The DEFINE EVENT with NULLFILE=DELETE would fail as an invalid command. The NULLFILE= is used to determine how to process an empty Power file(contains 0 bytes). The default it NULLFILE=PROCESS which processes it as a normail file. But the NULLFILE=DELETE would fail. This zap corrects that problem.

The TCP/IP stack must be recycled to pick up this zap.

The DEFINE EVENT with NULLFILE=DELETE should cause an empty Power file(contains 0 bytes) to be deleted without processing. But the the file was not being deleted. This zap corrects this problem.

The TCP/IP stack must be recycled to pick up this zap.

The DEFINE EVENT with NULLFILE=DELETE should cause an empty file Power file(contains 0 bytes) to be deleted. This zap adds the:

IPN436I NULLFILE: Deleted

to inform the user when a null file is detected and it is deleted.

In addition the QUERY EVENTS command will display a:

IPN436I NULLFILE: Delete

to display the current setting of the NULLFILE keywork.

The TCP/IP stack must be recycled to pick up this zap.

When a RSH client on VSE connects to a RSHD server the next free dynamic local port was being used causing the remote to respond with "illegal port" since the RSH protocol requires the client to use port numbers 512-1023. This zap sets the local port to 1023 to correct this problem.

The TCP/IP stack should be recycled to pick up this fix.

This zap allows the Velocity performance monitor to request specific TCP/IP performance data from the SeeVSE server. A SeeVSE product key is still required. The VELOCITY command must be added to the sysipt commands for the SVSESRVR.

The TCP/IP stack does not have to be recycled to pick up this zap.

When using a print server multiple connections to a single IP address are required, but the local port was always set to 721. This zap adds the LPORT= to the DEFINE GPSD command to allow the specification of any local port number(0-65,535). If not specified the LPORT= defaults to 721. Also note that LPORT= is only used with OUTPUT=LPR.

The TCP/IP stack must be recycled to pick up this zap.

See ZP21A387 for a full description of this new keyword.

The stack must be recycled to pick up this correction.

When using OUTPUT=LPR the local port was set to 721. This zap uses the DEFINE GPSD LPORT= value. If not specified the LPORT= defaults to 721.

The TCP/IP stack must be recycled to pick up this zap.

The QUERY GPSD will now include a GPS927 message containing the defined OUTPUT(L=LPR,D=DIRECT), PORT(remote), and LPORT settings.

The TCP/IP stack must be recycled to pick up this zap.

This zap adds the: .&br SEE310 Velocity data collection active .&br message in reponse to a VELOCITY command.

The TCP/IP stack does not have to be recycled to pick up this zap.

After issuing a AIO_CANCEL a failure during the close function could occur. This zap corrects this problem.

The partition the aynchrounous application is running in must be recycled to pick up this zap.

In older versions of VSE, it is possible that the return code for a CLOSE will be set to zero, even though the close has not yet occurred, and it is possible that something can interrupt that close from completing, and thus failing after-the-fact.

This fix has added a TESTCB after the close to check the open flag. If it is still open, it will attempt to recover by retrying the CLOSE once a second, for up 10 seconds.

You should recycle the stack after applying this fix for it to take effect.

This zap will catalog an updated IPNOME.Z book that can then be used to update the VSE online messages file with the IBM IESMSGS utility. To avoid problems with EBCDIC to ASCII translation it is recommended to run a job similiar to the below to run the IESMSGS utility:

.* $$ JOB JNM=IPNOMEZ,DISP=D,CLASS=0

.* $$ SLI MEM=IPNOME.Z,S=lib.sublib

.* $$ EOJ

Replace lib.sulib with the library and sublibrary used to install TCP/IP 1.5G.

A program check abend could occur in the pseudo task dispatcher when a post request contains an ecb with an invalid address. This zap will detect this condtion and issue a:

IPN219W IPPOST invalid TKBLOK address in ecb 0220CB44 ecb contained 7F35D600 called from 80636312

The above message should be reported to CSI technical support to further analyze the application running in the stack that failed.

You will need to recycle the stack after applying this fix.

The shutdown processing may hang after the above IPN597 message. A previous abend during a pseudo task that obtained the connection manager lock is one possible cause of the shutdown hanging. This zap uses a no wait request for the lock and will terminate with a:

IPN597I Shutdown Stage: 4: Could not obtain lock retrying now...

message and issue a:

IPN597I Shutdown Stage: 4: Could not obtain lock going on without it

when it determines it is unable to obtain the lock to allow the shutdown processing to complete.

You will need to recycle the stack after applying this fix for the update to take effect.

When using SSL/TLS on a large directory the secure read could fail while receiving the decrypted data. The maximum size of a SSL/TLS record is 32K but the receive area was only 4K. This zap expands the directory receive area to handle this larger record.

If multiple deliveries are occurring and one of them fails, for any reason, it is possible that the deliveries that follow that one will terminate with DISP=Y, even though the reports were successfully delivered.

This fix corrects that problem. No recycling of the stack is needed.

The external automation processing now uses the CLIENTDX phase to allow exploitation of functions outside of the TCP/IP partition.

Since this program runs outside of the stack, there is no need to recycle the stack after applying this fix.

The SET JSEP command was accidentally removed at some point, and any attempt to use it would fail.

This fix restores that command. No recycling of the stack is needed after applying this fix.

When connecting to a remote server that does not support TLS 1.2 a failure could occur. This zap corrects this problem.

The QUERY FILES has been enhanced by adding a message to show how many tasks are accessing that file and what they are doing (OPEN, ,CLOSE, READ, WRITE). This is useful in debugging file activity issues.

This fix corrects provides the enhancement. You will need to recycle the stack after applying this fix.

The QUERY FILES has been enhanced by adding a message to show how many tasks are accessing that file and what they are doing (OPEN, ,CLOSE, READ, WRITE). This is useful in debugging file activity issues.

This new operation is limited to those files I/O drivers that have been modified to provide the information that the Q FILES command requires. Currently, this is limited to ESDS, and the relative fix to that module will also need to be applied.

The CLOSE FILES command was not working. This has been corrected.

This fix corrects a problem and provides an enhancement. You will need to recycle the stack after applying this fix.

The QUERY FILES has been enhanced by adding a message to show how many tasks are accessing that file and what they are doing (OPEN, ,CLOSE, READ, WRITE). This is useful in debugging file activity issues.

This fix provides the enhancement. You will need to recycle the stack after applying this fix.

If the client issues a "EXEC member" and there is a "SET USER" or "SET PASS" within it, the complete contents are displayed, unlike if they were part of the JCL stream, where it would be masked over with "(SUPPRESSED)".

