| Previous | Contents |
The IPv6 programming APIs were updated with TCP/IP Services Version 5.4, and new programming examples were provided.
For more information about using the IPv6 APIs, refer to the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming guide.
The following is a list of the specific changes affecting the IPv6 APIs introduced with TCP/IP Services Version 5.4:
draft-ietf-ipngwg-scoping-arch-04.txt |
address%zone_id |
fe80::1234%WE0 |
As noted in the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming guide, several programming functions provided in earlier Early Adopter Kits (EAKs) were deprecated. These programming functions will no longer be supported in versions of TCP/IP Services higher than Version 5.5. Do not use these functions if you are developing new applications.
The following table lists the functions and their replacements. If your existing applications use these functions, see the HP TCP/IP Services for OpenVMS Sockets API and System Services Programming for changes you should make to your code.
| Deprecated Function | Replacement Function |
|---|---|
| getipnodebyname | getaddrinfo |
| getipnodebyaddr | getnameinfo |
| freehostent | freeaddrinfo |
The
libpcap
API (Version 0.8.3) is supported with this release. An example program
resides in the directory associated with the logical name
TCPIP$LIBPCAP_EXAMPLES. Also included in that directory is a
comprehensive documentation file, $$TCPIP$LIBPCAP_DOCUMENTATION.HTML.
The
libpcap
sharable image that implements the
libpcap
functions, TCPIP$LIBCAP_SHR.EXE, is in the directory associated with
the logical name SYS$SHARE.
1.6 Support for Network Time Protocol (NTP) V4.2
This version of TCP/IP Services supports NTP Version 4.2.0. This release retains backward compatibility with NTP Version 3 and NTP Version 2, but not with NTP Version 1. Support for NTP Version 1 has been discontinued because of security vulnerabilities.
This release includes support for the IPv6 address family in addition to support for the IPv4 address family. Either or both families can be used at the same time on the same system.
Configuration options that previously supported the use of the IPv4
address family now accept the IPv6 address family. To use this feature,
you must enable IPv6 on TCP/IP Services, as described in the
HP TCP/IP Services for OpenVMS Installation and Configuration guide.
1.6.1 Cryptography Support
This release supports authentication using symmetric key cryptography.
Support for autokey public key cryptography is not available with this
release. For more information about symmetric key cryptography, see
Section 1.6.7 and the NTP chapter in the HP TCP/IP Services for OpenVMS Management guide.
1.6.2 Using NTP Version 4.2.0 with Berkeley Internet Name Domain (BIND)
When using NTP on an IPv6-enabled system, if both IPv4 and IPv6
addresses are associated with the same domain name in the DNS, the BIND
resolver uses the IPv6 address for a host specified in TCPIP$NTP.CONF.
1.6.3 Using the NTPDC Utility
Versions of NTPDC provided prior to this release of TCP/IP Services are not IPv6-capable and will only show IPv4 associations when you use the following commands:
Versions of NTPQ provided prior to this release of TCP/IP Services are not IPv6-capable and will show 0.0.0.0 for IPv6 associations when you use the following commands:
The NTPTRACE utility has not been updated to NTP Version 4.2.0 and
works with the IPv4 address family only.
1.6.6 NTP Packet Headers with IPv6
The
reference ID
field of the NTP packet header changes when operating with IPv6
associations. For IPv4 associations, this field contains the 32-bit
IPv4 address of the server. For IPv6 associations, this field contains
the first 32 bits of an MD5 hash formed from the address. As a result,
when the association is an IPv6 host, the
peers
command and other similiar commands with NTPQ included in this release
will show the
refid
field containing a random number formatted as an IPv4 address.
1.6.7 NTP_GENKEYS Utility Replaced by NTP_KEYGEN
With this version of TCP/IP Services, the NTP_GENKEYS utility has been replaced by the new NTP_KEYGEN utility. Use the NTP_KEYGEN utility to generate random keys used by NTP Version 3 and NTP Version 4 symmetric key authentication.
Use the -M command line option to have the program generate a TCPIP$NTPKEY_MD5KEY_hostname.timestamp file containing 16 random symmetric keys. In the command line, you must enclose the -M in quotation marks to preserve uppercase, as shown in the following example:
$ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM $ ntp_keygen -"M" |
The host name (hostname, as returned by the gethostname() function) and a timestamp are used as part of the file name. Because the algorithm to produce the timestamp is seeded by the system clock, each run of the program produces a different file name.
The TCPIP$NTPKEY_MD5KEY_hostname.timestamp file contains 16
MD5 keys. Each key consists of 15 characters selected at random from
the ASCII 95-character printing subset. The file is read by the NTP
server at the location specified by the
keys
command in the TCPIP$NTP.CONF configuration file. An additional key
consisting of an easily remembered password should be added manually
for use with the NTPQ and NTPDC programs. The file must be distributed
by secure means to other servers and clients that share the same
security compartment. The key identifier for the MD5 program uses only
identifiers 1 through 16. The key identifier for each association is
specified in the
server
or
peer
configuration file command.
1.6.8 NTP Clock Synchronization Enhancement
The NTP slew mechanism for gradually adjusting a clock has been enhanced to facilitate synchronization for offsets of one second or larger. The maximum slew value (the maximum amount that NTP will adjust the clock in one attempt) has been modified to enable the clock to synchronize more quickly for such offsets. NTP now takes only 20 seconds to correct a one-second offset, compared to approximately 30 minutes for earlier versions of NTP.
For clock offsets that are less than one second, the slew mechanism has
not been modified.
1.7 SSH Features
The following sections describe new developments in the SSH service.
1.7.1 SSH Upgrade to Version 3.2
The SSH service has been upgraded to Version 3.2. This upgrade introduces changes to the SSH utilities. For more information about the SSH utilities, use the -h flag on the utility command line. For example:
$ SSH -h |
The version of SSH in the current release of TCP/IP Services supports IPv6 environments.
In order for SSH to work in the IPv6 environment, the service must be set to IPv6. To display the setting for SSH, enter the following commands:
$ TCPIP TCPIP> SHOW SERVICE SSH /FULL |
If the IPv6 flag is not included, enter the following command:
TCPIP> SET SERVICE SSH /FLAG=IPV6 |
SSH for OpenVMS supports UNIX-like port forwarding commands, including the -x and +x flags, as well as the ForwardX11 configuration keyword. For more information about using SSH port forwarding, see:
The maximum file size for SSH file copy operations has been increased
from 4 megabytes to 4 gigabytes. In addition, the speed of file
transfers has increased significantly, depending on available
resources, CPU, network conditions, and so forth. For specific
restrictions, see Section 3.11.13.
1.7.5 SSH Batch Jobs
With this version of TCP/IP Services, you can use SSH commands in batch
jobs. For specific restrictions in the use of batch jobs for SSH
sessions, see Section 3.11.10.
1.8 TCPDUMP Version 3.8.3
This release of TCP/IP Services includes an upgrade to the TCPDUMP utility. Upgraded from Version 2.2 to Version 3.8.3, TCPDUMP uses the libpcap Version 0.8.3 API. For more information about the changes in the new version of TCPDUMP, see the www.tcpdump.org web site, or type TCPIP HELP TCPDUMP to get information about the new version.
The
libpcap
API is provided for early adopters. For more information, refer to
Section 1.5.
1.9 Updated Header Files in TCPIP$EXAMPLES
Several header files that reside in TCPIP$EXAMPLES have been updated with this release of TCP/IP Services. The updates are prompted by:
Backward compatibility is not assured.
The updated header files are:
This chapter includes notes and changes made to the installation and configuration of TCP/IP Services, as well as startup and shutdown procedures. Use this chapter in conjunction with the HP TCP/IP Services for OpenVMS Installation and Configuration manual.
To use TCP/IP Services Version 5.5, you must upgrade to OpenVMS Version 8.2. |
If you have installed one or more of the following V5.3 EAKs, you must use the PCSI REMOVE command to remove the EAKs before you install TCP/IP Services V5.5:
If you install the current TCP/IP Services version after removing the failSAFE IP EAK, you must run TCPIP$CONFIG.COM to reestablish your target and home interfaces. |
The following sections describe how to preserve the behavior of the software when you upgrade from an older version of TCP/IP Services (UCX) to the current version.
In the next version of TCP/IP Services, the capability of upgrading directly from any version of TCP/IP Services prior to 5.0 will be removed. Version 5.5 of TCP/IP Services is the last release that includes this capability. |
When you merge edits into the system startup command procedure, do not include the commands to start and stop the queue UCX$LPD_QUEUE. This queue has been replaced with TCPIP$LPD_QUEUE. The commands for starting and stopping TCPIP$LPD_QUEUE are in the LPD startup and shutdown command procedures.
After you merge the edits, modify the value of the /PROCESSOR qualifier in the LPD client queue startup commands that you have just appended, replacing UCX$LPD_SMB with TCPIP$LPD_SMB. For example, enter the following command:
LSE Command> SUBSTITUTE/ALL "ucx$lpd_smb" "tcpip$lpd_smb" |
After you upgrade to the current version of TCP/IP Services, you must perform one of the following actions to ensure correct SNMP startup:
If you have customized versions of the UCX$SNMP_STARTUP.COM and UCX$SNMP_SHUTDOWN.COM command procedures (used to start and stop extension subagents), save your customized files to a different directory before upgrading to the new version of TCP/IP Services. If you do not perform this step, your customized changes will be lost.
Check for versions of these files in the following locations:
After you install TCP/IP Services, manually enter commands into the
TCPIP$SNMP_SYSTARTUP.COM and TCPIP$SNMP_SYSHUTDOWN.COM command
procedures, as described in the HP TCP/IP Services for OpenVMS Management guide.
2.2.3 Customizing SNMP Startup and Shutdown
Enabling SNMP using the TCPIP$CONFIG.COM configuration procedure no longer creates the following files:
These command procedures are used for starting and stopping custom SNMP
subagents. They will not be affected by installing future versions of
TCP/IP Services.
2.2.4 SNMP Messages When You Install TCP/IP Services
For sites where the same version of TCP/IP Services is installed multiple times, informational messages similar to the following may appear in the installation dialog:
Do you want to review the options? [NO]
Execution phase starting ...
The following product will be installed to destination:
DEC AXPVMS TCPIP V5.3-9I DISK$AXPVMSSYS:[VMS$COMMON.]
The following product will be removed from destination:
DEC AXPVMS TCPIP V5.3-9H DISK$AXPVMSSYS:[VMS$COMMON.]
%PCSI-I-RETAIN, file [SYSEXE]TCPIP$ESNMP_SERVER.EXE was not replaced because
file from kit does not have higher generation number
%PCSI-I-RETAIN, file [SYSEXE]TCPIP$HR_MIB.EXE was not replaced because file
from kit does not have higher generation number
%PCSI-I-RETAIN, file [SYSEXE]TCPIP$OS_MIBS.EXE was not replaced because file
from kit does not have higher generation number
%PCSI-I-RETAIN, file [SYSLIB]TCPIP$ESNMP_SHR.EXE was not replaced because file
from kit does not have higher generation number
%PCSI-I-RETAIN, file [SYSLIB]UCX$ESNMP_SHR.EXE was not replaced because file
from kit does not have higher generation number
|
You can ignore these messages.
2.2.5 SNMP Subagent Startup Messages
The SNMP startup procedure can produce the following error messages in subagent log files:
25-JUL-2004 14:13:32.47 **ERROR ESNMP_INIT.C line 3777: Could not connect to master: connection refused 25-JUL-2004 14:13:32.94 WARNING OS_MIBS.C line 942: Master agent cannot be reached. Waiting to attempt reconnect. |
These messages are the result of a timing problem and can be ignored.
2.3 Installation Changes
The following changes have been made to the installation:
Executable images provided by TCP/IP Services typically have an image identification in the format V5.5-xxaa, where xx is a positive integer, and aa is zero or more letters signifying the revision level. In addition, the link dates of images on the kit typically are within a few hours of each other.
Several images on the latest TCP/IP Services kit do not follow this practice. The exceptions are documented here to help you ascertain that your product is correctly installed.
The following images use the identification format V5.5-xxaa PF. The "PF" indicates that the image is an improved variant.
The link dates of these images should be within an hour or so of each other.
With installations on OpenVMS Alpha systems, the following files do not follow the identification and link date conventions, as shown:
TCPIP$CFS_SHR V5.5-6A 27-MAR-2004 SYS$COMMON:[SYSLIB] TCPIP$NTPTRACE.EXE V5.5 30-MAR-2004 SYS$COMMON:[SYSEXE] TCPIP$TELNET_SERVER V5.4/KRB V2.0 9-JUL-2003 SYS$COMMON:[SYSEXE] |
With installations on OpenVMS I64 systems, the following files do not follow the identification and link date conventions, as shown:
SYS$COMMON:[SYSLIB]TCPIP$CFS_SHR.EXE "V1.0" 10-MAY-2003 13:12:22.14 SYS$COMMON:[SYSEXE]TCPIP$NTPTRACE.EXE "V5.5" 30-MAR-2004 23:22:14.46 SYS$COMMON:[SYSEXE]TCPIP$TELNET_SERVER.EXE "V5.4/KRB V2.0" 5-DEC-2003 00:21:54.16 |
The TCPIP$CONFIG.COM configuration procedure for TCP/IP Services Version 5.5 creates OpenVMS accounts using larger system parameter values than in previous versions. Only new accounts get these larger values. These values are useful on OpenVMS Alpha systems but essential on OpenVMS I64 systems.
To have your OpenVMS I64 system join an OpenVMS Cluster as a TCP/IP host, HP recommends adding the system to the cluster before you configure TCP/IP Services. The guidelines in Section 2.5.1 assume you have followed this recommendation.
If you configure TCP/IP Services before you add the system to a cluster,
see Section 2.5.2.
2.5.1 Running a Newly Configured Host on the Cluster
The following recommendations assume you are configuring TCP/IP Services on the system after having added the system to the OpenVMS Cluster.
If TCP/IP Services has previously been installed on the cluster and you encounter problems running a TCP/IP component on the system, modify the cluster System Authorization File (SYSUAF) to raise the parameter values for the account used by the affected component. The minimum recommended values are listed in Table 2-1.
| Parameter | Minimum Value |
|---|---|
| ASTLM | 100 |
| BIOLM | 400 |
| BYTLM | 108000 |
| DIOLM | 50 |
| ENQLM | 100 |
| FILLM | 100 |
| PGFLQUOTA 1 | 50000 |
| TQELM | 50 |
| WSEXTENT | 4000 |
| WSQUOTA | 1024 |
The IMAP, DHCP, and XDM components can exhibit account parameter problems if the value assigned to PGFLQUOTA or to any of the other listed parameters is too low. Use the OpenVMS AUTHORIZE utility to modify SYSUAF parameters. For more information, see HP OpenVMS System Management Utilities Reference Manual: A-L.
| Previous | Next | Contents |