Patch Version:	2.8.3.0300.13

Product:	Intel NetStructure 7175 Traffic Director  

Release Date:	04/16/02

Fix Details:	CR002056: server state remains "Unknown" for extended
			period of time
		When adding new servers to a Layer 7 service
		configuration or changing a Layer 7 server from type
		disabled to type primary (disabled to enabled), the
		server status may remain "Unknown" for an extended
		period of time if there are dead servers in the
		configuration.  This change reduces the amount of time
		that servers remain in the "Unknown" state.

		CR003111: tcpdump with high traffic on the interface
			can cause a page fault panic
		This panic occurs when the system is running with 
		high traffic, including traffic for Layer 4 services.
		When the CLI trace command is executed with options,
		or when a tcpdump command is executed from the shell,
		the kernel panics and the system restarts because 
		the wrong mbuf pointer was passed to the filtering
		function that handles the tcpdump or trace options.
		This change resolves the problem by providing the
		correct mbuf pointer to the filtering function.  

		CR003184: kernel panic:  page fault at tcp_subr.c:742
			in tcp_drain()
		This panic occurs when the system is running low on
		mbuf memory for network connections.  The tcp_drain()
		function is called to walk through the TCP internal
		structures, looking for memory that is no longer in
		use.  A page fault results when a NULL pointer is
		dereferenced in error.  This change modifies the
		behavior of tcp_drain() to skip the entries when a
		NULL pointer is encountered.

		CR004104: CLI and GUI can hangup due to Policy Manager
			failure
		When the Policy Manager fails, the CLI and GUI can
		become non-responsive.  This change allows inter-
		process communication to be set up correctly when
		Policy Manager restarts.

		CR004158: nat_mon: fid 0 failed to drain queue
			natmon_get_buf_ptr: no space aggrigate
			services
		These messages can occur when a the Stat Collector
		process does not restart normally after a Policy
		Manager failure.  This change allows the Stat
		Collector process to start successfully when Policy
		Manager restarts.

		CR004775: rich_app does not work with custom methods
			with Content-Length
		When custom HTTP methods are used, rich_app does not
		forward additional data if it is received in a separate
		packet although Content-length is specified in the HTTP
		header.  This change modifies rich_app to always check
		for Content-length and forward additional data
		associated with any POST, PUT or custom HTTP method.
		This change affects Layer 7 services only.

		CR004876: RICH does not insert Connection: close header
			in HTTP/1.1 connections
		When a request is received without the "Connection:
		Keep-alive" or "Connection: close" directive in the 
		HTTP header, rich_app does not insert it into the
		header prior to forwarding the request to the
		fulfillment server.  With HTTP/1.1, the default action
		is "Connection: Keep-alive".  Layer 7 services do not
		support HTTP Keep-alive connections, and the results of
		subsequent requests may be unsuccessful.  This change 
		modifies rich_app to always insert the "Connection:
		close" directive in the HTTP header prior to forwarding
		the request.

		CR004972: rich_app parse for "Content-length" string
			starts after end of buffer
		This issue is related to CR004775.  When searching for
		the "Content-length:" directive in the HTTP header, the
		parser incorrectly initialized the search of the
		request buffer and searched outside of the buffer.
		This occasionally caused rich_app to find the string
		when the request did not include additional data.
		This caused the client browser to hang.  This change
		confines the search to the request buffer correctly.
		This change only applies to Layer 7 services.

		CR005037: don't check status for disabled servers
		When servers on the dead server list are disabled and
		remain dead, their status shows as "Dead" and they
		continue to be probed although they have been disabled.
		This change stops dead server probes when servers are
		disabled.

		CR005459: rich_app adds new configured servers to the
			active list without state info
		When a new server is added to a Layer 7 service, it was
		initially available to receive new client requests,
		although it may have been disabled or dead.  This change
		does not allow servers to receive client requests until
		the status has been verified as "Active" by the Policy
		Manager.

		CR005850: Need to disable SSH1 support
		This change removes support for SSH1 and the NULL 
		cipher to prevent potential security problems.

		CR006105: booting to patch after removing base release
			fails with permission error
		When booting to a patch build after the base release
		boot index has been deleted, a permission error is
		displayed and the boot does not occur because of an
		invalid location of a symbolically linked file for the
		MSD agent in the patch directory.  This change corrects
		the symbolic link location of the file to eliminate
		this error.

		CR006340: Brokers not sending error when Content-length
			is smaller than actual data received
		The broker was not forwarding HTTP requests or sending
		an error to the client when the Content-length
		specified in the HTTP header was smaller than the
		actual data received.  This change allows the broker
		to forward requests that are received with more actual
		data than specified in Content-length to the server,
		and allows the server to handle the request.

		CR006444: MTU value can not be renegotiated after
			initial "syn"
		When a client connection attempted to renegotiate the
		MTU, the broker did not handle the ICMP message
		correctly.  The result was a failure to forward the
		server response to the client successfully.  This
		change allows the broker to successfully modify the
		MTU value when a client attempts to renegotiate.
		The rich_bias parameter in tht boot monitor must be
		DISABLED for use with this patch.

		CR006540: kernel panic: "Recursive nat_tcp_input call"
		This kernel panic was caused by kernel memory that
		was allocated for Layer 4 connections in SAP mode
		but was not not used or deallocated normally.  This
		change modifies SAP mode to avoid the unecessary
		kernel memory allocation.

		CR006793: rich_app doesn't forward the FIN to the server
			in STATE_PROXY_TO_DEATH
		When a server does not send a FIN after sending all data
		to be forwarded to a client, the FIN from the client was
		not forwarded to the server, and the connection resources
		in rich_app were not freed correctly.  This caused
		problems with memory usage in rich_app that could have
		other adverse affects.  This change modifies rich_app to
		forward the FIN from the client to the server if the
		server has responded with data but has not yet closed
		the connection.

		CR006788: Connection: close header does not get put
			in header
		If an HTTP 1.1 request with Content-length was
		received without the "Connection:" header, the headers
		inserted for Layer 7 processing were placed in the
		data portion of the request when they should have been
		inserted in the HTTP header.  This change modifies
		Layer 7 processing to insert the headers in the
		correct place in the HTTP header.

		CR007090: Revocation: mode ENABLE accepted by CLI but
			not recognized by rich_app
		The command "... key client-ca revocation mode ENABLE"
		is accepted by the CLI, but it was being treated as
		disabled by rich_app. The reason was that rich_app was
		searching only for a lower-case "enable".  This change
		modifies the Policy Manager to force it to provide the
		revocation mode to rich_app in lower case. 

		CR007115: login to CLI immediately after reboot hangs
			and never returns a prompt 
		This problem occurs if the user logs in to the CLI 
		before the background processes on the broker are
		started.  The CLI waited forever for messages that
		were never sent.  This change modifies the
		communication flow between the CLI and the background
		processes to ensure that the CLI session can be used 
		normally in this case.

Installation Instructions:
1)  Download the patch install file to a local ftp server. 

2)  Verify that the device is currently booted to a valid boot index
	for patch installation.  This patch can only be installed on
	release 2.8.3.x.13 for the same product with a patch version
	less than 0300.

Note:	If this patch is installed on an incorrect release, the
	"config sys software install" command may report that the
	image has been installed, but the new boot index will not be
	shown with the "config sys software info" command. 

3)  Save the current policygroup configuration to a save filename
	(not default.cfg).
Note:	This is a precautionary measure.  A manual restore of the
	configuration will only be necessary if the current running
	configuration fails to restore normally after booting to 
	the new boot index.

4)  Install the patch install file file using the CLI "config sys
	software install" command or the GUI Update Software facility.

5)  Verify the newly installed boot index is available for boot.

6)  Boot to the newly installed boot index.

7)  Verify the policygroup configuration has restored normally.