PK23708: TCPHDR & IPHDR CLISTS GIVE INCORRECT OUTPUT

APAR status

Closed as fixed if next.

Error description

PROBLEM CONCLUSION:
This APAR is fixed in HIP6170 and HIP6180 by APAR PK40598.


1) TCPHDR sometimes goes beyond the end of the TCP header,
seeing options where none exist;
2) TCPHDR parses the single-octet options NOOP and EOL as if
they contained a length byte;
3) TCPHDR reports the SACK-permitted option as "Compartment".
----------------------------------------------------------------
Here is a raw IPCS LIST of a TCP header at ADDRESS(27B5FAD8.),
showing
the two bytes which follow:
 ASID(X'0055') ADDRESS(27B5FAD8.) KEY(88)
 27B5FAD8.                   01BB855C 7F6A0C4F
 27B5FAE0. AC07AD75 60128000 A0120000 020405B4
 27B5FAF0. 0096
Here is the TCPHDR interpretation of the same header:
 TCPHDR 27B5FAD8
 TCP Header at 27B5FAD8
  27B5FAD8  01BB855C  7F6A0C4F  AC07AD75  60128000
     +0010  A0120000  020405B4
   Source Port         : 443
   Destination Port    : 34140
   Sequence Number     : 2,137,656,399
   Ack Number          : 2,886,184,309
   Header Length       : 24
   Flags               : Ack Syn
   Window Size         : 32768
   Checksum            : A012
   Urgent Data Pointer : 0000
   Option              : MSS          4 5B4
Option : EOL 150 920010 00000004 BEAB0333 (...)
The header ends with the MSS option, but TCPHDR option
processing goes beyond this, processing the two following bytes
(x'0096') as if it were an EOL option. Moreover, though EOL is
defined as a single octet, the second byte (x'96') is
apparently taken to be the option length, 150.
----------------------------------------------------------------
This is a malformed TCP SYN segment with an invaild option byte
at +001B containing x'48'. TCPHDR appears to interpret the
x'48' as the length of the NOOP at offset +001A. But NOOP is
defined with no length.  Properly parsed, this segment contains
three NOOP options starting at offset +0018, and then an
invalid option x'48'.
 TCPHDR 27B5F9A4
 TCP Header at 27B5F9A4
  27B5F9A4  855C01BB  AC07AD74  9BCA01BC  7002FC00
     +0010  FD9E0000  02040564  01010148
   Source Port         : 34140
   Destination Port    : 443
   Sequence Number     : 2,886,184,308
   Ack Number          : 2,613,707,196
   Header Length       : 28
   Flags               : Syn
   Window Size         : 64512
   Checksum            : FD9E
   Urgent Data Pointer : 0000
   Option              : MSS          4 564
   Option              : NOOP         1
   Option              : NOOP         72 9A009A 00100000
0004BEAB...
   Option              : EOL          0
----------------------------------------------------------------
Here is a TCP header containing the SACK-permitted option.
TCPHDR reports this as "Compartment":
TCPHDR 27B5FA3E
TCP Header at 27B5FA3E
 27B5FA3E  855C01BB  AC07AD74  9BCA01BC  7002FC00
    +0010  FD9E0000  02040564  01010402
  Source Port         : 34140
  Destination Port    : 443
  Sequence Number     : 2,886,184,308
  Ack Number          : 2,613,707,196
  Header Length       : 28
  Flags               : Syn
  Window Size         : 64512
  Checksum            : FD9E
  Urgent Data Pointer : 0000
  Option              : MSS          4 564
  Option              : NOOP         1
  Option              : Compartment  2
  Option              : EOL          154 960010 00000004
BEAB0333 ...
----------------------------------------------------------------
IPHDR issue:
IPHDR 27B5F990

IP Header: 27B5F990
 IpHeader: Version : 4                Header Length: 20
  Tos              : 00               QOS: Routine Normal Serv
  Packet Length    : 48               ID Number: 4880
  Fragment         : DontFragment     Offset: 0
  TTL              : 119              Protocol: TCP
  Source           : 192.147.222.2
  Destination      : 199.165.165.121

 TCP
  Source Port      : 34140 ()         Destination Port: 443
  Sequence Number  : 2886184308       Ack Number: 2613707196
  Header Length    : 28               Flags: Syn
  Window Size      : 64512            CheckSum: FD9E 0000 Urge
   Option          : Max Seg Size Len: 4 MSS: 1380
   Option          : NOP
   Option          : NOP
   Option          : NOP
   Option          : Unknown: Len: 0 Value: 0P9A009A00

IP Header          : 20
000000 45000030 48804000 7706AF92 C093DE02  C7A5A579

Protocol Header    : 28
000000 855C01BB AC07AD74 9BCA01BC 7002FC00  FD9E0000 02040564

Data               : 88     Data Length: 0
000000 009A009A 00100000 0004BEAB 0333F709 |..............7. .
000010 07820058 00002700 0030C5E3 C8F14040 |.b........ETH1   .
000020 40404040 40404040 4040BEAB 0333F709 |          ....7. @
000030 02C20000 00000000 00000000 FFFEC093 |.B.............l .
000040 DE020000 00000000 00000000 FFFEC7A5 |..............Gv .
000050 A579855C 01BB0017                   |v`e*....         .
****************************** END OF DATA ***************

Note that the header formatting prints "Packet Length: 48" and
the data formatting prints "Data Length: 0", yet for some
reason it prints 88 bytes of none related data following the
packet.

---

Local fix

Problem summary

****************************************************************
* USERS AFFECTED: All users of the IBM Communications Server   *
*                 for z/OS Version 1 Release 7 IP: IPCS        *
****************************************************************
* PROBLEM DESCRIPTION: The IPCS commands IPHDR and TCPHDR      *
*                      create incorrect output.                *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The length of the IP and TCP data buffers are correctly used and
attempt to format beyond the end of the headers.
+-------------------------------------------------------------+
+ Please check our Communications Server for OS/390 homepages +
+ for common networking tips and fixes.  The URL for these    +
+ homepages can be found in Informational APAR II11334.       +
+-------------------------------------------------------------+

Problem conclusion

Temporary fix

Comments

This APAR is being closed FIN (Fixed If Next) with concurrence
from the submitting customer. This means that a fix to this
APAR is expected to be delivered from IBM in a release (if any)
to be available within the next 24 months.

This problem will be tracked as Feature F137500
by Communications Server for z/OS Development.

APAR Information

APAR number
PK23708
Reported component name
TCP/IP V3 MVS
Reported component ID
5655HAL00
Reported release
170
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2006-04-20
Closed date
2006-04-24
Last modified date
2007-03-06

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

R170 PSN
UP

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"170","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"170","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
06 March 2007

Tips

PK23708: TCPHDR & IPHDR CLISTS GIVE INCORRECT OUTPUT

Subscribe

APAR status

Closed as fixed if next.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Applicable component levels

R170 PSN

Document Information

Share your feedback

Need support?