TCPware Version 6.0 Release Notes March 2014 This document contains a list of new features and bug fixes that have been made since TCPware V5.8-2. Revision/Update Information: This document supercedes the TCPware V5.9 Release Notes. Operating System and Version: VAX/VMS V5.5-2 or later; OpenVMS Alpha V6.2 or later; OpenVMS I64 V8.2 or later. ________________________ March 2014 __________ Copyright ©Copyright by Process Software LLC Process Software, LLC ("Process") makes no representations or warranties with respect to the contents hereof and specif- ically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Process Software reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Process Software to notify any person of such revision or changes. Alpha AXP, AXP, MicroVAX, OpenVMS, Open- VMS I64, VAX, VAX Notes, VMScluster, and VMS are registered trademarks of Hewlett-Packard Corporation. Intel and Itanium are trademarks or registered trademarks of Intel Corporation. Portions of TCPWare have the following third party copyrights: Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowl- edgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" iii 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org. 5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. 6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WAR- RANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CON- TRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPE- CIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com). Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: iv 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following dis- claimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence TCPware is a registered trademark of Process Software. UNIX is a trademark of UNIX System Laboratories, Inc. All other trademarks, service marks, registered trademarks, or registered service marks mentioned in this document are the property of their respective holders. Copyright ©1997, 1998, 1999, 2000 Process Software Corporation. All rights reserved. Printed in USA. Copyright © Process Software, LLC. All rights reserved. Printed in USA. If the examples of URLs, domain names, internet addresses, and web sites we use in this documentation reflect any that actually exist, it is not intentional and should not be considered an endorsement, approval, or recommendation of the actual site, or any products or services located at any such site by v Process Software. Any resemblance or duplication is strictly coincidental. vi Contents_________________________________________________________ Chapter_1__Introduction__________________________________________ 1.1 Typographical Conventions..............................1-2 1.2 Obtaining Technical Support............................1-2 1.2.1 Before Contacting Technical Support..........1-2 1.2.2 Sending Electronic Mail......................1-4 1.2.3 Calling Technical Support....................1-4 1.2.4 Contacting Technical Support by Fax..........1-5 1.3 Obtaining Online Help..................................1-5 1.4 TCPware Frequently Asked Questions (FAQs) List.........1-5 1.5 Accessing the TCPware Public Mailing List..............1-5 1.6 Process Software World Wide Web Server.................1-6 1.7 Obtaining Software Patches over the Internet...........1-6 1.8 Documentation Comments.................................1-7 1.9 CD-ROM Contents........................................1-7 1.9.1 Online Documentation.........................1-8 1.9.1.1 PDF Format.............................1-8 1.9.1.2 Using Acrobat Reader...................1-9 1.9.1.3 Using XPDF.............................1-9 Chapter_2__New_Features__________________________________________ 2.1 Installation Disk Space Requirements...................2-1 2.2 NFS V3 Client..........................................2-1 2.3 NFS Server.............................................2-2 2.4 BIND9..................................................2-2 2.5 FTP....................................................2-2 2.6 Utilities..............................................2-2 2.6.1 ARPSNMP......................................2-2 2.6.2 PEERNAME.....................................2-3 2.7 DHCP V4 Client and Server..............................2-3 2.8 Upgrading to the DHCP V4 Client and Server.............2-3 2.8.1 DHCP V4 Client...............................2-3 2.8.1.1 Configuring and Starting Up The DHCP V4 Client (DHCLIENT4).....................2-3 2.8.1.2 DHCP V4 Client Configuration and Lease Files..................................2-3 iii 2.8.2 DHCP V4 Server...............................2-4 2.8.2.1 Configuring and Starting Up The DHCP V4 Server (DHCP4).........................2-4 2.8.2.2 DHCP V4 Server Administration..........2-4 2.8.2.3 DHCP V4 Server Leases..................2-4 2.8.2.4 DHCP V4 Server Configuration File......2-5 2.8.2.4.1 Changes................................2-5 2.8.2.4.2 Host Name Generation...................2-5 2.8.2.4.3 Dynamic DNS Updates (DDNS).............2-6 2.8.2.4.4 Failover...............................2-7 Chapter_3__Fixes_in_this_Release_________________________________ 3.1 Configuration..........................................3-1 3.2 DHCP V3................................................3-1 3.3 DNS....................................................3-1 3.4 Drivers................................................3-2 3.5 FTP....................................................3-2 3.6 NETCU..................................................3-3 3.7 IPS....................................................3-3 3.8 NETCP..................................................3-3 3.9 NETCU..................................................3-3 3.10 NFS Client.............................................3-4 3.11 NFS Server.............................................3-4 3.12 NTP....................................................3-4 3.13 PWIP...................................................3-4 3.14 RPC....................................................3-4 3.15 SDA....................................................3-4 3.16 SFTP...................................................3-4 3.17 SNMP...................................................3-5 3.18 SSH....................................................3-5 3.19 Telnet.................................................3-5 3.20 TIMED..................................................3-6 3.21 Miscellaneous..........................................3-6 3.22 Known Issues...........................................3-6 iv Chapter_4__Documentation_Notes___________________________________ 4.1 Online Help............................................4-1 v Chapter__1_______________________________________________________ Introduction These Release Notes describe the changes and enhancements made to the TCPware product in version 6.0. This chapter describes conventions used in the TCPware documentation set and the various methods to contact and receive technical support. o For information about new features in TCPware v6.0, refer to Chapter 2. o For information about fixes in TCPware v6.0, refer to Chapter 3. o For information about changes to the documentation set, refer to Chapter 4. Introduction 1-1 1.1 Typographical Conventions Examples in these release notes use the following conventions: ______________________________________________________________ Convention________Example___________Meaning___________________ Angle brackets Represents a key on your keyboard. Angle brackets Indicates that you hold with a slash down the key labeled or while simultaneously pressing another key; in this example, the "A" key. Square brackets [FULL] Indicates optional choices; you can enter none of the choices, or as many as you like. When shown as part of an example, square brackets are actual characters you should type. Underscore or file_name or Between words in commands, hyphen file-name indicates the item is a ____________________________________single_element.___________ 1.2 Obtaining Technical Support Process Software provides technical support if you have a current Maintenance Service Agreement. If you obtained TCPware from an authorized distributor or partner, you receive your technical support directly from them. You can contact Technical Support by: o Sending electronic mail (Section 1.2.2) o Calling Technical Support (Section 1.2.3) o Faxing a description of your problem to the Technical Support Group (Section 1.2.4) 1.2.1 Before Contacting Technical Support Before you call, or send email or a fax: 1. Verify that your Maintenance Service Agreement is current. 2. Read the online Release Notes completely. 3. Have the following information available: o Your Name 1-2 Introduction o Your company name o Your email address o Your voice and fax telephone numbers o Your Maintenance Contract Number o OpenVMS architecture o OpenVMS version o TCPware layered products and versions 4. Have complete information about your configuration, error messages that appeared, and problem specifics. 5. Be prepared to let a development engineer connect to your system, either with TELNET, SSH, or by dialing in using a modem. Be prepared to give the engineer access to a privileged account to diagnose your problem. You can obtain information about your OpenVMS architecture, OpenVMS version, TCPware version, and layered products with the NETCU SHOW VERSION/ALL command. Execute the following command on a fully loaded system and email the output to support@process.com: $ NETCU SHOW VERSION/ALL TCPware(R) V6.0-0 Copyright (c) Process Software OpenVMS version V8.2 booted on 28-AUG-2014 21:03:30.00, running on a HP rx2600 (1.30GHz/3.0MB). MAS number: 12345 In this example: The machine or system architecture is I64. The OpenVMS version is V8.2. The TCPware version is V6.0. Use the following table as a template to record the relevant information about your system: ______________________________________________________________ Required_Information_______Your_System_Information____________ Your name Company name Your email address Introduction 1-3 ______________________________________________________________ Required_Information_______Your_System_Information____________ Your voice and fax telephone numbers System architecture Vax, Alpha, or I64 OpenVMS Version TCPware_Version_______________________________________________ Please provide information about installed TCPware applica- tions and patch kits, by sending a copy of TCPWARE:TCPWARE_ VERSION.; file. 1.2.2 Sending Electronic Mail For many questions, electronic mail is the preferred communication method. Technical support via electronic mail is available to customers with a current support contract. Send electronic mail to support@process.com. At the beginning of your mail message, include the information listed in Section 1.2.1. Continue with the description of your situation and problem specifics. Include all relevant information to help your Technical Support Specialist process and track your electronic support request. Electronic mail is answered within the desired goal of two hours, during our normal business hours, Monday through Friday from 8:30 a.m. to 5:00 p.m., United States Eastern Time. 1.2.3 Calling Technical Support For regular support issues, call 800-394-8700 or 508-628-5074 for support Monday through Friday from 9:00 a.m. to 5:00 p.m. United States Eastern Time. For our customers in North America with critical problems, an option for support 7 days per week, 24 hours per day is available at an additional charge. Please contact your Account Representative for further details. Before calling, have available the information described in Section 1.2.1. When you call, you will be connected to a Technical Support Specialist. If our Support Specialists are assisting other customers and you are put on hold, please stay on the line. Most calls are answered in less than 5 minutes. If you can wait for a Speciallist to take your call, please take advantage 1-4 Introduction of our automatic call logging feature by sending email to support@process.com (See Section 1.2.2). 1.3 Obtaining Online Help Extensive information about TCPware is provided in the TCPware help library. For more information, enter the following command: $ HELP TCPWARE 1.4 TCPware Frequently Asked Questions (FAQs) List You can obtain an updated list of frequently asked questions (FAQs) and answers about Process Software products from the Process Software home page located at http://www.process.com. Choose the Service & Support link to access useful information on FAQs and patch ECOs. 1.5 Accessing the TCPware Public Mailing List Process Software maintains two public mailing lists for TCPware customers: o Info-TCPware@process.com o TCPware-Announce@process.com The Info-TCPware@process.com mailing list is a forum for discussion among TCPware system managers and programmers. Questions and problems regarding TCPware can be posted for a response by any of the subscribers. To subscribe to Info- TCPware, send a mail message with the word SUBSCRIBE in the body to Info-TCPware-request@process.com. The information exchanged over Info-TCPware is also available via the USENET newsgroup vmsnet.networks.tcp-ip.tcpware. Introduction 1-5 You can retrieve the Info-TCPware archives by anonymous FTP to ftp.tcpware.process.com. The archives are located in the directory [MAIL_ARCHIVES.INFO-TCPWARE]. The TCPware-Announce@process.com mailing list is a one-way communication (from Process Software to you) used to post announcements relating to TCPware (patch releases, product releases, etc.). To subscribe to TCPware-Announce, send a mail message with the word SUBSCRIBE in the body to TCPware- Announce-request@process.com. 1.6 Process Software World Wide Web Server Electronic support is provided through the Process Software web site which you can access with any World Wide Web browser; the URL is http://www.process.com (select Service & Support). 1.7 Obtaining Software Patches over the Internet Process Software provides software patches in save set and ZIP format on its anonymous FTP server, ftp.tcpware.process.com. For the location of software patches, read the .WELCOME file in the top-level anonymous directory. This file refers you to the directories containing software patches. To retrieve a software patch, enter the following commands: $ FTP FTP.TCPWARE.PROCESS.COM ANONYMOUS password where password is your email address. A message welcoming you to the Process Software FTP directory appears next followed by the FTP prompt. Enter the following at the FTP prompt: FTP>CD [.SUPPORT.xx_x] FTP>GET update_filename In these commands: xxx is the version of TCPware you want to transfer update_filename is the name of the file you want to transfer To transfer files from Process Software directly to an OpenVMS system, you can use the GET command without any other FTP commands. However, if you need to transfer a software patch through an intermediate non-OpenVMS system, use BINARY mode to transfer the files to and from that system. In addition, if you are retrieving the software patch in save set format, make sure the save set record size is 2048 bytes when you transfer the file from the intermediate system to your OpenVMS system. 1-6 Introduction o If you use the GET command to download the file size from the intermediate system, use the FTP RECORD-SIZE 2048 command before transferring the file. o If you use the PUT command to upload the file to your OpenVMS system, log into the intermediate system and use the FTP quote site rms recsize 2048 command before transferring the file. Process Software also supplies UNZIP utilities for OpenVMS VAX, Alpha and I64 for decompressing ZIP archives in the [SUPPORT] directory. To use ZIP format kits, you need a copy of the UNZIP utility. The following example shows how to use UNZIP utility, assuming you have copied the appropriate version of UNZIP.EXE to your current default directory: $ UNZIP := $SYS$DISK:[]UNZIP.EXE $ UNZIP filename.ZIP Use VMSINSTAL to upgrade your TCPware system with the software patch. 1.9 CD-ROM Contents The directory structure on the CD is as follows: Introduction 1-7 [TCPWARE060] TCPware Kit [Documentation] PDF format (.pdf) HTML format (.htm) Release Notes [XPDF] [XPDF.AXP] for Alpha images [XPDF.VAX] for VAX images [LYNX] [LYNX.AXP] for Alpha images [LYNX.VAX] for VAX images [VAX55_DECC_RTL] 1.9.1 Online Documentation The TCPware documentation set is available on the product CD in HTML and PDF format. The Release Notes are available on the product CD in text format. 1.9.1.1 PDF Format The TCPware documentation set has the following PDF files: o INSTALL.PDF (Installation and Configuration Guide) o MANAGE.PDF (Management Guide) o NETCU.PDF (NETCU Command Reference) o PROGRAM.PDF (Programmer's Guide) o USER.PDF (User's Guide) The PDF format is readable from a PC, a VAX or an Alpha system. There is a PDF reader for the VAX and Alpha platforms on the TCPware CD. o Use Adobe Acrobat to read the PDF files from a PC. Your PC must have 386 architecture or later to use Adobe Acrobat Reader. You can get Acrobat Reader free from Adobe Systems' Website: www.adobe.com. o Use the XPDF Reader (found in the [XPDF] directory) to read the PDF files from a VAX or Alpha system. The [XPDF.AXP] directory contains the Alpha architecture reader, and the [XPDF.VAX] directory contains the VAX architecture reader. Note The XPDF Reader does not work on a PC. 1-8 Introduction PCs running the Windows or NT operating system cannot read Process Software's CD. You cannot load files from the MultiNet CD directly to a PC. Load them to your VAX, Alpha or I64 machine, then transfer them to your PC. We suggest using FTP to transfer these files. The following is an example using MS-DOS: C:> ftp node ftp> binary ftp> mget cd:*.pdf In addition, Process Software has included LYNX, the character-cell Web browser for VMS. It is in the [LYNX] directory. 1.9.1.2 Using Acrobat Reader To read the PDF files using Acrobat Reader: 1. Double click Acrobat Exchange. 2. Choose Open from the File menu. 3. Select the .pdf file you want to open. 4. Use the menu bar at the top of the screen to navigate the document, or click a Table of Contents entry (on the left) to go directly to that information. Note The binocular icon opens search functions. The magnifying glass icon enlarges the text and illustrations. 1.9.1.3 Using XPDF Thanks to Derek B. Noonburg for letting us download his XPDF application. Note You need a three-button mouse to use XPDF. At the DCL prompt from the directory in which the VAX or Alpha XPDF.EXE is stored, do the following: 1. Type RUN XPDF.EXE. The XPDF screen appears. 2. Position the arrow on any of the icons (except the ? icon) on the bottom of the screen. 3. Press the right nouse button to display choices. 4. Select OPEN to display the list of PDF files. Introduction 1-9 5. Select the PDF file you want, and click OPEN to read the file. 6. Use the icons on the bottom of the screen to search for the information you want. To view the online help for XPDF: 1. Position the cursor on the question mark (?) icon. 2. Press the left mouse button to open the online help. 1-10 Introduction Chapter__2_______________________________________________________ New Features This chapter briefly describes features that are new or changed significantly in TCPware Version 6.0. 2.1 Installation Disk Space Requirements The following table indicates the disk space requirements for installing TCPWARE V6.0. ______________________________________________________________ System_Architecture_____________Peak_Usage__Net_Usage_________ VAX 240,000 175,000 Alpha 390,000 240,000 I64_____________________________485,000_____380,000___________ 2.2 NFS V3 Client The TCPware NFS client has been enhanced to use NFSv3 if it is available and NFSv2 if it is not. The changes are designed to be as seamless as possible, while still providing the new functionality that was desired. NFS V3 supports larger file sizes and has modifications to the protocol to reduce the number of packets that need to be exchanged to get information about files in a directory. This can improve performance. The NFSv3 client will present the disk as an ODS-5 disk when the server and the version of VMS that TCPware is installed on support mixed case file names and the NFSv3 client will use the process variables when presenting filenames and searching for files. Unless otherwise directed the mount procedure will attempt a V3 mount first, then fall back to V2 if the server does not support NFS V3. The NFSMOUNT command has an additional qualifier (/NFS=version_number) to restrict which protocol version is used when mounting a share. New Features 2-1 2.3 NFS Server The TCPware NFS server can now fully take advantage of the file name support on ODS-5 disks with the /FILENAME=ODS5 qualifier to NETCU ADD EXPORT. Note that the default is still /FILENAME=SRI even for ODS-5 disks. If you want to use /FILENAME=ODS5, you need to specify it explicitly when the export is created. 2.4 BIND9 BIND9 has been updated from ISC Bind Version 9.6.1-p1 to 9.8.5-P2. This provides up to date functionality and has corrections for all published security problems. New features include, but are not limited to: o Checking that TXT records in SPF format have a matching SPF record. o Support for a number of new resource records types. o Updates to the built-in root hints for servers. o Additional algorithms for DNSSEC. 2.5 FTP Mode Z (deflate) support has been added to the TCPware FTP client and server. [DE 10974] Mode Z allows for data transfers to be compressed when encryption is not desired or not necessary. A compressed file transfer will generally take less time than an uncompressed transfer when the limiting factor is the slowest link between the systems involved. Mode Z is supported with the new SET MODE DEFLATE and SET DEFLATE/LEVEL commands. Additional information on this functionality can be found at http://tools.ietf.org/html/draft-preston-ftpext-deflate-04. 2.6 Utilities 2.6.1 ARPSNMP An adaptation of ARPSNMP has been included to allow system managers to record the information in TCPware's ARP tables in a file on disk so that changes can be tracked. [DE 4819] 2-2 New Features 2.6.2 PEERNAME This utility defines the symbols TCPIP$PEERNAME_LOCAL_ADDRESS, TCPIP$PEERNAME_LOCAL_PORT, TCPIP$PEERNAME_REMOTE_ADDRESS and TCPIP$PEERNAME_REMOTE_PORT. It provides functionality that matches the TCP/IP Services PEERNAME utility. 2.7 DHCP V4 Client and Server New DHCP client and server based on ISC version 4.2.5-P1 have been implemented, in addition to the ones based on ISC DHCP V3. DHCP4 includes all improvements, security, and bug fixes released by ISC. For full information, see the Chapter 2 (Client) or Chapter 4 (Server) of the Management Guide. 2.8 Upgrading to the DHCP V4 Client and Server 2.8.1 DHCP V4 Client 2.8.1.1 Configuring and Starting Up The DHCP V4 Client (DHCLIENT4) Configuring and starting up the DHCP V4 client is done the same way as the DHCP V3 client, except instead of using the "DHCLIENT" component, use the "DHCLIENT4" component. For example, use @TCPWARE:CNFNET DHCLIENT4 instead of @TCPWARE:CNFNET DHCLIENT Note that if you use "@TCPWARE:CNFNET" (i.e. with no parameter) to enable the DHCP client, this enables the DHCLIENT (V3) component. In this case, you will have to use "@TCPWARE:CNFNET DHCLIENT" to disable and shut down the DHCLIENT component, then use "@TCPWARE:CNFNET DHCLIENT4" to enable and start up the DHCLIENT4 component. 2.8.1.2 DHCP V4 Client Configuration and Lease Files There have not been many changes in the DHCP client between the V3 version and the V4 version. The configuration file (TCPWARE:DHCLIENT.CONF) that you have been using with the DHCP V3 client should be able to be used as-is with the V4 client. If you do not already have a DHCP client configuration file, the template for DHCLIENT4 is at TCPWARE:DHCLIENT4_CONF.TEMPLATE New Features 2-3 Note that the configuration file is still called DHCLIENT.CONF, not DHCLIENT4.CONF. For example: $ COPY TCPWARE:DHCLIENT4_CONF.TEMPLATE TCPWARE:DHCLIENT.CONF The DHCP V3 client lease file should also be able to be used as-is. The only difference is that it is now named DHCLIENT.LEASES instead of DHCLIENT.DB. $ COPY TCPWARE:DHCLIENT.DB TCPWARE:DHCLIENT.LEASES 2.8.2 DHCP V4 Server 2.8.2.1 Configuring and Starting Up The DHCP V4 Server (DHCP4) Configuring and starting up the DHCP V4 server is done the same way as the DHCP V3, except instead of using the "DHCP" component, use the "DHCP4" component. For example, use @TCPWARE:CNFNET DHCP4 instead of @TCPWARE:CNFNET DHCP 2.8.2.2 DHCP V4 Server Administration The NETCU commands for DHCP V3 also work for DHCP4. You just have to specify "DHCP4" instead of "DHCP" in the command, for example: NETCU SHOW DHCP4/STATUS Using NETCU UPDATE DHCP4 still works to register new hosts or unregister hosts in a running server. 2.8.2.3 DHCP V4 Server Leases The DHCP V3 server lease file (TCPWARE:DHCPD.LEASES) is most likely not going to be able to be read by the DHCP V4 server. It may be able to be read if you are using a simple configuration. It will definitely not be able to be read if you are using Dynamic DNS Updates (DDNS) or Failover. In most cases, you should expect that when you upgrade to DHCP4, you will lose the entire database of leases. In that case, all DHCP clients will have to obtain new leases. To avoid conflicts, it is recommended that prior to the upgrade, the length of leases being given out by the DHCP server be made very short, so that all leases expire during the changeover. You may also want to consider initially using a different range of addresses after the upgrade to doubly ensure that the DHCP4 server does not attempt to give out leases for IP addresses that are still in use. 2-4 New Features 2.8.2.4 DHCP V4 Server Configuration File There are a number of new commands, options, and evaluation functions that have been added for DHCP4. All of them are listed in the Management Guide. There is no automated conversion tool to convert DHCP V3 configuration and lease files to DHCP V4. If needed, the template configuration file for DHCP4 is at: TCPWARE:DHCPD4_CONF.TEMPLATE Note that the name of the configuration file is still DHCPD.CONF, not DHCPD4.CONF. 2.8.2.4.1 Changes The biggest changes between the DHCP V3 server configuration file and the DHCP V4 server configuration file are in the areas of DDNS and Failover. This is due to the fact that in DHCP V3, DDNS and Failover are Process Software implementations. In DHCP4, they are the ISC implementations. Also, Process Software's implementation of host name generation that was available in DHCP V3 is no longer available in DHCP4. Neither is the statement "allow/deny ras-servers". This statement was deprecated in a previous release and has now been removed altogether. See below for details. 2.8.2.4.2 Host Name Generation Process Software's host name generation functionality is no longer supplied in DHCP4. However, you can use a combination of evaluation functions to ask DHCP4 to create a host name. For example: option host-name = concat("DHCP-", binary-to-ascii(10,8,"",leased-address)); This option statement in dhcpd.conf generates a host name consisting of the string "DHCP-" followed by the ASCII version of the IP address that was leased out to the client by the DHCP4 server. It uses the data expressions "concat", "binary- to-ascii", and "leased-address". New Features 2-5 2.8.2.4.3 Dynamic DNS Updates (DDNS) The DHCP V3 DDNS commands are not available in DHCP V4. DHCP4 has its own DDNS commands. Enabling or Disabling DDNS The DHCP V3 statement to enable or disable DDNS in the server is: {allow | deny} dynamic-update; The DHCP4 replacement commands are: ddns-updates flag; ddns-update-style {interim | none}; Note that in DHCP V3 the default was to not do DDNS updates, whereas in DHCP4 the default is to do them. Updating A Records DDNS always creates a PTR record. It can also optionally create an A record. This is controlled by a statement in the configuration file. For DHCP V3 that statement is: {allow | deny} update-A-record; The DHCP4 replacement commands are: do-forward-updates flag; {allow | deny} client-updates; Note that in DHCP V3 the default was to not create the A record, whereas in DHCP4 the default is to create the A record. Specifying a Name for DDNS In DHCP V3 the following statements were used to tell the server whether or not to accept a name specified by the client, and what to do if that name contained characters which are invalid in DNS: {allow | deny} name-by-client; invalid-ddns-chars {fail | discard | replace}; DHCP4 does not have an equivalent to these configuration file statements. See the Management Guide for a description of how DHCP4 determines what host name and domain name to assign to the client. Some new configuration file statements related to this are: ddns-hostname name; ddns-domainname name; ddns-rev-domainname name; 2-6 New Features DNSSEC DHCP4 supports using DNSSEC to do secure DNS updates, which DHCP V3 did not. The following configuration file statements are used for DNSSEC: key, algorithm, secret zone, primary, secondary, key See the Management Guide for a description of these state- ments. Additional DHCP V4 DDNS Statements Other DHCP4 DDNS statements which do not correspond to any DHCP V3 statements are: {allow | deny | ignore} client-updates; Whether to allow clients to add the A record. DHCP V3 did not have the concept of clients doing their own DDNS updates. update-static-leases flag; Whether to do DDNS updates for static assignments (adding entries only). DHCP V3 always added the entries for static assignments (if DDNS was enabled). update-conflict-detection flag; update-optimization flag; These control specific behavior in the DHCP4 DDNS code. 2.8.2.4.4 Failover The Process Software implementation of Safe-Failover in DHCP V3 has been superceded by ISC's implementation of DHCP Failover. The first thing to know is that the operation of the primary and secondary peers in DHCP4 is different than previously. In the DHCP V3 implementation, the primary server gives out all of the leases during normal operation, and the secondary only gives out leases if the primary is down or unreachable. In this scenario, the percentage of IP addresses assigned as "backup" is kept small, usually 10-20% of the total address pool. In DHCP4 Failover, during normal operations, both the primary and the secondary give out leases. Ideally, they take on an equal load, and so the target percentage of "backup" leases is 50%. Failover Configuration The way that DHCP4 Failover is configured is completely different than in V3. New Features 2-7 There is no longer any DHCPD.BOOT file. The information formerly contained in the boot file is now specified in the main DHCP4 configuration file (dhcpd.conf) in a "failover peer" statement. This statement is described in the Management Guide. There is also no longer any DHCPD.STATE file. All such information related to Failover is included in the main lease file (dhcpd.leases). Transitioning to Partner Down State The NETCU partnerdown command still works for DHCP4: NETCU SET DHCP4/PARTNERDOWN The other two methods to go into partner down state described in the TCPware 5.9 documentation still apply (automatic transitioning based on configuration settings, or editing the lease file to set the state to partner down), although the details differ. See the Management Guide. 2-8 New Features Chapter__3_______________________________________________________ Fixes in this Release 3.1 Configuration o The TCPware lineid function now recognizes virtual (VLA) interfaces. [DE 11067,11150] 3.2 DHCP V3 o Fixed a problem in the secondary DHCP server during partner-down mode where it did not correctly issue static addresses, instead offering a pool address, and then rejecting the client's request for it. [DE 11261] o Corrected an ACCVIO during option processing. [DE 11194] o Corrected vulnerabilities CVE-2011-2748 and CVE-2011-2749. [DE 11175] o Corrected an ACCVIO when doing dynamic updates. [DE 11076] 3.3 DNS o Corrected vulnerability CVE-2011-4313. [DE 11215] o Fixed a problem with TCPWARE_DOMAINLIST. Only the first element of the search list was being used, now they all are. [DE 11111] o TEMPLATE_NAMED.CONF now specifies the "directory" option, set to TCPWARE_NAMED_ROOT. [DE 10969] o NSLOOKUP will now look for a default nameserver in the logical name TCPWARE_NAMESERVERS, or in RESOLV.CONF, or will use the local host (127.0.0.1) if nothing is configured. [DE 10953] o Improved checking to prevent buffer overruns. [DE 10952] o Fixed a problem with the TCPware_NAMED process keeping tcpware:services. file open. [DE 7910] Fixes in this Release 3-1 3.4 Drivers o Work has been done to all of the drivers to reduce the number of alignment faults on Alpha and Itanium systems. [DE 11220,11258] o In TCPDRIVER, fixed a problem causing a system crash. [DE 11209] o In BGDRIVER and TCPDRIVER, corrected an error in calcula- tion of how much data can be put in a buffer on VMS V8 [DE 11154,11197]. o In, BGDRIVER, added GET support for KEEPCNT, KEEPIDLE, and KEEPINVTL. [DE 11123] o Fixed a crash in IPDRIVER when starting Filter Server. [DE 11045] o In IPDRIVER, fixd a problem where the TCPware kernel hangs if VMS ECO VMS732_LAN-V0700 or later is installed. [DE 10966] 3.5 FTP o Modified the FTP server to correctly return an error from a RENAME command when file protections do not allow the operation. [DE 11231] o Corrected a parsing problem with the DELETE command. [DE 11063] o Added the ability to handle certificates that contain ASN.1 data to the FTP client certificate verification processing. [DE 11052] o The timeout parameter of the FTP_OPEN_CONNECTION() FTP library routine is now honored for values that are less than 20 seconds. Users of this may want to define the logical TCPWARE_FTP_MAXIMUM_CONNECTION_WAIT to a VMS delta time to limit the amount of time spent waiting for the 220 message. [DE 11245] o The logical TCPWARE_FTP_SEND_FEAT_ON_CONNECT may be defined to 0 (zero), F (false) or N (no) to disable the sending of the FEAT FTP command upon connecting to a server. When this is disabled the FTP client will not be able to detect the support of optional features such as TLS, REST STREAM and others and these features may not work correctly if there is an attempt to use them. [DE 11221] 3-2 Fixes in this Release o The logicals TCPWARE_FTP_username_ROOT and TCPWARE_FTP_ROOT can now be a search list to express a list of directories that the user is allowed to access. [DE 10912] o Modified to ignore UNIX-style options (e.g. '-l') on NLST and LIST operations (e.g. 'ls' or 'dir' command) when in Unix mode unless the logical name TCPWARE_FTP_IGNORE_UNIX_ DASH_OPTIONS is defined to F/N/0 (false/no/zero). [DE 8540] o Fixed a problem with using wildcards during a RENAME operation. [DE 8275] 3.6 NETCU o Fixed an ACCVIO caused by using the /LOG qualifier on the NETCU SET FILTER command. [DE 11260] o Modified the SHOW EXPORT command to use TCP (by default) instead of UDP. This gets around the TCPware limitation of 8800 bytes in a UDP RPC message. A /UDP qualifier was added to provide the ability to use UDP if there are problems using TCP. [DE 10722] o The output of the SHOW INTERFACE command now shows the line speed on I64 and Alpha. [DE 8687] 3.7 IPS o Fixed a problem where IPS sometimes discarded messages improperly after restart. [DE 11168] o Fixed ACCVIO upon startup. [DE 11165] o Increase the maximum number of filters per interface. [DE 10954] 3.8 NETCP o Correct a problem with NETCP holding channels open while TELNET sessions are in progress. [DE 11106] o Fixed an ACCVIO in NETCP. [DE 11068] 3.9 NETCU o Fixed a "duplicate entry" error message in the NETCU ADD EXPORT command. [DE 10513] Fixes in this Release 3-3 3.10 NFS Client o Fixed a problem doing an NFSMOUNT on VMS 8.4. [DE 11057] 3.11 NFS Server o Fixed an ACCVIO in the NFS V3 server when a NETCU RELOAD EXPORT command is executed. [DE 11149] o Fixed a problem in the server when using NFS V3 in calculating the size of a file correctly when the size is over 2 gigabytes, causing a "copy" command of that file to not copy the entire file. [DE 8501] 3.12 NTP o Make "tinker step 0" (which forces slewing insead of stepping) nullify the daily setting of time of day that set_clock_daily will cause. [DE 11187] 3.13 PWIP o Fixed a problem where PWIPDRIVER could cause a system crash. [DE 9895] 3.14 RPC o Fixed a security problem with RPC SET/UNSET. [DE 9600] 3.15 SDA o TCPWARE is now automatically added to the existing logical name SDA$READ_DIR. [DE 2215] 3.16 SFTP o Fixed a problem where an SFTP2 ASCII transfer could decide that it was done processing newlines in a file before it was done with reading the file. and hence cause an ACCVIO. [DE 11151] o Fixed problems with incomplete transfers in SFTP record mode. [DE 11044] 3-4 Fixes in this Release 3.17 SNMP o Fixed a problem that caused the SNMP server to crash. [DE 10344] 3.18 SSH o SSH supports including the date and/or node name as part of the log file name. For example: $ define/system TCPWARE_SSH_LOG_FILE "SSH_LOG:SSHD_%D_%N.LOG" This causes log files to be generated with the date in YYYYMMDD format and the SCS nodename. None, either or both formatting sequences may be specified in the definition of the logical name. o Added logical name TCPWARE_SSH2_SERVER_DEBUG_NOCR, which if defined system-wide to any value will remove an extra carriage return from server output log files. If it is not defined, the SSH2 log files will be generated with the extra CR as they have always been. [DE 11103] o Fixed a problem with doing key exchange guesses to an I64 console. [DE 10979] o Fixed a problem SSH and ACME when setting a password. [DE 10834] o Fixed a problem with SSH OPCOM messages containing binary data. [DE 10629] 3.19 Telnet o Correct a problem with NETCP holding channels open while TELNET sessions are in progress. [DE 11106] o Allow virtual terminals to be used for Telnet connections if the SYSGEN parameter TTY_DEFCHAR2 contains the dis- connect bit (0x20000). Note that this is a change from previous versions of TCPware, which would use a virtual terminal if the value was set in the SYSGEN parameter or the TCPWARE_TELNETD_DEFCHAR logical. The value in the TCP- WARE_TELNETD_DEFCHAR logical is ignored with this change. [DE 10986] Fixes in this Release 3-5 3.20 TIMED o Fixed a problem that caused ACCVIOs on Alpha and I64 systems. [DE 11186] 3.21 Miscellaneous o Fixed a problem with getaddrinfo() returning incorrect values. [DE 10935] o TCPware's plug-in module for HP's TDC product is now included in the TCPware kit. [DE 10329] 3.22 Known Issues o NFS o The NFSDRIVER is not capable of doing I/O to 64 bit address space. o Times displayed by the NFS client are not adjusted for daylight savings time. o NTP o NTP is vulnerable to CVE-2013-5211 (amplification attack). We suggest setting up filters. 3-6 Fixes in this Release Chapter__4_______________________________________________________ Documentation Notes This chapter discusses the enhancements made to the TCPware for OpenVMS hardcopy and on-line documentation (including DCL HELP), as well as errata found after the publication or production dates (look for the entry "ERRATA"). 4.1 Online Help o The FTP client KEEPALIVE command has been added to the online help. [DE 11130] Documentation Notes 4-1