This chapter describes the MultiNet administration commands you can run from the DCL prompt.
Table 1-1 describes the MultiNet administrative commands available at the DCL prompt.
Table 1-1 MultiNet Command Summary (Continued)
|
Command |
Description |
|
Processes the accounting file that FTP and SMTP can write. |
|
|
Tests the MultiNet configuration. |
|
|
MULTINET CONFIGURE /CONFIGURATION_FILE/DECNET/MAIL/MENU/NETWORK/NOBOLD/PRINTERS/SERVERS/SERVER_IMAGE |
Specifies the configuration file read by the DECNET-, PRINTER-, or SERVER-CONFIG utility.Invokes the DECnet Circuit Configuration Utility (DECNET-CONFIG).Invokes the Electronic Mail Configuration Utility (MAIL-CONFIG).Invokes the Menu-driven Configuration Utility (MENU-CONFIG).Invokes the Network Interface Configuration Utility (NET-CONFIG).Prevents MENU-CONFIG from downloading fonts to your terminal (when used with /MENU).Invokes the Printer Configuration Utility (PRINTER-CONFIG).Invokes the Server Configuration Utility (SERVER-CONFIG).Specifies the master server image associated with the server configuration file. |
|
Tests the domain name service (DNS) system. |
|
|
Generates and maintains keys for DNS Security (DNSSEC) within the DNS. |
|
|
Signs zone files for DNS Security (DNSSEC) within the DNS (Domain Name System). |
|
|
Compiles an ASCII BDF (bitmap distribution format) font file into a binary PCF (portable compiled format) file. |
|
|
Displays font server information. |
|
|
Lists font names and font information. |
|
|
Creates a DECW$FONT_DIRECTORY.DAT file when adding fonts. |
|
|
Displays font data. |
|
|
Uncompiles a PCF file into an ASCII BDF file. |
|
|
MULTINET GATED/CHECK |
Checks the syntax of a GateD configuration file. |
|
MULTINET GATED/DUMP |
Tells GateD to dump internal state into a text file. |
|
MULTINET GATED/LOAD |
Loads new configuration file. |
|
MULTINET GATED/SET/TRACE |
Controls tracing in GateD. |
|
MULTINET GATED/SHOW/OSPF |
Queries OSPF routers. |
|
MULTINET GATED/SHOW/RIP |
Request all routes known by a RIP gateway. |
|
MULTINET GATED/SHOW/TRACE |
Queries tracing in GateD. |
|
MULTINET GATED/STOP |
Tells the GateD process to halt in an orderly manner. |
|
MULTINET GATED/ TOGGLE_TRACING |
Toggles GateD tracing on and off. |
|
MULTINET GATED/UPDATE_ INTERFACES |
Tells the GateD process to rescan the network interfaces. |
|
Retrieves a HOSTS.TXT file. |
|
|
Installs host tables as global sections. |
|
|
Allows a user to learn the capabilities supported by an IPP server. |
|
|
Stores the contents of the Kerberos database in an ASCII text file. |
|
|
Adds principal information to the database. |
|
|
Initializes the Kerberos database. |
|
|
Loads the database from an ASCII text file produced by the MULTINET KERBEROS DATABASE DUMP utility. |
|
|
Permits the Kerberos master key to be changed. |
|
|
Creates an encrypted server key file for a remote system. |
|
|
Saves the Kerberos master key in a protected file for the KDC. |
|
|
Loads and invokes the network image. |
|
|
Sends commands to MULTINET_SERVER internal services. |
|
|
Dismounts a locally-mounted remote NFS file system. |
|
|
Mounts a remote NFS file system so it can be used locally. |
|
|
Sends a test query to DNS. |
|
|
Performs dynamic updates to the domain name service (DNS) server. |
|
|
Tests connections by sending ICMP echo requests. |
|
|
MULTINET PING6 |
Tests connections by sending ICMPv6 echo requests. |
|
Queries the remote system for time and sets the local clock accordingly. |
|
|
Allocates a remote tape drive or CD-ROM for access by a single process. |
|
|
Sends a message to all system users. |
|
|
Changes ARP tables. |
|
|
Configures DECnet devices to run DECnet-over-UDP circuits. |
|
|
Sets parameters for network devices |
|
|
Specifies static IP routing. |
|
|
Specifies the local timezone name. |
|
|
Decodes network packets selected by a boolean expression. |
|
|
Traces packets and interprets the results. |
|
|
Determines the route to the specified host. |
|
|
MULTINET TRACEROUTE6 |
Determines the route to the specified host for IPv6. |
|
Performs tests on the most common causes of problems when running X11 clients over MultiNet. |
Processes the accounting file that session accounting writes for SMTP and for FTP. It extracts the selected records from it and either displays it on the user's terminal or sends it to the specified output file.
FORMAT
$ MULTINET ACCOUNTING /INPUT=filename /SINCE=first_date_to_include
QUALIFIERS
/INPUT=accounting_file_name
/OUTPUT=output_file_name
/BEFORE=latest_date_to_include
/SINCE=first_date_to_include
/PROTOCOL=(MAIL,SMTP,FTP)
These are the protocols to include.
/CSV
Makes the output file a Comma Separated Values file that can be imported into an Excel-type document for processing.
Invokes the MultiNet configuration test utility to perform one or more checks for common MultiNet configuration problems. Requires CMKRNL, SYSPRV, and WORLD privileges.
FORMAT
MULTINET CHECK [test,...]
PARAMETER
test
Specifies the name of a test to be performed. Valid test names are ARP, BROADCASTS, DATABASES, HOST_NAME, HOST_TABLE, INTERFACES, LICENSE, MISCELLANEOUS, PARAMETERS, PROTOCOL_ERRORS, ROOT_NAMESERVERS, ROUTES, and VERSION. You can specify multiple tests by separating the names with commas. If you do not specify a test parameter, all tests are performed.
The host name check verifies that the address associated with the local host name matches one of the interface addresses.
QUALIFIERS
/IGNORE_ERRORS
/NOIGNORE_ERRORS (default)
MULTINET CHECK usually stops when it encounters an error. Specify this qualifier to force MULTINET CHECK to continue testing even after an error is encountered.
MULTINET CHECK usually displays all output on the standard error output device. Specify this qualifier to either redirect output to the specified file or turn output off altogether.
Causes MULTINET CHECK to display more information about the tests it performs. By default, it only displays a message when it encounters an error or if all tests pass.
Invokes one of the MultiNet configuration utilities which are interactive programs that maintain network configuration information. If you do not specify a configuration utility with a qualifier, the network interface configuration utility (NET-CONFIG) is invoked.
FORMAT
MULTINET CONFIGURE [/qualifier(s)]
QUALIFIERS
Invokes the Access Configuration Utility (ACCESS-CONFIG) that lets you examine, modify, and save MultiNet Secure/IP configuration files. MultiNet Secure/IP is a TCP/IP-based authentication system that extends the OpenVMS login facility to support authentication "tokens."
The MultiNet Secure/IP Client becomes part of logging in via TELNET, FTP, LAT, DECnet, and "hardwired" devices (for example, TX and TT).
The MultiNet Secure/IP Server provides authentication information to MultiNet Secure/IP clients when users try to log in.
Invokes the DECnet Configuration Utility (DECNET-CONFIG) that lets you view and alter the configuration of DECnet-over-IP services. If used with the /CONFIGURATION_FILE qualifier, DECNET-CONFIG reads the specified configuration file (by default, MULTINET:DECNET-CIRCUITS.COM).
Invokes the Network Interface Configuration Utility (NET-CONFIG) that lets you view and alter the configuration of network interfaces, routing, and host name lookup. If used with the /CONFIGURATION_FILE qualifier, NET-CONFIG reads the specified configuration file (by default, MULTINET:NETWORK_DEVICES.CONFIGURATION).
Invokes the Electronic Mail Configuration Utility (MAIL-CONFIG) that lets you view and alter SMTP configuration. If used with the /CONFIGURATION_FILE qualifier, MAIL-CONFIG reads the specified configuration file (by default, MULTINET_COMMON_ROOT:[MULTINET]START_SMTP.COM).
Invokes the MultiNet Menu-driven Configuration Utility (MENU-CONFIG) that lets you configure network interfaces, global parameters, services, electronic mail, printing, DECnet-over-IP circuits, and, if installed, NFS and MultiWare.
Context-sensitive online help describes each configuration parameter and how to navigate the configuration menus.
MENU-CONFIG provides access modes for beginning and advanced users. Press PF1 to toggle between modes.
By default, MENU-CONFIG downloads fonts to your terminal; to prevent it from doing so (for example, when operating it over serial connections), use the /NOBOLD qualifier.
Invokes the Network Interface Configuration Utility (NET-CONFIG) that lets you view and alter the configuration of network interfaces, routing, and host name lookup. If used with the /CONFIGURATION_FILE qualifier, NET-CONFIG reads the specified configuration file (by default, MULTINET:NETWORK_DEVICES.CONFIGURATION).
MULTINET CONFGURE /NETWORK now has the command:
SET SNMP-AGENTX TRUE to enable SNMP Agent X service.
SET SNMP-AGENTX FALSE to disable SNMP Agent X service.
A line displays in the output of the SHOW command if SNMP Agent X subagents are enabled.
Invokes the MultiWare NFS Server Configuration Utility (NFS-CONFIG) for the MultiWare NFS Server option.
If used with the /CONFIGURATION_FILE qualifier, NFS-CONFIG reads the specified configuration file (by default, MULTINET:NFS.CONFIGURATION).
Invokes the NOT Configuration Utility NOT-CONFIG for DECnet applications services (formerly known as Phase/IP). DECnet application services allow you to run applications designed to use DECnet using TCP/IP instead. DECnet application services provide the DECnet API (Application Programming Interface) across TCP seamlessly, without DECnet protocols or software, and without the additional overhead of running both protocol stacks.
Invokes the MultiNet Printer Configuration Utility (PRINTER-CONFIG) that lets you view and alter the configuration of MultiNet-based print services. If used with the /CONFIGURATION_FILE qualifier, PRINTER-CONFIG reads the specified configuration file (by default, MULTINET:REMOTE-PRINTER-QUEUES.COM).
Invokes the MultiNet Service Configuration Utility (SERVER-CONFIG) that lets you view and alter the configuration of MultiNet services. If used with the /CONFIGURATION_FILE qualifier, SERVER-CONFIG reads the specified configuration file (by default, MULTINET:SERVICES.MASTER_SERVER).
/SERVER_IMAGE=server_image_file
Used with the /SERVERS qualifier, server_image_file specifies the MultiNet master server image associated with the server configuration file. This file is used by SERVER-CONFIG to determine which network services are available. If not specified, SERVER-CONFIG uses MULTINET:SERVER.EXE.
Used with the /MENU qualifier to prevent MENU-CONFIG from downloading fonts to your terminal. Use /NOBOLD if your terminal does not support boldface characters (for example, early VT terminal emulators), or if you are working over a serial connection and you do not want to wait for fonts to download.
/CONFIGURATION_FILE=config_file
Used with the /DECNET, /PRINTERS, or /SERVERS qualifier, specifies the configuration file read by the corresponding utility.
Similar to NSLOOKUP, DIG tests the domain name service (DNS) system. It uses the DNS resolver to send queries to the DNS server and prints out the response. DIG executes a single command or reads commands from a file (in "batch mode").
DIG can be used with the UNIX-style syntax by defining it as a foreign command:
$ DIG :== $MULTINET:DIG.EXE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
FORMAT
MULTINET DIG [name [type [class]]]
PARAMETERS
name
Specifies a host or domain name.
Note! You must specify fully-qualified names. DIG will not append any domain names.
type
Specifies which TYPE resource records are asked for. The default is A (address records).
Valid values are the same as for the NSLOOKUP /TYPE qualifier (see Table 1-36).
class
Specifies which CLASS resource records are asked for. The default is IN (internet records).
Valid values are ANY, IN, CHAOS, and HESIOD.
QUALIFIERS
+[no]addit
/ADDITIONAL (default)
/NOADDITIONAL
Tells the resolver to print the additional section of the reply.
-x ip-address
/ADDRESS=ip-address
Convenient form to specify an inverse address mapping query. For example, MULTINET
DIG/ADDRESS=10.5.64.1 is equivalent to MULTINET DIG 1.64.5.10.IN-ADDR.ARPA ANY.
+[no]answer
/ANSWER (default)
/NOANSWER
Tells the resolver to print the answer section of the reply.
+[no]author
/AUTHORITY (default)
/NOAUTHORITY
Tells the resolver to print the authority section of the reply.
-c recordclass
/CLASS=recordclass
Specifies which CLASS resource records are asked for. Alternative to specifying the class parameter. The recordclass value may be either the integer value of the class or the name of the class (ANY, IN, CHAOS, HESIOD). The default is IN (internet records).
+[no]cmd
/CMD (default)
/NOCMD
Tells DIG to echo parsed arguments from the command.
+[no]debug
/DEBUG
/NODEBUG (default)
Causes the resolver to print debugging information.
+[no]d2
/DEBUG2
/NODEBUG2 (default)
Causes the resolver to print additional, less useful debugging information.
Specifies that the DIG environment (defaults, print options, etc.), after all of the arguments are parsed, should be saved to a file to become the default environment. This is useful if you do not like the standard set of defaults and do not desire to include a large number of options each time DIG is used. The environment consists of resolver state variable flags, timeout, and retries as well as the flags detailing DIG output. If the logical name LOCALDEF is set to the name of a file, this is where the default DIG environment is saved. If not, the file DIG.ENV is created in the current default directory.
Each time DIG is executed, it looks for DIG.ENV or the file specified by LOCALDEF. If such a file exists, then the environment is restored from this file before any arguments are parsed.
This qualifier only affects batch query runs. When -envset is specified on a line in a DIG batch file, the DIG environment after the arguments are parsed becomes the default environment for the duration of the batch file, or until the next line which specifies -envset. Remember that commands in the DIG batch file must be in UNIX-style syntax.
Causes DIG to run in batch mode, executing the commands in the specified file. The commands in this file must be in the UNIX-style syntax.
"+[no]Header"
/HEADER (default)
/NOHEADER
Tells the resolver to print basic header information.
+[no]header
/HFLAGS (default)
/NOHFLAGS
Tells the resolver to print header flags.
+[no]ignore
/IGNORE
/NOIGNORE (default)
Tells the resolver to ignore truncation in responses.
+[no]ko
/KEEPOPEN
/NOKEEPOPEN (default)
If using virtual circuits (TCP), keeps the connection open.
-k keydir+keyname
/KEY=(KEYNAME=key[,KEYDIR=directory])
Specifies a TSIG key for DIG to use to sign its queries. The default value for KEYDIR is the current default directory.
Note! On UNIX systems, the syntax is keydir:keyname. On OpenVMS, the colon is replaced by a plus sign (+). The keyname must be specified to match the key and private filenames, with periods instead of dollar signs. This may not match the domainname if DNSKEYGEN had to abbreviate it to fit into an OpenVMS file name.
Causes DIG to do a bitwise-AND of the print flags with the specified value.
+pfdef
/PFDEF (default)
/NOPFDEF
Sets the print flags to the default.
+pfmin
/PFMIN
/NOPFMIN (default)
Sets the print flags to the minimum.
Causes DIG to do a bitwise-OR of the print flags with the specified value.
Sets the print flags to the specified value.
"-P" ping-command
/PING[=ping-command]
Causes DIG to execute a ping command to the queried nameserver after the query returns, for response time comparison. If the optional ping-command is present, it is used as the ping command. The default ping command is "MULTINET PING".
Specifies a port other than the standard nameserver port of 53.
+[no]qr
/QUERY
/NOQUERY (default)
Tells the resolver to print the outgoing query.
+[no]ques
/QUESTION (default)
/NOQUESTION
Tells the resolver to print the question section of the reply.
+[no]recurse
/RECURSE (default)
/NORECURSE
Requests that the name server use recursion to answer the query.
+[no]reply
/REPLY (default)
/NOREPLY
Tells the resolver to print the reply.
+retry=retrycount
/RETRY=retrycount
Specifies the number of retries the resolver makes when querying a name server via UDP. The default is 4.
Specifies the nameserver to query. May be specified as either a domain name or a dot-notation internet address. If a domain name is specified, DIG looks up the name using the default nameserver. If /SERVER is not specified, the default is to use the system's default nameserver.
+[no]stats
/STATS (default)
/NOSTATS
Tells the resolver to print query statistics.
-[no]stick
/STICKY
/NOSTICKY (default)
This qualifier only affects batch query runs. -stick specifies that the DIG environment (as read initially or set by -envset switch) is to be restored before each query (line) in a DIG batch file. The default -nostick means that the DIG environment does not stick, hence options specified on a single line in a DIG batch file will remain in effect for subsequent lines (i.e., they are not restored to the "sticky" default). Remember that commands in the DIG batch file must be in UNIX-style syntax.
+time=seconds
/TIMEOUT=seconds
Specifies a different period to wait for responses. The default is 4 seconds.
"-T" seconds
/TIMEWAIT=seconds
Causes DIG to wait the specified number of seconds between the start of successive queries when running in batch mode. Can be used to keep two or more batch DIG commands running roughly in sync. The default is 0.
-t recordtype
/TYPE=recordtype
Specifies which TYPE resource records are asked for. Alternative to specifying the type parameter. The recordtype value may be either the integer value of the type or the name of the type (see Table 1-36). The default is A (address records).
Specifies that the resolver use virtual circuits (TCP) instead of datagram (UDP) queries.
The following is an example of the default DIG output:
$ multinet dig www.peh.com
; <<>> DiG 8.3 <<>> WWW.PEH.COM
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; WWW.PEH.COM, type = A, class = IN
;; ANSWER SECTION:
WWW.PEH.COM. 2H IN CNAME peh.com.
peh.com. 2H IN A 209.196.131.83
;; AUTHORITY SECTION:
peh.com. 2H IN NS ns1.pbi.net.
peh.com. 2H IN NS ns2.pbi.net.
;; ADDITIONAL SECTION:
ns1.pbi.net. 2D IN A 206.13.28.11
ns2.pbi.net. 2D IN A 206.13.29.11
;; Total query time: 14289 msec
;; FROM: bite.process.com to SERVER: default -- 127.0.0.1
;; WHEN: Thu Jun 1 14:52:49 2002
;; MSG SIZE sent: 29 rcvd: 141
DNSKEYGEN (DNS Key Generator) is a tool to generate and maintain keys for DNS Security (DNSSEC) within the DNS (Domain Name System). DNSKEYGEN can generate public and private keys to authenticate zone data, and shared secret keys to be used for Request/Transaction Signatures.
DNSKEYGEN can be used with the UNIX-style syntax by defining it as a foreign command:
$ DNSKEYGEN :== $MULTINET:DNSKEYGEN.EXE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
DNSKEYGEN stores each key in two files: Kname.alg-footprint-private and Kname.alg-footprint-key. name is the domainname with the periods replaced by dollar signs. The first file contains the private key in a portable format. The second file contains the public key in the DNS zone file format:
name IN KEY flags protocol algorithm exponent|module
If the domain name is too long for an OpenVMS filename, it is truncated to fit and the last six characters are replaced by unique digits. The full domain name can be found inside the key file.
FORMAT
MULTINET DNSKEYGEN name
-n name
name
Specifies the domain name to generate the key for.
QUALIFIERS
"-H" size
/HMAC_MD5=size
These flags specify the type of key to generate. You must specify one and only one of these.
If /DSA_DSS is specified, DNSKEYGEN generates a DSA/DSS key. size must be one of: 512, 576, 640, 704, 768, 832, 896, 960, or 1024.
If /HMAC_MD5 is specified, DNSKEYGEN generates an HMAC-MD5 key. size must be between 128 and 504.
If /RSA is specified, DNSKEYGEN generates an RSA key. size must be between 512 and 4096.
Used for RSA only. If specified, DNSKEYGEN uses a large exponent for key generation.
-z
/ZONE_KEY
-h
/HOST_KEY
-u
/USER_KEY
These flags define the type of key being generated. You must specify one and only one of these.
• Zone (DNS validation) key
• Host (host or service) key
Indicates that the key CANNOT be used for authentication.
Indicates that the key CANNOT be used for encryption.
Sets the key's protocol field to num. If /ZONE_KEY (-z) or /HOST_KEY (-h) is specified, the default is 3 (DNSSEC); otherwise, the default is 2 (EMAIL). Other accepted values are 1 (TLS), 4 (IPSEC), and 255 (ANY).
Sets the key's strength field to num; the default is 0.
EXAMPLE
The following example generates an RSA key.
$ MULTINET DNSKEYGEN/RSA=512/ZONE_KEY zone.example
** Adding dot to the name to make it fully qualified domain name**
Generating 512 bit RSA Key for ZONE.EXAMPLE.
Generated 512 bit Key for ZONE.EXAMPLE. id=49663 alg=1 flags=257
DNSKEYGEN generates the following (for example):
File KZONE$EXAMPLE$.001-49663-KEY:
ZONE.EXAMPLE. IN KEY 257 3 1 AQOojr81q9PfmQXCUAJOoMu3CYaS78RZnhiV/uAfSbzZusWYLSeVF47OwZlmgwclswZoaM5NSuzFX3w5RDIEwf9c
File KZONE$EXAMPLE$.001-49663-PRIVATE:
Private-key-format: v1.2
Algorithm: 1 (RSA)
Modulus: qI6/NbPT35kGwlACTqDLtwmGku/EWZ4Ylf7gH0m82arFmC0nlReOjsGJZoMHJbMGaGjOTUrsxV98OUQyAMH/Ww==
PublicExponent: Aw==
PrivateExponent: cF8qI8036mZD1uABjcCHz1uvDJ/YO767Dqmqv4Z95ntuhY7uIMmn8zy0Ur9kj/7P5Dvpu7ZG91ZtuQ1YhWAMyw==
Prime1: 2IQQP2+DvU/G0038OCoji00NDQHA0az8lDV1fh8Qf9k=
Prime2: x0vGgXRlWVIfp5xnuCORP0UB4rK3sKVhQ246rx2hbFM=
Exponent1: kFgK1PQCfjUvN4lS0BwXtN6Is1aBNnNTDXj4/r9gVTs=
Exponent2: hN0vABhDjja/xRLv0Be2Kl4BQcv6dcOWLPQnH2kWSDc=
Coefficient: YQGEh81Y720mRfAV/tEs3eWKd11Mm10b5R4lFjVwtAU=
DNSSIGNER is a tool to sign zone files for DNS Security (DNSSEC) within the DNS (Domain Name System). DNSSIGNER's job is to read the data of one zone of DNS data, and perform the necessary work to produce the data for a secured zone.
