A fix is available
APAR status
Closed as program error.
Error description
A system crash can occur when loading and unloading ipfilter and ipsec: 1) /usr/lib/methods/cfg_ipf -l ## load ipfilter 2) mkdev -l ipsec_v4 ## load ipsec 3) rmdev -l ipsec_v4 ## unload ipsec ==> sets ip_fltr_in_hook to NULL 4) /usr/lib/methods/cfg_ipf -u ## unload ipfilter ==> crash Its also possible to get ipsec into a permanent EBUSY condition requiring reboot to clear using the following sequence: 1) mkdev -l ipsec_v4 ## load ipsec 2) /usr/lib/methods/cfg_ipf -l ## load ipfilter 3) /usr/lib/methods/cfg_ipf -u ## unload ipfilter sets ip_fltr_in_hook 4) rmdev -l ipsec_v4 ## unload ipsec ==> fails EBUSY No warning is issued to prevent admin from combining incompatible filter extensions.
Local fix
If the ipfilter (ipfl.rte) software is not used it can be removed to help prevent this issue.
Problem summary
LOADING IPSEC AND IPFILTER CAN CRASH SYSTEM
Problem conclusion
Modified ipsec code to avoid loading if some other filter already has the hooks
Temporary fix
Comments
7200-05 - use AIX APAR IJ27370
APAR Information
APAR number
IJ27370
Reported component name
AIX V7.2
Reported component ID
5765CD200
Reported release
720
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Submitted date
2020-08-31
Closed date
2020-08-31
Last modified date
2020-11-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
AIX V7.2
Fixed component ID
5765CD200
Applicable component levels
R720 PSY U885585
UP20/11/04 I 1000
PTF to Fileset Mapping
U885585 bos.net.ipsec.rte 7.2.5.0
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSVEF8","label":"AIX 7.2 Enterprise Edition"},"Platform":[{"code":"PF053","label":"Power Systems"}],"Version":"720","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}]
Document Information
Modified date:
09 March 2021