PK46186: TCPHDR & IPHDR CLISTS GIVE INCORRECT OUTPUT FIN REVERSAL OF PK23708

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • FIN Reversal for PK23708
    ERROR DESCRIPTION:
    1) TCPHDR sometimes goes beyond the end of the TCP header,
    seeing options where none exist;
    2) TCPHDR parses the single-octet options NOOP and EOL as if
    they contained a length byte;
    3) TCPHDR reports the SACK-permitted option as "Compartment".
    ----------------------------------------------------------------
    Here is a raw IPCS LIST of a TCP header at ADDRESS(27B5FAD8.),
    showing
    the two bytes which follow:
     ASID(X'0055') ADDRESS(27B5FAD8.) KEY(88)
     27B5FAD8.                   01BB855C 7F6A0C4F
     27B5FAE0. AC07AD75 60128000 A0120000 020405B4
     27B5FAF0. 0096
    Here is the TCPHDR interpretation of the same header:
     TCPHDR 27B5FAD8
     TCP Header at 27B5FAD8
      27B5FAD8  01BB855C  7F6A0C4F  AC07AD75  60128000
         +0010  A0120000  020405B4
       Source Port         : 443
       Destination Port    : 34140
       Sequence Number     : 2,137,656,399
       Ack Number          : 2,886,184,309
       Header Length       : 24
       Flags               : Ack Syn
       Window Size         : 32768
       Checksum            : A012
       Urgent Data Pointer : 0000
       Option              : MSS          4 5B4
    Option : EOL 150 920010 00000004 BEAB0333 (...)
    The header ends with the MSS option, but TCPHDR option
    processing goes beyond this, processing the two following bytes
    (x'0096') as if it were an EOL option. Moreover, though EOL is
    defined as a single octet, the second byte (x'96') is
    apparently taken to be the option length, 150.
    ----------------------------------------------------------------
    This is a malformed TCP SYN segment with an invaild option byte
    at +001B containing x'48'. TCPHDR appears to interpret the
    x'48' as the length of the NOOP at offset +001A. But NOOP is
    defined with no length.  Properly parsed, this segment contains
    three NOOP options starting at offset +0018, and then an
    invalid option x'48'.
     TCPHDR 27B5F9A4
     TCP Header at 27B5F9A4
      27B5F9A4  855C01BB  AC07AD74  9BCA01BC  7002FC00
         +0010  FD9E0000  02040564  01010148
       Source Port         : 34140
       Destination Port    : 443
       Sequence Number     : 2,886,184,308
       Ack Number          : 2,613,707,196
       Header Length       : 28
       Flags               : Syn
       Window Size         : 64512
       Checksum            : FD9E
       Urgent Data Pointer : 0000
       Option              : MSS          4 564
       Option              : NOOP         1
       Option              : NOOP         72 9A009A 00100000
    0004BEAB...
       Option              : EOL          0
    ----------------------------------------------------------------
    Here is a TCP header containing the SACK-permitted option.
    TCPHDR reports this as "Compartment":
    TCPHDR 27B5FA3E
    TCP Header at 27B5FA3E
     27B5FA3E  855C01BB  AC07AD74  9BCA01BC  7002FC00
        +0010  FD9E0000  02040564  01010402
      Source Port         : 34140
      Destination Port    : 443
      Sequence Number     : 2,886,184,308
      Ack Number          : 2,613,707,196
      Header Length       : 28
      Flags               : Syn
      Window Size         : 64512
      Checksum            : FD9E
      Urgent Data Pointer : 0000
      Option              : MSS          4 564
      Option              : NOOP         1
      Option              : Compartment  2
      Option              : EOL          154 960010 00000004
    BEAB0333 ...
    ----------------------------------------------------------------
    IPHDR issue:
    IPHDR 27B5F990
    
    IP Header: 27B5F990
     IpHeader: Version : 4                Header Length: 20
      Tos              : 00               QOS: Routine Normal Serv
      Packet Length    : 48               ID Number: 4880
      Fragment         : DontFragment     Offset: 0
      TTL              : 119              Protocol: TCP
      Source           : 192.147.222.2
      Destination      : 199.165.165.121
    
     TCP
      Source Port      : 34140 ()         Destination Port: 443
      Sequence Number  : 2886184308       Ack Number: 2613707196
      Header Length    : 28               Flags: Syn
      Window Size      : 64512            CheckSum: FD9E 0000 Urge
       Option          : Max Seg Size Len: 4 MSS: 1380
       Option          : NOP
       Option          : NOP
       Option          : NOP
       Option          : Unknown: Len: 0 Value: 0P9A009A00
    
    IP Header          : 20
    000000 45000030 48804000 7706AF92 C093DE02  C7A5A579
    
    Protocol Header    : 28
    000000 855C01BB AC07AD74 9BCA01BC 7002FC00  FD9E0000 02040564
    
    Data               : 88     Data Length: 0
    000000 009A009A 00100000 0004BEAB 0333F709 |..............7. .
    000010 07820058 00002700 0030C5E3 C8F14040 |.b........ETH1   .
    000020 40404040 40404040 4040BEAB 0333F709 |          ....7. @
    000030 02C20000 00000000 00000000 FFFEC093 |.B.............l .
    000040 DE020000 00000000 00000000 FFFEC7A5 |..............Gv .
    000050 A579855C 01BB0017                   |v`e*....         .
    ****************************** END OF DATA ***************
    
    Note that the header formatting prints "Packet Length: 48" and
    the data formatting prints "Data Length: 0", yet for some
    reason it prints 88 bytes of none related data following the
    packet.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of the IBM Communications Server   *
    *                 for z/OS Version 1 Release 9 IP : IPCS       *
    ****************************************************************
    * PROBLEM DESCRIPTION: The IPHDR and TCPHDR IPCS subcommands   *
    *                      were not formatting the IP header and   *
    *                      TCP header correctly.                   *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The IPHDR and TCPHDR commands were not using the length of
    the headers to control the amount of IP options and TCP
    options fields formatted.
    +-------------------------------------------------------------+
    + Please check our Communications Server for OS/390 homepages +
    + for common networking tips and fixes.  The URL for these    +
    + homepages can be found in Informational APAR II11334.       +
    +-------------------------------------------------------------+
    

Problem conclusion

  • The IPHDR and TCPHDR IPCS subcommands are amended to use the
    header length to correctly format the headers.
    
    * Cross Reference between External and Internal Names
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK46186

  • Reported component name

    TCP/IP V3 MVS

  • Reported component ID

    5655HAL00

  • Reported release

    190

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2007-05-31

  • Closed date

    2007-06-04

  • Last modified date

    2007-08-03

  • APAR is sysrouted FROM one or more of the following:

    PK40598

  • APAR is sysrouted TO one or more of the following:

    UK25776

Modules/Macros

  • EZBDGIHD EZBDGTHD EZBPTENC EZBPTFIP HIP6190J
    

Fix information

  • Fixed component name

    TCP/IP V3 MVS

  • Fixed component ID

    5655HAL00

Applicable component levels

  • R190 PSY UK25776

       UP07/07/06 P F707

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.



Rate this page:

(0 users)Average rating

Document information


More support for:

z/OS family

Software version:

190

Operating system(s):

z/OS

Reference #:

PK46186

Modified date:

2007-08-03

Translate my page

Machine Translation

Content navigation