This fix enables masking. No recycling of the stack is needed after applying this fix.

This zap corrects a problem with poor performance for active open(connects). ZP219340 corrected a problem by sending multiple acks with a time delay in response to the final SYN-ACK of the TCP initial handshake, but this could also cause poor performance. With this zap applied the default behavior will be to remove this sending of multiple acks with a time delay. The new CONNECTFAIL command documented in ZP219364 can be used to send multiple ACKs in response to the final SYN-ACK of the TCP initial handshake.

The TCP/IP stack must be recycled after appplying this zap.

This zap adds a new command CONNECTFAIL with the keyword operands OPENACKS=NO/YES, OPENACKN=1-32, OPENACKT=100-18000. This command can be used to control the number of ACKs clients on VSE send when connecting to servers. The default setting is: "CONNECTFAIL OPENACKS=NO OPENACKN=1 OPENACKT=100"

Normally when a client on VSE connects to a server a TCP handshake occurs which begins with a synchronize(SYN) from the client to the server. The SYN establishes the TCP starting sequence number of the client. A SYN-ACK is then received to establish the starting TCP sequence number of the server. And finally a ACK is sent from the client to the server and the connection is established. But on some networks the final ACK was not being received by the remote server and the connection fails to be established.

The CONNECTFAIL command can be used to send multiple ACKS with a time delay in response to the SYN-ACK of the remote server.

The OPENACKN is the number of ACKs that will be sent. The OPENACKT is the time delay between the sending of these initial ACKs IN 1/300THS of a second(300 = 1 second).

The Query SET command can be used to display the current the CONNECTFAIL settings.

See ZP219364 for a full description of this new command.

The stack must be recycled to pick up this correction.

Some diagnostic messages such as the BSD103I during a close were being displayed when diagnostics were not active. This zap changes the message level to diagnostic.

The external automation processing batch utility will now use the CLIENTDX phase to isolate it from the internal CLIENTD program. This should allow the exploitation of functions outside of the TCP/IP partition.

Since this program runs outside of the stack, there is no need to recycle the stack after applying this fix.

An abend may occur due to a label in an error recovery routine using a "DS 0D" causing binary zeros between the in-line instructions. This zap usues a "DS 0H" to correct this problem.

This zap also corrects a IPN832I and IPN898I diagnostic messages that should have only been issued when DIAG CONREJECT is active.

The TCP/IP stack must be recycled after appplying this zap.

This fix provides an additional diagnostic message. You will need to recycle the stack after applying this fix.

The setting of the assembly date and time for the IPNROUTE routing program will now be displayed in the Q VER output. A diagnostic when using multi-homing is also included in this zap.

The TCP/IP stack must be recycled after appplying this zap.

TCP902D was being issued every time the automation daemon was checking for work, but should only be issued when DIAG AUTO is active.

This fix corrects that problem. The stack must be recycled to pick up this correction.

This zap adds messages for CLIENTDX which are prefixed with AUD, and messages for AUTOSEND which are prefixed with AUT.

When attempting to open an Epic dataset a failure may occur but the return code from the Epic routine is not displayed. This zap will display the return code from the Epic routine.

The SITE RDW ON command can now be used to add the record descriptor word. The use of SITE RDW ON is recognized only in conjunction with MODE BLOCK. Here is a ftpbatch example of using it:

BINARY

LQUOTE MODE BLOCK

LQUOTE SITE RDW ON

PUT %SAMOUT1,SAM,V,32768 FTPBRDW1.BJB

In the above the %SAMOUT1 is a variable length sequentional disk file. The lquote commands will cause the local VSE side of the connection will prefix each record being sent with a 4-byte record desciptor word(RDW). The first 2-bytes of the RDW contain the record length, the last 2-bytes of the RDW will contain binary zeros.

You should recycle the TCP/IP stack after applying this fix.

A TEL929I messasge was incorrectly being issued due to a check to compare the incoming client IP address to verify it was connecting to the correct DEFINE TELNETD IP=. But this check should only be performed when CONNECT_SEQUENCE ON is in effect.

An excessive number of TEL934 diagnostic messages could be issued when remote clients abruptly disconnect. The TEL934 messages from a failed receive or send will now only be issued when DIAG TELNET is in effect.

This zap corrects these problems. You will need to recycle the stack after applying this fix.

The length being passed to the free storage routine when releasing a record would cause the IPN903E error message. This zap corrects this problem.

A failed listen could cause a false enetdown(1117) errno when using asynchonous socket. The CICS web services uses asynchronous sockets and this false enetdown would cause it to shut down. This zap detects and corrects this problem.

The TCP/IP stack must be recycled after appplying this zap.

The SSLEEE storage subpool is used for the receiving of SSL records, but if a session closes abruptly with issuing a secure socket close(IPCRSCLS) the record was not released. This could eventually run a highly active system out of getvis storage. This zap corrects this problem.

A TEL927 diagnostic messasge was being issued when a fail SSL receive occurred. The TEL927 messages from a failed receive will now only be issued when DIAG TELNET is in effect.

This zap corrects these problems. You will need to recycle the stack after applying this fix.

This zap corrects an error when FTP is used to store a file into the Power RDR queue with records > 80 bytes. A wrong length record is reported and the FTP fails, but a file is still stored in the Power RDR queue. This zap should cause no entry to be stored when a failure occurs.

The updating of the handle area had an incorrect length due to the increased size of the TLS 1.2 support. This zap corrects this problem.

You will need to recycle your stack after applying this fix for it to go into effect.

The updating of the handle area had an incorrect length due to the increased size of the TLS 1.2 support. This zap corrects this problem.

You will need to recycle your stack after applying this fix for it to go into effect.

The coding of "SYSID(PARMNAME)" would generate code that would put "PA" into XOSYSID instead of the contents of variable "PARMNAME". This only affected Cobol generated code.

This fix corrects the problem by checking if the first 2 bytes of the value passed is numeric, meaning "quotes" will be put on either side of a field where the first 2 bytes are numeric, or they will be omitted if the first two bytes of the field are not numeric.

No recycling of the stack is needed after applying this fix.

When using a listener with an effector the SSL/TLS session fails. The updating of the handle area had an incorrect length due to the increased size of the TLS 1.2 support. This zap corrects this problem.

You will need to recycle the stack after applying this fix.

The takesocket function allows the option of posting the exception ecb of the corresponding givesocket. The clientid(CID) structure contains a bit setting for requesting this posting during the givesocket and this is now checked to perform the posting of the givers socket exception ecb.

This zap adds a status call to verify the connection is established to the locally attached ftp daemon before issuing the initial receive for the 220 welcome message.

