TCPIP CONNECTIONS CAN GET STUCK IN FIN-WAIT-2
APAR Identifier ...... PI73495 Last Changed ........ 17/09/26
TCPIP CONNECTIONS CAN GET STUCK IN FIN-WAIT-2
Symptom ...... IN INCORROUT Status ........... CLOSED PER
Severity ................... 3 Date Closed ......... 17/02/09
Component .......... 5735FAL00 Duplicate of ........
Reported Release ......... 630 Fixed Release ............ 999
Component Name TCP/IP V2 FOR V Special Notice
Current Target Date .. Flags
SCP ...................
Platform ............
Status Detail: SHIPMENT - Packaged solution is available for
shipment.
PE PTF List:
PTF List:
Release 540 : UI44561 available 17/02/10 (1000 )
Release 620 : UI44533 available 17/02/10 (1000 )
Release 630 : UI44534 available 17/02/10 (1000 )
Release 640 : UI44535 available 17/02/10 (1701 )
Parent APAR:
Child APAR list:
ERROR DESCRIPTION:
When a secure connection is closed, there is a possibility that
a TCB (connection structure) with FIN-WAIT-2 status will not be
released and will stay around forever until TCPIP is restarted.
The problem occurs when TCPIP has already sent a FIN packet to
close out the connection, but it never receives the FIN packet
back from the peer, which results in the connection never being
fully closed.
LOCAL FIX:
PROBLEM SUMMARY:
****************************************************************
* USERS AFFECTED: All users of the z/VM TCP/IP *
****************************************************************
* PROBLEM DESCRIPTION: *
****************************************************************
* RECOMMENDATION: APPLY PTF *
****************************************************************
When a secure connection is closed, there is a possibility that
a TCB (connection structure) with FIN-WAIT-2 status will not be
released and will stay around forever until TCPIP is restarted.
The problem occurs when TCPIP has already sent a FIN packet to
close out the connection, but it never receives the FIN packet
back from the peer, which results in the connection never being
fully closed.
PROBLEM CONCLUSION:
When a secure connection is established, there are three
connection blocks (TCBs) that are used. One is the network
facing TCB and the other two are used for the connections
between the SSL server and TCP/IP. The code has been updated
so that each of the non-network facing TCBs are updated to
store the address of the TCB for the other half of the
connection thus allowing both halves to be closed together.
The specific updates are as follows:
TCBASTY and TCTCB: TcbType is updated to use SslOtherCn to
store the TCB address for the other half of the connection.
TCPSSL and T6PSSL: When connecting a SOCKE_SSL socket, each of
the TCBs will be updated to store the other's address. This will
allow both sides of the connection to be found.
TCPUP: When a reset request is received for a secure
connection, ensure that the other half of connection is also
closed in order to release the whole connection.
TCMON: When dealing with the TCB information, if SslOtherCn
is not nil, then get the ConnectionName and pass it to the
caller in the SslOtherCn field instead of the pointer to the
TCB.
TEMPORARY FIX:
COMMENTS:
**** PE17/06/27 FIX IN ERROR. SEE APAR PI83658 FOR DESCRIPTION
MODULES/MACROS:
CMNETST TCBASTY TCMON TCPSSL TCPUP TCTCB T6PSSL
SRLS:
NONE
RTN CODES:
CIRCUMVENTION:
MESSAGE TO SUBMITTER: