IBM Support

PQ95774: TCP LAYER SENDS PACKET WITH BOTH SYN AND RST FLAGS ON WHEN CONNECTION ESTABLISHMENT TIMEOUT OCCURS

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as unreproducible.

Error description

  • FINREVERSAL of apar pq70634....See apar pq70634 for problem
    description details
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of the IBM Communications Server   *
    *                 for z/OS Version 1 Release 4 & 5 IP          *
    ****************************************************************
    * PROBLEM DESCRIPTION: Outbound TCP packets have the SYN and   *
    *                      RST flags on in the same packet.        *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The TCP layer will determine a connection should be reset and
    builds an outbound packet with the RST flag set on.  The SYN and
    FIN flags from the previous outbound packet on the connection
    will remain unchanged.  This may result in SYN/RST or FIN/RST
    flag combination being on in the packet.  The flag combination
    is not a violation of the TCP protocol.
    There are several references on the Internet that indicate the
    flag combination may be an attempt at intrusion and should thus
    be discarded.
    +-------------------------------------------------------------+
    + Please check our Communications Server for OS/390 homepages +
    + for common networking tips and fixes.  The URL for these    +
    + homepages can be found in Informational APAR II11334.       +
    +-------------------------------------------------------------+
    

Problem conclusion

Temporary fix

Comments

  • Routine TCSNDINT has been amended to explicitly turn off the
    SYN and FIN flags when setting RST.
    

APAR Information

  • APAR number

    PQ95774

  • Reported component name

    TCP/IP V3 MVS

  • Reported component ID

    5655HAL00

  • Reported release

    140

  • Status

    CLOSED UR3

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2004-10-15

  • Closed date

    2004-11-16

  • Last modified date

    2005-03-02

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UQ95144 UQ95145 PK01910

Modules/Macros

  • EZBTCFWR EZBTCSND TCSNDINT
    

Fix information

  • Fixed component name

    TCP/IP V3 MVS

  • Fixed component ID

    5655HAL00

Applicable component levels

  • R140 PSY UQ95144

       UP04/12/16 P F412

  • R150 PSY UQ95145

       UP04/12/16 P F412

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"140","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"140","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
02 March 2005