IBM Support

PI45849: ABEND0C4 ABEND4C5 742D1102 IN MODULE EZBIPOUT IPSec decapsulation failures due to undetected dead peer

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • ABEND0C4 or ABEND4C5 742D1102 in module EZBIPOUT FREEMSG with
a SKMB that had been previously freed.
Secondary symptom: IPSec decapsulation failures following the
delete of a VIPARANGE DVIPA and the add of the DVIPA to another
system.

Local fix

  • This slip can be used to circumvent the abend problem.

SL
SET,IF,ACTION=REFAFTER,RANGE=(xxxxxxxx+1012),ASID=(tcpip_asid),
REFAFTER=(13R?+A50(0),EQ,0),ID=xxxx,END

Where:  xxxxxxxx = EZBIPOUT load address

        How to find EZBIPOUT load address
        D TCPIP,tcpname,STOR,MOD=EZBIPOUT

        EZZ8456I TCPIP MODULE STORAGE
        EZBIPOUT LOADED AT xxxxxxxx IN LOAD MODULE EZBTIINI

Problem summary

  • ****************************************************************
* USERS AFFECTED:                                              *
* All users of the IBM Communications Server for z/OS Version  *
* 2 Release 1 IP                                               *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* Abend0C4 or AbendC45 in EZBIPOUT when sending data to a UDP  *
* local socket whose receive queue is full.                    *
* Secondary problem: IPSec decapsulation failures occur        *
* following the deletion of a VIPARANGE DVIPA and the addition *
* of the same DVIPA to another system.                         *
****************************************************************
* RECOMMENDATION:                                              *
* Apply PTF                                                    *
****************************************************************
When data is sent to a local UDP socket, the IP layer can be
bypassed and data can be added directly to the receive queue of
the destination socket. If the receive queue is full, the packet
is unable to bypass the IP layer processing. An error exists in
the IP layer processing used for this case in which a flag is
not initiatlized. The residual value in the flag causes an
attempt to free storage that has either already been freed or is
not ready to be freed. An Abend0C4 or AbendC45 can occur as a
result.
Secondary problem: When a tunnel exists between a static VIPA
and a VIPARANGE DVIPA on the same TCP/IP stack and the VIPARANGE
DVIPA is deleted, the tunnel is deleted for the tunnel endpoint
associated with the DVIPA but not the tunnel endpoint associated
with the static VIPA. If the DVIPARANGE DVIPA is then added to a
different TCP/IP stack, a packet that is sent from the static
VIPA to the VIPARANGE DVIPA will use the existing tunnel which
no longer has a valid peer tunnel. When the packet is sent the
IKEv2 liveness checking should detect that the peer is gone and
delete the tunnel associated with the static VIPA. A new tunnel
can then be negotiated between the IKE peers on the two TCP/IP
stacks. An error exists that keeps the liveness checking from
being done. As a result, the original TCP/IP stack continues to
use the existing tunnel to encapsulate outbound connection
requests. The new owner of the VIPARANGE DVIPA is unable to
decapsulate the packets and the connection requests fail.

Problem conclusion

  • The IP layer processing has been amended to initialize the flag.
Secondary problem: The IKEv2 liveness check processing was
amended to ensure that the IKE daemon performs the liveness
check if the last sent timestamp is greater than IKE's last
receive timestamp.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PI45849
    • 

  • Reported component name
    TCP/IP V3 MVS
    • 

  • Reported component ID
    5655HAL00
    • 

  • Reported release
    210
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    YesPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2015-07-28
    • 

  • Closed date
    2015-08-25
    • 

  • Last modified date
    2015-10-02
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI29877
    

    • 



Modules/Macros


    

  • EZBIPOUT EZAI2ISA

    



Fix information


    

  • Fixed component name
    TCP/IP V3 MVS
    • 

  • Fixed component ID
    5655HAL00
    • 



Applicable component levels


    

  • R210  PSY  UI29877
       UP15/09/11  P  F509  {
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"210","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"210","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 October 2015
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback