Guest

Cisco Services Modules

Field Notice: FN - 62410 - CSM Version 4.2.(3) and CSM-S Version 2.1(2) Removed From CCO and Replaced With CSM 4.2.(3a) and CSM-S 2.1.(2a)


June 8, 2006

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Affected

Comments

CSM

version 4.2.3 only

CSM-S

version 2.1.2 only

Problem Description

CSM versions 4.2.3 and CSM-S 2.1.2 do not properly handle TCP packets that are out of sequence. If TCP IXP receives out of order packets where the out of ordered packet contains overlapping data of a received packet, the following error will occur:

FPG4 exception w/ icp.fatPath length error (icpFatErr)

when calculating the next block pointer.

Background

When TCP IXP receives out of order packets where the out of ordered packet contains overlapping data of a received packet, an error will occur in calculating the next block pointer.

TCP produces this erroneous next block pointer by combining two short words:

The first word is the length of the data in the overlapped packet.

The second word is the data offset in the overlapped packet. Data offset is controlled by IP and TCP options and the amount of overlap.

Erroneous next block pointers are produced. This can cause a CPU condition that will register at greater than 100 percent CPU utilization. If the next block contains a valid TX buffer pointer, but the block itself is not valid, a core will be produced.

Note: If this error is occurring but not producing a core file, often the statistic Bad IP Headers Rx in the show L7 stats command output will increase when using a cookie insert configuration on the CSM or CSM-S. The following error message will also be produced:

FPG4 exception w/ icp.fatPath length error (icpFatErr) .

Problem Symptoms

CSM 4.2(3) and CSM-S 2.1.(2) may produce a core file and will log the following error message:

FPG4 exception w/ icp.fatPath length error (icpFatErr) .

Workaround/Solution

There is no workaround for this issue.

A software upgrade is recommended. Versions 4.2.(3a) for the CSM and 2.1(2a) for the CSM-S have been updated to address this issue and are posted on CCO for immediate download.

Solution:

Versions 4.2.(3a) and 2.1(2a) have addressed this issue and are posted on CCO.

CSM version 4.2.3a can be downloaded from the Cisco Catalyst 6000 Content Switching Module Software Download Page (registered customers only) .

CSM-S version 2.1.(2a) can be downloaded from the Content Switching Module with SSL (CSM-S) Software Download Page (registered customers only) .

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsd27478 (registered customers only)

FPG4 exception w/ icp.fatPath length error (icpFatErr). When TCP recieved an out of order packet with overlapping data it would mishandle the bnext pointer and modify the incorrect buffer block. Also added code to make L7 illegal packet check stronger which also assumes these failure cases never have synchronization on.

Revision History

Revision

Date

Comment

1.0

08-JUN-2006

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.