverables: TCPIP$CONFIG.COM Reference: PTR 30-13-202 TCPIP_BUGS Note 3100 ECO I 24-MAY-2004 Alpha and VAX Problem: Several problems: 1. System crash during shutdown in routine INETACP\INETACP$MALLOC_ACP. 2. INETACP process does not terminate after TCPIP shutdown is issued 3. System crash during shutdown in routine INTERNET_SERVICES\SOFREE. 4. INETACP process does not terminate after TCPIP shutdown is issued 5. Leakage of INET UCBs during TCPIP shutdown. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15V TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15V PF TCPIP$INETACP.EXE V5.4-15V TCPIP$INETACP_PERF.EXE V5.4-15V PF TCPIP$INETDRIVER.EXE V5.4-15D TCPIP$INETDRIVERSTOP.EXE V5.4-15D TCPIP$INET_DRIVER_SHUTDOWN.COM Reference: PTR 70-5-2536 / CFS.107462 TCPIP_BUGS Note 3109 ECO 3 updates ------------- ECO K 7-JUL-2004 Alpha, IA64, and VAX Problem: The TCPIP$FAILSAFE_STARTUP.COM command procedure fails to start the failSAFE IP service when a client license for TCP/IP Services is used. For example, $ @sys$startup:tcpip$failsafe_startup.com %TCPIP-E-STARTFAIL, failed to start TCPIP$FAILSAFE -TCPIP-E-NOLICENSE, license check failed Deliverables: TCPIP$FAILSAFE_STARTUP.COM Reference: UCX Note 10321 TCPIP_BUGS Note 3131 ECO L 20-AUG-2004 Alpha, IA64, and VAX Problem: The TCPIP$INET_STARTUP.COM command procedure generates errors starting the TCP/IP Kernel when the TCPIP$INETACP process is already running. For example, $ @sys$startup:tcpip$startup %TCPIP-I-INFO, TCP/IP Services startup beginning at ... %TCPIP-I-NORMAL, timezone information verified %RUN-F-CREPRC, process creation failed -SYSTEM-F-DUPLNAM, duplicate name %TCPIP-E-STARTFAIL, failed to start TCP/IP Kernel -TCPIP-E-CREACPERR, error creating ACP process After the TCPIP$INETACP process completes all its shutdown tasks and terminates, the TCP/IP Kernel starts without errors. For example, $ @sys$startup:tcpip$startup %TCPIP-I-INFO, TCP/IP Services startup beginning at ... %TCPIP-I-NORMAL, timezone information verified %RUN-S-PROC_ID, identification of created process is ... %TCPIP-I-SETLOCAL, setting domain and/or local host %TCPIP-I-STARTCOMM, starting communication %TCPIP-I-SETPROTP, setting protocol parameters %TCPIP-I-DEFINTE, defining interfaces %TCPIP-I-STARTNAME, starting name service %TCPIP-S-STARTDONE, TCP/IP Kernel startup completed . . . %TCPIP-S-STARTDONE, TCP/IP Services startup completed at ... Deliverables: TCPIP$INET_SHUTDOWN.COM Reference: PTR 30-14-126 TCPIP_BUGS Note 3138 ECO 5 updates ------------- ECO M 14-APR-2005 Alpha, IA64, and (partial fix) Problem: This change is omitted from the release notes for security reasons. Deliverables: TCPIP$TELNET_SERVER.EXE V5.4/KRB V2.0 TCPIP$TELNET_STARTUP.COM TCPIP$TELNET_SHUTDOWN.COM BUILT BUILDS, Reference: PTR 75-107-204 TCPIP_BUGS Note 3288 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 IPC Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 18-NOV-2003 Alpha and VAX Problem: The getipnodebyaddr() routine sometimes returned the same structure twice, leading the application which called it to call freehostent() twice for the same block of memory. This led to memory corruption and subsequent anomalous behavior such as ACCVIO's following repeated getipnodebyaddr() calls for a host in the IPNODES.DAT file. Deliverables: TCPIP$IPC_SHR.EXE V5.4-15A Reference: PTR 30-5-434 TCPIP_BUGS Note 3010 ECO B 8-DEC-2003 Alpha and VAX Problem: Traceroute does not exit with proper status code or error message. Deliverables: TCPIP$TRACEROUTE.EXE V5.4-15A TCPIP$IPC_SHR.EXE V5.4-15B Reference: PTR ! / CFS.! / Req Id: ! / UCX Note ! TCPIP_BUGS Note 2985 ECO C 8-DEC-2003 Alpha and VAX Problem: A call to getaddrinfo() hangs Deliverables: TCPIP$IPC_SHR.EXE V5.4-15C Reference: PTR 30-5-423 TCPIP_BUGS Note 2829 ECO 2 updates ------------- ECO D 10-MAY-2004 Alpha, IA64, and VAX Problem: UCP's SET CONFIGURATION INTERFACE and SET INTERFACE commands fail to reject invalid network masks. For example, 1. The following SET CONFIGURATION INTERFACE command fails to signal an INVNETMASK error: $ tcpip set configuration interface wea100 - _$ /host=1.2.3.4 /network_mask=355.255.0.0 2. Hence, an invalid network mask is assigned for this interface in the configuration database as shown here: $ tcpip show configuration interface wea100 Interface: WEA100 IP_Addr: 1.2.3.4 NETWRK: 99.255.0.0 BRDCST: ... Deliverables: TCPIP$IPC_SHR.EXE V5.4-15D Reference: TCPIP_BUGS Note 3101 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 KERNEL_NFS Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 27-JAN-2004 ALPHA, and VAX Problem: ( 1) Problems with "after" attributes on directory-modifying operations ( 2) Improper conversion of time to/from OpenVMS granularity ( 3) Add debugging/logging facilities ( 4) Configurable duplicates cache ( 5) Readdir-plus takes too long Deliverables: TCPIP$NFS_SERVER.EXE V5.4-15A TCPIP$NFS_SERVICES.EXE V5.4-15A Reference: TCPIP_BUGS Note 3006 ECO B 22-FEB-2004 Alpha, IA64, and VAX Problem: Build procedure change to remove image references to DECC$SHR_EV56. Deliverables: TCPIP$NFS_SERVER.EXE V5.4-15B TCPIP$NFSSTAT.EXE V5.4-15B Reference: TCPIP_BUGS Note 3056 ECO 3 updates ------------- ECO C 5-MAY-2004 Alpha Problem: Fixes to CASE_SENSITIVE options. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15I TCPIP$NFS_SERVICES.EXE V5.4-15C Reference: TCPIP_BUGS Note 3042-1 ECO D 29-JUN-2004 Alpha and VAX Problem: Running the Scalable Kernel, receipt of an incoming TCP connection for the NFS server can result in a system crash due to an INVEXCEPTN that occurs while executing an SWPCTX. Deliverables: TCPIP$NFS_SERVICES.EXE V5.4-15D Reference: PTR 70-5-2541 / CFS.107688 TCPIP_BUGS Note 3115 ECO D 29-JUN-2004 Alpha, IA64, and VAX Problem: Deliverables: TCPIP$CFS_SHR.EXE V5.4-15K TCPIP$NFS_SERVER.EXE V5.4-15D TCPIP$NFS_SERVICES.EXE V5.4-15D Reference: TCPIP_BUGS Note 3117 ECO 5 updates ------------- ECO E 24-APR-2005 Alpha, IA64, and VAX Problem: Corrections to handling of mode, uid, gid, size, atime, mtime. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15N TCPIP$NFS_SERVER.EXE V5.4-15E TCPIP$NFS_SERVICES.EXE V5.4-15E Reference: PTR 70-5-2665 TCPIP_BUGS Note 3117.2 ECO E 24-APR-2005 Alpha, IA64, and VAX Problem: INVEXCPTN bugcheck at TCPIP$NFS_SERVICES+2FAE8, facility KERNEL_VFS moduleVFS_SUBR.C subroutine vn_ok_to_dealloc+0x48. NOTE: Other scenarios are possible. Deliverables: TCPIP$NFS_SERVICES.EXE V5.4-15E Reference: PTR 70-5-2653 TCPIP_BUGS Note 3303 PTR 70-5-2707 ECO E 24-APR-2005 Alpha, IA64, and VAX Problem: (1) Corrections for VMS UIC when changing uid and/or gid. (2) Do not create a file with no access for the owner. Modules & Branches: CMS$KERNEL_NFS /GEN=V54-PLANB+ <-- V5.4 CMS 21-APR-2005 13:40:46 CORENZWIT REPLACE $NFSVCMDEF.SDL(43A4A3) "Add UIC to create/credir operations" 21-APR-2005 13:40:57 CORENZWIT REPLACE NFS3_SERVER.C(52A2A2) "Set AT_OPENVMS_UIC when info comes from credentials" 21-APR-2005 13:41:05 CORENZWIT REPLACE OPENVMS_ROUTINES.C(38A1A2) "Turn on new AT_OPENVMS_UIC bit in VA when setting UIC" Integration Instructions: None. Deliverables: TCPIP$NFS_SERVER.EXE V5.4-15E TCPIP$NFS_SERVICES.EXE V5.4-15E Documentation Impact: None. Testing: None. Engineer(s): Julie Corenzwit Auditor(s): (approved: ) --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 KERNEL_RPC Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 27-JAN-2004 ALPHA, and VAX Problem: ( 1) Problems with "after" attributes on directory-modifying operations ( 2) Improper conversion of time to/from OpenVMS granularity ( 3) Add debugging/logging facilities ( 4) Configurable duplicates cache ( 5) Readdir-plus takes too long Deliverables: TCPIP$NFS_SERVER.EXE V5.4-15A TCPIP$NFS_SERVICES.EXE V5.4-15A Reference: TCPIP_BUGS Note 3006 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 KERNEL_VFS Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 28-JAN-2004 ALPHA, and VAX Problem: ( 1) Problems with "after" attributes on directory-modifying operations ( 2) Improper conversion of time to/from OpenVMS granularity ( 3) Add debugging/logging facilities ( 4) Configurable duplicates cache ( 5) Readdir-plus takes too long Deliverables: TCPIP$NFS_SERVER.EXE V5.4-15A TCPIP$NFS_SERVICES.EXE V5.4-15A Reference: TCPIP_BUGS Note 3006 ECO 3 updates ------------- ECO B 29-JUN-2004 Alpha, IA64, and VAX Problem: Deliverables: TCPIP$CFS_SHR.EXE V5.4-15K TCPIP$NFS_SERVER.EXE V5.4-15D TCPIP$NFS_SERVICES.EXE V5.4-15D Reference: TCPIP_BUGS Note 3117 ECO 5 updates ------------- ECO C 24-APR-2005 Alpha, IA64, and VAX Problem: INVEXCPTN bugcheck at TCPIP$NFS_SERVICES+2FAE8, facility KERNEL_VFS moduleVFS_SUBR.C subroutine vn_ok_to_dealloc+0x48. Deliverables: TCPIP$NFS_SERVICES.EXE V5.4 Reference: PTR 70-5-2653 TCPIP_BUGS Note 3299 PTR 70-5-2707 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 LPD5 Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 23-DEC-2003 Alpha and VAX Problem: LPD does not respect wildcarded remote user communication proxies. Deliverables: TCPIP$LPD_SHR.EXE V5.4-15A Reference: PTR 70-5-2332 / CFS.100536 / Req Id: DE_G07268 TCPIP_BUGS Note 2973 ECO A 23-DEC-2003 Alpha and VAX Problem: When configured to relay to an LPD queue. TelnetSym does not report or log an error when there is no disk space available to write to the log file or the temporary relay file Deliverables: TCPIP$TELNETSYM.EXE V5.4-15A Reference: PTR 70-5-2306 / CFS.99733 / Req Id: KAOB42346 TCPIP_BUGS Note 2950 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 MOUNT_SERVER Images --------------------------------------------------------------------------- ECO 2 updates ------------- ECO A 24-MAR-2004 Alpha, VAX, I64 Problem: The mount server could report a misleading error message when the TCP or UDP port 10 (mount port) is already in use. Deliverables: TCPIP$MOUNTD.EXE V5.4-15A Reference: PTR 30-13-345 / UCX Note 10102 TCPIP_BUGS Note 3053 ECO B 23-APR-2004 Alpha, IA64, and VAX Problem: The MOUNT service might exhibit improper verification of mount points for exported file systems. Deliverables: TCPIP$MOUNTD.EXE V5.4-15B Reference: PTR 70-5-2527 / CFS.107072 / UCX Note 10250 TCPIP_BUGS Note 3092 ECO C 23-APR-2004 Alpha, IA64, and VAX Problem: The MOUNT Server could improperly try to verify the client's domain and host name, even if none of the SYSCONFIG mountd_option_* attributes had been set. Now, no domain, hostname, or address verification will occur unless the SYSCONFIG mountd attributes are set. You may use mountd_option_d and/or mountd_option_s to verify that the client and the server are in the same domain or subdomain, respectively. Deliverables: TCPIP$MOUNTD.EXE V5.4-15C Reference: UCX Note 10246 TCPIP_BUGS Note 3093 ECO 5 updates ------------- ECO D 7-APR-2005 Alpha, IA64, and VAX Problem: An ACCVIO in mountd causes runaway condition handler. Deliverables: TCPIP$MOUNTD.EXE V5.4-15D Reference: PTR 70-5-2614 TCPIP_BUGS Note 3190 ECO D 7-APR-2005 Alpha, IA64, and VAX Problem: Clients unable to mount when more than one device exported. Deliverables: TCPIP$MOUNTD.EXE V5.4-15D Reference: PTR 70-5-2611 / UCX Note 10397 TCPIP_BUGS Note 3213 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 MSG Images --------------------------------------------------------------------------- ECO 5 updates ------------- ECO BB 10-MAR-2005 Alpha, IA64 (V5.5 and V5.6 onl Problem: When CRTL memory allocation routine returns null pointer, ssh code ACCVIOs instead of exiting gracefully. Deliverables: TCPIP$SSH_SSH2.EXE V5.4-15BB Reference: PTR 30-14-177 TCPIP_BUGS Note 3267 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 NET Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A Alpha and VAX Problem: TCPTRACE does not trace outgoing IP packets when running the scalable kernel. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15A PF Reference: TCPIP_BUGS Note 2980 ECO A Alpha and VAX and Itanium Problem: Two problems. 1. System crash (INCONSTATE, call to panic() from sbflush()) when running the scaling kernel and using DECnet/IP on multi-CPU systems. 2. Intermittent leaking of BG UCBs and their sockets when running the scaling kernel and using DECnet/IP on multi-CPU systems. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15A PF TCPIP$INTERNET_SERVICES.EXE V5.4-15A TCPIP$INETACP_PERF.EXE V5.4-15A PF Reference: TCPIP_BUGS Note 2994 ECO A Alpha and VAX Problem: An unprivileged application can cause a crash at location UDP_OUTPUT+DC. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15A TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15A PF Reference: PTR 30-13-336 TCPIP_BUGS Note 2995 ECO A Alpha and VAX Problem: Crash during TCP/IP shutdown when attempting to deallocate a structure (INET$FREE) that is not a true malloc structure. Deliverables: TCPIP$INETACP.EXE V5.4-15A TCPIP$INETACP_PERF.EXE V5.4-15A PF Reference: PTR 75-83-1556 TCPIP_BUGS Note 2997 ECO A Alpha and VAX Problem: TCPIP$INTERNET_SERVICES INVEXCEPTN crash during shutdown caused by $ TCPIP DISCONNECT DEVICE command. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15A Reference: PTR 70-5-2380 / CFS.102586 / Req Id: GB_G08063 TCPIP_BUGS Note 2986 ECO A Alpha and VAX Problem: UDP applications such as PING may experience behavior in certain error scenarios with the scalable kernel. For example, when attempting to ping a node for which we have no routes, traditionally one would expect to see an error such as: ping: sendto: no route to host But with the scalable kernel only a timeout error was seen. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15A PF Reference: TCPIP_BUGS Note 3004 ECO A Alpha and VAX Problem: System crash after having disabled a user-written Listen Service. Deliverables: TCPIP$INETACP.EXE V5.4-15A TCPIP$INETACP_PERF.EXE V5.4-15A PF Reference: PTR 70-5-2394 / CFS.103337 TCPIP_BUGS Note 3011 ECO B Alpha and VAX Problem: System crash in SMP$CPU_SWITCH trying to switch to a non-existent CPU. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15B TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15B PF Reference: TCPIP_BUGS Note 3024 ECO C Alpha and VAX Problem: System crash in SMP$CPU_SWITCH trying to switch to a non-existent CPU. Similar but not identical to previous problem. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15C TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15C PF Reference: TCPIP_BUGS Note 3020 TCPIP_BUGS Note 3024 ECO D Alpha and VAX Problem: Two crash problems in the scalable kernel. First, a crash may occur in routine SORECEIVE_STREAM_KERNEL when the KVCI client specifies that it wants to read a specified number of bytes rather than all the data available in the Pseudo_SB. The client in this situation was INETDRIVER. The problem arose when we were asked to read 4 bytes of data and there was only one byte available. The code then went off the end of the mbuf chain trying to satisfy the request for 4 bytes. In the course of analyzing this first crash, two other less serious bugs were found. One caused incorrect behavior with respect to OOB data for KVCI clients, and the other causes a minor leakage of TCPIP_KRP structures in OOB data processing in routine INET_SORECEIVE_STREAM. Both of these lesser problems were also fixed. The second crash occurred because of a synchronization bug in INET_KVCI.C wherein an INETKVCI structure was prematurely deallocated. A thread in routine KVCI$$CLOSE_ASSOC set the INETKVCI$V_DELETE bit in the INETKVCI so as to indicate that the structure was available for deallocation. However, the thread in question still needed to use that structure. The setting of the bit was meant as a means of signaling to itself that the structure should be deallocated later. However, with the new parallelism available in the scalable kernel, a different thread executing in routine KVCI$$REPORT_EVENT_FORK noticed the bit set, and that thread proceeded to deallocate the structure from under the first thread. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15D TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15D PF Reference: TCPIP_BUGS Note 3030 ECO D Alpha and VAX Problem: System shutdown crash. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15D PF Reference: TCPIP_BUGS Note 3031 ECO D Alpha and VAX Problem: A previous ECO in this stream that fixed a system crash occurring after a user-written Listen Service was disabled was found to have a typing error in the modules edited for that fix. The error causes an inserted line of code to be off by one line. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15D PF Reference: TCPIP_BUGS Note 3032 ECO E Alpha and VAX Problem: Applications such as SNMP may experience an Invalid Buffer error when making connections while using the scalable kernel. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15E PF Reference: TCPIP_BUGS Note 3036 ECO F Alpha and VAX Problem: System crash during TCP/IP Shutdown. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15F TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15F PF Reference: PTR 70-5-2437 / CFS.104761 TCPIP_BUGS Note 3037 ECO G Alpha and VAX Problem: Problem seen only with the scalable kernel and will result in a crash due either to pool exhaustion or to CPUSPINWAIT where the wait is for IOLOCK8. Deliverables: TCPIP$PWIPDRIVER.EXE V5.4-15D TCPIP$INTERNET_SERVICES.EXE V5.4-15G Reference: PTR 70-5-2455 / CFS.105464 TCPIP_BUGS Note 3044 ECO H Alpha and VAX Problem: In some circumstances, when running with the scalable Kernel, Select or ATTNAST requests may fail. This was noticed on I64 systems running with SYSGEN attribute, VMSD2 set to 1, where POP and MONITOR fail. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15H PF Reference: TCPIP_BUGS Note 3052 ECO I 25-FEB-2004 Alpha and VAX Problem: When running the scalable kernel and shutting down TCPIP, some behavior has changed. In particular, we were returning SS$_CANCEL status to some outstanding QIO requests rather than the SS$_SHUT that we used to return. With this update, we restore the previous return value. Note that this also corrects issues with the behavior of the HP DECwindows X display server after network shutdown. With the fix installed, the DECwindows X display server recovers and accepts connections over the TCPIP transport a short time after the network restarts. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15I PF Reference: PTR 75-102-283 TCPIP_BUGS Note 3059 ECO 2 updates ------------- ECO J 8-Mar-2004 Alpha and VAX Problem: Crash in KVCI$$RECEIVE with null INETKVCI pointer due to zero VCRP$L_CREATOR_DATA1. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15J TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15J PF TCPIP$TNDRIVER.EXE V5.4-15D TCPIP$TNDRIVER_PERF.EXE V5.4-15D PF Reference: PTR 70-5-2481 / CFS.104564 TCPIP_BUGS Note 3067 ECO K 8-Mar-2004 Alpha and VAX Problem: Somewhat unpredictable behavior in TCP/IP scalable kernel using "select". Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15K PF Reference: TCPIP_BUGS Note 3069 ECO L 16-Mar-2004 Alpha and VAX Problem: In V5.4 scalable kernel select() on the write sockbuf can return incorrectly if the socket is not yet connected. That is, if one creates a socket, sets the socket as non-blocking, connects, and then does a select() with the new socket on the write list, select() will return immediately indicating that the socket can be written to, even though the socket may not yet be connected. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15L PF Reference: PTR 70-5-2485 / UCX Note 10182 TCPIP_BUGS Note 3073 ECO M 22-Mar-2004 Alpha and VAX Problem: QIO reads on a TCP socket that specify a non-writable buffer do not return the SS$_ACCVIO status but rather return an SS$_NORMAL status with zero bytes transferred to the buffer. Note the bug does not exist in the scalable kernel. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15M Reference: PTR 70-5-2486 / CFS.106251 TCPIP_BUGS Note 3076.0 ECO N 24-MAR-2004 Alpha, IA64, and VAX Problem: ICMP_MASKREPLY messages would not be sent if the destination was the broadcast address. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15N Reference: PTR 70-5-2469 / UCX Note 10162 TCPIP_BUGS Note 3060 ECO O 8-APR-2004 Alpha, IA64, and VAX Problem: 1) When an interface, under the control of failSAFE, fails or recovers an alias address, the IP address is not seen with "TCPIP SHOW INTER". (PTR 30-13-200) 2) Since a pseudo address may not be active immediately, (for example, it is a standby address) the TCPIP SET INTER command may return DEVINACT, even though the address is successfully created as a standby. (30-13-205). 3) When creating a duplicate pseudo address on a different interface, TCPIP SET INTER returns BADPARAM error. Deliverables: TCPIP$INETACP.EXE V5.4-15O TCPIP$INETACP_PERF.EXE V5.4-15O PF TCPIP$INTERNET_SERVICES.EXE V5.4-15O TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15O PF TCPIP$IFCONFIG.EXE V5.4-15C TCPIP$UCP.EXE V5.4-15D Reference: PTR 30-13-200 TCPIP_BUGS Note 3080 PTR 30-13-205 PTR 70-5-2517 / CFS.106872 / Req Id: BCGMH0CZL ECO P 16-APR-2004 Alpha and VAX Problem: Please see ECO B for component INET_V54 (SCT 3087) for a detailed description. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15P TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15P PF Reference: PTR 70-5-2526 / CFS.107045 TCPIP_BUGS Note 3087 PTR 70-5-2513 / CFS.106516 ECO Q 26-APR-2004 Alpha and VAX Problem: System crash while running the TCP/IP scalable kernel, with corrupted pool. The address of the longword of corruption will have an offset of one of the following: 054 or 058, 254 or 258, 454 or 458, 654 or 658, 854 or 858, A54 or A58, C54 or C58, E54 or E58. These offsets correspond to the offsets MBUF$A_EXT_REF_FORW and MBUF$A_EXT_REF_BACK. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15Q PF Reference: PTR 75-102-785 TCPIP_BUGS Note 3096 ECO R 30-APR-2004 Alpha and VAX Problem: Two problems associated with TCPIP$INETDRIVER: 1. With either the scalable kernel or the classic kernel, but on the scalable kernel it can lead to a system crash; on the classic kernel the result is just a failed application. When running an TCPIP$INETDRIVER application with a server and multiple clients, after accepting 512 client connections the server might hang while reading from the client and no more useful work will be done on any new connections that arrive. If connections keep arriving the server will fail due to quotas being exhausted. 2. With the scalable kernel, while running TCPIP$INETDRIVER applications, the exiting of an application process can trigger a system crash (INCONSTATE). Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15R TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15R PF Reference: PTR 70-5-2513 / CFS.106783 TCPIP_BUGS Note 3099 ECO S 05-MAY-2004 Alpha and IA64 Problem: Pool corruption may occur with the scalable kernel while processing some requests. Examples of such requests are Connect, Accept, Soclose and Soshutdown, when issued from a multi-threaded application. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15S PF Reference: PTR 75-102-811 TCPIP_BUGS Note 3102 ECO T 14-MAY-2004 Alpha and VAX Problem: Several problems: 1. System crash while running V5.4 Classic Kernel in an environment with TCPIP$INETDRIVER or NFS activity. 2. System crash with pool checking on with V5.4 Scalable kernel where corrupted pool corresponds to the TCPIP_KRP$L_STALL_STATUS longword which is zero. Also the deallocation PC indicates that the call to deallocate arose in SELECT_SETUP_KERNEL_CONTEXT. 3. Leakage of INET UCBs. 4. Select misbehavior in the V5.4 Scalable Kernel. A call to select with zero lists and a valid timeout fails to wait for the timeout period. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15T TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15T PF TCPIP$INETACP.EXE V5.4-15T TCPIP$INETACP_PERF.EXE V5.4-15T PF TCPIP$INETDRIVER.EXE V5.4-15C Reference: PTR 70-5-2518 / CFS.106090 / Req Id: ZPO237681 TCPIP_BUGS Note 3107 ECO U 19-MAY-2004 Alpha and VAX Problem: CPUSPINWAIT crashes due to a deadlock where two CPUs are attempting to acquire spinlocks simultaneously. One of the CPUs holds IOLOCK8 and is attempting to acquire the TCP/IP MBUF mini-lock, while the other CPU holds the MBUF mini-lock and is attempting to acquire IOLOCK8. Note this can occur only with the V5.4 classic kernel. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15U TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15U PF Reference: PTR 70-5-2536 / CFS.107462 TCPIP_BUGS Note 3108.0 ECO V 24-MAY-2004 Alpha and VAX Problem: Several problems: 1. System crash during shutdown in routine INETACP\INETACP$MALLOC_ACP. 2. INETACP process does not terminate after TCPIP shutdown is issued 3. System crash during shutdown in routine INTERNET_SERVICES\SOFREE. 4. INETACP process does not terminate after TCPIP shutdown is issued 5. Leakage of INET UCBs during TCPIP shutdown. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15V TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15V PF TCPIP$INETACP.EXE V5.4-15V TCPIP$INETACP_PERF.EXE V5.4-15V PF TCPIP$INETDRIVER.EXE V5.4-15D TCPIP$INETDRIVERSTOP.EXE V5.4-15D TCPIP$INET_DRIVER_SHUTDOWN.COM Reference: PTR 70-5-2536 / CFS.107462 TCPIP_BUGS Note 3109 ECO 3 updates ------------- ECO W 11-Jun-2004 Alpha and VAX Problem: Crash (SSRVEXCEPT) during TCP/IP shutdown. At the time of the crash the NET$ACP is deassigning a BG device. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15W PF Reference: PTR 70-5-2551 TCPIP_BUGS Note 3116 ECO X 25-Jun-2004 Alpha and VAX Problem: Shutting down PWIP results in system crash, INVEXCEPTN, TCPIP$INTERNET_SERVICES+A9B8. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15X TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15X PF Reference: PTR 70-5-2561 TCPIP_BUGS Note 3123 ECO X 25-Jun-2004 Alpha, IA64, and VAX Problem: The existing TCPIP$TELNET_NO_REM_ID logical name did not provide sufficient flexibility in controlling the generation of intrusion and audit records to meet all customer requirements. Therefore, it was necessary to add a new switch: TCPIP$TELNET_TRUST_LOCATION. Deliverables: TCPIP$INETACP.EXE V5.4-15X TCPIP$INETACP_PERF.EXE V5.4-15X TCPIP$TNDRIVER.EXE V5.4-15F TCPIP$TNDRIVER_PERF.EXE V5.4-15F Reference: PTR 70-5-2428 / CFS.104614 / Req Id: GB_G08796 / UCX Note None TCPIP_BUGS Note 3132 ECO Y 01-July-2004 Alpha and VAX Problem: On a multi-CPU system running the TCP/IP Scalable Kernel, the following DCL command can crash the system: $ ifconfig we0 ipmtu 1500 Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15Y PF Reference: TCPIP_BUGS Note 3130.0 ECO Z 23-July-2004 Alpha and VAX and I64 Problem: Leaking memory leads to system crash. SDA command "tcpip sho mem/ty=OVMS_ACP_USER_INFO" reveals many instances of what should be a temporary data structure. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15Z Reference: PTR 70-5-2573 / CFS.STID: / UCX Note GS:3150 TCPIP_BUGS Note 3130.0 ECO AA 20-Sep-2004 Alpha and VAX and IA64 Problem: A recent fix to TCP/IP Shutdown (contained in ECO W of V5.4) introduced a new problem in TCP/IP Shutdown. The new problem affects Select and Accept operations. Both Select and Accept operations are characterized by having INET_UCBs that are of interest to TCP/IP which do not have their CCB$L_IOC count bumped and therefore appear to be of no interest to OpenVMS. That is, in the face of a $DASSGN request, OpenVMS is liable to deallocate the UCB associated with such devices since to OpenVMS there appears to be no activity on these devices. The problem that this potentially presents is that under these circumstances TCP/IP might modify fields in a deallcoated UCN and thereby corrupt memory which can lead to crashes and/or strange behavior. Note that this bug has not yet shipped to many customers since it has not yet been in an official ECO. The fix described here will eliminate the potential problem. Note also that this only affects the scalable Kernel. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: Internal testing. ECO AB 21-Sep-2004 Alpha and VAX Problem: In doing code reading while researching a problem two potential problems were found in OOB (Out Of Band) processing in the scalable Kernel. The first is in INET_RESTORE_MBUFS_TO_SB, called when tearing down a socket, and could cause a major problem if the socket were for Raw IP. The problem is that we treat such a socket as if it were a TCP socket rather than a datagram socket. The second is that we were calling sohasoutofband() before the OOB data was actually available to the user of the socket. This could cause an application failure. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: Internal testing. ECO 5 updates ------------- ECO AC 21-Sep-2004 Alpha, IA64, and VAX Problem: Sockets enabling the KEEPALIVE option would continue to trigger timer events even after they were closed and reused, leading to occasional spurious error status returns on newly-allocated sockets. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15AC Reference: UCX Note 10408 TCPIP_BUGS Note 3195 ECO AD 21-Sep-2004 Alpha, IA64 and VAX Problem: Attempting to Disable an ATTNAST on a BG device when no ATTNAST is established will result in a system crash. This can occur in correctly written user code when an ATTNAST completes concurrently with the disabling of the ATTNAST. It can also occur when an incorrect user application tries to disable an ATTNAST that has never been set. This only can occur when running the Scalable TCP/IP Kernel. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 70-5-2642 ECO AE 28-Oct-2004 Alpha, VAX and IA64 Problem: An Accept request, with a bad parameter, can lead to a system crash while trying to queue a Special Kernel AST (KAST) because we are passing a bogus thread pid. In reality we are passing the address of the INETCB as the thread pid. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 75-102-1984 ECO AF 15-Nov-2004 Alpha and VAX and IA64 Problem: Crash (INCONSTATE) (call to panic()) with the sb_cc field of the receive sockbuf non-zero. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 70-5-2598 ECO AG 22-Dec-2004 Alpha and VAX and IA64 Problem: User program requesting SIOCSIFAFILT of SIOCGIFAFILT can lead to a system crash. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: CFS.70-5-2702 ECO AH 24-Jan-2005 Alpha and VAX Problem: Problem 1. System crash with the UCB$L_LINK field of a BG UCB containing the value -1. Other symptoms are possible corruption of OpenVMS lookaside lists, notably the ones for blocks of length C0 hex and 500 hex. Problem 2. Crash in Scalable Kernel in routine, INET_QUEUE_TCPIP_KRP called from WAKEUP() (INET_MAIN.MAR) trying to queue a TCPIP_KRP with an invalid address. Problem 3. Crash in TCP/IP startup on Scalable Kernel with SPLINVIPL. This occurs when datagram is received from the LAN before we have properly initialized the VCIB$L_FLCK_TYPE_SIZE field. Note this problem was seen previously only on IA64 and has already been fixed in V5.5 and V5.6. See TCPIP_BUGS note 3124.0. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE Reference: PTR 70-5-2700(PROBLEM1) PTR 70-5-2727(PROBLEM3) ECO AI 07-FEB-2005 Alpha and VAX Problem: System crash or system hang with I/O Post requests building up on one of the per CPU queues with no software interrupt being generated. This only occurs with the TCP/IP Scalable Kernel. The first I/O Post request in the affected queue is one for an I/O to a BG device. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE Reference: PTR 70-3-8277 ECO AJ 30-Mar-2005 Alpha and VAX and I64 Problem: Connections made using INET device hang Deliverables: TCPIP$INTERNET_SERVICES.EXE TCPIP$INTERNET_SERVICES_PERF.EXE TCPIP$INETDRIVER.EXE Reference: PTR 70-5-2751 / CFS.STID: / UCX Note GS: ECO AK 01-Apr-2005 Alpha and VAX Problem: Non-paged pool leak of Mbufs that are all allocated in routine, SORECEIVE_OOB_KERNEL. This can be seen from a TCPIP SHOW MBAG command in SDA. Deliverables: TCPIP$INTERNET_SERVICES.EXE TCPIP$INTERNET_SERVICES_PERF.EXE TCPIP$TNDRIVER.EXE Reference: PTR 70-5-2771 / CFS.QXCM1000229208 ECO AL 04-Apr-2005 Alpha, IA64, and VAX Problem: Shutdown crash because the INET$GL_PTR_INETCB field is zero. The crash takes place in routine, INET_SHUTDOWN, in INET_INIT.MAR. Deliverables: TCPIP$INTERNET_SERVICES_PERF.EXE (V5.4) Reference: PTR 70-5-2770 / CFS.QXCM1000229082 ECO AM 10-Apr-2005 Alpha and VAX and I64 Problem: Attempts to create a tunnel with the same src and dst as an existing tunnel will result in a system crash at shutdown time. The system does not actually crash if the standard kernel is running. Instead, a bit of debugging code is entered resulting in an XDELTA breakpoint appearing on the operator console. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: CFS.STID: / UCX Note GS:3202 ECO AM 13-APR-2005 Alpha, IA64, and VAX Problem: The UCP may call ACPCONTROL to create a zero-valued IP host address. Deliverables: TCPIP$INETACP.EXE V5.4-15AM Reference: PTR 70-5-2720 TCPIP_BUGS Note 3258 ECO AM 14-APR-2005 Alpha, IA64 Problem: A customer using V5.4 code has become reliant on some undocumented functionality. They have been using the 'filter' command with ifconfig to perform filtering of IP addresses. The list of filters appears in the file /etc/ifaccess.conf. This is essentially backfilling support for latent functionality. Note that they used ifconfig, rather than the supported method, (tcpip set comm/[accept|reject]), becuase the latter is limited to just 32 addresses. Since the UCP is not going to change anytime soon, the support for > 32 filters is being provided via 'ifconfig filter' and /etc/ifaccess.conf. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15G TCPIP$NETSTAT.EXE V5.4-15B TCPIP$INTERNET_SERVICES.EXE V5.4-15AM DOCUMENTATION: Reference: PTR 70-5-2731 / Req Id: UCXNote:9446.3 / UCX Note GS:3282 TCPIP_BUGS Note 3258 ECO AN 26-APR-2005 Alpha and VAX Problem: Select can fail repeatedly with SS$_DEVACTIVE (EBUSY) errors when running the Scalable Kernel. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 70-5-2795 ECO AO 05-MAY-2005 Alpha and IA64 Problem: System crash, INVEXCEPTN, with a failing PC of, SOQMVQUE_C+00358. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR QXCM1000235381 ECO AP 10-MAY-2005 Alpha and VAX and I64 Problem: System crash CLUEXIT and CPUSPINWAIT Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 70-5-2797 / CFS.STID: / UCX Note GS: ECO AQ 13-MAY-2005 Alpha and IA64 Problem: System crash, INCONSTATE (call to panic() from sbdrop()) for an RLOGIN socket. Note this only affects the Scalable Kernel. Deliverables: TCPIP$INTERNET_SERVICES.EXE Reference: PTR 30-23-384 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 NETSTAT Images --------------------------------------------------------------------------- ECO 2 updates ------------- ECO A 4-MAY-2004 Alpha, IA64, and VAX Problem: netstat -m does not display descriptions for some memory types. Deliverables: TCPIP$NETSTAT.EXE V5.4-15A Reference: PTR 30-14-35 TCPIP_BUGS Note 3085 ECO 5 updates ------------- ECO B 14-APR-2005 Alpha, IA64 Problem: A customer using V5.4 code has become reliant on some undocumented functionality. They have been using the 'filter' command with ifconfig to perform filtering of IP addresses. The list of filters appears in the file /etc/ifaccess.conf. This is essentially backfilling support for latent functionality. Note that they used ifconfig, rather than the supported method, (tcpip set comm/[accept|reject]), becuase the latter is limited to just 32 addresses. Since the UCP is not going to change anytime soon, the support for > 32 filters is being provided via 'ifconfig filter' and /etc/ifaccess.conf. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15G TCPIP$NETSTAT.EXE V5.4-15B TCPIP$INTERNET_SERVICES.EXE V5.4-15AM DOCUMENTATION: Reference: PTR 70-5-2731 / Req Id: UCXNote:9446.3 / UCX Note GS:3282 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 NETUTIL6 Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 8-DEC-2003 Alpha and VAX Problem: Traceroute not exiting with proper status code or error message. Deliverables: TCPIP$TRACEROUTE.EXE V5.4-15A TCPIP$IPC_SHR.EXE V5.4-15B Reference: PTR ! / CFS.! / Req Id: ! / UCX Note ! TCPIP_BUGS Note 2985 ECO B 8-DEC-2003 Alpha, Vax, IA64 Problem: TCPIP$IP6_SETUP.COM required TCP/IP to be started. Deliverables: TCPIP$IP6_TESTADDR.EXE V5.4-15B Reference: PTR 30-10-76 / CFS.! / Req Id: ! / UCX Note ! TCPIP_BUGS Note 3008 ECO 3 updates ------------- ECO D 23-AUG-2004 Alpha, IA64, and VAX Problem: 'iptunnel create' causes BIND lookups for IPv4 addresses Deliverables: TCPIP$IPTUNNEL.EXE V5.4-15D Reference: PTR 30-14-145 TCPIP_BUGS Note 3143 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 NTP4_SERVER Images --------------------------------------------------------------------------- The following NTP problem is fixed in V5.4 Problem: When running on certain high-performance Alpha systems, NTP may be unable to adjust the system clock; therefore, NTP will not be able to provide accurate timekeeping. When this happens, the following error message appears in the NTP log file: %SYSTEM-F-BADLOGIC, internal logic error detected VMS timekeeping is not working as expected - can't proceed Solution: This problem was corrected in the previous release of the product; however, the Version 5.4 Release Notes did not indicate the problem had been fixed. ECO 1 updates ------------- ECO A 5-DEC-2003 Alpha, VAX, and I64 Problem: NTP bugs uncovered while tracking an I64 issue. Deliverables: TCPIP$NTP.EXE V5.4-15A Reference: PTR ! / CFS.! / Req Id: ! / UCX Note ! TCPIP_BUGS Note 2992 ECO B 5-DEC-2003 Alpha, Vax, IA64 Problem: "volatile" bug fixed for IA64 Deliverables: TCPIP$NTP.EXE V5.4-15B Reference: PTR ! / CFS.! / Req Id: ! / UCX Note ! TCPIP_BUGS Note 3007 ECO 2 updates ------------- ECO D 24-MAR-2004 Alpha, IA64, and VAX Problem: NTP creates files with lowercase filenames on ODS-5 Deliverables: TCPIP$NTP.EXE V5.4-15D TCPIP$NTP-GENKEYS.EXE V5.4-15D Reference: PTR 30-14-96 TCPIP_BUGS Note 3077 ECO 5 updates ------------- ECO E 12-APR-2005 Alpha, VAX Problem: Clock synchronization algorithm adjusts clock too slowly. Deliverables: TCPIP$NTP.EXE V5.4-15D Reference: PTR 70-5-2681 / CFS.108377 / Req Id: HG0204593 / UCX Note 10481 TCPIP_BUGS Note 3234 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 POP Images --------------------------------------------------------------------------- ECO 3 updates ------------- ECO A 2-AUG-2004 Alpha Problem: After installing the SSL V1.2 kit on TCP/IP Services V5.4, POP SSL support ceases to function. Installing the same kit on TCP/IP Services V5.5 causes POP SSL and IMAP SSL to cease functioning. The POP and/or IMAP servers will not listen on their SSL ports and, consequently, do not service clients coming in through SSL. The TCPIP$POP_RUN.LOG POP server log file contains these lines: POP server will not listen for SSL connections. SSL$LIBCRYPTO_SHR32_INIT status: %LIB-E-KEYNOTFOU, key not found in tree Deliverables: TCPIP$POP_SERVER.EXE V5.4-15A Reference: PTR 30-13-353 TCPIP_BUGS Note 3152 PTR 30-14-148 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 PWIP Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 22-DEC-2003 Alpha and VAX Problem: When PWIP is shut down, the system crashes at location PWIP_WRITE_C+001DC. Deliverables: TCPIP$PWIPDRIVER.EXE V5.4-15A Reference: TCPIP_BUGS Note 2984 ECO B 22-DEC-2003 Alpha and VAX Problem: While running DECnet/IP applications the system crashes with a corrupt INETKVCI$A_VCRP_FLINK/INETKVCI$A_VCRP_BLINK queue. Deliverables: TCPIP$PWIPDRIVER.EXE V5.4-15A Reference: PTR 75-83-1514 TCPIP_BUGS Note 2989.1 ECO C Alpha and VAX Problem: System crash if running scalable kernel and PATHWORKS is stopped. Deliverables: TCPIP$PWIPDRIVER.EXE V5.4-15C Reference: TCPIP_BUGS Note 3034 ECO D Alpha and VAX Problem: Problem seen only with the scalable kernel and will result in a crash due either to pool exhaustion or to CPUSPINWAIT where the wait is for IOLOCK8. Deliverables: TCPIP$PWIPDRIVER.EXE V5.4-15D TCPIP$INTERNET_SERVICES.EXE V5.4-15G Reference: PTR 70-5-2455 / CFS.105464 TCPIP_BUGS Note 3044 ECO 2 updates ------------- ECO E 6-APR-2004 Alpha, IA64, and VAX Problem: 1) PTR 70-13-1196 A DECnet "tower set" is simply the lower four tiers of the OSI protocol stack, for example: [ DNA_CMIP-MICE ] , [ DNA_SessionControlV3 , number = 19 ] , [ DNA_OSItransportV1 , 'DEC0'H ] , [ DNA_IP , 16.20.208.100 (LASSIE) ] In a DECnet/IP tower set the network level information is obtained by making a T_ADDR request to the PWIPDRIVER. PWIP returns all of the configured addresses, so there can be more than one DECnet/IP tower set. In TCPIP V5.1 and later, the T_ADDR request is broken. The effect of this on DECnet is that the tower set network level information is inaccurate. Advanced Server does not make T_ADDR requests. 2) IPV6 support. PWIP is currently coded to work with only IPV4 sockets; it needs to handle IPV6 sockets. It needs a way to tell callers that it handles IPV6 sockets. 3) Cleanup PWIP does not conform to many of the coding standards that exist in the other parts of the TCP/IP code. Deliverables: PWIP$SDA.EXE V5.4-15E TCPIP$PWIPACP.EXE V5.4-15E TCPIP$PWIPDRIVER.EXE V5.4-15E Reference: PTR 70-13-1196 TCPIP_BUGS Note 3074 ECO G 15-APR-2004 Alpha and VAX Problem: PWIPDRIVER relied on the fact that the TCP/IP kernel, on a call through the VCRP$A_TCPIP_RECEIVE vector, returned a 32 bit status whose upper 16 bits were guaranteed to be zero. That behavior has now changed in the TCP/IP kernel. The upper 16 bits now may contain a UNIX status. As a result, PWIPDRIVER_WRITE.C is modified slightly to adjust to this change in behavior. This is being done in conjunction with changes to the INETDRIVER and the kernel but this change is completely independent of those changes and is correct even without them. Deliverables: TCPIP$PWIPDRIVER.EXE V5.4-15G Reference: TCPIP_BUGS Note 3083 ECO 3 updates ------------- ECO H 06-JUL-2004 Alpha and VAX and I64 Problem: The PWIP acp process will not start if the bind resolver is disabled: |$ type sys$Manager:TCPIP$PWIPACP_KEOKA.LOG |Wed Jun 30 13:27:54 2004: getLocalAddr : getaddrinfo failure, ipv6: 4 |Wed Jun 30 13:27:54 2004: interfaceInit : Could not getLocalAddr! |Wed Jun 30 13:27:54 2004: main : PWIPdriver, PWIPacp interface init |failure, aborting PWIP ACP startup... Deliverables: TCPIP$PWIPACP.EXE V5.4-15H Reference: PTR 70-5-2565 / UCX Note 10325 TCPIP_BUGS Note 3127 ECO 4 updates ------------- ECO I 19-OCT-2004 Alpha and VAX and I64 Problem: Crash on shutdown. PC = KERNEL_ALLOC_EXTERN_DCBE_CHAIN_+00040 (V54-ECO3) Deliverables: TCPIP$PWIPDRIVER.EXE V5.4-15I Reference: PTR 70-5-2635 / CFS.STID: / Req Id: 437 / UCX Note GS:3210 TCPIP_BUGS Note 3267 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 SMTP Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 10-DEC-2003 Alpha and VAX Problem: A hole exists in the anti-SPAM route-through check which allows a SPAMmer to trick the SMTP receiver into relaying SPAM. Deliverables: TCPIP$SMTP_RECEIVER.EXE V5.4-15A Reference: PTR 70-5-2370 / CFS.102136 / Req Id: GB_G07885 / UCX Note 9907 TCPIP_BUGS Note 2960 TCPIP_BUGS Note 2965 ECO B 26-JAN-2004 Alpha and VAX and IA64 Problem: The SMTP receiver does not check to see if the recipient email address in the RCPT TO SMTP protocol command is deliverable, for example that the user account exists on the system. This check is instead deferred to the processing of the mail message in the SMTP queue by the SMTP symbiont process. By this time your host has taken responibility for the message and if there is a problem delivering the message your host must bounce the message itself. This behavior, while not a bug, has become problematic with the advent of SPAM. The following scenario occurs. SPAM arrives on your host for a non-existent user and is bounced by your host's symbiont process to the email address in the SPAM's Return-Path: header. The SPAM's Return-Path header contains an invalid email address so the bounced SPAM is in turn bounced back to your host's postmaster account. The postmaster account's mail is forwarded to the SYSTEM account which means that the SYSTEM user must constantly separate these doubly bounced SPAMs from their valid email. To solve this problem the SMTP receiver has been changed to check to see if the recipient email address in the RCPT TO SMTP protocol command is deliverable. This solves the problem by not letting the SPAM for the unknown user onto your host in the first place. There is a new configurable boolean switch to turn this new feature on and off. The switch is called Symbiont-Checks-Deliverability and is entered in the SMTP.CONFIG SMTP configuration file. Setting this switch to TRUE preserves the old behavior - where the receiver does not check the deliverability of RCPT TO recipients, deferring to the symbiont. Setting Symbiont-Checks-Deliverability to FALSE turns on the new behavior, telling the receiver to check the deliverability of RCPT TO recipients itself. To preserve existing behavior this switch is defaulted to TRUE for TCP/IP Services Version 5.4. For future versions it will default to FALSE. Deliverables: TCPIP$SMTP_MAILSHR.EXE V5.4-15B TCPIP$SMTP_PARSESHR.EXE V5.4-15B TCPIP$SMTP_PARSESHR_TV.EXE (AXP ONLY) V5.4-15B TCPIP$SMTP_RECEIVER.EXE V5.4-15B TCPIP$SMTP_SFF.EXE V5.4-15B TCPIP$SMTP_SYMBIONT.EXE V5.4-15B Reference: PTR 30-14-77 TCPIP_BUGS Note 3043 ECO 2 updates ------------- ECO C 24-MAR-2004 Alpha, IA64, and VAX Problem: Any two messages composed in the same one-hundredth of a second will acquire the same value in their Message-ID header. This can cause some mail systems to delete the second of the two messages as a duplicate. Message-ID's should be unique. This problem has been corrected with this release. Any two messages created in the same one-hundredth of a second will acquire unique values in their Message-ID headers. Deliverables: TCPIP$SMTP_MAILSHR.EXE V5.4-15C Reference: PTR 70-5-2480 / CFS.106081 TCPIP_BUGS Note 3078 ECO D 5-APR-2004 Alpha Problem: Problem: Multiple addresses in the To: SMTP header of SMTP mail that is composed in OpenVMS mail are not separated into multiple lines of text but instead appear on one potentially, very long line. For recipients of such messages on OpenVMS, if the length of this To: line exceeds the OpenVMS mail line length limit of 255 characters, the SMTP symbiont breaks the line into multiple lines when delivering the message, but the lines after the first one are not indented (tabbed in) and thus will appear as malformed headers. This can cause incorrect behavior with some automated programs that read e-mail. The same problem exists for Cc: lines longer that the OpenVMS mail limit. Solution: When you specify the To: and Cc: SMTP headers while composing a mail message, make sure the addresses you add to these headers do not cause the current line to exceed 75 characters. If that limit is exceeded, insert a line feed and tab before adding the recipient address. This ensures that no single line of a To: or Cc: header is generated with more than 75 characters. Deliverables: TCPIP$SMTP_MAILSHR.EXE V5.4-15D Reference: TCPIP_BUGS Note 3081 ECO 3 updates ------------- ECO E 23-AUG-2004 Alpha, IA64, and VAX Problem: Problem 1: A mail message is bounced by the SMTP symbiont, with the text of the transcript section beginning with a code in the 400's, as in the following example: ---- Transcript of session follows ---- 450 %TCPIP-E-SMTP_NOSUCHUSER, no such user, {address} Reply codes in the 400s are transient errors; mail messages generating such codes should have been retried rather than bounced. Solution: When a remote SMTP server responds to the SMTP symbiont with a reply code in the 400's, the symbiont will now requeue the message to enable the delivery to be retried later rather than bounced. Problem 2: The text of the "Transcript of session" section of a bounced mail message does not match the text returned by the remote SMTP server, instead always being the same "%TCPIP-E-SMTP_NOSUCHUSER, no such user" text followed by the email address. This makes problem diagnosis more difficult. Solution: When a remote SMTP server responds to the SMTP symbiont's RCPT TO command with a permanent failure reply code (one in the 500's), the software will use the text provided in the remote SMTP server's reply in the transcript of the bounced mail instead of the fixed "%TCPIP-E-SMTP_NOSUCHUSER..." message. Deliverables: TCPIP$SMTP_SYMBIONT.EXE V5.4-15E TCPIP$SMTP_MAILSHR.EXE V5.4-15E Reference: PTR 75-13-1285 TCPIP_BUGS Note 3164 TCPIP_BUGS Note 2804 ECO 5 updates ------------- ECO F 13-APR-2005 Alpha, IA64 Problem: The SMTP SFF feature (TCPIP$SMTP_SFF.EXE image) loops for a mail message that contains a single header longer than 7192 bytes. If such a message is delivered to a recipient who has email forwarded to a PIPE% Mailshr mechanism that uses SFF (such as SpamAssassin), the symbiont will hang, waiting forever for the looping PIPE% child process. Deliverables: *.EXE V5.4-15F Reference: TCPIP_BUGS Note 3252 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 SNMP Images --------------------------------------------------------------------------- ECO 3 updates ------------- ECO A 7-JUL-2004 Alpha, IA64 (V5.5 only) Problem: In SNMP, text for sysDescr (1.3.6.1.2.1.1.1) field does not include the architecture type. Needed by clients to distinguish OpenVMS Alpha from OpenVMS I64. Deliverables: TCPIP$ESNMP_SERVER.EXE V5.4-15A Reference: PTR 75-102-1119 TCPIP_BUGS Note 3110 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 SSH Images --------------------------------------------------------------------------- ECO 4B updates ------------- ECO BB 10-MAR-2005 Alpha, IA64 Problem: OpenVMS SSH does not support mixed case passwords. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB Reference: PTR 30-14-108 TCPIP_BUGS Note 3259 ECO BB 10-MAR-2005 Alpha, IA64 Problem: Various signals received during code result in extraneous or cryptic signal messages. Deliverables: ALL Reference: PTR 30-13-339 TCPIP_BUGS Note 3261 ECO BB 10-MAR-2005 Alpha, IA64 Problem: Problems with calls to ssh_xfree(). Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB Reference: PTR 30-13-380 TCPIP_BUGS Note 3262 Note: affects V5.5 ECO only ECO BB 10-MAR-2005 Alpha, IA64 Problem: was not possible during sftp2/scp filecopy. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB Reference: PTR 30-14-116 TCPIP_BUGS Note 3263 ECO BB 10-MAR-2005 Alpha, IA64 Problem: Auditing and other VMS-specific config options cannot be specified in ssh2_config. and sshd2_Config. Also the defaults for auditing do not work. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB Reference: PTR 30-14-154 TCPIP_BUGS Note 3264 Note: affects V5.5 ECO only ECO BB 10-MAR-2005 Alpha, IA64 Problem: OpenVMS SSH did not support use of CHANGEREQ message for password change in communication with non-VMS remote client or server. This change enables password update from non-OpenVMS clients remotes that support this IETF secsh draft protocol message. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB Reference: PTR 30-14-170 TCPIP_BUGS Note 3265 ECO BB 10-MAR-2005 Alpha, IA64 Problem: Inaccurate listing for hostbased authentication in ssh*2_config. files. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB Reference: PTR 30-14-176 TCPIP_BUGS Note 3266 ECO BB 10-MAR-2005 Alpha, IA64 Problem: When crtl memory allocation routine returns a null pointer, ssh code accvios instead of exiting gracefully. Deliverables: TCPIP$SSH_SSH2.EXE V5.4-15BB Reference: PTR 30-14-177 TCPIP_BUGS Note 3267 ECO BB 10-MAR-2005 Alpha, IA64 Problem: Background information: In OpenVMS, if a user account's password is expired, SYSUAF labels the password as pre-expired and the user is allowed to log in once to change the password. If the user does not change the password, the password is expired and a system manager has to reset the account. Problem: The SSH server previously does not support password change requests for non-VMS clients when account passwords are pre-expired. This is a problem with captive accounts (SYSUAF accounts with the CAPTIVE flag enabled) when there is no other secure method for changing passwords. Solution: If the SSH configuration parameter AllowNonvmsLoginWithExpiredPw is set to "no", the server will continue to disallow password authentications for non-VMS clients when the password is pre-expired. If the SSH configuration parameter AllowNonvmsLoginWithExpiredPw is set to "yes", and the password is pre-expired, the server will now send a request to the SSH client to prompt the user for a new password. The SSH client will then prompt the user for a new password. If the VMS account has the SYSUAF DisForce_Pwd_Change flag set, the SSH server will let the user in with the following warning message: WARNING - Your password has expired; update immediately with SET PASSWORD! The user will have to change the password or be locked out on future logins. The SYSUAF flag DisForce_Pwd_Change needs to be enabled for each user that requires original V5.4 functionality for SSH clients. By default, the SSH server sends a Language Tag with the password change request. Some clients do not recognize the Language Tag. To allow these types of clients to work, you can specify the new configuration option DisableLanguageTag with a value of Yes in the SSHD2_CONFIG configuration file. This option prevents the server from sending the Language tag. Note that this configuration option is systemwide and affects all SSH clients. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB TCPIP$SSH_SSH2.EXE V5.4-15BB TCPIP$SSH_SFTP2.EXE V5.4-15BB TCPIP$SSH_SCP2.EXE V5.4-15BB TCPIP$SSH_SFTP-SERVER2.EXE V5.4-15BB Reference: PTR 30-5-429 TCPIP_BUGS Note 3268 Note: affects V5.5 ECO only ECO BB 10-MAR-2005 Alpha, IA64 Problem: Could not copy files larger than 4 gigabytes. Original problem had been copying files larger than 2 gigabytes; fixes in this SCT extended copy to 16 gigabytes (and beyond). Problems related to this fix which were also corrected: - 30-14-116: Cannot interrupt a filecopy with - 30-14-177: If pgflquo on an account is too low, attempt at filecopy causes ACCVIO. Deliverables: TCPIP$SSH_SCP2.EXE V5.4-15BB TCPIP$SSH_SFTP-SERVER2.EXE V5.4-15BB TCPIP$SSH_SFTP2.EXE V5.4-15BB TCPIP$SSH_SSH-ADD2.EXE V5.4-15BB TCPIP$SSH_SSH-AGENT2.EXE V5.4-15BB TCPIP$SSH_SSH-KEYGEN2.EXE V5.4-15BB TCPIP$SSH_SSH-SIGNER2.EXE V5.4-15BB TCPIP$SSH_SSH2.EXE V5.4-15BB TCPIP$SSH_SSHD2.EXE V5.4-15BB Reference: PTR 70-5-2477 / CFS.106027 / Req Id: BE_G09276 TCPIP_BUGS Note 3269 Note: affects V5.5 ECO only ECO BB 10-MAR-2005 Alpha, IA64 Problem: OpenVMS SSH does not support secondary password for password authentication method. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB Reference: PTR 70-5-2544 TCPIP_BUGS Note 3270 Note: affects V5.5 ECO only ECO BB 10-MAR-2005 Alpha, IA64 Problem: OpenVMS SSH does not support "$" character in username Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB Reference: PTR 70-5-2602 TCPIP_BUGS Note 3271 ECO BB 10-MAR-2005 Alpha, IA64 Problem: VMS ssh server not deleting processes which run the tcpiP$ssh_sftp-server2.exe sftp server image after it is finished. Result with clients such as Hummingbird was that child processes stayed around, consuming pgflquo, eventually causing quota exhaustion. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB TCPIP$SSH_SFTP-SERVER2.EXE V5.4-15BB Reference: PTR 70-5-2693 TCPIP_BUGS Note 3272 ECO BB 10-MAR-2005 Alpha, IA64 Problem: TCPIP V5.4 ECO 4 and earlier ssh client and and server do not handle version check with VMS remote at later version. Result is that they do not recognize the remote as VMS. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BB TCPIP$SSH_SSH2.EXE V5.4-15BB Reference: PTR 30-14-157 TCPIP_BUGS Note 3273 Note: affects V5.5 ECO only ECO BB 28-MAR-2005 Alpha, IA64, and VAX Problem: The sftp lcd and lpwd commands issue the error "PWD failed." Deliverables: *.EXE V5.4 Reference: PTR 70-5-2652 TCPIP_BUGS Note 3278 ECO BB 28-MAR-2005 Alpha, IA64, and VAX Problem: Copying a large file (greater than 98,277 bytes) from the TCP/IP Services SFTP server to LINUX SFTP client does not work. Under TCP/IP Services V5.4, the client hangs. Under TCP/IP Services V5.5, the client aborts with an error message such as "Received message too long 538976288". In both cases, the file is copied incorrectly. Deliverables: *.EXE V5.4 Reference: PTR 70-5-2567 TCPIP_BUGS: 3247 ECO BC 24-APR-2005 Alpha, IA64 (V5.5 and V5.6 onl Problem: Password authentication failing, repeated prompt for password entry although correct password entered. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BC Reference: PTR 30-14-190 TCPIP_BUGS Note 3297 Note: affects V5.5 ECO only ECO BC 24-APR-2005 Alpha, IA64 (V5.5 and V5.6 onl Problem: V5.5 / ssh 3.2.0 based code used for V5.4 ECO 4B did not handle password update interaction with peer at V5.4 ECO 4, V5.5 SSB, and some cases of V5.4 ECO 4B. Note that even after the fixes detailed here there are cases where password update does not work, e.g., when new server is identifying itself as V3.2.0, and client is V5.4 ECO 4. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4-15BC Reference: PTR 30-14-170 TCPIP_BUGS Note 3300 PTR 30-5-429 Note: affects V5.5 ECO only ECO BC 24-APR-2005 Alpha, IA64 (V5.5 and V5.6 onl Problem: Error in tcpip$ssh_run.log indicating timeout in locking authority file, combined with failure to run X application in the ssh session started at ssh client. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4 Reference: PTR 70-5-2690 TCPIP_BUGS Note 3301 ECO BC 24-APR-2005 Alpha, IA64 (V5.5 and V5.6 onl Problem: Cannot cascade $ create term/detach from ssh session (using x11 port forwarding). That is, from window created from original session window, cannot do another $ CREATE TERM/DETACH. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4 Reference: PTR 70-5-2743 TCPIP_BUGS Note 3302 ECO BC 24-APR-2005 Alpha, IA64, and VAX Problem: Problem: The intrusion records created when the intruder comes from a client other than the TCP/IP Services client are not sufficiently unique for some environments. This means that one intruder on a remote host locks out all users from that host. This is especially onerous in environments where multiple client hosts appear to be from the same remote IP address. Solution: Use the local user name in the intrusion record in place of SSH_xxxxxxxx (where 'xxxxxxxx' is HEX IP address of remote host) as was the old behavior. If the new IntrusionIdentLocalUser SSH server configuration file option is set to "yes", then the server uses the local user name in intrusion records. If "no", the SSH_xxxxxxxx is used as before. Default is "yes". Deliverables: TCPIP$SSH*.EXE V5.4 Reference: PTR 70-5-2737 TCPIP_BUGS Note 3304 ECO BC 24-APR-2005 Alpha, IA64, and VAX Problem: Problem: The TCP/IP Services SFTP server will only allow a remote client to "get" a file that has a record format of stream LF, fixed length or undefined. Many OpenVMS applications produce files with variable length or VFC record formats, making it impossible to fetch such files using the TCP/IP Services SFTP server. Solution: Enhance the TCP/IP Services SFTP server to allow the client to get variable length or VFC files, with record attributes of either "carriage return carriage control" or "FORTRAN carriage control". Note that the TCP/IP Services scp and sftp clients do not preserve the record format on a file when doing a get from this enhanced TCP/IP Services server. Thus, unlike the file as copied using ftp or the DCL copy command, the file on the client will be created as a stream LF record format regardless of the record format of the file coming from the server. Fortran Carriage Control files can also be fetched. The Fortran control characters are interpreted and the byte stream converted to the associated byte sequence rather than leaving the characters in place in the resultant text file. For example, an ASCII "1" in column one means to print a form feed. In the file passed to the client, the literal Form Feed character (hex 0C) appears, rather than the Fortran control character. Files with other record formats and record attributes may be fetchable from the TCP/IP Services SFTP server but have not been tested and are not supported. Note that TCP/IP Services SCP and SFTP clients do not allow a "put" of variable length or VFC files. For example, if localfile.txt is a variable length file this put will not work: $ scp localfile.txt user@remotehost:remotefile.txt Deliverables: TCPIP$SSH_SFTP-SERVER2.EXE V5.4 Reference: PTR 70-5-2721 TCPIP_BUGS Note 3305 ECO 5 updates ------------- ECO BD 19-MAY-2005 Alpha, IA64 (V5.5 and V5.6 onl Problem: Due to cut-and-paste error, an initialization for call to sys$persona_create was incorrect, causing that call to fail. This in turn caused later xauth code to fail. Deliverables: TCPIP$SSH_SSHD2.EXE V5.4 Reference: PTR 70-5-2690 TCPIP_BUGS Note 3301.1 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 SYSCONFIG Images --------------------------------------------------------------------------- ECO 3 updates ------------- ECO A 23-AUG-2004 Alpha, IA64, and VAX Problem: 'iptunnel create' causes BIND lookups for IPv4 addresses Deliverables: TCPIP$IPTUNNEL.EXE V5.4-15D Reference: PTR 30-14-145 TCPIP_BUGS Note 3143 ECO A 20-SEP-2004 Alpha and VAX and I64 Problem: Can't shutdown TCPIP, system may crash during TCPIP shutdown Deliverables: TCPIP$SYSCONFIG.EXE V5.4-15A Reference: CFS.STID: / UCX Note GS:3180 TCPIP_BUGS Note 3143 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 TCPDUMP Images --------------------------------------------------------------------------- ECO 2 updates ------------- ECO A 14-MAY-2004 Alpha, and VAX Problem: System crash in tcpip$internet_services inet_*_send_log after completion of a trace using tcpdump. This can happen when there is a lot of traffic on the network. Deliverables: TCPIP$TCPDUMP.EXE V5.4-15A Reference: TCPIP_BUGS Note 3104 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 TCPIPLIB Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 15-JAN-2004 Alpha, IA64, and VAX Problem: Network applications are unable to map internet interface names to OpenVMS network device names without having to resort to "static" tables. Hence, the customer-defined internet interface to OpenVMS network device mappings cannot be supported. Deliverables: None. Reference: TCPIP_BUGS Note 3028 ECO B 22-FEB-2004 Alpha, IA64, and VAX Problem: Functions PUTENV() and STRDUP() mistakenly exist in TCPIP$LIBRARY:TCPIP$LIB.OLB with a DECC$ prefix. This can cause link conficts with the C RTL. Deliverables: TCPIP$LIB.OLB Reference: PTR 30-14-90 TCPIP_BUGS Note 3051 ECO C 17-MAR-2004 Alpha Problem: Relink images to the TCPIP$LIB.OLB library provided with this ECO. Deliverables: TCPIP$CFS_SHR.EXE V5.4-15H TCPIP$FTP_CLIENT.EXE V5.4-15D TCPIP$FTP_CHILD.EXE V5.4-15D TCPIP$FTP_SERVER.EXE V5.4-15D TCPIP$IPC_SHR.EXE V5.4-15D TCPIP$IPC_SHR_EV56.EXE V5.4-15D TCPIP$LPD_RCV.EXE V5.4-15C TCPIP$LPD_SHR.EXE V5.4-15C TCPIP$LPD_SMB.EXE V5.4-15C TCPIP$LPD_UTILITIES.EXE V5.4-15C TCPIP$LPQ.EXE V5.4-15C TCPIP$LPRM.EXE V5.4-15C TCPIP$LPRSETUP.EXE V5.4-15C TCPIP$INETACP.EXE V5.4-15I TCPIP$INETACP_PERF.EXE V5.4-15I PF TCPIP$TRACEROUTE.EXE V5.4-15C TCPIP$NTP-GENKEYS.EXE V5.4-15C TCPIP$NTP.EXE V5.4-15C TCPIP$NTPDATE.EXE V5.4-15C TCPIP$NTPDC.EXE V5.4-15C TCPIP$NTPQ.EXE V5.4-15C TCPIP$NTPTRACE.EXE V5.4-15C TCPIP$NTP_RES_CHILD.EXE V5.4-15C TCPIP$PWIPACP.EXE V5.4-15E TCPIP$PWIPDRIVER.EXE V5.4-15E TCPIP$PWIPSHUT.EXE V5.4-15E TCPIP$TELNETSYM.EXE V5.4-15C TCPIP$TELNET.EXE V5.4-15B TCPIP$IPC_SHR.EXE V5.4-15D TCPIP$IPC_SHR_EV56.EXE V5.4-15D TCPIP$UCP.EXE V5.4-15B UCX$IPC_SHR.EXE V5.4-15D UCX$IPC_SHR_EV56.EXE V5.4-15D UCX$LPD_SMB.EXE V5.4-15C Reference: TCPIP_BUGS Note 3057 ECO 3 updates ------------- ECO D 2-AUG-2004 Alpha Problem: After installing the SSL V1.2 kit on TCP/IP Services V5.4, POP SSL support ceases to function. Installing the same kit on TCP/IP Services V5.5 causes both POP SSL and IMAP SSL to cease functioning. The POP and/or IMAP servers will not listen on their SSL ports and, consequently, do not service clients coming in through SSL. The TCPIP$POP_RUN.LOG POP server log file contains these lines: POP server will not listen for SSL connections. SSL$LIBCRYPTO_SHR32_INIT status: %LIB-E-KEYNOTFOU, key not found in tree Deliverables: TCPIP$POP_SERVER.EXE V5.4-15A Reference: PTR 30-13-353 TCPIP_BUGS Note 3152 PTR 30-14-148 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 TELNET_CLIENT Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 24-NOV-2003 Alpha and VAX Problem: The TELNET> SHOW DEVICE command displays incorrect information for local and remote IPv4 addresses on TELNET devices. Deliverables: TCPIP$TELNET.EXE V5.4-15A Reference: PTR 70-5-2346 / CFS.101020 / Req Id: HPAQ601BD / UCX Note 9829 TCPIP_BUGS Note 2979 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 TELNET_SERVER Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 24-NOV-2003 Alpha and VAX Problem: [1] On V5.1/V5.3, a SSRVEXCEPT crash can occur in the TCPIP$TNDRIVER image when doing IO$_TTY_PORT_BUFIO | IO$M_TN_SENSEMODE with an output item list requesting TN$_NETWORK_DEVICE_NAME. On V5.4, while the potential for a crash does exist, the symptom is usually just extraneous information returned for the network device name, which can be seen in the TELNET> SHOW DEVICE/FULL output. [2] Build issue. The compiler is unable to locate header files that were not in the same directory as the source files being compiled. Deliverables: TCPIP$TNDRIVER.EXE V5.4-15A TCPIP$TNDRIVER_PERF.EXE V5.4-15A PF Reference: PTR 70-5-2376 / CFS.102120 / Req Id: AT_G07872 TCPIP_BUGS Note 2978 ECO B 12-Dec-2003 Alpha and VAX Problem: System crash in KVCI$$RECEIVE+00098. Deliverables: TCPIP$TNDRIVER.EXE V5.4-15B TCPIP$TNDRIVER_PERF.EXE V5.4-15B PF Reference: TCPIP_BUGS Note 3019 ECO 2 updates ------------- ECO C 20-Feb-2004 Alpha and VAX Problem: During or after TCP/IP system shutdown, the system crashes with INVEXCEPTN in TCPIP$TNDRIVER+5D4 (V5.3). Deliverables: TCPIP$TNDRIVER.EXE V5.4-15C TCPIP$TNDRIVER_PERF.EXE V5.4-15C PF Reference: PTR 70-5-2448 / CFS.105206 TCPIP_BUGS Note 3054 ECO D 8-Mar-2008 Alpha and VAX Problem: Crash in KVCI$$RECEIVE with null INETKVCI pointer due to zero VCRP$L_CREATOR_DATA1. Deliverables: TCPIP$INTERNET_SERVICES.EXE V5.4-15J TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15J PF TCPIP$TNDRIVER.EXE V5.4-15D TCPIP$TNDRIVER_PERF.EXE V5.4-15D PF Reference: PTR 70-5-2481 / CFS.104564 TCPIP_BUGS Note 3067 ECO 3 updates ------------- ECO E 22-JUN-2004 Alpha and VAX Problem: The system crashes with the following: CPUSPINWAIT, CPU spinwait timer expired Deliverables: TCPIP$TNDRIVER.EXE V5.4-15E TCPIP$TNDRIVER_PERF.EXE V5.4-15E PF Reference: PTR 70-5-2556 / CFS.107891 / Req Id: GB_G09981 TCPIP_BUGS Note 3118 ECO F 25-JUN-2004 Alpha, IA64 and VAX Problem: Exception while above ASTDEL, TN$PORT_DISCONNECT_C+184. Deliverables: TCPIP$TNDRIVER.EXE V5.4-15F TCPIP$TNDRIVER_PERF.EXE V5.4-15F PF Reference: PTR 70-5-2531 / CFS.107382 / Req Id: BCSMH1ZT2 TCPIP_BUGS Note 3122 PTR 70-5-2576 ECO F 25-JUN-2004 Alpha, IA64, and VAX Problem: The existing TCPIP$TELNET_NO_REM_ID logical name did not provide sufficient flexibility in controlling the generation of intrusion and audit records to meet all customer requirements. Therefore, it was necessary to add a new switch: TCPIP$TELNET_TRUST_LOCATION. Deliverables: TCPIP$INETACP.EXE V5.4-15X TCPIP$INETACP_PERF.EXE V5.4-15X TCPIP$TNDRIVER.EXE V5.4-15F TCPIP$TNDRIVER_PERF.EXE V5.4-15F Reference: PTR 70-5-2428 / CFS.104614 / Req Id: GB_G08796 / UCX Note None TCPIP_BUGS Note 3132 ECO G 25-JUN-2004 Alpha and VAX Problem: Crash in TCPIP$TNDRIVER at TN$TIMER_SCAN_DEVICE_C+37C. It is not known how to reproduce this. Deliverables: TCPIP$TNDRIVER.EXE Reference: PTR 70-5-2620 / CFS.QXCM1000196887 ECO 5 updates ------------- ECO H 01-APR-2005 Alpha and VAX Problem: Non-paged pool leak of Mbufs that are all allocated in routine, SORECEIVE_OOB_KERNEL. This can be seen from a TCPIP SHOW MBAG command in SDA. Deliverables: TCPIP$INTERNET_SERVICES.EXE TCPIP$INTERNET_SERVICES_PERF.EXE TCPIP$TNDRIVER.EXE Reference: PTR 70-5-2771 / CFS.QXCM1000229208 ECO H 14-APR-2005 Alpha, IA64, and (partial fix) Problem: This change is not described in the release notes for security reasons. Deliverables: TCPIP$TELNET_SERVER.EXE V5.4/KRB V2.0 TCPIP$TELNET_STARTUP.COM TCPIP$TELNET_SHUTDOWN.COM BUILT BUILDS, Reference: PTR 75-107-204 TCPIP_BUGS Note 3288 ECO I 09-May-2005 Alpha and IA64 Problem: Enhance debugging by producing TNUCB$ symbols. Deliverables: TCPIP$TN_GLOBALS.STB Reference: Internal testing. --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 UCP Images --------------------------------------------------------------------------- ECO 1 updates ------------- ECO A 8-DEC-2003 Alpha, IA64, and VAX Problem: Latent support for future enhancements. Deliverables: TCPIP$UCP.EXE V5.4-15A Reference: PTR 70-5-2404 TCPIP_BUGS Note 3015 ECO 2 updates ------------- ECO C 11-MAR-2004 Alpha, IA64, and VAX Problem: UCP's SET NOROUTE command deletes routes that do not exactly match the specified selection criteria. For example: consider this: a. Show all network routes, do: $ tcpip show route DYNAMIC Type Destination Gateway . . . AN 136.2.0.0/16 16.20.208.53 AH 136.2.2.250 16.20.208.53 b. Delete only the 136.2.2.250 host route, do $ tcpip set noroute 136.2.2.250 /noconfirm c. Show 136.2.0.0 network route, do: $ tcpip show route 136.2.0.0 %TCPIP-E-ROUTEERROR, error accessing routes database (TCPIP$ROUTE) -TCPIP-W-NORECORD, information not found Both host (136.2.2.250) and network (136.2.0.0) routes were deleted; not just the 136.2.2.250 host route as specified. Deliverables: TCPIP$UCP.EXE V5.4-15C Reference: PTR 70-5-2461 / CFS.105684 / Req Id: HGO175762 TCPIP_BUGS Note 3066 ECO D 19-APR-2004 Alpha, IA64, and VAX Problem: 1) When an interface, under the control of failSAFE, fails or recovers an alias address, the IP address is not seen with "TCPIP SHOW INTER". (PTR 30-13-200) 2) Since a pseudo address may not be active immediately, (for example, it is a standby address) the TCPIP SET INTER command may return DEVINACT, even though the address is successfully created as a standby. (30-13-205). 3) When creating a duplicate pseudo address on a different interface, TCPIP SET INTER returns BADPARAM error. Deliverables: TCPIP$INETACP.EXE V5.4-15O TCPIP$INETACP_PERF.EXE V5.4-15O PF TCPIP$INTERNET_SERVICES.EXE V5.4-15O TCPIP$INTERNET_SERVICES_PERF.EXE V5.4-15O PF TCPIP$IFCONFIG.EXE V5.4-15C TCPIP$UCP.EXE V5.4-15D Reference: PTR 30-13-200 TCPIP_BUGS Note 3080 PTR 30-13-205 PTR 70-5-2517 / CFS.106872 / Req Id: BCGMH0CZL ECO D 19-APR-2004 Alpha, IA64, and VAX Problem: Several problems related to creating and managing pseudo interfaces include: 1. PTRs 30-13-324, 30-13-348 UCP's SET INTERFACE and GENERATE INTERFACE commands generate errors (SYSTEM-F-BADPARAM) resulting from race conditions between creating the pseudo interface's alias address and adding its (UCP) marker. UCP's SET INTERFACE and GENERATE INTERFACE commands generate errors (SYSTEM-F-BADPARAM) when creating an interface that specifies a network address that is already in use by another interface. For example, $ tcpip show interface Packets Interface IP_Addr Network mask Receive Send MTU LO0 127.0.0.1 255.0.0.0 72828 72828 4096 WE0 10.10.4.2 255.255.255.0 97200 9644 1500 $ tcpip set interface wea100 /host=10.20.30.100 %TCPIP-E-INVINTERNAM, invalid interface name -TCPIP-I-ACPQIO, failure on internet ACP QIO -SYSTEM-F-BADPARAM, bad parameter value 2. PTR 30-13-349 Pseudo interfaces are not consistently created as address aliases. 3. PTR 70-5-2517 UCP's SET INTERFACE and GENERATE INTERFACE commands generate errors (SYSTEM-F-DEVINACT) when creating pseudo interfaces on systems using TCP/IP Services V5.4 and later (scalable kernel disabled). For example, $ tcpip show interface Packets Interface IP_Addr Network mask Receive Send MTU LO0 127.0.0.1 255.0.0.0 72828 72828 4096 WE0 10.10.4.2 255.255.255.0 97200 9644 1500 $ tcpip set interface wea100 /host=10.20.30.100 %TCPIP-E-INVINTERNAM, invalid interface name -TCPIP-I-ACPQIO, failure on internet ACP QIO -SYSTEM-F-DEVINACT, device inactive 4. UCP's SET INTERFACE and GENERATE INTERFACE commands will delete an existing pseudo interface when creating a new pseudo interface that specifies the same network address on systems using TCP/IP Services V5.4 and later (scalable kernel enabled). For example, $ tcpip show interface Packets Interface IP_Addr Network mask Receive Send MTU LO0 127.0.0.1 255.0.0.0 100 100 4096 WE0 10.10.4.4 255.255.255.0 329 16 1500 WEA100 10.20.30.100 255.0.0.0 329 16 1500 WEA101 10.20.30.101 255.0.0.0 329 16 1500 WEA102 10.20.30.102 255.0.0.0 329 16 1500 $ tcpip set interface wea103 /host=10.20.30.101 $ tcpip show interface Packets Interface IP_Addr Network mask Receive Send MTU LO0 127.0.0.1 255.0.0.0 100 100 4096 WE0 10.10.4.4 255.255.255.0 332 20 1500 WEA100 10.20.30.100 255.0.0.0 332 20 1500 WEA102 10.20.30.102 255.0.0.0 332 20 1500 WEA103 10.20.30.101 255.0.0.0 332 20 1500 Deliverables: TCPIP$UCP.EXE V5.4-15D Reference: PTR 30-13-324 TCPIP_BUGS Note 3084 PTR 30-13-348 PTR 30-13-349 PTR 70-5-2517 / CFS.106872 / Req Id: BCGMH0CZL ECO E 4-MAY-2004 Alpha, IA64, and VAX Problem: Using ifconfig several times from a single UCP session results in confusion when creating IP addresses. For example, when creating IP address2, it could inherit some attributes from IP address1. Deliverables: TCPIP$IFCONFIG.EXE V5.4-15E TCPIP$UCP.EXE V5.4-15E Reference: TCPIP_BUGS Note 3088 ECO F 4-MAY-2004 Alpha, IA64, and VAX Problem: UCP's SET CONFIGURATION ENABLE SERVICE command generates an error whenever an attempt is made to enable a service that is already enabled. For example: a. Show configuration enable service list, do: $ tcpip show configuration enable service Enable service BIND, DHCP, FINGER, FTP, FTP_CLIENT, LPD, METRIC, MYSERV, NFS, NFS_CLIENT, NTP, PCNFS, PORTMAPPER, PWIP_DRIVER, REXEC, RSH, SMTP, SNMP, TELNET, XDM b. Now attempt to enable FTP when it is already enabled, do: $ tcpip set configuration enable service ftp %TCPIP-E-CONFIGERROR, error processing configuration request -RMS-F-DUP, duplicate key detected (DUP not set) Deliverables: TCPIP$UCP.EXE V5.4-15F Reference: PTR 30-14-121 TCPIP_BUGS Note 3097 ECO F 4-MAY-2004 Alpha, IA64, and VAX Problem: UCP limits the number of network controller types to 32. Currently, the number of network controller types, as defined by TCPIP$CONFIG.COM, has reached 29. Thus, only 3 slots are left for new network controller types. Deliverables: TCPIP$UCP.EXE V5.4-15F Reference: TCPIP_BUGS Note 3098 ECO 5 updates ------------- ECO G 7-APR-2005 Alpha, IA64 Problem: TCPIP SET NOINTE would cause UCP to loop endlessly when an IPv6 address was configured on the interface. Deliverables: TCPIP$UCP.EXE V5.4-15G Reference: TCPIP_BUGS Note 3207 ECO G 12-APR-2005 Alpha, IA64, and VAX Problem: Problems generating correct db files when using the TCPIP CONVERT /UNIX BIND command. Deliverables: TCPIP$UCP.EXE V5.4-15G Reference: PTR 70-5-2374 TCPIP_BUGS Note 3227 ECO G 12-APR-2005 Alpha, IA64, and VAX Problem: UCP allows illegal BIND Resolver search list (paths) to be defined. Deliverables: TCPIP$UCP.EXE V5.4-15G Reference: PTR 70-5-2583 TCPIP_BUGS Note 3229 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 UCPLIB Images --------------------------------------------------------------------------- ECO 2 updates ------------- ECO A 18-MAR-2004 Alpha, IA64, and VAX Problem: UCPLIB cannot handle adding a new SMTP configuration database record in a cluster environment. For example, the following valid UCP command fails as shown here: $ tcpip set configuration smtp - _$ /gateway=alternate=smtp /zone=dbnl.bil.int.dexwired.net %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=00000000001F0000, PC=FFFFFFFF808FC17C, PS=0000001B Deliverables: TCPIP$ACCESS_SHR.EXE V5.4-15A Reference: PTR 70-5-2402 / UCX Note 9918 TCPIP_BUGS Note 3047 ECO B 13-MAY-2004 Alpha, IA64, and VAX Problem: UCPLIB can not handle adding a new SMTP configuration database record in a cluster environment. For example, the following valid configuration session fails as shown here when configuring SMTP on 2nd or subsequent node in a cluster: $ @sys$manager:tcpip$config.com . . . HP TCP/IP Services for OpenVMS Client Components Configuration Menu Configuration options: 1 - DHCP Client Disabled Stopped 2 - FTP Client Enabled Started 3 - NFS Client Disabled Stopped 4 - REXEC and RSH Enabled Started 5 - RLOGIN Disabled Stopped 6 - SMTP Enabled Started 7 - SSH Client Enabled Started 8 - TELNET Enabled Started 9 - TELNETSYM Disabled Stopped A - Configure options 1 - 9 [E] - Exit menu Enter configuration option: 6 SMTP Configuration Service is defined in the SYSUAF. Service is defined in the TCPIP$SERVICE database. Configuration is not defined in the TCPIP$CONFIGURATION database. Service is not enabled. Service is started. SMTP configuration options: 1 - Enable service on this node 2 - Stop service on this node [E] - Exit SMTP configuration Enter configuration option: 1 %TCPIP-E-CONFIGERROR, error processing configuration request -RMS-W-RTB, 1089972 byte record too large for user's buffer %TCPIP-E-CONFIGERROR, error processing configuration request -RMS-W-RTB, 1089972 byte record too large for user's buffer Deliverables: TCPIP$ACCESS_SHR.EXE V5.4-15B Reference: PTR 75-102-920 TCPIP_BUGS Note 3103 --------------------------------------------------------------------------- Corrections for HP TCP/IP Services V5.4 UNIX_API Images --------------------------------------------------------------------------- ECO 2 updates ------------- ECO A 20-APR-2004 Alpha, IA64, and VAX Problem: Several problems related to creating and managing pseudo interfaces include: 1. PTRs 30-13-324, 30-13-348 UCP's SET INTERFACE and GENERATE INTERFACE commands generate errors (SYSTEM-F-BADPARAM) resulting from race conditions between creating the pseudo interface's alias address and adding its (UCP) marker. UCP's SET INTERFACE and GENERATE INTERFACE commands generate errors (SYSTEM-F-BADPARAM) when creating an interface that specifies a network address that is already in use by another interface. For example, $ tcpip show interface Packets Interface IP_Addr Network mask Receive Send MTU LO0 127.0.0.1 255.0.0.0 72828 72828 4096 WE0 10.10.4.2 255.255.255.0 97200 9644 1500 $ tcpip set interface wea100 /host=10.20.30.100 %TCPIP-E-INVINTERNAM, invalid interface name -TCPIP-I-ACPQIO, failure on internet ACP QIO -SYSTEM-F-BADPARAM, bad parameter value 2. PTR 30-13-349 Pseudo interfaces are not consistently created as address aliases. 3. PTR 70-5-2517 UCP's SET INTERFACE and GENERATE INTERFACE commands generate errors (SYSTEM-F-DEVINACT) when creating pseudo interfaces on systems using TCP/IP Services V5.4 and later (scalable) kernel disabled). For example, $ tcpip show interface Packets Interface IP_Addr Network mask Receive Send MTU LO0 127.0.0.1 255.0.0.0 72828 72828 4096 WE0 10.10.4.2 255.255.255.0 97200 9644 1500 $ tcpip set interface wea100 /host=10.20.30.100 %TCPIP-E-INVINTERNAM, invalid interface name -TCPIP-I-ACPQIO, failure on internet ACP QIO -SYSTEM-F-DEVINACT, device inactive 4. UCP's SET INTERFACE and GENERATE INTERFACE commands will delete an existing pseudo interface when creating a new pseudo interface that specifies the same network address on systems using TCP/IP Services V5.4 and later (scalable kernel enabled). For example, $ tcpip show interface Packets Interface IP_Addr Network mask Receive Send MTU LO0 127.0.0.1 255.0.0.0 100 100 4096 WE0 10.10.4.4 255.255.255.0 329 16 1500 WEA100 10.20.30.100 255.0.0.0 329 16 1500 WEA101 10.20.30.101 255.0.0.0 329 16 1500 WEA102 10.20.30.102 255.0.0.0 329 16 1500 $ tcpip set interface wea103 /host=10.20.30.101 $ tcpip show interface Packets Interface IP_Addr Network mask Receive Send MTU LO0 127.0.0.1 255.0.0.0 100 100 4096 WE0 10.10.4.4 255.255.255.0 332 20 1500 WEA100 10.20.30.100 255.0.0.0 332 20 1500 WEA102 10.20.30.102 255.0.0.0 332 20 1500 WEA103 10.20.30.101 255.0.0.0 332 20 1500 Deliverables: TCPIP$UCP.EXE V5.4-15D Reference: PTR 30-13-324 TCPIP_BUGS Note 3084 PTR 30-13-348 PTR 30-13-349 PTR 70-5-2517 / CFS.106872 / Req Id: BCGMH0CZL ---------------------------------------------------------------------------