| Previous | Contents |
TCPDUMP works the same way on OpenVMS as it does on UNIX systems, with the following restrictions:
$ TCPDUMP -s 1500 -w filename |
The following restrictions apply to the TCP/IP management commands:
TCPIP> ifconfig -a |
TCPIP> ifconfig ie0 -alias 10.10.10.1 |
For more information on TCP/IP Services management commands, refer to the HP TCP/IP Services for OpenVMS Management Command Reference guide.
This chapter describes the problems corrected in this version of
TCP/IP Services.
4.1 Advanced Programming Environment problems fixed in this release
The following sections describe programming-related problems fixed in
this release.
4.1.1 Buffer overflow in ntpq program
Problem:
The stack buffer overflows in the ntpq program.
Solution:
This problem is corrected in this release.
4.1.2 With PPE enabled, system crashes during shutdown
Problem:
When PPE is enabled, the system crashes during shutdown with the following message:
"SPLIPLLOW, IPL has fallen below level of owned spinlock(s)" |
Solution:
This problem is corrected in this release.
4.2 BIND Server problems fixed in this release
The following sections describe BIND server problems fixed in this
release.
4.2.1 Bind server crashes on receipt of dynamic update message
Problem:
Bind server crash can be caused on receipt of a specific remote dynamic update message.
Solution:
This problem is fixed in this release.
4.2.2 SYSTEM-W-NOSUCHFILE and %DCL-E-INVIFNEST Errors
Problem:
TCPIP$BIND_STARTUP.COM displays the %SYSTEM-W-NOSUCHFILE and %DCL-E-INVIFNEST errors when the SYS$SHARE:SSL$LIBCRYPTO_SHR32.EXE image is not present on the system.
Solution:
This problem is fixed in this release.
4.2.3 %LIBRAR-E-LOOKUPERR error in the BIND server
Problem:
While configuring TCP/IP, using TCPIP$CONFIG, in the BIND server, the %LIBRAR-E-LOOKUPERR error is displayed. TCPIP$CONFIG incorrectly looks for LOOPBACK_DB.
Solution:
This problem has been fixed in this release.
4.2.4 BINDSETUP fails to conform to the database filename
Problem:
TCPIP$BINDSETUP fails to conform to the new BIND local host database filename.
Solution:
This problem is corrected in this release.
4.2.5 Entering CTRL/C for TCPIP SHOW HOST (/NOLOCAL)
may display ACCIVO)
Problem:
On OpenVMS Integrity servers, entering CTRL/C for the TCPIP SHOW HOST (/NOLOCAL) command may display an ACCIVO error within the BIND resolver.
Solution:
This problem is corrected in this release.
4.2.6 Memory usage statistics
Problem:
This release adds the ability to generate and display the memory usage statistics for the BIND Server.
Solution:
To display the memory usage statistics for the BIND Server, define the logical name as follows:
$ DEFINE /SYSTEM TCPIP$BIND_MEMSTATS 1 |
TCPIP$BIND_MEMSTATS is an existing logical name. The value does not matter; but it must be defined.
Use either the
rndc stats
command or the
TCPIP SHOW NAME /STATISTICS
command to send the memory usage statistics to the file
TCPIP$BIND.STATS. The memstats information will complement the server
Statistics Dump information that is normally sent to the file.
4.2.7 Delay because of using "ROUTE ADD"
Problem:
There is a delay because of using the ROUTE ADD command when the BIND resolver is disabled.
Solution: This problem is corrected in this release.
4.2.8 Resolving the local host database names
Problem:
TCPDUMP, and potentially other applications, fails to resolve the local host database names. When _SOCKADDR_LEN is not defined, a call to the getaddrinfo() function will not look in the local host database. When getaddrinfo() was called with the hints argument as NULL, the routine fails with an ACCVIO.
Solution:
This problem is corrected in this release.
4.2.9 Unexpected IPv6-looking address in the TELNET client
Problem:
The getaddrinfo() function sometimes returned AF_INET structures even when the AI_V4MAPPED flag was set. The most obvious effect was that attempting to reach an unresponsive host via TELNET would provoke a unexpected IPv6-looking address in the TELNET client and displays the Trying ... message.
Solution:
This problem is corrected in this release.
4.2.10 Specifying an invalid port number to getnameinfo()
Problem:
Specifying an invalid port number to getnameinfo() results in an ACCVIO error.
Solution:
This problem is corrected in this release.
4.2.11 NI_* flag values for getnameinfo()
Problem:
The getnameinfo() NI_* flag values were improperly changed for V5.6 when updating to the BIND 9 resolver. Changing these values broke applications that were built on pre_v5.6 versions of TCP/IP Services for OpenVMS.
Solution:
The NI_* flag values for the
getnameinfo()
function were improperly changed with the V5.6 release. This would
cause any applications using the NI_* flag values that were built
against pre-V5.6 TCP/IP versions not to run as expected on TCP/IP V5.6.
This problem has been corrected, and the flag values have been returned
to their pre-V5.6 definitions. Note that any applications using the
NI_* flag values that were built against V5.6 will no longer execute
properly on V5.6 ECO1 or later. These applications must be rebuilt.
4.2.12 TCPIP$SYSTEM:HOSTS.DAT ASCII file
Problem:
The undocumented TCPIP$SYSTEM:HOSTS.DAT ASCII file is still provided during TCP/IP installation, but the file is no longer used by the BIND resolver.
Solution:
This problem is corrected in this release.
4.2.13 Query IDs
Problem:
Query IDs generated by the DNS server are vulnerable to cryptographic analysis.
Solution:
This problem is corrected in this release.
4.2.14 BIND cluster-wide startup and shutdown command procedures
Problem:
BIND cluster-wide startup and shutdown command procedures are generated with embedded physical device names, requiring extra effort upon changing to a new system disk.
Solution:
This problem is corrected in this release.
4.2.15 BIND9 Resolver aborts
Problem:
The BIND9 Resolver aborts when multiple threads called getadrinfo simultaneously, although, RFC 3493 describes getaddrinfo as a thread safe or re-entrant function.
Solution:
This problem is corrected in this release.
4.2.16 Spoofing and cache-poisoning attack in a BIND/DNS server
Problem:
The BIND/DNS server is vulnerable to a widely publicized spoofing and cache-poisoning attack.
Solution:
This problem is corrected in this release.
4.2.17 Spoofing and cache-poisoning attack in a UDP port
Problem:
The BIND/DNS cache server uses a fixed or an arbitrarily selected UDP port for out going DNS queries. This will lead to UDP port spoofing and cache-poisoning attack.
Solution:
This problem is corrected in this release.
4.2.18 Memory leaks in BIND Resolver functions
Problem:
The BIND Resolver functions, GETNAMEINFO, GETHOSTBYNAME, GETHOSTBYADDR GETNETBYNAME,GETNETBYADDR,GETSERVBYNAME and GETSERVBYPORT causes memory leaks and does not close the files properly when called from a multithreaded program.
Solution:
This problem is corrected in this release.
4.2.19 GETADDRINFO with nodename as NULL fails
Problem:
getaddrinfo with nodename as NULL fails with BADHINTS: Not found in explore
Solution:
This problem is corrected in this release.
4.3 DHCP component problems fixed in this release
The following sections describe the DHCP problems fixed in this release.
4.3.1 DHCP server fails to update the DNS server correctly
Problem:
When DNS updates are enabled, the DHCP server fails to update the DNS server correctly if the netmask for the client's network differs from 255.255.255.0.
Solution:
This problem is corrected in this release.
4.3.2 RMS-E-FLK errors when running the TCPIP$$SETHOSTNAME.COM script's SET HOST and SET NOHOST commands
Problem:
The DHCP client, when run in a cluster where the TCPIP$* data files are shared between cluster members, could incur RMS-E-FLK errors when running the TCPIP$$SETHOSTNAME.COM script's SET HOST and SET NOHOST commands.
Solution:
This problem is corrected in this release.
4.3.3 DHCP server listens on all interfaces
Problem:
The OpenVMS DHCP server cannot be disabled on one or more interfaces. The server always listens on all the interfaces.
Solution:
A new logical, TCPIP$DHCP_IGNOR_IFS is now supported to fix this
problem.
4.3.4 DHCPSIGHUP command is issued twice
Problem:
The DHCPSIGHUP command is issued twice to update the DHCP Debug Level.
Solution:
This problem is corrected in this release.
4.3.5 DHCP server logs events on ignored interfaces
Problem:
DHCP server logs events on ignored interfaces. Logging events for ignored interfaces leads to huge log files.
Solution:
This problem is corrected in this release.
4.4 failSAFE IP problems fixed in this release
The following sections describe failSAFE IP problems fixed in this
release.
4.4.1 failSAFE IP does not read its configuration file
Problem:
failSAFE IP does not read its configuration file if stored in the STREAM_LF format.
Solution:
This problem is corrected in this release.
4.4.2 failSAFE IP may pick the wrong interface to monitor
Problem:
In some configurations, the failSAFE IP may pick the wrong interface to monitor. This is displayed on OPCOM and in the logfile during failSAFE IP startup.
Solution:
This problem is corrected in this release.
4.4.3 If interface_list not specified, default behavior does not work
Problem:
If the interface_list is not specified, by default, all the interfaces must be monitored. One of the earlier ECO release did not support the default behavior.
Solution:
This problem is corrected in this release.
4.4.4 IP failover sometimes losses the default route
Problem:
failSAFE IP failover sometimes losses the default route when IPv6 is configured.
Solution:
This problem is corrected in this release.
4.4.5 First static route failover
Problem:
Under certain circumstances, only the first static route reliably fails over. This is typically the default route.
Solution:
This problem is corrected in this release.
4.5 FINGER Component problems fixed in this release
The following sections describe FINGER component problems fixed in this
release.
4.5.1 File access restrictions when following symbolic links.
Problem:
The FINGER server does not properly enforce the file access restrictions when following symbolic links. The client is vulnerable to a format string attack.
Solution:
This problem is corrected in this release.
4.6 FTP Server and Client problems fixed in this release
The following sections describe FTP server and client problems fixed in
this release.
4.6.1 OpenVMS, TCP/IP, or Non-VMS FTP client access to ODS-5 disk
Problem:
On a non-VMS FTP client, such as Windows, UNIX, or LINUX, the filenames are displayed in the VMS format with the "^" characters in the filename. Also, when retrieving the filenames using the non-VMS FTP client, the filename in OpenVMS format is displayed with "^", such as file^.1^.2^.3^.4.txt. For retrieving the files and saving them on the PC, the "^" characters must not be included in the filenames.
Solution:
This problem is corrected in this release.
4.6.2 FTP client copies multiple versions of a file and places them in reverse order
Problem:
The FTP client copies multiple versions of a file and places them in reverse order.
Solution:
This problem is fixed in this release.
4.6.3 TCPIP$FTP_1 server stops communicating with the FTP child processes
Problem:
When the FTP server limit is reached and no new connections were accepted the TCPIP$FTP_1 server stopped communicating with the FTP child processes on the system. After the limit was reached, the child processes hung waiting on a mailbox. Although, the process rejected the new incoming connections; it appeared that communication was lost with the old processes.
Solution:
This problem is fixed in this release.
4.6.4 FTP server error messages
Problem:
In certain scenarios, the OpenVMS FTP server reports the following error messages:
425-Can't build data connection for ... 425 Connect to network object rejected |
Solution:
This problem is fixed in this release.
4.6.5 Users can still FTP with FTP client disabled
Problem:
Although the FTP client is disabled, users can ftp to another system. Because, FTP is a DCL command, the FTP client image can be invoked even if the FTP client service is shutdown.
Solution:
This problem is corrected in this release.
4.6.6 [VMS]COPY/FTP file with multiple-dot filename does not work
Problem:
On a remote Linux or HP-UX node, if the filename starts with a dot and has multiple dots within the name, for example, .test.001, the filename is truncated. That is, the characters before the second dot are not displayed.
Solution:
This problem is corrected in this release.
4.6.7 Addition of "." to a filename
Problem:
When using FTP or $ COPY /FTP to transfer files from an OpenVMS system to a UNIX system, the FTP client adds a "." character to a filename without extension.
Solution:
This problem is corrected in this release.
4.6.8 USER command in a session that is already logged in
Problem:
The FTP server, upon receiving a USER command in a session that is already logged in, failed to return a proper error, leading to a hang.
Solution:
A message similar to the following is displayed:
"503 User SMITH, is already logged in" |
and the problem is fixed.
4.6.9 Construction of wildcarded filenames
Problem:
The FTP client does not properly construct wildcarded filenames. COPY /FTP TEST.EXE_OLD nodename"username password"::*.EXE creates a file named "_.EXE" on the remote system. Also, COPY /FTP TEST.EXE_OLD nodename"username password"::FILE.* creates a file named "FILE._" on the remote system.
Solution:
The FTP client properly constructs the wildcarded filenames.
4.6.10 "expanded" rooted logical name syntax
Problem:
FTP does not understand the "expanded" rooted logical name syntax.
Solution:
This problem is corrected in this release.
4.6.11 FTP server terminates when there are many connections and disconnections
Problem:
The FTP server terminates with an ACCVIO error when there are many connections and disconnections. The FTP server also displays an error message that is similar to the following:
session connection from 127.124.172.114 at 11-JAN-2007 18:42:08.42 %SYSTEM-F-NOSLOT, no PCB available %TCPIP-E-FTP_CREPRC, failed to create a child process |
Solution:
This problem is corrected in this release.
4.6.12 DIRECTORY /FTP command fails to return failure status
Problem:
The DIRECTORY /FTP command fails to return a failure status, even when the target file does not exist.
Solution:
This problem is corrected in this release.
4.6.13 Entries made in TCPIP$ETC:IPNODES.DAT are not read
Problem:
Entries made in the TCPIP$ETC:IPNODES.DAT file are not read by the FTP client.
Solution:
This problem is corrected in this release.
4.6.14 FTP client echoes the keyboard input associated with ACCT
Problem:
The OpenVMS FTP client echoes the keyboard input associated with the Account (ACCT) command. Because, some FTP servers use the "account" as a secondary password, which raised security concerns.
Solution:
This problem is corrected in this release.
4.6.15 GET /FDL and COPY /FTP/FDL commands may fail
Problem:
Because of a non existent owner on the destination system, the GET /FDL and COPY /FTP/FDL commands may fail. The original owner must be omitted or ignored.
Solution:
This problem is corrected in this release.
| Previous | Next | Contents |