DNSSIGNER can be used with the UNIX-style syntax by defining it as a foreign command:
$ DNSSIGNER :== $MULTINET:DNSSIGNER.EXE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
You can get help on the UNIX-style options using:
|
$ dnssigner -h |
! for short help |
|
$ dnssigner -help |
! for long help |
Signing is done on a zone-by-zone basis, regardless of the relationship of zones to name servers. DNSSIGNER is designed to operate in a dynamic environment, including those in which secret keys are not available to all of those covering a zone, and where information may be arriving after the beginning of the signing process. DNSSIGNER makes an effort to retain valid signatures instead of computing new signatures.
Using traditional BIND DNS zone master files, there are two things necessary as input to use DNSSIGNER to sign a zone. One is the names of the input files and the other is the names of the keys to use. There are two kinds of data files used as input to the signing process. The standard zone master file, and a master file introduced by DNSSEC called the parent file. A parent file contains output from the signing of the parent zone, most importantly the signature by the parent of the zone's keys.
The default input zone is START-ZONE. A different zone input file can be specified with
/ZONE=(INPUT=filename) (-zi). There is no default input parent file. A parent file can be specified with /PARENT=(INPUT=filename) (-pi).
The default output files are FINISH-ZONE. and FINISH-PARENT.
/ZONE=(OUTPUT=filename) (-zo) changes the name of the zone output file, and
/PARENT=(OUTPUT=filename) (-po) changes the name of the parent file generated by the zone.
There are two forms of parent file generation. One form is to place all of the parent files in one file (good for zones with many delegations), the other is to make a separate file for each delegation. Since it is easier to erase one file than potentially thousands, DNSSIGNER defaults to the single signer file.
/PARENT=NOBULK (-no-p1) turns single parent file generation off, /PARENT=BULK (-p1) turns it on. As mentioned earlier /PARENT=OUTPUT=filename (-po) sets the name of the single parent file (default FINISH-PARENT.).
/PARENT=INDIVIDUAL (-ps) turns on individual parent files, /PARENT=NOINDIVIDUAL
(-no-ps) turns it off. /PARENT=DIRECTORY=spec (-pd) sets the directory into which the individual files are put (default is the current working directory).
/NONXT (-no-n) turns off RFC 2065 NXT processing.
/NXT (-n) (default) turns on RFC 2065 NXT processing.
Use the -k1 flag (the /SIG=(KEY=( )) qualifier) or the -ks flag (no OpenVMS-style equivalent) to specify a key. -k1 is followed by a domain name owner of a key, the algorithm, and the key id. -ks is followed by a sequence of names, algorithms, and key ids until the end of the command line.
There are two time durations that are important to the handling of signatures. One is the duration until a newly generated signature is set to expire. The other is the duration in which existing signatures will be considered to be expired.
/SIG=DURATION=ttl (-dur) sets the duration for which a signature is valid.
The time included in the SIG RR expiration field is the current absolute time plus the duration. Wrapping around 32 bits is not a problem, as time is considered to be "circular."
/SIG=PURGE_PERIOD=ttl (-pt) sets the period into the future in which SIGs expiring then are considered to have expired. Any signature that has an expiry time in the past of the current time is thrown out, as well as signature whose expiry time falls into the span between now and the purge period duration. The past is considered to be the time from now back to 2 to the 31st seconds ago; the rest is the future.
FORMAT
MULTINET DNSSIGNER
QUALIFIERS
This section describes the syntax of all flags. The meanings can be found in RFC 2065 and the drafts associated with the DNSSEC working group.
/BIND (-bind) instructs DNSSIGNER to use BIND's extended TTLs and KEY flags when writing files. This is the default. Use /NOBIND (-no-bind) to turn this feature off. In this case TTLs and flags are written as numeric values.
Specifies the level of output (debug) messages that DNSSIGNER should print. Specify one of the following levels: (UNIX-syntax equivalents are also shown)
|
-l 7-l debDEBUGGER |
Print source code locations, errors, and warnings. |
|
-l 10-l devDEVELOPER |
Print source code locations and cryptography messages. |
|
-l 1-l mMINIMAL |
Print just errors. |
|
-l 4-l uUSER |
Print errors and warnings. This is the default. |
/NXT (-n) (default) instructs DNSSIGNER to generate NXT RRs for the zone, signing them with the keys that sign the SOA record. (If none sign the SOA, no NXT's are signed.). Use /NONXT
(-no-n) to turn this feature off.
This is equivalent to the $ORIGIN domain directive in the zone file, except that the terminating period is not needed in the domain name. Specifying an origin is only mandatory for the root zones and other zones using relative names in the zone files. It is recommended that the $ORIGIN domain directive be put in the data file. By default, this is unspecified.
Specifies options related to parent zone files. Possible keywords (and their UNIX-syntax equivalents) are as follows.
There are two ways in which parent files are made: individual and bulk. The two methods use independent keywords. Both can be used, neither can be used, or just one. By default, the bulk approach is used.
|
-[no-]p1[NO]BULK |
BULK (-p1) (default) tells DNSSIGNER to place all of the generated parent data for the zone's delegation points into one file. Separating lines are added to identify the start and end of the information destined for individual zones. Use NOBULK (-no-p1) to turn this feature off. |
|
-pd directoryDIRECTORY=directory |
Specifies the directory to put individual parent files into. The default is the current default directory. |
|
-[no-]ps[NO]INDIVIDUAL |
INDIVIDUAL (-ps) tells DNSSIGNER to place the generated parent data into individual files, named zone.PARENT. For large delegated zones, there will be many files. The default is NOINDIVIDUAL (-no-ps). |
|
-pi fileINPUT=file |
Specifies the parent file received from the parent zone to be used as input to this zone. If specified, all records that would conflict with it (apex upper NXT, KEYs, and SIGs for these) are dropped. If the UP policy is specified, then the parent's KEY, NS, and glue are also dropped. The default is to have no parent file. |
|
-pa domainNAME=domain |
Specifies the apex's parent zone. If the keys for this zone are known and the UP policy is used, the apex zone keys sign the key. If UP is used and this is not specified, then DNSSIGNER acts as if it does not otherwise know the parent's identity. This is equivalent to the $PARENT directive in the zone file, except that relative domain names are treated as absolute names. By default, the parent's domain name is unspecified. |
|
-po fileOUTPUT=file |
Specifies the name of the file to hold the bulk generated parent data. The default is FINISH-PARENT. |
Specifies what policy to use when signing the zone. Specify one of the following options: (UNIX-syntax equivalents are also shown)
|
-dnDOWN |
DNSSIGNER signs according to the DOWN policy. That is, the apex does not sign the parent's keys. The parent's keys and glue data are not expected from nor written to the parent files. This is the default. |
|
-upUP |
DNSSIGNER signs according to the UP policy. That is, the apex signs the parent's keys. The parent's keys and glue data are expected from and written to the parent files. Note! This policy is not recommended. |
/SELF_SIGN (-ess) instructs DNSSIGNER to make sure each key in the file is signed by its corresponding private key. This is done by implicitly adding $SIGNER directives to the zone file around each key set, adding those keys for just the set. If no private key is available, the $SIGNER directive remains in the output file.
The intent of this feature is to insert proof into DNS that the public key's corresponding private key is held by the owner (or at least the entity signing the zone).
The default is /NOSELF_SIGN (-no-ess).
Specifies options related to the generation of SIG RRs. Possible keywords (and their UNIX-style equivalents) are as follows.
For DURATION and PURGE_PERIOD, ttl format is taken from the BIND definition of TTL. Numeric seconds is accepted, as well as:
|
numberW |
weeks |
|
numberD |
days |
|
numberH |
hours |
|
numberM |
minutes (not months!) |
|
numberS |
seconds |
The "end of the future" and "beginning of the past" are points in time which have the same time representation (one second apart) in a 32-bit roll-over specification of time. The end of the future is 2 to the 31st power seconds from the current time.
/STATISTICS (-st) instructs DNSSIGNER to print summary statistics at the end of the run. The default is /NOSTATISTICS (-no-st).
Specifies options related to zone files. Possible keywords (and their UNIX-syntax equivalents) are as follows:
|
-zi fileINPUT=file |
Specifies the zone data input file. The first RR must be an SOA. The first record may be found in an $INCLUDEd file. The default is START-ZONE. |
|
-zo fileOUTPUT=file |
Specifies the file where signed zone data is left. The default is FINISH-ZONE. |
EXAMPLES
1. Assuming that the zone data is in f.zone and the parent file is in f.parent, to run the files through DNSSIGNER, do the following:
$ multinet dnssigner/zone=(input=f.zone)/parent=(input=f.parent)
or
$ dnssigner :== $multinet:dnssigner.exe
$ dnssigner -zi f.zone -pi f.parent
The outputs default to FINISH-ZONE. and FINISH-PARENT. This does no signing, but merges the files, removes duplicates, generates NXT resource records, and makes signing instructions for them (if the zone is judged to be signed).
2. To sign the above zone with the key of test. key id 27782:
$ multinet dnssigner/zone=(input=f.zone)/parent=(input=f.parent) -
/sig=(key=(domain=test.,alg=dsa,key_id=27782)
or
$ dnssigner -zi f.zone -pi f.parent -k1 test. dsa 27782
3. To sign with both keys 27782 and 3696:
$ dnssigner -zi f.zone -pi f.parent -ks test. dsa 27782 test. dsa 3696
Compiles an ASCII BDF (bitmap distribution format) font file into a binary PCF (portable compiled format) file.
FORMAT
MULTINET FONT COMPILE [qualifiers] [bdf_font_file]
QUALIFIERS
Specifies the order in which bits in each glyph are placed. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit).
The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
Specifies the order in which multibyte data in the file is written. Multibyte data includes metrics and bitmaps. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit).
The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
Specifies an output file name in which the results are written.
Sets the font glyph padding. Each glyph in the font has each scanline padding into the specified size. Accepted values are BYTE, WORD, LONGWORD, or QUADWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
Specifies the unit of data swapped when the font bit order differs from the font byte order. Accepted values are BYTE, WORD, and LONGWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
The /SERVER qualifier specifies the server from which the font is read. The default value is LOCALHOST:7000.
Displays X font information useful for determining the capabilities and defined values of a font server.
FORMAT
MULTINET FONT INFO [qualifiers]
QUALIFIERS
Specifies an output file name in which the results are written.
Specifies the server from which the font is read (by default, LOCALHOST:7000).
Lists the font names that match a specified pattern.
FORMAT
MULTINET FONT LIST [qualifiers] [pattern]
PARAMETER
pattern
Specifies the pattern to match in font names. Wildcards are permitted in the patterns. If you do not specify a pattern, an asterisk (*) is assumed.
QUALIFIERS
Indicates long listings should display the minimum and maximum bounds of each font.
Indicates listings should display in multiple columns.
Specifies the relative length of a font listing. Accepted values are SMALL, MEDIUM, LONG, and VERYLONG.
Consider using /NOSORT if you want LONG or VERYLONG listings faster; otherwise, these types of listings can take a long time to generate. You can also use /OUTPUT to write the results to a file.
Indicates the listing is not sorted. Using this qualifier decreases the time required to produce a listing.
Specifies an output file name in which the results are written.
Specifies the server from which the font is read (by default, LOCALHOST:7000).
Specifies the width of the columns (by default, 79).
Creates a DECW$FONT_DIRECTORY.DAT file in each specified directory.
MKFONTDIR reads all font files in each specified directory. The order in which font files are read is *.PCF files, *.SNF files, then *.BDF files. For scalable fonts, you must edit the created DECW$FONT_DIRECTORY.DAT file to insert the X font name. If you edit this file, back up your changes so they are not lost when MKFONTDIR is run again.
The command fails if you don't have the necessary privileges to write into the directory you specify.
FORMAT
MULTINET FONT MKFONTDIR [directory_names]
PARAMETER
directory_names
Specifies the list of directories in which MULTINET FONT MKFONTDIR creates a DECW$FONT_DIRECTORY.DAT file.
Displays font information from files that match the specified pattern.
FORMAT
MULTINET FONT SHOW [qualifiers] [pattern]
PARAMETER
pattern
Specifies the pattern to match in font names. Wildcards are permitted in the patterns. If you do not specify a pattern, an asterisk (*) is assumed.
QUALIFIERS
Specifies how a character bitmap is padded. Accepted values are MINIMUM, MAXIMUM, and MAXWIDTH.
Specifies the order in which bits in each glyph are placed. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit). The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
Specifies the order in which multibyte data (including metrics and bitmaps) in the file is written. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit). The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
Specifies the ending character number (in decimal) about which you want font information listed. Use /END with the /START qualifier to specify character ranges. If you do not specify /END, all characters from the starting value to the end of the character set are listed. Possible values range from 0 to 255 for normal character sets, and from 0 to 65535 for X double-wide character sets.
Indicates that only the extents for a font are displayed.
Specifies an output file name in which the results are written.
Sets the font glyph padding. Each glyph in the font has each scanline padding into the specified size. Accepted values are BYTE, WORD, LONGWORD, or QUADWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
Specifies the unit of data swapped when the font bit order differs from the font byte order. Accepted values are BYTE, WORD, and LONGWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
Specifies the server from which the font is read (by default, LOCALHOST:7000).
/START=decimal_character_value
Specifies the starting character number (in decimal) about which you want font information listed. Use /START with the /END qualifier to specify character ranges. If you do not specify /END, all characters from the starting value to the end of the character set are listed. Possible values range from 0 to 255 for normal character sets, and from 0 to 65535 for X double-wide character sets.
Converts a binary PCF-format font file to an ASCII BDF-format file.
FORMAT
MULTINET FONT UNCOMPILE [qualifiers] [pcf_font_file]
QUALIFIERS
Specifies the output file name into which the results are written.
Specifies the server from which the font is read (by default, LOCALHOST:7000).
EXAMPLE
$ MULTINET FONT UNCOMPILE -
_$ -Adobe-Helvetica-Medium-R-Normal--25-180-100-100-P-130-ISO8859-1
Checks the syntax of a GateD configuration file. If no input file is specified, MultiNet checks the default configuration file, MULTINET:GATED.CONF. This command does not affect a running GateD process.
MULTINET GATED/CHECK
Parameter
filename
Name of the configuration file to check. If omitted, defaults to MULTINET:GATED.CONF.
Example
Checks the syntax of a GateD configuration file called TEST.CONF located in the user’s current working directory.
MULTINET GATED/CHECK TEST.CONF
Tells GateD to dump its internal state into a text file. If you omit the filename, the default is MULTINET:GATED.DUMP.
MULTINET GATED/DUMP [log]
Parameter
log
Contains log statements generated by GateD. If omitted, defaults to MULTINET:GATED.DUMP.
Tells the GateD process to load a configuration file. If no file is specified, the default file MULTINET:GATED.CONF is loaded.
CAUTION! If the GateD process detects an error in the configuration file being loaded, it stops running.
MULTINET GATED/LOAD [file]
Parameter
file
Name of the configuration file to load. If omitted, defaults to MULTINET:GATED.CONF.
Example
This example tells the GateD process to load a new configuration file called TEST_CONFIG.CONF from the system manager’s current working directory.
MULTINET GATED/LOAD TEST_CONFIG.CONF
Tells the GateD process to turn on or off various tracing flags. This controls what is placed in the MULTINET:GATED.LOG file. By default, minimal tracing is done.
Format
MULTINET GATED/SET/TRACE qualifier
Qualifiers
/ALL
Turns on all tracing.
/DETAILS
/NODETAILS
Sets tracing of all send and receive information.
/RECV_DETAILS
/NORECV_DETAILS
Sets tracing of receive information.
/SEND_DETAILS
/NOSEND_DETAILS
Sets tracing of send information.
/EVENTS
/NOEVENTS
Sets tracing of normal events.
/NONE
Turns off all tracing.
/PACKETS
/NOPACKETS
Sets tracing of packet sends and receives.
/RECV_PACKETS
/NORECV_PACKETS
Sets tracing of packet receives.
/SEND_PACKETS
/NOSEND_PACKETS
Sets tracing of packet sends.
/PARSING
/NOPARSING
Sets tracing of configuration file parsing.
/POLICY
/NOPOLICY
Sets tracing of policy decisions.
/ROUTING
/NOROUTING
Sets tracing of routing table changes.
/STATES
/NOSTATES
Sets tracing of state machine transitions.
/SYMBOLS
/NOSYMBOLS
Sets tracing of kernel symbols.
/TASKS
/NOTASKS
Sets tracing of task and job functions.
/TIMER
/NOTIMER
Sets tracing of timer functions.
Example
This example tells the GateD process to turn on tracing of policy decisions and turn off tracing of state machine transitions.
MULTINET GATED/SET/TRACE/POLICY/NOSTATES
Queries OSPF routers. You can obtain a wide variety of detailed information from these routers using these commands.
All of the SHOW OSPF commands use a file called MULTINET:OSPF_DESTS.DAT. This is a file of OSPF destination records. Each record is a single line entry listing the destination IP address, the destination host name, and an optional OSPF authentication key (if the destination activates authentication).
CAUTION! Since the OSPF_DESTS.DAT file may contain authentication information, you should restrict access to it.
Note! To stop the output of this command, enter a Ctrl/C at the command line.
MULTINET GATED/SHOW/OSPF option
Options
/ADVERTISE area-id
type
ls-id
adv-router
index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Displays link state advertisements. The parameters and qualifiers for MULTINET SHOW OSPF ADVERTISE are as follows:
|
Parameter and Qualifier |
Description |
|
area-id |
OSPF area for which the query is directed. |
|
type |
The available types are /INTERFACES Requests the router links advertisements. Describes the collected states of the router's interfaces. For this request, the ls-id field should be set to the originating router's Router ID. /ROUTERS Requests the network links advertisements. Describes the set of routers attached to the network. For this request, the ls-id field should be set to the IP interface address of the network's Designated Router. /NETWORK_ROUTES Requests the summary link advertisements describing routes to networks. Describes the inter-area routes and enables the condensing of routing information at area borders. For this request, the ls-id field should be set to the destination network's IP address. /BOUNDARY_ROUTES Requests the summary link advertisements describing routes to AS boundary routers. Describes the inter-area routes and enables the condensing of routing information at area borders. For this request, the ls-id field should be set to the Router ID of the described AS boundary router. /EXTERNAL_ROUTES Requests the AS external link advertisements. Describes routes to destinations external to the AS. For this request, the ls-id field should be set to the destination network's IP address. |
|
ls-id |
See the type parameter. |
|
adv-route |
Router ID of the router that originated this link state advertisement. |
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
:
/AS index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the Autonomous System (AS) external database entries. This table reports the advertising router, forwarding address, age, length, sequence number, and metric for each AS external route. The parameters and qualifiers for MULTINET GATED/ SHOW/OSPF/AS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
DESTINATIONS/OUTPUT=file
/FILE=file
This command displays the list of destinations and their indices described in an OSPF destination records file. The parameters and qualifiers for
MULTINET GATED/SHOW/OSPF/ DESTINATIONS are as follows:
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
/ERRORS index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the error log. This reports the different error conditions that can happen between OSPF routing neighbors and shows the number of occurrences for each. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/ERRORS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/HOPS index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the set of next hops for the OSPF router being queried. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/HOPS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/INTERFACES index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Displays all interfaces. This shows all the interfaces configured for OSPF. The information includes the area, interface IP address, interface type, interface state, cost, priority and the IP address of the DR and BDR of the network. The parameters and qualifiers for MULTINET GATED SHOW OSPF INTERFACES are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/LOG index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the cumulative log. This log includes input and output statistics for monitor requests, hellos, database descriptions, link state updates, and link state ACK packets. Area statistics are provided that describe the total number of routing neighbors and number of active OSPF interfaces. Routing table statistics are summarized and reported as the number of intra-area routes, inter-area routes, and AS external database entries.
The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/LOG are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/NEIGHBORS index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
/RETRANSMIT
This command shows all OSPF routing neighbors. The information shown includes the area, local interface address, router ID, neighbor IP address, state and mode. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/NEIGHBORS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
|
/RETRANSMIT |
Displays the retransmit list of neighbors. |
/ROUTING index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the OSPF routing table. This table reports the AS border routes, area border routes, summary AS border routes, and the networks managed using OSPF. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/ROUTING are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/STATE index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
/RETRANSMIT
Shows the link state database (except for ASEs). This describes the routers and networks making up the AS. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/STATE are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
|
/RETRANSMIT |
Displays the retransmit link state database. |
Examples
1 Displays the OSPF cumulative log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/LOG 1
Source <<192.168.5.31 izar.nene.com>>
IO stats
Input Output Type
2 0 Monitor request
0 0 Hello
0 0 DB Description
0 0 Link-State Req
0 0 Link-State Update
0 0 Link-State Ack
ASE: 0 checksum sum 0
LSAs originated: 39 received: 0
Router: 39
Area 0.0.0.0:
Neighbors: 0 Interfaces: 0
Spf: 1 Checksum sum CE9D
DB: rtr: 1 net: 0 sumasb: 0 sumnet: 0
Routing Table:
Intra Area: 0 Inter Area: 0 ASE: 0
2 Displays the OSPF interface log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/INTERFACE 1
Source <<192.168.5.31 izar.nene.com>>
IO stats
Input Output Type
6 0 Monitor request
0 0 Hello
0 0 DB Description
0 0 Link-State Req
0 0 Link-State Update
0 0 Link-State Ack
ASE: 0 checksum sum 0
LSAs originated: 39 received: 0
Router: 39
Area 0.0.0.0:
Neighbors: 0 Interfaces: 0
Spf: 1 Checksum sum CE9D
DB: rtr: 1 net: 0 sumasb: 0 sumnet: 0
Routing Table:
Intra Area: 0 Inter Area: 0 ASE: 0
3 Displays the OSPF destination records in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/DESTINATIONS
1: 192.168.5.31 izar.nene.com
4 Displays the OSPF link state database log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/STATE 1
Source <<192.168.5.31 izar.nene.com>>
LS Data Base:
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric Where
----------------------------------------------------------------
Rtr 192.168.5.31 192.168.5.31 986 24 80000027 0 SpfTree
5 Displays the OSPF next hops log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/HOPS 1
Source <<192.168.5.31 izar.nene.com>>
Next hops:
Address Type Refcount Interface
---------------------------------------------------------
192.168.5.31 Direct 1 192.168.5.31 SVA-0
6
Displays the OSPF error log for index 1 in the OSPF_DESTS.DAT file.
MULTINET GATED/SHOW/OSPF/ERRORS 1
Source <<192.168.5.31 izar.nene.com>>
Packets Received:
3: Monitor request 0: Hello
0: DB Description 0: Link-State Req
0: Link-State Update 0: Link-State Ack
Packets Sent:
0: Monitor response 0: Hello
0: DB Description 0: Link-State Req
0: Link-State Update 0: Link-State Ack
Errors:
0: IP: bad destination 0: IP: bad protocol
0: IP: received my own packet 0: OSPF: bad packet type
0: OSPF: bad version 0: OSPF: bad checksum
0: OSPF: bad area id 0: OSPF: area mismatch
0: OSPF: bad virtual link 0: OSPF: bad authentication type
0: OSPF: bad authentication key 0: OSPF: packet too small
0: OSPF:packet size > ip length 0: OSPF: transmit error
0: OSPF: interface down 0: OSPF: unknown neighbor
0: HELLO: netmask mismatch 0: HELLO: hello timer mismatch
0: HELLO: dead timer mismatch 0: HELLO: extern option mismatch
0: HELLO: router id confusion 0: HELLO: virtual neighbor unknown
0: HELLO: NBMA neighbor unknown 0: DD: neighbor state low
0: DD: router id confusion 0: DD: externoption mismatch
0: DD: unknown LSA type 0: LS ACK: neighbor state low
0: LS ACK: bad ack 0: LS ACK: duplicate ack
0: LS ACK: Unknown LSA type 0: LS REQ: neighbor state low
0: LS REQ: empty request 0: LS REQ: bad request
0: LS UPD: neighbor state low 0: LS UPD: newer self-gen LSA
0: LS UPD: LSA checksum bad 0: LS UPD:received less recent LSA
0: LS UPD: unknown LSA type
Used to request all routes known by a RIP gateway. The routing information in any routing packets returned is displayed numerically and symbolically. This command is intended to be used as a tool for debugging gateways, not for network management.
Note! To stop the output of this command, enter a Ctrl/C at the command line.
MULTINET GATED/SHOW/RIP gateway-ia
Parameter
gateway-ia
Internet address or name of the gateway to be queried.
Qualifiers
/AUTHENTICATION=authkey
Authentication password to use for queries. If specified, an authentication type of SIMPLE is used. The default authentication type is NONE.
/NONAME
Prevents the responding host's address from being looked up to determine the symbolic name.
/POLL
Requests information from the gateway's routing table. This is the default. If there is no response to the /POLL qualifier, the /REQUEST qualifier is tried.
/REQUEST
Requests information from the gateway's routing table. Unlike the /POLL qualifier, all gateways should support this command. If there is no response, the /POLL qualifier is tried.
/TIMEOUT=seconds
Number of seconds to wait for the initial response from a gateway. Default is 5 seconds.
/TRACE
Traces the RIP packets being sent and received by this command.
/V1
Sends the query as a RIP version 1 packet.
/V2
Sends the query as a RIP version 2 packet.
Example
Shows the routers known by RIP gateway 192.168.10.2.
MULTINET GATED/SHOW/RIP 192.168.10.2
24 bytes from omega1.foobar.com(192.168.10.2):
net/mask router metric tag
192.168.5.0/255.255.255.0 192.168.10.1 2 0000
Queries tracing in GateD.
MULTINET GATED/SHOW/TRACE
Example
$ multinet gated/show/trace
Summary of GateD tracing
--------------------------------------------------
State Machine Transitions Logging is : 'OFF'
Internal Events Logging is : 'OFF'
Policy Decision Logging is : 'OFF
Task Information Logging is : 'OFF'
Timer Logging is : 'OFF'
Routing Information Logging is : 'OFF'
General Send and Receive Logging is : 'OFF'
General Receive Logging is : 'OFF'
General Send Logging is : 'OFF'
Packet Send and Receive Logging is : 'OFF'
Packet Receive Logging is : 'OFF'
Packet Send Logging is : 'OFF'
Configuration File Parsing Logging is : 'OFF'
Route Advertisement Logging is : 'OFF'
Kernel Symbols Logging is : 'OFF
Network Interface Logging is : 'OFF'
Tells the GateD process to halt in an orderly manner.
Format
Toggles GateD tracing on and off. This command opens and closes the GateD log file MULTINET:GATED.LOG as needed.
Tells the GateD process to rescan the network interfaces.
FORMAT
MULTINET GATED/UPDATE_INTERFACES
The MultiNet host table compiler generates binary host tables from the ASCII host table files. After modifying a MultiNet host table, use this command to compile it into its binary form.
After recompiling your host tables, reinstall the host tables by rebooting, or by invoking the @MULTINET:INSTALL_DATABASES command. Then make the host table usable to the MULTINET_SERVER process servers by restarting this process with the @MULTINET:START_SERVER command. MultiNet uses the compiled host tables for fast lookups of host names, and for translation of host, network, protocol, and service names to numbers.
FORMAT
MULTINET HOST_TABLE COMPILE [files]
PARAMETER
files
Contains a comma-separated list of one or more input files to be compiled. These files must be in the format described in RFC-952 "DoD Internet Host Table Specification." If not specified, the input files default to MULTINET:HOSTS.SERVICES, MULTINET:HOSTS.LOCAL, and MULTINET:HOSTS.TXT.
QUALIFIERS
Specifies the file to which the compiler writes the binary host table (by default, MULTINET:NETWORK_DATABASE).
/SILENTLY
/NOSILENTY (default)
Determines whether the compilation proceeds quietly. The default, /NOSILENTLY, can take some time to process.
Specifies the initial hash size for the host table hash. Starting at this value, the host table compiler searches for an acceptable hashing function. The default for this qualifier is the "best value," which is computed from the size of the data as the utility attempts to create 512-byte units.
When you run HOST TABLE COMPILE, the hash value is listed in the displayed messages. To select a value for this qualifier, choose a number from the displayed range of values.
Specifies the file to which the compiler writes the "host-completion" database, used by programs that allow for escape-completion of partially typed host names. The default is MULTINET:HOSTTBLUK.DAT.
Specifies the file to which the compiler writes a UNIX-style hosts file that can be used on most UNIX systems and with many other vendors' TCP implementations. The default, /NOUNIX_HOST_FILE, inhibits the creation of a UNIX-style hosts file.
Connects to the HOSTNAME port of NIC.DDN.MIL and uses the HOSTNAME protocol to retrieve the HOSTS.TXT file. After retrieving a new MultiNet host table, compile it into binary form with the MULTINET HOST_TABLE COMPILE command so the host table can be accessed.
CAUTION! The HOSTS.TXT file located on NIC.DDN.MIL is no longer maintained by the DDN NIC (or anyone else). This file contains out-of-date information and should be used with caution. If your host is connected to the Internet, DNS is a desirable alternative to using host tables.
QUALIFIERS
/HOST=host (default NIC.DDN.MIL)
Specifies a host other than NIC.DDN.MIL. If you specify the host name instead of the address, the host name must exist in your existing host tables.
Specifies a different output file (by default, MULTINET:HOSTS.TXT).
/SILENTLY
/NOSILENTLY (default)
Specifies that various debugging information is written to SYS$ERROR as the program executes.
Specifies an arbitrary HOSTNAME protocol request to the host of interest as follows:
• If the /QUERY qualifier is present, use its value
• Otherwise, if the /VERSION qualifier is present, user "VERSION"
• Otherwise, use "ALL"
Retrieves only the HOSTS.TXT version number.
The HOSTNAME protocol supports simple text query requests of the form:
command_key argument(s) [options]
command_key is a keyword indicating the nature of the request and square brackets ( [ ] ) indicate an optional field. The defined keys are described in the following table:
|
Keyword |
Response |
|
HELP |
The information in this table. |
|
VERSION |
"VERSION: string" where string is different for each version of the host table. |
|
HNAME hostname |
One or more matching host table entries. |
|
HADDR hostaddr |
One or more matching host table entries. |
|
ALL |
The entire host table. |
|
ALL-OLD |
The entire host table without domain-style names. |
|
DOMAINS |
The entire top-level domain table (domains only). |
|
ALL-DOM |
Both the entire domain table and the host table. |
|
ALL-INGWAY |
All known gateways in TENEX/TOPS-20 INTERNET.GATEWAYS format. |
Installs the binary host tables as global sections. Do not run HOST_TABLE INSTALL directly. Instead, use the MULTINET:INSTALL_DATABASES.COM command procedure.
FORMAT
The MULTINET IPP SHOW utility allows a user to learn the capabilities supported by an IPP server. This utility queries the server and displays the supported attributes. The program can be used to see what a given server supports, by a program to gather information about a number of printers, or by a DCL or other program to check the capabilities of a given server before submitting a print job to a queue. The command syntax is:
$ MULTINET IPP SHOW server_URI /qualifiers...
/ATTRIBUTE=attribute
Puts the program into a mode suitable for use from a DCL command procedure. Not compatible with the /FORMAT or /OUTPUT qualifiers or those associated with them. It causes the program to return the value of a single attribute as a character string in a DCL symbol. The symbol may be specified with the /SYMBOL qualifier if the default of "IPP_SHOW_RESULT" is not desired. This is intended for use in a procedure to check to see if, for example, a given server supports color printing before submitting a job to a queue that requires color output. Allowable values for attribute are:
|
Charset_ConfiguredCharset_SupportedColor_SupportedCompression_SupportedCopies_DefaultCopies_SupportedDocument_Format_DefaultDocument_Format_SupportedFinishings_DefaultFinishings_SupportedGen_Natural_Language_SupportedJob_Hold_Until_DefaultJob_Hold_Until_SupportedJob_Impressions_SupportedJob_K_Octets_SupportedJob_Media_Sheets_SupportedJob_Priority_DefaultJob_Priority_SupportedJob_Sheets_DefaultJob_Sheets_SupportedMedia_DefaultMedia_SupportedMultiple_Doc_Handling_DefaultMultiple_Doc_Handling_SupportedMultiple_Operation_TimeoutNatural_Language_ConfiguredNumber_Up_DefaultNumber_Up_SupportedOperations_Supported |
Orientation_Requested_DefaultOrientation_Requested_SupportedPage_Ranges_DefaultPage_Ranges_SupportedPDL_Override_SupportedPrint_Quality_DefaultPrint_Quality_SupportedPrinter_Current_TimePrinter_Driver_InstallerPrinter_InfoPrinter_Is_Accepting_JobsPrinter_LocationPrinter_Make_and_ModelPrinter_Message_From_OperatorPrinter_More_InfoPrinter_More_Info_ManufacturerPrinter_NamePrinter_Resolution_DefaultPrinter_Resolution_SupportedPrinter_StatePrinter_State_MessagePrinter_State_ReasonsPrinter_UptimePrinter_URI_SupportedQueued_Job_CountReference_URI_Schemes_SupportedSides_DefaultSides_SupportedURI_Security_Supported |
/[NO]APPEND
Specifies that output should be appended to an existing output file if possible. /NOAPPEND is the default.
/FORMAT=style
Specifies what print style to use. style is either
• "SCREEN" (default) which writes in a human-friendly screen-formatted mode or
• "LIST" which writes an easy to parse, name=value format, one name/value pair per line.
/[NO]FULL
Causes all IPP attributes to be included in the display, whether the server supports them or not. Those not supported are marked as such. /NOFULL is the default.
/[NO]GLOBAL
Specifies whether the named symbol should be created as a DCL global symbol. Used only with
/ATTRIBUTE. If specified as "/NOGLOBAL", the symbol will be local to the calling procedure level. /GLOBAL is the default.
/OUTPUT=file
Specifies a file to write output to. "SYS$OUTPUT:" is the default.
/SYMBOL=symbolname
Specifies a DCL symbol name that should be set to the value of the specified attribute. Used only with /ATTRIBUTE. The default is "IPP_SHOW_RESULT" if /SYMBOL is not specified.
EXAMPLES of MULTINET IPP SHOW Use and Output
1 Basic operation with all defaults:
$ MULTINET IPP SHOW LILLIES.FLOWERPOTS.COM
LILLIES.FLOWERPOTS.COM as of Tue Mar 9 16:08:43 2004
CURRENT INFO:
Printer State: Idle
State Reasons: none
Accepting Jobs?: Yes
Queued Job Count: 0
PRINTER INFO:
Name: Lexmark Optra T610
Make & Model: Lexmark Optra T610
DEFAULTS:
Document Format: application/octet-stream
Orientation: Portrait
Number-Up: 1
Copies: 1
Job Media Sheets: none
Character Set: utf-8
Natural Language: en-us
SUPPORTED FEATURES AND ALLOWED VALUES:
Color?: No
Orientation: Portrait, Landscape
Document Formats: application/octet-stream, application/postscript,
application/vnd.hp-PCL, text/plain
Job Sheets: none, standard
Number-Up: 1:16
Copies: 1:999
PDL Override: not-attempted
Character Sets: utf-8, us-ascii
Natural Languages: en-us
Operations: Print_Job, Validate-Job, Cancel-Job,
Get-Job_Attributes, Get-Jobs,
Get-Printer_Atrributes, Unknown: 18
URIs Supported and associated security options:
URI: http://192.168.50.2/
Security: none
URI: http://192.168.50.2:631/
Security: none
2 Operation with /FULL and output to a file (note that the "/" character in the URI requires use of quotes around the server URI parameter):
$ MULTINET IPP SHOW "LILLIES.FLOWERPOTS.COM/IPP" /FULL /OUTPUT=FOO.BAR
FOO.BAR contains:
LILLIES.FLOWERPOTS.COM/IPP as of Tue Mar 9 16:11:54 2004
CURRENT INFO:
Printer State: Idle
State Reasons: none
State Message: <not supported>
Accepting Jobs?: Yes
Queued Job Count: <not supported>
Uptime (seconds): <not supported>
Printer Time: <not supported>
PRINTER INFO:
Name: LILLIES
Printer Location: <not supported>
Printer Info: MANUFACTURER:Hewlett-Packard;COMMAND SET:PJL,ML -
C,PCL,PCLXL,POSTSCRIPT;MODEL:HP LaserJet 2100 -
Series;CLASS:PRINTER;DESCRIPTION:H
URL for more info: <not supported>
URL for driver: <not supported>
Make & Model: <not supported>
URL for Maker: <not supported>
DEFAULTS:
Document Format: application/octet-stream
Orientation: <not supported>
Number-Up: <not supported>
Sides: <not supported>
Copies: <not supported>
Mult. Doc. Handling: <not supported>
Media: <not supported>
Job Media Sheets: <not supported>
Finishings: <not supported>
Job Priority: <not supported>
Job Hold Until: <not supported>
Print Quality: <not supported>
Printer Resolution: <not supported>
Character Set: us-ascii
Natural Language: en-us
Mult. Op. Timout: <not supported>
SUPPORTED FEATURES AND ALLOWED VALUES:
Color?: <not supported>
Orientation: <not supported>
Document Formats: text/plain, text/plain; charset=US-ASCII,
application/postscript, application/vnd.hp-PCL,
application/octet-stream
Job Sheets: <not supported>
Number-Up: <not supported>
Sides: <not supported>
Copies: <not supported>
Mult. Doc. Handling: <not supported>
Media Names: <not supported>
Job Media Sheets: <not supported>
Finishings: <not supported>
Job Priority: <not supported>
Job Hold Until: <not supported>
Page Ranges?: <not supported>
Print Qualities: <not supported>
Resolutions: <not supported>
Compression Modes: <not supported>
Job K-octets: <not supported>
Job Impressions: <not supported>
PDL Override: not-attempted
Character Sets: us-ascii, utf-8
Natural Languages: en-us
URI Schemes: <not supported>
Operations: Print_Job, Validate-Job, Cancel-Job,
Get-Job_Attributes, Get-Jobs,
Get-Printer_Atrributes
URIs Supported and associated security options:
URI: /ipp
Security: none
URI: /ipp/port1
Security: none
MESSAGE FROM OPERATOR:
<no Message>
3 Operation with /attribute and /SYMBOL and /GLOBAL to get a single attribute into a DCL symbol:
$ MULT IPP SHOW LEXIM /ATTRIB=NUMBER_UP_SUPPORTED /SYMBOL=NUMUP /GLOBAL
$ SHO SYM NUMUP
NUMUP == "1:16"
$
Stores the contents of the Kerberos database in an ASCII text file. Use this command to transfer the contents of a master KDC database to another system which acts as a backup KDC. The ASCII format allows interchange among different vendors' implementations of Kerberos on different platforms. Passwords are output as encrypted text strings. Dumping the database to a text file and then editing it is the only way to delete users or principals from the database. Use MULTINET KERBEROS DATABASE LOAD to reload a dumped database.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE DUMP [outfile]
QUALIFIER
Specifies that an alternative database is used instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
EXAMPLES
This example stores the Kerberos database named FOO into the DUMP_FILE.TXT text file. This text file can be loaded with the following command:
$ MULTINET KERBEROS DATABASE DUMP -
_$ /DATABASE_FILE=MULTINET:FOO. DUMP_FILE.TXT
In this example, the /DATABASE_FILE qualifier specifies the name of the database that is created.
$ MULTINET KERBEROS DATABASE LOAD -
_$ /DATABASE_FILE=MULTINET:FOO_TOO. DUMP_FILE.TXT
This example lists the contents of the database.
$ MULTINET KERBEROS DATABASE DUMP TT:
Interactively adds principal information to the database.
FORMAT
MULTINET KERBEROS DATABASE EDIT
QUALIFIERS
Specifies that an alternative database is used instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
/PROMPT_FOR_KEY (default)
/NOPROMPT_FOR_KEY
Specifies that you are prompted to supply the master key password. /NOPROMPT_FOR_KEY causes the master key to be read from a file previously created with the MULTINET KERBEROS DATABASE STASH utility.
DESCRIPTION
MULTINET KERBEROS DATABASE EDIT adds principal information to the database. The principal can be either a user or a program.
Note! This command applies to Kerberos V4 only.
Table 1-2 describes the prompts displayed by this utility.
Table 1-2 KERBEROS DATABASE EDIT Prompts (Continued)
|
At This Prompt... |
Enter This Information |
|
Enter Kerberos master key: |
The encryption key for the Kerberos database. This is the master password for Kerberos administration and must be safeguarded. This is a standard VMS-style password except the value is case-sensitive and can be up to 64 bytes in length. |
|
Principal name |
A case-sensitive value, which generally is a user name if you are adding a user to the database, or the name of a principal used by a Kerberized server if you are entering a class of service. Exit KERBEROS DATABASE EDIT by pressing RETURN at the Principal name prompt. |
|
Instance |
A case-sensitive string value. When adding users to the database, enter an empty string (press RETURN). When associating a service type with a system, the instance is the system name. If the principal name is for a new user or application, the next prompt is "Not found, Create [y] ?". Enter y to create the principal entry, or n to enter another principal name. |
|
Change password |
Change the password for a user or service. This prompt only appears if you specified an existing principal or instance name. If you enter y, you are prompted with the "New Password:" prompt; if you enter n, you are prompted for the Expiration date. |
|
New password |
Enter a new password. You can enter "RANDOM" for the password, which indicates the password is known only within the software. This feature adds additional security. Note: you must specify RANDOM in all uppercase letters. The only use for the RANDOM password feature with user accounts is to prevent users from accessing the Kerberos system. If you did not select the RANDOM feature and chose to change the pass-word, enter a new password. You are prompted to verify the password you entered. |
|
Expiration date |
The date on which a user can no longer access the system, or the date that an application is no longer valid. |
|
Max ticket lifetime |
The maximum lifetime, in minutes, for a user's ticket. This can be any value from 5 to 1275 minutes (21 hours, 15 minutes). |
|
Attributes |
The valid range of this value is 0 to 65535, inclusive. The meaning of this value is system- and application-dependent. MultiNet applications do not currently use this value. |
EXAMPLE
$ MULTINET KERBEROS DATABASE EDIT /NOPROMPT
Opening database...
Current Kerberos master key version is 1
Previous or default values are in [brackets],
enter Return to leave the same, or new value.
Principal name: rcmd
Instance: bigboote
<Not found>, Create [y] RETURN
Principal: rcmd, Instance: bigboote, kdc_key_ver: 1
New password: password
Verifying, please re-enter New Password: password
Principal’s new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2099-12-31 ] ? RETURN
Max ticket lifetime (*5 minutes) [ 255 ] RETURN
Attributes [ 0 ] ? RETURN
Edit O.K.
Principal name: john
Instance: RETURN
<Not found>, Create [y] RETURN
Principal: john, Instance: , kdc_key_ver: 1
New password: password
Verifying, please re-enter New Password: password
Principal’s new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2099-12-31 ] ? RETURN
Max ticket lifetime (*5 minutes) [ 255 ] RETURN
Attributes [ 0 ] ? RETURN
Edit O.K.
Principal name: RETURN
$
Initializes the Kerberos database. If you need to run this command on an already configured system, shut down Kerberos by first disabling the Kerberos and KADMIN servers using the MULTINET CONFIGURE /SERVERS command, then restart the MultiNet master server. Refer to the examples later in this section.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE INITIALIZE
QUALIFIERS
Specifies the use of an alternative database instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
Specifies the Kerberos realm to use instead of the default (the local domain name specified in the MULTINET:KERBEROS.CONFIGURATION file). Note: the realm name is case-sensitive.
EXAMPLES
This example initializes the Kerberos database.
$ MULTINET KERBEROS DATABASE INITIALIZE
Realm name [REALM]: FLOWERS.COM
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Kerberos master key: password
Verifying, please re-enter Kerberos master key: password
$
This example shuts down Kerberos by disabling the KERBEROS and KADMIN servers, restarts the MASTER_SERVER process, then exits.
$ MULTINET CONFIGURE /SERVERS
MultiNet Server Configuration Utility 5.3 (nnn)
[Reading in symbols from SERVER image MULTINET:SERVER.EXE]
[Reading in configuration from MULTINET:SERVICES.MASTER_SERVER]
SERVER-CONFIG>DISABLE KERBEROS
SERVER-CONFIG>DISABLE KADMIN
SERVER-CONFIG>RESTART
%RUN-S-PROC_ID, identification of created process is 2060005C
SERVER-CONFIG>EXIT
[Writing configuration to MULTINET_COMMON_ROOT:[MULTINET]
SERVICES.MASTER_SERVER]
Loads the database from an ASCII text file produced by the MULTINET KERBEROS DATABASE DUMP utility. The ASCII text allows for interchange between different vendors' Kerberos implementations and different platforms, so the file being loaded does not need to be generated by the MultiNet Kerberos implementation.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE LOAD [outfile]
QUALIFIER
Specifies that an alternative database is used instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
EXAMPLES
1 $ MULTINET KERBEROS DATABASE DUMP -
_$ /DATABASE_FILE=MULTINET:FOO. DUMP_FILE.TXT
$
This example stores the Kerberos database named FOO. into the DUMP_FILE.TXT text file. This text file can be restored with this command:
2 $ MULTINET KERBEROS DATABASE LOAD -
_$ /DATABASE_FILE=MULTINET:FOO_TOO. DUMP_FILE.TXT
The /DATABASE_FILE qualifier specifies the name of the created database.
Permits the master key to be changed. After changing the master key, rebuild the database. Dump the database to an ASCII text file before using this command to change the master key. (You can dump the database to an ASCII text file with the MULTINET KERBEROS DATABASE UTILITY DUMP command.) After changing the key, re-stash the master key with the MULTINET KERBEROS DATABASE STASH command, and reload the database from the ASCII dump file with the MULTINET KERBEROS DATABASE UTILITY LOAD command.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE NEW_MASTER_KEY
Creates a service key file for use by server programs on the named system to decode KERBEROS authenticators. The output file name is of the form server-NEW-KERBEROS.SRVTAB, where server is the name of the remote system for which this file is being created. After creating the key file, transport it manually (not over the network, unless encryption is available) to the remote system, and copy it to MULTINET:KERBEROS.SRVTAB.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE SRVTAB host(s)
PARAMETER
host(s)
Specifies one or more host names. host is not a fully qualified name and does not include dots. If specified in double quotes, mixed-case host names (for example, "Lot49") are preserved. If not specified in double quotes, all letters are converted to lowercase. If you do not supply this parameter, you are prompted for the host name(s).
QUALIFIERS
Controls whether or not you are prompted to supply the master key password. /NOPROMPT causes the master key to be read from a file previously created with the MULTINET KERBEROS DATABASE STASH utility.
Specifies the Kerberos realm to use instead of the default (the local realm name specified in the MULTINET:KERBEROS.CONFIGURATION file). Note: the realm name is case-sensitive.
EXAMPLE
$ MULTINET KERBEROS DATABASE SRVTAB /REALM=FLOWERS.COM /NOPROMPT
Saves the master key in a protected file both for the KDC, which needs the master key to read the Kerberos database, and for the convenience of the administrator who does not have to enter the master password when accessing the Kerberos configuration utilities.
Note! This command applies to Kerberos V4 only.
FORMAT
MULTINET KERBEROS DATABASE STASH
EXAMPLE
$ MULTINET KERBEROS DATABASE STASH
$
Kerberos master key: password
Verifying, please re-enter Kerberos master key: password
Current Kerberos master key version is 1.
Invokes the MultiNet network LOADER. This program loads a network image into the VMS kernel and starts the network.
Note! This utility is invoked automatically by the network startup command file generated by the Network Configuration Utility and should not be invoked by a user.
FORMAT
Sends commands to services internal to the MULTINET_SERVER process. NETCONTROL can select any server provided in the MultiNet configuration or those previously added with the Server Configuration Utility. This command affects only the currently running configuration.
FORMAT
MULTINET NETCONTROL [service] [command]
PARAMETERS
service
Connects to the specified service (by default, NETCONTROL).
command
Sends a specified command string to the server. If you do not specify a command string, NETCONTROL enters interactive mode.
QUALIFIERS
Connects to the NETCONTROL service on the specified host (by default, the NETCONTROL service on the local host).
Displays the entire NETCONTROL protocol conversation. This qualifier is useful only for debugging purposes.
DESCRIPTION
The NETCONTROL program sends commands to services internal to the MULTINET_SERVER process. NETCONTROL currently provides access to the following MultiNet services:
Table 1-3 MultiNet NETCONTROL Services (Continued)
|
ACCESS |
BOOTP |
BWNFSD |
CLUSTERALIAS |
|
DHCLIENT |
DHCP |
DOMAINNAME |
EKLOGIN |
|
FONTSERVER |
GATED |
IPXRIP |
KERBEROS |
|
KLOGIN |
KSHELL |
NETCONTROL |
NFS |
|
NOT |
NTP |
PCNFSD |
RARP |
|
"R" Server |
RDISC |
REXEC |
RLOGIN |
|
RPCBOOTPARAMS |
RPCLOCKMGR |
RPCMOUNT |
RPCPORTMAP |
|
RPCQUOTAD |
RPCSTATUS |
RSHELL |
SAP |
|
SNMP |
SSH |
SYSLOG |
TELNET |
|
TFTP |
UCXQIO |
VIADECNET |
VIAPSI |
|
XDM |
For loadable services (those with an INIT setting of Merge_image), you can use the SERVER-CONFIG SET PROCESS process_name command to have the service run in an auxiliary master server process with the specified name, rather than in the main master server process (which has a process name of MULTINET_SERVER).
Unlike earlier versions of MultiNet:
• The auxiliary server no longer has to be manually started.
• The service(s) running in the auxiliary process can be controlled with NETCONTROL.
Use the SERVER-CONFIG SET FLAGS START_AUX_SERVER command to have the main master server start the auxiliary server process automatically. (You can also set it through MENU-CONFIG in "extended" mode.)
Services running in auxiliary master server processes can be controlled with NETCONTROL, independent of whether the START_AUX_SERVER flag is set, or whether the auxiliary process was started manually.
Auxiliary server processes are most useful for services which may require very large quantities of process quotas such as virtual memory. They can also be useful when there are problems with a loadable service that cause the master server to terminate abnormally; the service can be isolated in a separate process to prevent other services from being interrupted when the abnormal termination occurs.
The following command shuts down all services, including those run in auxiliary master server processes. (In earlier versions, services running in auxiliary master server processes were not affected by this command.)
$ MULTINET NETCONTROL NETCONTROL SHUTDOWN ALL
In addition, specifying a SET PROCESS command on the NETCONTROL service (in SERVER-CONFIG) has no effect; the NETCONTROL server always runs in the main master server process.
Invoke NETCONTROL with MULTINET NETCONTROL, or with NETCONTROL commands from inside the Server Configuration Utility or NFS Server Configuration Utility.
NETCONTROL connects to the NETCONTROL server on the local host, or on a remote host if one is specified. The following example demonstrates two ways of connecting to the RLOGIN service. Note: the NETCONTROL prompt indicates the name of the service to which you are connected.
$ MULTINET NETCONTROL RLOGIN
Connected to NETCONTROL server on "LOCALHOST" < SP1.SPROCKET.COM Network Control 5.3 (nnn) at Mon 15-Mar-2004 7:42am-EST
RLOGIN>
$ MULTINET NETCONTROL
Connected to NETCONTROL server on "LOCALHOST"
< SP1.SPROCKET.COM Network Control 5.3 (nnn) at Mon 15-Mar-2004 7:42am-EST
NETCONTROL>SELECT RLOGIN
RLOGIN>
The following example shows how to specify a NETCONTROL command from the command line. When used this way, NETCONTROL exits to DCL upon completion.
$ MULTINET NETCONTROL RLOGIN SHOW
Connected to NETCONTROL server on "LOCALHOST"
< SP1.SPROCKET.COM Network Control 5.3 (nnn) at Mon 15-Mar-2004 7:42am-EST < File Cache:
< MULTINET:HOSTS.EQUIV (Expires in 59 minutes)
< USERS:[MIGUEL].rhosts (Expired)
< Authorization Cache:
< EDUARDA (Expires in 59 minutes)
< MIGUEL (Expired)
$
You can also use NETCONTROL to control the MULTINET_SERVER on a remote system, subject to the restrictions set on that system's NETCONTROL server.
The following example shows how to invoke NETCONTROL on a remote system.
$ MULTINET NETCONTROL/HOST=SP1.SPROCKET.COM RLOGIN
Connected to NETCONTROL server on "SP1.SPROCKET.COM"
< SP1.SPROCKET.COM Network Control 5.3 (nnn) at Mon 15-Mar-2004 7:42am-EST
RLOGIN>
To change the ACCOUNTING and DEBUG parameters with the MULTINET NETCONTROL command, use the following commands. Use the DEBUG parameter to dynamically set the MultiNet server debugging level to the specified value n. By default, additional information is provided in the accounting record by the MultiNet server. You can disable this feature by setting n to 0. When set to 1, the remote name and service name are added to the ACCOUNTING record.
$ MULTINET NETCONTROL NETCONTROL DEBUG n RETURN
$ MULTINET NETCONTROL NETCONTROL ACCOUNTING n RETURN
Table 1-4 shows the NETCONTROL commands you can use at any time.
Table 1-4 NETCONTROL Commands Valid at any Time (Continued)
Table 1-5 shows the NETCONTROL commands you can use with the ACCESS server.
Table 1-5 NETCONTROL ACCESS Commands (Continued)
Table 1-6 shows the NETCONTROL ACCOUNTING commands you can use.
Table 1-6
|
Command |
Description |
|
ACC-CONTROL-VERSION |
Shows the version of the accounting control logs. |
|
FILE <file_specification> |
Starts a new accounting control image. |
|
NOOP |
Does nothing. |
|
RELOAD |
Restarts the accounting server. |
|
SHUTDOWN |
Stops the accounting server. |
|
START |
Starts the accounting server. |
|
VERSION |
Displays the version of the accounting server control image. |
NETCONTROL ACCOUNTING Commands
Table 1-7 shows the NETCONTROL commands you can use with the BOOTP server.
Table 1-7 NETCONTROL BOOTP Commands (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
DUMP |
Dumps the BOOTP database. |
|
RELOAD |
Reloads the BOOTP database. |
Table 1-8 shows the NETCONTROL command you can use with the BWNFSD server.
Table 1-8 NETCONTROL BWNFSD Command (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
Table 1-9 shows the NETCONTROL commands you can use with the CLUSTERALIAS server
Table 1-9 NETCONTROL CLUSTERALIAS Commands (Continued)
Table 1-9 shows the NETCONTROL commands you can use with the DHCP client.
Table 1-10 NETCONTROL DHCP Client Commands
Table 1-11 shows the NETCONTROL commands you can use with the DHCP server.
Table 1-11 NETCONTROL DHCP Commands (Continued)
Table 1-12 shows the NETCONTROL commands you can use with the DOMAINNAME server.
Table 1-12 NETCONTROL DOMAINNAME Commands (Continued)
Table 1-13 shows the NETCONTROL commands you can use with the EKLOGIN server:
Table 1-13 NETCONTROL EKLOGIN Commands (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
FLUSH-CACHE |
Flushes the "KR" services authentication cache. |
Table 1-14 shows the NETCONTROL commands you can use with the FONTSERVER server.
Table 1-14 NETCONTROL FONTSERVER Commands (Continued)
Table 1-15 shows the NETCONTROL commands you can use with the IPXRIP server.
Table 1-15 NETCONTROL IPXRIP Commands (Continued)
Table 1-16 shows the NETCONTROL command you can use with the KERBEROS V4 server.
Table 1-16 NETCONTROL KERBEROS Command (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
Table 1-17 shows the NETCONTROL commands you can use with the KLOGIN server.
Table 1-17 NETCONTROL KLOGIN Commands (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
FLUSH-CACHE |
Flushes the "KR" services authentication cache. |
Table 1-18 shows the NETCONTROL commands you can use with the KSHELL server.
Table 1-18 NETCONTROL KSHELL Commands (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
FLUSH-CACHE |
Flushes the "KR" services authentication cache. |
Table 1-19 shows the NETCONTROL commands you can use with the NETCONTROL server.
Table 1-19 NETCONTROL NETCONTROL Commands (Continued)
Table 1-20 shows the NETCONTROL commands you can use with the NFS Server.
Table 1-20 NETCONTROL NFS Commands (Continued)
Table 1-21 shows the NETCONTROL commands you can use with the NOT server.
Table 1-21 NETCONTROL NOT Commands (Continued)
Table 1-22 shows the NETCONTROL commands you can use with the NTP server.
Table 1-22 NETCONTROL NTP Commands (Continued)
Table 1-23 shows the NETCONTROL command you can use with the PCNFSD server.
Table 1-23 NETCONTROL PCNFSD Command (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
Table 1-24 shows the NETCONTROL commands you can use with the RACOON server.
Table 0-1 NETCONTROL PCNFSD Commands (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging level |
|
DELETE |
Delete an establish key exchange session. |
|
ESTABLISH |
Establish a key exchange between two IP addresses and get them to authenticate each other. |
|
FLUSH |
Flush existing key exchange sessions. |
|
NOOP |
No operation |
|
SHOW |
Shows the current state of key negotiation between IP addresses |
|
SHUTDOWN |
Shutdown Racoon |
|
START |
Start Racoon |
|
STOP |
Stop Racoon (equivalent to SHUTDOWN) |
|
VERSION |
Version of the control interfac |
Table 1-24 shows the NETCONTROL commands you can use with the RARP server.
Table 1-24 NETCONTROL RARP Commands (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the RARP debugging level. The larger the number, the more verbose the output. |
|
RELOAD |
Reloads the RARP database. |
Table 1-25 shows the NETCONTROL commands you can use with NETCONTROL REXEC, NETCONTROL RLOGIN, or NETCONTROL RSHELL.
Table 1-25 NETCONTROL "R" Server Commands (Continued)
Table 1-26 shows the NETCONTROL commands you can use with the RACOON server.
Table 1-26 NETCONTROL RACOON Commands (Continued)
Table 1-27 shows the NETCONTROL commands you can use with the RPCBOOTPARAMS server.
Table 1-27 NETCONTROL RPCBOOTPARAMS Commands (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
RELOAD |
Reloads the RPC boot parameters for diskless hosts. |
Table 1-28 shows the NETCONTROL commands you can use with the RPCLOCKMGR server.
Table 1-28 NETCONTROL RPCLOCKMGR Commands (Continued)
Table 1-29 shows the NETCONTROL commands you can use with the RPCMOUNT server.
Table 1-29 NETCONTROL RPCMOUNT Commands (Continued)
Table 1-30 shows the NETCONTROL commands you can use with the RPC Portmapper server.
Table 1-30 NETCONTROL RPCPORTMAP Commands (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the RPCPORTMAP debugging level. The larger the number, the more verbose the output. |
|
SHOW |
Prints the current portmap database. |
Table 1-31 shows the NETCONTROL command you can use with the RPCQUOTAD server.
Table 1-31 NETCONTROL RPCQUOTAD Command (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
Table 1-32 shows the NETCONTROL commands you can use with the RPCSTATUS server.
Table 1-32 NETCONTROL RPCSTATUS Commands (Continued)
Table 1-33 shows the NETCONTROL commands you can use with the SNMP server.
Table 1-33 NETCONTROL SNMP Commands (Continued)
Table 1-34 shows the NETCONTROL commands you can use with the SSH server.
Table 1-34 NETCONTROL SSH Commands (Continued)
Table 1-35 shows the NETCONTROL commands you can use with the SYSLOG server.
Table 1-35 NETCONTROL SYSLOG Commands (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
RELOAD |
Reloads the configuration file. |
Table 1-36 shows the NETCONTROL commands you can use with the TELNET server.
Table 1-36 NETCONTROL TELNET Commands (Continued)
|
Command |
Description |
|
DEBUG |
Sets the TELNET debugging level. The larger the number, the more verbose the output. |
|
TRACE n |
Sets the trace level. |
Table 1-37 shows the NETCONTROL commands you can use with the TFTP server.
Table 1-37 NETCONTROL TFTP Commands (Continued)
Table 1-38 shows the NETCONTROL command you can use with the UCXQIO server.
Table 1-38 NETCONTROL UCXQIO Command (Continued)
|
Command |
Description |
|
DEBUG n |
Sets the UCXQIO debugging level. The larger the number, the more verbose the output. |
Table 1-39 shows the NETCONTROL commands you can use with the VIADECNET server.
Table 1-39 NETCONTROL VIADECNET Commands (Continued)
Table 1-40 shows the NETCONTROL commands you can use with the VIAPSI server.
Table 1-40 NETCONTROL VIAPSI Commands (Continued)
Table 1-41 shows the NETCONTROL commands you can use with the XDM server.
Table 1-41 NETCONTROL XDM Commands (Continued)
Dismounts a remotely mounted NFS file system.
FORMAT
MULTINET NFSDISMOUNT mount_device
PARAMETER
mount_device
Specifies an NFSx: device associated with a remotely mounted file system.
QUALIFIERS
Specifies that NFSDISMOUNT notifies remote systems that no file systems are currently mounted (this is usually used as part of the reboot procedure).
Note! NFSDISMOUNT/ALL does not dismount file systems, but rather notifies an NFS server that the local system does not have any mounted. If you do not specify host_name, NFSDISMOUNT broadcasts the request to the local network.
Specifies that NFSDISMOUNT displays information when a dismount occurs.
EXAMPLE
This example shows how to dismount a remotely mounted file system attached to the local mount device NFS3:.
Mounts a remote NFS file system so it can be used locally. NFSMOUNT requires CMKRNL, SETPRV, SYSPRV, SYSNAM, ALTPRI, DETACH, ACNT, and SYSLCK privileges.
FORMAT
MULTINET NFSMOUNT node::mount_point logical_name
PARAMETERS
node
Specifies the name of the computer serving the file system to the network.
mount_point
Specifies the portion of an NFS file system to be mounted. The format of the specified mount point depends on the server. Enclose mount_point in quotes if it contains special or lowercase characters.
logical_name
Specifies an OpenVMS logical name to assign to the mount device. OpenVMS users can access remote files using this logical name.
QUALIFIERS
Specifies the size (in bytes) of the File Identifier (FID) cache. Values range from 5 to 5000000. The default is 10000.
/LOCKING=( [ local, ]
[network ] )
Specifies the type of file locking used on the NFS-mounted file system.
• LOCAL — Specifies that OpenVMS file-locking operations will only be consistent on the local system.
• NETWORK — Uses the NFS Network Lock Manager to obtain consistent file locking between all NFS clients. Use of the /LOCKING=NETWORK qualifier adds protocol overhead.
If you specify both LOCAL and NETWORK, network locking is attempted; if the remote lock manager cannot be contacted, local locking is used.
Specifies the page file quota for the NFS_CLIENT_ACP process. This process is created when the first NFS file system is mounted. This qualifier is ignored on subsequent mounts. The default is 65535 pages.
Specifies the remote port to connect to for NFS service.
Specifies the base process priority of the NFS_CLIENT_ACP process created when the first NFS file system is mounted. The qualifier is ignored on subsequent mounts. The default is 7.
Determines whether a separate ACP process is created for every NFS device. This mechanism allows NFS devices to function in parallel so that one NFS device does not have to wait for an NFS operation on another NFS device to complete. Multiple ACPs allow for multiple outstanding I/O, and operations happen in parallel.
A setting of UNIQUE creates a separate NFS_CLIENT_n process for each mount, where n is the number of the NFS device (such as NFS_CLIENT_2, which corresponds with the device NFS2).
A setting of /PROCESSOR=SAME=nfs_device assigns the mount to the same ACP process as the specified nfs_device. For example, /PROCESSOR=SAME=NFS3 assigns this mount to the NFS_CLIENT_3 ACP process.
Any mounts specified without the /PROCESSOR qualifier use a single, default process.
It is recommended that you use the /PROCESSOR qualifier to group mounts based on the remote server. That way, if the server goes down, it does not cause access to other servers to hang. (You can use the /SOFT qualifier to permit NFS operations to time out instead of hanging indefinitely.)
Specifies the maximum size of the read operations the NFS Client performs. The default, 8192, is correct for most servers.
Instructs the NFS client software to reload its UID translation table from the NFS configuration file.
[ advisory_close, ]
[ case_insensitive_filenames, ]
[ nofdl_files, ]
[ nolinks, ]
[ nostream_conversion, ]
[ nounique_fileno, ]
/SEMANTICS=([ noversions, ]
[ novms_access_checking, ]
[ preserve_dates, ]
[ upper_case_default, ]
[ vms_filenames, ]
[ vms_server, ]
Specifies the capabilities and characteristics of the NFS Server that control the behavior of the MultiNet NFS Client, as described in the following table.
|
Attribute |
Description |
|
ADVISORY_CLOSE |
Sends a VMS server a command to close the file when there are no more references to it on the client. |
|
CASE_INSENSITIVE_FILENAMES |
Specifies that UNIX files accessed by an OpenVMS system not have their file names converted using the conversion characters (see HELP MULTINET File_Name_Character_Map for a list of these characters). Use this option when an NFS server treats all file names as case-insensitive. When this option is set, all file names accessed through NFS are converted to lowercase. When returned to the server, they are handled in lowercase. The NFS server must be able to accept lowercase file names. This option is disabled by default. |
|
NOFDL_FILES |
Disables the use of ".$fdl$" files by the MultiNet NFS Client to store RMS attributes. This option must be used if the NFS server doesn't allow these file names. Its use severely limits the ability of the NFS Client to store record attributes. |
|
NOLINKS |
Disables the automatic creation of hard links to the latest version of a file. The NFS Client normally uses a hard link operation to link the top version of a file name "foo.bar;12" to the unversioned name "foo.bar" for more convenient access from the NFS Server side. This option may be used either to reduce the overhead in creating it or if the NFS Server does not support hard links. |
|
NOSTREAM_CONVERSION |
Disables the automatic conversion of text files to STREAM format. The NFS Client normally converts requests to create Variable Length Record Carriage Return Carriage Control files into requests to create Stream files. This option disables this conversion. |
|
NOUNIQUE_FILENO |
Specifies whether or not the NFS Server is to generate unique file numbers for each file (most NFS servers do). If the client knows that file numbers are unique, it uses a faster algorithm to refresh stale directory entries in the cache. Use of this qualifier disables the faster refresh algorithm, and is equivalent to the /NOUNIQUE_FILENO qualifier. |
|
NOVERSIONS |
Disables support for multiple file versions. The NFS Client normally stores multiple versions of OpenVMS files by using the semicolon character in the file name on the NFS Server side. You must use this option to disable the ability to create multiple versions of files if the NFS Server does not support file names with the semicolon character. |
|
NOVMS_ACCESS_CHECKING |
Specifies that the client does not perform a full OpenVMS access check, including a check for ACLs and security alarms. If this option is not specified, the NFS Client considers ACLs and security alarms when granting or denying access. |
|
PRESERVE_DATES |
Allows you to store VMS-style dates and times for files. |
|
UPPER_CASE_DEFAULT |
Assumes file names are in uppercase on the server until it sees the $ character used to toggle case. |
|
VMS_FILENAMES |
Specifies that the NFS Client should not perform the usual mapping between OpenVMS and UNIX-style file names. This option can be used to permit all OpenVMS file names to be stored using the NFS client; however, its use prevents the NFS Client from being used to access files which do not conform to the OpenVMS file name conventions. |
|
VMS_SERVER |
Specifies that the NFS server is a MultiNet NFS Server of revision V3.0 or later and supports OpenVMS-specific extensions to the NFS protocol to store file attributes. If the NFS Server does not support these extensions, the mount will fail. This option is equivalent to the /VMS_SERVER qualifier and overrides any other semantics specified. |
Specifies that, if the NFS client is unable to reach the NFS server after the time period specified by /TIMEOUT, an error is returned to the user (SS$_UNREACHABLE). If the file system is mounted without the /SOFT qualifier, the NFS client retries the operation forever.
Specifies the total time, in tenths of a second, that it takes for an RPC request to timeout. Retries are attempted via UDP for an interval of one-fifth the value specified for /TIMEOUT. The minimum value allowed for this setting is 30 tenths of a second. /TIMEOUT does not affect TCP timeouts.
/TRANSPORT=( [ tcp, ]
[ udp] )
Specifies the underlying transport used for the NFS requests. (The default is UDP if /TRANSPORT is not specified.) The TCP transport can be used with servers that support it. If you specify both transports, TCP is tried first; if it fails, the mount uses UDP.
/UNIQUE_FILENO (default)
/NOUNIQUE_FILENO
Specifies whether or not the NFS Server is to generate unique file numbers for each file (most NFS servers do). If the NFS Client knows that file numbers are unique, it uses a faster algorithm to refresh stale directory entries in the cache. The /NOUNIQUE_FILENO qualifier is equivalent to /SEMANTICS=NOUNIQUE_FILENO.
Specifies that the NFS server is a MultiNet NFS Server of revision V3.0 or later and supports OpenVMS-specific extensions to the NFS protocol to store file attributes. If the NFS Server does not support these extensions, the mount fails. This qualifier is equivalent to /SEMANTICS=VMS_SERVER and overrides any other semantics specified.
Specifies the display name of the mounted volume (which appears via SHOW DEVICE).
(The default is the remote mount_point name.)
Specifies whether or not the file system is to be mounted for both read and write access. /NOWRITE prevents users from modifying the file system.
Specifies the maximum size of packets written by the NFS client. The default, 8192, is correct for most servers.
Specifies the working set extent for the NFS_CLIENT_ ACP process. This process is created when the first NFS file system is mounted. The qualifier is ignored on subsequent mounts. The default is 20000 pages.
Specifies the working set quota for the NFS_CLIENT_ACP process. This process is created when the first NFS file system is mounted. The qualifier is ignored on subsequent mounts. The default is 2000 pages.
EXAMPLES
This example shows how to mount the remote file system "/usr" on the server named "sunset" on the local mount device NFS3:.
$ MULTINET NFSMOUNT SUNSET::"/usr" disk$sunset
%NFSMOUNT-I-MOUNTED, SUN::/ufs NFS mounted on _NFS3:
$
This example illustrates the use of /PROCESSOR=UNIQUE, creating four ACP processes-one for each device.
$ MULTINET NFSMOUNT/VMS/PROCESSOR=UNIQUE SCOOBY::USERS: SCOOBY1
$ MULTINET NFSMOUNT/VMS/PROCESSOR=UNIQUE SCOOBY::USERS2: SCOOBY2
$ MULTINET NFSMOUNT/VMS/PROCESSOR=UNIQUE SHAGGY::USERS: SHAGGY1
$ MULTINET NFSMOUNT/VMS/PROCESSOR=UNIQUE SHAGGY::USERS2: SHAGGY2
This example illustrates the use of /PROCESSOR=SAME. In this example, all access to the server named SCOOBY goes through one ACP process, and all access to SHAGGY goes through another process.
$ MULTINET NFSMOUNT/VMS SCOOBY::USERS: SCOOBY1
$ MULTINET NFSMOUNT/VMS/PROCESSOR=SAME=SCOOBY1 SCOOBY::USERS2: SCOOBY2
$ MULTINET NFSMOUNT/VMS SHAGGY::USERS: SHAGGY1
$ MULTINET NFSMOUNT/VMS/PROCESSOR=SAME=SHAGGY1 SHAGGY::USERS2: SHAGGY2
Performs test queries on the domain name service (DNS) system. When invoked with no parameters, MULTINET NSLOOKUP allows commands to be run interactively. Table 1-42 lists the commands that can be run in interactive mode
Table 1-42 NSLOOKUP Commands (Continued)
|
Command |
Description |
|
name |
Prints information about name using the default server. |
|
name server |
Prints information about name using server. |
|
exit |
Exits NSLOOKUP. |
|
finger [user] |
Finger the optional user at the current default host. |
|
help or ? |
Prints help information. |
|
set all |
Prints the current status of all options. |
|
set class=class |
Sets the query class to one of these: IN, CHAOS, HESIOD, or ANY. |
|
set [no]debug |
Prints debugging information. |
|
set [no]d2 |
Prints exhaustive debugging information. |
|
set [no]defname |
Appends the domain name to each query. |
|
set [no]recurse |
Asks for a recursive answer to a query. |
|
set [no]vc |
Always uses a virtual circuit. |
|
set domain=name |
Sets the default domain name to name. |
|
set port=port |
Sets the port number on which to send a query. |
|
set root=name |
Sets the root name server to name. |
|
set retry=n |
Sets the number of retries to n. |
|
set srchlist=name1[/name2/.../name6] |
Sets the domain to name1 and the search list to name1 through name6. |
|
set timeout=n |
Sets the timeout interval to n. |
|
Sets the resource record (RR) type to query for. See Table1-36. |
|
|
server name |
Sets the default server to name, using the current default server. |
|
lserver name |
Sets the default server to name, using the original default server. |
|
root |
Sets the current default server to the root. |
|
ls [option] name [>file] |
Lists the domain name, with output optionally going to file.option is one of the following: -a List fully-qualified names and aliases-h List HINFO (CPU type and operating system)-s List well-known services-d List all records-t type List records of the given type (such as A, CNAME, and MX) |
.
FORMAT
MULTINET NSLOOKUP [name] [nameserver]
PARAMETERS
name
Specifies a host or domain name.
nameserver
Specifies the name server to query.
QUALIFIERS
Specifies which CLASS records are asked for. Valid classes are ANY, IN, CHAOS, and HESIOD. (The default is /CLASS=IN, Internet records.)
Causes the resolver to print debugging information, including formatted responses.
Causes the resolver to print formatted queries, and additional, less useful debugging information.
/DEFNAMES (default)
/NODEFNAMES
Specifies that the resolver adds this system's domain name to any name not explicitly terminated with a period. /DEFNAMES is the default.
Specifies that the resolver searches up the domain tree from this system's name for any name not explicitly terminated with a period.
Specifies a default domain other than the domain of this host.
Tells the resolver to ignore truncation in responses.
Specifies a port other than the standard nameserver port of 53.
Requests that the name server use recursion to answer the query.
Specifies the number of retries the resolver makes when querying a name server via UDP (by default, 4).
Specifies a root name server other than A.ROOT-SERVERS.NET.
Specifies a different period to wait for responses. The default is 4 seconds.
Specifies which TYPE resource records are asked for. The default is /TYPE=A (address records).
All standard DNS record types are supported. Table 1-43 gives a partial list of valid values for the
/TYPE qualifier.
Table 1-43 Sample Resource Record Types for NSLOOKUP/TYPE Qualifier (Continued)
Specifies that the resolver uses virtual circuits instead of datagram queries.
Performs dynamic updates to the domain name service (DNS) server. NSUPDATE can read commands from a specified file or from the terminal.
NSUPDATE can be used with the UNIX-style syntax by defining it as a foreign command:
$ NSUPDATE :== $MULTINET:NSUPDATE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
NSUPDATE reads input records, one per line, each line contributing a resource record to an update request. All domain names used in a single update request must belong to the same DNS zone. A blank line causes the accumulated records to be formatted into a single update request and transmitted to the zone's authoritative name servers. Additional records may follow, which are formed into additional, completely independent, update requests. For the last request to be transmitted, a blank line must end the input.
Records take one of two general forms:
• Prerequisite records specify conditions that must be satisfied before the request will be processed.
• Update records specify changes to be made to the DNS database.
An update request consists of zero or more prerequisites and one or more updates. Each update request is processed atomically, that is, all prerequisites must be satisfied before all updates will be performed.
NSUPDATE understands the input record formats listed in Table 1-44
Table 1-44 NSUPDATE Commands (Continued)
|
Command |
Description |
|
prereq nxdomain name |
Requires that no RR of any type exists with name name. |
|
prereq nxrrset name [class] type |
Requires that no RR exists of the specified type and name. |
|
prereq yxdomain name |
Requires that at least one RR named name must exist. |
|
prereq yxrrset name [class] type [data...] |
Requires that a RR exists of the specified type and name. If data is specified, it must match exactly. |
|
update add name ttl [class] type data... |
Adds a new RR with specified ttl, type, and data. |
|
update delete name [class] [type [data...]] |
Deletes RRs named name. If type (and possibly data) is specified, only matching records will be deleted. |
FORMAT
MULTINET NSUPDATE [filename]
PARAMETERS
filename
Specifies a file containing NSUPDATE commands to be executed.
Causes the resolver to print debugging information.
-k keydir+keyname
/KEY=(KEYNAME=key[,KEYDIR=directory])
Specifies a TSIG key for NSUPDATE to use to sign its updates. The default value for KEYDIR is the current default directory.
Note! On Unix, the syntax is keydir:keyname. On OpenVMS, the colon is replaced by a plus sign (+). The keyname must be specified to match the key and private filenames, with periods instead of dollar signs. This may not match the domainname if DNSKEYGEN had to abbreviate it to fit into an OpenVMS file name.
Specifies that the resolver uses virtual circuits (TCP) instead of datagram (UDP) messages.
EXAMPLES
The following example illustrates the interactive use of NSUPDATE to change an IP address by deleting any existing A records for a domain name and then inserting a new one. Since no prerequisites are specified, the new record will be added even if there were no existing records to delete.
Note! The trailing blank line is required to process the request.
$ multinet nsupdate
> update delete test.example.com A
> update add test.example.com 3600 A 10.1.1.1
>
In this example, a CNAME alias is added to the database only if there are no existing A or CNAME records for the domain name.
$ multinet nsupdate
> prereq nxrrset www.example.com A
> prereq nxrrset www.example.com CNAME
> update add www.example.com 3600 CNAME test.example.com
>
Sends ICMP Echo Request packets to the specified host to measure network packet loss and latency. MULTINET PING returns the following status codes:
MULTNET PING6 performs the same function for IPv6 networks, sending ICMP6 packets over IPv6.
FORMAT
MULTINET PING host
PARAMETER
host
Specifies the host to ping.
QUALIFIERS
/ADDRESSES
Sends a node information query packet instead of an ICMP6 Echo Request to request the addresses which the host responds to. Not all systems support node information query packets. This qualifier is only valid for MULTINET PING6.
Specifies the number of bytes of data to attach to ICMP Echo Request packets. If not specified, a reasonable default value is supplied. Increase the DATA LENGTH to check for gateways that do not fragment IP packets correctly.
Enables socket-level debugging in the MultiNet kernel. This qualifier is usually only useful for debugging the MultiNet kernel.
Indicates that MULTINET PING is used to flood the network with ICMP Echo packets. MULTINET PING /FLOOD transmits these packets 100 times per second or whenever a response is received. Requires SYSPRV privilege.
/NUMBER_OF_PACKETS=number_of_packets_to_send
Specifies the number of ICMP Echo Responses received before terminating. If not specified, MULTINET PING runs until you press Ctrl/C.
/PRELOAD=number_of_packets_to_send
Specifies the number of packets sent in rapid succession before entering the normal mode of operation.
Causes MULTINET PING to not display information when packets are received.
Displays a list of IP routers that the ICMP Echo Request packets traverse. This qualifier uses the IP record route option to display a list of IP routers that the ICMP Echo Request packet traverses. Not all implementations of IP handle this option correctly, so the use of /RECORD_ROUTE may result in a garbled response.
Note! The record route IP option is not supported correctly by 4.3 BSD-derived Internet hosts, including MultiNet prior to Version 5.0. Use the MULTINET TRACEROUTE utility to find the path between two hosts.
Disables IP routing of ICMP packets. The default, /ROUTE, allows IP routing to get the packet to destinations separated by gateways.
Displays extra information as ICMP packets are sent or received.
EXAMPLES
This example shows using PING to test the round-trip delay to a distant host.
$ MULTINET PING TRUTH.GREEN.AC.N
PING TRUTH.GREEN.AC.NZ (130.217.64.3) : 56 data bytes
64 bytes from 130.217.64.3: icmp_seq=1 time=670 ms
64 bytes from 130.217.64.3: icmp_seq=2 time=670 ms
64 bytes from 130.217.64.3: icmp_seq=3 time=670 ms
64 bytes from 130.217.64.3: icmp_seq=4 time=650 ms <Ctrl/C>
----TRUTH.GREEN.AC.NZ PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round trip (ms) min/avg/max = 650/663/670
Uses the TCP TIME service to query a remote system for the current time and sets the clock on the local system to that time.
FORMAT
MULTINET RDATE host
PARAMETER
host
Specifies the name or Internet address of the host to query.
QUALIFIERS
Displays the time difference between the local and remote hosts, expressed in standard VMS time format.
Displays a message indicating that the time has been set. The /NOLOG qualifier suppresses this message.
RDATE usually sets the VMS time; /NOSET retrieves, but does not set, the current time.
Provides local access to a remote tape or CD-ROM device on the specified remote host. RMTALLOC does not actually read from or write to the magnetic tape, or read from the CD-ROM; other programs supplied with the VMS Operating System provide this support. Optionally, RMTALLOC can associate a logical name with the device.
FORMAT
MULTINET RMTALLOC host.domain[::][["]device-name["]] [logical-name[:]]
PARAMETERS
host.domain
Specifies the remote host name on which the tape or CD-ROM device is allocated (the domain name-either just the domain name or the fully qualified domain name-of the remote host).
device-name
Specifies an optional device name entered with single or double colons. If the device name contains special characters, such as a UNIX-style device name (/dev/rst8), enclose the name in double quotes ("/dev/rst8").
logical-name
Specifies the name associated with the device. Use a name you created or one designated by your system manager. The string is from 1 to 255 alphanumeric characters. If the string contains spaces, enclose the string in single quotes. (Do not use trailing colons.) The logical name you specify becomes a process name, with the device name as the equivalence name. The logical name remains defined until it is explicitly deleted or until your process terminates.
QUALIFIERS
Specifies that the remote device is a CD-ROM rather than a tape device. When /CD is specified, the local device takes the RCDxxx: name. When /NOCD is specified, the local device takes the RMTxxx: name. The remote system is tested to ensure that the specified device type exists; if not, an error displays and RMTALLOC fails.
Note! /CD cannot be used with either the /SEMANTICS or /WRITE qualifiers.
Displays a message indicating the name of the local device allocated, and the official host name of the remote host and device name.
Specifies the password to use to access the remote host. You may optionally specify the password as the qualifier value (which is not recommended). Specifying /PASSWORD without the value causes the password to be prompted for and read without echoing it (if the current input device supports it). If present, this qualifier causes RMTALLOC to use the REXEC server on the remote host rather than the RSHELL server.
[ blocksize=blocksize ]
[ comment="comment" ]
[ density=density ]
/SEMANTICS=[( [ label="label" ] )]
[ [no]mount ]
[ [no]rewind ]
[ [no]unload ]
Specifies attributes for a magnetic tape device. Do not use with the /CD qualifier. Enter keywords separated by commas and enclosed in parentheses. These values pass information to the system operator at the remote system. For example, the values in LABEL and COMMENT display on the remote system console and request that the tape name indicated by LABEL be mounted.
Note! The remote tape drive must be able to write variable length blocks to permit VMS BACKUP to work correctly. Sun QIC tapes cannot do this and do not work with the VMS BACKUP utility.
The RMTALLLOC /SEMANTICS=NOMOUNT command does not work correctly with multivolume BACKUP save sets.
When using RMTALLOC to allocate a remote VMS TMSCP tape drive, the VMS COPY utility cannot copy files from a tape if the TMSCP tape drive is served from a different node than the one specified in the RMTALLOC command.
/TRUNCATE_USERNAME
/NOTRUNCATE_USERNAME (default)
Truncates VMS user names to eight characters or less. Under the UNIX Operating System, the remote user name has a maximum of eight characters. If a longer user name is supplied to such a system, a "remuser too long" error results and RMTALLOC fails.
Specifies that RMTALLOC provide special handling for systems with problematic tape devices. Accepted values are:
Specifies the remote user name to which you want to log in. If not specified, the default is the user name associated with your process.
/VMS_ATTRIBUTES (default)
/NOVMS_ATTRIBUTES
Verifies whether the remote RMT server is also running MultiNet. If it is, RMT uses an improved RMT protocol to transfer VMS device attributes and I/O completion status values between your system and the remote host. Because this negotiation is compatible with UNIX Operating System implementations of RMT (including BSD and SunOS), it is enabled by default, but may be disabled if compatibility problems arise.
/WRITE (default for mag tapes)
/NOWRITE (default for CD-ROMs)
Specifies that the tape is not write-protected; if /NOWRITE is specified, the tape is write-protected. /WRITE cannot be specified with /CD.
EXAMPLES
This example illustrates the use of the VMS TAR utility. (VMS TAR is a public domain program available from CETS.) First the tape is allocated with RMTALLOC, then the drive is mounted. Next, a file is written to the tape, the tape contents are listed, and the file is extracted back from the tape. Finally, the tape is dismounted and deallocated.
$ RMTALLOC CONE.FLOWERS.COM::MUA0: MYTAPE
%RMT-I-ALLOC, _MYSYS$RMT1: allocated (CONE.FLOWERS.COM::MUA0:)
$ MOUNT /FOREIGN /RECORD_SIZE=512 /BLOCK_SIZE=10240 MYTAPE
%MOUNT-I-MOUNTED, MYTAPE mounted on _MYSYS$RMT1:
$ TAR /ARCHIVE=MYTAPE WRITE AFILE.TXT
%TAR-S-WRITTEN, written USERS:[ME]AFILE.TXT;1 (13495 bytes)
%TAR-S-TOTWRITE, total of 1 file written
$ TAR LIST /ARCHIVE=MYTAPE
Listing of archive _MYSYS$RMT2:
-rw------ 0/ 0 13495 24 Apr 2002 14:31 afile.txt
Total of 1 files listed, 1 files in archive.
$ TAR /ARCHIVE=MYTAPE EXTRACT AFILE.TXT
%TAR-S-TOTCREAT, total of 0 files created, 1 file scanned
$ DISMOUNT _MYSYS$RMT1:
$ DEALLOCATE _MYSYS$RMT1:
This example illustrates how to allocate access to a UNIX tape.
$ RMTALLOC FOO::"/deV/rst42" UNIXTAPE
%RMT-I-ALLOC, _MIURA$RMT7: allocated (FOO.BAR.COM::/dev/rst8)
$
This example allocates remote UNIX operating system tape device /dev/rst42 on host FOO.BAR.COM and associates UNIXTAPE with the _MIURA$RMT7 local pseudo-device.
$ RMTALLOC/CD/NOWRITE CONTROL::DISK$CD: -
_$ DISK$CONTROL_CD/USER=SYSTEM
%RMT-I-ALLOC _GRUB$RCD3: allocated (CONTROL.FLOWERS.COM::DISK$CD:)
$ MOUNT/OVER=ID DISK$CONTROL_CD:
%MOUNT-I-WRITELOCK, volume is write locked
%MOUNT-I-MOUNTED, VMS055LST1 mounted on _GRUB$RCD3:
$ DISMOUNT DISK$CONTROL_CD:
$ DEALLOCATE DISK$CONTROL_CD
$
This example allocates a CD-ROM for access between two VMS systems. The drive is allocated, mounted, dismounted, and deallocated.
The next example allocates a CD-ROM drive on a remote machine running UNIX.
