NOVELL TECHNICAL INFORMATION DOCUMENT TITLE: TCP update for NetWare 5.1 TID #: 2972237 README FOR: tcp587i.exe SUPERSEDES: tcp587h.exe NOVELL PRODUCTS and VERSIONS: TCPIP - NW51CP ABSTRACT: October 4, 2005: File re-released as public. No changes made to any binaries. This patch includes two versions of the TCP/IP stack. The recommended version is the NULL version. The INSTALLATION INSTRUCTIONS section of this readme will help you decide which version of the stack to use. You can review the list of fixes in the ISSUE section of this readme. ----------------------------------------------------------------- DISCLAIMER THE ORIGIN OF THIS INFORMATION MAY BE INTERNAL OR EXTERNAL TO NOVELL. NOVELL MAKES ALL REASONABLE EFFORTS TO VERIFY THIS INFORMATION. HOWEVER, THE INFORMATION PROVIDED IN THIS DOCUMENT IS FOR YOUR INFORMATION ONLY. NOVELL MAKES NO EXPLICIT OR IMPLIED CLAIMS TO THE VALIDITY OF THIS INFORMATION. ----------------------------------------------------------------- INSTALLATION INSTRUCTIONS: These files should be installed on a NetWare 5.1 server that has SP4 or later applied. Recommended version: The NULL version of the stack is the recommended version. Encrypted stack options: If you are running NetWare 5.1, AND have installed BorderManager 3.8, AND have implemented VPN's, use the files in the NICI folder. If you are running NetWare 5.1, AND have installed BorderManager 3.7, AND have implemented VPN's, do not use this patch. If you absolutely need a fix included in this patch you will need to upgrade to BorderManager 3.8 first so that you can use the code in the NICI folder. If neither of these describe your server then use the NULL version. Installation Procedure: Copy the tcpip.nlm, tcp.nlm, and bsdsock.nlm from one of the folders (null, or nici) to the sys:system directory and restart the server. ISSUE: New Fixes: - Fixed TCP advertising an odd receive window size. (91507) - Removed a spinlock that was causing a deadlock. It could be seen as a spinlock deadlock abend in DSDSOCK.NLM|remove_thread_from_skt_operation (113073) - Made changes to arp packet processing so it replies to an arp request from any source; not necessarily from directly connected source. (82822) Previous Fixes included in this patch: -All fixes included in the NW 5.1 SP8 release. - When a supernetted IP address is bound and an ICMP Destination Unreachable message is received by the system with the Don't Fragment Bit Set the addition of a host route would fail. (100352595) - Binding an IP address with host mask of 255.255.255.255 could result in an inccorect routing entry for that IP address with mask 255.255.255.224 instead. (000401571) - Application thread hangs forever. (000402657, 000392579, 000406347) Previous Fixes Included: - IP Fragmentation issue for NFS gateway (NOVL96866, 000369320) - ABEND, in TCPIP.NLM in the function SkipDeregister on BorderManager 3.8 Proxy server. (500368139) - ABEND, CPU Hog abend in BSDSOCK (100353276, 000346535) - ABEND in the TCPSendData()function call (000359158) - ABEND in BSDSOCK attempting to context switch while holding a spinlock. (000358496) - C/S Policies not showing correctly in NORM. (2528) - The UDP checksum for the UDP encapsulated packet digest is calculated with zero.(500351699) - PXE clients would not get an IP address if they set the "Broadcast" flag in their DHCP header. (000348647) - Communication to applications on the server will fail if the first bound address is a supernetted address.(100352595) - Path MTU Discovery does not always work with IP Load Sharing or Load Balancing. (100309501) - ABEND in the decryption process because an ECB was getting freed up that had already been freed up in the IPSec code path. - ABEND or Hang with the Domestic stack on a server running Proxy. (000281204, 000317676) - ABEND in TCPIP.NLM: IPDeregister with Page Fault Processor Exception (000334431) - ABEND in IPLocalDeliver: UDP Packet with Options are messed up. (000331700) - Novell Cluster Services Split Brain Condition. Error: "Join retry, some other node acquired the cluster lock" This happened on a box with multiple NIC cards. Some of these NIC's had been previously bound with the same address but were disabled. (000313108) - A message is now displayed on the console screen instead of the logger screen when a secondary IP address which was just added is deleted because of a conflict with some other device. (500284382, 500273116, 500279152, 500285921, 500284382, 500273116, 500279152, 500285921) - Fixes to the handling of packets with SACK Options set. - High utilization on a machine being used as a reverse proxy with connections in a TIME_WAIT state. (500283743) - An issue with the TCP SACK Option causing unwanted transmissions in one particular code path immediately after a retransmission. - ABEND in TCPReassembleSegment in debug tcp code. - UDP Fragments improperly tagged for Checksumming Offload. Before this fix we recommended turning off checksumming on the LAN driver. (B57 and Q57 in particular) - UDP Bind not supporting Multicast & Broadcast address. This was a requirement for Volera. - Transparent Proxy conflict with Reverse Proxy. - Domestic version ignoring icmp fragmentation needed packet. - Fix java socket errors when trying to DOWN the server. After typing DOWN at the console, the server prints: "Java: Continuing to clean up resources in the background. 9-05-2002 4:05:36 pm: SERVER-5.60-836 Error unloading killed loadable module (JSOCK6X.NLM) NetWare 6.x Support For Java Sockets" - Fix TCPIP Discard Filter not working after applying NW51SP3. - Fix man in the middle attack by replacing the ISN generation algorithm with MD5 - Fix for an ABEND in TCP when multiprocessors were enabled - Fix for server -NA brings many public symbols relating to bsdsock being unresolved a TCPIP loaded event is now generated - Fix for ABEND when ZFD4 imaging clients access server utilizing multiprocessor. This is a MP issue where loopback TCP packets were delivered on the wrong processor. - Addresses an ABEND with MyRealBox and iFolder. - The Default Route was disappearing when learned via RIP. - OSPF flag IP load Sharing - Couldn't access to certain websites because data was included in the ACK in the TCP3 way handshake. - The setting "set icmp redirect timeouts = 0" now works. Setting this to 0 will not allow the server to learn route updates through icmp redirects. - Following abend has been fix with bsdsock.nlm: D0D34578 (ESP+0) Address in BSDSOCK.NLM at code start +0000271Eh Previous: -000005FE D21BC120 BSDSOCK.NLM|getBsdDebugInfo Current: 00000000 D21BC71E Next: +0000009A D21BC7B8 BSDSOCK.NLM|remove_thread_from_skt_operation?¦@ - Server would abend in bsdsock.nlm when unloading third party tftpd server. - sbpt is a pointer to the tcp socket's send queue. When the sbpt becomes null the server would abend in the next instruction. - Server would overwrite its default route with a routing update from OSPF that included a route entry that did not have better metrics than the statically defined route. - There was an issue that when proxy was communicating with different web servers where it would fail if the proxy would piggyback data in an ack in the TCP three way hand shake. Now we do not piggy back data in the ack. Self-Extracting File Name: tcp587i.exe Files Included Size Date Time ..\ TCP587I.TXT (This file) ..\NICI\ BSDSOCK.NLM 111275 8-26-2005 2:23:44 pm TCP.NLM 743592 8-23-2005 3:37:54 pm TCPIP.NLM 812681 9-2-2005 12:00:28 pm ..\NULL\ BSDSOCK.NLM 110155 8-26-2005 2:16:42 pm TCP.NLM 742538 8-23-2005 3:36:12 pm TCPIP.NLM 589714 9-2-2005 11:58:32 am ----------------------------------------------------------------- Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information. -----------------------------------------------------------------