A fix is available
APAR status
Closed as program error.
Error description
When a secure connection is closed, there is a possibility that a TCB (connection structure) with FIN-WAIT-2 status will not be released and will stay around forever until TCPIP is restarted. The problem occurs when TCPIP has already sent a FIN packet to close out the connection, but it never receives the FIN packet back from the peer, which results in the connection never being fully closed.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of the z/VM TCP/IP * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** When a secure connection is closed, there is a possibility that a TCB (connection structure) with FIN-WAIT-2 status will not be released and will stay around forever until TCPIP is restarted. The problem occurs when TCPIP has already sent a FIN packet to close out the connection, but it never receives the FIN packet back from the peer, which results in the connection never being fully closed.
Problem conclusion
When a secure connection is established, there are three connection blocks (TCBs) that are used. One is the network facing TCB and the other two are used for the connections between the SSL server and TCP/IP. The code has been updated so that each of the non-network facing TCBs are updated to store the address of the TCB for the other half of the connection thus allowing both halves to be closed together. The specific updates are as follows: TCBASTY and TCTCB: TcbType is updated to use SslOtherCn to store the TCB address for the other half of the connection. TCPSSL and T6PSSL: When connecting a SOCKE_SSL socket, each of the TCBs will be updated to store the other's address. This will allow both sides of the connection to be found. TCPUP: When a reset request is received for a secure connection, ensure that the other half of connection is also closed in order to release the whole connection. TCMON: When dealing with the TCB information, if SslOtherCn is not nil, then get the ConnectionName and pass it to the caller in the SslOtherCn field instead of the pointer to the TCB.
Temporary fix
Comments
×**** PE17/06/27 FIX IN ERROR. SEE APAR PI83658 FOR DESCRIPTION
APAR Information
APAR number
PI73495
Reported component name
TCP/IP V2 FOR V
Reported component ID
5735FAL00
Reported release
630
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-12-08
Closed date
2017-02-09
Last modified date
2017-09-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI44533 UI44534 UI44535 UI44561
Modules/Macros
CMNETST TCBASTY TCMON TCPSSL TCPUP TCTCB T6PSSL
Fix information
Fixed component name
TCP/IP V2 FOR V
Fixed component ID
5735FAL00
Applicable component levels
R540 PSY UI44561
UP17/02/10 I 1000
R620 PSY UI44533
UP17/02/10 I 1000
R630 PSY UI44534
UP17/02/10 I 1000
R640 PSY UI44535
UP17/02/10 P 1701
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27N","label":"APARs - VM\/ESA environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27M","label":"APARs - z\/VM environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"630","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}}]
Document Information
Modified date:
26 September 2017