$ RMTALLOC /CD/NOWRITE SYS1:: DISK$SYS1_CD/USER=ROOT
%RMT-I-ALLOC, _GRUB$RCD3: allocated (SYS1.FLOWERS.COM::/dev/rsr0)
$ MOUNT /OVER=ID DISK$MEL_CD:
%MOUNT-I-WRITELOCK, volume is write locked
%MOUNT-I-MOUNTED, VMS055LST2 mounted on _GRUB$RCD3:
$ DISMOUNT DISK$MEL_CD:
$ DEALLOCATE DISK$MEL_CD:
$
This example allocates a UNIX CD drive. The device name defaults to /dev/rsr0. You could specify another device name, using the same example with the SYS1::"/dev/rsr42" value in the RMTALLOC command. After the device is allocated in the previous example, it is mounted, dismounted, and finally deallocated.
The next example allocates a tape and then invokes BACKUP to write to it.
$ REPLY /ENABLE
$ RMTALLOC COMMENT="PLEASE MOUNT TAPE #A1234" -
_$ WHORFIN::MKA500: TAPE
%%%%%%%%%% OPCOM 25-MAR-2004 11:24:35.46 %%%%%%%%%%%
(FROM NODE WHORFIN AT 25-MAR-2004 11:24:35.44)
REQUEST 87, FROM USER HOLMES ON WHORFIN
Please mount device _WHORFIN$mka500:
RMT tape service request from WHORFIN.FLOWERS.COM
Please mount tape #A1234
%%%%%% OPCOM 25-MAR-2004 11:25:29.12 %%%%%%%%%%%
(FROM NODE HOLMES
25-MAR-2004 11:25:29.12)
REQUEST 87 WAS SATISFIED.
%RMT-I-ALLOC, _HOLMES$RMT2: ALLOCATED (WHORFIN.FLOWERS.COM::MKA500:)
$ INIT TAPE: FOO
$ BACKUP/LOG/INGORE=LABEL/VERIFY USERS:[ATMA.TEST]*.EXE;0 -
TAPE:EXES.BCK/SAVE
%MOUNT-I-MOUNTED, FOO MOUNTED ON _HOLMES$RMT2:
. .
$ BACKUP/LOG/IGNORE=LABEL/VERIFY USERS:[ATMA.TEST]*.H;0 -
TAPE:H.BCK/SAVE
. .
$ BACKUP/LOG/INGORE=LABEL/VERIFY USERS:[ATMA.TEST]*.C;0 -
TAPE:C.BCK/SAVE
. .
$ DISMOUNT/NOUNLOAD TAPE:
$ MOUNT/OVER=ID TAPE:
%MOUNT-I-MOUNTED, FOO MOUNTED ON _HOLMES$RMT2:
$ DIR TAPE:
DIRECTORY _HOLMES$RMT2:[]
EXES.BCK;1 H.BCK;1 C.BCK;1
TOTAL OF 3 FILES.
$ DISMOUNT TAPE:
$ DEALL TAPE:
$
This example allocates access to a tape, then writes to it.
When issuing a RMTALLOC to a remote MultiNet system, the remote tape drive must be online with the tape physically loaded. Otherwise, RMTALLOC fails with the error, "%SYSTEM-F-MEDOFL, medium is offline."
You can override this default with the /SEMANTICS=MOUNT qualifier. RMTALLOC does not complete until a tape has physically been loaded and the tape drive is online. Use the /SEMANTICS=COMMENT keyword to specify a mount message to send to the operator via OPCOM.
Uses Remote Procedure Calls (RPCs) to send a network broadcast message to all users on the specified host. If you specify the host as an asterisk (*), the message is broadcast to all hosts on Ethernets to which the local host is attached.
FORMAT
MULTINET RWALL [qualifier1] [qualifier2 . . . ] ["message_text"]
RESTRICTION
RWALL messages are only received on hosts that support RWALL service.
PARAMETER
message_text
Contains the message to broadcast.
QUALIFIERS
/HEADER[="header_text"]
/NOHEADER
Adds header text to the specified message. If you use the /NOHEADER qualifier, RWALL does not preface any header text to the specified message. By default, the header is prefaced with "Broadcast message from username@hostname:", although you may specify any header text as the value of this qualifier.
Specifies the host on which the message is displayed. The default is /HOST=LOCALHOST, which prints the message on the host from which the RWALL command was invoked. If you specify the qualifier as /HOST=*, the network broadcast displays on all directly reachable hosts on all connected networks that support broadcasting. /HOST=* is most appropriate for network-wide system shutdown messages.
EXAMPLE
This example shows how to broadcast a shutdown message to users on the local host.
$ MULTINET RWALL "Node ROMEO is shutting down"
RWALL MESSAGE:
Broadcast message from HOLMES@ROMEO: Node ROMEO is shutting down
Modifies Address Resolution Protocol (ARP) tables. These tables are normally modified dynamically by the ARP protocol. Use with MULTINET SHOW /ARP to view the contents of the ARP table.
QUALIFIERS
/ADD=(PROTOCOL=protocol,HOST_ADDRESS=host_addr,
ETHER_ADDRESS=ether_addr)
Adds a specified host-to-Ethernet address translation to the ARP tables. The PROTOCOL specification identifies which protocol (IP, for example) is being described. The HOST_ADDRESS specification gives the host address in IP form. The ETHER_ADDRESS specification gives the hardware Ethernet address in the form "aa:bb:cc:dd:ee:ff", where "aa" through "ff" are specified in hexadecimal. If not specified, the default is PROTOCOL=IP.
Overrides the default community string (private) for remote SNMP SET requests. The /SNMP_HOST qualifier must be present if the /COMMUNITY_NAME qualifier is specified.
Deletes the specified host-to-Ethernet address translation from the ARP tables.
Flushes the current ARP table. By default only temporary entries are flushed. If the qualifier /PERMANENT is specified, all entries are flushed.
/PERMANENT
/TEMPORARY (default)
Indicates that the translation to be added is kept (or deleted) permanently (used with the /ADD or /FLUSH qualifiers). The default (/TEMPORARY) indicates that this entry is considered for normal ARP table purging of old entries.
Used with the /ADD qualifier, indicates that the translation to the local host's Ethernet address is published on behalf of another host.
Indicates that the translation to be added is published on behalf of another host (that is, this host should answer with the specified translation on behalf of the other host). This qualifier is used with the /ADD qualifier.
Specifies the host affected by the MULTINET SET /ARP command. The SNMP agent on the remote host must support read-write access to elements of the MIB-II variable ipNetToMedia.
EXAMPLES
This example displays the contents of the ARP table. Note: if the host name and IP address are longer than the "Host Network Address" field, they are truncated to fit.
$ MULTINET SHOW /ARP /SYMBOLIC=NAMESERVER
Multinet ARP table:
Host Network Address Ethernet Address Arp Flags
---------------------- ---------------- ---------
FSGATE.CC.FSTONE.COM (IP 128.0.33.123 AA:00:04:00:79:4C Temporary
EXPLORER.ME.FSTONE.COM (IP128.0.41.1 08:00:11:00:90:B0 Temporary
GOOFY.CC.FSTONE.COM (IP 128.0.83.122) 08:00:20:01:27:6D Temporary
BEGWS2.BEG.FSTONE.COM (IP 128.0.30.23 AA:00:04:00:65:4C Temporary
ARPAGATEWAY.FSTONE.COM (IP 128.0.11.2 AA:00:04:00:0F:4C Temporary
PORTAL1.CC.FSTONE.COM (IP 128.0.19.10 08:00:4C:00:23:CE Temporary
WILMA.CC.FSTONE.COM (IP 128.0.7.125) AA:00:04:00:64:4C Temporary
FS4.CC.FSTONE.COM (IP 128.0.19.251) AA:00:04:00:12:4C Temporary
This example is often used to solve a problem that occurs in environments with a mixture of UNIX 4.2 BSD and 4.3 BSD systems. 4.2 BSD systems use zero-filled (nn.mm.0.0) IP broadcast addresses, while 4.3 BSD systems use ones-filled (nn.mm.255.255) broadcast addresses. To prevent 4.2 BSD systems from creating Ethernet "broadcast storms" when they issue ARP requests for the 4.3 BSD broadcast address, the above command publishes an ARP translation for the
ones-filled broadcast address.
$ MULTINET SET /ARP /ADD=(HOST=128.0.255.255,-
PROTOCOL=IP, ETHER=0:0:D:E:A:D) /PUBLISH
$
This example flushes all temporary ARP table entries.
Configures the DECnet TCPAx: devices for running DECnet-over-UDP circuits.
QUALIFIERS
Specifies the number of buffers the driver preallocates for this device (by default, 6).
Shuts down and deletes a socket created with the socket() routine. After issuing a CLOSE command, the socket cannot be used again until the MULTINET SET/DECNET command is reissued.
Issues a connect() call to bind the remote address of the socket to the address specified in /REMOTE_ADDRESS.
Specifies the DECnet device name (by default, TCPA0:).
/FILTER_OUT_OF_ORDER=AUTOMATIC (default)
/FILTER_OUT_OF_ORDER=OFF
/FILTER_OUT_OF_ORDER=ON
Controls the handling of out-of-order DECnet packets arriving via IP. Prior to VMS V4.7, DECnet could not handle packets arriving out-of-order and would drop the line if it received them. If you have any VMS V4.6 or earlier systems in your DECnet network with which you are communicating, you must use the /FILTER_OUT_OF_ORDER=ON qualifier. The default action,
/FILTER_OUT_OF_ORDER=AUTOMATIC, selects the correct filtering based on the VMS version of the current system only.
Specifies that send() and recv() log a sample of the data passed through them to OPCOM. Use this qualifier only for debugging network problems.
Specifies that send() and recv() errors are logged to OPCOM. The default is to log all errors except these.
Specifies the UDP port number to use for communication (by default, 700).
Specifies the peer's IP address.
/TCP=mode
/TCP=CONNECT
/TCP=LISTEN
Specifies that DECnet is encapsulated in TCP instead of UDP. This mode is not supported by the normal configuration utility, but is of use over high-loss lines. LISTEN specifies that this end of the connection listens on the specified port; CONNECT specifies that this end attempts to connect to the listener on the specified port.
Controls the FILTER_SEVER process of the MultiNet Intrusion Detection and Prevention subsystem.
QUALIFIERS
Specifies the level of debug for the filter server. Zero indicates no debug should be written to the log file, while increasing numbers indicate increaing amounts of debug will be written. This parameter should normally never be set above 4 without explicit instrucion by Process Software.
Causes the filter server to re-read and parse the configuration files. Note that this will not wipe out exsiting event and rule information; it will simply update it so no potential filter information will be lost..
Stop and restar the filter server. All existing evetn and rule information will be lost and reloaded from the configuration files.
Start the filter server if it’s not already running.
Stop the filter server. All existing event and rule information will be lost.
Sets parameters for the specified network device. This command is invoked automatically by the network startup command file generated by the NET-CONFIG utility.
FORMAT
MULTINET SET/INTERFACE interface
PARAMETER
interface
Specifies the name of the interface to change; for example, "se0".
QUALIFIERS
Specifies a network address to assign to the network interface. The address format is dependent on the protocol specified with the /PROTOCOL specifier:
IP-address is of the form AA.BB.CC.DD IPX-address is a hexadecimal value
IPv6-address is of the form XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
/NOARP disables the Address Resolution Protocol on the specified interface (supported only on Ethernet interfaces).
The /COMMON_LINK qualifier works for systems that have multiple interfaces on a common Ethernet, FDDI, or Token Ring cable. The system manager configures this support using the following qualifier:
$ MULTINET SET /INTERFACE xxx/COMMON_LINK=(yyy[,zzz...])
xxx is the hardware device that the pseudo device that has the actual IP address of the machine is tied to (see the MultiNet for OpenVMS Installation and Administrator’s Guide for an example on how to set up a pseudo device). yyy and zzz are device names like se0, se1, and se2. With this qualifier, MultiNet links the interfaces together. A performance benefit of this linking occurs if data is to be transmitted on an interface that happens to be busy, MultiNet assigns the data to the least busy linked interface for transmission.
This linking also provides a level of redundancy. If a linked interface is shut down using MULTINET SET/INTERFACE/DOWN or if a fatal error is detected with the interface and an automatic restart can not be attempted, then any routing table entries or pseudo devices associated with the shut down interface will be failed over to one of the common link interfaces.
• The joined interfaces must be connected to the same cable.
• The joined interfaces must have the same MTU.
The actual IP address for SYSA.EXAMPLE.COM is 192.168.0.1; this address is used for a pseudo device (pd0), which uses se0.
$ multinet configure/network
MultiNet Network Configuration Utility V5.3(104)
[Reading in MAXIMUM configuration from MULTINET:MULTINET.EXE]
[Reading in configuration from MULTINET:NETWORK_DEVICES.CONFIGURATION]
NET-CONFIG>show
Interface Adapter CSR Address Flags/Vector
--------- ------- ----------- ------------
se0 (Shared VMS Ethernet/FDDI) -NONE- -NONE- -NONE-
[TCP/IP: 192.168.1.1, IP-SubNet: 255.255.255.0]
[VMS Device: EWA0, Link Level: Ethernet]
se1 (Shared VMS Ethernet/FDDI) -NONE- -NONE- -NONE-
[TCP/IP: 192.168.1.2, IP-SubNet: 255.255.255.0]
[VMS Device: EWB0, Link Level: Ethernet]
pd0 (Secondary Ethernet Address) -NONE- -NONE- -NONE-
[TCP/IP: 198.168.0.1, IP-SubNet: 255.255.255.0]
[Hardware-Device: se0]
Official Host Name: sysa.example.com
Domain Nameserver: 127.0.0.1
Timezone: EST
Timezone Rules: US/EASTERN
Load UCX $QIO driver: TRUE
Load PWIP (Pathworks) driver: TRUE
SNMP Agent X subagents are enabled
NET-CONFIG>
If DECnet is being used, then MULTINET:SE1_CONFIGURE.COM will need to be created (see MULTINET_ROOT:[MULTINET.EXAMPLES]SE0_CONFIGURE.COM) to configure SE1 without the DECnet Ethernet address.
The command
$ MULTINET SET /INTERFACE SE0/COMMON_LINK=(SE1)
can be added to the SE1_CONFIGURE.COM, or put in MULTINET:LOCAL_ROUTES.COM so that it will be executed each time that MULTINET is started.
Overrides the default community string (private) for remote SNMP SET requests. The /SNMP_HOST qualifier must be present if the /COMMUNITY_NAME qualifier is specified.
/CREATE
Requests that a dynamic interface (e.g. gif1) be created
/DELETE
Requests that a dynamic interface (e.g. gif) be deleted.
Enables or disables the device-dependent IFF_D1 flag.
Enables or disables the device-dependent IFF_D2 flag.
Enables or disables the device-dependent IFF_D3 flag.
Enables interface-specific debugging. Some interfaces have debugging code and send debugging information to the users with OPCOM OPERATOR messages enabled.
/DECNET_ETHERNET_ADDRESS (default)
/NODECNET_ETHERNET_ADDRESS
Initializes a DECnet shared Ethernet interface to determine what Ethernet address to use. If other protocols are currently using the device, the Ethernet address cannot be changed and this qualifier is ignored.
The default behavior, /DECNET_ETHERNET_ADDRESS, is used by MULTINET SET /INTERFACE to look at the SCSSYSTEMID SYSGEN parameter and set the Ethernet address to match. If SCSSYSTEMID is not set, the address on the Ethernet card's PROM is used.
If /NODECNET_ETHERNET_ADDRESS is specified, MultiNet uses the PROM address.
Marks the network interface as not UP and packets are no longer accepted or transmitted. See /UP for more information.
Reverts the terminal line to a normal VMS terminal line if a modem hangup occurs. Use /DYNAMIC to create dynamic-dialup SLIP links with the /LINK_LEVEL=SLIP qualifier. When creating a dynamic SLIP link, CMKRNL, LOG_IO, and SYSPRV privileges are required.
Reads all non-expired filters from the specified interface and writes them to the specified filename in the same text format that would be used as input to the MU SET/INTERFACE/FILTER command.
/FFI_BUFFERS=number_of_buffers
Initializes a shared VMS Ethernet or FDDI interface, and specifies the number of packet buffers to allocate to each protocol port of the VMS device driver (by default, 4).
/FILTER=filter_file
/NOFILTER (default)
Associates a file containing a packet filter list with a particular network interface. The contents of this file are parsed and the individual filters are loaded for the interface. If the file MULTINET:FILTER-<interface>.DAT exists when MultiNet is started, the MultiNet startup procedure will automatically load these filters for the specific interface.
Log events in the specified format. If NORMAL, then the formatting used by
MULTINET SHOW/INTERFACE/FILTER is used. If COMMA, then a comma-delimited line is output to the file. This can then be loaded into, for example, a spreadsheet for analysis. If the log destination is OPCOM, use of the /FORMAT qualifier is illegal.
/HARDWARE_DEVICE=primary_interface
Specifies the name of the real interface for a secondary IP address device, and connects the interface to the specified primary interface.
/INTERVAL=seconds
Reporting interval in seconds. The minimum reporting interval is seconds, so that a flood of filter events doesn't adversely impact the system. The minimum interval that can be specified is 5 seconds. If no interval has been specified when logging is enabled (see the /LOG qualifier in this section), an interval of 5 seconds will be used.
Specifies a non-standard IP broadcast address. The default IP broadcast address has all bits in the host part of an IP address set to 1 (the standard format under 4.3 BSD). Some sites may still use the 4.2 BSD standard of IP broadcasts with the host part of an IP address set to 0.
Specifies the network portion of the interface IP address. ip_address is an IP address in which each bit corresponding to a bit in the network portion is set to 1. All interfaces on the same subnet must have the same subnet mask.
By default, MultiNet uses the subnet mask implied by the interface's IP address. Do not use the default subnet mask if your site has subnets. For example, the default subnet mask of an interface with the address 161.44.128.15 is 255.255.0.0. (255.255.255.0 would be a suitable subnet mask if that interface is on a subnet, and there are fewer than 256 subnets, and the total number of hosts is less than 256.)
/IP6_SUBNET_MASK=length
Specifies the length of the IPv6 subnet mask. The range of this is from 1 to 128 bits. The default length is 128.
[ 802 ]
[ ethernet ]
[ extended_8022 ]
[ ppp ]
/LINK_LEVEL=([ proteon ])
[ slip ]
[ standard_8022 ]
[ raw_8023 ]
Specifies the type of device being initialized. Use /LINK_LEVEL with the /VMS_DEVICE qualifier. This qualifier supersedes the former /SLIP_DEVICE and /PROTEON_DEVICE qualifiers.
• Specify 802 or STANDARD_8022 for IEEE 802.2 encapsulation.
• Specify EXTENDED_8022 for IEEE 802.2 with SNAP (System Network Access Protocol) extensions.
• Specify PPP for Point-to-Point Protocol devices.
• Specify SLIP for Serial Line Internet Protocol (SLIP) devices.
• Specify RAW_8023 for 802.3 encapsulation.
• Specify ETHERNET for ETHERNET_II encapsulation.
Specifies the name of the local node on this side of an IP interface; may be used with DECnet and PSI links.
/LOG=[filename | OPCOM]
Used to turn logging on or off for those filters that contain the LOG qualifier in their definition. The logging may be to OPCOM or the specified file. Turn logging off using /NOLOG.
Specifies the Maximum Transmission Units-the size of IP packets over a given interface. Not all devices support the use of /MTU, and there may be additional, device-dependent restrictions dictating when it can be used.
Enables reception of all multicast packets. Use this qualifier only for OpenVMS VAX V5.5-2 and later. Reception is enabled automatically in OpenVMS VAX V6.1 and OpenVMS AXP versions.
Specifies the name of the node on the other side of an IP interface; used with DECnet and PSI links.
/POINT_TO_POINT_DESTINATION=ip_address
Specifies the IP address of the node on the other side of a point-to-point interface.
Prevents ICMP packets from being passed to IP via the PPP interface.
Specifies values for the PPP options included in a comma-separated option_list. The following options may be enabled:
|
ACCM=mark |
MRU=size |
|
AUTHENTICATION=method |
NOICMP |
|
COMPRESS_PROTOCOL |
TCP_COMPRESSION |
|
COMPRESS_ADDRESS_AND_CONTROL |
TERMINATION_RETRIES=count |
|
CONFIGURATION_RETRIES=count |
TIMEOUT=seconds |
|
IDLE=seconds |
Specifies the protocol to which the /ADDRESS qualifier refers (by default, IP). For IPv6 use I6.
/PREFIX=ipv6_prefix
Specifes the IPv6 prefix for an interface to use to generate a global IPv6 address. The default prefix length is 64, or a different value can be specified with the IP6_SUBNET_MASK qualifer.
Initializes the VMS Ethernet device to receive RARP packets. The /RARP qualifier is used with the /VMS_DEVICE qualifier. The RARP packet type is disabled by default and must be enabled to use the RARP service on VMS Ethernet devices.
/SEND_QUEUE_LENGTH=number
Specifies the maximum queue length for packets waiting to be sent from the interface. The minimum value is 10, default values are interface specific. If an interface has a heavy transmit load and is showing dropped packets, then specifying a larger number here may help.
Specifies the host affected by the MULTINET SET /INTERFACE command. The SNMP agent on the remote host must support read-write access to the MIB-II variable ifAdminStatus.
/SNMP_HOST can only be used with the /UP or /DOWN qualifiers.
The device specified with the /SNMP_HOST qualifier may be either the full text string of the remote interface name or the numeric index of the interface to be set. You can display a list of remote interface names with the MULTINET SHOW/INTERFACE/SNMP_HOST command.
/TRAILERS
/NOTRAILERS (default)
Enables IP trailer encapsulation for the specified interface (only supported on Ethernet and FDDI interfaces). If trailers are enabled, the use of IP trailer encapsulation is negotiated between hosts as a byproduct of IP-to-Ethernet address resolution using Address Resolution Protocol (ARP). On an HP Ethernet controller, /TRAILERS must be used with /VMS to initialize the trailer protocol ports.
/TUNNEL=(DESTINATION_ADDRESS=ip_address, GATEWAY_ADDRESS=ip_address)
Set up a tunnel with a gif interface. Specifies the local (gateway) and remote (destination) public addresses when setting tunnel addresses. Tunnels also need a local address set with /ADDRESS and a remote address set with /POINT_TO_POINT_DESTINATION. For more detail see chapter 11 in the Administrator’s Guide.
/UP marks the network interface as "up" and ready to accept or transmit packets. /DOWN marks the network interface "down" and packets are no longer accepted or transmitted.
Initializes an interface that has an associated VMS device, telling the MultiNet kernel which VMS device to associate with the IP device. If /VMS_DEVICE is used with /DOWN, the specified VMS device is disconnected from the IP device and made available to other VMS applications.
EXAMPLES
This example disables the se0 interface.
$ MULTINET SET/INTERFACE se0 /DOWN
This example enables the se0 interface with the address 192.0.0.1.
$ MULTINET SET/INTERFACE se0 /UP/ADDRESS=192.0.0.1
This example enables a dynamic SLIP line.
$ MULTINET SET/INTERFACE SL1 /DYNAMIC/LINK_LEVEL=SLIP/VMS_DEVICE
Enter the following command at MultiNet startup:
$ MULTINET SET/INTERFACE PD0/COMMON_LINK=(SE0,SE1)
The PD0 has the real IP address, the SEn devices have something else (like 10.n.n.n).
$ MULTINET SET /INTERFACE SE0 /LOG=OPCOM/INTERVAL=10
enables logging to OPCOM, with a reporting interval of 10 seconds.
$ MULTINET SET /INTERFACE SE0 /LOG=FOO.DAT/FORMAT=COMMA
enables logging to the file FOO.DAT in comma-delimited format, and a reporting interval of 5 seconds (the default).
$ MULTINET SET /INTERFACE SE0 /NOLOG
This disables all logging for the interface, closing all open log files.
Specifies static IP routing, including the default route. This command is invoked automatically by the network startup command file generated by the Network Configuration Utility (NET-CONFIG). Before making changes with SET /ROUTE, use MULTINET SHOW /ROUTE to view the routing information.
QUALIFIERS
/ADD=(DESTINATION=ip-address,GATEWAY=ip-address [,NETMASK=network-mask]
[,INTERFACE][,MASK_LENGTH=integer])
Adds a static IP route to the MultiNet kernel routing tables.
• The DESTINATION specification gives the NETWORK or HOST for which the routing information is valid.
• The GATEWAY specification gives the next hop for the packet to take on its way to the DESTINATION.
• The optional INTERFACE keyword forces the routing to be for a locally connected interface, and is normally not used.
• The optional NETMASK specification dictates which bits of the DESTINATION ip-address comprise the network portion of an ip-address. If not specified, the DESTINATION address is given a class-based network mask.
• The optional MASK_LENGTH specifies the length in bits of the mask to apply to the DESTINATION address. Either NETMASK or MASK_LENGTH can be specified, not both.
Overrides the default community string (private) for remote SNMP SET requests. The
/SNMP_HOST qualifier must be present if the /COMMUNITY_NAME qualifier is specified.
/DELETE=(DESTINATION=ip-address, GATEWAY=ip-address [,NETMASK=network-mask]
[,INTERFACE])
Deletes an IP route from the MultiNet kernel routing tables.
• The DESTINATION specification gives the NETWORK or HOST for which the routing information is valid.
• The GATEWAY specification gives the next hop for the packet to take on its way to the DESTINATION.
• The optional INTERFACE keyword forces the routing to be for a locally connected interface, and is normally not used.
• The optional NETMASK specification dictates which bits of the DESTINATION ip-address comprise the network portion of an ip-address. If not specified, the DESTINATION address is given a class-based network mask.
Deletes all IP routes in the MultiNet kernel.
Interprets the DESTINATION as a HOST address when used with the /ADD or the /DELETE qualifiers.
Interprets the DESTINATION as a NETWORK address when used with the /ADD or the
/DELETE qualifiers.
Specifies the network image associated with the running MultiNet kernel. This is used to read IP routing information in the MultiNet kernel. If not specified, the image currently loaded is used.
/PROTOCOL=protocol_name
Specifies the protocol that the route applies to. The default is IP, use I6 for IPv6.
Specifies an IP host. The SNMP agent on the remote host must support read-write access to elements of the MIB-II variable ipRouteTable.
EXAMPLES
This example displays the current state of the MultiNet routing tables. /NOSYMBOLIC forces MULTINET SHOW/ROUTE to display the information numerically.
$ MULTINET SHOW /ROUTE /NOSYMBOLIC
MultiNet IP Routing tables:
Destination Gateway Flags Refcnt Use Interface
------------ ------- ------ ------ --- ---------
127.0.0.1 127.0.0.1 Up,Host 2 2529 lo0
192.0.0.1 192.0.0.2 Up,Host 3 10521 sl0
0.0.0 192.0.0.1 Up,Gateway 3 6105 sl0
192.0.0.64 192.0.0.65 Up 2 2372 se0
This example deletes the default route to FLOWERS.COM.
$ MULTINET SET/ROUTE/DELETE=(DEST=DEFAULT,GATE=192.0.0.1)
Delete Route DEFAULT, Gateway FLOWERS.COM
$
Specifies the local timezone name that was either previously compiled into MultiNet or is a name from a selected timezone in the timezone database files.
FORMAT
MULTINET SET /TIMEZONE localzone
PARAMETER
localzone
The name of the local timezone; for example, "PST."
QUALIFIERS
Displays a list of the timezones that are loaded, and a list of the compiled-in zones that were selected but not loaded because they were compiled in.
/SELECT=(rule1 [,rule2 [...]])
Specifies a list of countries or timezones to load. Specifying a country loads all timezones in that country.
Specifies a list of files from which to load the timezone data. The default is MULTINET:TIMEZONES.DAT. Locally-written rules are normally added to MULTINET:TIMEZONES.LOCAL.
EXAMPLES
This example sets the local timezone to PST.
$ MULTINET SET /TIMEZONE PST
This example sets the local timezone to MST and loads Arizona timezone rules.
$ MULTINET SET /TIMEZONE MST/SELECT="US/ARIZONA"
Manually manipulates the IPsec SA/SP database. In order to use SETKEY, a foreign command needs to be defined.
$ SETKEY :== $MULTINET:SETKEY.EXE
Note that only UNIX-style options can be used. For more details, please refer to Chapter 31 in the MultiNet 5.3 Installation and Administrator’s Guide.
SYNOPSIS
setkey [-v] -c
setkey [-v] -f filename
setkey [-aPv] -D
setkey [-Pv] -F
setkey [-h] -x
DESCRIPTION
SETKEY adds, updates, dumps, or flushes Security Association Database (SAD) entries,
as well as Security Policy Database (SPD) entries in the kernel.
SETKEY takes a series of operations from the file named multinet: ipsec.conf (when invoked
with -f filename).
ARGUMENTS
Note! Since SETKEY supports both uppercase and lowercase command options, these have to be enclosed within quotation marks (e.g, setkey "-F").
-a Also displays the SAD (Security Association Database) entries. A SAD entry is when it
has expired, but it may still be referenced by SPD (Security Policy Database) entries.
-D Dumps the SAD entries. If used with -P, the SPD entries are dumped.
-F Flushes the SAD entries. If used with -P, the SPD entries are flushed.
-xx Makes each timestamp unformatted.
-h Adds hexadecimal dump on -x mode.
-l Loops forever with short output on -D.
-P Dumps (when specified with -D) or flush (with -F) the SPD entries.
-v Verbose. The program will dump messages exchanged on PF_KEY socket,
including messages sent from other processes to the kernel.
-x Loops forever and dumps all the messages transmitted to the PF_KEY socket.
-f filename File that contains the operations to be performed. For more information about the
operations, see the "Header Operations" section below.
HEADER OPERATIONS
Header Operations have the following grammar. Note that lines starting with hashmarks ('#') are treated as comment lines.
add src dst protocol spi [extensions] algorithm... ;
Adds a SAD entry.
get src dst protocol spi ;
Shows a SAD entry.
delete src dst protocol spi ;
Removes a SAD entry.
delete all src dst protocol ;
Removes all SAD entries that match the specification.
flush [protocol] ;
Clears all SAD entries matched by the protocol.
dump [protocol] ;
Dumps all SAD entries matched by the protocol.
spdadd src_range dst_range upperspec policy ;
Adds an SPD entry.
spddelete src_range dst_range upperspec -P direction ;
Deletes an SPD entry.
spdflush ;
Clears all SPD entries.
spddump ;
Dumps all SPD entries.
META-ARGUMENTS
Meta-arguments used in the header operations are as follows:
src
dst
Source/destination of the secure communication is specified as an IPv4 address. setkey does not consult hostname-to-address for arguments src and dst. They must be in numeric form.
protocol
protocol is one of following:
esp ESP based on rfc2405
ah AH based on rfc2402
spi
Security Parameter Index (SPI) for the SAD and the SPD.
It must be decimal number or hexadecimal number You cannot
use the set of SPI values in the range 0 through 255.
(with 0x attached).
extensions -- Take some of the following:
-m mode -- Specifies a security protocol mode for use. mode is one of following: transport, tunnel or any. The default value is any.
-E ealgo key -- Specifies an encryption algorithm.
-A aalgo key -- Specifies an authentication algorithm. If -A is used with protocol esp, it will be treated as ESP payload authentication algorithm.
protocol esp accepts -E and -A. protocol accepts -E only. protocol ah accepts -A only.
key must be double-quoted character string or series of hexadecimal digits. Possible values for ealgo, aalgo and calgo are specified in separate section.
src_range
dst_range
These are selections of the secure communication
specified as IPv4/v6 address or IPv4/v6 address range, and it may accompany TCP/UDP port specification. This takes the following form:
address
address/prefixlen
address[port]
address/prefixlen[port]
prefixlen and port must be decimal number. The square bracket around port is really necessary. They are not manpage metacharacters.
setkey does not consult hostname-to-address for arguments src and dst. They must be in numeric form.
upperspec
Upper-layer protocol to be used. "icmp" and "any" can be specified. "any "stands for ``any protocol''. You can also use the protocol number.
Note! upperspec does not work against forwarding case at this moment, as it requires extra reassembly at forwarding node (not implemented at this moment). There are many protocols in /etc/protocols, but protocols other than TCP, UDP, and ICMP may not be suitable to use with IPSec.
policy
policy is the one of following:
-P
direction discard
-P
direction none
-P
direction ipsec protocol/mode/src-dst/level
You must specify the policy’s direction as direction by using either "out" or "in".
discard means the packet matching indexes will be discarded. none means that IPsec operations will not take place onto the packet. ipsec means that IPSEC operation will take place onto the packet. "ah," "esp" or "ipcomp" must be set as protocol. mode is either transport or tunnel. If mode is tunnel, you must specify the end-point addresses of the SA as src and dst with `-' between these addresses, which is used to specify the SA. If mode is transport, both src and dst can be omitted. level is to be one of the following: "default", "use", "require" or "unique". If the SA is not available in every level, the kernel will request getting the SA to the key exchange daemon. "default" means the kernel consults to the system wide default against protocol you specified, e.g. esp_trans_deflev sysctl variable, when the kernel processes the packet. "use" means that the kernel uses an SA if it's available, otherwise the kernel keeps normal operation. "require" means an SA is required whenever the kernel sends a packet matched with the policy. "unique" is the same as "require", except that "unique"allows the policy to bind with the unique outbound SA. If you use the SA by manual keying, you can put the decimal number as the policy identifier after "unique", provided it is separated by a colon `' similar to this example: unique:number. number must be between 1 and 32767. It corresponds to extensions -u.
ALGORITHMS
The following list shows the supported algorithms. Following is a list of authentication algorithms that can be used as aalgo in -A of the protocol parameter:
algorithm keylen (bits) comment
hmac-md5 128 ah: rfc2403
128 ah-old: rfc2085
hmac-sha1 160 ah: rfc2404
160 ah-old: 128bit ICV (no document)
keyed-md5 128 ah: 96bit ICV (no document)
128 ah-old: rfc1828
keyed-sha1 160 ah: 96bit ICV (no document)
160 ah-old: 128bit ICV (no document)
null 0 to 2048 for debugging
hmac-sha2-256 256 ah: 96bit ICV (no document)
256 ah-old: 128bit ICV (no document)
hmac-sha2-384 384 ah: 96bit ICV (no document)
384 ah-old: 128bit ICV (no document)
hmac-sha2-512 512 ah: 96bit ICV (no document)
512 ah-old: 128bit ICV (no document)
Following is a list of encryption algorithms that can be used as ealgo in -E ealgo of protocol parameter:
algorithm keylen (bits) comment
des-cbc 64 esp-old: rfc1829, esp: rfc2405
3des-cbc 192 rfc2451
blowfish-cbc 40 to 448 rfc2451
cast128-cbc 40 to 128 rfc2451
SETKEY File EXAMPLE
add 10.0.11.41 10.0.11.33 esp 0x110010
-E des-cbc "ESP with"
-A hmac-md5 "authentication!!" ;
flush ;
dump esp ;
spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
-P out ipsec esp/transport/192.168.0.1-192.168.1.2/require ;
Displays MultiNet network information.
FORMAT
MULTINET SHOW
QUALIFIERS
Displays information provided by all other MULTINET SHOW qualifiers.
Displays the Address Resolution Protocol (ARP) tables.
Displays MultiNet kernel memory usage statistics.
Overrides the default community string (public) for remote SNMP requests. The /SNMP_HOST qualifier must be present if the /COMMUNITY_NAME qualifier is specified. A value must be passed to this qualifier.
Displays network interface configuration information.
[ all, ]
[ pid, ]
/CONNECTIONS[=( [ process_names ] )]
[ nokernel ]
Displays network connections.
• If you specify MULTINET SHOW with no qualifiers, /CONNECTIONS is the default.
• If you specify the ALL keyword, sockets associated with active listeners also display.
• If you specify the PID keyword, the process ID (PID) displays.
• If you specify the PROCESS_NAMES keyword, the name of the process that owns each socket displays. Sockets not associated with a process (for example, an inbound TELNET session) display with a process name of kernel.
• If you specify PID or PROCESS_NAMES and the NOKERNEL keyword, connections not associated with processes do not display.
Warning! Line information is truncated if the display width is too small. As a consequence, IP addresses may appear incomplete. To display more complete information, increase the display width with the SET TERM /WIDTH=[value] or MULTINET SHOW /CONNECTIONS/WIDTH=[value] at the command prompt.
Updates the display continuously with information about the network by using the VMS Screen Management Graphics (SMG) library routines. If used with more than one other qualifier, MULTINET SHOW cycles between the different displays.
When used with the /CONFIG=filename qualifier, writes the current stats of the filter server to the specified filename.
Displays more information about a queue. Use /FULL only with /QUEUE. (See /QUEUE for more information.)
Displays addresses and names for the host name specified.
Displays information about a specific interface. Use the MULTINET SHOW /STATISTICS command to display the available interfaces, then use SHOW /INTERFACE to display additional information on each interface.
Shows network connections. (/IP is the same as /CONNECTION.)
Displays the value of SNMP MIB variables; used with the /SNMP_HOST qualifier. This value can be any MIB II variable described in RFC-1213.
[ all, ]
[ multinet, ]
/LICENSE[=( [nfs_server, ] ])
[nfs_client ]
Displays the status of MultiNet software product licenses. Without a keyword, this qualifier displays license information including the authorization for MultiNet products. The ALL keyword is the default. All other values display license status for the specified product.
[ all, ]
/NFSMOUNT[=( [ directory, ] )]
[ exports ]
Indicates which hosts are mounted on your system, and what mount points are exported by the server.
• ALL displays all remote mounts.
• DIRECTORY displays directories that have been remotely mounted by clients.
• EXPORTS displays a list of exported file systems.
Use /NFSMOUNT with /REMOTE to display information about a remote host.
Specifies a filename to which the command output is written. The default is SYS$OUTPUT.
[ all, ]
[ internet, ]
[ ip, ]
[ ipx, ]
/PROTOCOLS= [ ns, ]
[ spx, ]
[ tcp ]
Specifies the protocols about which information is displayed. The default, /PROTOCOLS=ALL, displays information about all active protocols. Use /PROTOCOLS with other qualifiers. The quantity of information displayed varies by queue hardware; for example, the UNIX operating system shows more than just queues handled by other independent vendor's queue controllers.
[ /full ]
/QUEUE=queue_name [ /nofull (default) ]
Displays the contents of the specified local VMS and corresponding remote LPD protocol queues. Use the TCP LPD service to access the contents of the remote queue for display. If /FULL is specified, the queue is displayed in long form. If the remote system is also running MultiNet, the long form is identical to the short form. MultiNet queues configured with the STREAM protocol cannot be displayed with this command.
Displays network status and configuration information about a remote host by using the NETSTAT service. The host specification can be either a host name or address. The remote host must support the NETSTAT service for this command to work.
If the remote host is also a MultiNet system, this command is the same as ty
MULTINET SHOW /ALL on the remote host.
[ /destinations=(dest1[,dest2, . . . ]) ]
/ROUTE [ /gateways=(gateway1[,gateway2, . . . ]) ]
[ /interfaces=(interface1[,interface2, . . . ])]
Displays routing information for the IP, IPX, NS, and SPX protocols.
• /DESTINATIONS displays only routes to these destination addresses; this qualifier is only valid for IP routes.
• /GATEWAYS displays only routes through these gateways; this qualifier is only valid for IP routes.
• /INTERFACES displays only routes through these interfaces.
You can use all other MULTINET SHOW qualifiers with MULTINET SHOW /ROUTE.
Note! The /ROUTE qualifier must precede all other qualifiers.
Displays the currently registered RPC protocols by contacting the RPC portmapper.
[ interface ]
/STATISTICS[= [ protocol] ]
[ all]
Displays network interface statistics, protocol statistics, or both. If /STATISTICS is specified with no value, interface statistics are displayed.
Used with the following MULTINET SHOW qualifiers to obtain information from a remote SNMP agent. You can override the default community name (public) using the /COMMUNITY_NAME qualifier.
/COMMUNITY_NAME
/CONNECTIONS[=(all)]
/ARP
/MIB_VAR
/ROUTE (note: /ROUTE must precede /SNMP_HOST on the command line)
/STATISTICS
[ host_table (default) ]
/SYMBOLIC_ADDRESSES [= [ nameserver ] ]
/NOSYMBOLIC_ADDRESSES [ nameserver_first ]
Determines how certain fields in the output are formatted before being displayed to the user. These qualifiers are used with the other MULTINET SHOW qualifiers.
• /SYMBOLIC_ADDRESSES=HOST_TABLE specifies that the static host tables are used to translate IP addresses to host names, network numbers to network names, and port numbers to service names.
• /SYMBOLIC_ADDRESSES=NAMESERVER specifies that the Domain Name System (DNS) is queried to translate IP addresses into host names if the normal host table lookup fails. This operation can generate many queries to DNS domain servers (and can, therefore, be quite slow).
• /SYMBOLIC_ADDRESSES=NAMESERVER_FIRST specifies that the DNS is queried first to translate IP addresses into host names, falling back to the host tables if the query should fail.
• /NOSYMBOLIC_ADDRESSES specifies that "raw" protocol addresses and port number are displayed in the output, rather than determining the host, network, and service names that correspond to the addresses and numbers.
Shows network connections. (/TCP is the same as /CONNECTION.)
Displays the MultiNet version and the version of the VMS Operating System.
Specifies the width of displayed output when used with the /ARP, /CONNECTIONS, /ROUTE, and /STATISTICS qualifiers. The width must be greater than 80.
EXAMPLES
This example shows how to use the /OUTPUT qualifier to direct the output of a MULTINET SHOW command to the file MULTINET.ALL.
$ MULTINET SHOW /ALL /OUTPUT=MULTINET.ALL
$
$ MULTINET SHOW
MultiNet Active Connections:
Proto Rcv-Q Snd-Q Local Address (Port) Foreign Address State
----- ----- ----- -------------------- --------------- -----
TCP 0 0 LOCALHOST(790) LOCALHOST(RPC) TIME_WAIT
TCP 0 0 LOCALHOST(1033) LOCALHOST(SMTP) TIME_WAIT
TCP 0 0 FLOWERS(NETSTAT) WARBUCKS(3335) FIN_WAIT_2
TCP 0 0 FLOWERS(FTP) WARBUCKS(3334) ESTABLISHED
TCP 0 0 FLOWERS(1031) WARBUCKS(TELNET) ESTABLISHED
UDP 0 0 FLOWERS(NAMESERV) *(*)
UDP 0 0 LOCALHOST(NAMESERV) *(*)
UDP 0 0 FLOWERS(DECNET) IU(DECNET)
$ MULTINET SHOW /CONFIGURATION
** Configuration for file "MULTINET:NETWORK_DEVICES.CONFIGURATION" **
Device Adapter CSR Address Flags/Vector
------ ------- ----------- ------------
se0 (Shared VAX/VMS Ethernet) -NONE- -NONE- -NONE-
s10 (Serial Line IP) -NONE- -NONE- -NONE-
dn0 (IP over DECNet link) -NONE- -NONE- -NONE-
$ MULTINET SHOW /STATISTICS=INTERFACE
MultiNet Network Interface statistics:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Collis
---- --- ------- ------- ----- ----- ----- ----- ------
se0 1500 FLOWERS-NET FLOWERS.COM 150 0 116 0 0
s10 1006 FLOWERS-NET FLOWERS.COM 597 0 697 0 0
pd0 1500 FLOWERS-NET 192.0.0.1 0 0 0 0 0
dno* 1500 FLOWERS-NET FLOWERS.COM 0 0 0 0 0
lo0 1536 LOOPBACK-NET LOCALHOST 53 0 53 0 0
$
This example displays the status of MultiNet licenses.
$ MULTINET SHOW /LICENSE
MultiNet V5.3
Product License Authorization
--------- ------- -------------
MULTINET Yes A-2336-15873
NFS-SERVER Yes A-2336-15879
NFS-CLIENT Yes A-2336-15882
$
In this example, user ROSE on host FLOWERS.COM has issued a print request to print the file PROGRAMMERS.PS on the REMOTE_PS local queue. The REMOTE_PS queue, however, is a MultiNet VMS remote print queue that uses the LPD protocol to send the print request to the print queue SYS$PS on host 192.0.0.89.
The MULTINET SHOW /QUEUE command is then used to display the contents of both queues; the remote queue first (SYS$PS on FLOWERS) then the local queue (REMOTE_PS).
$ PRINT /QUEUE=RE6OTE_PS PROGRAMMERS.PS
Job PROGRAMMERS (queue REMOTE_PS, entry 972) started on REMOTE_PS
$ MULTINET SHOW /QUEUE=REMOTE_PS
Jobname Username Entry Blocks Status
------- -------- ----- ------ ------
MANAGE DAISY 111 988 Printing
INSTALL DAISY 115 238 Pending
Printer queue REMOTE_PS, on FLOWERS::NLP0:"192.0.0.89/SYS$PS"
Jobname Username Entry Blocks Status
------- -------- ----- ------ ------
PROGRAMMERS ROSE 972 1112 Printing at block 370
$
This example displays the routing table on the local host without doing IP address-to-name translation.
$ MULTINET SHOW /ROUTE /NOSYMB
MultiNet IP Routing tables:
Destination Gateway Flags Refcnt Use Interface
----------- ------- ----------- ------ --- ---------
192.41.228.129 127.0.0.1 Up,Gateway,H 0 0 lo0
127.0.0.1 127.0.0.1 Up,Host 2 53 lo0
192.41.228.130 192.41.228.129 Up,Host 3 340 sl0
192.41.228.131 192.41.228.129 Up,Host 0 0 dn0
0.0.0 192.41.228.130 Up,Gateway 0 353 sl0
192.41.228.64 192.41.228.65 Up 2 112 se0
192.41.228 192.41.228.1 Up 0 0 pd0
$
This example displays local host information.
$ MULTINET SHOW/ROUTE/DESTINATIONS=127.0.0.1
MultiNet IP Routing tables:
Destination Gateway Flags Refcnt Use Interface
----------- ------- ----- ------ --- ---------
LOCALHOST LOCALHOST Up,Host 1 464 lo0
$
This example displays the current version of MultiNet and the VMS Operating System.
$ MULTINET SHOW /INTERFACE SE1 /FILTERS
Device se1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,D2>
VMS Device = EWB0
IP Address = 192.168.0.16
No common links defined
MultiNet Packet Filter List for se1:
Logging is disabled
Source Address / Port
Action Proto Hits Destination Address / Port
------ ----- ----- ------------------------------------------
deny tcp 0 192.168.0.11/32
192.168.0.0/24 eq 22
LOG
START: 16-MAY-2008 10:33:19 END: 16-MAY-2008 10:38:19
permit ip 13484 0.0.0.0/0
0.0.0.0/0
FLTSVR
Average 0 bytes out, 0 bytes in per second
Average 0 packets out, 0 packets in per second
This example displays the interface SE1 along with its associated packet filters.
$ MULTINET SHOW /VERSION
FLOWERS MultiNet V5.3
$
Displays the contents of Ethernet packet headers that match the specified boolean expression. To stop the dump, press Ctrl/C.
FORMAT
MULTINET TCPDUMP [expression]
RESTRICTIONS
The following restrictions apply to the use of MULTINET TCPDUMP.
• Although the TCPDUMP expression grammar allows the use of the exclamation point (!) character as the NOT operator and as part of the NOT-EQUAL comparator, DCL interprets it as a comment character. Therefore, use NOT instead.
For example, to print the start and end packets (the SYN and FIN packets) of each TCP conversation that involves a remote host:
$ MULTINET TCPDUMP NOT (TCP[13] & 3 = 0) AND NOT SRC -
_$ AND DST NET LOCALNET
• PHY_IO, LOG_IO, and SYSPRV or BYPASS privileges are required to use TCPDUMP.
• The packet filter code is not very efficient and adds significant overhead to your VMS system when monitoring a busy network. In addition, if you are using DNS and a problem occurs with name server access, TCPDUMP can appear to hang while waiting for a response from the network.
• IP options are ignored and not displayed.
• Understands PPP frames and does not treat all data as IP datagrams.
• No attempt is made to reassemble IP fragments or at least compute the right length for the higher level protocol.
• Name server inverse queries are not dumped correctly. An empty question section is printed rather than the real query in the answer section.
• Though TCPDUMP recognizes IPsec packets, it does not decrypt encrypted packets.
PARAMETER
expression
Selects which packets are dumped. If an expression is not given, all packets on the net are dumped. Otherwise, only packets for which the expression is "true" are dumped. Enter HELP MULTINET TCPDUMP EXPRESSION for a list of expression values.
QUALIFIERS
Selects packets dated after the specified time. The time value can be any valid OpenVMS time specification (absolute, delta, or a combination of the two).
Selects packets dated prior to the specified time. The time value can be any valid OpenVMS time specification (absolute, delta, or a combination of the two).
Exits TCPDUMP after the specified number of packets is received. The default is 0, or no limit.
Displays debugging information.
Specifies the VMS device name of the Ethernet device to use. By default, TCPDUMP searches for ECA0, EIA0, EWA0, EZA0, EXA0, EFA0, ETA0, ERA0, ESA0, ICA0, IRA0, LLA0, XEA0,and XQA0 devices.
Displays host names with the domain information; /NODOMAINS strips the domain names.
Modifies the behavior of the /HEXADECIMAL qualifier by adding the EBCDIC translation of the data in addition to the ASCII translation to the TCPDUMP output.
Displays the Ethernet header (source, destination, protocol, and length) on each dump line.
Use in conjunction with /READ_BINARY or /WRITE_BINARY to read or generate output automatically formatted for display on version 2.0 Network General sniffers.
Displays "foreign" Internet addresses numerically rather than symbolically.
Displays each packet (less its 14-byte Ethernet header) in hexadecimal format. Up to 64 bytes of the packet are printed.
Specifies the device to trace. Valid devices are those for Ethernet/FDDI (se), the loopback connection (lo0), SLIP lines (sl), PPP lines (ppp), PSI connections (psi), and IP-over-DECNET connections (dn). This qualifier cannot be used with the /DEVICE qualifier.
Specifies that host addresses and port numbers are not converted to names on output.
Redirects TCPDUMP output to a file.
Specifies that less protocol information is displayed, making output lines shorter.
Reads in a file previously written using the /WRITE_BINARY qualifier. (Refer to /WRITE_BINARY for more information.)
This file is written in libpcap format. When the interface specified is an Ethernet device the data in the file can be analyzed with Ethereal and similar tools.
You can use /READ_BINARY with /FILE_FORMAT=SNIFFER to read output formatted automatically for display on version 2.0 Network General sniffers. This feature permits sites to analyze Network General analyzer, rather than only examining the TCPDUMP packets. (TCPVIEW also provides the ability to analyze packet traces.)
Interprets RPC calls in the output.
Indicates the specified number of bytes of data to capture from each packet rather than the default of 54 bytes (which is adequate for most applications). 96 bytes is adequate for IP, ICMP, TCP, and UDP, but may truncate protocol information from name server and NFS packets.
/TIMESTAMPS=value
/NOTIMESTAMPS (default)
Causes TCPDUMP to display a timestamp on each output line. Accepted values are DEFAULT, UNIX, DELTA, and RELATIVE. The /NOTIMESTAMPS qualifier disables the TCPDUMP timestamp on each output line.
Provides additional information in the output listing.
Stores the output of TCPDUMP in a file. Use this qualifier to "record" the TCPDUMP information until you press Ctrl/Y. After recording the output of a TCPDUMP session, use /READ_BINARY to read in the binary file for examination.
You can use /WRITE_BINARY with /FILE_FORMAT=SNIFFER to generate output automatically formatted for display on version 2.0 Network General sniffers. This feature permits sites to analyze Network General analyzer, rather than only examining the TCPDUMP packets. (TCPVIEW also provides the ability to analyze packet traces.)
EXAMPLES
This example displays all traffic addressed to or transmitted from host OL.SLG.COM.
$ MULTINET TCPDUMP HOST OL.SLG.COM
18:56:24.25 BIG.SLG.COM.x11 > OL.SLG.COM.1030:.ack 21527130 win 4096.
This example displays all traffic between local hosts and hosts at the network IRIS-ETHER at flowers.
$ MULTINET TCPDUMP NET IRIS-ETHER
. .
This example displays all FTP traffic being sent to host BETTY.URUB.EDU.
$ MULTINET TCPDUMP -
DST HOST BETTY.URUB.EDU AND (PORT FTP OR PORT FTP-DATA)
This example displays IP traffic not sent from or destined for the network IRIS-ETHER. If IRIS-ETHER is the local network, only transient traffic displays.
$ MULTINET TCPDUMP IP AND NOT NET IRIS-ETHER
Traces packets and interprets the results.
FORMAT
PARAMETER
filename
Specifies the name of the optional file to be analyzed. If not specified, TCPVIEW itself can capture network traffic to analyze packets. If you specify a file name, the file must be a Network General Sniffer Version 2 data file, or a TCPDUMP file created with the TCPDUMP/WRITE_BINARY qualifier. (Network General data file version IV does not work with TCPVIEW.)
QUALIFIERS
If used, TCPVIEW exits after receiving the specified number of packets.
Specifies the OpenVMS device name of the Ethernet device to use. By default, TCPVIEW searches for ECA0, EIA0, EWA0, EZA0, EXA0, EFA0, ETA0, ERA0, ESA0, ICA0, IRA0, LLA0, XEA0,and XQA0. This qualifier is provided for backward compatibility; use the /INTERFACE qualifier instead. /DEVICE bypasses MultiNet's BPF (Berkeley Packet Filter) feature and allows only a single user to access TCPVIEW. /DEVICE cannot be used with the /INTERFACE qualifier.
Displays host names with the domain information; /NODOMAINS strips the domain names.
Prints the Ethernet header (source, destination, protocol, and length) on each dump line.
Specifies that the binary packet trace being read by TCPVIEW is in Network General v2.0 sniffer format.
Specifies the device to trace. Valid devices are those for Ethernet, FDDI, the loopback connection, SLIP lines, PSI connections, and IP-over-DECnet connections. /INTERFACE cannot be used with the /DEVICE qualifier.
Specifies that all network packets are displayed. Using this qualifier adds a significant load to a system.
Captures snaplen bytes of data from each packet rather than the default of 54 bytes (which is adequate for many applications). 96 bytes is adequate for IP, ICMP, TCP, and UDP, but may truncate protocol information from name server and NFS packets.
/TIMESTAMPS
/NOTIMESTAMPS (default)
/NOTIMESTAMPS causes TCPVIEW to suppress printing the timestamp on each output line.
Causes TCPVIEW to print more verbose packet descriptions.
DESCRIPTION
TCPVIEW provides a mechanism for tracing packets and interpreting the results. The visual interface provides separate windows for the packet trace, an ASCII interpretation of the results, and a hex dump. In addition, as you select interpretation events, the respective sections of the hex dump are highlighted. TCPVIEW works only with OpenVMS VAX V5.5-2 and later and with all versions of OpenVMS AXP.
TCPVIEW can capture network traffic or read TCPDUMP and Network General Sniffer Version 2 data files. (Version IV does not work with TCPVIEW.) TCPVIEW was derived from TCPDUMP and shares many characteristics with it. It must be run from a privileged account, but should not be installed with privileges. TCPVIEW uses DECwindows/Motif, which must be installed along with DECwindows to permit TCPVIEW to run. (TCPVIEW will not run with DECwindows alone.)
The main display is a window with three resizeable panes.
• The top pane contains a summary line describing each packet. This line is identical to the output of TCPDUMP. Selecting a line in the top pane activates the middle and bottom panes.
• The middle pane contains a detailed decoding of the selected frame. Information is only included here if the appropriate protocol decoders are present. If a line is selected in this pane, the corresponding line will be at the top of this pane for all subsequent frames decoded.
• The bottom pane is a hex dump of the entire frame. Data is highlighted when a line is selected in the middle pane.
TCPVIEW MENUS
The TCPVIEW menu bar allows you to change configuration settings, load and store files, access help, and exit. The menu bar consists of File, Capture, Filter, Options, and Help pulldown entries.
FILE MENU
The File pulldown menu allows you to open (load) a data file, save (store) a data file, print a packet trace, and exit TCPVIEW.
• File Open displays a DECwindows/Motif file dialog box that lists the files in the current directory. To load a file, click the required file, then click OK. (Double-clicking selects and loads the file in one operation.)
• File Save displays the Save dialog box which allows you to save only the filtered packets or all of the seen packets. This selection also allows you to determine the format of the output file. A text field is provided to assign a file name to the output file.
• File Print displays the Print dialog box which allows you to print all or only filtered packets in either Summary or Detail mode.
– Summary mode displays a single line, much like the standard TCPDUMP output.
– Detail mode breaks each packet down, much like the Network General Sniffer output.
• File Exit allows you to exit the TCPVIEW utility.
CAPTURE MENU
The Capture pulldown menu sets capture options and begins capturing packets.
• Capture Set Options specifies the parameters that control how a packet is captured. This selection contains these options:
– Device Name selects which device interface (MultiNet or HP) to use for capturing data.
– Promiscuous Mode determines if the interface is set to promiscuous mode. If promiscuous mode is not enabled, you can only capture packets using the MultiNet interface (which supports the BPF packet interface).
– Number of Frames sets a limit on the number of frames that can be captured. Numbers less than or equal to 0 and invalid entries reset the limit to "infinite".
– Time Limit sets a limit on the number of seconds that data will be captured. Numbers less than or equal to 0 and invalid entries reset the limit to "infinite".
– Max Bytes Per Frame sets the maximum number of bytes that can be captured per frame (the minimum is 68 bytes); sizes smaller than the minimum are not accepted.
• Capture GO starts the capture of frames. Stop a capture as follows:
1 When the Stop button appears, click it or press RETURN.
2 Wait until the maximum time is reached, or until the maximum packets to be captured is reached.
FILTER MENU
The Filter pulldown menu allows you to edit the expression that controls the frame filter. A frame filter is required for a given capture.
The Filter Edit option allows you to set up an expression used to filter the captured frames. (This is similar to the capabilities provided by the TCPDUMP expression syntax.)
There are two address filters. To activate one, click the OFF button. If both filters are activated, the second line toggle button switches to AND. Click it again to change it to OR.
The filters can work on either Data Link Level (DLC) or IP addresses. To change the address:
1 Click the ANY button. A request box appears asking for the new DLC or IP address.
2 Use the address filter to select the DLC or IP address to apply to the current data or the data to be captured.
3 Click any of the buttons to either toggle the button's state or display a request box for new information.
Enter ANY or ALL (case-insensitive) to set a filter back to the ANY state. For a numeric Ethernet address, enter the address in hex format either starting with "0x" or as six bytes separated by colons (for example, 0x08202b000002 or 08:20:2B:00:00:02). For IP addresses, enter a name or numeric address such as 161.44.128.70.
• The Protocol filter allows you to select the protocols you want to capture. You can select all to see any protocol you want, or select one or more of the protocols provided.
• The Port filter allows you to select all packets with that port as a source or destination. You can enter either a port number or a name. Port names are assigned via MULTINET:HOSTS.SERVICES and MULTINET:HOSTS.LOCAL. If the port name cannot be found, the filter is reset to ANY.
• The Clear filter button resets the filter to its initial state (allow all packets).
• The Apply To All applies the filter to all data that is currently captured. Selecting this with no filter in place displays all captured frames.
• Apply To Current applies the filter only to the current selected list of frames, allowing you to re-filter a captured set of packets repeatedly to look for problems or something specific in the data.
OPTIONS MENU
The Options pulldown menu controls how the data is presented, and contains options to control the address, time, and miscellaneous options.
• Address Options allow you to control how the address is presented in the main window. You can display the host name, IP address, or DLC. If you select the host name, you can choose that the Fully Qualified Domain Name (FQDN) is displayed; otherwise, the short name is used.
If you are displaying the DLC, you can use the manufacturer's names instead of the DLC. This information is provided in the file MULTINET:MANUF.CODES. For example, use this option to display PSC_003462 instead of 00000C003462 (00000C is the assigned Ethernet code for Process Software).
• Time Options control how the timestamp associated with a packet is displayed.
– Absolute prints the arrival time in the format "HH:MM:SS.SS".
– UNIX displays timestamps in the UNIX format, which is the number of seconds since 00:00:00 GMT (January 1, 1970).
– Delta prints the timestamp as the number of elapsed seconds between frames.
– Relative prints the number of seconds from the first frame.
– None does not print a timestamp.
• Miscellaneous Options specify how each frame is displayed.
– Verbose provides additional information, such as displaying the time-to-live (TTL) and the type of service information in an IP packet.
– Brief displays a minimum amount of protocol information.
– Display DLC header displays the DLC source, destination, and protocol type in the summary line.
– Use Relative TCP Sequence Numbers resets each TCP connection's sequence to make it easier to follow.
– Display Line Numbers displays a number for each frame.
HELP MENU
The Help pulldown menu provides access to online help. It provides three options in the pulldown: Overview, About, and Help On Help. It can also provide context-sensitive help by using MB1 and the Help button. For help on context-sensitive help, see the help provided by this widget or see the DECwindows/Motif User's Guide.
Attempts to trace the route that an IP packet follows to another Internet host.
FORMAT
MULTINET TRACEROUTE host [data_length]
MULTINET TRACEROUTE6 host [data_length]
DESCRIPTION
TRACEROUTE finds the intermediate hops by sending probe packets with a small TTL (time-to-live), then listening for an ICMP "time exceeded" reply from a gateway. It starts probing with a TTL of one, then increases by one in each successive probe until an ICMP "port unreachable" reply is received (indicating that a probe reached the host) or the TTL exceeded 30 (the default maximum).
By default, three probes are sent at each TTL setting, and a line is printed showing the TTL, the gateway address, and round trip time of each probe. If the probe answers come from different gateways, the address of each responding system is printed. If there is no response within a five-second timeout interval, a "*" is printed for that probe. TRACEROUTE prints a "!" after the time if the TTL is less than or equal to one. The following table shows other possible annotations:
|
Annotation |
Meaning |
|
!H |
Host unreachable |
|
!N |
Network unreachable |
|
!P |
Protocol unreachable |
|
!S |
Source route failed |
|
!F |
Fragmentation_needed |
The !S and !F annotations are rare and indicate that the associated gateway is not working properly. If most of the probes result in "unreachable" annotations, TRACEROUTE stops running and exits.
TRACEROUTE6 performs the same functions as TRACEROUTE for IPv6.
PARAMETERS
host
Specifies the target host to which you want to determine the route.
data_length
Specifies the amount of data sent in each ICMP Echo Request packet.
QUALIFIERS
Enables socket-level debugging in the MultiNet kernel. This qualifier is used only for debugging the MultiNet kernel.
Specifies the maximum TTL (time-to-live) to explore looking for ICMP Time Exceeded responses. If not specified, the default of 30 hops is used.
Specifies the minimum TTL to explore looking for ICMP Time Exceeded responses. If not specified, the default of 1 hop is used.
Specifies the number of probe packets sent to each hop (by default, 3).
Redirects TRACEROUTE output to a file.
Specifies a non-standard port number. TRACEROUTE sends data to an unused port and expects an error message. If the default port of 33434 is in use, use /PORT to specify another.
Disables any IP routing of the ICMP packets. The default, /ROUTE, allows IP routing to send the packet to destinations separated by gateways.
Specifies the local IP address from which packets are sent.
/SYMBOLIC_ADDRESSES (default)
/NOSYMBOLIC_ADDRESSES
Specifies that IP addresses are displayed numerically instead of being converted into host names.
Specifies the Type-Of-Service (TOS) field of the IP packet. The default TOS is 0 (no specific type of service).
Displays extra information as ICMP packets are sent or received.
Specifies how long TRACEROUTE waits for responses (by default, 5 seconds).
EXAMPLES
This example shows tracing a route to an NSFnet gateway. Note: lines 2 and 3 are the same. This is because the gateway "lilac-dmc.Berkeley.Edu" has a kernel bug that causes the system to forward packets with a TTL of zero.
$ MULTINET TRACEROUTE NIS.NSF.NET
traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 38 byte packet
1 FLOWERS.BARRNET.NET (192.41.228.71) 0 ms 0 ms 0 ms
2 UCSC.BARRNET.NET (131.119.46.7) 10 ms 0 ms 20 ms
3 SU1.BARRNET.NET (131.119.1.5) 10 ms 20 ms 20 ms
4 SU-B.BARRNET.NET (131.119.254.201) 20 ms 20 ms 20 ms
5 E-NSS.BARRNET.NET (192.31.48.244) 50 ms 10 ms 20 ms
6 t3-1.cnss9.t3.nsf.net (140.222.9.2) 20 ms 10 ms 20 ms
7 t3-3.cnss8.t3.nsf.net (140.222.8.4) 20 ms 30 ms 30 ms
8 t3-0.cnss24.t3.nsf.net (140.222.24.1) 70 ms 60 ms 60 ms
9 t3-0.cnss40.t3.nsf.net (140.222.40.1) 70 ms 70 ms 60 ms
10 t3-0.cnss41.t3.nsf.net (140.222.41.1) 70 ms 70 ms 60 ms
11 t3-0.enss131.t3.nsf.net (140.222.131.1) 70 ms 80 ms 80 ms
12 nis.nsf.net (35.1.1.48) 80 ms 80 ms 70 ms
$
The X11DEBUG utility performs four tests that check the most common causes of problems encountered when running X11 clients over MultiNet:
• Checks for the UCX driver.
• Verifies that a DISPLAY has been defined with the SET DISPLAY command.
• Checks TCP/IP connections.
• Verifies that the X11 client can access the server.
If any of these tests fail, MULTINET X11DEBUG recommends a course of action to resolve the problem. Otherwise, MULTINET X11DEBUG displays the message, "%X11DEBUG-S-PASSEDALL, passed all X11 tests."
FORMAT
MULTINET X11DEBUG [/LOG]
QUALIFIER
Enables additional debugging information.
