IBM Support

PM90145: NEED ABILITY TO DISABLE EPRT/EPSV FOR IPV4 FTP CONNECTIONS

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • As of release 6.2.0, when the z/VM FTP client is connected to
an IPv4 foreign host and a command is issued that requires data
transfer, the client attempts first to issue an EPRT command to
the FTP server at the foreign host.  If the foreign host does
notsupport that command, the client reverts back to issuing a
PORT command.  There are some firewalls that do not support the
EPRT command and once the EPRT command has failed, the PORT
command is also blocked.  This APAR is being taken in order to
allow the user to disable the use of EPRT/EPSV by the z/VM FTP
client on IPv4 connections. This will cause the FTP client to
use the PORT and PASV commands as it did prior to release 6.2.0.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All users of the z/VM FTP client             *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION: APPLY PTF                                    *
****************************************************************
As of release 6.2.0, when the z/VM FTP client is connected to
an IPv4 foreign host and a command is issued that requires data
transfer, the client attempts first to issue an EPRT command to
the FTP server at the foreign host.  If the foreign host does
not support that command, the client reverts back to issuing a
PORT command.  There are some firewalls that do not support the
EPRT command and once the EPRT command has failed, the PORT
command is also blocked.  This APAR is being taken in order to
allow the user to disable the use of EPRT/EPSV by the z/VM FTP
client on IPv4 connections. This will cause the FTP client to
use the PORT and PASV commands as it did prior to release 6.2.0.

    



Problem conclusion


    

  • Procudure DoLocSite() in part FTBVMSUB PASCAL was updated to add
new EPSV4 and NOEPSV4 options on the LOCSITE FTP subcommand
which allow the FTP client to enable/disable use of EPRT/EPSV.
.
In order to support 'EPSV4 TRUE/FALSE' statement in FTP DATA
file, prodecure ReadVMFtpData() in part FTCVMSUB PASCAL is
updated to enable/disable the use of EPRT/EPSV.
.
FTMAIN PASCAL file is updated to set the default value of
EPSV/EPRT, and FTPROCS PASCAL file is also updated to control
the status of EPSV/EPRT during a connection.
.
New variables were added in FTPUSER COPY file to reflect the
status of EPSV/EPRT.
.
LOCSITE HELPFTP file is updated to illustrate the new LOCSITE
options.
.
FTP $SDATA file is updated to describe how to configure EPSV4
statement in FTP DATA file.
.

The following documentation needs to be updated.

---------------------------------------------------------------
.
A new FTP Client Unnumbered Message will be documented on page
45 in Chapter 2 (FTP Messages), Section 2.4 (FTP Client
Unnumbered Messages) of TCP/IP Messages and Codes
(GC24-6237-03) as follows:
.
EPSV4 value <value> is not valid. Default value used.
.
Explanation: The specified value used on the EPSV4 FTP DATA
configuration file statement is not valid. The default value of
TRUE is used. Valid values are TRUE and FALSE.
.
System action: Program execution continues.
.
User response: If necessary, terminate the FTP session and
correct the EPSV4 keyword value in the FTP DATA file.
.
Module: FTBVMSUB PASCAL
.
Severity: Informational.
.
Procedure Name: ReadVMFtpData
---------------------------------------------------------------
.
New description about EPSV4 Statement will be added on page 33
in Chapter 2 (Transferring Files Using FTP), Section 2.4 (FTP
DATA file Statements) of TCP/IP User's Guide
(SC24-6240-04)  as follows:
.
EPSV4 Statement
The EPSV4 statement specifies if FTP client will use EPSV or
or EPRT command to establish the connection with the server for
data transfer.

      '---EPSV4 TRUE------------------------'
      |                                     |
 >>---.-------------------------------------.-------------><
      |                                     |
      '---EPSV4---TRUE----------------------'
                '-FALSE  -----------'

Operands
TRUE
    Specifies that the FTP client will first try to use a EPSV
    or EPRT command to establish the connection with the server
    for data  transfer. If the server rejects the EPSV or EPRT
    command, the client will then try to establish the data
    connection using the PASV or PORT command.

    Note:  If the server rejects either the EPSV or the EPRT
           command during the session, the client won't send
           EPSV or EPRT to the server again, even when EPSV4 is
           specified.

FALSE
    Specifies that the FTP client will send the server a PASV or
    PORT command establish the connection with the server for
    data transfer.

---------------------------------------------------------------
.
New description about LOCSITE EPSV4/NOEPSV4 will be added on
page 72 in Chapter 2 (Transferring Files Using FTP), Section 2.5
(FTP Subcommands) of TCP/IP User's Guide
(SC24-6240-04) as follows:
>>--LOCSIte--.-Varrecfm----------------.----------------><
             |-Fixrecfm--record_length-|
             |-CERTFullcheck-----------|
             |-CERTNocheck-------------|
             |-EPsv4-------------------|
             '-NOEPsv4-----------------'

Purpose

Use the LOCSITE subcommand to change the record format and
record length used for files created on the local host, or to
change how secure connections should be handled based
certificate verification results, or to change how the
connection should be established with the server for data
transfer.

EPsv4
    Specifies that the FTP client will first try to use a EPSV
    or EPRT command to establish the connection with the server
    for data  transfer. If the server rejects the EPSV or EPRT
    command, the client will then try to establish the data
    connection using the PASV or PORT command.

    Note:  If the server rejects either the EPSV or the EPRT
           command during the session, the client won't send
           EPSV or EPRT to the server again, even when EPSV4 is
           specified.

NOEPsv4
    Specifies that the FTP client will send the server a PASV or
    PORT command establish the connection with the server for
    data transfer.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PM90145
    • 

  • Reported component name
    TCP/IP V2 FOR V
    • 

  • Reported component ID
    5735FAL00
    • 

  • Reported release
    620
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2013-05-30
    • 

  • Closed date
    2013-07-09
    • 

  • Last modified date
    2014-05-28
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UK95709 UK95710
    

    • 



Modules/Macros


    

  • FTBVMSUB FTCVMSUB FTMAIN   FTP      FTPROCS
FTUSER   LOCSITE  MSFTPC

    




Publications Referenced


SC24624002GC24623702SC24624004GC24623703 





Fix information


    

  • Fixed component name
    TCP/IP V2 FOR V
    • 

  • Fixed component ID
    5735FAL00
    • 



Applicable component levels


    

  • R620  PSY  UK95709
       UP13/07/10  P  1302
    • 

  • R630  PSY  UK95710
       UP14/04/04  P  1401
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27N","label":"APARs - VM\/ESA environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG27M","label":"APARs - z\/VM environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"620","Edition":"","Line of Business":{"code":"LOB16","label":"Mainframe HW"}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            28 May 2014
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback