=================================================================== WebOS 8.0.54 Fixes and Enhancements. Released On - 20 November 2000 ==================================== Bug 4311: (Agent)FDB table incomplete and port is off by one. The first entry of the forwarding table retrieved via SNMP was missing, and the learned port would be increased by one. Bug 4915: forwarding table shows port+1 as value of port it learned the MAC. Forwarding table retrieved via SNMP would show learned port as +1, EG 10 when it should be 9. Bug 5441: (Agent) Aceview shows GSLB,BWM SNMP get of "agEnabledSwFeatures" was displaying these features separated by "," instead of "+". Bug 5440:(Agent) If Realport has no input it should take Virt port value When SNMP retrieved the rport, and no value was configured zero was displayed, when the vport should be displayed if no port mapping is configured. Bug 5332: AD4-8049 and 8121FTP Parsing Panic A bug in the wrap case was incorrectly using a buffer instead of the stack. Bug 5439: Error downloading software to ports - Part 2. After a panic, the SP can have a zero in the PCI vendor/device field, which can result in failure to download to ports over the bus, however, the correct vendor and device values are also in the PCI subsystems fields, except for port 9. Therefore, rather than always looking in the subsystems fields, only do so if the vendor/device fields are bad. Bug 5385: Filter-Config Dump dumps all filter info. including disabled filters. Filter timeout parameter was being initialized for all filters, which caused them to be displayed as non-default. Now only initialize the parameter for enabled filters. Bug 5291: Delayed binding needs to be turned on globally instead of specifically by VIP. As part of enabling delayed binding for URL WCR, also ensure "direct" is enabled for URL WCR. Bug 5426: Generate ACK traffic & it reached max. Sessions on switch. When performing URL based WCR, a continuous stream of ACKs could fill up the session table - code added to protect against this. Bug 4736: Need tmout >60 minutes - final version. Due to the restricted number of bits in the session tables, session timeout for real servers was restricted to the range 2-30 minutes (4 bits). Implemented a global multiplier parameter "slowage" in the top level SLB menu which shifts the aging time tick to the left the specified number of bits. Example: slowage=3 + tmout=10 will result in "timeout 80 mins" when "/cfg/slb/real n/cur" is displayed. Also changed: The fast aging time which is used during connection setup and teardown also has a bit shift modifier, and this has been renamed from "btshf" to "fastage" to avoid confusion with the "slowage" modifier. The old "btshf' command is not displayed, but is still accepted for compatibility with older config files. Bug 5376: SW panic when AD3 switch's configuring to factory default A bad print string was sent if anything except "d" or "e" was entered for bootp during guided setup. =================================================================== WebOS 8.0.53 Fixes and Enhancements. Released On - 16 November 2000 ==================================== Bug 5408: (Agent) failover and failover standby cannot be configured in slb ports. Port states failover and failover-standby are read only and were incorrectly included for slbNewCfgPortSlbState and slbCurCfgPortSlbState. Bug 5402: (Agent) In SLB Group conf backuprealserver takes the same value as backuprealgroup. Setting backuprealgroup via SNMP also changed the backuprealserver to the same value. Bug 5422: (Agent) VRRP interfaces, the first password gets messed up when second password is added. Display string length was set incorrectly causing interaction between first and second passwords when retrieved via SNMP. Bug 5409: (Agent) Can't add the "any" string to a real servers URL substring list. URL substring add and remove functionality was not working correctly via SNMP. Bug 5406: (Agent) Aceview shows filters 2-224 are configured after reboot. Since the factory config for IP filters now has a non zero value for NAT timeout, the filters were being misinterpreted as non-default. Bug 5407: (Agent) SNMP timeout when trying to insert a new row into the fIlter table Agent did not send a get response when trying to insert a new row into the filter table via SNMP. Bug 5404: (Agent) Deleting a Gateway from the table doesn't work right. When a gateway is deleted via SNMP, some values were defaulted, and the apply was not done correctly. Bug 5439: Error downloading software to ports - Part 1. After a panic, the SP can have a zero in the PCI vendor/device field, which can result in failure to download to ports over the bus. The correct vendor and device values are in the subsystems fields, so we now look at the subsystem fields, not the vendor and device fields. Bug 5332: AD4-8049 and 8121FTP Parsing Panic - Open problem Only occurs on AD4 platform since 8.0.49. Fix is in 8.0.54/ 8.1.25. =================================================================== WebOS 8.0.52 Fixes and Enhancements. Released On - 14 November 2000 ==================================== Bug 5296: (Agent Enhancement) /cfg/slb/adv: shows script, matrix & btshf Added SNMP display of Health check script, Matrix en/dis, and btshf (timeout modifier). Bug 5291: Delayed binding needs to be turned on globally instead of specifically by VIP. As part of enabling delayed binding for URL WCR, also fix: Bind traffic to origin server if cache is down Fix URL WCR related PANIC for bug 5291 fix Correctly support URL WCR half-NAT Bug 5275: (Agent) In Aceview filter Mac addr not shown when config. via CLI When the source or destination MAC address for a filter was configured via CLI, it was not retrieved via SNMP. Bug 5314: (Agent) Remote Sites Insert IP addr returns "No Such Name" message. Fixed test function rs_dslbRemSiteTblTst() so that new entries can be added to the remote site table. Bug 4957: (Agent) hwRevision causes a problem in hwPartNumber in a multiple variable get request. HW revision was overwriting the first 3 bytes of the response for HW part number in a multiple get. Array size increased. Bug 5264: (Agent) ifDescr.9 is incorrect Port 9 incorrectly reported port description as UTP 10/100 via SNMP. =================================================================== WebOS 8.0.51 Fixes and Enhancements. Released On - 13 November 2000 ==================================== Bug 4755: Error messages when applying filters to a port from factory config. On apply of filters to a port for the first time, the switch would report that the changes were waiting for a reset to take effect. The NAT filter timeout was not correctly initialized for all entries in slb_config_init. Bug 5303: Multiple 'admins' can log in at the same time. This is legal since 8.0 - we were just not tracking the privileged users correctly. Added code to main_cli and main_exit so that the count of privileged users increments and decrements when a priviledged user logs in or logs out. This way the switch knows when there is privileged users(s) on the switch and when there are no privileged user(s) left on the switch. It also causes the warning to display properly. Bug 5301: (Agent) In Aceview: ExcludeStr does not work. Switch Agent did not have an API to get value for excludeStr object. Bug 5267: (Agent) In Aceview: log features does not work in filter table. Agent was not passing correct parameters to rs_filtTblGet() to retrieve the filter log. Bug 5309: (Agent) In Aceview PathString shows garbage. When setting characters in the Configure->L4 Switching->URL Parsing-> Load Balance->PathString field, garbage was returned. Bug 5242: (Agent) ipRouteInfoTag returns out of range value. Due to an incomplete list of tags, the agent was returning an out of range value. Bug 5234: (Agent) dot1dStpBridgeMaxAge, HelloTime amd ForwardDelay return values that are out of range. Per RFC 1493 dot1dStpBridgeMaxAge, dot1dStpBridgeHelloTime and dot1dStpBridgeForwardDelay are defined as "Timeout" which is in units of 1/100 sec. Internally these are in kept in Seconds. The agent now performs the conversion to return correct values. Bug 5240: (Agent) Out of range values returned for slbCurCfgVirtServerCoffset, slbCurCfgVirtServerClength. These parameters changed to return the proper range of values. Bug 4339: (Agent) Unable to clear the session table from the Aceview. The SNMP object "operSlbPortClrSessionTab" was not set to read-write. Bug 5316: (Agent) In Maintenance table, Geographic awareness doesn't work # Fixed 5316: The geographic awareness enable/disble does not match # with the CLI. Bug 5293: (Agent) Slb insert table RealThreshold shows error message. When setting the real server threshold via SNMP, the following message was displayed "badValue slbNewCfgGroupRealThreshold.3" Bug 5273: (Agent) In Aceview, BwmContracts shows errors message. When setting BwmContracts via SNMP, the error "genErr fltNewCfgBwmContract.1" was displayed. Range checks and other safeguards were added so that bwmContract is only tested if BWMANAGE is defined. Bug 5292: Switch panic when entering more than 15 char. to bootp dis/enable. Panic occurred when a string longer than 15 characters was pasted from the history buffer at the bootp enable/disable prompt. Bug 5250: (Agent) Apply Needed button in AceView sometimes not higlighted. SNMP agent did not always set "Apply Needed" flag after changes. Bug 5254: (Agent) In Aceview LocalSubnet and LocalMask do not work. LocalSubnet and LocalMask in ipForward Table did not work via SNMP. Bug 5255: (Agent) In Aceview DefListen enable/disable does not work. DefListen enable/disable did not work via SNMP. Bug 5247: (Agent) Path Cost field shows different numbers compared to CLI. When set via SNMP, Spanning Tree->Pathcost did not accept a 16 bit value. Bug 5272: (Agent) UrlRedir shows error message when enable/disable UrlRedir showed error message when enable/disable via SNMP from AceView. Bug 5322: FTPp passive mode fails with Sambar FTP server Adjusted our FTP parsing to accept the passive mode response from a Sambar server. Bug 4736: Need tmout >60 minutes Combined two bit fields to increase the range for real server timeout. This fix superceded in 8.0.54 by a simpler version. Bug 5291: Delayed binding needs to be turned on globally instead of by VIP. Prevent certain types of DOS attacks from filling session table. Allow delayed binding (used for URL parsing) to be enabled globally. =================================================================== WebOS 8.0.50 Fixes and Enhancements. Released On - 31 October 2000 ==================================== Bug 4602: URL SLB performance will drop dramatically when it exceed it's peak. Session entries/buffers were being kept alive by client retries even when the real server retry count had expired. Bug 4849: Setting slbNewCfgRealServerAddUrl via SNMP doesn't work correctly Code was setting slbNewCfgRealServerIpAddress instead of URL. Bug 4957: SNMP hwRevision overwrites first 3 bytes of hwPartNumber in a multiple variable pdu. # Used different static array for hwRevision and hwPartNumber. Bug 4978: SNMP: slbNewCfgGroupBackupServer bad variable value (AD4). A bad value was returned when attempting to set this variable. Bug 4943: 8119.8049 on a 184 sysObjectId is returning a 7 (CacheDirector) Fixed a problem with the g_sysobjid[] table. Bug 5056: fltStatTable does not seem to return the correct information. Fixed. Bug 5052: Traffic with dport of 0 will create permanent session entries. Frames addressed to a VIP (EG L3 VIP) with destination TCP/UDP port# of 0 would create permanent entries in the session table. Bug 4977: I cant set a filter # >9 for a port using SNMP. Fixed incorrect table size limit. Bug 4972: SNMP insert into VRRP interface table causes Panic Occurs when a password of zero length is sent. Bug 4981: bwmNewCfgContractName seems to sometimes returns bogus information. Now use correct copy routine. Always terminate string objects with NULL. Eliminate possible Panic with unterminated string. Bug 5056: fltStatTable does not seem to be returning the correct information. # Changed rs_tcNxt() and rs_sptcNxt() to return contracts only when # configured. # Correctly implemented test functions. Bug 4956: Need add and delete capability on some tables. Now allow delete for slbPortTable, slbNewCfgPortTable, bwmNewCfgPolicyTable and gslbNewCfgRemSiteTable. Exclude obsoleted objects slbFailOverTable and 64 bit SLB stats. Changed Status of obsoleted objects slbFailOverTable and 64 bit SLB stats from mandatory to obsolete Bug 5003: Misconfiguration of proxy IP causes FTP parsing to fail. When proxy is enabled without a pip and ftpp is enabled on a VIP, non-passive ftp sessions are corrupted (port has bad ip and counter). Added validation code to prevent users from enabling proxy on a port without a pip when ftpp is enabled on a virtual server. Bug 4964: PIP NAT fails if SLB is globally disabled. Added code to slb_cfg_validate() to prevent the user from being able to enable proxy or add a pip to a port without having SLB enabled. Bug 4488: With VMA enabled it should not be possible to disable IP FRD # Added code to ip_cfg_validate() to prevent a user from # disabling port forwarding per port with vma enabled. Bug 4138: New NAT session timeout parameter is not shown in /cfg/slb/fil/adv Filter session timeout parameter was only displayed if action was NAT - now displayed any time it is not set for default value. Bug 4487: First time config. of Cookie passive mode results in a warning. When configuring passive cookie mode from default, a console warning was output. Bug 4390: SNMP: slbNewCfgGroupBackupGroup bad variable value. A bad value was returned when attempting to set this variable. Bug 4930: After installing a GSLB demo key, the prior installed keys won't work The code for adding demo keys was changing the other installed keys to Demo, so that all advanced features would stop working together. All keys are now set independently, and demo keys are displayed as such. GSLB config is removed when the key expires. =================================================================== WebOS 8.0.49 Fixes and Enhancements. Released On - 17 October 2000 ==================================== Bug 4887: Cookie persistancy overides oper/slb/dis. Cookie/ssl persistency now disabled when server disabled. Bug 4882: Filter config table shows all the rows even when not configured. MIB error causing empty filter table entries to be displayed. Bug 4975: slbNewCfgPeerIpAddr does not seem to exist on a 184 switch. Fixed compile error on 184/AD4 version which prevented this MIB object from being retrieved. Bug 5068: FTP Parsing Panic; cause unknown Added checks to prevent crashes when illegal length was received during ftp PORT command. =================================================================== WebOS 8.0.48 Fixes and Enhancements. Released On - 10 October 2000 ==================================== Bug 4933: Current Session OIDs type should be GAUGE. Some statistics were incorrectly specified in the MIB as Counter (running count) vs Gauge (current value), causing MIB browser display problems. Bug 4829: The switch watchdogged when running with ipnum = 32 and 10 iSD under stress test. A memory contention problem occurred when four consecutive "store" instructions were executed in assembly code. (Fix ported from 8.1 as it could also affect 8.0.) Bug 4994: FWLB+SLB+VMA needs DAM Combining FWLB and SLB in the clean side switches with VMA, would result in reply traffic from the servers being translated correctly to be "from" the VIP, but then incorrectly using the VIP instead of the destination as the "client" address when picking the VMA designated port. (But was OK if DAM was enabled) When DAM is off and filtering is on, now ensure designated port is computed using CIP (destination) not VIP (source) so that inbound and outbound frames hash to same designated port. Bug 4958: Real server IP appears on client side when doing URL based WCR If the client source port was the same as the cache port (EG 3128), then cache traffic could appear on the client port after a connection was closed. Bug 4963: FTP parsing, passive mode fails VMS ftp server port command replies are lower case. Modified FTP parsing to be case insensitive. Also disbaled automatic Pbind for FTP if using FTP parsing. Bug 4753: HRSP Tracking doesn't work when Hotstandby is enabled. HSRP advertisements are tracked for client ports only. If the port was also configured for HotStandby, we would ignore the HSRP frames. Bug 4905: FTP NAT Crashes with a panic when frame buffer is larger than internal buffer. A bad incoming frame (too long) could cause a panic when we try to copy it to the internal buffer - added safety check. Bug 4805: Enabled Software features do not show via SNMP. Added new MIB object and API to allow software features to be verified via SNMP. Bug 4878: In L4 Switching Config backup server id should be none instead of 0. Fixed MIB definition to correctly report "none". Bug 4880: AceManager reports Backup for realserver as its own id. When backup server id is the same as its own real server id, it means no backup server is configured. Now allow backup server id to be set to 'none', and return 0 to the query - MIB reports "none" Bug 4817: dirbr--Enable/disable forwarding directed broadcasts is not showing in the Acemanager API, MIB object and software support added for this parameter. Bug 4812: GW load balancing with round robin GW metric during GW failure always disables the first GW entry in the route table. This could result in no available gateway if the wrong one failed. Caused by index going out of range - made worse by fix for 4188. Correct range check added to prevent the wrong gateway being disabled. =================================================================== WebOS 8.0.47 Fixes and Enhancements. Released On - 29 September 2000 ==================================== Bug 4566:URL redir exclude cannot go to VIP More fixes for bug 4566: retransmision counter was not being incremented correctly. Bug 4802: FTP parsing enabled causes URL hashing to fail when one-arm SLB Service Mapping Table was being set up incorrectly when FTPP was combined with URL parsing. Also fixed: Check size of frame BEFORE copying frame into buffer on stack. A frame too large would corrupt the other contents of the stack. Added sanity check to prevent unexpected panic. Bug 4419:Reply to via PIP has VRMAC instead of client MAC # Fixed assembly bug in previous fix for 4419. Bug 4357: Hotstandby ports stay blocked when master fails Backup switch could get stuck in INIT state if the failover link went down (EG master powered off), and the only ports with link up were HotStandby-blocked due to switch being in standby state. In this event, the switch would have all ports down, VLAN down IP interface down, VRs stuck in INIT, could not become VR master. To escape from this deadlock, switch will try to open one HotStandby port and check if VR advertisements from the master can be heard, then determine whether to become master. Includes provisions to prevent flip-flopping if the master is not heard on the first port which is tried. =================================================================== WebOS 8.0.46 Fixes and Enhancements. Released On - 24 September 2000 ==================================== Bug 4813: DNS (UDP) reply packet in GSLB has incorrect source ip address. Switch would reply to DNS lookups with the primary IP address as the source, even if the request was sent to a different interface, causing the requestor to drop the reply packet. Now respond to DNS requests with same IP SA as IP DA of request. *Also allow VIR to accept/respond to DNS lookups for redundancy. No Bug#: FTP Parsing + VMA could cause Panic. With VMA, all server processing occurs on the RX processor. FTP parsing code was trying to process a frame that was in the TX queue, causing a Panic. Bug 4838: No ARP response for VIP if req sent to VMAC. Client processing was forwarding ARPs received for the VMAC (L4 MAC) to the master processor incorrectly, and they were ignored, thus an ARP refresh from a router would not get a response until it retried using the broadcast MAC address. Bug 4850: L7 code doesn't handle ACK/PUSH/FIN data packet correctly. If client sends over a request with ACK/PUSH and followed by an ACK/PUSH/FIN data packet, the switch did not forward the packet correctly. Bug 4816: In a scripted health check, /cfg/dump will not display trailing quote after last line, if the last line of script is not a close. Even though the script "must" end with a close, a saved partial config would be mishandled without the closing quote. Bug 3887: SNMP get on SlbRealServerInfo returns incorrect values. Now correctly return values for slbRealServerInfoSwitchPort, slbRealServerInfoHealthLayer, slbRealServerInfoOverflow and slbRealServerInfoState. Bug 4801: URL parameters not read during /cfg/gtcfg Switch was not properly restoring httpslb configuration after gtcfg TFTP requests. Simplified code and handled multiple parameters correctly. =================================================================== WebOS 8.0.45 Fixes and Enhancements. Released On - 20 September 2000 ==================================== Bug 4773: POP3 health check incomplete. Added to previous fix - allow for spaces in username. Bug 4808: Switch panics after a random period of time with FTP NAT configured. FTP NAT code could create a session table loop during replacement of an entry, which would lead to a port processor looping, and eventually, a panic. Bug 4107: Port Mapping with DAM using pip method or slb+filt method fails. With DAM, all address/port translations are done on the Client port. The longer session table does not have enough space per entry to allow port mapping, so it is not allowed in the config unless... Some form of persistency, delayed binding, PIP, or filters are configured, in which case, the shorter table with more space per entry is invoked, permitting port mapping. Configuring PIP or filter did not correctly allow port mapping, which has now been fixed. =================================================================== WebOS 8.0.44 Fixes and Enhancements. Released On - 15 September 2000 ==================================== Bug 4683: CPU A is looping in slb_bind_server. The hash metric could loop forever if all servers failed while the hash was being computed. Bug 4684: SLB doesn't handle ICMP Destination Unreachable with DF bit w/VMA. Switch was not correctly examining packet to retrieve client IP from payload in order to forward the ICMP frames to the correct real server. Without this, server could not negotiate frame size. Bug 4738: WebUI shows up when going to the VIP/VSR. If the VSR was on a different subnet from the clients (or router), and the VSR was bounced from master to backup, the ARP entry for the VSR could get deleted due to a timing loophole, and the frames would be sent to the MP's interface instead of the VIP, causing webUI to pop up. Bug 4139: UDP SLB port mapping not working. Switch was not correctly translating vport to rport for UDP traffic. Bug 4511: After reboot configured network pref table disappears. If the SIP and netmask in the network pref table were both 0.0.0.0, the table could disappear after a reboot. Bug 4419:Reply to client via PIP has VRMAC instead of client MAC. Further fix to this problem. Bug 4732: Add support for FJ flash part for AD4/184. Allow AD4/184 switch to recognize Fujitsu as well as AMD flash. Bug 4666: Console hangs after entering ctrl-s, then ctrl-c. If a break was entered after console output was stopped by , the console thread was not resumed, with the result that the console port was hung till the next reboot. Bug 4737: Passive FTP-PARSING doesn't work with SERVER CLIENT on the same port. Fix problems with the wrap case where an incorrect pointer was used. Bug 4566: URL redir exclude cannot go to VIP. The combination of URL parsing Web Cache Redirection and a VIP in the same switch being the "origin server" would not work because the spliced connection bypassed the load balancing code. Now correctly switch back and forth between a cache on a switch, and a VIP in the same switch. Bug 4611: AceSwitch 184 NotCopy error in switch port trace buffer. The scratchpad (fast local CPU memory) was full, and one routine was not being loaded as a result. The less used part of the h_rx_mac_attn routine was moved out of the scratchpad to make room. Bug 4773: POP3 health check incomplete. Some POP servers do not send anything beyond "+OK", and we were not responding with the password to complete the login. Now only send a password if one is entered in the content string. This is because we can only count on +OK being sent by the POP server. This way the administrator can control whether or not a password is sent. =================================================================== WebOS 8.0.43 Fixes and Enhancements. Released On - 6 September 2000 ==================================== Bug 4419: Reply to client via PIP has VRMAC instead of client MAC. Replaced previous fix from 8.0.42, which was incomplete. When a server (or client) on an internal network needs to access Internet resources, its source IP is translated to the Proxy IP. In the case where the PIP was not on the same network as the Internet router, and the reply from the Internet was routed to the PIP via a VR on the switch, the VRMAC was not replaced by the client MAC. Bug 4594: No IF MAC entry in arp table when disabling VRRP and assign VIR IP to IF. Bug 4596: No VIP MAC entry in arp table when disabling VRRP and changing an Interface IP. When VRRP was disabled without disabling the individual VRs, it was possible that other ARP entries such as Interface or VIP MACs would be removed. Bug 4629:We need a 30 day BWM DEMO key. Increased the demo interval from one week to 30 days. ================================= Known problems with WebOS 8.0.43 ================================= Bug 4139: UDP SLB port mapping not working =================================================================== WebOS 8.0.42 Fixes and Enhancements. Released On - 1 September 2000 ==================================== Bug 4420: Fragmented UDP frames from server cause switch to panic. Fragmented frames from the real server would cause the server port to hang and the switch to watchdog. Bug 3558: Receiving rate at tagged port drops far below the hard limit. More fixes for this problem: Slow moving queues were holding excessive numbers of buffers, thus starving the faster queues of bandwidth. Change default buffer limit to 16K from 32K and reuse buffers within each queue to improve performance. Bug 4500: Trunk group disabled when one of trunk ports loses link. Losing link on the active Spanning Tree port for a trunk group would cause the other port(s) in the group to become disabled. Bug 4211: Radius health check does not work in 8.0.x (Duplicate of #4395) Switch was not listening on the correct Vports (1812 or 1645) for the RADIUS health check replies. Merged in prior fixes and enhancements from the 6.0 stream. Bug 4396: Graceful server failure should be disabled by default. In configurations such as Firewall load balancing, graceful server failure is not desirable: all sessions should switch to the remaining firewall(s) to preserve symmetry. Thus /cfg/slb/adv/grace now defaults to disabled, and it is now the user's responsibility to enable it when required for SLB. Bug 3370: Switch outputs an error when hit to accept the current value. When configuring the IP address for an interface or VIP, hitting to keep the existing address results in "Error: bad IP address" Bug 4589: Out of Flash Memory space for Switch Image. Removed little used statistics and links from WebUI because the 8.0 image on the AD3/180E uses all available flash memory, and space was needed to permit ongoing maintenance. Bug 3979: Unpredictable results when SLB HTTPS with PIPs Actual problem is that browsers using SSL 2.0 encrypt the Session ID. This results in the SSLID code being unable to allocate a server. Now hash SSL requests with no ID to a server based on client IP. Also when one-arming SSL with a PIP, and client/server on different VLANs, the reply was not switched to the client VLAN. Imported fix for #3806 into SSL code. Bug 4542: Create VLAN and move an IP interface to that VLAN in one step will cause a panic. Caused by a conflict where the same process was being multi-threaded. Flag added to prevent conflicting access to the process involved. Bug 4581: Switch panics with VRRP re-learn. When the backup switch became master, if the lookup for the MTU size for the interface failed, the switch would panic. Added protection against getting a Null pointer to the MTU size. Bug 4565: ASSERT panic while unattended in slb_real_up() Appears to have been a rare race condition where the service came up in the middle of updating the service tables. Protection added. Bug 4307:Target switch crashes during synchronization. Several potential conflicts such as messages being output to the console while the data was being transferred to the peer, not handling console thread timeout correctly during sync of large config, possibility for multiple apply/saves. All aspects of config sync were exercised and many problems eliminated. Un-numbered fix from engineering: Make sure layer 7 sequence buffer gets cleared when a server RST received and when a real server couldn't be found. =================================================================== WebOS 8.0.41 Fixes and Enhancements. Released On - 11 August 2000 ==================================== Bug 4397: Cannot tftp "boot" image since 8.0.34. File type check was being done incorrectly, causing "invalid software image" error. More fixes for both of these conditions: Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR. Bug 4039: FTP parsing drops further commands in same packet as PORT command. Rewrote active FTP parsing to handle frames with multiple commands. Fixed PORT command retransmission detection. Fixed frame length calculation error in active & pasv FTP. Implemented active & pasv mode switching. Kept track of PORT command and Passive reply to avoid wrong sequence number computation during retransmission. Bug 4188: Switch Panics when IF enabled and VLAN enabled and BGP running. Switch could panic when adding IP interfaces and VLANs while a BGP peer connection was established. =================================================================== WebOS 8.0.40 Fixes and Enhancements. Released On - 08 August 2000 ==================================== More fixes for both of these conditions: Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR. Bug 4039: FTP parsing drops further commands in same packet as PORT command. Fixed a problem where retransmission of the PORT command caused bad sequence numbers. Fixed a problem where fast aging started as soon as the FIN came through, which might not allow enough time for retransmission. Bug 3999: HTTP redirect fails when PIP is configured. If a PIP was configured to allow requests to be forwarded to another site, the redirection would fail when local real servers went down, and need a switch reboot after the servers came back up. Bug 4280: Frames for certain Non-TCP/UDP protocols bypass the filter. If the frame being processed was for an IP protocol type other than TCP/UDP/ICMP, and the frame wrapped from the end of the buffer to the beginning, the filter match would fail. Bug 3474: Cannot access VIP through filter at client port if DAM & VMA on. A URL parsing VIP could not be accessed through a port with filters enabled if VMA was on. Bug 3558: Receiving rate at tagged port drops far below the hard limit. Buffer sizes were not being correctly set for jumbo vs non-jumbo frames configured on the port, resulting in inefficient memory usage. =================================================================== WebOS 8.0.39 Fixes and Enhancements. Released On - 20 July 2000 ==================================== Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. * Additional corner cases fixed. Bug 4040: Direct Server Return fails when Direct Access Mode is enabled. Direct Server Return works by sending traffic to the real servers by MAC address, and by the real servers being configured with both their own IP, and the VIP address, so that they will respond to the client "from the VIP". This allows return traffic to bypass the switch. The bug was that the Destination IP was being changed as well as the destination MAC (as we would in normal SLB) when DAM was on. (Version 8.0.38 was built with debug flags on - not released) =================================================================== WebOS 8.0.37 Fixes and Enhancements. Released On - 20 July 2000 ==================================== Bug 4138: New NAT session timeout parameter is not shown in '/cfg/dump' or '/cfg/slb/fil. Corrected to dump the new parameter (added by #4068) whenever it is not the default value. Bug 4084: URL SLB leaves open sessions at the server after splicing the TCP session. (Also refer bug 3206) When performing URL parsing of HTTP 1.1 sessions, if required content was on a different server, the connection on the old server was not reset because the RST packet was sent out of the wrong switch port. Bug 4140: 8.0.34/8.0.36: SSH - Failed HTTP health check when configuring FWLB. Bug 4150: FWLB health content check fails for AD3/180e using 8.0-SSH versions. AD3/180E SSH version does not have WebUI, therefore use of HTTP health checks for FWLB did not work. Added simple HTTP daemon to respond with "health.html". =================================================================== WebOS 8.0.36 Fixes and Enhancements. Released On - 18 July 2000 ==================================== Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR After some number of multiple gets, the sequence number of a rewritten frame would not be correctly calculated, which would result in an ACK storm for certain server types. Fixed additional corner cases. Bug 4112 AD3 SSH version (with SSH but without WebUI) does not display ID. Now displays "-SSH" right after the software verion number to distinguish the AD3-SSH version from the regular AD3 version of images. Bug 4117: Port names with spaces will cause errors. Port names were not enclosed in quotes in the config dump. Bug 4116: Switch panicked when synchronizing VRRP, SLB configs. Sending switch might send an NULL frame, or exit the sync process before the receiving switch had completed the task. Bug 4068: NAT PIP session timeout too short. Filter sessions, including dynamic (PIP) NAT, timeout in 4 minutes. Added timeout to filter config, adjustable from 4 to 30 minutes. Ensure that empty configs default to the minimum time of 4 minutes. Bug 3998: Any filter before a PIP NAT filter causes NAT not to work. When extra filters were present, an incorrect entry in the filter table was referenced. =================================================================== WebOS 8.0.35 Fixes and Enhancements. Released On - 16 July 2000 ==================================== Bug 3980: All services within a group are marked as FAILED. When all the services on a VIP are associated with one group, for any given real server, failure of any one service will result in all services being marked FAILED. This is done to ensure that services which need to be linked cannot be accessed separately (EG HTTP and HTTPS). To avoid confusion over what has failed, we now mark services which are up, but blocked as a result of an associated service on the same server being down with the tag BLOCKED instead of FAILED. Only actual failed services are now marked FAILED. Also prevent real server being marked UP after switching from ICMP to TCP health checks, when the services are down. Bug 4097: Did not always pass Switch source port to URL filtering. In certain conditions, we did not provide the source switch port to the URL parsing filters, URL based filtering only worked on port 1. Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR After some number of multiple gets, the sequence number of a rewritten frame would not be correctly calculated, which would result in an ACK storm for certain server types. Bug 4039: FTP parsing drops further commands in same packet as PORT command Code did not correctly parse or handle second and subsequent commands in the same packet as a PORT command. Extra commands were dropped. Now handles at least two commands in the same frame. =================================================================== WebOS 8.0.34 Fixes and Enhancements. Released On - 12 July 2000 ==================================== Bug 3832: ICMP header checksum is incorrect with DAM enabled. When the path between VIP and Client does not support the MTU (frame size) used by the real server, the ICMP "too big" message is translated and delivered to the correct real server. In Direct Access Mode, the checksum was not recalculated. Bug 3955: Panic when upgrading boot image via TFTP. Occasional panic when upgrading boot image - caused by failure to handle memory allocation error. Bug 3961: Switch incorrectly forwards frames on non configured port. A lookup routine was returning the last used Vport # instead of NULL, when the Vport was not found, resulting in calls to random ports occasionally being passed to a real server. Bug 3888:VIP incorrectly translates ports which are not configured. A lookup routine was returning the last used Vport # instead of NULL, when the Vport was not found, resulting in calls to random ports occasionally being connected to real servers on open ports. Bug 3897: Disabling telnet access not maintained through ptcfg & gtcfg. Telnet enable/disable state is now preserved along with other security information such as passwords when a config script is read into the switch (console, sync, gtcfg). Bug 3983: SCP or tftp of config causes DefGW to go down. Add/change/replace VLANs via config script, including the identical saved config, would render the VLANs inoperative from the "apply", until a reset was performed. Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. * Additional corner cases fixed. Bug 3600: Backup Server does not get connections if disconnected/reconnected. When backup server was active, and it's connection was interrupted, traffic was not sent to it after coming back on line. Bug 3957: Switch watchdogs on telnet when large "diff" is in progress on the serial console. Conflict between two processes trying to use Standard I/O. Implemented check to prevent conflict. Bug 3978: FTP parsing information not included in Stat/TS Dumps. FTP parsing info/stats now included in the dumps. =================================================================== WebOS 8.0.33 Fixes and Enhancements. Released On - 27 June 2000 ==================================== Bug 3801: <6> Panic sequence also used by Cisco. When using Cisco terminal servers to connect to our console port, the use must enter <6> - in order to break the connection. Unless the <6> is very brief, a forced Panic occurs on the switch. Changed forced panic sequence to <->. Bug 3839: Port hangs under heavy load/ multicasts. Closed timing loophole in DMA write routine, where the software and hardware views of the DMA overflow ring could get out of sync, causing a flurry of DMA writes and overloading the Switch with high priority events, so that the port stops responding. Conditions which would exacerbate the problem are large numbers of 64 byte frames, usually in combination with a burst of multicasts and especially if a large number of real servers were configured for health checks. Bug 3751: Cannot ping VIP from within the switch. Fixed bug where MP could not ping the VIPs. Bug 3694: New server added to group does not get sessions. When ICMP health checks were in use, and a new server was configured into a group, it did not receive any sessions. Bug 3863: Static route with interface number '0' not applied after gtcfg If a config was converted from 6.0 to 8.0, static routes were not explicitly associated with IP interfaces. When the converted config was dumped out, the interface number was set to 0, and it caused problems when the config was read back in. No longer output interface number on static route if it is "0". Bug 3822: SSL persistency and Filtering cannot be combined on one port. Now allow combined feature. Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. Bug 3446: Unable to delete group/name The "diff" flag was not being set for SLB group names. Bug 3409: imask incorrectly applied when checking for duplicate RIPs. If an imask (Makes a VIP cover an address range) exists on the switch, it is used in config validate to ensure that VIPs and their associated RIPs (adjusted for "width") did not overlap. The mask was also applied to RIPs that were not associated with VIPs making it impossible to configure RIPs other purposes such as redir. Bug 3795: Enhancements to dump file to provide additional ASCII trace data. =================================================================== WebOS 8.0.32 Fixes and Enhancements. Released On - 16 June 2000 ==================================== Bug 3641: L7 and tagged client port causes TCP checksum errors. If a client port was configured for 802.1q tagging, checksum recalculation would not occur correctly, and bad frames would be sent to the real servers. Bug 3791: Potential sequence # problem with HTTP/1.1 connection splicing. A code loophole was found and fixed, where sequence numbers might be calculated incorrectly in the case where the number wrapped. Bug 3708: Switch Panic when telnet using SSH with long password. Fixed memory leaks in SSH routines and put limit on number of characters that could be entered for password. Bug 3802: If VR is created before VIP, requires restart/ reset to work. When the Virtual router existed before the VIP was configured, The VSR (Virtual Server Router=Shared VIP) did not function correctly or use the correct (VR)MAC address until VRRP or the whole switch was restarted. Now we convert a VIR into a VSR if the VIP is configured after the VR. Bug 3805: When enabling GSLB demo key switch returns "DSLB enabled". Remnant of earlier name for the feature - fixed. Bug 3618: Trunking with Cisco 6500 causes ACEswitch to panic. When using Fast Etherchannel trunk between Alteon and Cat 6500 running version 5.2, switch could Panic. Bug 3824: /cfg/dump incorrectly formats 'fwlb' parameter New advanced filter menu item "fwlb" was not correctly formatted in a config dump (ptcfg), and would cause errors when config was read back in to switch. *NOTE* this parameter ONLY used when a redirect filter for a specific TCP port or protocol must hash on both source and destination addresses for FWLB. Normal redir any/any/any filter used for FWLB does not need this parameter. Bug 3803: Duplicated pings if two clients are connected to one port (via hub) with VMA & filtering enabled. In this combination, unless both client addresses hashed to the same (VMA) designated port that they were physically connected to, then the switch would forward the ping back to the originating port. Bug 3772: SLB fails when the server port is the (VMA) designated port. If the client address was such that VMA selects the port where the real server is located, AND if the VIP plus associated VSR had ODD IP addresses and VRID, then load balancing would fail. Additions: Make graceful server failure the default. Only increment server failures if syslog is true. Make IP forwarding ON the default. =================================================================== WebOS 8.0.31 Fixes and Enhancements. Released On - 9 June 2000 ==================================== Bug 3674: BWM - SNMP unable to read CurCfg TOSIn/TOSOut objects. Bug 3697: real server Ip addr missing from /info/slb/dump. Bug 3707: In FWLB, Backup Server 4 is still reported UP when Real Server 3 is restored. In a redundant (4 switch) FWLB configuration, real server 2 real server 1, and real 4 backs up real 3. After failure and restoral of real 3, real 4 stayed on line distorting the hash and causing some sessions to return via the wrong firewall. Bug 3714: Console vrrp alert : errored advertisements Previously reported any badly formed VRRP advertisements on our subnet(s) to the console, even if they were not for Virtual Routers configured on this switch. Now count and discard such packets without generating error message. Bug 3709: Create AD3 with SSH feature added but WebUI removed. Allow user the option of adding secure access to AD3/180E at the expense of losing WebUI, which is probably unused in a secure environment. Bug 3738: Switch does not accept static route config without interface #. The feature which allows the interface to be designated as part of a static route (mostly for FWLB), would not accept a route without the interface specified. Bug 3722: VRRP Sync Failure can retain tcp_buffer. A buffer used for transmission of the VRRP config sync to the peer switch might not be freed if a transmission error occurred. Bug 3255: DAM leaking packets from real servers. With DAM enabled, when users are accessing a web site through a slow link (such as a wireless modem or a 28.8 dial in) and clicking ahead before a page is fully loaded, packets sourced from the real servers may be seen untranslated at the client's location. Only occurs with DAM enabled and while using a slow Internet connection. If you believe you are seeing this problem, please contact Tech Support for details of the appropriate configuration parameter. ======================================================================