This fix changed message TCP902D to only output to SYSLST when DIAG=AUTO is enabled.

This fix corrects these issues. You should recycle the stack after applying this fix.

It is documented that the FOIP of the calling program, such as HTTPD, will pass a 15-byte character string as the 4th argument. Apparently, only 3 parameters were being passed. In order to have the software operate as documented, the 4th parameter has been added as well as the FOPORT (parm5), LOIP (parm6), and LOPORT (parm7).

This fix corrects that problem. Recycling of the stack is required.

If an invalid IP address is created in the firewall table it can be difficult to determine which entry is incorrect. This zap displays a IPI227 message to clearly identify the incorrect entry.

The area allocated to decompile the ASN.1 certificate can get the above area when more or large fields in a certificate overflow the buffer area used to decipher the certificate. This zap expands the area from 4K to 8K for both .root and .cert files.

The above message can occur when no more 31-bit partition getvis is available and traffic is automatically turned off until 31-bit storage becomes available. This zap also corrects a problem with turning traffic back on.

You will need to recycle the stack after applying this fix for the update to take effect.

This zap recovers a TCP passive open listen. Server applications listening may have been posted with a srcode=8 and fail to re-enter the listen state. This zap has the connection manager automatically recover.

The TCP/IP stack must be recycled after appplying this zap.

If the batch EMAIL client sends a "SET DISP=HOLD" and if the original DISP was "K", it should be set to "L" if the SEND was successful. It doesn't.

This fix corrects that problem. No recycling of the stack is needed after applying this fix.

If issuing a DNS request to a DNS server failed, then the next DNS server in the list would also fail (Not get sent, and marked as bad.) This has been corrected.

With DIAG DNC enabled, we could see that if, for example, DNS3 and DNS4 were not defined, their entries (null values) would still be processed with an IP address of 0.0.0.0. They would immediately fail, as expected. This has been corrected.

Even if DNSTx was set to 1200, the timeout would be treated as 1200 + 600. This will no longer happen.

If DNSTx was set to 900 or less, it would be changed to 3000, even though 900 is a valid setting. 900 or higher is now left as-is, and the default for lower values is 1200. This is to correct issued caused by users entering the value in seconds instead of 1/300th seconds.

Retry logic was not working on a timeout condition. This has been corrected, so that a retry will occur when a server has not responded to the request.

This fix addresses the above problems. You will need to recycle your stack after applying this fix.

The above message can occur when no more 31-bit partition getvis is available. It also caused an internal TRAFFIC OFF to allow the queued up IBBLOKs to be processed and released. This zap change it so that traffic will only be stopped when the DIAG GETVIS option is on.

You will need to recycle the stack after applying this fix for the update to take effect.

The BSD100I message was previously display on the console when a partition initiated it's first socket request. Some installations key an automation event on this message and this zap restores this message to be displayed on the VSE system console.

A new message IPI227 is displayed when an invalid IP address is detected in the firewall table.

This zap will catalog an updated IPNOME.Z book that can then be used to update the VSE online messages file with the IBM IESMSGS utility. To avoid problems with EBCDIC to ASCII translation it is recommended to run a job similiar to the below to run the IESMSGS utility:

.* $$ JOB JNM=IPNOMEZ,DISP=D,CLASS=0

.* $$ SLI MEM=IPNOME.Z,S=lib.sublib

.* $$ EOJ

Replace lib.sulib with the library and sublibrary used to install TCP/IP 1.5G.

The SET TLS31 was replaced with SET TLS10 to reflect the RFC specification. The internal TLS records exchanged contain 0301 but RFC2246 is titled as the TLS 1.0 specification and eventually a TLS 3.1 specification will be issued, so it is best to change to SET TLS10 but existing jobs and documentation allow the use of SET TLS31 so this zap restores the synonym to allow it to work.

The data connection receive can fail for multiple reasons. This zap adds a diagnostic FTP906 message to display the exact cause of the receive failure.

This zap adds some additional diagnostic messages for TCP retransmissions. This includes the recovery of a failed listen state for when the initial TCP handshake the server state is restored to a listen state. The DIAG PERFORM has also been enhanced to provide additional diagnostic information.

The TCP/IP stack must be recycled after appplying this zap.

If the TCP/IP stack was initializing, and the CHECKTCP utility was executed at the instant that one or more stack modules had not yet loaded, an overlay of $JOBCTLA storage would occur, causing an abend (usually, an operation exception).

This fix corrects that problem. No recycling of the stack is needed.

During TCP/IP shutdown a CICS accept function was incorrectly being posted successfully completed when it should have been posted with a failure(-1) with errno enetdown(1117). This zap should correct this problem.

This zap also adds diagnostics that can be activated with the new DIAG KEYZERO command.

When using automatic FTP with the DEFINE EVENT command a script should be able to reference and set a variable to a VSE SETPARM variable setting. The VSE SETPARM must be issued in the TCP/IP initialization job. It can then be used in the auto-ftp script with this zap applied.

When issuing a DEFINE NAME command with names that exceed 16 characters and the name already exists an error message IPN528E is issued but the name in the message was truncated to 16 bytes. This zap corrects the error and displays the full dupliate name that must first be deleted before defining the new updated name.

This zap add a new diagnostic command DIAG KEYZERO to detect a failure that can occur when running with the Macro4 DUMPMASTER product.

This zap add a new diagnostic command DIAG KEYZERO to detect a failure that can occur when running with the Macro4 DUMPMASTER product.

The IPT317 message was missing duration information when using DIAG PERFORM. This zap adds that to the message. It also produces a list of the last datagrams processed for the connection when it is terminated.

This fix removes a extraneous pdump that was being issued during a failed LPR event.

This zap will catalog an updated IPNOME.Z book that can then be used to update the VSE online messages file with the IBM IESMSGS utility. To avoid problems with EBCDIC to ASCII translation it is recommended to run a job similiar to the below to run the IESMSGS utility:

.* $$ JOB JNM=IPNOMEZ,DISP=D,CLASS=0

.* $$ SLI MEM=IPNOME.Z,S=lib.sublib

.* $$ EOJ

Replace lib.sulib with the library and sublibrary used to install TCP/IP 1.5G.

When using ftpbatch in server mode with SECURITY ON,BATCH=ON multiple VSE subtasks are used and security calls are sent to the stack partition using a shared control connection. A conflict can occur when multiple sessions simultaneously request control service requests for security or a dynamic free port request resulting in the above FTP317W error message.

When a SSL encypted message is received the secure message hash(SHA-1) is used to verify the message integrity, but when the message fails to authenticate some diagnostic sdumps were being issued that cannot be turned off. This zap removes these extraneous sdumps but can be activated using non-default settings in the $SOCKDBG.phase. But this zap will bypass these sdumps when using the default settings.

The SSL200I message displays the version of the IPDSCIAL.phase being used and was informational which by default is not displayed. This zap changes it to important so that it will be displayed once during the initial invocation of this cryptographic service phase.

If a PC establishes a connection to a TN3270 server, it will successfully connect to a free LUNAME. If that same PC attempts to make a second connection, the connection will attempt to use the same LUNAME, which is currently owned by the first request.

This fix corrects these issues. You should recycle the stack after applying this fix.

This zap adds a:

IPF406D IPNFPOWR-CLOSOUMM FRPARM2=aaaa PXUACT1=bbbb

message that will be issued when DIAGNOSE POWER is active. It is issued by the Power file I/O driver when a failed FTP output file is closed. This is a internal diagnostic and is used by CSI technical support when diagnosing problems when storing files into Power.

During the initial TCP handshake we currently send one ACK to a received SYN-ACK from a server during an active open(connect). We will now send three ACKs with a small wait time between the ACKs using the retransmission time interval of the associated route for the connection. This should reduce the number of failed connections on heavily loaded systems with congested networks.

The TCP/IP stack must be recycled after appplying this zap.

This zap adds a diagnostic message:

BSD114I Reserved socket number nnnn for control and monitoring

to identify the socket number reserved for internal control and monitoring.

When attempting to GET a file from a KSDS that is empty, for example, an OPEN will fail and storage will not be freed for the file I/O area.

This fix will correct the problem. You should recycle the stack after applying this fix as well as any external FTPD service.

This zap picks up changes to messages for various modules.

You will need to recycle the stack after applying this fix for the update to take effect.

When attempting to GET a file from a ESDS that is empty, for example, an OPEN will fail and storage will not be freed for the file I/O area.

This fix will correct the problem. You should recycle the stack after applying this fix as well as any external FTPD service.

This zap corrects a problem that can occur with the IBM Virtual Connector Server(VCS) when receiving buffers with a partial SSL header or records split across buffers.

This zap also implements the SOCKOPT $OPTFBUR to use the full receive buffer provided by the application when multiple application data records have been received in the TCP stream. This should improve performance when using receive buffers 32k or larger and multiple SSL records are received in a single buffer.

Add new diagnostic messages for SSL/TLS socket processing.

If a SITE REXX command was used by the client, but no parameter was passed, a subsequent access to the FTP control blocks, (e.g. Q FTP) would result in the stack abending.

This fix resolves that issue. You should recycle the TCP/IP stack after applying.

was being issued as a warning message. This zap changes it from warn to diagnostic.

You will need to recycle the stack after applying this fix.

This zap adds a new command EXTPSTAT ON/OFF. The default is off but the changes described in ZP15G328 are also required to reduce the overhead caused by updating these counters. When on the Query EXTERNAL command can be used to display internal statistical counters. These statistics do cause some additional overhead.

The IBBLOK command erroneously put out an IPN341E error message when using just the SIZE= keyword. This zap corrects this error.

This zap also adds support for the EXTPSTAT command described in ZP15G326.

The stack must be recycled to pick up this correction.

This zap reduces the amount of non-parallel cpu time when the TCP/IP stack and external partition being serviced are both running in dynamic partitions. Static partitions use different storage protection keys so TCP/IP must enter key zero state to update the external partition socket buffers and result areas, but dynamic partitions are use the same storage protection keys and it is not necessary to enter key zero state. This zap also requires that external partition getvis statistics be turned off with the EXTPSTAT OFF command(see ZP15G326) since these statistics reside in system getvis and would negate the improved performance.

This zap checks for the EXTPSTAT ON command before updating statistical counters in system getvis to reduce key zero cpu time.

Note that the use of the SOCKOPT MAXSOCO=00 to enforce the detection of maximum outstanding socket requests requires EXTPSTAT ON. This options default setting of 00 is not to enforce and is rarely used in custom $SOCKOPT phases.

When a system is running with little resources available, it is possible that the subtask that changes the DISP of a Power queue entry may fail, and the report will be sent again, perhaps multiple times.

This fix will cause a PDISPLAY to take place after each report has been sent, and if the DISP has not been updated, or the report not deleted, then that condition causing the redelivery will be prevented.

You should recycle the stack after applying this fix.

AUTOSEND runs in an external partition and should use a unique message prefixes. This zap adds the AUT prefix for AUTOSEND.

AUTOSEND runs in an external partition and should use a unique message prefixes. This zap adds the AUT prefix for AUTOSEND.

Since this program runs outside of the stack, there is no need to recycle the stack after applying this fix.

When attached as a real VSE subtask by the external AUTOSEND program duplicated ECBs could occur. This zap corrects this problem.

You should recycle the stack after applying this fix.

The open of the local ftp server may fail on a heavy loaded system. This zap corrects this by adding a retry to open.

The FTP data connection is by default protected when the control connection is using TLS/SSL but the SET command contains a CLEAR option that can be used to allow a clear unencypted data connection, but the setting was not being set correctly. This fix resolves this issue.

You should recycle the TCP/IP stack after applying this fix.

This zap adds new internal debugging events for the RAPTRAC event recording facility.

You should recycle the TCP/IP stack after applying this fix.

The checking of the return code from a close may not have detected a failure. This zap corrects this problem.

This fix will correct the problem. You should recycle the stack after applying this fix as well as any external FTPD service.

The checking of the return code from a close may not have detected a close failure. This zap corrects this problem.

This fix will correct the problem. You should recycle the stack after applying this fix as well as any external FTPD service.

Allow the usage of SET SSL option command when SSL=CLIENT is not in the // EXEC PARM= parameters. The positional operands of the SET SSL also required the lib.sublib.memname on the SET SSL command but this is now only needed when connecting to a server that requires client_authentication which is rare.

The default for the data connection is private encrypted when connecting to a SSL/TLS server. A simple SET SSL CLEAR can be used to set the data connection to default to clear unencypted mode. This can also be used in the FTPBATCH.L member to apply to all executions of FTPBATCH.

ZP218317 incorrectly could cause excessive storage usage and produce a false system loop detection.

This zap also corrects a problem with the retranmission of our SYN-ACK during the initial TCP handshake for a listener(server) application running on VSE. In response to remote clients connections we respond with a SYN-ACK as part of the TCP protocol exchange to establish the initial sequence numbers. The SYN counts as one in the TCP sequence numbering. But during a retransmission of our initial SYN-ACK the send sequence number was incorrectly being advanced. The could result in a rejected connection on a congested network in the rare instance of a SYN-ACK being retransmited during the the initial TCP handshake. By default this resending of our SYN-ACK will be attempted 3 times with a time wait of 1 second bewtween each attempt. The new command LISTENFAILL RETRYCNT=nn RETRYTIME=nnnn command can be issued to override these default settings.

In addition the listener(server) application on VSE is by default not posted and the connection is recovered into a listen state after the failure of this initial TCP handshake. A new command LISTENFAIL can be used to post an application with a listen(passive open) failure. The default is to not post the application. LISTENFAIL APPLPOST=YES will cause the application to be posted when a initial TCP handshake fails. See ZP218346 for additional information on the LISTENFAIL command.

The TCP/IP stack must be recycled after appplying this zap.

If the wrong SYSID was issued for CHECKTCP with WAIT=YES, the SOCKET OPEN request would still terminate normally, causing it to appear that the stack was actually up, when it was not.

This fix corrects that problem. No recycling of the stack is needed.

Applications using the old EXEC TCP which included the deprecated IPNETXCO.OBJ from 1.5D could fail under the current release. Applications using the old 1.5D object deck must be re-compiled and re-linked with the IPNETXB.OBJ(batch) or IPNETXC.OBJ(cics). But the use of the older IPNETXCO will now be detected and a:

IPN696I Deprecated SOBLOK detected from XXXXXXXX

will be issued where XXXXXXXX is the job step name of the external application using the deprecated object deck.

The TCP/IP stack must be recycled after appplying this zap.

Applications using the old EXEC TCP which included the deprecated IPNETXCO.OBJ from 1.5D could fail under the current release. Applications using the old 1.5D object deck must be re-compiled and re-linked with the IPNETXB.OBJ(batch) or IPNETXC.OBJ(cics). But the use of the older IPNETXCO will now be detected and a:

IPN696I Deprecated SOBLOK detected from XXXXXXXX

will be issued where XXXXXXXX is the job step name of the external application using the deprecated object deck.

The TCP/IP stack must be recycled after appplying this zap.

Applications using the old EXEC TCP which included the deprecated IPNETXCO.OBJ from 1.5D could fail under the current release. Applications using the old 1.5D object deck must be re-compiled and re-linked with the IPNETXB.OBJ(batch) or IPNETXC.OBJ(cics). But the use of the older IPNETXCO will now be detected and a:

IPN696I Deprecated SOBLOK detected from XXXXXXXX

will be issued where XXXXXXXX is the job step name of the external application using the deprecated object deck.

The TCP/IP stack must be recycled after appplying this zap.

The BARS command has additional options, such as LEFT, WIDTH, and DEPTH. The LEFT command was off by one point, and the WIDTH value was off by several.

Apply this fix to correct the problem. You will need to recycle the stack after applying this fix for the correction to take effect.

This zap adds a new command LISTENFAIL with the keyword operands APPLPOST=NO/YES, RETRYCNTR=0-99, and RETRYTIME=0-9000. This command can be used to control servers on VSE in a listen state. The default setting is: "LISTENFAIL APPLPOST=NO RETRYCNTR=0 RETRYTIME=0"

Normally when a remote client connects into a server on VSE a TCP handshake occurs which begins with a synchronize(SYN) from the client to the VSE server. The SYN establishes the TCP starting sequence number of the remote client. A SYN-ACK is then sent to establish the starting TCP sequence number of the VSE server. The remote client should then respond with an acknowledgement(ACK) to complete the standard 3-way TCP handshake that establishes a connection. But when a remote client does not respond in a timely fashion to the SYN-ACK sent to it the SYN-ACK is retransmitted and a time wait is entered for the ACK to our SYN-ACK. This is a rare occurence but on heavily congested networks it can and does happen. In addition a known denial of service virus/attack can occur where the remote sends in SYN's without ever ACKing the SYN-ACKs. This condition is referred to as a SYN flood attack. For more details on it see:

https://en.wikipedia.org/wiki/SYN_flood#Technical_details

These can be difficult to block since the source IP address is often forged and it can also delay processing since the listener/server on VSE is not in a listen state during this initial TCP handshake. The PORTQUEUE command can/has been used in the past to alleviate this type of problem but it can also eventually be overwhelmed. Poor performance and legitimate connection requests can be rejected if the flooding is excessive(beyond the PORTQUEUE settings).

The LISTENFAIL command can be used to control how many times and for how long we will attempt to re-send our SYN-ACK in response to an incoming client connection request(SYN) and if we should post the VSE server application for a failed initial TCP handshake.

re-enter the listen state without posting the associated application after RETRYCNT and RETRYTIME values are exceeded.

the VSE server application after the RETRYCNT and RETRYTIME values are exceeded. The application is posted with a failure return code and should re-issue the listen request.

The Query SET command can be used to display current LISTENFAIL settings.

See ZP218346 for a full description of this new command.

The stack must be recycled to pick up this correction.

This zap picks up changes to messages for various modules.

You will need to recycle the stack after applying this fix for the update to take effect.

The following new messages may be issued when attempting to open connections from the FTP client.

"IPA417 Open of control connection retried to ip-addr,port" is issued when the local open fails and a retry is attempted.

"IPA418 Receive timed out retrying it now" is issued when a local receive times out and a retry is attempted.

"IPA419 Data connection listening on port nnnn" is issued when a a passive data connection is used to receive directory output.

"IPA420 Data connection open ip-addr,remote-port(local-port)" is issued when DIAG FTP is active and contains the IP address and ports to receive directory output.

"IPA421 Waiting for data connection to be established" is issued when a a passive data connection is used to receive directory output and we are waiting for the remote to connect into the passive port.

"IPA422 Open of control connection successfully retried to ip-addr,port" is issued when the local open fails and a retry is successful.

This zaps adds support for the HMAC-SHA256 algorithm that is a preliminary step for supporting TLS 1.2.

This zaps adds support for the HMAC-SHA256 algorithm that is a preliminary step for supporting TLS 1.2.

This zaps adds support for the HMAC-SHA256 algorithm that is a preliminary step for supporting TLS 1.2. The entry point for calling this function is CRYHMSH2.

Commands from the console can be controlled with the SET PASSWORD command. But when using MSG xx,DATA=command the prompt for a password from the operator console was not being enforced. This zap corrects this problem although not many sites use a password for commands issued from the system console.

You will need to recycle the stack after applying this fix for the update to take effect.

If you issue a DELETE EVENT while a task is in progress (say, deleting an AutoLPR while an report is being transmitted), a message could occur indicating that it cannot do it and would keep looping until the session was complete, which could be a long time, such as a printer being out of paper.

This fix will mark any active sessions associated with a specific event (as indicated by Q EVENT,DETAILS) as "dead", and the event will delete. once the session completes, it will see that the EVENT is gone and will simply end.

Warning: Any storage acquired by that session will not be released because it no longer has an event associated with it because of ECBs and other control blocks that are still being referenced. So be careful of deleting EVENT definitions that have active sessions.

The QUERY FIREWALL command was displaying TCPPORTS in IPI215 message but it should have displayed IPI216 for UDP ports. This zap corrects this problem.

You will need to recycle the stack after applying this fix for the update to take effect.

The IESSCBAT failed to complete with SSL/TLS during the close. This zap allows the half close processing of this application to complete all the received data.

This zap also corrects a problem where a foreign port is displayed for a listen connection that failed to fully get established.

This zap also corrects a problem where a listen connection fails to successfully complete and the connection does not re-enter a listen state.

The TCP/IP stack must be recycled after appplying this zap.

If issuing a GetHostByName against an SMTP server that will forward the email to another server, and thus returning a "mail_forward" record instead of a "type-A" (IP-address) record, the DNS client would skip over the record and look for a "proper" response (the mail_forward has since been superceded on later RFC's), and in finding none, it would reject it as "no address found".

This fix treats a "mail_forward" response as though it were a type-A record, and will use the IP-address in that rrecord. You will need to recycle your stack after applying this fix.

Additional changes: eliminating the use of TCP testing if a UDP connection fails, since nobody out there uses TCP for a DNS call, and it just causes additional failures and retries.

Additional changes: If a DNS server returned a CNAME following the reply instead of the IP address, it would fail. The logic was changed to take this possibility into consideration.

This zap will catalog an updated IPNOME.Z book that can then be used to update the VSE online messages file with the IBM IESMSGS utility. To avoid problems with EBCDIC to ASCII translation it is recommended to run a job similiar to the below to run the IESMSGS utility:

.* $$ JOB JNM=IPNOMEZ,DISP=D,CLASS=0

.* $$ SLI MEM=IPNOME.Z,S=lib.sublib

.* $$ EOJ

Replace lib.sulib with the library and sublibrary used to install TCP/IP 1.5G.

During an asynchronous active open(connect) a null receive is now issued in the subsequent select processing. This should avoid a hang condition when a application expects to issue a send or receive on a socket that is not fully established. The MacKinney systems MTPBATCH utility uses the asynchronous open that this fix should correct.

Updated FIREWALL macro with the FREEPBLK= keyword to control the of free ports.

This zap corrects a problem with the IPN299W error message being issued when it should not be issued. This is caused by a checksum of the data area that is verified after it is copied to the TCP/IP private storage. Although to insure data integrity the data area of a TCP send or receive area should not be modified until the ecb is posted. The checksum is now only performed on send requests with this zap applied.

Message NTP104E will be displayed and the NTPD will shut down. This was due to a hard-coded termination date in that component.

This fix eliminates the problem. You should terminate and restart the NPTD after applying this fix.

This zap removes messages that are no longer displayed by the product.

All informational messages should end with "I", warnings with "W", and errors with "E". This was not always the case. This fix will standardize the message number suffix for this component.

You will need to recycle the stack after applying this fix.

Commands from the console can be controlled with the SET PASSWORD command. But when using MSG xx,DATA=command the prompt for a password from the operator console was not being enforced. This zap corrects this problem although not many sites use a password for commands issued from the system console.

You will need to recycle the stack after applying this fix for the update to take effect.

When the internal EMAIL client would try to connect to the batch email client, via a secondary SOCKET OPEN call, in order to deliver a dynamic file (%ddname),it would sometimes fail to attach due to a SOCKET OPEN error.

The earlier version used a secondary SOCKET OPEN for the transfer of data. Due to timing issues, specifically on faster systems where the TCP/IP stack is encountering a bit of stress, the connection would fail, and a rerun of the job sometime later would work. This version eliminates the need for that secondary SOCKET altogether.

You will need to also apply ZP15G225. No recycling of the stack is required.

This zap imporoves the performance for sending of a SSL/TLS buffer.

This zap also corrects a a problem with the form feed at beginning of a sent file. The "set noeject on" is the default setting and will honor the first form feed. This zap restores this default behavior.

The SET command was updated by ZP15G206 to allow TLS10 or TLS11, but incorrectly caused the 3 character SET TLS command to be rejected. This zap corrects the problem allowing the TLS abbreveation.

This zap also corrects the unnecessary load of the SVSEEXIT phase. The SVSEEXIT.PHASE should only be loaded when the SeeVSE performance monitor feature is active. This zap detects if SeeVSE is active and if it is not active the load of SVSEEXIT is suppressed.

If the TCP/IP stack does not respond, an ATTACH of a dynamic file will time out. A send of "QUIT" will occur, but that too will never reply, and so the batch client will hang.

If the stack does not respond, then the batch client will immediately terminate with RC=12. Apply this fix to eliminate that hang. No recycling of the stack is required.

When using a DEFINE SOTRACE and a subsequent DUMP TRACE command a IPN293I messages may be incorrectly issued due to not checking for all valid interface versions. This zap corrects this problem.

You will need to recycle the stack after applying this fix for the update to take effect.

When the internal EMAIL client would process the SET SEPERATOR (or the SET SEPARATOR) command, the value would not be passed to the POWER file I/O driver, resulting in having no effect on the output.

This fix forrects that problem. No recycling of the stack is needed after applying this fix.

The zap adds the SENDMXUA keyword to the IBBLOK command which allows the setting of the maximum unacknowledged bytes for external applications using sends with fast=yes or notalk=yes.

The zap adds the SENDMXUA keyword to the IBBLOK command which allows the setting of the maximum unacknowledged bytes for external applications using sends with fast=yes or notalk=yes.

When the internal EMAIL client gets a request to receive a file from the external client, it will open a passive port number and send that number to the external client to attach to. Occasionally, the wrong number would be sent.

This fix corrects that problem. No recycling of the stack is needed after applying this fix.

The above message can occur when no more 31-bit partition getvis is available. This zap attempts to detect and correct for this problem by temporarily shutting off traffic until the system can process the queued up datagrams and then turning traffic back on.

You will need to recycle the stack after applying this fix for the update to take effect.

The above message can occur when no more 31-bit partition getvis is available. This zap attempts to detect and correct for this problem by temporarily shutting off traffic until the system can process the queued up datagrams and then turning traffic back on.

You will need to recycle the stack after applying this fix for the update to take effect.

The above message can occur when no more 31-bit partition getvis is available. This zap attempts to detect and correct for this problem by temporarily shutting off traffic until the system can process the queued up datagrams and then turning traffic back on.

You will need to recycle the stack after applying this fix for the update to take effect.

The above message can occur when no more 31-bit partition getvis is available. This zap attempts to detect and correct for this problem by temporarily shutting off traffic until the system can process the queued up datagrams and then turning traffic back on.

You will need to recycle the stack after applying this fix for the update to take effect.

This zap will correct excessive sends using fast=yes/notalk=yes option when unacknowledged bytes exceeds 256K.

This zap will correct excessive sends using fast=yes/notalk=yes option when unacknowledged bytes exceeds 256K.

This zap will correct excessive sends using fast=yes/notalk=yes option when unacknowledged bytes exceeds 256K.

This zap will correct excessive sends using fast=yes/notalk=yes option when unacknowledged bytes exceeds 256K.

Add new messages for excessive sends.

Add new messages for excessive sends.

The usage of setime can conflict when running in a partition using the stixit it timer service such as the Model-204 database system. This zap implements a new socket control call to perform the timer service without using the setime macro.

The usage of setime can conflict when running in a partition using the stixit it timer service such as the Model-204 database system. This zap implements a new socket control call to perform the timer service without using the setime macro.

The SOCKOPT macro can be used to generated a custom $SOCKOPT phase. The keyword BSDCFG2 now has a additional option. $OPTSTMX can be used to use a socket control call for timer services instead of the setime VSE service.

The givesocket and takesocket functions allow the usage of a special token to be used with the give and take functions. This token must be unique and this zap corrects this problem.

When the "SET PASSWORD=value" command is passed to the REXEC or RSH clients by way of an "EXEC" command (bypassing the batch client), the password would be echoed to SYSLST.

This fix corrects that problem. No recycling of the stack is needed after applying this fix.

All pages of a report may not be printed by GPS when the total number of pages of the report is greater than the MAXPAGES= 'segmentation value' specified on the DEFINE EVENT.

This fix corrects that problem. You should recycle the stack after applying this fix.

If issuing a GetHostByName with a complex domain name that would result in DNS redirection (typically long names), the CNAME field would not be parsed correctly, resulting in the embedded IP address to be missed, causing a "not found" condition.

This fix addresses that problem. You will need to recycle your stack after applying this fix.

Add new messages for excessive sends.

The FIREWALL command has 2 new operands.

FIREWALL ALLOWED will display a list of allowed IP addresses.

FIREWALL BLOCKED will display a list of blocked IP addresses.

The FIREWALL command has 2 new operands.

FIREWALL ALLOWED will display a list of allowed IP addresses.

FIREWALL BLOCKED will display a list of blocked IP addresses.

FIREWALL ALLOWED

will display a list of allowed IP addresses and includes a count of the allowed datagrams.

FIREWALL BLOCKED

will display a list of blocked IP addresses and the number of attempts that were blocked.

A new message:

IPI225 FIREWALL BLOCKED ip-addr nnn attempts

is displayed in response to the FIREWALL BLOCKED command and contains the ip-addr blocked and the number(nnn) times it was blocked.

A new message:

IPI226 FIREWALL Table of Blocked Addresses Reset

is displayed when the table of blocked addresses is reset.

On VSE systems where the router or ISP does not perform any blocking of known black listed IP addresses excessive storage and poor performance can occur. If a lot of different IP addresses are blocked they can increase our virtual storage usage and negatively affect performance. This zap will now report the blocked IP address and not allocate any storage for it. Instead a table of blocked IP addresses is maintained with a maximum of 512 entries. When that table is filled it will issue a:

IPI226 FIREWALL Table of Blocked Addresses Reset

And reset the table of entries. In addition 2 new operands and 1 change is being added to the FIREWALL command.

FIREWALL BLOCKED will display all the entries in the currently blocked table and the number of times it was blocked.

FIREWALL ALLOWED will display all the allowed IP addresses and the number of allowed datagrams.

FIREWALL REPORT will display all allowed and any port blocking or ICMP blocks.

In addition sites should review the TCP/IP syslst for:

IPI209I FIREWALL blocked IP-Addr

and consider blocking the IP-Addr at a higher level before it gets to the VSE system. This can be done in the router or by contacting your ISP to black list these blocked IP addresses. The FIREWALL BLOCKED can also be used at any time to display the list of IP addresses that should be blocked at a higher level to minimize the overhead these hackers may be causing.

This fix updates several messages and eliminates a condition where a large report would be sent repeatedly.

This fix corrects these issues. You should recycle the stack after applying this fix.

The corrections in ZP15G251 caused a failure in the deleting of a defined trace. This zap corrects this problem.

You will need to recycle the stack after applying this fix for the update to take effect.

This zap corrects a failure when running on VSE/SP 2.1. feature.

When DEFINE CGI would occur, it would try to load the entry as a phase even if it was a REXX or BAL type of CGI. This has been remedied.

) DESC It should be noted that the command format is: DEFINE CGI,TYPE=cgi_type,PUBLIC=name

) DESC When a DELETE CGI would occur, it would either not be deleted or it would say that it was deleted, when it didn't, or it would say that it failed, when it deleted. These conditions have been corrected.

) DESC The command formate for DELETE CGI is: DELETE CGI,PUBLIC=name

Also, message TEL920I has been updated to show the module name.

You will need to recycle your stack after applying this fix.

When using the EMAIL batch program to deliver a dynamic file ("%ddname") and if the "ATTACH" statement has a syntax error, the EMAIL client will hang.

This fix corrects that problem. No recycling of the stack is needed.

The TCP/IP sysid 00 was incorrectly being used. This zap corrects this problem.

The corrects some message numbers that were duplicated in different modules.

The close of the ftp data connection can have the above error message because the application has not issued it's close and the connection block has already been terminated due to the remote side initiating the close processing with a FIN. This zap should corrects this problem with the TCP close when it is initiated with a FIN from the remote system.

When attempting to a get a file from a remote ms-dos command file the FTP916E could occur. This zap should correct this problem.

This zap adds a address validation check to detect a invalid soblok and some integrity checks for correct pxblok eye-catcher. It also corrects a possible storage corruption issue.

Here is the condition: You send a series of reports via AutoEmail with DISP=K. They transmit and go into DISP=L. You then release them again for a second delivery. However, they do not deliver, but instead just return to DISP=L. You release them again and they will deliver.

"SET DISP=HOLD" is passed to the email client. For batch processing, this is fine. For AutoEmail, depending on the timing, it is possible that the job will create a "hang" condition, as defined above.

This fix will correct that error. No recycling of the stack is required after applying this fix.

When TCP/IP is shutdown an incorrect errno was being set that caused Power Pnet to issue an idump. This zap should correct this problem.

When TCP/IP is shutdown an incorrect errno was being set and if Power pnet was active it would issue an idump. This zap should correct this problem.

This zap corrects a problem with the close full processing when the remote system has reset the connection.

This correction allows the catalog of a root certificate containing a RSA SHA-256 bit signature.

This zap adds support for the TLS 1.1 changes as documented in RFC4346.

When the EMAIL client in the TCP/IP stack issues a passive SOCKET OPEN and waits for the email batch client to connect, occasionally the OPEN on the stack side would fail, thus producing that message.

This fix will output extra messages to track the reason for the error. It will also retry 4 additional times on an OPEN failure in an attempt to recover (for a maximum delay of 2.5 minutes if all 5 attempts fail).

No recycling of the stack is required after applying this fix.

When using the EMAIL batch program to deliver a dynamic file ("%ddname") it will occasionally fail with a "TCPOPEN FAILURE" type of message. This fix will provide extra diagnostics to isolate the problem and will retry up to 4 additional times.

This fix corrects that problem. No recycling of the stack is needed.

This zap issues additional information for the FIREWALL REPORT command.

This zap corrects the month diplayed when using the date function of the common message handler.

This zap corrects a check for the IP datagram length.

This zap adds new internal diagnostic events.

This zap adds diagnostic events for the RAPTRAC command for internal debugging.

This zap adds the IPI223 and IPI224 messages for the FIREWALL REPORT command. It also changes the IPN102 message to have copyright of 2016.

This zap corrects a problem with the close full processing when the remote system has not acknowledged the sent data by sending a FIN.

When a single partition accesses multiple stacks the job step start time was not fully updated. This zap corrects this problem.

When a stack is recycled the external statitic counters were not being reset. This zap corrects this problem.

The Q EXTERNAL command displays the partitions that a stack has received socket requests from. This zap adds the date to the IPN685 message and also detects if no socket requests have been received from the external since the start up of TCP/IP.

This zap also add support for TLS 1.1 by allowing the DEFINE FTPD SSLVERSN to be set to 0302.

The OPEN command can now specify TLS11 to request the TLS 1.1 be used.

The SET command now support the TLS11 to allow usage of TLS 1.1.

The RSA private key must be kept private. But the attached zap allows the RSA private key to be dumped for use with the IBM Keyman utility to re-issue a certificate.

When a new socket request is made a socket request block is pulled from a queue of previously freed sockets. If a corrupted block is pulled it is now discards and a new block is obtained.

When sending a buffer with TLS 1.1 a unique initialization vector is now part of every sent TLS record resulting in a buffer that might be rejected. This zap corrects the problem by compensating for the additional 8 or 16 byte IV depending on cipher being used.

Support for SSLv2 client_hello with hint of support for SSL 3.0 and TLS 1.1 is still allowed. But the most recent TLS RFC contains the following comment:

Support for the SSLv2 backward-compatible hello is now a MAY, not a SHOULD, with sending it a SHOULD NOT. Support will probably become a SHOULD NOT in the future.

SSL100W SSLV2 Client_Hello Allowed

warning message will be issued to recommend that client vendors should upgrade to use the TLS client_hello and remove the SSLv2 backward compatability method. In addition enforcement of the RFC documented length of challenge length is now enforced:

The length in bytes of the client's challenge to the server to authenticate itself. When using the SSLv2 backward compatible handshake the client MUST use a 16-32 byte challenge data length.

In addition for sites that do not want to allow the SSLv2 client_hello a SOCKOPT setting of SSLFLG1=$OPTSV2R can be used to reject all SSLv2 client_hello requests.

The OPEN command can specify SSL30, TLS10, or TLS11 to request the version of the SSL or TLS protocol to be proposed to a FTP server. The default was SSL30 but is now TLS 1.0 to provide better security.

The data connection is negotiated separetly from the control connection. But if a PRIVATE command is used it will now use the same cipher and protocol version as the control connection.

ZP15G124 created a problem where the incoming text was not being translated correctly.

This fix will correct that problem. You will need to recycle the stack after applying this fix.

A certificate containing a RSA-SHA256 signature will now be detected and verified. The following message will be written to syslst when a RSA-SHA256 signature is detected:

Certificate contains a RSA-SHA2 signature

When INFO is set to SYSLST-ONLY, then messages that are responses to console commands will also only go to SYSLST. This should not be the case. Also, some message groups will display only some of the responses.

This fix will cause response messages to be displayed on SYSLST as well as SYSLOG, even if INFO is set to OFF or SYSLST. You will need to recycle your stack after applying this fix.

This zap corrects a problem when running multiple stacks and one stack is recycled but a partition with access to multiple stacks is then unable to communicate with the active stack that was not recycled.

This zap corrects a problem where a single partition such as CICS may be running multiple applications that access different stacks and the recycle of a single stack cause connections to fail for the application using a different stack.

A problem was reported with a user connecting to a DEFINE TELNETD and being unable to connect with an increase of CPU usage and unreleased GETVIS. When "DIAG TELNET" was enabled, we would see a large number of "LUname in use" messages.

The problem is that the server would keep looping, waiting for VTAM to have a resource ready for use, but the "ready" bit would never be posted. This would eat up CPU and the condition would not reset.

The TN3270DX module has been modified to correct this problem. If you do a "Q PROGRAMS" and see "TELNETD" as a module name, you will need to modify all of your "DEFINE TELNETD" to also have ",DRIVER=TN3270DX". Recycle your stack and do another "Q PROGRAMS". If you still see a phase name of "TELNETD", you have a "DEFINE TELNET" that you missed. There should not be ANY TELNETD use with TN3270DX.

You will need to recycle the stack after applying this fix.

The VTOC file I/O driver had the OVTOC macro coded with "EXCLUSIVE", which would cause all shared volumes to be unreadable to the application using it. The USE option has been modified from EXC to SHR and has been tested using shared and non-shared volumes.

This fix corrects that problem. Recycling of the stack is required.

This zap adds some diagnostic close messages. It also corrects the return code and errno for when a remote connection closes the with a reset.

If you issue a DELETE EVENT while a task is in progress (say, deleting an AutoEmail while an EMAIL is being transmitted), a message would indicate that the DELETE was in progress, but after the task completed, the DELETE would not actually occur.

This fix will correct that error. You will need to recycle the stack after applying this fix. If you are running AUTOSEND, you will need to recycle that job.

This zap corrects a problem with close setting a return code x2C.

It also corrects a problem when a reset is used by a remote to close a connection a long wait could occur.