ASSERTION ERRORS IN TCPIP LEAD TO SSL FAILURES
APAR Identifier ...... PI30359 Last Changed ........ 15/02/16
ASSERTION ERRORS IN TCPIP LEAD TO SSL FAILURES
Symptom ...... IN INCORROUT Status ........... CLOSED PER
Severity ................... 2 Date Closed ......... 14/12/17
Component .......... 5735FAL00 Duplicate of ........
Reported Release ......... 630 Fixed Release ............ 999
Component Name TCP/IP V2 FOR V Special Notice
Current Target Date .. Flags
SCP ...................
Platform ............
Status Detail: SHIPMENT - Packaged solution is available for
shipment.
PE PTF List:
PTF List:
Release 540 : UI24260 available 15/01/07 (1501 )
Release 620 : UI24025 available 15/01/07 (1000 )
Release 630 : UI24026 available 15/01/07 (1501 )
Parent APAR:
Child APAR list:
ERROR DESCRIPTION:
The TCP/IP stack is hitting assertion errors such as the
following during its handling of incoming SSL connections:
.
AMPX036I ASSERTION FAILURE CHECKING ERROR
TRACE BACK OF CALLED ROUTINES
ROUTINE STMT AT ADDRESS IN MODULE
DOCONNECTIONSTATECHANGED 46 00DDEA50 SOCKREQ
SSKNOTICE 54 00DDF31E SOCKREQ
FASTNOTIFY 11 00D06D96 TCPUP
SWORKON 75 00D094E0 TCPUP
UpToTcp 3318 00E10A40
UpToIp 1112 00E0F7B6
QdioUnpa 1444 00E1CC92
QDIO_Pol 334 00E1C158
Schedule 802 00CD0A14
<MAIN-PROGRAM> 14 00C0B1FE TCPIP
VSPASCAL 00E4722A
.
AMPX036I ASSERTION FAILURE CHECKING ERROR
TRACE BACK OF CALLED ROUTINES
ROUTINE STMT AT ADDRESS IN MODULE
REMOVFRTCB 11 00CBFF80 TCQUEUE_QU
DOCONNECTIONSTATECHANGED 40 00DDE9AE SOCKREQ
SSKNOTICE 54 00DDF31E SOCKREQ
FindAndS 88 00E124D2
Notify 168 00E12726
Schedule 2082 00CD0F14
<MAIN-PROGRAM> 14 00C0B1FE TCPIP
VSPASCAL 00E4722A
.
These assertions are due to invalid data in the TCB structure
and may eventually lead to abends in the TCP/IP stack or loss
of SSL connectivity.
LOCAL FIX:
PROBLEM SUMMARY:
****************************************************************
* USERS AFFECTED: All users of the z/VM TCP/IP SSL (Secure *
* Socket Layer) server *
****************************************************************
* PROBLEM DESCRIPTION: *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
The TCP/IP stack is hitting assertion errors such as the
following during its handling of incoming SSL connections:
.
AMPX036I ASSERTION FAILURE CHECKING ERROR
TRACE BACK OF CALLED ROUTINES
ROUTINE STMT AT ADDRESS IN MODULE
DOCONNECTIONSTATECHANGED 46 00DDEA50 SOCKREQ
SSKNOTICE 54 00DDF31E SOCKREQ
FASTNOTIFY 11 00D06D96 TCPUP
SWORKON 75 00D094E0 TCPUP
UpToTcp 3318 00E10A40
UpToIp 1112 00E0F7B6
QdioUnpa 1444 00E1CC92
QDIO_Pol 334 00E1C158
Schedule 802 00CD0A14
<MAIN-PROGRAM> 14 00C0B1FE TCPIP
VSPASCAL 00E4722A
.
AMPX036I ASSERTION FAILURE CHECKING ERROR
TRACE BACK OF CALLED ROUTINES
ROUTINE STMT AT ADDRESS IN MODULE
REMOVFRTCB 11 00CBFF80 TCQUEUE_QU
DOCONNECTIONSTATECHANGED 40 00DDE9AE SOCKREQ
SSKNOTICE 54 00DDF31E SOCKREQ
FindAndS 88 00E124D2
Notify 168 00E12726
Schedule 2082 00CD0F14
<MAIN-PROGRAM> 14 00C0B1FE TCPIP
VSPASCAL 00E4722A
.
These assertions are due to invalid data in the TCB structure
and may eventually lead to abends in the TCP/IP stack or loss
of SSL connectivity.
PROBLEM CONCLUSION:
In part TCQUEUE PASCAL, the ReuseTCB routine (which prepares
a TCB for re-use, by cleaning up appropriate fields) has been
updated in order to set PrevFrustrated and NextFrustrated
(that are later reused) to be nil. If the code finds there
is data in the PrevFrustrated and NextFrustrated, which means
the TCB is in a queue, it will remove the TCB from the queue
decrease the queue size by 1.
.
In part T6PSSL and TCPSSL PASCAL, both the VSkSslAcc and
SkSslAcc routine (which handles accept processing) have been
updated in order to handle TCB error. The code will now detect
that whether the TCB got from the accept queue is nil. If nil,
it means there is no TCB in the accept queue to handle the
secure connection, the code will then fail the connection
attempt. With these updates, the code will also display one of
two new error messages (documented below) to the TCPIP console
log any time this error occurs.
.
---------------------------------------------------------------
.
The two new error messages will be documented on page 510 in
Chapter 18 (TCP/IP Server Messages), Section 18.2 (Numbered
Messages) of the TCP/IP Messages and Codes manual (GC24-6237-06)
as follows:
.
DTCSSL059E SkSslAcc: TCB is nil, connection will be rejected
.
EXPLANATION: An error occurred while TCP/IP was trying to
accept a secure connection due to there is
no TCB in the accept queue.
.
SYSTEM ACTION: TCP/IP fails the connection attempt. TCP/IP
continues.
.
SYSTEM PROGRAMMER RESPONSE: None.
-------------------------------------------------------------
DTCSSL060E VSkSslAcc: TCB is nil, connection will be rejected
.
EXPLANATION: An error occurred while TCP/IP was trying to
accept a secure connection due to there is
no TCB in the accept queue.
.
SYSTEM ACTION: TCP/IP fails the connection attempt. TCP/IP
continues.
.
SYSTEM PROGRAMMER RESPONSE: None.
TEMPORARY FIX:
COMMENTS:
MODULES/MACROS: MSTCP TCPSSL TCQUEUE T6PSSL
SRLS: GC24623706
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER: