ECO kit SET_INTERFACE-030_A053
SET_INTERFACE-030_A053 ECO kit rev 3.0 For MultiNet V5.3 Rev A 6-Sep-2011
Copyright (c) 2009,2010 Process Software LLC
This ECO kit provides a new version of the following file for
MultiNet V5.3 Rev A:
MULTINET_SET_INTERFACE.EXE
NOTE: A system reboot is required after installing this kit.
This kit has an ECO ranking of 1, with an overall ranking of 1.
This kit requires at least the following ECO kits as prerequisites:
KERNEL-UPDATE-060_A053
FILTER_SERVER-070_A053
CONFIGURE_NETWORK-020_A053
This ECO kit provides a fix for the following problem:
- MULTINET_SET_INTERFACE now uses the latest message revision
for the Intrusion Prevention System (IPS). [DE 11174]
-----------------------------------------------------------------------
This ECO also contains fixed from the following previous ECOS:
SET_INTERFACE-010_A053
----------------------
- When parsing a filter file using MULTINET SET /INTERFACE/FILTER,
addresses of 0.0.0.0 are not always parsed correctly. Examples
of such addresses would be 0.0.0.0/0 and 0.0.0.0/32. [DE 10939]
- Add an interface to the Multinet Intrusion Prevention System (IPS)
to allow it to handle common link interfaces better. This involves
two modifications to MULTINET_SET_INTERFACE:
1. When a SET INTERFACE/UP or SET INTERFACE/COMMON_LINK command
is done, a message is sent to the IPS FILTER_SERVER process
so that it may adjust its internal databases accordingly.
2. When performing a SET INTERFACE/[NO]FILTER or
SHOW INTERFACE/FILTER command on an interface that's part of
a common link set, the filters are set, cleared or displayed
for all interfaces in the common link set. This change of
behavior is due to the concept that all interfaces in a
common link set are always treated equally in terms of filters;
when a filter is set or cleared on one member of a common
link set, it's applied equally to all members of the common
link set.
Note that the previous behavior instituted in #2 above may
be restored to its previous behavior by defining, /SYSTEM,
the logical name MULTINET_OLD_STYLE_FILTERS.
SET_INTERFACE-020_A053
----------------------
- When attempting to set filters on an interface, the status
SS$_INSFMEM could be returned. This is a serious status, and
indicates overly-fragmented non-paged pool, meaning no new
filters can be set on the interface. The severity of this
was not clear to users, and will now be made more clear.
- When attempting to set filters on an interface, the status
SS$_MBFULL could be returned. This is a serious status, and
indicates the FILTER_SERVER process for IPS has possibly
crashed, leaving the system at least partially unprotected.
The severity of this was not clear to users, and will now be
made more clear.
--------------------------------------------------------------------
Post-Installation Instructions
A system reboot is required after installing this kit.