IBM Support

PI55788: ENHANCEMENT TO HELP PREVENT "GETHOSTBYNAME" TCP/IP CALL FAILURES DUE TO MISSING DNS TABLE ENTRIES

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as new function.

Error description

  • IBM Security Guardium S-TAP for IMS on z/OS Version 10 uses
TCP/IP as an INTRA and INTER host communication path between
IMS STAP address spaces.  Information that is passed along this
communications channel includes Collection Policy details and
address space status updates.

The TCP/IP address to be used is determined by obtaining the
LPAR name from the CVTSNAME field found in the z/OS System CVT
control block.

The LPAR name is used as input to a z/OS TCP/IP "gethostbyname"
service call which obtains the IP address associated with the
LPAR name from the system DNS resolver table.
Using this IP address and communications port, the Agent
address space builds and opens a socket.  The IP address and
port information are stored in an XCF structure and are made
available to all LPARS that participate in the Sysplex.  When
subordinate address spaces (AUIL, AUIF, AUIU) start, they
access the XCF structure and extract the IP and port
information.  These subordinate address spaces then use the
extracted data to establish a connection back to the Agent
address space.

This process relies on the DNS Resolver table containing
entries pointing the LPAR names (as defined in the CVTSNAME
field) to physical IP addresses.
If these DNS Resolver table entries do not exist, when the IMS
STAP address spaces attempt to obtain the IP address using the
"gethostbyname" service, the service will fail and as there is
no IP address available, communications cannot occur and the
IMS STAP address spaces will issue appropriate error messages
and terminate.

A variation of the problem involves the user of Dynamic Virtual
IP Addressing (VIPA).
This TCP/IP service allows a customer to associate multiple IP
addresses to a "host name".
There are some users of this service who also use a VIPA token
that is different than the LPAR name as the host identifier.
The use of this token as the search key when determining the IP
address, precludes the use of the CVTSNAME value.

Local fix

  • N/A

Problem summary

  • ****************************************************************
* USERS AFFECTED: All users of STAP for IMS V10.0.             *
****************************************************************
* PROBLEM DESCRIPTION: IBM Security Guardium S-TAP for IMS on  *
*                      z/OS Version 10 uses TCP/IP as an       *
*                      INTRA and INTER host communication path *
*                      between IMS STAP address spaces.        *
*                      Information that is passed along this   *
*                      communications channel includes         *
*                      Collection Policy details and address   *
*                      space status updates.                   *
*                      The TCP/IP address to be used is        *
*                      determined by obtaining the LPAR name   *
*                      from the CVTSNAME field found in the    *
*                      z/OS System CVT control block.          *
*                      The LPAR name is used as input to a     *
*                      z/OS TCP/IP gethostbyname service       *
*                      call which obtains the IP address       *
*                      associated with the LPAR name from the  *
*                      system DNS resolver table. Using this   *
*                      IP address and communications port,     *
*                      the Agent address space builds and      *
*                      opens a socket. The IP address and      *
*                      port information are stored in an XCF   *
*                      structure and are made available to all *
*                      LPARS that participate in the Sysplex.  *
*                      When subordinate address spaces (AUIL,  *
*                      AUIF, AUIU) start, they access the XCF  *
*                      structure and extract the IP and port   *
*                      information. These subordinate address  *
*                      spaces then use the extracted data to   *
*                      establish a connection back to the      *
*                      Agent address space.                    *
*                                                              *
*                      This process relies on the DNS Resolver *
*                      table containing entries pointing the   *
*                      LPAR names (as defined in the CVTSNAME  *
*                      field) to physical IP addresses.        *
*                      If these DNS Resolver table entries do  *
*                      not exist, when the IMS STAP address    *
*                      spaces attempt to obtain the IP address *
*                      using the gethostbyname service, the    *
*                      service will fail and as there is no IP *
*                      address available, communications       *
*                      cannot occur and the IMS STAP address   *
*                      spaces will issue appropriate error     *
*                      messages and terminate.                 *
*                                                              *
*                      A variation of the problem involves the *
*                      user of Dynamic Virtual IP Addressing   *
*                      (VIPA). This TCP/IP service allows a    *
*                      customer to associate multiple IP       *
*                      addresses to a host name. There are     *
*                      some users of this service who also use *
*                      a VIPA token that is different than the *
*                      LPAR name as the host identifier. The   *
*                      use of this token as the search key     *
*                      when determining the IP address,        *
*                      precludes the use of the CVTSNAME       *
*                      value.                                  *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Apply the provided ptf.

Problem conclusion

  • 



Temporary fix


    

  • 



Comments


    

  • The solution is to provide a method of allowing the customer to
manually associate the LPAR name found in the z/OS CVTSNAME
with the name the site uses in their DNS table.
We will then use that alternate name as input to the
gethostbyname call in order to obtain the relevant IP address.

The method we will use is the optional addition of an AUIHOST
DD statement to be included in the AGENT task address space
JCLs. The AUIHOST file must be included in all IMS STAP
address space JCLs.

    



APAR Information




    

  • APAR number
    PI55788
    • 

  • Reported component name
    SEC GUAR STAP I
    • 

  • Reported component ID
    5655STM00
    • 

  • Reported release
    A00
    • 

  • Status
    CLOSED  UR1
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-01-20
    • 

  • Closed date
    2016-04-04
    • 

  • Last modified date
    2016-05-04
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI36750
    

    • 



Modules/Macros


    

  • AUIAAACM AUIAATUP AUIAAUGT AUIAAUTP AUIACBIM AUIACLMI AUIACSUI
AUIADBRD AUIADDLI AUIADORD AUIADT@  AUIAGAIF AUIAGCCH AUIAGDSC
AUIAGPHN AUIAGQHN AUIAGUDC AUIAMMST AUIAPLMT AUIAPTLG AUICHKPT
AUIFAGTF AUIFASMM AUIFDT@  AUIFHRDR AUIFSMF  AUIGAADM AUIGADT@
AUIGAPAD AUIGAPD@ AUIGAPRX AUIGDMIX AUIGDT@  AUIGLDT@ AUIGLNHN
AUIGLOGR AUIGPING AUIGRDT@ AUIGRLNH AUIGRSD@ AUIGRSGH AUIGRSTR
AUIGSDT@ AUIGSGHN AUIGSTRS AUIILMG  AUILAIMM AUILDT@  AUILGMSG
AUILGSMG AUILGSZP AUILIMS  AUILIMSL AUILMAIM AUILMDT@ AUILMLOG
AUILMMLG AUILMTRD AUILRRDR AUIMGENU AUIMISLG AUIPDT@  AUIPGRDM
AUIPLGHL AUISFMG  AUITAAS  AUITAGT  AUITCFG  AUITDT@  AUITLOCG
AUITLOGN AUITRCRD AUITREQ  AUITTHRD AUITTOP  AUITTREQ AUIUACSA
AUIUACSM AUIUACUT AUIUCSUT AUIUDT@  AUIUMO@  AUIUMSGS AUIURAMG
AUIURDT@ AUIURMIG AUIUSM@  AUIVIMS0 AUIYCKPT AUIYCSI  AUIYDT@
AUIZACFB AUIZACFG AUIZACPB AUIZACXB AUIZCFGF AUIZCMN  AUIZCSPB
AUIZDT@  AUIZIMSV AUIZMO@  AUIZMSGS AUIZPLIN AUIZSLSV AUIZSM@
AUIZSMAN AUIZSSPC AUIZTCFG

    



Fix information


    

  • Fixed component name
    SEC GUAR STAP I
    • 

  • Fixed component ID
    5655STM00
    • 



Applicable component levels


    

  • RA00  PSY  UI36750
       UP16/04/15  P  F604
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCJM6A","label":"IBM Security Guardium S-TAP for IMS on z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A00","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A00","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            04 May 2016
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback