LARGE SECURE FTP TRANSFER BOGS DOWN AND HANGS SSL SESSIONS
APAR Identifier ...... PI68525 Last Changed ........ 17/02/01 LARGE SECURE FTP TRANSFER BOGS DOWN AND HANGS SSL SESSIONS Symptom ...... IN INCORROUT Status ........... CLOSED PER Severity ................... 2 Date Closed ......... 17/01/25 Component .......... 5735FAL00 Duplicate of ........ Reported Release ......... 630 Fixed Release ............ 999 Component Name TCP/IP V2 FOR V Special Notice Current Target Date .. Flags SCP ................... Platform ............ Status Detail: SHIPMENT - Packaged solution is available for shipment. PE PTF List: PTF List: Release 630 : UI44207 available 17/02/01 (1000 ) Release 640 : UI44208 available 17/02/01 (1000 ) Parent APAR: Child APAR list: ERROR DESCRIPTION: When a secure FTP PUT is done of a large file (e.g., 6.5GB), the data transfer slows down to a crawl and all access to the system via SSL (secure TELNET sessions) hangs up. The problem occurs when the TCPIP stack has reached the 10% threshold for the number of available data buffers and it is preceded by buffer depletion warnings on the TCPIP console. LOCAL FIX: PROBLEM SUMMARY: **************************************************************** * USERS AFFECTED: All users of the z/VM TCP/IP * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: APPLY PTF * **************************************************************** When a secure FTP PUT is done of a large file (e.g., 6.5GB), the data transfer slows down to a crawl and all access to the system via SSL (secure TELNET sessions) hangs up. The problem occurs when the TCPIP stack has reached the 10% threshold for the number of available data buffers and it is preceded by buffer depletion warnings on the TCPIP console. PROBLEM CONCLUSION: The fix includes changes for the FTP server, SSL server and TCP/IP stack FTP server If the control connection is closed while the data connection is still opened to store the file, the FTP server will issue the abort function to make sure the data connection is closed as expected. FTSCMD is updated to initialize the flags when a new data connection is opened for the given control control connection, in order to ensure that the FTP server sends one and only one '150' reply to any subsequent data transfer command that is received. SSL server If the SSL server gets the EWOULDBLOCK return code when it is writing the clear data out, the server will continue to run, instead of closing the connection. TCP/IP stack 1. Change TCPSSL and T6PSSL to make the secure socket that is created non-blocking 2. Update F6TCPREQ to pull in APAR PQ95009, APAR PQ95009 was put into the IPv4 version of SkTcpWri but was not in the IPv6 version of VSkTcpWr. This update adds a check for a non-blocking socket when there are not enough buffers for the data. 3. Update TCTREEP so that message 65004 will only be displayed when TCPUP tracing is specified 4. Update TCPREQU to allow an Abort to happen on a connection that has a handshake in progress 5. TCPSSL is updated to free the newly obtained ACB and respond to the SSL server when the connection is in the CLOSED state. 6. TCPSSL is also updated to avoid 2 TCBs pointing to the same ACB when copying the TCB. TEMPORARY FIX: COMMENTS: MODULES/MACROS: FPTCPDOW FTSCMD FTSEVEN FTSUTIL F6TCPREQ SSLDPUMP TCPREQU TCPSSL TCTREEP T6PSSL SRLS: NONE RTN CODES: CIRCUMVENTION: MESSAGE TO SUBMITTER: