IBM Support

IV51911: ISAKMPD LOOPS WITH HIGH CPU AFTER RECEIVING LARGE SCAN PACKET APPLIES TO AIX 6100-09

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When isakmpd is scanned by a port scanner with a large
    packet it will start looping with this message in the
    log:
    isakmpd: The time is : Wed Sep 11 10:31:53 2013
    isakmpd: simple_isakmp_ureq::get_channel_mask():mask is
    0x00000000000000000000000000000800.
    isakmpd: The value of tbit is
    0x00000000000000000000000000100000
    isakmpd: event_capture::capture():net event(s).
    isakmpd: isakmp_buf::realloc(int sz):"new char[sz]"
    failed.
    isakmpd:
    isakmp_simple_net::recv_msg(channel):msgbuf->realloc()
    failed.
    isakmpd: isakmp_anchor::deliver_events():net->recv_msg()
    failed on channel 20.
    

Local fix

  • There is no workaround on AIX.  The only workaround is to
    not run the scan.
    

Problem summary

  • When isakmpd is scanned by a port scanner with a large
    packet it will start looping with high CPU usage. If syslog
    is configured ,we can see the repeated instance of
    msgbuf->realloc() failed.
    

Problem conclusion

  • Fixed isakmpd daemon code to take care of such situations and
    not hang.
    

Temporary fix

Comments

  • 6100-07 - use AIX APAR IV58344
    6100-08 - use AIX APAR IV50142
    6100-09 - use AIX APAR IV51911
    6100-09 - use AIX APAR IV51911
    6100-09 - use AIX APAR IV51911
    7100-01 - use AIX APAR IV57624
    7100-02 - use AIX APAR IV57250
    7100-03 - use AIX APAR IV51458
    

APAR Information

  • APAR number

    IV51911

  • Reported component name

    AIX 610 STD EDI

  • Reported component ID

    5765G6200

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2013-11-11

  • Closed date

    2013-11-11

  • Last modified date

    2014-08-14

  • APAR is sysrouted FROM one or more of the following:

    IV50142

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX 610 STD EDI

  • Fixed component ID

    5765G6200

Applicable component levels

  • R610 PSY U859310

       UP14/05/21 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Enterprise Edition

Software version: 610

Operating system(s): AIX

Reference #: IV51911

Modified date: 14 August 2014