                           H                     HP_TCP/IP_Services_for_OpenVMS______________________!                     Release Notes     "                     September 2003  H                     This document describes the new features and changesE                     to the HP TCP/IP Services for OpenVMS Version 5.4 %                     software product.               I                     Revision/Update Information:  This is a new document.   H                     Software Version:             HP TCP/IP Services forE                                                   OpenVMS Version 5.4   B                     Operating Systems:            HP OpenVMS AlphaD                                                   Versions 7.3-1 and7                                                   7.3-2                         +                     Hewlett-Packard Company )                     Palo Alto, California                  N               ________________________________________________________________  >                2003 Hewlett-Packard Development Company, L.P.  B               UNIX[R] is a registered trademark of The Open Group.  D               Microsoft[R] is a US registered trademark of Microsoft               Corporation.  C               The information contained herein is subject to change E               without notice. The only warranties for HP products and G               services are set forth in the express warranty statements E               accompanying such products and services. Nothing herein I               should be construed as constituting an additional warranty. I               HP shall not be liable for technical or editorial errors or )               omissions contained herein.   B               Proprietary computer software. Valid license from HPF               required for possession, use or copying. Consistent withB               FAR 12.211 and 12.212, Commercial Computer Software,E               Computer Software Documentation, and Technical Data for H               Commercial Items are licensed to the U.S. Government under3               vendor's standard commercial license.   A               The HP TCP/IP Services for OpenVMS documentation is "               available on CD-ROM.                                 F      _________________________________________________________________  F                                                               Contents      F      Preface...................................................    vii         1  New Features and Changes  F            1.1   Scalable Kernel...............................    1-2F            1.1.1     Enabling the Scalable Kernel..............    1-27            1.1.2     Restrictions on Using the Scalable F                      Kernel....................................    1-3F            1.2   Secure Shell (SSH)............................    1-4F            1.3   Secure POP....................................    1-4F            1.4   failsafe IP...................................    1-5F            1.5   IPv6 Enhancements.............................    1-55            1.5.1     IPv6 DNS Domain Name and Address F                      Registration..............................    1-6F            1.5.2     IPv6 API Updates..........................    1-6F            1.6   BIND Version 9.2.1............................    1-7F            1.7   Performance Enhancements to the INET Driver...    1-8F            1.8   Performance Enhancements to the NFS Server....    1-87            1.9   Performance Enhancements to the TELNET F                  Server........................................    1-8F            1.10  Support for More Than 10,000 BG Devices.......    1-88            1.11  Support for Fast BG Device Creation andF                  Deletion......................................    1-9F            1.12  Updated TCP/IP Kernel.........................    1-9F            1.13  tcpdump Support...............................    1-9                  F                                                                    iii                   9         2  Installation, Configuration, and Startup Notes   =               2.1   Installing Over V5.3 Early Adopter's Kits I                     (EAKs)........................................    2-1 I               2.2   Installation Changes..........................    2-1 I               2.3   Configuring IPv6..............................    2-1 ?               2.3.1     Information for Users of the IPv6 Early I                         Adopter's Kit.............................    2-2 I               2.3.2     Warning Message in TCPIP$CONFIG.COM.......    2-2 I               2.4   Startup Problems and Restrictions.............    2-2 I               2.5   Upgrading from TCP/IP Services Version 4.x....    2-3 I               2.5.1     Upgrading LPD.............................    2-3 I               2.5.2     Saving Mail Messages When You Upgrade.....    2-3 <               2.5.3     Preserving SNMP Startup and ShutdownI                         Behavior..................................    2-3 I               2.5.4     Customizing SNMP Startup and Shutdown.....    2-4 =               2.5.5     SNMP Messages When You Install TCP/IP I                         Services..................................    2-4 I               2.5.6     SNMP Subagent Startup Messages............    2-5 9               2.6   Troubleshooting SMTP and LPD Shutdown I                     Problems......................................    2-5   $         3  Problems and Restrictions  A               3.1   Advanced Programming Environment Restrictions I                     and Guidelines................................    3-1 I               3.2   failSAFE IP Restrictions......................    3-2 I               3.3   BIND/DNS Restrictions.........................    3-2 I               3.4   tcpdump Restrictions..........................    3-4 I               3.5   SSH Restrictions..............................    3-5 I               3.5.1     General SSH Restrictions..................    3-5 I               3.5.2     SSH File Copy Restrictions................   3-10 I               3.5.3     SSH_ADD Utility Restrictions..............   3-10 I               3.6   LPD Restrictions..............................   3-11 I               3.7   IMAP Dependencies.............................   3-11 A               3.8   NSLOOKUP Over a TELNET Connection Fails Under I                     OpenVMS V7.3-1................................   3-11 I               3.9   FTP Restrictions..............................   3-11 =               3.10  Determining the TCP/IP Device Name from a I                     Channel Assignment............................   3-12 I               3.11  RCP Full Transparent Copy Operations..........   3-12 I               3.11.1    Using RCP to Transfer STREAM_LF Files.....   3-13 I               3.11.2    RCP File Size Limitations.................   3-14 I               3.12  NFS Problems and Restrictions.................   3-14   
         iv                   I               3.12.1    NFS Server Problems and Restrictions......   3-14 I               3.12.2    NFS Client Problems and Restrictions......   3-16 I               3.13  IPv6 Restrictions.............................   3-17 I               3.13.1    Mobile IPv6 Restrictions..................   3-17 I               3.13.2    6to4 Configuration is Not Supported.......   3-17 I               3.13.3    IPv6 Requires the BIND Resolver...........   3-17 I               3.14  TCP/IP Management Command Restrictions........   3-17 I               3.15  NTP Problems and Restrictions.................   3-18 I               3.16  SNMP Problems.................................   3-19 I               3.16.1    Incomplete Restart........................   3-19 I               3.16.2    SNMP IVP Error............................   3-19 I               3.16.3    Using Existing MIB Subagent Modules.......   3-20 I               3.16.4    Upgrading SNMP............................   3-22 ?               3.16.5    Communication Controller Data Not Fully I                         Updated...................................   3-22 I               3.16.6    SNMP MIB Browser Usage....................   3-23 I               3.16.7    Duplicate Subagent Identifiers............   3-23 6               3.16.8    eSNMP Programming and SubagentI                         Development...............................   3-23            4  Corrections  B               4.1   Management Command Interface Problems Fixed inI                     This Release..................................    4-1 I               4.2   BIND Problems Fixed in This Release...........    4-2 I               4.3   FTP Problems Fixed in This Release............    4-2 I               4.4   NFS Problems Fixed in This Release............    4-4 I               4.5   TELNET Problems Fixed in This Release.........    4-4 I               4.6   SMTP Problems Fixed in This Release...........    4-5 I               4.7   SNMP Problems Fixed in This Release...........    4-5            5  Documentation Update   I               5.1   Updated Documentation.........................    5-1 I               5.1.1     SNMP Programming and Reference Update.....    5-2 7               5.1.2     Sockets API and System Services I                         Programming Update........................    5-3 I               5.2   Help Files Update.............................    5-3               I                                                                         v                             Tables  I               1         TCP/IP Services Documentation.............   viii   :               1-1       TCP/IP for OpenVMS Version 5.4 NewI                         Features..................................    1-1                                                                               
         vi                             I         _________________________________________________________________   I                                                                   Preface       B               The HP TCP/IP Services for OpenVMS product is the HPF               implementation of the TCP/IP protocol suite and internetF               services for OpenVMS Alpha and OpenVMS VAX systems. ThisC               document describes the HP TCP/IP Services for OpenVMS "               Version 5.4 product.  I               TCP/IP Services provides a comprehensive suite of functions G               and applications that support industry-standard protocols C               for heterogeneous network communications and resource                sharing.  G               For installation instructions, see the HP TCP/IP Services @               for OpenVMS Installation and Configuration manual.  I               The release notes provide version-specific information that F               supersedes the information in the documentation set. TheE               features, restrictions, and corrections in this version H               of the software are described in the release notes. AlwaysD               read the release notes before installing the software.           Intended Audience   F               These release notes are intended for experienced OpenVMSI               and UNIX[R] system managers and assumes a working knowledge E               of OpenVMS system management, TCP/IP networking, TCP/IP H               terminology, and some familiarity with the TCP/IP Services               product.              I                                                                       vii                             Related Documents   H               Table 1 lists the documents available with this version of               TCP/IP Services.  I         Table_1_TCP/IP_Services_Documentation____________________________   I         Manual____________________Contents_______________________________   A         Compaq TCP/IP Services    This manual provides conceptual E         for OpenVMS Concepts and  information about TCP/IP networking G         Planning                  on OpenVMS systems, including general D                                   planning issues to consider beforeD                                   configuring your system to use the;                                   TCP/IP Services software.   F                                   This manual also describes the other@                                   manuals in the TCP/IP ServicesB                                   documentation set and provides aD                                   glossary of terms and acronyms forG                                   the TCP/IP Services software product.   D         HP TCP/IP Services for    The release notes provide version-F         OpenVMS Release Notes     specific information that supersedesF                                   the information in the documentationF                                   set. The features, restrictions, andD                                   corrections in this version of theG                                   software are described in the release F                                   notes. Always read the release notesA                                   before installing the software.   I         HP TCP/IP Services for    This manual explains how to install and H         OpenVMS Installation and  configure the TCP/IP Services product.         Configuration   B         HP TCP/IP Services for    This manual describes how to useA         OpenVMS User's Guide      the applications available with E                                   TCP/IP Services such as remote file I                                   operations, e-mail, TELNET, TN3270, and 3                                   network printing.   H         HP TCP/IP Services for    This manual describes how to configureI         OpenVMS Management        and manage the TCP/IP Services product.   I                                                  (continued on next page)            viii                   I         Table_1_(Cont.)_TCP/IP_Services_Documentation____________________   I         Manual____________________Contents_______________________________   B         HP TCP/IP Services        This manual describes the TCP/IP?         for OpenVMS Management    Services management commands.          Command Reference   F         HP TCP/IP Services        This reference card lists the TCP/IPF         for OpenVMS Management    management commands by component andH         Command Quick Reference   describes the purpose of each command.         Card  >         HP TCP/IP Services for    This reference card containsF         OpenVMS UNIX Command      information about commonly performedD         Equivalents Reference     network management tasks and theirE         Card                      corresponding TCP/IP management and =                                   Tru64 UNIX command formats.   E         Compaq TCP/IP Services    This manual presents an overview of C         for OpenVMS ONC RPC       high-level programming using open D         Programming               network computing remote procedureC                                   calls (ONC RPC). This manual also I                                   describes the RPC programming interface D                                   and how to use the RPCGEN protocolB                                   compiler to create applications.  I         HP TCP/IP Services for    This manual describes how to configure, E         OpenVMS Guide to SSH      set up, use, and manage the SSH for 3                                   OpenVMS software.   F         Compaq TCP/IP Services    This manual describes how to use theI         for OpenVMS Sockets       Sockets API and OpenVMS system services B         API and System Services   to develop network applications.         Programming   I                                                  (continued on next page)                 I                                                                        ix                    I         Table_1_(Cont.)_TCP/IP_Services_Documentation____________________   I         Manual____________________Contents_______________________________   B         Compaq TCP/IP Services    This manual describes the SimpleD         for OpenVMS SNMP          Network Management Protocol (SNMP)F         Programming and           and the SNMP application programmingA         Reference                 interface (eSNMP). It describes D                                   the subagents provided with TCP/IPB                                   Services, utilities provided forF                                   managing subagents, and how to build5                                   your own subagents.   B         HP TCP/IP Services        This manual provides informationD         for OpenVMS Tuning and    about how to isolate the causes ofB         Troubleshooting           network problems and how to tuneF                                   the TCP/IP Services software for theD                                   best performance. It also providesF                                   information about using UNIX networkB                                   management utilities on OpenVMS.  @         HP TCP/IP Services for    This manual describes the IPv6C         OpenVMS Guide to IPv6     environment, the roles of systems @                                   in this environment, the typesD                                   and function of the different IPv6H                                   addresses, and how to configure TCP/IPI         __________________________Services_to_access_the_IPv6_network.___   F               For additional information about HP OpenVMS products andC               services, visit the following World Wide Web address:   *               http://www.hp.com/go/openvms  H               For a comprehensive overview of the TCP/IP protocol suite,H               refer to the book Internetworking with TCP/IP: Principles,<               Protocols, and Architecture, by Douglas Comer.           Reader's Comments   C               HP welcomes your comments on this manual. Please send <               comments to either of the following addresses:  +               Internet    openvmsdoc@hp.com     	         x                      1               Postal      Hewlett-Packard Company >               Mail        OSSG Documentation Group, ZKO3-4/U08,                           110 Spit Brook Rd./                           Nashua, NH 03062-2698   -         How to Order Additional Documentation     ;               For information about how to order additional H               documentation, visit the following World Wide Web address:  4               http://www.hp.com/go/openvms/doc/order           Conventions   D               In the product documentation, the name TCP/IP Services               means both:   5               o  HP TCP/IP Services for OpenVMS Alpha   3               o  HP TCP/IP Services for OpenVMS VAX   @               In addition, please note that all IP addresses are               fictitious.   F               The following conventions are used in the documentation.  G               Ctrl/x           A sequence such as Ctrl/x indicates that F                                you must hold down the key labeled CtrlH                                while you press another key or a pointing-                                device button.   F               PF1 x            A sequence such as PF1 x indicates thatG                                you must first press and release the key E                                labeled PF1 and then press and release G                                another key or a pointing device button.   D               <Return>         In examples, a key name enclosed in aD                                box indicates that you press a key onH                                the keyboard. (In text, a key name is not2                                enclosed in a box.)  I                                In the HTML version of this document, this E                                convention appears as brackets, rather *                                than a box.  I                                                                        xi                      @                . . .           A horizontal ellipsis in examples=                                indicates one of the following -                                possibilities:   D                                o  Additional optional arguments in a>                                   statement have been omitted.  D                                o  The preceding item or items can be=                                   repeated one or more times.   I                                o  Additional parameters, values, or other =                                   information can be entered.   I               .                A vertical ellipsis indicates the omission F               .                of items from a code example or commandD               .                format; the items are omitted becauseH                                they are not important to the topic being)                                discussed.   >               ( )              In command format descriptions,I                                parentheses indicate that you must enclose I                                choices in parentheses if you specify more (                                than one.  G               [ ]              In command format descriptions, brackets H                                indicate optional choices. You can chooseD                                one or more items or no items. Do notE                                type the brackets on the command line. E                                However, you must include the brackets B                                in the syntax for OpenVMS directoryA                                specifications and for a substring H                                specification in an assignment statement.  G               |                In command format descriptions, vertical D                                bars separate choices within bracketsF                                or braces. Within brackets, the choicesD                                are optional; within braces, at leastF                                one choice is required. Do not type theA                                vertical bars on the command line.   E               { }              In command format descriptions, braces I                                indicate required choices; you must choose G                                at least one of the items listed. Do not C                                type the braces on the command line.            xii                      I               bold type        Bold type represents the introduction of a G                                new term. It also represents the name of F                                an argument, an attribute, or a reason.  >               italic type      Italic type indicates important>                                information, complete titles ofG                                manuals, or variables. Variables include G                                information that varies in system output B                                (Internal error number), in commandE                                lines (/PRODUCER=name), and in command F                                parameters in text (where dd representsH                                the predefined code for the device type).  F               UPPERCASE TYPE   Uppercase type indicates a command, theH                                name of a routine, the name of a file, orG                                the abbreviation for a system privilege.   E               Example          This typeface indicates code examples, @                                command examples, and interactiveB                                screen displays. In text, this typeF                                also identifies URLs, UNIX commands andH                                pathnames, PC-based commands and folders,H                                and certain elements of the C programming(                                language.  F               -                A hyphen at the end of a command formatF                                description, command line, or code lineF                                indicates that the command or statement?                                continues on the following line.   D               numbers          All numbers in text are assumed to beI                                decimal unless otherwise noted. Nondecimal H                                radixes-binary, octal, or hexadecimal-are4                                explicitly indicated.                    I                                                                      xiii                          I                                                                         1 I         _________________________________________________________________   I                                                  New Features and Changes     B               This chapter describes the new features of HP TCP/IP/               Services for OpenVMS Version 5.4.   F                 ________________________ Note ________________________  B                 TCP/IP Services V5.4 is supported on OpenVMS Alpha                 systems only.   F                 ______________________________________________________  G               For more information about configuring and managing these I               services, see the HP TCP/IP Services for OpenVMS Management ?               guide provided with the TCP/IP Services software.   I               Table 1-1 lists the new features of TCP/IP Services Version 6               5.4 and the sections that describe them.  I               Table_1-1_TCP/IP_for_OpenVMS_Version_5.4_New_Features______   I               Section____________Description_____________________________   =               Section 1.1        A new TCP/IP kernel provides F                                  performance scalability for symmetric?                                  multiprocessing (SMP) systems.   F               Section 1.2        Secure shell (SSH) client and server.  C               Section 1.3        Secure Socket Layer (SSL) for POP.   5               Section 1.4        IP address failover.   D               Section 1.5        Software update and new programming:                                  examples using IPv6 APIs.  ;               Section 1.6        BIND server Version 9.2.1.   F               Section 1.7        INET driver performance enhancements.  I                                                  (continued on next page)   I                                              New Features and Changes 1-1                      New Features and Changes      B               Table 1-1 (Cont.) TCP/IP for OpenVMS Version 5.4 NewI               __________________Features_________________________________   I               Section____________Description_____________________________   E               Section 1.8        NFS server performance enhancements.   H               Section 1.9        TELNET server performance enhancements.  @               Section 1.10       BG device creation enhancement.  F               Section 1.11       Fast BG device creation and deletion.  9               Section 1.12       Updated standard kernel.   I               Section_1.13_______Support_for_TCPDUMP_utility.____________            1.1 Scalable Kernel   F               The TCP/IP kernel has been modified to provide increasedE               performance on symmetric multiprocessing (SMP) systems.   B               This complete redesign of the TCP/IP kernel providesA               enhanced performance on SMP systems by removing CPU C               contention among users. The new kernel uses a dynamic I               spinlock to lock the main internal database. All processing F               that requires locking is directed to a designated TCP/IPH               CPU, thus eliminating CPU contention with other CPU users.H               Essentially, network I/O becomes a series of asynchronous,+               transaction-based operations.   F                 ________________________ Note ________________________  D                 Be aware that implementations of the scalable kernel@                 in future versions of TCP/IP Services may differA                 from the way it is described here. Always consult *                 the current documentation.  F                 ______________________________________________________  *         1.1.1 Enabling the Scalable Kernel  G               To enable the scalable kernel, add the following lines to ?               the SYS$MANAGER:SYLOGICALS.COM command procedure:   <               $ ! ONLY the argument "PERF=ALL" is supported.>               $ ! Other values may cause unpredictable resultsW               $ ! to disable scalable kernel support, comment out next line and reboot. K               $ DEFINE/SYSTEM/EXECUTIVE TCPIP$STARTUP_CPU_IMAGES "PERF=ALL"   $         1-2 New Features and Changes           I                                                  New Features and Changes I                                                       1.1 Scalable Kernel     C               If TCP/IP Services has already been started, you must A               reboot the system after you make this change to the "               SYLOGICALS.COM file.  C               Although the scalable kernel runs on single processor E               systems, its greatest benefits are derived from its use 8               on symmetric multiprocessor (SMP) systems.  I               When the scalable kernel is enabled, the following messages ?               are displayed when TCPIP$STARTUP.COM is executed:   c         %TCPIP-I-INFO, PERF cpu-specific image SYS$LOADABLE_IMAGES:TCPIP$BGDRIVER_PERF.EXE selected l         %TCPIP-I-INFO, PERF cpu-specific image SYS$LOADABLE_IMAGES:TCPIP$INTERNET_SERVICES_PERF.EXE selectedY         %TCPIP-I-INFO, PERF cpu-specific image SYS$SYSTEM:TCPIP$INETACP_PERF.EXE selected c         %TCPIP-I-INFO, PERF cpu-specific image SYS$LOADABLE_IMAGES:TCPIP$TNDRIVER_PERF.EXE selected   D               To verify that the scalable kernel is enabled, use theF               TCP/IP management command SHOW VERSION/ALL. The value ofE               the TCPIP$STARTUP_CPU_IMAGES logical name is displayed. C               Images pertinent to the scalable kernel will have a _ E               PERF suffix. Also, the image identification will have a                PF suffix.  7         1.1.2 Restrictions on Using the Scalable Kernel   B               When you enable the scalable kernel, be aware of the               following:  B               o  The Point-to-Point Protocol (PPP) and Serial LineE                  Protocol (SLIP) do not work when the scalable kernel                   is running.  G               o  When you select the scalable kernel, the following net 3                  subsystem attributes are modified:   D                  -  The ovms_unit_maximum attribute is set to 32767.  G                  -  The ovms_unit_fast_credel attribute is set to 1, or                      ON.   @                  -  The ovms_unit_minimum attribute is set to 2.  C                  These changes enable your system to exceed 9999 BG A                  device sockets, since many more are required for F                  high-performance systems with multiple CPUs. For moreD                  information about these attributes, refer to the HPG                  TCP/IP Services for OpenVMS Tuning and Troubleshooting                   manual.  I                                              New Features and Changes 1-3                      New Features and Changes         1.1 Scalable Kernel     E               o  When you use the scalable kernel, certain operations F                  with the tcpdump utility may fail. For example, it is3                  not possible to trace ARP packets.            1.2 Secure Shell (SSH)  E               This release includes the Secure Shell (SSH) client and G               server, providing secure login, remote command execution, E               and file transfer. This implementation is based on SSH2 F               software from SSH Communications Security Corp., Version               2.4.1.  F                 ________________________ Note ________________________  E                 If the TCP/IP Services V5.3 Early Adopter's Kit (EAK)_C                 for SSH for OpenVMS is installed on the system, you F                 must use the PCSI command PRODUCT REMOVE to remove the<                 EAK before you install TCP/IP Services V5.4.  F                 ______________________________________________________  $               The SSH server allows:  ?               o  Remote users to securely log in to the system.   @               o  Secure file transfers between remote computers.  *               o  Remote command execution.  H               For information about configuring, managing, and using SSHF               for OpenVMS, refer to the HP TCP/IP Services for OpenVMS               Guide to SSH.   D               For restrictions on the use of this version of SSH for'               OpenVMS, see Section 3.5.            1.3 Secure POP  I               SSL (Secure Socket Layer) is supported for POP (Post Office_<               protocol), providing secure retrieval of mail.  D               The secure POP server accepts connections on port 995.G               Secure POP encrypts passwords, data, and POP commands and H               is compatible with clients that use SSL, such as Microsoft               Outlook.  $         1-4 New Features and Changes           I                                                  New Features and ChangeseI                                                            1.3 Secure POPo    G               To use this feature, you must download the HP SSL kit for !               OpenVMS Alpha from:o  3               http://www.openvms.compaq.com/openvmsr  )               Select "Security Products."   E               If the HP SSL software is not installed, the POP serverf/               will communicate in non-SSL mode.r  H               For information about configuring and managing Secure POP,F               see the HP TCP/IP Services for OpenVMS Management guide.  B               The SSL logical names are defined by the SSL startupI               procedure. Therefore, if you have POP configured to use SSLdH               logical names to locate the certificate and key files, youF               must ensure that the SSL startup procedure is run before4               the TCP/IP Services startup procedure.           1.4 failsafe IP_  B               The failSAFE IP feature provides IP address failoverH               capability for multiple interfaces on a host or a cluster.  F                 ________________________ Note ________________________  D                 If you have installed the TCP/IP Services V5.3 EarlyE                 Adopter's Kit (EAK) for failSAFE IP, you must use the2D                 PCSI command PRODUCT REMOVE to remove the EAK before1                 you install TCP/IP Services V5.4.   F                 ______________________________________________________  A               For more information about configuring and managing A               failSAFE IP, see the HP TCP/IP Services for OpenVMS                Management guide..  I               For information about restrictions on using this version ofn+               failSAFE IP, see Section 3.2..           1.5 IPv6 Enhancements1  I               The following sections describe updates and enhancements to !               IPv6 functionality..  I                                              New Features and Changes 1-5o e  E                New Features and Changes         1.5 IPv6 EnhancementsS    ;         1.5.1 IPv6 DNS Domain Name and Address Registrationt  I               New with this release, the TCPIP$ND6HOST process is capable F               of registering the host's domain name and address in the               DNS.  C               The TCPIP$ND6HOST process receives and processes IPv6.I               Router Advertisement (RA) packets of the Neighbor Discovery E               Protocol. This enables a system to autoconfigure itselftF               without manual intervention. With this version of TCP/IP=               Services, you can also enable DNS registration.   E               To enable host name and address registration, enter the                 following command:  7               $ DEFINE /SYSTEM TCPIP$ND6D_ENABLE_DDNS 1)  D               The domain name to be registered is obtained using the!               gethostname() call..  E               To update the zone, TCPIP$ND6HOST sends dynamic updates.H               to the primary master name server. The name of the primaryD               master name server is stored in the MNAME field of theA               SOA record for a zone. To determine the master nameCD               server, TCPIP$ND6HOST sends a query for the zone's SOAE               record to the name server specified in the DNS resolverIF               configuration. To display the DNS resolver configurationG               information, use the TCP/IP management command SHOW NAME.i  B               To make use of this feature, you must enable dynamicF               updates. By default, dynamic updates are rejected by DNSF               servers. For information about allowing dynamic updates,H               see the BIND Chapter of the HP TCP/IP Services for OpenVMS               Management guide.            1.5.2 IPv6 API Updates  >               The IPv6 programming APIs have been updated. NewF               programming examples are provided with this release. TheE               following is a list of the specific changes to the IPv6.               APIs:.                 o  IPv6 Changes:  H                  -  The flag value AI_DEFAULT, which could previously beI                     specified in the ai_flags parameter for a call to the.F                     getaddrinfo function, has been deprecated. It willI                     be removed from the NETDB.H file in a future release..I                     To achieve the behavior defined by this flag, specify.  $         1-6 New Features and Changes           I                                                  New Features and ChangesaI                                                     1.5 IPv6 Enhancementsi    E                     the logical OR of the flag values AI_V4MAPPED andD"                     AI_ADDRCONFIG.  F                  -  The BIND resolver has been updated as described in,                     the following RFC draft:  9                     draft-ietf-ipngwg-scoping-arch-04.txt   C                     This change allows the specification of an IPv6n?                     nonglobal address without ambiguity by also D                     specifying an intended scope zone. The format is                     as follows:P  #                     address%zone_id   D                     The format of the nonglobal address includes the                     following:  8                     -  address is a literal IPv6 address  F                     -  zone_id is a string to identify the zone of the                        address  H                     -  % is a delimiter character to distinguish between7                        the address and zone identifier.   D                     For example, the following specifies a nonglobal-                     address on interface WE0:e  "                     fe80::1234%WE0  @               o  The IPv4 TCP and UDP client and server C socket<                  programming example programs that reside inD                  SYS$COMMON:[SYSHLP.EXAMPLES.TCPIP] have been portedI                  to IPv6. The IPv6 versions of these example programs are.D                  located in SYS$COMMON:[SYSHLP.EXAMPLES.TCPIP.IPV6].  E               o  The IPv6 example database and configuration files in.G                  SYS$COMMON:[SYSHLP.EXAMPLES.TCPIP.IPV6.BIND] have been.5                  updated to reflect current practice.p  F               For more information about using the IPv6 APIs, refer to?               the HP TCP/IP Services for OpenVMS Guide to IPv6.6           1.6 BIND Version 9.2.1  D               The BIND server has been updated from Version 9.2.0 toI               Version 9.2.1. This update provides corrections to problemsr6               in the previous version of the software.  I                                              New Features and Changes 1-7r a  .                New Features and Changes7         1.7 Performance Enhancements to the INET Driver3    7         1.7 Performance Enhancements to the INET Driver   H               For Alpha systems only, the INETDRIVER now uses the fasterE               internal interface to the TCP/IP networking kernel. TherG               impact on nonpaged pool consumption and process quotas is."               now greatly reduced.  6         1.8 Performance Enhancements to the NFS Server  H               The NFS server now caches the contents of directory files,H               in addition to the content of other files. The server must7               access the directory files to cache them.i  I               For information about managing the NFS directory cache, seeeB               the HP TCP/IP Services for OpenVMS Management guide.  9         1.9 Performance Enhancements to the TELNET ServerU  F               The TELNET/RLOGIN server (TNDRIVER) has been improved as               follows:  H               o  The amount of CPU overhead required for maintaining the-                  TN devices has been reduced.   6               o  IOLOCK8 spinlocks are no longer used.  C               o  Concurrent operation of TN devices has been added..  4         1.10 Support for More Than 10,000 BG Devices  I               This feature allows a system, such as a web server, to have G               more than 10,000 devices. To enable this feature, set the.G               following net subsystem attribute to a value from 9999 to4               32767:                 ovms_unit_maximum.  =               This subsystem attribute must be defined in the D               SYSCONFIGTAB.DAT. For more information about modifyingG               the SYSCONFIGTAB.DAT file, see the HP TCP/IP Services for_7               OpenVMS Tuning and Troubleshooting guide.         $         1-8 New Features and Changes    h      I                                                  New Features and ChangesoI                     1.11 Support for Fast BG Device Creation and DeletionS    =         1.11 Support for Fast BG Device Creation and Deletionb  F               To support systems where large numbers of BG devices areH               continuously being created and deleted, as well as systemsI               where the number of BG devices has been increased above thelI               default 10,000 device unit limit, a new subsystem attribute ?               enables fast creation and deletion of BG devices:n  #               ovms_unit_fast_credel   G               The default setting for this attribute is 0, or OFF. ThishE               attribute must be defined in the SYSCONFIGTAB.DAT file. G               For more information about modifying the SYSCONFIGTAB.DAT E               file, see the HP TCP/IP Services for OpenVMS Tuning and $               Troubleshooting guide.  "         1.12 Updated TCP/IP Kernel  G               The TCP/IP Services kernel has been updated to Tru64 UNIXd               5.1B.            1.13 tcpdump Support  B               This version of TCP/IP Services includes the tcpdumpE               utility. The tcpdump utility provides dump analysis ande-               packet capturing. Specifically:   =               o  Native packet tracing and file-based tracing   I               o  Native tracing in copy-all mode (no promiscuous support)   @               o  Filter expression (boolean-based). For example:  B                  $ tcpdump ip host lassie and (port 21 or port 20)  F               For information about using the tcpdump utility, see theG               HP TCP/IP Services for OpenVMS Tuning and Troubleshooting_               guide.              I                                              New Features and Changes 1-9d c  e                    I                                                                         2gI         _________________________________________________________________   I                            Installation, Configuration, and Startup Notes     I               Use this chapter in conjunction with the HP TCP/IP ServicesC@               for OpenVMS Installation and Configuration manual.  <         2.1 Installing Over V5.3 Early Adopter's Kits (EAKs)  E               If you have installed one or more of the following V5.3uF               EAKs, you must use the PCSI REMOVE command to remove the;               EAKs before you install TCP/IP Services V5.4:   $               o  SSH for OpenVMS EAK                  o  failSAFE IP EAK  F                 ________________________ Note ________________________  B                 If you install the current TCP/IP Services version@                 after removing the failSAFE IP EAK, you must runD                 TCPIP$CONFIG.COM to reestablish your target and home                 interfaces.s  F                 ______________________________________________________            2.2 Installation Changes  G               The TCPIP$VMS_FILES.DOC file is no longer included in the ?               installation of the TCP/IP Services software kit.c           2.3 Configuring IPv6  D               The following sections describe procedures specific to2               systems where IPv6 is to be enabled.          I                        Installation, Configuration, and Startup Notes 2-1s i         6         Installation, Configuration, and Startup Notes         2.3 Configuring IPv6    C         2.3.1 Information for Users of the IPv6 Early Adopter's KitE  H               If you are running any version of the TCP/IP Services V5.0C               IPv6 EAK, remove the EAK and then install the currentuD               version of the TCP/IP Services software. You must thenE               run the TCPIP$IP6_SETUP.COM command procedure. For more F               information, refer to the HP TCP/IP Services for OpenVMS               Guide to IPv6.  F               The definition of a sockaddr structure has been changed.>               This change breaks binary compatibility for IPv6G               applications that were compiled using the TCP/IP ServiceseA               Version 5.0 EAK. You must recompile and relink your C               applications after you install the current version of                TCP/IP Services.  1         2.3.2 Warning Message in TCPIP$CONFIG.COMc  B               If you have run the TCPIP$IP6_SETUP.COM procedure toH               enable IPv6, and then you run the TCPIP$CONFIG.COM commandH               procedure, TCPIP$CONFIG.COM displays the following warningB               message when you select the Core environment option:  0                                          WARNING  Q               This node has been configured for IPv6.  If you make any additionaloJ               changes to the configuration of the interfaces, you must runL               TCPIP$IP6_SETUP again and update your host name information in6               BIND/DNS for the changes to take effect.  -         2.4 Startup Problems and Restrictionsa  G               The following list describes the restrictions on starting                TCP/IP Services:  B               o  Booting OpenVMS with MIN, INST, or UPGRADE is notI                  supported. The product configuration and startup commandsI                  procedures (TCPIP$CONFIG.COM and TCPIP$STARTUP.COM) failSH                  if you perform any kind of boot other than a full boot.  H               o  The TCPIP$CONFIG.COM command procedure fails on systemsD                  that do not have a SYSUAF database and a RIGHTSLISTI                  database. These OpenVMS files must be created before youn+                  configure TCP/IP Services.   :         2-2 Installation, Configuration, and Startup Notes x  a      I                            Installation, Configuration, and Startup Notes I                            2.5 Upgrading from TCP/IP Services Version 4.xe    6         2.5 Upgrading from TCP/IP Services Version 4.x  A               The following sections describe how to preserve thepE               behavior of the software when you upgrade from an oldernF               version of TCP/IP Services (UCX) to the current version.           2.5.1 Upgrading LPDp  E               o  When you merge edits into the system startup command.I                  procedure, do not include the commands to start and stoptF                  the queue UCX$LPD_QUEUE. This queue has been replacedD                  with TCPIP$LPD_QUEUE. The commands for starting andD                  stopping TCPIP$LPD_QUEUE are in the LPD startup and2                  shutdown command procedure files.  C               o  After you merge the edits, modify the value of thecE                  /PROCESSOR qualifier in the LPD client queue startup I                  commands that you have just appended, replacing UCX$LPD_eI                  SMB with TCPIP$LPD_SMB. For example, enter the following                   command:   J                  LSE Command> SUBSTITUTE/ALL "ucx$lpd_smb" "tcpip$lpd_smb"  3         2.5.2 Saving Mail Messages When You Upgradec  E               The new version of SMTP includes control files that are C               different from previous versions. Before upgrading to D               the current version of TCP/IP Services, use the TCP/IPI               management command ANALYZE MAIL to pick up any dead letterseI               (SMTP control files that have not been submitted to a printt"               queue). For example:  )               $ TCPIP ANALYZE MAIL/REPAIRH  ;         2.5.3 Preserving SNMP Startup and Shutdown Behaviorw  @               After you upgrade to the current version of TCP/IPE               Services, you must perform one of the following actionso-               to ensure correct SNMP startup:e  D               o  If SNMP was configured under an old TCP/IP ServicesG                  installation (UCX) and you want to retain the previous D                  configuration, run the SYS$MANAGER:TCPIP$CONFIG.COMI                  command procedure and select the option to automatically 1                  convert UCX configuration files.   I                        Installation, Configuration, and Startup Notes 2-3l           6         Installation, Configuration, and Startup Notes6         2.5 Upgrading from TCP/IP Services Version 4.x    C               o  After you upgrade to the current version of TCP/IP G                  Services, run the SYS$MANAGER:TCPIP$CONFIG.COM commandoB                  procedure. If SNMP is still enabled, disable SNMPG                  then enable it again. This is necessary for the proper -                  operation of this component.a  I               If you have customized versions of the UCX$SNMP_STARTUP.COMSC               and UCX$SNMP_SHUTDOWN.COM command procedures (used to G               start and stop extension subagents), save your customizedsD               files to a different directory before upgrading to theH               new version of TCP/IP Services. If you do not perform this9               step, your customized changes will be lost.   @               Check for versions of these files in the following               locations:                 o  SYS$MANAGER                 o  SYS$STARTUP  )               o  SYS$SYSDEVICE:[UCX$SNMP]   H               After you install TCP/IP Services, manually enter commands?               into the TCPIP$SNMP_SYSTARTUP.COM and TCPIP$SNMP_ D               SYSHUTDOWN.COM command procedures, as described in the>               HP TCP/IP Services for OpenVMS Management guide.  3         2.5.4 Customizing SNMP Startup and Shutdown   H               Enabling SNMP using the TCPIP$CONFIG.COM command procedure4               no longer creates the following files:  )               o  TCPIP$SNMP_SYSTARTUP.COM   *               o  TCPIP$SNMP_SYSHUTDOWN.COM  I               These command procedures are used for starting and stopping A               custom SNMP subagents. They will not be affected by <               installing future versions of TCP/IP Services.  <         2.5.5 SNMP Messages When You Install TCP/IP Services  D               For sites where the same version of TCP/IP Services isI               installed multiple times, informational messages similar to B               the following may appear in the installation dialog:  :         2-4 Installation, Configuration, and Startup Notes           I                            Installation, Configuration, and Startup Notes I                            2.5 Upgrading from TCP/IP Services Version 4.xe    5               Do you want to review the options? [NO]r  *               Execution phase starting ...  E               The following product will be installed to destination: U                   DEC AXPVMS TCPIP T5.3-9I               DISK$AXPVMSSYS:[VMS$COMMON.]mE               The following product will be removed from destination:;U                   DEC AXPVMS TCPIP T5.3-9H               DISK$AXPVMSSYS:[VMS$COMMON.]oZ               %PCSI-I-RETAIN, file [SYSEXE]TCPIP$ESNMP_SERVER.EXE was not replaced becauseB               file from kit does not have higher generation numberY               %PCSI-I-RETAIN, file [SYSEXE]TCPIP$HR_MIB.EXE was not replaced because filet=               from kit does not have higher generation number Z               %PCSI-I-RETAIN, file [SYSEXE]TCPIP$OS_MIBS.EXE was not replaced because file=               from kit does not have higher generation number \               %PCSI-I-RETAIN, file [SYSLIB]TCPIP$ESNMP_SHR.EXE was not replaced because file=               from kit does not have higher generation number Z               %PCSI-I-RETAIN, file [SYSLIB]UCX$ESNMP_SHR.EXE was not replaced because file=               from kit does not have higher generation numbers  ,               You can ignore these messages.  ,         2.5.6 SNMP Subagent Startup Messages  H               The SNMP startup procedure can produce the following error-               messages in subagent log files:r  O               25-JUL-2001 14:13:32.47 **ERROR ESNMP_INIT.C line 3777: Could notn3               connect to master: connection refused N               25-JUL-2001 14:13:32.94 WARNING OS_MIBS.C line 942: Master agent?               cannot be reached.  Waiting to attempt reconnect.r  G               These messages are the result of a timing problem and cann               be ignored.e  :         2.6 Troubleshooting SMTP and LPD Shutdown Problems  F               If SMTP or LPD shutdown generates errors indicating thatH               the queue manager is not running, check your site-specificF               shutdown command procedure (VMS_SYSHUTDOWN.COM). If thisF               procedure contains the command to stop the queue managerG               (STOP/QUEUE/MANAGER), make sure this command is after the I               command that runs the TCPIP$SHUTDOWN.COM command procedure.t      I                        Installation, Configuration, and Startup Notes 2-5f a  n      6         Installation, Configuration, and Startup Notes:         2.6 Troubleshooting SMTP and LPD Shutdown Problems    F                 ________________________ Note ________________________  E                 You do not have to stop the queue manager explicitly.nF                 The queue manager is automatically stopped and started,                 when you restart the system.  F                 ______________________________________________________                                                                            :         2-6 Installation, Configuration, and Startup Notes                         I                                                                         3 I         _________________________________________________________________   I                                                 Problems and Restrictionsi    B               This chapter provides information about problems andD               restrictions in the current version of TCP/IP Services  H         3.1 Advanced Programming Environment Restrictions and Guidelines  F               If you use the TCP/IP advanced programming features, you0               should keep the following in mind:  I               o  The header files provided in TCPIP$EXAMPLES are providedeH                  as part of our advanced TCP/IP programming environment.I                  The following list describes restrictions and guidelinese                   for using them:  F                  -  Use of the functions and data structures describedC                     in TCPIP$EXAMPLES:RESOLV.H is limited to 32-bit E                     pointers. The underlying implementation will only G                     handle 32-bit pointers. Previously, 64-bit pointers A                     were wrongly accepted, resulting in undefined ?                     behavior for the underlying implementation.   G                  -  IP.H and IP6.H are header files that are incomplete_D                     in the OpenVMS environment. They contain includeH                     directives for header files that are not provided in4                     this version of TCP/IP Services.  H                  -  NAMESER.H and RESOLV.H contain transliterations thatG                     intercept calls made to nameserver and resolver API G                     routines and redirect them to TCPIP$LIB.OLB. If you_I                     wish to use an implementation of these routines otheriH                     than the one provided by TCP/IP Services, define the&                     following symbols:  H                        __TCPIP_NO_NS_TRANSLITERATIONS for the nameserver$                        API routines.  G                        __TCPIP_NO_RES_TRANSLITERATIONS for the resolvers$                        API routines.  I                                             Problems and Restrictions 3-1  t  _      !         Problems and Restrictions_H         3.1 Advanced Programming Environment Restrictions and Guidelines    3               o  Problems with the basic socket APIi  I                  The routines getaddrinfo, getnameinfo, and freeaddrinfo,e@                  which are described as part of the Basic SocketE                  Interface Extensions for IPv6 (RFC 2553bis), are notS                  thread-safe.e  $         3.2 failSAFE IP Restrictions  A               After an interface failure has occurred, the TCP/IPgG               management command SHOW INTERFACE will not display pseudo D               interface addresses. Users of failSAFE IP must use theI               ifconfig utility to view IP addresses. For more information F               about using failSAFE IP, refer to the HP TCP/IP Services+               for OpenVMS Management guide.   !         3.3 BIND/DNS Restrictions   F               BIND Version 9 has the following restrictions when using               DNSSEC:N  H               o  Certain BIND server implementations do not support AAAAG                  (IPv6 address) records. When queried for a AAAA (IPv6)_E                  record type by the BIND resolver, these name serverscD                  will return an NXDOMAIN status, even if an A (IPv4)C                  record exists for the same domain name. These name F                  servers should be returning NOERROR as the status forH                  such a query. This problems can result in delays during&                  host name resolution.  I                  BIND Version 9.2.1, which is supported with this version B                  of TCP/IP Services does not exhibit this problem.  %               o  Serving secure zonesm  B                  When acting as an authoritative name server, BIND@                  Version 9 includes KEY, SIG, and NXT records inD                  responses as specified in RFC 2535 when the request2                  has the DO flag set in the query.  C                  Response generation for wildcard records in secure G                  zones is not fully supported. Responses indicating thePH                  nonexistence of a name include a NXT record proving theH                  nonexistence of the name itself, but do not include anyD                  NXT records to prove the nonexistence of a matchingC                  wildcard record. Positive responses resulting fromlE                  wildcard expansion do not include the NXT records too  %         3-2 Problems and Restrictions     m      I                                                 Problems and RestrictionseI                                                 3.3 BIND/DNS Restrictions_    I                  prove the nonexistence of a non-wildcard match or a more )                  specific wildcard match.s  "               o  Secure resolution  E                  Basic support for validation of DNSSEC signatures inPH                  responses has been implemented but should be considered                  experimental.  C                  When acting as a caching name server, BIND Version C                  9 is capable of performing basic DNSSEC validationFD                  of positive as well as nonexistence responses. ThisE                  functionality is enabled by including a trusted-keys G                  clause containing the top-level zone key of the DNSSEC 0                  tree in the configuration file.  B                  Validation of wildcard responses is not currentlyB                  supported. In particular, a "name does not exist"@                  response will validate successfully even if theE                  server does not contain the NXT records to prove the 5                  nonexistence of a matching wildcard.   F                  Proof of insecure status for insecure zones delegatedF                  from secure zones works when the zones are completelyH                  insecure. Privately secured zones delegated from secureC                  zones will not work in all cases, such as when theeD                  privately secured zone is served by the same server6                  as an ancestor (but not parent) zone.  ?                  Handling of the CD bit in queries is now fullyfG                  implemented. Validation is not attempted for recursive &                  queries if CD is set.  &               o  Secure dynamic update  D                  Dynamic updating of secure zones has been partiallyI                  implemented. Affected NXT and SIG records are updated byrH                  the server when an update occurs. Use the update-policyE                  statement in the zone definition for advanced access                   control.o  &               o  Secure zone transfers  D                  BIND Version 9 does not implement the zone transferA                  security mechanisms of RFC 2535 because they aredD                  considered inferior to the use of TSIG or SIG(0) to8                  ensure the integrity of zone transfers.  I                                             Problems and Restrictions 3-3  s  y      !         Problems and Restrictions           3.4 tcpdump Restrictions              3.4 tcpdump Restrictions  G               In many ways, tcpdump works the same way on OpenVMS as it D               does on UNIX systems, with the following restrictions:  G               o  On UNIX systems, tcpdump sets the NIC into promiscuous C                  mode and everything in the transmission is sent toe                  tcpdump.g  B                  On OpenVMS systems, tcpdump only sees the packetsF                  destined for and sent from the local host. Therefore,G                  tcpdump works in copy-all mode. Because it only sees anI                  copy of the the packets that are processed by the TCP/IPeF                  kernel, tcpdump can only trace natively IP, IPv6, and+                  ARP protocols on Ethernet.s  D                  tcpdump can format or filter packets that have been@                  traced from another platform running tcpdump inE                  promiscuous mode. In this case it will process other (                  protocols, like DECnet.  H               o  Ethernet is the only supported type of NIC. Other typesG                  of NICS (such as ATM, FDDI, Token Ring, SLIP, and PPP)i#                  are not supported.o  F               o  The -i option is not supported. On UNIX systems, thisH                  option specifies the interface that tcpdump is attached                  to.  E                  On OpenVMS systems, tcpdump obtains packets from theo                  TCP/IP kernel.   0               o  The -p option is not supported.  D                  On UNIX systems, this option specifies that tcpdump3                  stops working in promiscuous mode._  G                  On OpenVMS, tcpdump does not work in promiscuous mode.v:                  Therefore, this option is set by default.  D               o  If you are using the Ethereal software to dump IPv6E                  network traffic, use the following command format to 6                  write the data in the correct format:  &                  $ tcpdump -w filename  G               o  Only one process at a time can issue traces. This is a B                  common restriction for both TCPTRACE and tcpdump.  %         3-4 Problems and Restrictions            I                                                 Problems and RestrictionsoI                                                      3.5 SSH Restrictions              3.5 SSH Restrictions  >               This section contains the following information:  9               o  General SSH restrictions (Section 3.5.1)c  ;               o  File transfer restrictions (Section 3.5.2)   >               o  Restrictions in the use of the SSH_ADD utlity                   (Section 3.5.3)  &         3.5.1 General SSH Restrictions  C               This section describes restrictions not specific to ar)               particular SSH application.r  C               o  If hostbased authentication does not work, the SSHrF                  server may have failed to match the host name sent byG                  the client with the one it finds in DNS. You can checkeG                  whether this problem exists by comparing the output of-H                  the following commands (ignoring differences in case of"                  the output text):  '                  -  On the server host:u                       $ TCPIPo6                     TCPIP> SHOW HOST client-ip-address  '                  -  On the client host:f  (                     $ write sys$output -X                     $_ "''f$trnlnm("TCPIP$INET_HOST")'.''f$trnlnm("TCPIP$INET_DOMAIN")'"  E                     If the two strings do not match, you should check H                     the host name and domain configuration on the clientH                     host. It may be necessary to reconfigure and restart7                     TCP/IP Services on the client host._  E               o  In this release, an SSH client user can copy its ownyA                  version of the public key from an SSH server notdE                  previously contacted. To force users to use only theCE                  systemwide version of the server public key, you can -                  perform the following steps.   F                 ________________________ Note ________________________  C                 Steps 2 and 3 involve modification of system files.lE                 Therefore, it may be necessary to repeat them after ae1                 future update of TCP/IP Services.e  F                 ______________________________________________________  I                                             Problems and Restrictions 3-5t s  s      !         Problems and Restrictions          3.5 SSH Restrictions      D                  1. Edit TCPIP$SSH_DEVICE:[TCPIP$SSH]SSH2_CONFIG. to/                     include the following line:   .                     StrictHostKeyChecking  yes  6                  2. Restrict user access to TCPIP$SSH_?                     DEVICE:[TCPIP$SSH]SSH2_CONFIG. For example:   V         $ SET SECURITY/PROTECTION=(G,W) TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSH2_CONFIG.;  E                  3. Edit the SYS$STARTUP:TCPIP$SSH_CLIENT_STARTUP.COM.E                     command procedure to install the SSH server imagevA                     with the READALL privilege on startup. In theeF                     following example, change the existing line to the3                     replacement line, as indicated:                       . . .R                     $     image = f$edit("sys$system:tcpip$ssh_ssh2.exe","upcase")R                     $!    call install_image 'image' ""          <== existing lineP                     $     call install_image 'image' "readall"   <== replacement                      . . .  H                  4. Enable the SSH client, as described in the HP TCP/IP6                     Services for OpenVMS Guide to SSH.  D               o  When you execute remote commands on the OpenVMS SSHF                  server, the log file TCPIP$SSH_RCMD.LOG is created inD                  the directory defined by the logical name SYS$LOGIND                  for your user account. This log file must be purged                  manually.  C               o  When you execute remote commands on an OpenVMS SSH,>                  client connected to a non-OpenVMS SSH server:  B                  -  Output may not display correctly. For example,D                     sequential lines might be offset as if missing a:                     linefeed, as in the following example:                %         3-6 Problems and Restrictionsc f  O      I                                                 Problems and Restrictions I                                                      3.5 SSH Restrictionsr    -                     $ ssh user@unixhost ls -aT&                       user's password:0                       Authentication successful.                       .                         .. %                          .TTauthorityi0                                      .Xauthority6                                                 .cshrc9                                                       .dt C                                                          .dtprofilee  C                     To get the output to display correctly, use the %                     following format:r  >                     $ ssh -t [options] user@unixhost [command]  I                  -  Commands that automatically refresh the display, such F                     as the MONITOR utility, may not display correctly.  F               o  The server configuration parameter PermitRootLogin is                  not supported.D  G               o  The client configuration parameter EnforceSecureRutilsn"                  is not supported.  I               o  There is no automatic mapping from the UNIX ROOT accounto/                  to the OpenVMS SYSTEM account.   F               o  The SSH1 protocol suite is not supported for terminalF                  sessions, remote command execution, and file transferI                  operations. Parameters related to SSH1 in the server ando8                  client configuration files are ignored.  @               o  Starting SSH sessions recursively (for example,E                  starting one SSH session from within an existing SSHzI                  session) creates a layer of sessions. Logging out of the G                  innermost session may return to a layer other than thed8                  one from which the session was started.  I               o  Some SSH informational, warning, and error message codesr;                  are truncated in the display. For example:   =                  %TCPIP-E-SSH_FC_ERR_NO_S, file doesn't exist   E               o  Cutting and pasting from SSH terminal sessions on anCD                  OpenVMS server can cause data truncation. When thisC                  happens, the following error message is displayed:   3                  -SYSTEM-W-DATAOVERUN, data overrun   I                                             Problems and Restrictions 3-7            !         Problems and Restrictions.         3.5 SSH Restrictions    <               o  Some SSH log and trace output messages, andH                  informational, warning, and error messages display file3                  specifications as UNIX path names.   H               o  From a UNIX client, if you use OpenVMS syntax for namesD                  (such as device names), enclose the names in singleH                  quotation marks to prevent UNIX-style interpretation of$                  certain characters.  <                  For example, in the following command, UNIXB                  interprets the dollar sign ($) in the device name4                  SYS$SYSDEVICE:[user] as SYS:[user].  D                  # ssh user@vmssystem directory SYS$SYSDEVICE:[user]  C                  To avoid this problem, enter the command using theh+                  following format: formats:   F                  # ssh user@vmssystem directory 'SYS$SYSDEVICE:[user]'  H               o  The translation of the system logical name SYS$ANNOUNCEB                  is displayed after authentication is complete. InG                  this version of SSH, no automated mechanism exists fore;                  displaying this text as a prelogin banner.h  F                  To provide a prelogin banner from a text file, createG                  the file SSH_BANNER_MESSAGE. containing the text to be (                  displayed before login.  A                  To enter multiple lines in the banner text, make(E                  sure each line ends with an explicit carriage-return 0                  character except the last line.  4                  Save the banner message file in theB                  TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2] directory, withH                  privileges that allow it to be read by the user account                  [TCPIP$SSH].0  E                  If you do not use the default file name and location ?                  for the message banner file, define them usingl?                  the BannerMessageFile option in the TCPIP$SSH_tG                  DEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG. file. Specify thevF                  location and file name of your banner message file asF                  the argument to the option using one of the following                  formats:   L                  BannerMessageFile   TCPIP$SSH_DEVICE:[TCPIP$SSH]BANNER1.TXTL                  BannerMessageFile   /TCPIP$SSH_DEVICE/TCPIP$SSH/BANNER2.TXT5                  BannerMessageFile   /etc/banner3.txt   %         3-8 Problems and Restrictions            I                                                 Problems and RestrictionspI                                                      3.5 SSH Restrictionss    C                  Note that the argument may be in either OpenVMS orbD                  UNIX format and is not case sensitive. (If multipleD                  definitions for the same option are included in theB                  configuration file, the last one listed will take                  effect.)n  E                  The UNIX path /etc is interpreted by the OpenVMS SSH 8                  server as TCPIP$SSH_DEVICE:[TCPIP$SSH].  H               o  After you execute an SSH remote command, you might needI                  to press the <Return> key to get back to the DCL prompt..  F               o  When you log out, the message "Connection to hostnameC                  closed." may overwrite the last line of the logoutII                  message, as in the following example from an SSH sessionu,                  established with host tst1:                    $ LOGOUT E                  Connection to tst1 closed.at  7-AUG-2003 14:37:15.01   C               o  You cannot shut down an OpenVMS system from an SSH ;                  session, such as by executing the command:a  +                  $ @SYS$SYSTEM:SHUTDOWN.COM   I                  In this version of SSH, the phase of shutdown that stops <                  user processes disconnects the SSH session.  G               o  SSH access from a non-OpenVMS client to a user with an G                  expired password on an OpenVMS server is controlled by F                  the value of the AllowNonvmsLoginWithExpiredPw optionE                  in the SSHD2_CONFIG file. For more information about I                  this option, refer to the HP TCP/IP Services for OpenVMS                   Guide to SSH.  B               o  SSH escape sequences are not fully supported. ForA                  example, you may have to enter the Escape . exitaC                  sequence twice for it to take effect. On exit, thes=                  terminal is left in NOECHO and PASTHRU mode.   C               o  Any OpenVMS command that refreshes the display cannF                  have unexpected results when executed as a remote SSHE                  command. For example, the following command exhibitso                  this behavior:d  )                  $ MONITOR PROCESS/TOPCPU   I                                             Problems and Restrictions 3-9            !         Problems and Restrictions_         3.5 SSH Restrictions    D                  Executed locally, this command displays a bar chartH                  that is continuously updated. When executed as a remoteB                  command, it displays each update sequentially. InI                  addition, you cannot terminate the command using Ctrl/C._  (         3.5.2 SSH File Copy Restrictions  D               o  On OpenVMS, setting the ForcePTTYAllocation keyword>                  to YES in the SSH2_CONFIG. file can result inC                  failures when performing file copy operations. (In6B                  other implementations of SSH, setting the keywordD                  ForcePTTYAllocation to YES in the SSH2_CONFIG. fileF                  has the same effect as using the -t option to the SSH                  command.)  D               o  Using the scp and sftp commands from an OpenVMS SSHE                  client to a UNIX server running OpenSSH is not fullyiG                  supported because certain operations cause the OpenVMS A                  client to hang. The hang cannot be terminated byu,                  entering Ctrl/C and Ctrl/Y.  ?               o  File transfer is limited to OpenVMS files withUB                  the following record formats (as displayed by the)                  DIRECTORY/FULL command):                     -  STREAM_LF   1                  -  Fixed-length 512-byte recordse  G               o  Not all variants of UNIX path names are supported when C                  referring to files on OpenVMS clients and servers.e  C               o  Using the SCP and SFTP commands from a non-OpenVMS D                  client may have unpredictable results, depending onH                  how the client formats the target file name and whether/                  the client is SSH2 compatible.C  *         3.5.3 SSH_ADD Utility Restrictions  H               If you do not specify the key file in the SSH_ADD command,F               and SSH_ADD finds no INDENTIFICATION. file, it adds onlyC               the first private key it finds in the [username.SSH2]                directory.    &         3-10 Problems and Restrictions n  u      I                                                 Problems and RestrictionsaI                                                      3.6 LPD Restrictionsn             3.6 LPD Restrictions  B               The LPD$SPOOL logical name has been removed from the               software.d           3.7 IMAP Dependenciesh  H               The IMAP server is limited in the number of connections anH               IMAP server process can handle before it forces the kernelG               to create a new IMAP server process. This value is set inu:               the TCPIP$IMAP.CONF file to 25. For example:                  Max-Connections:25  H         3.8 NSLOOKUP Over a TELNET Connection Fails Under OpenVMS V7.3-1  @               If you use TELNET to connect to a system where theE               subsystem attribute maxbuf is set to greater than 32767 I               and execute a C program that uses a C runtime call (such as I               getc or gets) to read data from the terminal, the C programgH               may return a generic user IO error message rather than the.               specific errors returned by RMS.  $               To solve this problem:  G               o  Set the subsystem attribute maxbuf to 32767. This is ac=                  dynamic parameter, so no reboot is required.   <               o  Install the OpenVMS patch VMS731_RMS-V0100.  A               o  Reset the maxbuf attribute to the desired value.s           3.9 FTP Restrictions  @               The FTP server does not allow you to specify an IPE               address other than that of the connected client, or thetD               specification of a privileged port, in the PORT, LPRT,G               or EPRT commands. Any such commands are rejected with theP               following error:  3               500 Illegal {PORT|LPRT|EPRT} command.n  G               The FTP server and client prevent data connection "theft" C               by a third party. For the FTP server, this applies to H               passive-mode connections from an IP address other than theF               client's, or from a privileged port. For the FTP client,H               this applies to active-mode connections from an IP addressI               other than the server's, or from a port other than port 20.A  I                                            Problems and Restrictions 3-11o p  d      !         Problems and RestrictionsT         3.9 FTP Restrictions    C               You can restore the original behavior by defining the &               following logical names:  I         _________________________________________________________________ I         Server___________________________Client__________________________o  F         TCPIP$FTPD_ALLOW_ADDR_REDIRECT   TCPIP$FTP_ALLOW_ADDR_REDIRECT  I         TCPIP$FTPD_ALLOW_PORT_REDIRECT___TCPIP$FTP_ALLOW_PORT_REDIRECT___   G               These logical names allow you to relax the IP address andrE               port checks independently in the FTP server and the FTPl               client.   I         3.10 Determining the TCP/IP Device Name from a Channel Assignmentu  A               OpenVMS provides several ways to determine the name <               of a device on a channel assignment. Using theF               SYS$GETDVI/SYS$GETDVIW system services, the DVI$_DEVNAM,I               DVI$_FULLDEVNAM, and DVI$_UNIT items all return informationUE               about the device. While the first two items provide theuH               full device name, the DVI$_UNIT item returns only the unitG               number of the device. To form the complete device name, arH               program must prefix the unit number (as a string) with theH               device name and controller information. In the case of theE               TCP/IP device name, the programmer could add the string H               BG or BGA. For example, BG + 1234 would produce the device               name BG1234:.i  H               The TCP/IP device name may be altered in a future release.D               It is good programming practice to use the DVI$_DEVNAME               or DVI$_FULLDEVNAM items to obtain the full device-namenH               string. Such programs are not based on the assumption thatD               the TCP/IP device name is BGnnnn or BGAnnnn, and wouldE               not be affected by any change in the TCP/IP device name                strategy.   1         3.11 RCP Full Transparent Copy Operationsi  C               The following sections describe limitations of RCP on                OpenVMS.        &         3-12 Problems and Restrictions           I                                                 Problems and RestrictionsoI                                 3.11 RCP Full Transparent Copy OperationsM    4         3.11.1 Using RCP to Transfer STREAM_LF Files  F               RCP on OpenVMS is best used for transferring text files.F               Under previous versions of TCP/IP Services, RCP convertsG               any type of OpenVMS file that is not STREAM_LF to STREAM_lF               LF format using the standard OpenVMS $CONVERT utility by8               specifying the files in the following way:  K               FILE;ORGA SEQU;RECO;CARR CARR;FORM STREAM_LF;SIZE 0;BLOCK YES   D               RCP sends the converted file using block-mode RMS fileC               I/O (SYS$READ()) and writes the data using block-modeu               (SYS$WRITE()).  I               This behavior has been changed so that RCP does not convert E               FIXED or UNDEFINED format files (in addition to STREAM_ C               LF files). You can restore the old behavior using the %               following logical name:S  0               TCPIP$RCP_SEND_FIX_FORMAT_AS_ASCII  C               If this logical name is set, the original behavior of G               converting FIXED and UNDEFINED files is restored. If this G               logical name is set to a number other than 1, the default H               behavior is enabled. Files with a fixed-length record sizeH               that exactly matches the value of the logical name are not               converted.  I               For example, if you set this logical name to 512, all FIXED G               and UNDEFINED files are converted except for files with aCI               fixed-length record size of 512 (such as OpenVMS executable                image files).   F               The receiving peer, if OpenVMS, always creates a file ofD               type STREAM_LF. The RCP protocol provides no method ofC               transferring file type information between sender andmC               receiver. Therefore, the receiving peer has no way ofs4               knowing anything about file structure.  E               In an OpenVMS-to-OpenVMS transfer, if the original file[G               was FIXED or UNDEFINED and was not converted, use the DCLrI               command SET FILE/ATTRIBUTES to change the attributes on theNI               resulting STREAM_LF file to correspond to the format of the                original file.  I                                            Problems and Restrictions 3-13  .         !         Problems and Restrictions 1         3.11 RCP Full Transparent Copy Operationsl    I               For example, after transferring an OpenVMS executable image5D               file (FIXED format with a record-length of 512 bytes),H               enter the following command to make it an executable image               again:  C               $ SET FILE/ATTR=(RFM:FIX,LRL:512) RCP-COPIED-FILE.EXEt  (         3.11.2 RCP File Size Limitations  F               The RCP protocol requires that the length of the file beH               sent as part of the protocol. The length is interpreted asG               a signed 32-bit integer. On OpenVMS, the file's length istG               determined using an RTL call to fstat(). Therefore, filescG               transferred using RCP must be less than 2 GB minus 1 byte !               (2147483647 bytes).e  H               In comparison, FTP does not have any of these limitations.;               However, FTP uses a different security model.r  *         3.12 NFS Problems and Restrictions  G               The following sections describe problems and restrictionse               with NFS.   3         3.12.1 NFS Server Problems and Restrictions   I               o  Using the ls command from a Solaris Version 9 client may_H                  hang the OpenVMS server with no error message on eitherE                  client or server. To avoid this problem, set the nfshI                  subsystem attribute ovms_xqp_plus_enabled to 7. Refer toyH                  the HP TCP/IP Services for OpenVMS Management guide for7                  more information about this attribute.   A               o  Directories in a container file system cannot beoH                  deleted, either by the TCP/IP management command REMOVEH                  DIRECTORY or by clients. The following error message is                  displayed:_                    no such file   B               o  Under TCP/IP Services Version 5.3, the NFS clientD                  command "mkdir dirname.dir" used on an ODS-5 volumeG                  with the TYPELESS_DIRECTORIES export option produces avG                  directory with the OpenVMS name "dirname.DIR;1", whichdI                  is displayed back to the NFS client as simply "dirname.",  &         3-14 Problems and Restrictions    m      I                                                 Problems and RestrictionseI                                        3.12 NFS Problems and Restrictions     G                  This problem has been fixed in TCP/IP Services Version H                  5.4. The directory is now created with the OpenVMS fileF                  specification "dirname.dir.DIR;1", which is displayedB                  back to the client as "dirname.dir," as expected.  E                  Therefore, non-OpenVMS clients using an ODS-5 volumeeH                  should always refer to directories according to whetherB                  or not the TYPELESS_DIRECTORIES option is in use.  B                  -  With the TYPELESS_DIRECTORIES option, the fileE                     "dirname.DIR;1" must be referred to as "dirname".r  @                  -  Without the TYPELESS_DIRECTORIES option, the?                     file "dirname.DIR;1" must be referred to asi"                     "dirname.dir".  F                  Note that you may need to change some export records,I                  either to include the ".dir" at each directory level, or 8                  to add the TYPELESS_DIRECTORIES option.  @                  Client MOUNT commands must also conform to this                  convention.  F               o  When performing a mount operation or starting the NFSE                  server with OPCOM enabled, the TCP/IP Services MOUNTAF                  server can erroneously display the following message:  S                  %TCPIP-E-NFS_BFSCAL, operation MOUNT_POINT failed on file /dev/dir   H                  This message appears even when the MOUNT or NFS startupC                  has successfully completed. In the case of a mount G                  operation, if it has actually succeeded, the following 0                  message will also be displayed:  B                  %TCPIP-S-NFS_MNTSUC, mounted file system /dev/dir  F               o  If the NFS server and the NFS client are in differentI                  domains and unqualified host names are used in requests,oG                  the lock server (LOCKD) fails to honor the request ands*                  leaves the file unlocked.  E                  When the server attempts to look up a host using itsCG                  unqualified host name (for example, johnws) instead ofaG                  the fully qualified host name (for example, johnws.abceD                  com), and the host is not in the same domain as the+                  server, the request fails.   I                                            Problems and Restrictions 3-15     D      !         Problems and Restrictions *         3.12 NFS Problems and Restrictions    E                  To solve this type of problem, you can do one of the                   following:d  H                  -  When you configure the NFS client, specify the fullyH                     qualified host name, including the domain name. This:                     ensures that translation will succeed.  G                  -  Add an entry to the NFS server's hosts database fortE                     the client's unqualified host name. Only that NFSrD                     server will be able to translate this host name.I                     This solution will not work if the client obtains itse2                     address dynamically from DHCP.  3         3.12.2 NFS Client Problems and Restrictionsr  B               o  To get proper timestamps, when the system time isF                  changed for daylight savings time (DST), dismount allH                  DNFS devices. (The TCP/IP management command SHOW MOUNTD                  should show zero mounted devices.) Then remount the                  devices.l  F               o  The NFS client should properly handle file names withD                  the semicolon character on ODS-5 disk volumes. (For;                  example, a^;b.dat;5 is a valid file name.)f  H                  The current version does not handle these types of fileE                  names properly; they are truncated at the semicolon.o  F               o  The NFS client included with TCP/IP Services uses the-                  NFS Version 2 protocol only.r  G               o  With the NFS Version 2 protocol, the value of the file ,                  size is limited to 32 bits.  F               o  The ISO Latin-1 character set is supported. The UCS-2.                  characters are not supported.  F               o  File names, including file extensions, can be no more*                  than 236 characters long.  E               o  Files containing characters not accepted by ODS-5 on G                  the active OpenVMS version or whose name and extension E                  exceeds 236 characters are truncated to zero length.eG                  This makes them invisible to OpenVMS and is consistent 8                  with prior OpenVMS NFS client behavior.  &         3-16 Problems and Restrictions    f      I                                                 Problems and RestrictionstI                                                    3.13 IPv6 Restrictionsc             3.13 IPv6 Restrictions  H               The following sections describe restrictions in the use of               IPv6.a  '         3.13.1 Mobile IPv6 Restrictionss  I               The implementation of mobile IPv6 in this version of TCP/IPtE               Services does not support binding update authenticationfF               as specified in draft-ietf-mobileip-ipv6-15.TXT, SectionG               4.4, including the authentication data sub-option definedhF               in Section 5.6. You should limit the use of this versionE               to testing environments that are not subject to attack,aF               because system integrity can be compromised by accepting'               unauthenticated bindings.   2         3.13.2 6to4 Configuration is Not Supported  F               TCP/IP Services contains the TCPIP$IP6_SETUP.COM commandG               procedure for configuring IPv6 on a node. The use of thissE               procedure to configure the 6to4 tunnel mechanism is not H               supported in this release. Attempts to configure 6to4 with-               the procedure will not succeed.u  .         3.13.3 IPv6 Requires the BIND Resolver  G               If you are using IPv6, you must enable the BIND resolver.dC               To enable the BIND resolver, use the TCPIP$CONFIG.COM @               command procedure. From the Core menu, select BIND               Resolver.n  A               You must specify the BIND server to enable the BINDtC               resolver. If you do not have access to a BIND server,SE               specify the node address 127.0.0.0 as your BIND server.   3         3.14 TCP/IP Management Command RestrictionsR  G               The following restrictions apply to the TCP/IP management                commands:   @               o  TCP/IP Services version 5.4 introduces failSAFEB                  IP, which obsoletes the IP cluster alias address.G                  Consequently, the following TCP/IP management commandsX)                  are no longer supported:u  2                  o  TCPIP SET INTERFACE /NOCLUSTER  1                  o  TCPIP SHOW INTERFACE /CLUSTER   I                                            Problems and Restrictions 3-17     s      !         Problems and Restrictionsh3         3.14 TCP/IP Management Command Restrictionsm    H                  To show interface addresses, including IP cluster aliasF                  addresses, you must use the following sequence of DCL                  commands:  9                  $ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM                   $ ifconfig -a  B                  To delete a cluster alias address from the activeD                  system, use a DCL command similar to the following:  1                  $ ifconfig ie0 -alias 10.10.10.1e  A                  For backward compatibility, the following TCP/IPI>                  management commands continue to be supported:  8                  o  SET CONFIGURATION INTERFACE /CLUSTER  :                  o  SET CONFIGURATION INTERFACE /NOCLUSTER  9                  o  SHOW CONFIGURATION INTERFACE /CLUSTERc  '               o  SET NAME_SERVICE /PATH   I                  This command requires the SYSNAM privilege. If you enteroE                  the command without the appropriate privilege at the I                  process level, the command does not work and you are nothH                  notified. If you enter the command at the SYSTEM level,H                  the command does not work and receive an error message.  $               o  SET SERVICE command  E                  When you modify parameters to a service, disable andoC                  reenable the service for the modifications to taken                  effect.  *         3.15 NTP Problems and Restrictions  D               o  NTP uses a slew mechanism to synchronize the systemD                  clock. The method that NTP uses to obtain a maximumD                  slew value (the maximum amount that NTP will adjustC                  the clock in one attempt) changes when you upgrade D                  from NTP Version 3 to NTP Version 4. As a result ofH                  this change, it may take longer for clocks to come intoE                  synchronization under NTPv4 than it did under NTPv3.   E               o  The NTP server has a stratum limit of 15. The server E                  does not synchronize to any time server that reportscD                  a stratum of 15 or greater. This may cause problemsB                  if you try to synchronize to a server running the  &         3-18 Problems and Restrictions           I                                                 Problems and RestrictionsnI                                        3.15 NTP Problems and Restrictionso    F                  UCX NTP server, if that server has been designated asD                  "free running" (with the local-master command). ForG                  proper operation, the local-master designation must bei=                  specified with a stratum no greater than 14.t  I               o  Whenn running on certain high-performance Alpha systems,oI                  NTP may be unable to adjust the system clock; therefore, F                  NTP will not be able to provide accurate timekeeping.G                  When this happens, the following error message appearsE%                  in the NTP log file:t  B                  %SYSTEM-F-BADLOGIC, internal logic error detectedK                  VMS timekeeping is not working as expected - can't proceed            3.16 SNMP Problems  G               This section describes restrictions to the SNMP component F               for this release. For more information about using SNMP,B               refer to the Compaq TCP/IP Services for OpenVMS SNMP/               Programming and Reference manual.   !         3.16.1 Incomplete Restart   B               When the SNMP master agent and subagents fail or areC               stopped, TCP/IP Services is often able to restart all_I               processes automatically. However, under certain conditions,oH               subagent processes may not restart. When this happens, theG               display from the DCL command SHOW SYSTEM does not include G               TCPIP$OS_MIBS and TCPIP$HR_MIB. If this situation occurs,_>               restart SNMP by entering the following commands:  4               $ @SYS$STARTUP:TCPIP$SNMP_SHUTDOWN.COM  3               $ @SYS$STARTUP:TCPIP$SNMP_STARTUP.COM            3.16.2 SNMP IVP ErrorH  A               On slow systems, the SNMP Installation VerificationoD               Procedure can fail because a subagent does not respondC               to the test query. The error messages look like this:                     .                  .                  .5               Shutting down the SNMP service... done.S  B               Creating temporary read/write community SNMPIVP_153.  I                                            Problems and Restrictions 3-19e H  r      !         Problems and RestrictionsR         3.16 SNMP Problems    &               Enabling SET operations.  0               Starting the SNMP service... done.  C               SNMPIVP: unexpected text in response to SNMP request: 8               "- no such name - returned for variable 1"P               See file SYS$SYSDEVICE:[TCPIP$SNMP]TCPIP$SNMP_REQUEST.DAT for more               details.<               sysContact could not be retrieved.  Status = 0:               The SNMP IVP has NOT completed successfully.)               SNMP IVP request completed.e*               Press Return to continue ...  @               You can ignore these types of messages in the IVP.  2         3.16.3 Using Existing MIB Subagent Modules  H               If an existing subagent does not execute properly, you mayE               need to relink it against the current version of TCP/IPuG               Services to produce a working image. Some subagents (such E               as those for OpenVMS support of Compaq Insight Manager) E               also require a minimum version of OpenVMS and a minimum )               version of TCP/IP Services.t  /               The following restrictions apply:n  F               o  In general, only executable images linked against theD                  following versions of the eSNMP shareable image areE                  upward compatible with the current version of TCP/IPr                  Services:  F                  -  UCX$ESNMP_SHR.EXE from TCP/IP Services Version 4.2                     ECO 4s  I                  -  TCPIP$ESNMP_SHR.EXE from TCP/IP Services Version 5.0A                      ECO 1e  D                  Images built under versions other than these can beC                  relinked with one of the shareable images, or withaE                  TCPIP$ESNMP_SHR.EXE in the current version of TCP/IP                   Services.  I               o  The underlying eSNMP API changed from DPI in Version 5.0 E                  to AgentX in the current version of TCP/IP Services.rB                  Therefore, executable images linked against olderF                  object library versions of the API (*$ESNMP.OLB) mustE                  be relinked against either the new object library or G                  the new shareable image. Linking against the shareable   &         3-20 Problems and Restrictions m  o      I                                                 Problems and RestrictionsgI                                                        3.16 SNMP Problems     I                  image ensures future upward compatibility and results in %                  smaller image sizes.c  F                 ________________________ Note ________________________  ?                 Although images may run without being relinked,lF                 backward compatibility is not guaranteed. These imagesC                 can result in inaccurate data or run-time problems.e  F                 ______________________________________________________  D               o  This version of TCP/IP Services provides an updatedD                  version of the UCX$ESNMP_SHR.EXE shareable image toI                  provide compatibility with subagents linked under TCP/IPdE                  Services Version 4.2 ECO 4. Do not delete this file.   D               o  The SNMP server responds correctly to SNMP requestsD                  directed to a cluster alias. Note, however, that anD                  unexpected host may be reached when querying from aI                  TCP/IP Services Version 4.x system that is a member of aeC                  cluster group but is not the current impersonator.p  H               o  The SNMP master agent and subagents do not start if theI                  value of logical name TCPIP$INET_HOST does not yield the F                  IP address of a functional interface on the host whenH                  used in a DNS query. This problem does not occur if theE                  server host is configured correctly with a permanent,D                  network connection (for example, Ethernet or FDDI).G                  The problem can occur when a host is connected throughMH                  PPP and the IP address used for the PPP connection doesH                  not match the IP address of the TCPIP$INET_HOST logical                  name.  G               o  Under certain conditions observed primarily on OpenVMSiH                  VAX systems, the master agent or subagent exits with anE                  error from an internal select() socket call. In most G                  circumstances, looping does not occur. You can control G                  the number of iterations if looping occurs by defining @                  the TCPIP$SNMP_SELECT_ERROR_LIMIT logical name.  >               o  The MIB browser provided with TCP/IP ServicesE                  (TCPIP$SNMP_REQUEST.EXE) supports getnext processingiH                  of OIDs that include the 32-bit OpenVMS process ID as aG                  component. However, other MIB browsers may not providey                  this support.  I                                            Problems and Restrictions 3-21e           !         Problems and Restrictionso         3.16 SNMP Problems    I                  For example, the following OIDs and values are supportedn                  on OpenVMS:  ?                  1.3.6.1.2.1.25.4.2.1.1.1321206828 = 1321206828r?                  1.3.6.1.2.1.25.4.2.1.1.1321206829 = 1321206829 ?                  1.3.6.1.2.1.25.4.2.1.1.1321206830 = 1321206830P  :                  These examples are from hrSWRunTable; the:                  hrSWRunPerfTable may be affected as well.  E               o  You can ignore the following warning that appears infG                  the log file if a null OID value (0.0) is retrieved ine@                  response to a Get, GetNext, or GetBulk request:  E                  o_oid; Null oid or oid->elements, or oid->nelem == 0G           3.16.4 Upgrading SNMP   >               After upgrading to the current version of TCP/IPG               Services, you must disable and then enable SNMP using the I               TCPIP$CONFIG configuration command procedure. When prompted:D               for "this node" or "all nodes," select the option that2               reflects the previous configuration.  >         3.16.5 Communication Controller Data Not Fully Updated  A               When you upgrade TCP/IP Services and then modify an F               existing communication controller, programs that use theC               communication controller might not have access to thee"               updated information.  I               To ensure that programs like the MIB browser (SNMP_REQUEST) A               have access to the new data about the communication +               controller, do the following:n  E               1. Delete the communication controller using the TCP/IPID                  management command DELETE COMMUNICATION_CONTROLLER.  B               2. Reset the communication controller by running the@                  TCPIP$CONFIG.COM command procedure and exiting.  C               3. Restart the program (such as SNMP) by entering theW$                  following commands:  1                  $ @SYS$STARTUP:SNMP_SHUTDOWN.COMt  0                  $ @SYS$STARTUP:SNMP_STARTUP.COM  7               4. Use the TCP/IP management command LIST E                  COMMUNICATION_CONTROLLER to display the information.   &         3-22 Problems and Restrictions    A      I                                                 Problems and RestrictionsrI                                                        3.16 SNMP Problems     %         3.16.6 SNMP MIB Browser Usage   D               If you use either the -l (loop mode) or -t (tree mode)H               flag, you cannot also specify the -m (maximum repetitions)F               flag or the -n (nonrepeaters) flag. The latter flags are8               incompatible with loop mode and tree mode.  A               Incorrect use of the -n and -m flags results in theh!               following messages:i  Y               $ snmp_request mynode.co.com public getbulk -v2c -n 20 -m 10 -t 1.3.6.1.2.1tF               Warning: -n reset to 0 since -l or -t flag is specified.F               Warning: -m reset to 1 since -l or -t flag is specified.4               1.3.6.1.2.1.1.1.0 = mynode.company.com  -         3.16.7 Duplicate Subagent Identifiers   E               With this version of TCP/IP Services, two subagents cannI               have the same identifier parameter. Be aware, however, that H               having two subagents with the same name makes it difficultD               to determine the cause of problems reported in the log               file.   9         3.16.8 eSNMP Programming and Subagent DevelopmentS  B               The following notes pertain to eSNMP programming and#               subagent development.   D               o  In the documentation, the terms extension subagent,H                  custom subagent, and user-written subagent refer to anyF                  subagent other than the standard subagents for MIB-IIG                  and the Host Resources MIB, which are provided as part 0                  of the TCP/IP Services product.  E               o  In the [.SNMP] subdirectory of TCPIP$EXAMPLES, filesOH                  with the .C, .H, .COM, .MY, and .AWK extensions contain7                  additional comments and documentation.   H               o  The TCPIP$SNMP_REQUEST.EXE, TCPIP$SNMP_TRAPSND.EXE, andG                  TCPIP$SNMP_TRAPSND.EXE programs are useful for testingl7                  during extension subagent development.   I               o  For information about prototypes and definitions for theaF                  routines in the eSNMP API, see the TCPIP$SNMP:ESNMP.H                  file.  I                                            Problems and Restrictions 3-23t b  u                    I                                                                         4eI         _________________________________________________________________   I                                                               Correctionso    F               This chapter describes some of the user-visible problems;               corrected in this version of TCP/IP Services.   G         4.1 Management Command Interface Problems Fixed in This ReleaseU  E               The following TCP/IP Services TCP/IP management commandn1               problems are fixed in this release:U                 o  Problems:  F                  -  The SET CONFIGURATION ENABLE SERVICE command failsA                     when processing node-specific or cluster-widetE                     configuration records containing large numbers ofC$                     service entries.  I                  -  The SET CONFIGURATION ENABLE SERVICE command fails tooI                     output any error message when trying to add a servicenG                     to a configuration record that already contains the 6                     maximum number of service entries.  @                  -  The TCPIP$CONFIG.COM configuration procedureI                     generates errors processing service lists that exceed 7                     the 1024-byte limit of DCL symbols.e  B                  -  The number (63) of service entries that can beI                     stored in node-specific or cluster-wide configuration '                     records is too low.                     Solutions:   G                  -  In TCPIP$CONFIG.COM, routines correctly handle long H                     enable service lists that exceed the 1024-byte limit#                     of DCL symbols.   >                  -  In TCPIP$UCX.EXE, the routine that signals<                     "TOOMANYSERV" errors has been corrected.  I                                                           Corrections 4-1     u               Corrections G         4.1 Management Command Interface Problems Fixed in This Releasee    B                     The maximum number of service entries has beenH                     changed from 64 to 128 when updating a configurationG                     record that specifies a limit that is less than theb$                     current maximum.  F                  -  In TCPIP$ACCESS_SHR.EXE, raised the maximum numberI                     of service entries supported in configuration records #                     from 64 to 128.S  H                  -  In TCPIP$ACCESS_SHR.EXE, the largest record field inG                     the record descriptor table uses the largest recordT.                     size in the INET facility.  G                     This change corrects the system failure experienced 6                     when creating large service lists.  E                  -  In TCPIP$MESSAGE.MSG, the TOOMANYSERV message hast                     been added.r  G               o  Problem: The TCP/IP management command MOUNT generates H                  an access violation when trying to perform a wildcarded!                  mount operation.v  I                  Solution: MOUNT command handling and processing has beens                  corrected.   /         4.2 BIND Problems Fixed in This Releasec  H               The following BIND/DNS problems are fixed in this release:  E               o  Problem: A user has no way to manually flush dynamicr-                  updates with BIND Version 9.   H                  Solution: The rndc flush-updates command has been addedH                  to trigger the same behavior that the rndc stop commandD                  did, without actually stopping or shutting down the                  server.  .         4.3 FTP Problems Fixed in This Release  C               The following FTP problems are fixed in this release:_  ;               o  Problem: Seven FTP client/server problems.P  C                  Solution: If the device for a user in the UAF is aTI                  rooted logical, that logical must be assigned systemwide            4-2 Corrections  r         I                                                               Corrections I                                    4.3 FTP Problems Fixed in This Releasel    F                  with the translation attribute at least concealed, or<                  else the cd command will fail. For example:  8                  -  moxie$root is assigned /SYSTEM only:  "                     FTP> cd ~moxie:                     550-Failed to set default directory to&                     MOXIE$ROOT:[user]./                     550 error in directory named  I                  -  moxie$root is assigned /SYSTEM/TRANSLATION=CONCEALED:   "                     FTP> cd ~moxie/                     250-CWD command successful. B                     250 New default directory is MOXIE$ROOT:[user]  A                  For systems with a version of DECC$SHR.EXE at or F                  later than V7.2, assigning the following logical nameH                  enables recursive directory listings for the ls and dir                  commands:  ;                  $ ASSIGN/SYSTEM 1 TCPIP$FTPD_DIR_RECURSIVE   H                  Turning on this flag results in the following UNIX-likeG                  behavior. Here the default directory is DEV1$:[TOPDIR] G                  and it contains a subdirectory SUB1.DIR which contains/                  three files:n                    FTP> ls sub1 -                  200 PORT command successful.nJ                  150 Opening data connection for sub1 (16.20.208.97,52062)  +                  DEV1$:[TOPDIR.SUB1]a.txt;1s+                  DEV1$:[TOPDIR.SUB1]b.txt;1 +                  DEV1$:[TOPDIR.SUB1]c.txt;1   H                  To get to the login directory of a user using ~usernameH                  format, you need system privileges if username is other/                  than that of the current user.U  C               o  Problem: There is no way to suppress the file size D                  in the 150 opening data connection message. The newG                  behavior affects file transfers using an older versionM                  of SmartTerm.  F                  Solution: A new logical, TCPIP$FTPD_NO_FILESIZE_HINT,I                  allows users to suppress the file-size hint added to the :                  "150 Opening data connection..." message.  I                                                           Corrections 4-3i                    Correctionsa.         4.3 FTP Problems Fixed in This Release    D               o  Problem: The FTP client starts up in Extended parseD                  mode. The SHOW PROCESS/PARSE command shows that the0                  parse style is set to Extended.  A                  Solution: This behavior has been correct so that F                  traditional parsing is used by default. To change theD                  parsing style, enter the SET PROCESS/PARSE command.  .         4.4 NFS Problems Fixed in This Release  B               The following NFS server problems were fixed in this               release:                 o  Problems:  E                  -  When file names of the form string.string.nnn aremG                     created on an ODS5 volume, nnn is treated as a file G                     version number. Viewed locally, the file appears as E                     xxx.yyy;123 instead xxx.yyy.123;1. If the numeric I                     part is greater than 32767, the file creation failed.l  I                  -  When creating a directory name of the form string.dirVC                     on an ODS5 volume with the typeless_directoriesrE                     option, the server absorbs the ".dir" part of therB                     name. Viewed locally, the directory appears asG                     "dirname.DIR;1" instead of "dirname.dir.DIR;1," andtH                     is displayed back to the client as "dirname" instead%                     of "dirname.dir".D  H               o  Problem: The NFS client recieves errors -RMS-F-CRMP andH                  -SYSTEM-F-SHMNOTCNCT after doing a SET FILE /STATISTICSF                  command followed by an attempt to open the file using*                  the COPY or TYPE command.  H               o  If a UNIX client accesses a non-STREAM_LF file that wasI                  created by an OpenVMS client within the inactivity timer ?                  limit, the server does not do data conversion.5  1         4.5 TELNET Problems Fixed in This Releaset  A               o  Problem: The TELNET symbiont puts log files intotC                  SYS$SPECIFIC:[SYSEXE] even when the TCPIP$LPD_ROOTE)                  logical name is defined.t  D                  Solution: The TCPIP$LPD_SPOOL logical name has been=                  replaced by the TCPIP$LPD_ROOT logical name.e           4-4 Corrections     g      I                                                               Corrections'I                                 4.5 TELNET Problems Fixed in This Releaseo    C               o  Problem: Starting with TCP/IP Services V5.1, localnH                  echoing no longer occurs when you use TELNET to connect8                  to a non-TELNET service (such as SMTP).  C                  Solution: The behavior used in earlier versions ofS3                  TCP/IP Services has been restored.w  /         4.6 SMTP Problems Fixed in This Release   D               The following SMTP problems are fixed in this release:  H               o  Problem: The SMTP EXPN and VRFY commands are considered3                  a security hole by many customers.t  F                  Solution: Four new SMTP.CONFIG Allow-* options governE                  whether the commands are accepted or not. The *-TextqF                  options are the optional user-defined text strings toI                  send to the client when the command is rejected. The newh+                  configuration options are:s                    -  Allow-EXPN                    -  Allow-VRFY  "                  -  EXPN-Used-Text  "                  -  VRFY-Used-Text  D                  For more information see the HP TCP/IP Services for*                  OpenVMS Management guide.  C               o  Problem: Mail messages with lines beginning with a E                  period (.) are delivered with an extra dot included.   B                  Solution: The period-removal code is restored. ItE                  applies only to mail message data received using the G                  RFC 821 protocol over the wire and not from SFF (send-                   from-file).  /         4.7 SNMP Problems Fixed in This Release   D               The following SNMP problems are fixed in this release:                 o  Problems:  I                  -  An attempt to send an SNMPv2 trap through TCPIP$SNMP_PE                     TRAPSND is either ignored or causes the system tow                     fail.   C                  -  SNMP_REQUEST -i, -r, and s options are ignored.   I                                                           Corrections 4-5  T  e                    I                                                                         5tI         _________________________________________________________________S  I                                                      Documentation Updaten    F               This chapter describes updates to the information in the@               TCP/IP Services for OpenVMS product documentation.  !         5.1 Updated Documentationi  I               The following manuals have been updated for this version of                TCP/IP Services:  @               o  HP TCP/IP Services for OpenVMS Installation and,                  Configuration (AA-LU49O-TE)  H               o  HP TCP/IP Services for OpenVMS Management (AA-LU50N-TE)  G               o  HP TCP/IP Services for OpenVMS Guide to SSH (AA-RVBUA-o                  TE)  G               o  HP TCP/IP Services for OpenVMS User's Guide (AA-PC27L-r                  TE)  :               o  HP TCP/IP Services for OpenVMS Tuning and.                  Troubleshooting (AA-RN1VB-TE)  H               o  HP TCP/IP Services for OpenVMS Management Command Quick-                  Reference Card (AV-RN1WB-TE)n  B               o  HP TCP/IP Services for OpenVMS Management Command(                  Reference (AA-PQQGI-TE)  H               o  HP TCP/IP Services for OpenVMS UNIX Command Equivalents-                  Reference Card (AV-RNJ4B-TE)   H               o  HP TCP/IP Services for OpenVMS Guide to IPv6 (AV-RNJ3B-                  TE)  G               In addition, this version of TCP/IP Services includes newd(               version of the Help files:  $               o  HELP TCPIP_SERVICES                 o  TCPIP HELP   I                                                  Documentation Update 5-1t t  o               Documentation Update!         5.1 Updated Documentation                    o  HELP FTP                  o  HELP TELNET                 o  HELP NSLOOKUP                 o  HELP/MESSAGES  G               The following manuals are not updated for TCP/IP Servicese               V5.4:   C               o  Compaq TCP/IP Services for OpenVMS Sockets API and ,                  System Services Programming  H               o  Compaq TCP/IP Services for OpenVMS SNMP Programming and                  Reference  G               o  Compaq TCP/IP Services for OpenVMS ONC RPC Programmingu                  and Reference  I               o  Compaq TCP/IP Services for OpenVMS Concepts and Planninga  I               These manuals will be updated in a future release of TCP/IP F               Services. For this release, use the existing manual with>               the changes described in the following sections.  3         5.1.1 SNMP Programming and Reference Updatee  C               The following information will be added to the CompaqeH               TCP/IP Services for OpenVMS SNMP Programming and Reference               manual:i  A               o  The trap communities configured for regular SNMPsD                  through the TCPIP$CONFIG.COM command procedure, theE                  TCP/IP management command SET CONFIG SNMP, or in theCG                  SYS$SYSDEVICE:[TCPIP$SNMP]TCPIP$VMS_SNMP_CONF.DAT filenD                  are not used to determine the trap receiver host or                   community name.  F                  The values of the -c and -h flags to the SNMP_TRAPSND0                  utility are handled as follows:  G                  -  If no -c (community) flag is used, the default namen1                     "public" is used in the trap.   E                  -  If no -h (host) flag is used, the trap is sent to                      LOCALHOST.            5-2 Documentation Update    N      I                                                      Documentation Update I                                                 5.1 Updated Documentation     F               o  The value for the "agent address" field in the SNMPv1B                  trap PDU is that of the primary interface for theD                  host on which the master agent (TCPIP$ESNMP_SERVER)I                  is running. The value of this address can be verified asp                  follows:   >                  1. Translate logical name TCPIP$INET_HOSTADDR  E                  2. Obtain the value of LOCALHOST using the following .                     TCP/IP management command:  <                     $ TCPIP SHOW CONFIGURATION COMMUNICATION  H                     If this value is not in IP address format, determine?                     the IP address using the following command:i  ;                     $ TCPIP SHOW HOST/LOCAL local-host-nameP  @         5.1.2 Sockets API and System Services Programming Update  G               The information in the Compaq TCP/IP Services for OpenVMS H               Sockets API and System Services Programming manual will be!               updated as follows:   @               o  Table 2-2 describes the default setting for theG                  TCPIP_KEEPIDLE option incorrectly. The default setting-I                  for this option is 7200 seconds (14400 half seconds). InsH                  addition, the manual fails to mention that, in order toH                  use the options in Table 2-2, your program must use the                  TCP.H file.           5.2 Help Files Updateo  G               The HELP CC Socket_Routines information has been removed. B               Instead, the information about socket programming is<               provided when you enter the following command:  F               $ HELP TCPIP_SERVICES Programming_Interfaces Sockets_API  C               The Sockets_API HELP file has been enhanced with IPv6                information.        I                                                  Documentation Update 5-3                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   