=================================================================== WebOS 6.0.68 Fixes and Enhancements. Released On - 19 July 2000 =================================================================== Bug 4084: URL SLB leaves open sessions at the server after splicing the TCP session. (Also refer bug 3206) When performing URL parsing of HTTP 1.1 sessions, if required content was on a different server, the connection on the old server was not reset because the RST packet was sent out of the wrong switch port. =================================================================== WebOS 6.0.67 Fixes and Enhancements. Released On - 18 July 2000 =================================================================== Bug 3957: Switch watchdogs on telnet when large "diff" is in progress on the serial console. Conflict between two processes trying to use Standard I/O. Implemented check to prevent conflict. Bug 3980: All services within a group are marked as FAILED. This bug was fixed in 6.0.66, but a debug print statement was left in the health check code - removed. Bug 4117: Port names with spaces will cause errors. Port names were not enclosed in quotes in the config dump. Bug 4116: Switch panicked when synchronizing VRRP, SLB configs. Sending switch might send an NULL frame, or exit the sync process before the receiving switch had completed the task. 7/17/00 - note Bug # 3151 added to fix list for 6.0.62. =================================================================== WebOS 6.0.66 Fixes and Enhancements. Released On - 10 July 2000 =================================================================== Bug 3888:VIP incorrectly translates ports which are not configured. A lookup routine was returning the last used Vport # instead of NULL, when the Vport was not found, resulting in calls to random ports occasionally being connected to real servers on open ports. Bug 3832: ICMP header checksum is incorrect with DAM enabled. When the path between VIP and Client does not support the MTU (frame size) used by the real server, the ICMP "too big" message is translated and delivered to the correct real server. In Direct Access Mode, the checksum was not recalculated. Bug 3955: Panic when upgrading boot image via TFTP Occasional panic when upgrading boot image - caused by failure to handle memory allocation error. Bug 3961: Switch incorrectly forwards frames on non configured port. A lookup routine was returning the last used Vport # instead of NULL, when the Vport was not found, resulting in calls to random ports occasionally being passed to a real server. Bug 3980: All services within a group are marked as FAILED. When all the services on a VIP are associated with one group, for any given real server, failure of any one service will result in all services being marked FAILED. This is done to ensure that services which need to be linked cannot be accessed separately (EG HTTP and HTTPS). To avoid confusion over what has failed, we now mark services which are up, but blocked as a result of an associated service on the same server being down with the tag BLOCKED instead of FAILED. Only actual failed services are now marked FAILED. Also prevent real server being marked UP after switching from ICMP to TCP health checks, when the services are down. Bug 3211: Health Check /info/slb does not reflect change to ICMP HC. On changing from TCP to ICMP health checks, if all services on a real server were down, but the server itself was reachable, the health check type did not change, and the server did not get marked up. Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. Bug 3599: Switch doesn't do SLB using URL with HASH metrics. When URL parsing and hash load balancing were configured, traffic would not be spread across the real servers. Refix to cover additional cases. =================================================================== WebOS 6.0.65 Fixes and Enhancements. Released On - 24 June 2000 =================================================================== Bug 3822: SSL persistency and Filtering cannot be combined on one port. Now allow combined feature. Bug 3839: Port hangs under heavy load/ multicasts. Continuation of fix from the previous release by closing another hole in the DMA Write routine. The port will stop responding because the DMA Write Buffer queue becomes corrupted. The condition is magnified when there are a large number of real servers configured and being health checked and a heavy traffic load. =================================================================== WebOS 6.0.64 Fixes and Enhancements. Released On - 19 June 2000 =================================================================== Bug 3722: VRRP Sync Failure can retain tcp_buffer. A buffer used for transmission of the VRRP config sync to the peer switch might not be freed if a transmission error occurred. Bug 3795: Enhancements to dump file. When an Switch Processor failure is detected, check all SPs and get snap trace from first bad SP found. Generate ASCII description for trace output. Bug 3839: Port hangs under heavy load/ multicasts. Fixed bug where, if the DMA overflow queue was full when a multicast frame came in for flooding, the DMA buffer ring would be corrupted, causing a flurry of DMA writes and overloading the Switch with these high priority events. Would ONLY occur if enough load to fill the DMA overflow queue occurred with a batch of multicast frames. =================================================================== WebOS 6.0.63 Fixes and Enhancements. Released On - 6 June 2000 =================================================================== Bug 3255: DAM leaking packets from real servers. With DAM enabled, when users are accessing a web site through a slow link (such as a wireless modem or a 28.8 dial in) and clicking ahead before a page is fully loaded, packets sourced from the real servers may be seen untranslated at the client's location. Only occurs with DAM enabled and while using a slow Internet connection. If you believe you are seeing this problem, please contact Tech Support for details of the appropriate configuration parameter. Bug 3714: Console vrrp alert : errored advertisements Previously reported any badly formed VRRP advertisements on our subnet(s) to the console, even if they were not for Virtual Routers configured on this switch. Now count and discard such packets without generating error message. Bug 3446: Unable to delete group/name. New/Current group name configuration was not properly flagged. =================================================================== WebOS 6.0.62 Fixes and Enhancements. Released On - 26 May 2000 =================================================================== Bug 3477: Radius Password length should be variable length. Length check was enforcing 16 characters - now allows upto 16. Bug 3478: Fix DIV routine so that it works with large numerators. Divide routine was the real reason for the 49 day bug (2527). Fix done and original patch removed. Bug 3457: Unable to synch VRRP from console when source switch busy. Improved information message indicating how to configure peer switches. Fix problems at sending side when no TCP buffers were available, and send less (but larger) packets. Protect receiving side against being stuck with a partial config after a failed synchronization. Bug 3588: Changing Health Check to ICMP in a multiple VIPs setup causes failed Health Check. With TCP health checks on several rports on the same servers, Changing one health check to ICMP will fail - fixed. Bug 3599: Switch doesn't do SLB using URL with HASH metrics. When URL parsing and hash load balancing were configured, traffic would not be spread across the real servers. Bug 3409: imask validation issue imask allows a VIP to represent a block of IP addresses, thus the RIPs behind it cover a similar width. The validation check was turning all RIPs into address blocks instead of just the ones associated with the VIP. Enhnacement: WCR Cached filter entries are only set up for incoming SYN packets Other packets were allowed (not redirected) instead. Enhanced to redirect all packets matching the filter, in case packets arrive on a different port or switch. =================================================================== WebOS 6.0.61 Fixes and Enhancements. Released On - 27 April 2000 =================================================================== Bug 3086: Port 9 link LED does not blink when the port is disabled. Fixed Bug 3149: Switch PANIC or corrupt configuration when enabling a new default gateway. Switch would panic, or have corrupt config if, when setting up first gateway on a switch, user hits in place of GW address, then tries to enable/apply anyway. Bug 3206: Switch sends http GETs to wrong server when using URL LB This problem only occurred under HTTP 1.1. If server A has a directory which does not appear on server B, and URL lb is configured to send /any & /directory to server A, /any to server B, requests for /directory would also go to server B. Bug 3258: Seq/Ack diff should only be calculated after a valid ACK is received. When a wrong ACK number is received from a server, a reset is sent. No need to calculate sequence difference for splicing until _after_ a good ACK is received. (Save CPU cycles) Bug 3078: Default gateway bouncing after change. If the primary default gateway was up, and its configured address was changed to a non-existent router, repeated "Gateway Operational" messages would appear on the console. =================================================================== WebOS 6.0.60 Fixes and Enhancements. Released On - 11 April 2000 =================================================================== Bug 2845: Data corruption when sending line rate Gig on a filter port Minor improvements to this fix- see 6.0.58 for details. Bug 3089: Health Check scripts were not synchronized. /oper/slb/sync did not pass the new scripted health check strings to the peer switch. Bug 3090: Long content HealthCheck fail message panics switch. If the content string being checked was more than 22 characters long, the total length of a "Cannot retrieve content" message was more than 80 characters and would run off the end of the string buffer, resulting in unpredictable results, including panic. Bug 2925: Server Load Balancing- not all services checked. When several VIPs share the same set of real servers through a common group, but are mapped to different services (Rports), only the last service in each set was checked. This could result in failure of the last service brining down all or failure of other services being unreported. Bug 2941: Add l4user & slbadmin and the revert command Enhanced User Access Control. Disable additional users by default so that "user" and "admin" are the only logins enabled by defult. Bug 3114: FTP Health Checks did not work for all server types. Fixed FTP Health Checks so that multiple line messages are properly interpreted. Also made the FTP login/logout if no content is defined, and made FTP health check verify that the content file exists if the SIZE command isn't supported by the FTP Server. Bug 3115: Real and Group Name don't cause "diff" on "cur" Real server and Group name changes did not show up with the "diff" command. Bug 3085: Cannot disable a port that does not have link. Config/port n/dis did not take effect if the port did not have link. Bug 3072: SSL ID persistency could send user to other real servers. Consequence of SSL enhancements (3041, 3042, 3044) in 6.0.57. =================================================================== WebOS 6.0.59 Fixes and Enhancements. Released On - 30 March 2000 =================================================================== Bug 3060: HTTP string loadbalancing does not work correctly with HASH metric. Certain strings would incorrectly match "/any", even if exact match existed. Bug 3058: Remote health check rport - should be vport For remote (GSLB) server health checks, the Virtual Port should be checked - when port mapping occurred, remote health checks were performed on Real Ports and would fail. =================================================================== WebOS 6.0.58 Fixes and Enhancements. Released On - 29 March 2000 =================================================================== Bug 2941: Add l4user & slbadmin and the revert command. (See 6.0.56) Config block changes to guarantee forward compatibility to 8.0. =================================================================== WebOS 6.0.57 Fixes and Enhancements. Released On - 28 March 2000 =================================================================== Bug 3041: Add port mapping for SSL Session ID Load Balancing. Port enhanced feature from 8.0 allowing port mapping for SSSL Persistency. Also fix problem where an internal check for health check content (not needed for SSL hello) would cause error messages. Bug 3042: On SSL real server failure bind to another real server. If an SSL server died, a user coming in with a known SSL session ID associated with that server would not be sent to a new server until the browser timed out and negotiated a new SSL session. Now the client is directed to an available server, which forces the SSL renogotiation. Bug 3044: Allow SSL Health Checks on Any TCP Port. Remove the prior port 443 restriction on SSL hello health check and SSL ID persistence. Bug 2958: URL Buffer occasionally not freed correctly VLAN ID was kept in the same word as the URL buffer address, so that memory was not freed correctly for certain VLAN IDs. Mask used to extract the buffer address was corrected. Bug 2475: SLB does not work across tagged vlans (6.0 only) SLB and redirection across VLAN boundaries did not work if the output port was a tagged (802.1Q) link, because the VLAN tag was not changed. Bug 2845: Data corruption when sending line rate Gigabit traffic. If gigabit traffic at close to line rate was sent into a port with many filters enabled, or one-armed load balancing configured, a memory allocation error could result in frames being overwritten, and corrupt FDB entries being generated, causing flooded traffic. Bug 2969: Memory error when changing multiple passwords If more than one password was changed under the system menu, then memory which had not been allocated was freed, which might lead to a crash. Bug 2968: Merge VRRP Synchronization changes from 8.0. Allow the administrator to select the parameters to be synchronized and the peer switch(es), reducing risk of inadvertently copying the wrong parameters. Bug 2944: Enforce non-NULL passwords for admin. Ensure that the admin password is configured, and cannot be set to NULL, and fix a panic caused by enabling a disabled user. Bug 2996: New URL SLB string is getting added to the previous string. If a maximum length URL string existed, and another max length URL string was configured, then it would get added to all previous strings. =================================================================== WebOS 6.0.56 Fixes and Enhancements. Released On - 17 March 2000 =================================================================== Bug 2938: SLB does not work with VLAN ID >256 on Client port. Frames on client ports were not forwarded correctly when the VLAN ID was greater than 256. Bug 2939: Some SSL server hello packets have wrong checksum. SSL Hello packets sent to server might have wrong checksum if the frame buffer wrapped. Bug 2941: Add l4user & slbadmin and the revert command. Created a tidy hierarchy of permissions by adding the following users: user, slboper, l4oper, oper, slbadmin, l4admin, admin. If the password for a user is set to NULL then the user is disabled. Ported the "revert" command from 8.0 - undoes all unsaved changes. Additions: Added support for new version (ICS 1892) PHY chip. =================================================================== WebOS 6.0.55 Fixes and Enhancements. Released On - 13 March 2000 =================================================================== Bug 2711: "Apply"ing config changes causes session table to be cleared. A leftover "precaution" from the 6.0 development cycle. It remains good practice, however, to clear the session table for a port when filter changes have been made, so that old information does not remain in the cache. Bug 2866: Target switch console port hangs after VRRP synch with Hyperterm. Bug 2840: Sounds heard if PC console connected to target switch during Sync. Spurious control character was being sent which could trigger the "Bell" sound and/or lockup the console when using Hyperterm under Windows on the serial port of the target switch during a config sync (/oper/slb/sync) operation. Bug 2891: Add switch type to dumps Include switch type in crash dumps to avoid wasted time in analysis. Bug 2847: ARPing for syslog host out wrong VLAN. When syslog host was configured, and the re-ARP timer expired, the ARP for the syslog IP address went out on all VLANs, causing problems if a proxy ARP response was returned on the wrong VLAN. Bug 1528: 180,webui,cfg,ip interfaces, submit button return error. Fixed this bug and cleaned up minor problems related to #2536 (Large configs did not display all real servers). Increased WebUI buffer, changed refresh timer to 120 seconds. =================================================================== WebOS 6.0.54 Fixes and Enhancements. Released On - 3 March 2000 =================================================================== Bug 2833: VMAC or VRMAC becomes learned not permanent. A race condition was fixed that could allow, during a topology change, and while the switch is becoming master for the Virtual Routers (VIPs), some "permanent" MAC addresses could be learned on a specific port. If this occurred, traffic (such as replies from the VIP) would not be able to exit via that port, and VIP would become "unreachable". Bug 2842: NMAP - randomize TCP seq#s Make the initial sequence number used by the Master Processor for TCP connections more random - making it harder to spoof connections to or from the switch. NMAP score raised to "formidable". Bug 2841: Select WCR vs FWLB redir Switch previously assumed (to simplify configuration) that redirection of any port number meant firewall load balancing, which hased on both source and destination IPs for symmetry, and that a destination port of 20, 21, or 80 meant that the redirection was intended for Web Cacheing, and hashed only on destination IP. Now able to specify FWLB or WCR type redirection filters, to permit, for example, selective FWLB by traffic type. =================================================================== WebOS 6.0.53 Fixes and Enhancements. Released On - 27 February 2000 =================================================================== Bug 2762: Unexpected session table aging. Age of new connections added to our "session" table was not set - usually 0, but could be indeterminate. Some entries might age out before the flow was confirmed, and the timeout properly set. Now initialize the age of the session table entries when created. Bug 2802: Added scriptable health checks feature. Bug 2771: USLB + Pbind did not work when combined. Fixed overflow condition which prevented these features from working together. Bug 2536: WebUI cannot enable/disable the Direct Access Mode feature, or Manage configurations with more than 16 real servers, or Configure Site name. Changed configuration pages from table to hyperlink display, solving a number of table size problems. Fixed several minor configuration and display bugs. Bug 2811: CLI command "localnetwork" too long (max 7 characters). New menu for adding local networks changed to just "local" Bug 2807: SNMP VrrpInfoVirtRtrTableEntry is wrong. Was incorrectly mapped to slbRealServerInfoIndex, Now shows Virtual Router status correctly Bug 2819: SSL persistence does not work if server MTU is under 512 bytes. With small frame sizes, the server Hello, which contains the SSL Session ID, is broken into 2 frames - one with just an ACK, and the second with the Session ID and ACK-PSH. The first frame was misinterpreted, and the Session ID would be missed. Now Session IDs correctly found and interpreted. =================================================================== WebOS 6.0.52 Fixes and Enhancements. Released On - 17 February 2000 =================================================================== Bug 2618: WebUI Issue (L4Admin Cannot Manage Real Servers) Now allows WebUI users with L4Admin privleges to enable and disable Real Servers from the Dashboard's Real Server window. Bug 2694: VLAN name change on TFTP of Configuration Reversed the order that the VLAN information is dumped out while exporting the switch's configuration. This eliminates nuisance message during gtcfg stating that the VLAN names have changed. Bug 2722: SLB sessions thru trunking limited to 8K per port Changed the medhod used to select the port used during trunking so that the load is more evenly distributed. Bug 2755: Panic (MP NANNY) in slb_real_tcp_close() Added a check to prevent accessing an invalid memory location to prevent this particular switch crash. Bug 2756: Need Stateless UDP Redirection (uncached) The switch now supports uncached stateless UDP redirection. ===================================================================== WebOS 6.0.51 Fixes and Enhancements. =================================================================== Bug 2667: Allow old lnet/lmask commands on upgrade, or from old saved config file. Now reads the old config commands for lnet/lmask and adds the network into the new LocalNet list, unless the new list has been saved, in which case the new values take precedence. Also updates the (now hidden) lnet/lmask fields to preserve the config in case of software downgrade. Bug 2677: On upgrade the original lnet/lmask is stored in the first entry of the multiple lnet/lmask list. Now loads the original lnet/lmask entry into the multiple lnet/lmask list. Once the multiple lnet/lmask list is saved this copy of the datais no longer performed. Bug 2699: Prevent Multi VIP/Vport per RIP/rport without DAM Added check to prevent illegal configuration of more than one VIP/Vport for the same servers/services, unless in DAM. (DAM permits additional VIPs to be separately mapped to the same services, since each session's address mapping is kept on the client port.) Bug 2700: Allow Port mapping with DAM when using URL parsing or PIP. Remove blanket denial of port mapping (vport != rport) in DAM and allow port mapping when the session table structure permits it - if USLB, or PIP (even "dummy" PIP) is configured. Bug 2740: SSL persistence in 6.0 seems to work only with VIP 1 Fixed the code so that SSL persistance correctly works with all defined VIPs. Enhancements: A change was also included to forward UDP packets with the port greater than 33,000 to the MP assuming that these are tracert messages. The previous limit was 30,000. ===================================================================== WebOS 6.0.50 Fixes and Enhancements. =================================================================== Bug 2669: IP interface cannot be inside the imask range, resulting in wasted addresses. The imask parameter allows a VIP to cover a range of addresses, mapping them to servers of similar "width". Enhancement - allow VIP/imask to overlap switch interface address. Also ensure that correct MAC (Interface or VMAC) is returned to ARP. =================================================================== WebOS 6.0.49 Fixes and Enhancements. =================================================================== Bug 2641: Hash on Cookie contained in URI did not always work correctly. Fixed problem where part of URI might get overwritten when frame was modified for transmission to real server. Bug 2626: /Info/SLB showed the real servers as up, but the associated redir filter state as down. Filters were working correctly. (Since 6.0.41) Now reported correctly. Bug 2659: Incorrect /cfg/dump output for lnet/lmask parameters (lmask twice). Fixed dump output to permit save/copy/paste of config with lnet/lmask set. Bug 2660: RADIUS secret not set correctly on command line. If the RADIUS secret is configured in line, such as "/cfg/radius/secrt password", rather than waiting for the prompt, the password would be stored incorrectly. Bug 2661: Config blocks spanning two flash regions not cleared. When config data crossed a boundary between two regions of flash memory, it was not deleted, resulting in some parameters that could not be removed from the configuration. Bug 2633: Panic if no port number entered for /cfg/snmp/linkt CLI command. Improved fix giving better error message. Bug 2606: Allow definition of multiple "local" networks for improved ARP and route cache management. (lnet/lmask) =================================================================== WebOS 6.0.48 Fixes and Enhancements. =================================================================== Bug 2620: URL Parsing - server error if "Host:" not in first frame. When the "Host:" command was in the second frame, we were inadvertently treating it as a new HTTP request, and sending it to a different real server, resulting in an error 400. Do not treat a frame with "Host:" but no Get, Head, or Post as a new HTTP request - send it to the server already selected. Bug 2604: PBIND - Persistent Entries Not Removed (also affects FTP). PBIND creates two session table entries, one for the specific IP ports in the session, and one for persistency. When aging out persistent entries, the second entry would not be removed, causing gradual session table growth. =================================================================== WebOS 6.0.47 Fixes and Enhancements. =================================================================== Bug 2586: Spanning tree information enhancement for improved network diagnosis. /info/stp now displays the time since the last STP topology change, plus the designated bridge and designated port for each port. Bug 2605: 15 Character SLB names cause problems. When entering 15 character real server or group names, the name is displayed incorrectly as the name entered and the next name, which could cause problems when copying and pasting or synchronizing configurations. Bug 2599: GSLB in redundant switch scenario not working properly on AD3/180E. Secondary switch was incorrectly interpreting 65536 available sessions as zero (16 bit number), and advertising 0 available connections. Thus remote switches would be shown as down, although real servers were up. Now advertise 65535 available sessions when switch is idle. =================================================================== WebOS 6.0.47 Fixes and Enhancements. =================================================================== Bug 2580: Non cookie traffic is not HASHed correctly. For non cookie traffic, Client IP and VIP addresses were being transposed, thus causing HASH to select the same real server for all traffic. Now sends Source IP to hash algorithm instead of Destination IP. Bug 2555: Dynamic (many to 1) Network Address Translation broken from 5.2.24. When server source addresses from a private network were translated using a Proxy IP and NAT filter on the server port, reply frames from the Internet were not correctly delivered to the requester. Bug 2585: Improved SYN attack resistance. When the session table is full, reject all new socket opens (SYNs) to reduce the impact on the switch and real servers. =================================================================== WebOS 6.0.45 Fixes and Enhancements. =================================================================== Bug 2562: Roundrobin load balancing of URLs would not work correctly if "any" and other strings were mixed in the server group. Roundrobin now works correctly. Bug 2531: Default gateway health checks were being routed via other interfaces, causing "flapping". If all ports in a VLAN are down, IP routing would send ICMP echo for default gateway via next available interface. If gateway was indirectly reachable, it would go up and down. Only directly attached gateways will now be marked "up". Bug 2454: Backup Phy speed shown as "100" when backup configured as none. Fixed config display to show "none" when no backup phy configured. Bug 2450: Config Sync may be received corrupted for large configs. Receiving switch needs time to parse config commands from file. Lack of pacing at sending end could result in lost data, or out of memory condition at sender, accompanied by temporary health check failures. Fixed by adding pacing to config sync send routine. Bug 2403: VRRP Synchronization Watchdog Reset. Addition of password check exposed a timing problem in TCP which caused the receiving switch to crash. Fixed. Bug 2347: VRRP Config Sync is not password protected. Now encrypted password is sent before attempting sync. Also fixed: A problem where "ACK" frames could be corrupt if a "SYN-ACK" with many options had been received. =================================================================== WebOS 6.0.43 Fixes and Enhancements. =================================================================== Bug 2556: URL Sequence Table leak. Under some circumstances with large HTTP headers, a Sequence Table entry would not be freed, with eventual inability to process URLs or Cookies. Now Sequence Table entries are correctly freed under all circumstances. Bug 2525: For UDP stateless load balancing, a small client population was not well distributed across the servers. Sessions were actually cached for about 1 second. Sessions are no longer cached at all for UDP stateless operation. Also fixed: A problem which would stop all timers if a specific, rare, OS condition occurred.