|
Software > OpenVMS Systems > Documentation > 84final > tcprn HP OpenVMS Systems Documentation |
|
HP TCP/IP Services for OpenVMS
|
| Previous | Contents |
TCPDUMP works the same way on OpenVMS as it does on UNIX systems, with the following restrictions:
$ TCPDUMP -s 1500 -w filename |
The following restrictions apply to the TCP/IP management commands:
TCPIP> ifconfig -a |
TCPIP> ifconfig ie0 -alias 10.10.10.1 |
For more information on TCP/IP Services management commands, refer to the HP TCP/IP Services for OpenVMS Management Command Reference guide.
This chapter describes the problems corrected in this version of TCP/IP Services.
The following sections describe programming-related problems fixed in this release.
Problem:
The stack buffer overflows in the ntpq program.
Solution:
This problem is corrected in this release.
Problem:
When PPE is enabled, the system crashes during shutdown with the following message:
"SPLIPLLOW, IPL has fallen below level of owned spinlock(s)" |
Solution:
This problem is corrected in this release.
The following sections describe BIND server problems fixed in this release.
Bind server crash can be caused on receipt of a specific remote dynamic update message.
Solution:
This problem is fixed in this release.
TCPIP$BIND_STARTUP.COM displays the %SYSTEM-W-NOSUCHFILE and %DCL-E-INVIFNEST errors when the SYS$SHARE:SSL$LIBCRYPTO_SHR32.EXE image is not present on the system.
Solution:
This problem is fixed in this release.
Problem:
While configuring TCP/IP, using TCPIP$CONFIG, in the BIND server, the %LIBRAR-E-LOOKUPERR error is displayed. TCPIP$CONFIG incorrectly looks for LOOPBACK_DB.
Solution:
This problem has been fixed in this release.
Problem:
TCPIP$BINDSETUP fails to conform to the new BIND local host database filename.
Solution:
This problem is corrected in this release.
Problem:
On OpenVMS Integrity servers, entering CTRL/C for the TCPIP SHOW HOST (/NOLOCAL) command may display an ACCIVO error within the BIND resolver.
Solution:
This problem is corrected in this release.
Problem:
This release adds the ability to generate and display the memory usage statistics for the BIND Server.
Solution:
To display the memory usage statistics for the BIND Server, define the logical name as follows:
$ DEFINE /SYSTEM TCPIP$BIND_MEMSTATS 1 |
TCPIP$BIND_MEMSTATS is an existing logical name. The value does not matter; but it must be defined.
Use either the rndc stats command or the TCPIP SHOW NAME /STATISTICS command to send the memory usage statistics to the file TCPIP$BIND.STATS. The memstats information will complement the server Statistics Dump information that is normally sent to the file.
Problem:
There is a delay because of using the ROUTE ADD command when the BIND resolver is disabled.
Solution: This problem is corrected in this release.
Problem:
TCPDUMP, and potentially other applications, fails to resolve the local host database names. When _SOCKADDR_LEN is not defined, a call to the getaddrinfo() function will not look in the local host database. When getaddrinfo() was called with the hints argument as NULL, the routine fails with an ACCVIO.
Solution:
This problem is corrected in this release.
Problem:
The getaddrinfo() function sometimes returned AF_INET structures even when the AI_V4MAPPED flag was set. The most obvious effect was that attempting to reach an unresponsive host via TELNET would provoke a unexpected IPv6-looking address in the TELNET client and displays the Trying ... message.
Solution:
This problem is corrected in this release.
Problem:
Specifying an invalid port number to getnameinfo() results in an ACCVIO error.
Solution:
This problem is corrected in this release.
Problem:
The getnameinfo() NI_* flag values were improperly changed for V5.6 when updating to the BIND 9 resolver. Changing these values broke applications that were built on pre_v5.6 versions of TCP/IP Services for OpenVMS.
Solution:
The NI_* flag values for the getnameinfo() function were improperly changed with the V5.6 release. This would cause any applications using the NI_* flag values that were built against pre-V5.6 TCP/IP versions not to run as expected on TCP/IP V5.6. This problem has been corrected, and the flag values have been returned to their pre-V5.6 definitions. Note that any applications using the NI_* flag values that were built against V5.6 will no longer execute properly on V5.6 ECO1 or later. These applications must be rebuilt.
Problem:
The undocumented TCPIP$SYSTEM:HOSTS.DAT ASCII file is still provided during TCP/IP installation, but the file is no longer used by the BIND resolver.
Solution:
This problem is corrected in this release.
Problem:
Query IDs generated by the DNS server are vulnerable to cryptographic analysis.
Solution:
This problem is corrected in this release.
Problem:
BIND cluster-wide startup and shutdown command procedures are generated with embedded physical device names, requiring extra effort upon changing to a new system disk.
Solution:
This problem is corrected in this release.
Problem:
The BIND9 Resolver aborts when multiple threads called getadrinfo simultaneously, although, RFC 3493 describes getaddrinfo as a thread safe or re-entrant function.
Solution:
This problem is corrected in this release.
Problem:
The BIND/DNS server is vulnerable to a widely publicized spoofing and cache-poisoning attack.
Solution:
This problem is corrected in this release.
Problem:
The BIND/DNS cache server uses a fixed or an arbitrarily selected UDP port for out going DNS queries. This will lead to UDP port spoofing and cache-poisoning attack.
Solution:
This problem is corrected in this release.
Problem:
The BIND Resolver functions, GETNAMEINFO, GETHOSTBYNAME, GETHOSTBYADDR GETNETBYNAME,GETNETBYADDR,GETSERVBYNAME and GETSERVBYPORT causes memory leaks and does not close the files properly when called from a multithreaded program.
Solution:
This problem is corrected in this release.
Problem:
getaddrinfo with nodename as NULL fails with BADHINTS: Not found in explore
Solution:
This problem is corrected in this release.
The following sections describe the DHCP problems fixed in this release.
Problem:
When DNS updates are enabled, the DHCP server fails to update the DNS server correctly if the netmask for the client's network differs from 255.255.255.0.
Solution:
This problem is corrected in this release.
Problem:
The DHCP client, when run in a cluster where the TCPIP$* data files are shared between cluster members, could incur RMS-E-FLK errors when running the TCPIP$$SETHOSTNAME.COM script's SET HOST and SET NOHOST commands.
Solution:
This problem is corrected in this release.
Problem:
The OpenVMS DHCP server cannot be disabled on one or more interfaces. The server always listens on all the interfaces.
Solution:
A new logical, TCPIP$DHCP_IGNOR_IFS is now supported to fix this problem.
Problem:
The DHCPSIGHUP command is issued twice to update the DHCP Debug Level.
Solution:
This problem is corrected in this release.
Problem:
DHCP server logs events on ignored interfaces. Logging events for ignored interfaces leads to huge log files.
Solution:
This problem is corrected in this release.
The following sections describe failSAFE IP problems fixed in this release.
Problem:
failSAFE IP does not read its configuration file if stored in the STREAM_LF format.
Solution:
This problem is corrected in this release.
Problem:
In some configurations, the failSAFE IP may pick the wrong interface to monitor. This is displayed on OPCOM and in the logfile during failSAFE IP startup.
Solution:
This problem is corrected in this release.
Problem:
If the interface_list is not specified, by default, all the interfaces must be monitored. One of the earlier ECO release did not support the default behavior.
Solution:
This problem is corrected in this release.
Problem:
failSAFE IP failover sometimes losses the default route when IPv6 is configured.
Solution:
This problem is corrected in this release.
Problem:
Under certain circumstances, only the first static route reliably fails over. This is typically the default route.
Solution:
This problem is corrected in this release.
The following sections describe FINGER component problems fixed in this release.
Problem:
The FINGER server does not properly enforce the file access restrictions when following symbolic links. The client is vulnerable to a format string attack.
Solution:
This problem is corrected in this release.
The following sections describe FTP server and client problems fixed in this release.
On a non-VMS FTP client, such as Windows, UNIX, or LINUX, the filenames are displayed in the VMS format with the "^" characters in the filename. Also, when retrieving the filenames using the non-VMS FTP client, the filename in OpenVMS format is displayed with "^", such as file^.1^.2^.3^.4.txt. For retrieving the files and saving them on the PC, the "^" characters must not be included in the filenames.
Solution:
This problem is corrected in this release.
Problem:
The FTP client copies multiple versions of a file and places them in reverse order.
Solution:
This problem is fixed in this release.
When the FTP server limit is reached and no new connections were accepted the TCPIP$FTP_1 server stopped communicating with the FTP child processes on the system. After the limit was reached, the child processes hung waiting on a mailbox. Although, the process rejected the new incoming connections; it appeared that communication was lost with the old processes.
Solution:
This problem is fixed in this release.
In certain scenarios, the OpenVMS FTP server reports the following error messages:
425-Can't build data connection for ... 425 Connect to network object rejected |
Solution:
This problem is fixed in this release.
Problem:
Although the FTP client is disabled, users can ftp to another system. Because, FTP is a DCL command, the FTP client image can be invoked even if the FTP client service is shutdown.
Solution:
This problem is corrected in this release.
Problem:
On a remote Linux or HP-UX node, if the filename starts with a dot and has multiple dots within the name, for example, .test.001, the filename is truncated. That is, the characters before the second dot are not displayed.
Solution:
This problem is corrected in this release.
Problem:
When using FTP or $ COPY /FTP to transfer files from an OpenVMS system to a UNIX system, the FTP client adds a "." character to a filename without extension.
Solution:
This problem is corrected in this release.
Problem:
The FTP server, upon receiving a USER command in a session that is already logged in, failed to return a proper error, leading to a hang.
Solution:
A message similar to the following is displayed:
"503 User SMITH, is already logged in" |
Problem:
The FTP client does not properly construct wildcarded filenames. COPY /FTP TEST.EXE_OLD nodename"username password"::*.EXE creates a file named "_.EXE" on the remote system. Also, COPY /FTP TEST.EXE_OLD nodename"username password"::FILE.* creates a file named "FILE._" on the remote system.
Solution:
The FTP client properly constructs the wildcarded filenames.
Problem:
FTP does not understand the "expanded" rooted logical name syntax.
Solution:
This problem is corrected in this release.
Problem:
The FTP server terminates with an ACCVIO error when there are many connections and disconnections. The FTP server also displays an error message that is similar to the following:
session connection from 127.124.172.114 at 11-JAN-2007 18:42:08.42 %SYSTEM-F-NOSLOT, no PCB available %TCPIP-E-FTP_CREPRC, failed to create a child process |
Solution:
This problem is corrected in this release.
Problem:
The DIRECTORY /FTP command fails to return a failure status, even when the target file does not exist.
Solution:
This problem is corrected in this release.
Problem:
Entries made in the TCPIP$ETC:IPNODES.DAT file are not read by the FTP client.
Solution:
This problem is corrected in this release.
Problem:
The OpenVMS FTP client echoes the keyboard input associated with the Account (ACCT) command. Because, some FTP servers use the "account" as a secondary password, which raised security concerns.
Solution:
This problem is corrected in this release.
Problem:
Because of a non existent owner on the destination system, the GET /FDL and COPY /FTP/FDL commands may fail. The original owner must be omitted or ignored.
Solution:
This problem is corrected in this release.
| Previous | Next | Contents |