LARGE SECURE FTP TRANSFER BOGS DOWN AND HANGS SSL SESSIONS
APAR Identifier ...... PI68525 Last Changed ........ 17/02/01
LARGE SECURE FTP TRANSFER BOGS DOWN AND HANGS SSL SESSIONS
Symptom ...... IN INCORROUT Status ........... CLOSED PER
Severity ................... 2 Date Closed ......... 17/01/25
Component .......... 5735FAL00 Duplicate of ........
Reported Release ......... 630 Fixed Release ............ 999
Component Name TCP/IP V2 FOR V Special Notice
Current Target Date .. Flags
SCP ...................
Platform ............
Status Detail: SHIPMENT - Packaged solution is available for
shipment.
PE PTF List:
PTF List:
Release 630 : UI44207 available 17/02/01 (1000 )
Release 640 : UI44208 available 17/02/01 (1000 )
Parent APAR:
Child APAR list:
ERROR DESCRIPTION:
When a secure FTP PUT is done of a large file (e.g., 6.5GB), the
data transfer slows down to a crawl and all access to the system
via SSL (secure TELNET sessions) hangs up. The problem occurs
when the TCPIP stack has reached the 10% threshold for the
number of available data buffers and it is preceded by buffer
depletion warnings on the TCPIP console.
LOCAL FIX:
PROBLEM SUMMARY:
****************************************************************
* USERS AFFECTED: All users of the z/VM TCP/IP *
****************************************************************
* PROBLEM DESCRIPTION: *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
When a secure FTP PUT is done of a large file (e.g., 6.5GB), the
data transfer slows down to a crawl and all access to the system
via SSL (secure TELNET sessions) hangs up. The problem occurs
when the TCPIP stack has reached the 10% threshold for the
number of available data buffers and it is preceded by buffer
depletion warnings on the TCPIP console.
PROBLEM CONCLUSION:
The fix includes changes for the FTP server, SSL server and
TCP/IP stack
FTP server
If the control connection is closed while the data connection
is still opened to store the file, the FTP server will issue
the abort function to make sure the data connection is
closed as expected.
FTSCMD is updated to initialize the flags when a new data
connection is opened for the given control control connection,
in order to ensure that the FTP server sends one and
only one '150' reply to any subsequent data transfer command
that is received.
SSL server
If the SSL server gets the EWOULDBLOCK return code when it is
writing the clear data out, the server will continue to run,
instead of closing the connection.
TCP/IP stack
1. Change TCPSSL and T6PSSL to make the secure socket that is
created non-blocking
2. Update F6TCPREQ to pull in APAR PQ95009, APAR PQ95009 was
put into the IPv4 version of SkTcpWri but was not in the
IPv6 version of VSkTcpWr. This update adds a check for a
non-blocking socket when there are not enough buffers for
the data.
3. Update TCTREEP so that message 65004 will only be displayed
when TCPUP tracing is specified
4. Update TCPREQU to allow an Abort to happen on a connection
that has a handshake in progress
5. TCPSSL is updated to free the newly obtained ACB and respond
to the SSL server when the connection is in the CLOSED state.
6. TCPSSL is also updated to avoid 2 TCBs pointing to the same
ACB when copying the TCB.
TEMPORARY FIX:
COMMENTS:
MODULES/MACROS:
FPTCPDOW FTSCMD FTSEVEN FTSUTIL F6TCPREQ SSLDPUMP TCPREQU
TCPSSL TCTREEP T6PSSL
SRLS:
NONE
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER: