This chapter describes the MultiNet administration commands you can run from the DCL prompt.
MultiNet Command Summary describes the MultiNet administrative commands available at the DCL prompt.
|
Command |
Description |
|
MULTINET ACCOUNTING |
Processes the accounting file that FTP and SMTP can write. |
|
MULTINET CHECK |
Tests the MultiNet configuration. |
|
MULTINET CONFIGURE /CONFIGURATION_FILE
|
Specifies the configuration file read by the
|
|
MULTINET DIG |
Tests the domain name service (DNS) system. |
|
MULTINET DNSKEYGEN |
Generates and maintains keys for DNS Security (DNSSEC) within the DNS. |
|
MULTINET DNSSIGNER |
Signs zone files for DNS Security (DNSSEC) within the DNS (Domain Name System). |
|
MULTINET FONT COMPILE |
Compiles an ASCII BDF (bitmap distribution format) font file into a binary PCF (portable compiled format) file. |
|
MULTINET FONT INFO |
Displays font server information. |
|
MULTINET FONT LIST |
Lists font names and font information. |
|
MULTINET FONT MKFONTDIR |
Creates a DECW$FONT_DIRECTORY.DAT file when adding fonts. |
|
MULTINET FONT SHOW |
Displays font data. |
|
MULTINET FONT UNCOMPILE |
Uncompiles a PCF file into an ASCII BDF file. |
|
MULTINET GATED/CHECK |
Checks the syntax of a GateD configuration file. |
|
MULTINET GATED/DUMP |
Tells GateD to dump internal state into a text file. |
|
MULTINET GATED/LOAD |
Loads new configuration file. |
|
MULTINET GATED/SET/TRACE |
Controls tracing in GateD. |
|
MULTINET GATED/SHOW/OSPF |
Queries OSPF routers. |
|
MULTINET GATED/SHOW/RIP |
Request all routes known by a RIP gateway. |
|
MULTINET GATED/SHOW/TRACE |
Queries tracing in GateD. |
|
MULTINET GATED/STOP |
Tells the GateD process to halt in an orderly manner. |
|
MULTINET GATED /TOGGLE_TRACING |
Toggles GateD tracing on and off. |
|
MULTINET GATED/UPDATE_ INTERFACES |
Tells the GateD process to rescan the network interfaces. |
|
MULTINET HOST_TABLE GET |
Retrieves a HOSTS.TXT file. |
|
MULTINET HOST_TABLE INSTALL |
Installs host tables as global sections. |
|
MULTINET IPP SHOW |
Allows a user to learn the capabilities supported by an IPP server. |
|
MULTINET KERBEROS DATABASE DUMP |
Stores the contents of the Kerberos database in an ASCII text file. |
|
MULTINET KERBEROS DATABASE EDIT |
Adds principal information to the database. |
|
MULTINET KERBEROS DATABASE INITIALIZE |
Initializes the Kerberos database. |
|
MULTINET KERBEROS DATABASE LOAD |
Loads the database from an ASCII text file produced by the MULTINET KERBEROS DATABASE DUMP utility. |
|
MULTINET KERBEROS DATABASE NEW_MASTER_KEY |
Permits the Kerberos master key to be changed. |
|
MULTINET KERBEROS DATABASE SRVTAB |
Creates an encrypted server key file for a remote system. |
|
MULTINET KERBEROS DATABASE STASH |
Saves the Kerberos master key in a protected file for the KDC. |
|
MULTINET LOAD |
Loads and invokes the network image. |
|
MULTINET NETCONTROL |
Sends commands to MULTINET_SERVER internal services. |
|
MULTINET NFSDISMOUNT |
Dismounts a locally-mounted remote NFS file system. |
|
MULTINET NFSMOUNT |
Mounts a remote NFS file system so it can be used locally. |
|
MULTINET NSLOOKUP |
Sends a test query to DNS. |
|
MULTINET NSUPDATE |
Performs dynamic updates to the domain name service (DNS) server. |
|
MULTINET PING |
Tests connections by sending ICMP echo requests. |
|
MULTINET PING6 |
Tests connections by sending ICMPv6 echo requests. |
|
MULTINET RDATE |
Queries the remote system for time and sets the local clock accordingly. |
|
MULTINET RMTALLOC |
Allocates a remote tape drive or CD-ROM for access by a single process. |
|
MULTINET RWALL |
Sends a message to all system users. |
|
MULTINET SET /ARP |
Changes ARP tables. |
|
MULTINET SET /DECNET |
Configures DECnet devices to run DECnet-over-UDP circuits. |
|
MULTINET SET /INTERFACE |
Sets parameters for network devices |
|
MULTINET SET /ROUTE |
Specifies static IP routing. |
|
MULTINET SET /TIMEZONE |
Specifies the local time zone name. |
|
MULTINET TCPDUMP |
Decodes network packets selected by a Boolean expression. |
|
MULTINET TCPVIEW |
Traces packets and interprets the results. |
|
MULTINET TRACEROUTE |
Determines the route to the specified host. |
|
MULTINET TRACEROUTE6 |
Determines the route to the specified host for IPv6. |
|
MULTINET X11DEBUG |
Performs tests on the most common causes of problems when running X11 clients over MultiNet. |
Processes the accounting file that session accounting writes for SMTP and for FTP. It extracts the selected records from it and either displays it on the user's terminal or sends it to the specified output file.
$ MULTINET ACCOUNTING /INPUT=filename /SINCE=first_date_to_include
/BEFORE=latest_date_to_include
/CSV
Makes the output file a Comma Separated Values file that can be imported into an Excel-type document for processing.
/INPUT=accounting_file_name
/OUTPUT=output_file_name
/PROTOCOL=(MAIL,SMTP,FTP)
These are the protocols to include.
/SINCE=first_date_to_include
Invokes the MultiNet configuration test utility to perform one or more checks for common MultiNet configuration problems. Requires CMKRNL, SYSPRV, and WORLD privileges.
MULTINET CHECK [test,...]
test
Specifies the name of a test to be performed. Valid test names are ARP, BROADCASTS, DATABASES, HOST_NAME, HOST_TABLE, INTERFACES, LICENSE, MISCELLANEOUS, PARAMETERS, PROTOCOL_ERRORS, ROOT_NAMESERVERS, ROUTES, and VERSION. You can specify multiple tests by separating the names with commas. If you do not specify a test parameter, all tests are performed.
The host name check verifies that the address associated with the local host name matches one of the interface addresses.
/IGNORE_ERRORS
/NOIGNORE_ERRORS (default)
MULTINET CHECK usually stops when it encounters an error. Specify this qualifier to force MULTINET CHECK to continue testing even after an error is encountered.
/OUTPUT=file-spec
/NOOUTPUT
MULTINET CHECK usually displays all output on the standard error output device. Specify this qualifier to either redirect output to the specified file or turn output off altogether.
/VERBOSE
/NOVERBOSE (default)
Causes MULTINET CHECK to display more information
about the tests it performs. By default, it only displays a message when it
encounters an error or if all tests pass.
Invokes one of the MultiNet configuration utilities which are interactive programs that maintain network configuration information. If you do not specify a configuration utility with a qualifier, the network interface configuration utility (NET-CONFIG) is invoked.
MULTINET CONFIGURE [/qualifier(s)]
/CONFIGURATION_FILE=config_file
Used with the /DECNET, /PRINTERS, or /SERVERS qualifier, specifies the configuration file read by the corresponding utility.
/DECNET
Invokes the DECnet Configuration Utility (DECNET-CONFIG) that lets you view and alter the configuration of DECnet-over-IP services. If used with the /CONFIGURATION_FILE qualifier, DECNET-CONFIG reads the specified configuration file (by default, MULTINET:DECNET-CIRCUITS.COM).
/INTERFACES
Invokes the Network Interface Configuration Utility (NET-CONFIG) that lets you view and alter the configuration of network interfaces, routing, and host name lookup. If used with the /CONFIGURATION_FILE qualifier, NET-CONFIG reads the specified configuration file (by default, MULTINET:NETWORK_DEVICES.CONFIGURATION).
Invokes the Electronic Mail Configuration Utility (MAIL-CONFIG) that lets you view and alter SMTP configuration. If used with the /CONFIGURATION_FILE qualifier, MAIL-CONFIG reads the specified configuration file (by default, MULTINET_COMMON_ROOT:[MULTINET]START_SMTP.COM).
/NETWORK
Invokes the Network Interface Configuration Utility (NET-CONFIG) that lets you view and alter the configuration of network interfaces, routing, and host name lookup. If used with the /CONFIGURATION_FILE qualifier, NET-CONFIG reads the specified configuration file (by default, MULTINET:NETWORK_DEVICES.CONFIGURATION).
MULTINET CONFGURE /NETWORK now has the command:
SET SNMP-AGENTX TRUE to enable SNMP Agent X
service.
SET
SNMP-AGENTX FALSE to disable SNMP Agent X service.
A line displays in the output of the SHOW command if SNMP Agent X subagents are enabled.
/NFS
Invokes the NFS server configuration utility (NFS-CONFIG) for the NFS server option.
If used with the /CONFIGURATION_FILE qualifier, NFS-CONFIG reads the specified configuration file (by default, MULTINET:NFS.CONFIGURATION).
/NOT
Invokes the NOT configuration utility NOT-CONFIG for DECnet applications services (formerly known as Phase/IP). DECnet application services allow you to run applications designed to use DECnet using TCP/IP instead. DECnet application services provide the DECnet API (Application Programming Interface) across TCP seamlessly, without DECnet protocols or software, and without the additional overhead of running both protocol stacks.
/PRINTERS
Invokes the MultiNet printer configuration utility (PRINTER-CONFIG) that lets you view and alter the configuration of MultiNet-based print services. If used with the /CONFIGURATION_FILE qualifier, PRINTER-CONFIG reads the specified configuration file (by default, MULTINET:REMOTE-PRINTER-QUEUES.COM).
/SERVERS
Invokes the MultiNet service configuration utility (SERVER-CONFIG) that lets you view and alter the configuration of MultiNet services. If used with the /CONFIGURATION_FILE qualifier, SERVER-CONFIG reads the specified configuration file (by default, MULTINET:SERVICES.MASTER_SERVER).
/SERVER_IMAGE=server_image_file
Used with the /SERVERS qualifier, server_image_file specifies the MultiNet master server image associated with the server configuration file. This file is used by SERVER-CONFIG to determine which network services are available. If not specified, SERVER-CONFIG uses MULTINET:SERVER.EXE.
Similar to NSLOOKUP, DIG tests the domain name service (DNS) system. It uses the DNS resolver to send queries to the DNS server and prints out the response. DIG executes a single command or reads commands from a file (in "batch mode").
DIG can be used with the UNIX-style syntax by defining it as a foreign command:
$ DIG:==$MULTINET:DIG.EXE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
MULTINET DIG [name [type [class]]]
name
Specifies a host or domain name.
|
Note! You must specify fully-qualified names. DIG will not append any domain names.
|
type
Specifies which TYPE resource records are asked for. The
default is A
(address records).
Valid values are the same as for the NSLOOKUP /TYPE qualifier.
class
Specifies which CLASS resource records are asked for. The
default is IN
(internet records).
Valid values are ANY, IN, CHAOS, and HESIOD.
+[no]addit
/ADDITIONAL
(default)
/NOADDITIONAL
Tells the resolver to print the additional section of the reply.
-x ip-address
/ADDRESS=ip-address
Convenient form to specify an inverse address mapping query.
For example, MULTINET
DIG/ADDRESS=10.5.64.1 is equivalent to MULTINET DIG 1.64.5.10.IN-ADDR.ARPA
ANY.
+[no]answer
/ANSWER
(default)
/NOANSWER
Tells the resolver to print the answer section of the reply.
+[no]author
/AUTHORITY
(default)
/NOAUTHORITY
Tells the resolver to print the authority section of the reply.
-c recordclass
/CLASS=recordclass
Specifies which CLASS resource records are asked for. Alternative to specifying the class parameter. The recordclass value may be either the integer value of the class or the name of the class (ANY, IN, CHAOS, HESIOD). The default is IN (internet records).
+[no]cmd
/CMD
(default)
/NOCMD
Tells DIG to echo parsed arguments from the command.
+[no]debug
/DEBUG
/NODEBUG
(default)
Causes the resolver to print debugging information.
+[no]d2
/DEBUG2
/NODEBUG2 (default)
Causes the resolver to print additional, less useful debugging information.
-envsav
/ENVSAVE
Specifies that the DIG environment (defaults, print options, etc.), after all of the arguments are parsed, should be saved to a file to become the default environment. This is useful if you do not like the standard set of defaults and do not desire to include a large number of options each time DIG is used. The environment consists of resolver state variable flags, timeout, and retries as well as the flags detailing DIG output. If the logical name LOCALDEF is set to the name of a file, this is where the default DIG environment is saved. If not, the file DIG.ENV is created in the current default directory.
Each time DIG is executed, it looks for DIG.ENV or the file specified by LOCALDEF. If such a file exists, then the environment is restored from this file before any arguments are parsed.
-envset
/ENVSET
This qualifier only affects batch query runs. When -envset is specified on a line in a DIG batch file, the DIG environment after the arguments are parsed becomes the default environment for the duration of the batch file, or until the next line which specifies -envset. Remember that commands in the DIG batch file must be in UNIX-style syntax.
-f filename
/FILE=filename
Causes DIG to run in batch mode, executing the commands in the specified file. The commands in this file must be in the UNIX-style syntax.
+[no]Header
/HEADER
(default)
/NOHEADER
Tells the resolver to print basic header information.
+[no]header
/HFLAGS
(default)
/NOHFLAGS
Tells the resolver to print header flags.
+[no]ignore
/IGNORE
/NOIGNORE
(default)
Tells the resolver to ignore truncation in responses.
+[no]ko
/KEEPOPEN
/NOKEEPOPEN
(default)
If using virtual circuits (TCP), keeps the connection open.
-k keydir+keyname
/KEY=(KEYNAME=key[,KEYDIR=directory])
Specifies a TSIG key for DIG to use to sign its queries. The default value for KEYDIR is the current default directory.
|
Note! On UNIX systems, the syntax is keydir:keyname. On OpenVMS, the colon is replaced by a plus sign (+). The keyname must be specified to match the key and private filenames, with periods instead of dollar signs. This may not match the domain name if DNSKEYGEN had to abbreviate it to fit into an OpenVMS file name.
|
+pfand=number
/PFAND=number
Causes DIG to do a bitwise-AND of the print flags with the specified value.
+pfdef
/PFDEF
(default)
/NOPFDEF
Sets the print flags to the default.
+pfmin
/PFMIN
/NOPFMIN
(default)
Sets the print flags to the minimum.
+pfor=number
/PFOR=number
Causes DIG to do a bitwise-OR of the print flags with the specified value.
+pfset=number
/PFSET=number
Sets the print flags to the specified value.
"-P" ping-command
/PING[=ping-command]
Causes DIG to execute a ping command to the queried name server after the query returns, for response time comparison. If the optional ping-command is present, it is used as the ping command. The default ping command is MULTINET PING.
-p port
/PORT=port
Specifies a port other than the standard name server port of 53.
+[no]qr
/QUERY
/NOQUERY (default)
Tells the resolver to print the outgoing query.
+[no]ques
/QUESTION
(default)
/NOQUESTION
Tells the resolver to print the question section of the reply.
+[no]recurse
/RECURSE
(default)
/NORECURSE
Requests that the name server use recursion to answer the query.
+[no]reply
/REPLY
(default)
/NOREPLY
Tells the resolver to print the reply.
+retry=retrycount
/RETRY=retrycount
Specifies the number of retries the resolver makes when querying a name server via UDP. The default is 4.
@server
/SERVER=server
Specifies the name server to query. May be specified as either a domain name or a dot-notation internet address. If a domain name is specified, DIG looks up the name using the default name server. If /SERVER is not specified, the default is to use the system's default name server.
+[no]stats
/STATS
(default)
/NOSTATS
Tells the resolver to print query statistics.
-[no]stick
/STICKY
/NOSTICKY (default)
This qualifier only affects batch query runs. -stick specifies that the DIG environment (as read initially or set by -envset switch) is to be restored before each query (line) in a DIG batch file. The default -nostick means that the DIG environment does not stick, hence options specified on a single line in a DIG batch file will remain in effect for subsequent lines (i.e., they are not restored to the "sticky" default). Remember that commands in the DIG batch file must be in UNIX-style syntax.
+time=seconds
/TIMEOUT=seconds
Specifies a different period to wait for responses. The default is 4 seconds.
"-T" seconds
/TIMEWAIT=seconds
Causes DIG to wait the specified number of seconds between the start of successive queries when running in batch mode. Can be used to keep two or more batch DIG commands running roughly in sync. The default is 0.
-t recordtype
/TYPE=recordtype
Specifies which TYPE resource records are asked for. Alternative to specifying the type parameter. The recordtype value may be either the integer value of the type or the name of the type (see NETCONTROL TELNET Commands). The default is A (address records).
+[no]vc
/VC
/NOVC (default)
Specifies that the resolver use virtual circuits (TCP) instead of datagram (UDP) queries.
The following is an example of the default DIG output:
$ MULTINET DIG WWW.EXAMPLE.COM
; <<>> DiG 8.3 <<>> WWW.EXAMPLE.COM
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; WWW.EXAMPLE.COM, type = A, class = IN
;; ANSWER SECTION:
WWW.EXAMPLE.COM. 2H IN CNAME example.com.
example.com. 2H IN A 10.0.0.83
;; AUTHORITY SECTION:
example.com. 2H IN NS ns1.example.net.
example.com. 2H IN NS ns2.example.net.
;; ADDITIONAL SECTION:
ns1.example.net. 2D IN A 10.1.0.11
ns2.example.net. 2D IN A 10.1.0.11
;; Total query time: 14289 msec
;; FROM: bos.example.com to SERVER: default -- 127.0.0.1
;; WHEN: Thu Jun 1 14:52:49 2002
;; MSG SIZE sent: 29 rcvd: 141
DNSKEYGEN (DNS Key Generator) is a tool to generate and maintain keys for DNS Security (DNSSEC) within the DNS (Domain Name System). DNSKEYGEN can generate public and private keys to authenticate zone data, and shared secret keys to be used for Request/Transaction Signatures.
DNSKEYGEN can be used with the UNIX-style syntax by defining it as a foreign command:
$ DNSKEYGEN :== $MULTINET:DNSKEYGEN.EXE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
DNSKEYGEN stores each key in two files: Kname.alg-footprint-private and Kname.alg-footprint-key. name is the domain name with the periods replaced by dollar signs. The first file contains the private key in a portable format. The second file contains the public key in the DNS zone file format:
name IN KEY flags protocol algorithm exponent|module
If the domain name is too long for an OpenVMS filename, it is truncated to fit and the last six characters are replaced by unique digits. The full domain name can be found inside the key file.
MULTINET DNSKEYGEN name
-n name
name
Specifies the domain name to generate the key for.
"-D" size
/DSA_DSS=size
"-H" size
/HMAC_MD5=size
"-R" size
/RSA=size
These flags specify the type of key to generate. You must specify one and only one of these.
If /DSA_DSS is specified, DNSKEYGEN generates a DSA/DSS key. size must be one of: 512, 576, 640, 704, 768, 832, 896, 960, or 1024.
If /HMAC_MD5 is specified, DNSKEYGEN generates an HMAC-MD5 key. size must be between 128 and 504.
If /RSA is specified, DNSKEYGEN generates an RSA key. size must be between 512 and 4096.
"-F"
/LARGE_EXPONENT
Used for RSA only. If specified, DNSKEYGEN uses a large exponent for key generation.
-z
/ZONE_KEY
-h
/HOST_KEY
-u
/USER_KEY
These flags define the type of key being generated. You must specify one and only one of these.
· Zone (DNS validation) key
· Host (host or service) key
· User (e.g., email) key
-a
/NOAUTHENTICATION
Indicates that the key CANNOT be used for authentication.
-c
/NOENCRYPTION
Indicates that the key CANNOT be used for encryption.
-p num
/PROTOCOL=num
Sets the key's protocol field to num. If /ZONE_KEY (-z) or /HOST_KEY (-h) is specified, the default is 3 (DNSSEC); otherwise, the default is 2 (EMAIL). Other accepted values are 1 (TLS), 4 (IPSEC), and 255 (ANY).
-s num
/STRENGTH=num
Sets the key's strength field to num; the default is 0.
The following example generates an RSA key.
$ MULTINET
DNSKEYGEN/RSA=512/ZONE_KEY zone.example
** Adding dot to the name to make it fully qualified domain name**
Generating 512 bit RSA Key for ZONE.EXAMPLE.
Generated 512 bit Key for ZONE.EXAMPLE. id=49663 alg=1 flags=257
DNSKEYGEN generates the following (for example):
File KZONE$EXAMPLE$.001-49663-KEY:
ZONE.EXAMPLE. IN KEY 257 3 1 AQOojr81q9PfmQXCUAJOoMu3CYaS78RZnhiV/uAfSbzZusWYLSeVF47OwZlmgwclswZoaM5NSuzFX3w5RDIEwf9c
File KZONE$EXAMPLE$.001-49663-PRIVATE:
Private-key-format: v1.2
Algorithm: 1 (RSA)
Modulus:
qI6/NbPT35kGwlACTqDLtwmGku/EWZ4Ylf7gH0m82arFmC0nlReOjsGJZoMHJbMGaGjOTUrsxV98OUQyAMH/Ww==
PublicExponent: Aw==
PrivateExponent:
cF8qI8036mZD1uABjcCHz1uvDJ/YO767Dqmqv4Z95ntuhY7uIMmn8zy0Ur9kj/7P5Dvpu7ZG91ZtuQ1YhWAMyw==
Prime1: 2IQQP2+DvU/G0038OCoji00NDQHA0az8lDV1fh8Qf9k=
Prime2: x0vGgXRlWVIfp5xnuCORP0UB4rK3sKVhQ246rx2hbFM=
Exponent1: kFgK1PQCfjUvN4lS0BwXtN6Is1aBNnNTDXj4/r9gVTs=
Exponent2: hN0vABhDjja/xRLv0Be2Kl4BQcv6dcOWLPQnH2kWSDc=
Coefficient: YQGEh81Y720mRfAV/tEs3eWKd11Mm10b5R4lFjVwtAU=
DNSSIGNER is a tool to sign zone files for DNS Security (DNSSEC) within the DNS (Domain Name System). DNSSIGNER's job is to read the data of one zone of DNS data, and perform the necessary work to produce the data for a secured zone.
DNSSIGNER can be used with the UNIX-style syntax by defining it as a foreign command:
$ DNSSIGNER :== $MULTINET:DNSSIGNER.EXE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
You can get help on the UNIX-style options using:
|
$ dnssigner -h |
! for short help |
|
$ dnssigner -help |
! for long help |
Signing is done on a zone-by-zone basis, regardless of the relationship of zones to name servers. DNSSIGNER is designed to operate in a dynamic environment, including those in which secret keys are not available to all of those covering a zone, and where information may be arriving after the beginning of the signing process. DNSSIGNER makes an effort to retain valid signatures instead of computing new signatures.
Using traditional BIND DNS zone master files, there are two things necessary as input to use DNSSIGNER to sign a zone. One is the names of the input files and the other is the names of the keys to use. There are two kinds of data files used as input to the signing process. The standard zone master file, and a master file introduced by DNSSEC called the parent file. A parent file contains output from the signing of the parent zone, most importantly the signature by the parent of the zone's keys.
The default input zone is START-ZONE. A different
zone input file can be specified with
/ZONE=(INPUT=filename)
(-zi).
There is no default input parent file. A parent file can be specified with /PARENT=(INPUT=filename)
(-pi).
The default output files are FINISH-ZONE. and FINISH-PARENT.
/ZONE=(OUTPUT=filename)
(-zo)
changes the name of the zone output file, and
/PARENT=(OUTPUT=filename)
(-po)
changes the name of the parent file generated by the zone.
There are two forms of parent file generation. One form is to place all of the parent files in one file (good for zones with many delegations), the other is to make a separate file for each delegation. Since it is easier to erase one file than potentially thousands, DNSSIGNER defaults to the single signer file.
/PARENT=NOBULK (-no-p1) turns single parent file generation off, /PARENT=BULK (-p1) turns it on. As mentioned earlier /PARENT=OUTPUT=filename (-po) sets the name of the single parent file (default FINISH-PARENT.).
/PARENT=INDIVIDUAL (-ps) turns on
individual parent files, /PARENT=NOINDIVIDUAL
(-no-ps)
turns it off. /PARENT=DIRECTORY=spec (-pd) sets the directory
into which the individual files are put (default is the current working
directory).
/NONXT (-no-n) turns off RFC 2065
NXT processing.
/NXT
(-n)
(default) turns on RFC 2065 NXT processing.
Use the -k1 flag (the /SIG=(KEY=( )) qualifier) or the -ks flag (no OpenVMS-style equivalent) to specify a key. -k1 is followed by a domain name owner of a key, the algorithm, and the key id. -ks is followed by a sequence of names, algorithms, and key ids until the end of the command line.
There are two time durations that are important to the handling of signatures. One is the duration until a newly generated signature is set to expire. The other is the duration in which existing signatures will be considered to be expired.
/SIG=DURATION=ttl (-dur) sets the duration for which a signature is valid.
The time included in the SIG RR expiration field is the current absolute time plus the duration. Wrapping around 32 bits is not a problem, as time is considered to be "circular."
/SIG=PURGE_PERIOD=ttl (-pt) sets the period into the future in which SIGs expiring then are considered to have expired. Any signature that has an expiry time in the past of the current time is thrown out, as well as signature whose expiry time falls into the span between now and the purge period duration. The past is considered to be the time from now back to 2 to the 31st seconds ago; the rest is the future.
MULTINET DNSSIGNER
This section describes the syntax of all flags. The meanings can be found in RFC 2065 and the drafts associated with the DNSSEC working group.
-[no-]bind
/[NO]BIND
/BIND (-bind) instructs DNSSIGNER to use BIND's extended TTLs and KEY flags when writing files. This is the default. Use /NOBIND (-no-bind) to turn this feature off. In this case TTLs and flags are written as numeric values.
-l option
/DEBUG=option
Specifies the level of output (debug) messages that DNSSIGNER should print. Specify one of the following levels: (UNIX-syntax equivalents are also shown)
|
-l 7 |
|
|
-l 10 |
|
|
-l 1 |
|
|
-l 4 |
|
-[no-]n
/[NO]NXT
/NXT (-n)
(default) instructs DNSSIGNER to generate NXT RRs for the zone,
signing them with the keys that sign the SOA record. (If none sign the SOA, no
NXT's are signed.). Use /NONXT
(-no-n)
to turn this feature off.
-or domain
/ORIGIN=domain
This is equivalent to the $ORIGIN domain directive in the zone file, except that the terminating period is not needed in the domain name. Specifying an origin is only mandatory for the root zones and other zones using relative names in the zone files. It is recommended that the $ORIGIN domain directive be put in the data file. By default, this is unspecified.
/PARENT=(keyword[,...])
Specifies options related to parent zone files. Possible keywords (and their UNIX-syntax equivalents) are as follows.
There are two ways in which parent files are made: individual and bulk. The two methods use independent keywords. Both can be used, neither can be used, or just one. By default, the bulk approach is used.
|
-[no-]p1 |
BULK (-p1) (default) tells DNSSIGNER to place all of the generated parent data for the zone's delegation points into one file. Separating lines are added to identify the start and end of the information destined for individual zones. Use NOBULK (-no-p1) to turn this feature off. |
|
-pd
directory |
Specifies the directory to put individual parent files into. The default is the current default directory. |
|
-[no-]ps |
INDIVIDUAL (-ps) tells DNSSIGNER to place the generated parent data into individual files, named zone.PARENT. For large delegated zones, there will be many files. The default is NOINDIVIDUAL (-no-ps). |
|
-pi file |
Specifies the parent file received from the parent zone to be used as input to this zone. If specified, all records that would conflict with it (apex upper NXT, KEYs, and SIGs for these) are dropped. If the UP policy is specified, then the parent's KEY, NS, and glue are also dropped. The default is to have no parent file. |
|
-pa domain |
Specifies the apex's parent zone. If the keys for this zone are known and the UP policy is used, the apex zone keys sign the key. If UP is used and this is not specified, then DNSSIGNER acts as if it does not otherwise know the parent's identity. This is equivalent to the $PARENT directive in the zone file, except that relative domain names are treated as absolute names. By default, the parent's domain name is unspecified. |
|
-po file |
Specifies the name of the file to hold the bulk generated parent data. The default is FINISH-PARENT. |
/POLICY=option
Specifies what policy to use when signing the zone. Specify one of the following options: (UNIX-syntax equivalents are also shown)
|
-dn |
DNSSIGNER signs according to the DOWN policy. That is, the apex does not sign the parent's keys. The parent's keys and glue data are not expected from nor written to the parent files. This is the default. |
|
-up |
DNSSIGNER signs according to the UP policy. That is, the apex signs the parent's keys. The parent's keys and glue data are expected from and written to the parent files. This policy is not recommended. |
-[no-]ess
/[NO]SELF_SIGN
/SELF_SIGN (-ess) instructs DNSSIGNER to make sure each key in the file is signed by its corresponding private key. This is done by implicitly adding $SIGNER directives to the zone file around each key set, adding those keys for just the set. If no private key is available, the $SIGNER directive remains in the output file.
The intent of this feature is to insert proof into DNS that the public key's corresponding private key is held by the owner (or at least the entity signing the zone).
The default is /NOSELF_SIGN (-no-ess).
/SIG=(keyword[,...])
Specifies options related to the generation of SIG RRs. Possible keywords (and their UNIX-style equivalents) are as follows.
For DURATION and PURGE_PERIOD, ttl format is taken from the BIND definition of TTL. Numeric seconds is accepted, as well as:
|
numberW |
weeks |
|
numberD |
days |
|
numberH |
hours |
|
numberM |
minutes (not months!) |
|
numberS |
seconds |
The "end of the future" and "beginning of the past" are points in time which have the same time representation (one second apart) in a 32-bit roll-over specification of time. The end of the future is 2 to the 31st power seconds from the current time.
|
-dur ttl |
All SIG records generated are set to expire at the current time + duration. The default is 31 days. |
|
-ks domain algorithm keyid [...] |
There is no OpenVMS syntax equivalent.
This adds the specified keys (key owner, algorithm, and key id) to the list of keys with which to sign. Equivalent to $SIGNER ADD <><> directives in the zone file. This switch is interpreted as the last switch of the command line. Any number of keys can be specified.
See the description for -k1 for the domain syntax. |
|
-k1 domain algorithm keyid |
This adds the specified key (key owner, algorithm, and key id) to the list of keys with which to sign. Equivalent to a $SIGNER ADD <><> directive in the zone file. This switch may appear anywhere in the run command. It adds just one key.
The default is that keys are specified by $SIGNER directives in the data files. A zone may elect not to use any keys.
domain must be specified to match the key and private file names, with periods instead of dollar signs. This may not match the domain name if DNSKEYGEN had to abbreviate it to fit into an OpenVMS file name. |
|
-pt ttl |
Specifies that all SIG records with expiration times between the beginning of past up through (current time + the purge period) are treated as expired. SIG records with expiration times from (current + purge period) to the end of the future are retained if they are not proved invalid. The default is 1 week. |
-[no-]st
/[NO]STATISTICS
/STATISTICS (-st) instructs DNSSIGNER to print summary statistics at the end of the run. The default is /NOSTATISTICS (-no-st).
/ZONE=(keyword[,...])
Specifies options related to zone files. Possible keywords (and their UNIX-syntax equivalents) are as follows:
|
-zi file |
Specifies the zone data input file. The first RR must be an SOA. The first record may be found in an $INCLUDEd file. The default is START-ZONE. |
|
-zo file |
Specifies the file where signed zone data is left. The default is FINISH-ZONE. |
1. Assuming that the zone data is in f.zone and the parent file is in f.parent, to run the files through DNSSIGNER, do the following:
$ multinet dnssigner/zone=(input=f.zone)/parent=(input=f.parent)
or
$ dnssigner
:== $multinet:dnssigner.exe
$ dnssigner -zi f.zone -pi f.parent
The outputs default to FINISH-ZONE. and FINISH-PARENT. This does no signing, but merges the files, removes duplicates, generates NXT resource records, and makes signing instructions for them (if the zone is judged to be signed).
2. To sign the above zone with the key of test. and a key id of 27782:
$ multinet
dnssigner/zone=(input=f.zone)/parent=(input=f.parent) -
/sig=(key=(domain=test.,alg=dsa,key_id=27782)
or
$ dnssigner -zi f.zone -pi f.parent -k1 test. dsa 27782
3. To sign with both keys 27782 and 3696:
$ dnssigner -zi f.zone -pi f.parent -ks test. dsa 27782 test. dsa 3696
Compiles an ASCII BDF (bitmap distribution format) font file into a binary PCF (portable compiled format) file.
MULTINET FONT COMPILE [qualifiers] [bdf_font_file]
/BIT_ORDER=bit_order
Specifies the order in which bits in each glyph are placed. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit).
The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
/BYTE_ORDER=byte_order
Specifies the order in which multibyte data in the file is written. Multibyte data includes metrics and bitmaps. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit).
The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
/OUTPUT=file_name
Specifies an output file name in which the results are written.
/PADDING=font_glyph_padding
Sets the font glyph padding. Each glyph in the font has each scanline padding into the specified size. Accepted values are BYTE, WORD, LONGWORD, or QUADWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
/SCANLINE=data_size
Specifies the unit of data swapped when the font bit order differs from the font byte order. Accepted values are BYTE, WORD, and LONGWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
/SERVER=host:port
The /SERVER qualifier specifies the server from which the font is read. The default value is LOCALHOST:7000.
Displays X font information useful for determining the capabilities and defined values of a font server.
MULTINET FONT INFO [qualifiers]
/OUTPUT=file_name
Specifies an output file name in which the results are written.
/SERVER=host:port
Specifies the server from which the font is read (by default, LOCALHOST:7000).
Lists the font names that match a specified pattern.
MULTINET FONT LIST [qualifiers] [pattern]
pattern
Specifies the pattern to match in font names. Wildcards are permitted in the patterns. If you do not specify a pattern, an asterisk (*) is assumed.
/BOUNDS
Indicates long listings should display the minimum and maximum bounds of each font.
/COLUMNS
Indicates listings should display in multiple columns.
/LISTING_TYPE=size
Specifies the relative length of a font listing. Accepted values are SMALL, MEDIUM, LONG, and VERYLONG.
Consider using /NOSORT if you want LONG or VERYLONG listings faster; otherwise, these types of listings can take a long time to generate. You can also use /OUTPUT to write the results to a file.
/NOSORT
Indicates the listing is not sorted. Using this qualifier decreases the time required to produce a listing.
/OUTPUT=file_name
Specifies an output file name in which the results are written.
/SERVER=host:port
Specifies the server from which the font is read (by default, LOCALHOST:7000).
/WIDTH=display_column_width
Specifies the width of the columns (by default, 79).
Creates a DECW$FONT_DIRECTORY.DAT file in each specified directory.
MKFONTDIR reads all font files in each specified directory. The order in which font files are read is *.PCF files, *.SNF files, then *.BDF files. For scalable fonts, you must edit the created DECW$FONT_DIRECTORY.DAT file to insert the X font name. If you edit this file, back up your changes so they are not lost when MKFONTDIR is run again.
The command fails if you don't have the necessary privileges to write into the directory you specify.
MULTINET FONT MKFONTDIR [directory_names]
directory_names
Specifies the list of directories in which MKFONTDIR creates a DECW$FONT_DIRECTORY.DAT file.
Displays font information from files that match the specified pattern.
MULTINET FONT SHOW [qualifiers] [pattern]
pattern
Specifies the pattern to match in font names. Wildcards are permitted in the patterns. If you do not specify a pattern, an asterisk (*) is assumed.
/BITMAP_PADDING=bitmap_size
Specifies how a character bitmap is padded. Accepted values are MINIMUM, MAXIMUM, and MAXWIDTH.
/BIT_ORDER=bit_order
Specifies the order in which bits in each glyph are placed. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit). The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
/BYTE_ORDER=byte_order
Specifies the order in which multibyte data (including metrics and bitmaps) in the file is written. Accepted values are MSBFIRST (most significant bit) or LSBFIRST (least significant bit). The default is LSBFIRST on both the OpenVMS VAX and AXP architectures.
/END=decimal_character_value
Specifies the ending character number (in decimal) about which you want font information listed. Use /END with the /START qualifier to specify character ranges. If you do not specify /END, all characters from the starting value to the end of the character set are listed. Possible values range from 0 to 255 for normal character sets, and from 0 to 65535 for X double-wide character sets.
/EXTENTS
Indicates that only the extents for a font are displayed.
/OUTPUT=file_name
Specifies an output file name in which the results are written.
/PADDING=font_glyph_padding
Sets the font glyph padding. Each glyph in the font has each scanline padding into the specified size. Accepted values are BYTE, WORD, LONGWORD, or QUADWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
/SCANLINE=data_size
Specifies the unit of data swapped when the font bit order differs from the font byte order. Accepted values are BYTE, WORD, and LONGWORD. On an OpenVMS VAX system, the default is BYTE; on an AXP, the default is LONGWORD.
/SERVER=host:port
Specifies the server from which the font is read (by default, LOCALHOST:7000).
/START=decimal_character_value
Specifies the starting character number (in decimal) about which you want font information listed. Use /START with the /END qualifier to specify character ranges. If you do not specify /END, all characters from the starting value to the end of the character set are listed. Possible values range from 0 to 255 for normal character sets, and from 0 to 65535 for X double-wide character sets.
Converts a binary PCF-format font file to an ASCII BDF-format file.
MULTINET FONT UNCOMPILE [qualifiers] [pcf_font_file]
/OUTPUT=file_name
Specifies the output file name into which the results are written.
/SERVER=host:port
Specifies the server from which the font is read (by default, LOCALHOST:7000).
$ MULTINET
FONT UNCOMPILE -
_$ -Adobe-Helvetica-Medium-R-Normal--25-180-100-100-P-130-ISO8859-1
Checks the syntax of a GateD configuration file. If no input file is specified, MultiNet checks the default configuration file, MULTINET:GATED.CONF. This command does not affect a running GateD process.
MULTINET GATED/CHECK
filename
Name of the configuration file to check. If omitted, defaults to MULTINET:GATED.CONF.
Checks the syntax of a GateD configuration file called TEST.CONF located in the user’s current working directory.
$ MULTINET GATED/CHECK TEST.CONF
Tells GateD to dump its internal state into a text file. If you omit the filename, the default is MULTINET:GATED.DUMP.
MULTINET GATED/DUMP [log]
log
Contains log statements generated by GateD. If omitted, defaults to MULTINET:GATED.DUMP.
Tells the GateD process to load a configuration file. If no file is specified, the default file MULTINET:GATED.CONF is loaded.
|
CAUTION! If the GateD process detects an error in the configuration file being loaded, it stops running.
|
MULTINET GATED/LOAD [file]
file
Name of the configuration file to load. If omitted, defaults to MULTINET:GATED.CONF.
This example tells the GateD process to load a new configuration file called TEST_CONFIG.CONF from the system manager’s current working directory.
$ MULTINET GATED/LOAD TEST_CONFIG.CONF
Tells the GateD process to turn on or off various tracing flags. This controls what is placed in the MULTINET:GATED.LOG file. By default, minimal tracing is done.
MULTINET GATED/SET/TRACE qualifier
/ALL
Turns on all tracing.
/DETAILS
/NODETAILS
Sets tracing of all send and receive information.
/RECV_DETAILS
/NORECV_DETAILS
Sets tracing of receive information.
/SEND_DETAILS
/NOSEND_DETAILS
Sets tracing of send information.
/EVENTS
/NOEVENTS
Sets tracing of normal events.
/NONE
Turns off all tracing.
/PACKETS
/NOPACKETS
Sets tracing of packet sends and receives.
/RECV_PACKETS
/NORECV_PACKETS
Sets tracing of packet receives.
/SEND_PACKETS
/NOSEND_PACKETS
Sets tracing of packet sends.
/PARSING
/NOPARSING
Sets tracing of configuration file parsing.
/POLICY
/NOPOLICY
Sets tracing of policy decisions.
/ROUTING
/NOROUTING
Sets tracing of routing table changes.
/STATES
/NOSTATES
Sets tracing of state machine transitions.
/SYMBOLS
/NOSYMBOLS
Sets tracing of kernel symbols.
/TASKS
/NOTASKS
Sets tracing of task and job functions.
/TIMER
/NOTIMER
Sets tracing of timer functions.
This example tells the GateD process to turn on tracing of policy decisions and turn off tracing of state machine transitions.
$ MULTINET GATED/SET/TRACE/POLICY/NOSTATES
Queries OSPF routers. You can obtain a wide variety of detailed information from these routers using these commands.
All of the SHOW OSPF commands use a file called MULTINET:OSPF_DESTS.DAT. This is a file of OSPF destination records. Each record is a single line entry listing the destination IP address, the destination host name, and an optional OSPF authentication key (if the destination activates authentication).
|
CAUTION! Since the OSPF_DESTS.DAT file may contain authentication information, you should restrict access to it.
|
|
NOTE: To stop the output of this command, enter a Ctrl+C at the command line.
|
MULTINET GATED/SHOW/OSPF option
/ADVERTISE area-id
type
ls-id
adv-router
index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Displays link state advertisements. The parameters and qualifiers for MULTINET SHOW OSPF ADVERTISE are as follows:
|
Parameter and Qualifier |
Description |
|
area-id |
OSPF area for which the query is directed. |
|
type |
The available types are
/INTERFACES — Requests the router links advertisements. Describes the collected states of the router's interfaces. For this request, the ls-id field should be set to the originating router's Router ID.
/ROUTERS — Requests the network links advertisements. Describes the set of routers attached to the network. For this request, the ls-id field should be set to the IP interface address of the network's Designated Router.
/NETWORK_ROUTES — Requests the summary link advertisements describing routes to networks. Describes the inter-area routes and enables the condensing of routing information at area borders. For this request, the ls-id field should be set to the destination network's IP address.
/BOUNDARY_ROUTES — Requests the summary link advertisements describing routes to AS boundary routers. Describes the inter-area routes and enables the condensing of routing information at area borders. For this request, the ls-id field should be set to the Router ID of the described AS boundary router.
/EXTERNAL_ROUTES — Requests the AS external link advertisements. Describes routes to destinations external to the AS. For this request, the ls-id field should be set to the destination network's IP address. |
|
ls-id |
See the type parameter. |
|
adv-route |
Router ID of the router that originated this link state advertisement. |
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/AS index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the Autonomous System (AS) external database entries. This table reports the advertising router, forwarding address, age, length, sequence number, and metric for each AS external route. The parameters and qualifiers for MULTINET GATED /SHOW /OSPF /AS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
DESTINATIONS/OUTPUT=file
/FILE=file
This command displays the list of destinations and their indices described in an OSPF destination records file. The parameters and qualifiers for MULTINET GATED /SHOW /OSPF /DESTINATIONS are as follows:
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
/ERRORS index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the error log. This reports the different error conditions that can happen between OSPF routing neighbors and shows the number of occurrences for each. The parameters and qualifiers for MULTINET GATED /SHOW /OSPF /ERRORS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/HOPS index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the set of next hops for the OSPF router being queried. The parameters and qualifiers for MULTINET GATED /SHOW /OSPF /HOPS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/INTERFACES index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Displays all interfaces. This shows all the interfaces configured for OSPF. The information includes the area, interface IP address, interface type, interface state, cost, priority and the IP address of the DR and BDR of the network. The parameters and qualifiers for MULTINET GATED /SHOW /OSPF /INTERFACES are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/LOG index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the cumulative log. This log includes input and output statistics for monitor requests, hellos, database descriptions, link state updates, and link state ACK packets. Area statistics are provided that describe the total number of routing neighbors and number of active OSPF interfaces. Routing table statistics are summarized and reported as the number of intra-area routes, inter-area routes, and AS external database entries.
The parameters and qualifiers for MULTINET GATED /SHOW /OSPF /LOG are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/NEIGHBORS index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
/RETRANSMIT
This command shows all OSPF routing neighbors. The information shown includes the area, local interface address, router ID, neighbor IP address, state and mode. The parameters and qualifiers for MULTINET GATED /SHOW /OSPF /NEIGHBORS are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
|
/RETRANSMIT |
Displays the retransmit list of neighbors. |
/ROUTING index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
Shows the OSPF routing table. This table reports the AS border routes, area border routes, summary AS border routes, and the networks managed using OSPF. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/ROUTING are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
/STATE index
/OUTPUT=file
/FILE=file
/TIMEOUT=seconds
/RETRANSMIT
Shows the link state database (except for ASEs). This describes the routers and networks making up the AS. The parameters and qualifiers for MULTINET GATED/SHOW/OSPF/STATE are as follows:
|
index |
Indexes into a file of OSPF destination records. |
|
/OUTPUT=file |
Name of an output file to write the results to. |
|
/FILE=file |
Alternate file of OSPF destination records to use. |
|
/TIMEOUT=seconds |
Interval to wait for a response. Default is 20 seconds. |
|
/RETRANSMIT |
Displays the retransmit link state database. |
1. Displays the OSPF cumulative log for index 1 in the OSPF_DESTS.DAT file.
$ MULTINET
GATED/SHOW/OSPF/LOG 1
Source <<192.168.5.31 izar.example.com>>
IO stats
Input Output Type
2 0 Monitor request
0 0 Hello
0 0 DB Description
0 0 Link-State Req
0 0 Link-State Update
0 0 Link-State Ack
ASE: 0 checksum sum 0
LSAs originated: 39 received: 0
Router: 39
Area 0.0.0.0:
Neighbors: 0 Interfaces: 0
Spf: 1 Checksum sum CE9D
DB: rtr: 1 net: 0 sumasb: 0 sumnet: 0
Routing Table:
Intra Area: 0 Inter Area: 0 ASE: 0
2. Displays the OSPF interface log for index 1 in the OSPF_DESTS.DAT file.
$ MULTINET
GATED/SHOW/OSPF/INTERFACE 1
Source <<192.168.5.31 izar.example.com>>
IO stats
Input Output Type
6 0 Monitor request
0 0 Hello
0 0 DB Description
0 0 Link-State Req
0 0 Link-State Update
0 0 Link-State Ack
ASE: 0 checksum sum 0
LSAs originated: 39 received: 0
Router: 39
Area 0.0.0.0:
Neighbors: 0 Interfaces: 0
Spf: 1 Checksum sum CE9D
DB: rtr: 1 net: 0 sumasb: 0 sumnet: 0
Routing Table:
Intra Area: 0 Inter Area: 0 ASE: 0
3. Displays the OSPF destination records in the OSPF_DESTS.DAT file.
$ MULTINET
GATED/SHOW/OSPF/DESTINATIONS
1: 192.168.5.31 izar.example.com
4. Displays the OSPF link state database log for index 1 in the OSPF_DESTS.DAT file.
$ MULTINET GATED/SHOW/OSPF/STATE 1
Source <<192.168.5.31 izar.example.com>>
LS Data Base:
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric Where
----------------------------------------------------------------
Rtr 192.168.5.31 192.168.5.31 986 24 80000027 0 SpfTree
5. Displays the OSPF next hops log for index 1 in the OSPF_DESTS.DAT file.
$ MULTINET
GATED/SHOW/OSPF/HOPS 1
Source <<192.168.5.31 izar.example.com>>
Next hops:
Address Type Refcount Interface
---------------------------------------------------------
192.168.5.31 Direct 1 192.168.5.31 SVA-0
6. Displays the OSPF error log for index 1 in the OSPF_DESTS.DAT file.
$ MULTINET
GATED/SHOW/OSPF/ERRORS 1
Source <<192.168.5.31 izar.example.com>>
Packets Received:
3: Monitor request 0: Hello
0: DB Description 0: Link-State Req
0: Link-State Update 0: Link-State Ack
Packets Sent:
0: Monitor response 0: Hello
0: DB Description 0: Link-State Req
0: Link-State Update 0: Link-State Ack
Errors:
0: IP: bad destination 0: IP: bad protocol
0: IP: received my own packet 0: OSPF: bad packet type
0: OSPF: bad version 0: OSPF: bad checksum
0: OSPF: bad area id 0: OSPF: area mismatch
0: OSPF: bad virtual link 0: OSPF: bad authentication type
0: OSPF: bad authentication key 0: OSPF: packet too small
0: OSPF:packet size > ip length 0: OSPF: transmit error
0: OSPF: interface down 0: OSPF: unknown neighbor
0: HELLO: netmask mismatch 0: HELLO: hello timer mismatch
0: HELLO: dead timer mismatch 0: HELLO: extern option mismatch
0: HELLO: router id confusion 0: HELLO: virtual neighbor unknown
0: HELLO: NBMA neighbor unknown 0: DD: neighbor state low
0: DD: router id confusion 0: DD: externoption mismatch
0: DD: unknown LSA type 0: LS ACK: neighbor state low
0: LS ACK: bad ack 0: LS ACK: duplicate ack
0: LS ACK: Unknown LSA type 0: LS REQ: neighbor state low
0: LS REQ: empty request 0: LS REQ: bad request
0: LS UPD: neighbor state low 0: LS UPD: newer self-gen LSA
0: LS UPD: LSA checksum bad 0: LS UPD:received less recent LSA
0: LS UPD: unknown LSA type
Used to request all routes known by a RIP gateway. The routing information in any routing packets returned is displayed numerically and symbolically. This command is intended to be used as a tool for debugging gateways, not for network management.
|
Note: To stop the output of this command, enter a Ctrl/C at the command line.
|
MULTINET GATED /SHOW /RIP gateway-ia
gateway-ia
Internet address or name of the gateway to be queried.
/AUTHENTICATION=authkey
Authentication password to use for queries. If specified, an authentication type of SIMPLE is used. The default authentication type is NONE.
/NONAME
Prevents the responding host's address from being looked up to determine the symbolic name.
/POLL
Requests information from the gateway's routing table. This is the default. If there is no response to the /POLL qualifier, the /REQUEST qualifier is tried.
/REQUEST
Requests information from the gateway's routing table. Unlike the /POLL qualifier, all gateways should support this command. If there is no response, the /POLL qualifier is tried.
/TIMEOUT=seconds
Number of seconds to wait for the initial response from a gateway. Default is 5 seconds.
/TRACE
Traces the RIP packets being sent and received by this command.
/V1
Sends the query as a RIP version 1 packet.
/V2
Sends the query as a RIP version 2 packet.
Shows the routers known by RIP gateway 192.168.10.2.
$ MULTINET
GATED/SHOW/RIP 192.168.10.2
24 bytes from omega1.example.com(192.168.10.2):
net/mask router metric tag
192.168.5.0/255.255.255.0 192.168.10.1 2 0000
Queries tracing in GateD.
MULTINET GATED /SHOW /TRACE
$ multinet gated/show/trace
Summary of GateD tracing
--------------------------------------------------
State Machine Transitions Logging is : 'OFF'
Internal Events Logging is : 'OFF'
Policy Decision Logging is : 'OFF'
Task Information Logging is : 'OFF'
Timer Logging is : 'OFF'
Routing Information Logging is : 'OFF'
General Send and Receive Logging is : 'OFF'
General Receive Logging is : 'OFF'
General Send Logging is : 'OFF'
Packet Send and Receive Logging is : 'OFF'
Packet Receive Logging is : 'OFF'
Packet Send Logging is : 'OFF'
Configuration File Parsing Logging is : 'OFF'
Route Advertisement Logging is : 'OFF'
Kernel Symbols Logging is : 'OFF'
Network Interface Logging is : 'OFF'
Tells the GateD process to halt in an orderly manner.
MULTINET GATED /STOP
Toggles GateD tracing on and off. This command opens and closes the GateD log file MULTINET:GATED.LOG as needed.
MULTINET GATED /TOGGLE_TRACING
Tells the GateD process to rescan the network interfaces.
MULTINET GATED /UPDATE_INTERFACES
The MultiNet host table compiler generates binary host tables from the ASCII host table files. After modifying a MultiNet host table, use this command to compile it into its binary form.
After recompiling your host tables, reinstall the host tables by rebooting, or by invoking the @MULTINET:INSTALL_DATABASES command. Then make the host table usable to the MULTINET_SERVER process servers by restarting this process with the @MULTINET:START_SERVER command. MultiNet uses the compiled host tables for fast lookups of host names, and for translation of host, network, protocol, and service names to numbers.
MULTINET HOST_TABLE COMPILE [files]
files
Contains a comma-separated list of one or more input files to be compiled. These files must be in the format described in RFC-952 "DoD Internet Host Table Specification." If not specified, the input files default to MULTINET:HOSTS.SERVICES, MULTINET:HOSTS.LOCAL, and MULTINET:HOSTS.TXT.
/HOST_TABLE_FILE=file
Specifies the file to which the compiler writes the binary host table (by default, MULTINET:NETWORK_DATABASE).
/SILENTLY
/NOSILENTY (default)
Determines whether the compilation proceeds quietly. The default, /NOSILENTLY, can take some time to process.
/STARTING_HASH_VALUE=value
Specifies the initial hash size for the host table hash. Starting at this value, the host table compiler searches for an acceptable hashing function. The default for this qualifier is the "best value," which is computed from the size of the data as the utility attempts to create 512-byte units.
When you run HOST TABLE COMPILE, the hash value is listed in the displayed messages. To select a value for this qualifier, choose a number from the displayed range of values.
/TBLUK_FILE=file
Specifies the file to which the compiler writes the "host-completion" database, used by programs that allow for escape-completion of partially typed host names. The default is MULTINET:HOSTTBLUK.DAT.
/UNIX_HOST_FILE=file
Specifies the file to which the compiler writes a UNIX-style hosts file that can be used on most UNIX systems and with many other vendors' TCP implementations. The default, /NOUNIX_HOST_FILE, inhibits the creation of a UNIX-style hosts file.
Connects to the HOSTNAME port of NIC.DDN.MIL and uses the HOSTNAME protocol to retrieve the HOSTS.TXT file. After retrieving a new MultiNet host table, compile it into binary form with the MULTINET HOST_TABLE COMPILE command so the host table can be accessed.
|
Caution! The HOSTS.TXT file located on NIC.DDN.MIL is no longer maintained by the DDN NIC (or anyone else). This file contains out-of-date information and should be used with caution. If your host is connected to the Internet, DNS is a desirable alternative to using host tables.
|
/HOST=host (default NIC.DDN.MIL)
Specifies a host other than NIC.DDN.MIL. If you specify the host name instead of the address, the host name must exist in your existing host tables.
/OUTPUT_FILE=file
Specifies a different output file (by default, MULTINET:HOSTS.TXT).
/SILENTLY
/NOSILENTLY (default)
Specifies that various debugging information is written to SYS$ERROR as the program executes.
/QUERY
Specifies an arbitrary HOSTNAME protocol request to the host of interest as follows:
· If the /QUERY qualifier is present, use its value
· Otherwise, if the /VERSION qualifier is present, use VERSION
· Otherwise, use ALL
/VERSION
Retrieves only the HOSTS.TXT version number.
The HOSTNAME protocol supports simple text query requests of the form:
command_key argument(s) [options]
command_key is a keyword indicating the nature of the request and square brackets ( [ ] ) indicate an optional field. The defined keys are described in the following table:
|
Keyword |
Response |
|
HELP |
The information in this table. |
|
VERSION |
"VERSION: string" where string is different for each version of the host table. |
|
HNAME hostname |
One or more matching host table entries. |
|
HADDR hostaddr |
One or more matching host table entries. |
|
ALL |
The entire host table. |
|
ALL-OLD |
The entire host table without domain-style names. |
|
DOMAINS |
The entire top-level domain table (domains only). |
|
ALL-DOM |
Both the entire domain table and the host table. |
|
ALL-INGWAY |
All known gateways in TENEX/TOPS-20 INTERNET.GATEWAYS format. |
Installs the binary host tables as global sections. Do not run HOST_TABLE INSTALL directly. Instead, use the MULTINET:INSTALL_DATABASES.COM command procedure.
MULTINET HOST_TABLE INSTALL
The MULTINET IPP SHOW utility allows a user to learn the capabilities supported by an IPP server. This utility queries the server and displays the supported attributes. The program can be used to see what a given server supports, by a program to gather information about a number of printers, or by a DCL or other program to check the capabilities of a given server before submitting a print job to a queue. The command syntax is:
$ MULTINET IPP SHOW server_URI /qualifiers...
/ATTRIBUTE=attribute
Puts the program into a mode suitable for use from a DCL command procedure. Not compatible with the /FORMAT or /OUTPUT qualifiers or those associated with them. It causes the program to return the value of a single attribute as a character string in a DCL symbol. The symbol may be specified with the /SYMBOL qualifier if the default of IPP_SHOW_RESULT is not desired. This is intended for use in a procedure to check to see if, for example, a given server supports color printing before submitting a job to a queue that requires color output. Allowable values for attribute are:
|
Charset_Configured |
Orientation_Requested_Default |
/[NO]APPEND
Specifies that output should be appended to an existing output file if possible. /NOAPPEND is the default.
/FORMAT=style
Specifies what print style to use. style is either
· SCREEN (default) which writes in a human-friendly screen-formatted mode or
· LIST which writes an easy to parse, name=value format, one name/value pair per line.
/[NO]FULL
Causes all IPP attributes to be included in the display, whether the server supports them or not. Those not supported are marked as such. /NOFULL is the default.
/[NO]GLOBAL
Specifies whether the named symbol should be created as a
DCL global symbol. Used only with
/ATTRIBUTE. If specified as /NOGLOBAL,
the symbol will be local to the calling procedure level. /GLOBAL
is the default.
/OUTPUT=file
Specifies a file to write output to. SYS$OUTPUT: is the default.
/SYMBOL=symbolname
Specifies a DCL symbol name that should be set to the value of the specified attribute. Used only with /ATTRIBUTE. The default is IPP_SHOW_RESULT if /SYMBOL is not specified.
1. Basic operation with all defaults:
$ MULTINET IPP SHOW LILLIES.EXAMPLE.COM
LILLIES.EXAMPLE.COM as of Tue
Mar 9 16:08:43 2018
CURRENT INFO:
Printer State: Idle
State Reasons: none
Accepting Jobs?: Yes
Queued Job Count: 0
PRINTER INFO:
Name: Lexmark Optra T610
Make & Model: Lexmark Optra T610
DEFAULTS:
Document Format: application/octet-stream
Orientation: Portrait
Number-Up: 1
Copies: 1
Job Media Sheets: none
Character Set: utf-8
Natural Language: en-us
SUPPORTED FEATURES AND ALLOWED VALUES:
Color?: No
Orientation: Portrait, Landscape
Document Formats: application/octet-stream, application/postscript,
application/vnd.hp-PCL, text/plain
Job Sheets: none, standard
Number-Up: 1:16
Copies: 1:999
PDL Override: not-attempted
Character Sets: utf-8, us-ascii
Natural Languages: en-us
Operations: Print_Job, Validate-Job, Cancel-Job,
Get-Job_Attributes, Get-Jobs,
Get-Printer_Atrributes, Unknown: 18
URIs Supported and associated security options:
URI: http://192.168.50.2/
Security: none
URI: http://192.168.50.2:631/
Security: none
2. Operation with /FULL and output to a file (note that the "/" character in the URI requires use of quotes around the server URI parameter):
$ MULTINET IPP SHOW "LILLIES.EXAMPLE.COM/IPP" /FULL /OUTPUT=FOO.BAR
FOO.BAR contains:
LILLIES.EXAMPLE.COM/IPP as of Tue Mar 9 16:11:54 2018
CURRENT INFO:
Printer State: Idle
State Reasons: none
State Message: <not supported>
Accepting Jobs?: Yes
Queued Job Count: <not supported>
Uptime (seconds): <not supported>
Printer Time: <not supported>
PRINTER INFO:
Name: LILLIES
Printer Location: <not supported>
Printer Info: MANUFACTURER:Hewlett-Packard;COMMAND SET:PJL,ML -
C,PCL,PCLXL,POSTSCRIPT;MODEL:HP LaserJet 2100 -
Series;CLASS:PRINTER;DESCRIPTION:H
URL for more info: <not supported>
URL for driver: <not supported>
Make & Model: <not supported>
URL for Maker: <not supported>
DEFAULTS:
Document Format: application/octet-stream
Orientation: <not supported>
Number-Up: <not supported>
Sides: <not supported>
Copies: <not supported>
Mult. Doc. Handling: <not supported>
Media: <not supported>
Job Media Sheets: <not supported>
Finishings: <not supported>
Job Priority: <not supported>
Job Hold Until: <not supported>
Print Quality: <not supported>
Printer Resolution: <not supported>
Character Set: us-ascii
Natural Language: en-us
Mult. Op. Timout: <not supported>
SUPPORTED FEATURES AND ALLOWED VALUES:
Color?: <not supported>
Orientation: <not supported>
Document Formats: text/plain, text/plain; charset=US-ASCII,
application/postscript, application/vnd.hp-PCL,
application/octet-stream
Job Sheets: <not supported>
Number-Up: <not supported>
Sides: <not supported>
Copies: <not supported>
Mult. Doc. Handling: <not supported>
Media Names: <not supported>
Job Media Sheets: <not supported>
Finishings: <not supported>
Job Priority: <not supported>
Job Hold Until: <not supported>
Page Ranges?: <not supported>
Print Qualities: <not supported>
Resolutions: <not supported>
Compression Modes: <not supported>
Job K-octets: <not supported>
Job Impressions: <not supported>
PDL Override: not-attempted
Character Sets: us-ascii, utf-8
Natural Languages: en-us
URI Schemes: <not supported>
Operations: Print_Job, Validate-Job, Cancel-Job,
Get-Job_Attributes, Get-Jobs,
Get-Printer_Atrributes
URIs Supported and associated security options:
URI: /ipp
Security: none
URI: /ipp/port1
Security: none
MESSAGE FROM OPERATOR:
<no Message>
3. Operation with /ATTRIBUTE and /SYMBOL and /GLOBAL to get a single attribute into a DCL symbol:
$ MULT IPP
SHOW LEXIM /ATTRIB=NUMBER_UP_SUPPORTED /SYMBOL=NUMUP /GLOBAL
$ SHO SYM NUMUP
NUMUP == "1:16"
$
Stores the contents of the Kerberos database in an ASCII text file. Use this command to transfer the contents of a master KDC database to another system which acts as a backup KDC. The ASCII format allows interchange among different vendors' implementations of Kerberos on different platforms. Passwords are output as encrypted text strings. Dumping the database to a text file and then editing it is the only way to delete users or principals from the database. Use MULTINET KERBEROS DATABASE LOAD to reload a dumped database.
|
Note: This command applies to Kerberos V4 only.
|
MULTINET KERBEROS DATABASE DUMP [outfile]
/DATABASE_FILE=filename
Specifies that an alternative database is used instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
This example stores the Kerberos database named FOO into the DUMP_FILE.TXT text file. This text file can be loaded with the following command:
$ MULTINET KERBEROS DATABASE DUMP /DATABASE_FILE=MULTINET:FOO. DUMP_FILE.TXT
In this example, the /DATABASE_FILE qualifier specifies the name of the database that is created.
$ MULTINET KERBEROS DATABASE LOAD /DATABASE_FILE=MULTINET:FOO_TOO. DUMP_FILE.TXT
This example lists the contents of the database.
$ MULTINET KERBEROS DATABASE DUMP TT:
Interactively adds principal information to the database.
MULTINET KERBEROS DATABASE EDIT
/DATABASE_FILE=filename
Specifies that an alternative database is used instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
/PROMPT_FOR_KEY (default)
/NOPROMPT_FOR_KEY
Specifies that you are prompted to supply the master key password. /NOPROMPT_FOR_KEY causes the master key to be read from a file previously created with the MULTINET KERBEROS DATABASE STASH utility.
MULTINET KERBEROS DATABASE EDIT adds principal information to the database. The principal can be either a user or a program.
|
Note: This command applies to Kerberos V4 only.
|
The below table describes the prompts displayed by this utility.
|
At This Prompt... |
Enter This Information |
|
|
Enter Kerberos master key: |
The encryption key for the Kerberos database. This is the master password for Kerberos administration and must be safeguarded. This is a standard VMS-style password except the value is case-sensitive and can be up to 64 bytes in length. |
|
|
Principal name |
A case-sensitive value, which generally is a user name if you are adding a user to the database, or the name of a principal used by a Kerberized server if you are entering a class of service. Exit KERBEROS DATABASE EDIT by pressing RETURN at the Principal name prompt. |
|
|
Instance |
A case-sensitive string value. When adding users to the database, enter an empty string (press RETURN). When associating a service type with a system, the instance is the system name. If the principal name is for a new user or application, the next prompt is Not found, Create [y]?. Enter y to create the principal entry, or n to enter another principal name. |
|
|
Change password |
Change the password for a user or service. This prompt only appears if you specified an existing principal or instance name. If you enter y, you are prompted with the New Password: prompt; if you enter n, you are prompted for the expiration date. |
|
|
New password |
Enter a new password. You can enter RANDOM for the password, which indicates the password is known only within the software. This feature adds additional security.
The only use for the RANDOM password feature with user accounts is to prevent users from accessing the Kerberos system. If you did not select the RANDOM feature and chose to change the password, enter a new password. You are prompted to verify the password you entered. |
|
|
Expiration date |
The date on which a user can no longer access the system, or the date that an application is no longer valid. |
|
|
Max ticket lifetime |
The maximum lifetime, in minutes, for a user's ticket. This can be any value from 5 to 1275 minutes (21 hours, 15 minutes). |
|
|
Attributes |
The valid range of this value is 0 to 65535, inclusive. The meaning of this value is system- and application-dependent. MultiNet applications do not currently use this value. |
$ MULTINET
KERBEROS DATABASE EDIT /NOPROMPT
Opening database...
Current Kerberos master key version is 1
Previous or default values are in [brackets], enter Return to leave the same,
or new value.
Principal name: rcmd
Instance: bigboote
<Not found>, Create [y] RETURN
Principal: rcmd, Instance: bigboote, kdc_key_ver: 1
New password: ********
Verifying, please re-enter New Password: ********
Principal’s new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2099-12-31 ] ? RETURN
Max ticket lifetime (*5 minutes) [ 255 ] RETURN
Attributes [ 0 ] ? RETURN
Edit O.K.
Principal name: john
Instance: RETURN
<Not found>, Create [y] RETURN
Principal: john, Instance: , kdc_key_ver: 1
New password: ********
Verifying, please re-enter New Password: ********
Principal’s new key version = 1
Expiration date (enter yyyy-mm-dd) [ 2099-12-31 ] ? RETURN
Max ticket lifetime (*5 minutes) [ 255 ] RETURN
Attributes [ 0 ] ? RETURN
Edit O.K.
Principal name: RETURN
$
Initializes the Kerberos database. If you need to run this command on an already configured system, shut down Kerberos by first disabling the Kerberos and KADMIN servers using the MULTINET CONFIGURE /SERVERS command, then restart the MultiNet master server. Refer to the examples later in this section.
|
Note: This command applies to Kerberos V4 only.
|
MULTINET KERBEROS DATABASE INITIALIZE
/DATABASE_FILE=filename
Specifies the use of an alternative database instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
/REALM=realm
Specifies the Kerberos realm to use instead of the default (the local domain name specified in the MULTINET:KERBEROS.CONFIGURATION file). Note: the realm name is case-sensitive.
This example initializes the Kerberos database.
$ MULTINET
KERBEROS DATABASE INITIALIZE
Realm name [REALM]: EXAMPLE.COM
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Kerberos master key: ********
Verifying, please re-enter Kerberos master key: ********
$
This example shuts down Kerberos by disabling the KERBEROS and KADMIN servers, restarts the MASTER_SERVER process, and then exits.
$ MULTINET
CONFIGURE /SERVERS
MultiNet Server Configuration Utility 5.5 (nnn)
[Reading in symbols from SERVER image MULTINET:SERVER.EXE]
[Reading in configuration from MULTINET:SERVICES.MASTER_SERVER]
SERVER-CONFIG>DISABLE KERBEROS
SERVER-CONFIG>DISABLE KADMIN
SERVER-CONFIG>RESTART
%RUN-S-PROC_ID, identification of created process is 2060005C
SERVER-CONFIG>EXIT
[Writing configuration to MULTINET_COMMON_ROOT:[MULTINET] SERVICES.MASTER_SERVER]
Loads the database from an ASCII text file produced by the MULTINET KERBEROS DATABASE DUMP utility. The ASCII text allows for interchange between different vendors' Kerberos implementations and different platforms, so the file being loaded does not need to be generated by the MultiNet Kerberos implementation.
|
Note: This command applies to Kerberos V4 only.
|
MULTINET KERBEROS DATABASE LOAD [outfile]
/DATABASE_FILE=filename
Specifies that an alternative database is used instead of the MULTINET:KERBEROS_PRINCIPAL. file. Do not specify a file name extension because the database code uses its own.
1. This example stores the Kerberos database named FOO into the DUMP_FILE.TXT text file. This text file can be restored with this command:
$ MULTINET KERBEROS DATABASE DUMP /DATABASE_FILE=MULTINET:FOO.
DUMP_FILE.TXT
2. The /DATABASE_FILE qualifier specifies the name of the created database:
$ MULTINET KERBEROS DATABASE LOAD
/DATABASE_FILE=MULTINET:FOO_TOO. DUMP_FILE.TXT
Permits the master key to be changed. After changing the master key, rebuild the database. Dump the database to an ASCII text file before using this command to change the master key. (You can dump the database to an ASCII text file with the MULTINET KERBEROS DATABASE UTILITY DUMP command.) After changing the key, re-stash the master key with the MULTINET KERBEROS DATABASE STASH command, and reload the database from the ASCII dump file with the MULTINET KERBEROS DATABASE UTILITY LOAD command.
|
Note: This command applies to Kerberos V4 only.
|
MULTINET KERBEROS DATABASE NEW_MASTER_KEY
Creates a service key file for use by server programs on the named system to decode KERBEROS authenticators. The output file name is of the form server-NEW-KERBEROS.SRVTAB, where server is the name of the remote system for which this file is being created. After creating the key file, transport it manually (not over the network, unless encryption is available) to the remote system, and copy it to MULTINET:KERBEROS.SRVTAB.
|
Note: This command applies to Kerberos V4 only.
|
MULTINET KERBEROS DATABASE SRVTAB host(s)
host(s)
Specifies one or more host names. host is not a fully qualified name and does not include dots. If specified in double quotes, mixed-case host names (for example, "Lot49") are preserved. If not specified in double quotes, all letters are converted to lowercase. If you do not supply this parameter, you are prompted for the host name(s).
/PROMPT (default)
/NOPROMPT
Controls whether or not you are prompted to supply the master key password. /NOPROMPT causes the master key to be read from a file previously created with the MULTINET KERBEROS DATABASE STASH utility.
/REALM=realm
Specifies the Kerberos realm to use instead of the default (the local realm name specified in the MULTINET:KERBEROS.CONFIGURATION file). Note: the realm name is case-sensitive.
$ MULTINET KERBEROS DATABASE SRVTAB /REALM=FLOWERS.COM /NOPROMPT
Saves the master key in a protected file both for the KDC, which needs the master key to read the Kerberos database, and for the convenience of the administrator who does not have to enter the master password when accessing the Kerberos configuration utilities.
|
Note: This command applies to Kerberos V4 only.
|
MULTINET KERBEROS DATABASE STASH
$ MULTINET
KERBEROS DATABASE STASH
Kerberos master key: ********
Verifying, please re-enter Kerberos master key: ********
Current Kerberos master key version is 1.
Invokes the MultiNet network LOADER. This program loads a network image into the VMS kernel and starts the network.
|
Note: This utility is invoked automatically by the network startup command file generated by the Network Configuration Utility and should not be invoked by a user.
|
MULTINET LOAD
Sends commands to services internal to the MULTINET_SERVER process. NETCONTROL can select any server provided in the MultiNet configuration or those previously added with the Server Configuration Utility. This command affects only the currently running configuration.
MULTINET NETCONTROL [service] [command]
service
Connects to the specified service (by default, NETCONTROL).
command
Sends a specified command string to the server. If you do not specify a command string, NETCONTROL enters interactive mode.
/HOST=host
Connects to the NETCONTROL service on the specified host (by default, the NETCONTROL service on the local host).
/VERBOSE
Displays the entire NETCONTROL protocol conversation. This qualifier is useful only for debugging purposes.
The NETCONTROL program sends commands to services internal to the MULTINET_SERVER process. NETCONTROL currently provides access to the following MultiNet services:
|
ACCESS |
BOOTP |
BWNFSD |
CLUSTERALIAS |
|
DHCLIENT |
DHCP |
DOMAINNAME |
EKLOGIN |
|
FONTSERVER |
GATED |
IPXRIP |
KERBEROS |
|
KLOGIN |
KSHELL |
NETCONTROL |
NFS |
|
NFSV3 |
NOT |
NTP |
PCNFSD |
|
RACOON |
RARP |
“R” Server |
RDISC |
|
REXEC |
RLOGIN |
RPCBOOTPARAMS |
RPCLOCKMGR |
|
RPCMOUNT |
RPCPORTMAP |
RPCQUOTAD |
RPCSTATUS |
|
RSHELL |
SAP |
SNMP |
SSH |
|
SYSLOG |
TELNET |
TFTP |
UCXQIO |
|
VIADECNET |
VIAPSI |
XDM |
|
For loadable services (those with an INIT setting of Merge_image), you can use the SERVER-CONFIG SET PROCESS process_name command to have the service run in an auxiliary master server process with the specified name, rather than in the main master server process (which has a process name of MULTINET_SERVER).
Unlike earlier versions of MultiNet:
· The auxiliary server no longer has to be manually started.
· The service(s) running in the auxiliary process can be controlled with NETCONTROL.
Use the SERVER-CONFIG SET FLAGS START_AUX_SERVER command to have the main master server start the auxiliary server process automatically.
Services running in auxiliary master server processes can be controlled with NETCONTROL, independent of whether the START_AUX_SERVER flag is set, or whether the auxiliary process was started manually.
Auxiliary server processes are most useful for services which may require very large quantities of process quotas such as virtual memory. They can also be useful when there are problems with a loadable service that cause the master server to terminate abnormally; the service can be isolated in a separate process to prevent other services from being interrupted when the abnormal termination occurs.
The following command shuts down all services, including those run in auxiliary master server processes. (In earlier versions, services running in auxiliary master server processes were not affected by this command.)
$ MULTINET NETCONTROL NETCONTROL SHUTDOWN ALL
In addition, specifying a SET PROCESS command on the NETCONTROL service (in SERVER-CONFIG) has no effect; the NETCONTROL server always runs in the main master server process.
Invoke NETCONTROL with MULTINET NETCONTROL, or with NETCONTROL commands from inside the Server Configuration Utility or NFS Server Configuration Utility.
NETCONTROL connects to the NETCONTROL server on the local host, or on a remote host if one is specified. The following example demonstrates two ways of connecting to the RLOGIN service. Note: the NETCONTROL prompt indicates the name of the service to which you are connected.
$ MULTINET
NETCONTROL RLOGIN
Connected to NETCONTROL server on "LOCALHOST"
< SP1.EXAMPLE.COM Network
Control 5.5 (nnn) at Mon 15-Mar-2018 7:42am-EST
RLOGIN>
$ MULTINET NETCONTROL
Connected to NETCONTROL server on "LOCALHOST"
< SP1.EXAMPLE.COM Network Control 5.5 (nnn) at Mon 15-Mar-2018 7:42am-EST
NETCONTROL>SELECT RLOGIN
RLOGIN>
The following example shows how to specify a NETCONTROL command from the command line. When used this way, NETCONTROL exits to DCL upon completion.
$ MULTINET
NETCONTROL RLOGIN SHOW
Connected to NETCONTROL server on "LOCALHOST"
< SP1.EXAMPLE.COM Network Control 5.5 (nnn) at Mon 15-Mar-2018 7:42am-EST
< File Cache:
< MULTINET:HOSTS.EQUIV (Expires in 59 minutes)
< USERS:[MIGUEL].rhosts (Expired)
< Authorization Cache:
< EDUARDA (Expires in 59 minutes)
< MIGUEL (Expired)
$
You can also use NETCONTROL to control the MULTINET_SERVER on a remote system, subject to the restrictions set on that system's NETCONTROL server.
The following example shows how to invoke NETCONTROL on a remote system.
$ MULTINET
NETCONTROL/HOST=SP1.EXAMPLE.COM RLOGIN
Connected to NETCONTROL server on "SP1.EXAMPLE.COM"
< SP1.EXAMPLE.COM Network Control 5.5 (nnn) at Mon 15-Mar-2018 7:42am-EST
RLOGIN>
To change the ACCOUNTING and DEBUG parameters with the MULTINET NETCONTROL command, use the following commands. Use the DEBUG parameter to dynamically set the MultiNet server debugging level to the specified value n. By default, additional information is provided in the accounting record by the MultiNet server. You can disable this feature by setting n to 0. When set to 1, the remote name and service name are added to the ACCOUNTING record.
$ MULTINET
NETCONTROL NETCONTROL DEBUG n
$ MULTINET NETCONTROL NETCONTROL ACCOUNTING n
The below table shows the NETCONTROL commands you can use at any time.
|
Command |
Description |
|
LIST |
Prints a list of the active services that support NETCONTROL. |
|
NOOP |
Does nothing; provided for testing the NETCONTROL server. |
|
QUIT |
Exits NETCONTROL. |
|
QUOTE string |
Sends a string verbatim to the NETCONTROL server. |
|
SELECT service |
Selects a service on which to operate. Use the question mark (?) character to get a list of services. |
|
SERVER-VERSION |
Prints the version number of the MULTINET_SERVER process. |
|
STATISTICS |
Prints server usage statistics. |
|
TIMERS |
Prints debugging information about the various scheduler events in the MULTINET_SERVER process. |
|
VERBOSE |
Turns on verbose printing of NETCONTROL commands and responses. |
|
VERSION |
Prints the version number of the selected server. |
The below table shows the NETCONTROL commands you can use with the ACCESS server.
|
Command |
Description |
|
DEBUG n |
Sets the ACCESS debugging level. The larger the number, the more verbose the output. |
|
RELOAD n |
Rereads your access configuration file MULTINET:START_ACCESS.COM if it is not redefined with the configuration file parameter. |
The below table shows the NETCONTROL ACCOUNTING commands you can use.
|
Command |
Description |
|
ACC-CONTROL-VERSION |
Shows the version of the accounting control logs. |
|
FILE <file_specification> |
Starts a new accounting control image. |
|
NOOP |
Does nothing. |
|
RELOAD |
Restarts the accounting server. |
|
SHUTDOWN |
Stops the accounting server. |
|
START |
Starts the accounting server. |
|
VERSION |
Displays the version of the accounting server control image. |
The below table shows the NETCONTROL commands you can use with the BOOTP server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
DUMP |
Dumps the BOOTP database. |
|
RELOAD |
Reloads the BOOTP database. |
The below table shows the NETCONTROL command you can use with the BWNFSD server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
The below table shows the NETCONTROL commands you can use with the CLUSTERALIAS server.
|
Command |
Description |
|
DEBUG n |
Sets the CLUSTERALIAS debugging level. The larger the number, the more verbose the output. |
|
RELEASE ip address |
Releases the system’s lock of the cluster alias address. |
|
SHOW n |
Displays the state of the cluster alias. |
The below table shows the NETCONTROL commands you can use with the DHCP client.
|
Command |
Description |
|
|
DEBUG value |
Specifies a decimal integer that is a bitmask of debugging levels used to select messages to pass to OPCOM and the debug log file specified in the DEBUG-FILE parameter. The debugging levels are (in decimal):
1 Fatal Errors
By default, Fatal Errors and Warnings are logged. |
|
|
VERSION |
Prints the version number of the DHCP client control component. |
|
|
SHUTDOWN |
Causes the DHCP client to shut down.
|
|
|
START |
Starts a DHCP client that has been down by the DHCLIENT SHUTDOWN command. |
The below table shows the NETCONTROL commands you can use with the DHCP server.
|
Command |
Description |
|
|
DEBUG value |
Specifies a decimal integer that is a bitmask of debugging levels used to select messages to pass to OPCOM and the debug log file specified in the DEBUG-FILE parameter. The debugging levels are (in decimal):
By default, Fatal Errors, Errors, and Warnings are logged. |
|
|
DHCP-CONTROL-VERSION |
Prints the version number of the DHCP Control component. |
|
|
DUMP file |
Writes the in-memory configuration of the DHCP server to the file specified or to the DUMPFILE parameter value if file is not specified. |
|
|
NEWLOG |
Starts a new debug log file, if one is in use. |
|
|
PARTNERDOWN |
For Safe-Failover DHCP: Causes the DHCP server to transition into Partner Down state, which indicates that its safe-failover DHCP partner is down. |
|
|
RELEASE ip-address |
Forces the DHCP server to act as if it heard a DHCP release from the client. This applies to dynamically assigned IP addresses only.
|
|
|
RESTART or RELOAD |
Causes the server to restart, at which time it rereads the configuration file. |
|
|
SHOW |
Prints a variety of information, depending on the arguments used. Shows all lease binding and static assignment details for the specified
client identifier. Shows lease binding details for the specified IP address. The IP
address must be in a dynamic address pool. Shows whether the given hardware address or client identifier is
"known", that is if there is a host
declaration for that hardware address or client address. |
|
|
SHUTDOWN |
Stops the server.
This command does not delete the service from the master server. It is still registered with NETCONTROL. |
|
|
START |
Starts a server that has been shut down by the DHCP SHUTDOWN command. |
|
|
STATISTICS |
This command is supplied only for backward compatibility with previous versions of MultiNet. It has been superseded by the SHOW POOLS command. |
|
|
UPDATE [(file)] |
Causes the server to execute the commands in the specified file, if any, or the file specified in the UPDATEFILE parameter, if any, or the default file MULTINET:DHCPD.UPDATES. |
The below table shows the NETCONTROL commands you can use with the DOMAINNAME server.
|
Command |
Description |
|
DEBUG n |
Sets the debug level of the domain name server (the default is no debugging). The larger the number, the more verbose the output. A value of 0 turns off debugging. |
|
DUMP |
Dumps the Domain Nameserver cache to the file MULTINET:DOMAIN-NAME-SERVICE.DB. Use to diagnose database problems. |
|
MAXIMUM-TTL ttl |
Changes the maximum time-to-live (TTL) that resource records are cached from the default of 604800 seconds (1 week) to the specified value. |
|
MINIMUM-TTL ttl |
Changes the minimum time-to-live (TTL) that resource records are cached from the default of zero (0) seconds to the specified value.
It is recommended you use this command only if there is a specific need. This could cause problems in that you may be caching resource records for longer than the authoritative administrator intended. |
|
QUERYLOG |
Toggles query logging ON and OFF. Query logging shows an informational message every time a query is received by the server. Query logging can be directed to OPCOM or a file in the MULTINET:NAMED.CONF file using the logging category queries. |
|
RELOAD |
Causes the domain name server to re-read the configuration file, and subsequently re-read any zone files that have changed. |
|
RESTART |
Instructs the name server to shutdown if it exists, then instructs the master server to start a new name server process. |
|
REWRITE-TTL ttl |
Sets the time-to-live (TTL) that load balanced resource records are cached from the default of 300 seconds (5 minutes) to the specified value. |
|
SHOW |
Shows the nodename, address, and rating of any cluster server names. |
|
START |
Instructs the master server to start the name server process. |
|
STATISTICS |
Appends domain name server server statistics to the file MULTINET:DOMAIN-NAME-SERVICE.STATS and memory statistics to the file MULTINET:DOMAIN-NAME-SERVICE.MEMSTATS. |
|
STOP |
Stops the server.
This command does not delete the service from the master server. It is still registered with NETCONTROL. |
|
VERSION |
Prints the current DNS server version number. (This is the version of BIND from which the MultiNet DNS server is derived.) |
The below table shows the NETCONTROL commands you can use with the EKLOGIN server:
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
FLUSH-CACHE |
Flushes the “KR” services authentication cache. |
The below table shows the NETCONTROL commands you can use with the FONTSERVER server.
|
Command |
Description |
|
DEBUG |
Sets the FONTSERVER debugging level. The larger the number, the more verbose the output. |
|
FLUSH |
Removes the fonts loaded into the font server’s cache. |
|
FS-CONTROL-VERSION |
Prints the version number of the FONTSERVER control component. |
|
RELOAD |
Reloads the font server configuration file MULTINET:FONT_SERVER.CONFIGURATION. |
|
RESET |
Resets the server and closes down all connections to the client. |
|
RESTART |
Restarts the server. |
|
START |
Starts the server. |
|
SHUTDOWN |
Stops the server. |
The below table shows the NETCONTROL commands you can use with the IPXRIP server.
|
Command |
Description |
|
ADVERTISE true | false |
Advertises non-local routes. The default is true. |
|
DEBUG n |
Sets the debugging log level. |
|
FLUSH |
Flushes the non-local routes and updates the interface configuration. |
|
SEND |
Sends the IPX RIP packets. |
|
SHOW |
Displays the IPX RIP routing table. |
The below table shows the NETCONTROL command you can use with the KERBEROS V4 server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
The below table shows the NETCONTROL commands you can use with the KLOGIN server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
FLUSH-CACHE |
Flushes the “KR” services authentication cache. |
The below table shows the NETCONTROL commands you can use with the KSHELL server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
FLUSH-CACHE |
Flushes the “KR” services authentication cache. |
The below table shows the NETCONTROL commands you can use with the NETCONTROL server.
|
Command |
Description |
|
ACCOUNTING n |
Disables accounting with an integer value of 0. A positive value enables accounting. The accounting value is checked whenever the master server starts up a service. The accounting provided is PID, host name, node name, and service name. |
|
DEBUG n |
Sets the NETCONTROL debugging level. The larger the number, the more verbose the output. |
|
SHUTDOWN all or service name |
Shuts down all services or shuts down a specific services. |
The below table shows the NETCONTROL commands you can use with the NFS v2 Server.
|
Command |
Description |
|
ADD MOUNT-RESTRICTION |
Exports a mount point for read-only access. Any attempt to write to the disk specified by this mount point fails. This restriction affects any NFS group associated with that particular mount point. |
|
AVERAGE-RESPONSE-TIMES |
Computes average response times. Do not use without first contacting Process Software Technical Support. |
|
DUMP |
Dumps the NFS Server cache into the file MULTINET:NFS_SERVER.DUMP for debugging; DUMP is ignored unless the NFS Server is running in user mode. |
|
FILECACHE-DEBUG n |
Sets the debug level of the file system cache portion of the server. |
|
NFS-CONTROL-VERSION |
Prints the version number of the NFS NETCONTROL module. |
|
NFSDEBUG n |
Sets the debug level of the NFS protocol portion of the server. |
|
RECORD-RESPONSE-TIMES |
Records response time data. Do not use without first contacting Process Software Technical Support. |
|
RELOAD |
Reloads the UID/GID table in the NFS Server. This command does not reload the client; that is done with NFSMOUNT/RELOAD. If you want to reload both, use MULTINET CONFIGURE /NFS when you modify the configuration file. |
|
RESTART |
Restarts the NFS Server process. |
|
RPCDEBUG n |
Sets the debug level of the RPC protocol portion of the server. |
|
SHOW-RESPONSE-TIMES |
Displays response time data. Do not use without first contacting Process Software Technical Support. |
|
SHUTDOWN |
Stops the server. |
|
START |
Starts the server. |
The below table shows the NETCONTROL commands you can use with the NFS v3 Server.
|
Command |
Description |
|
RESTART |
Restarts the NFS v3 Server process. |
|
SHUTDOWN |
Stops the server. |
|
START |
Starts the server. |
The below table shows the NETCONTROL commands you can use with the NOT server.
|
Command |
Description |
|
DEBUG |
Sets the NOT debugging level. The larger the number, the more verbose the output. |
|
RELOAD |
Reloads the NOT.CONFIGURATION or the configuration file the parameter for the NOT service is set to. |
The below table shows the NETCONTROL commands you can use with the NTP server.
|
Command |
Description |
|
DEBUG n |
Sets the debug level of the NTP server. The larger the number, the more verbose the output. |
|
NOOP |
Does nothing but verify that the server is running. |
|
NTP-CONTROL-VERSION |
Displays the version information for the NTP NETCONTROL interface. |
|
PANIC seconds |
Sets the largest value (in seconds) that will be corrected. The default is 4000 seconds, or just over 66 minutes. |
|
RELOAD |
Restarts the NTPD server process. Equivalent to SHUTDOWN followed by START |
|
SHOW |
Shows the current state of all server and peer connections. Also displays the current value of WAYTOOBIG/PANIC. |
|
SHUTDOWN |
Causes the NTPD server process to shut down and exit. |
|
START |
Starts the NTPD server process. |
|
VERSION |
Displays the version of the NTP server in use. |
|
WAYTOOBIG |
A synonym for PANIC. Retained for historical reasons. |
The below table shows the NETCONTROL command you can use with the PCNFSD server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
The below table shows the NETCONTROL commands you can use with the RACOON server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging level |
|
DELETE |
Delete an established key exchange session. |
|
ESTABLISH remote-ip-address [local-ip-address] |
Initiate key exchange protocol communication between the remote-ip-address and the local-ip-address. If local-ip-address is not specified then the value of MULTINET_HOST_NAME is used. This does not install security associations, but does the initial negotiation necessary to allow security associations to be established when necessary. It is not necessary to manually establish the negotiation information – RACOON will do it automatically when necessary. |
|
FLUSH |
Flush existing key exchange sessions. |
|
NOOP |
No operation |
|
SHOW |
Shows the current state of key negotiation between IP addresses |
|
SHUTDOWN |
Shutdown Racoon |
|
START |
Start Racoon |
|
STOP |
Stop Racoon (equivalent to SHUTDOWN) |
|
VERSION |
Version of the control interface |
The below table shows the NETCONTROL commands you can use with the RARP server.
|
Command |
Description |
|
DEBUG n |
Sets the RARP debugging level. The larger the number, the more verbose the output. |
|
RELOAD |
Reloads the RARP database. |
The below table shows the NETCONTROL commands you can use with NETCONTROL REXEC, NETCONTROL RLOGIN, or NETCONTROL RSHELL.
|
Command |
Description |
|
DEBUG |
Sets the R services debugging level. The larger the number, the more verbose the output. |
|
FLUSH-CACHE |
Flushes the R services authentication caches. |
|
SHOW-CACHE |
Prints the contents of the R services authentication caches. |
The below table shows the NETCONTROL commands you can use with the RPCBOOTPARAMS server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
RELOAD |
Reloads the RPC boot parameters for diskless hosts. |
The below table shows the NETCONTROL commands you can use with the RPCLOCKMGR server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
NOOP |
Does nothing; provided for testing the NETCONTROL server. |
|
RPCLOCKMGR-CONTROL-VERSION n |
Displays the version number of the RPC Lock Manager Control Server. |
|
SHOW n |
Shows the locks associated with this server. |
|
START |
Starts the RPC Lock Manager. |
|
STOP |
Stops the RPC Lock Manager. |
|
TIMERS n |
Displays the timers. |
The below table shows the NETCONTROL commands you can use with the RPCMOUNT server.
|
Command |
Description |
|
CLEAR |
Clears the database of clients that have file systems mounted. |
|
DEBUG n |
Sets the RPCMOUNT debugging level. The larger the number, the more verbose the output. |
|
DUMP |
Forces RPCMOUNT to write the current mount database to the on-disk cache; it is normally only written every few minutes. |
|
RELOAD |
Reloads export and restriction databases from the NFS.CONFIGURATION file. |
|
SHOW |
Prints the current mount database. |
The below table shows the NETCONTROL commands you can use with the RPC Portmapper server.
|
Command |
Description |
|
DEBUG n |
Sets the RPCPORTMAP debugging level. The larger the number, the more verbose the output. |
|
SHOW |
Prints the current portmap database. |
The below table shows the NETCONTROL command you can use with the RPCQUOTAD server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
The below table shows the NETCONTROL commands you can use with the RPCSTATUS server.
|
Command |
Description |
|
DEBUG n |
Sets the RPCSTATUS debugging level. The larger the number, the more verbose the output. |
|
RELOAD |
Reloads the RPCSTATUS database. |
|
SHOW |
Shows the parameters governing RPCSTATUS. |
|
SIMULATE-CRASH |
Causes the server to notify all monitoring clients that the system has crashed.
Do not use this command without first contacting Process Software Technical Support. |
The below table shows the NETCONTROL commands you can use with the SNMP server.
|
Command |
Description |
|
RELOAD |
Causes the SNMP Agent to reread the configuration file. |
|
SHUTDOWN |
Stops the SNMP Agent.
This command does not delete the service from the master server. It is still registered with NETCONTROL. |
|
SNMP-CONTROL-VERSION |
Prints the version number of the SNMP Agent component. |
|
START |
Starts a SNMP Agent that has been shut down by the SNMP SHUTDOWN command. |
The below table shows the NETCONTROL commands you can use with the SSH server.
|
Command |
Description |
|
DEBUG |
Toggles debugging on/off in all SSHD daemon processes running on the server. |
|
MASTER_RESTART |
Stops and restarts only the SSHD Master process. All other SSH processes and users are not affected. |
|
RESTART |
Stops and restarts the server. This stops not only the SSHD_MASTER process but also all SSHD processes running on the server, which has the effect of logging out all SSH sessions currently active on the server. |
|
SHOW |
Displays information on all executing daemon processes. For example:
BIGBOOTE_$ mu netcontrol ssh show
|
|
SHUTDOWN |
Stops the server. This stops not only the SSHD_MASTER process but also all SSHD processes running on the server, which has the effect of logging out all SSH sessions currently active on the server. |
|
START |
Starts the server. |
The below table shows the NETCONTROL commands you can use with the SYSLOG server.
|
Command |
Description |
|
DEBUG n |
Sets the debugging log level. |
|
RELOAD |
Reloads the configuration file. |
The below table shows the NETCONTROL commands you can use with the TELNET server.
|
Command |
Description |
|
DEBUG |
Sets the TELNET debugging level. The larger the number, the more verbose the output. |
|
TRACE n |
Sets the trace level. |
The below table shows the NETCONTROL commands you can use with the TFTP server.
|
Command |
Description |
|
DEBUG n |
Sets the TFTP debugging level. The larger the number, the more verbose the output. |
|
RELOAD |
Reloads the TFTP server parameters (the default TFTP directory and MULTINET:TFTP.FILENAME-TRANSLATIONS). |
|
SHOW |
Prints the current status of the TFTP server. |
|
SHOW-TRANSLATION |
Shows the TFTP file name translation table. |
The below table shows the NETCONTROL command you can use with the UCXQIO server.
|
Command |
Description |
|
DEBUG n |
Sets the UCXQIO debugging level. The larger the number, the more verbose the output. |
The below table shows the NETCONTROL commands you can use with the VIADECNET server.
|
Command |
Description |
|
DEBUG n |
Sets the VIADECNET debugging level. The larger the number, the more verbose the output. |
|
RELOAD |
Reloads the configuration from the network kernel. |
|
SHUTDOWN |
Stops the server. |
The below table shows the NETCONTROL commands you can use with the VIAPSI server.
|
Command |
Description |
|
DEBUG n |
Sets the VIAPSI debugging level. The larger the number, the more verbose the output. |
|
DISCONNECT interface-or-DTE |
Clears the X.25 connection for the given interface (for example, psi0) or peer DTE. |
|
IDLE seconds |
Sets the default connection-idle interval. |
|
RELOAD |
Checks the PSI devices for the configuration, and if changes were made, reinitializes the configuration. |
|
SHUTDOWN |
Stops the server; not yet implemented. |
The below table shows the NETCONTROL commands you can use with the XDM server.
|
Command |
Description |
|
DEBUG |
Sets the XDM debugging level. The larger the number, the more verbose the output. |
|
RELOAD |
Causes the XDM server to reload its configuration file. |
|
RESTART |
Restarts the XDM server. |
|
SHOW |
Shows the status of all managed displays. |
|
START |
Starts the server. |
|
SHUTDOWN |
Stops the server. |
|
XDM-CONTROL-VERSION |
Prints the version number of the XDM Control component. |
Dismounts a remotely mounted NFS file system.
MULTINET NFSDISMOUNT mount_device
mount_device
Specifies an NFSx: device associated with a remotely mounted file system.
/ALL [host_name]
Specifies that NFSDISMOUNT notifies remote systems that no file systems are currently mounted (this is usually used as part of the reboot procedure).
|
Note: NFSDISMOUNT/ALL does not dismount file systems, but rather notifies an NFS server that the local system does not have any mounted. If you do not specify host_name, NFSDISMOUNT broadcasts the request to the local network.
|
/LOG
Specifies that NFSDISMOUNT displays information when a dismount occurs.
This example shows how to dismount a remotely mounted file system attached to the local mount device NFS3:.
$ MULTINET NFSDISMOUNT NFS3:
Mounts a remote NFS file system so it can be used locally. NFSMOUNT requires CMKRNL, SETPRV, SYSPRV, SYSNAM, ALTPRI, DETACH, ACNT, and SYSLCK privileges.
MULTINET NFSMOUNT node::mount_point logical_name
node
Specifies the name of the computer serving the file system to the network.
mount_point
Specifies the portion of an NFS file system to be mounted. The format of the specified mount point depends on the server. Enclose mount_point in quotes if it contains special or lowercase characters.
logical_name
Specifies an OpenVMS logical name to assign to the mount device. OpenVMS users can access remote files using this logical name.
/FID_CACHE=size
Specifies the size (in bytes) of the File Identifier (FID) cache. Values range from 5 to 5000000. The default is 10000.
/LOCKING=([local,] [network])
Specifies the type of file locking used on the NFS-mounted file system.
· LOCAL - Specifies that OpenVMS file-locking operations will only be consistent on the local system.
· NETWORK - Uses the NFS Network Lock Manager to obtain consistent file locking between all NFS clients. Use of the /LOCKING=NETWORK qualifier adds protocol overhead.
If you specify both LOCAL and NETWORK, network locking is attempted; if the remote lock manager cannot be contacted, local locking is used.
/PAGEFILE=pages
Specifies the page file quota for the NFS_CLIENT_ACP process. This process is created when the first NFS file system is mounted. This qualifier is ignored on subsequent mounts. The default is 65535 pages.
/PORT=port_number
Specifies the remote port to connect to for NFS service.
/PRIORITY=priority
Specifies the base process priority of the NFS_CLIENT_ACP process created when the first NFS file system is mounted. The qualifier is ignored on subsequent mounts. The default is 7.
/PROCESSOR={UNIQUE | SAME}
Determines whether a separate ACP process is created for every NFS device. This mechanism allows NFS devices to function in parallel so that one NFS device does not have to wait for an NFS operation on another NFS device to complete. Multiple ACPs allow for multiple outstanding I/O, and operations happen in parallel.
A setting of UNIQUE creates a separate NFS_CLIENT_n process for each mount, where n is the number of the NFS device (such as NFS_CLIENT_2, which corresponds with the device NFS2).
A setting of /PROCESSOR=SAME=nfs_device assigns the mount to the same ACP process as the specified nfs_device. For example, /PROCESSOR=SAME=NFS3 assigns this mount to the NFS_CLIENT_3 ACP process.
Any mounts specified without the /PROCESSOR qualifier use a single, default process.
It is recommended that you use the /PROCESSOR qualifier to group mounts based on the remote server. That way, if the server goes down, it does not cause access to other servers to hang. (You can use the /SOFT qualifier to permit NFS operations to time out instead of hanging indefinitely.)
/READ_SIZE=read_size
Specifies the maximum size of the read operations the NFS client performs. The default, 8192, is correct for most servers.
/RELOAD
Instructs the NFS client software to reload its UID translation table from the NFS configuration file.
[ advisory_close, ]
[ case_insensitive_filenames, ]
[ nofdl_files, ]
[ nolinks, ]
[ nostream_conversion, ]
[ nounique_fileno, ]
/SEMANTICS=( [ noversions, ]
[ novms_access_checking, ]
[ preserve_dates, ]
[ upper_case_default, ]
[ vms_filenames, ]
[ vms_server, ]
Specifies the capabilities and characteristics of the NFS server that control the behavior of the MultiNet NFS client, as described in the following table.
|
Attribute |
Description |
|
ADVISORY_CLOSE |
Sends a VMS server a command to close the file when there are no more references to it on the client. |
|
CASE_INSENSITIVE_FILENAMES |
Specifies that UNIX files accessed by an OpenVMS system not have their file names converted using the conversion characters (see HELP MULTINET File_Name_Character_Map for a list of these characters).
Use this option when an NFS server treats all file names as case-insensitive. When this option is set, all file names accessed through NFS are converted to lowercase. When returned to the server, they are handled in lowercase. The NFS server must be able to accept lowercase file names. This option is disabled by default. |
|
NOFDL_FILES |
Disables the use of .$fdl$ files by the MultiNet NFS client to store RMS attributes. This option must be used if the NFS server doesn't allow these file names. Its use severely limits the ability of the NFS client to store record attributes. |
|
NOLINKS |
Disables the automatic creation of hard links to the latest version of a file. The NFS client normally uses a hard link operation to link the top version of a file name foo.bar;12 to the unversioned name foo.bar for more convenient access from the NFS server side. This option may be used either to reduce the overhead in creating it or if the NFS server does not support hard links. |
|
NOSTREAM_CONVERSION |
Disables the automatic conversion of text files to STREAM format. The NFS client normally converts requests to create Variable Length Record Carriage Return Carriage Control files into requests to create Stream files. This option disables this conversion. |
|
NOUNIQUE_FILENO |
Specifies whether or not the NFS server is to generate unique file
numbers for each file (most NFS servers do). If the client knows that file
numbers are unique, it uses a faster algorithm to refresh stale directory
entries in the cache. Use of this qualifier disables the faster refresh
algorithm, and is equivalent to the |
|
NOVERSIONS |
Disables support for multiple file versions. The NFS client normally stores multiple versions of OpenVMS files by using the semicolon character in the file name on the NFS server side. You must use this option to disable the ability to create multiple versions of files if the NFS server does not support file names with the semicolon character. |
|
NOVMS_ACCESS_CHECKING |
Specifies that the client does not perform a full OpenVMS access check, including a check for ACLs and security alarms. If this option is not specified, the NFS client considers ACLs and security alarms when granting or denying access. |
|
PRESERVE_DATES |
Allows you to store VMS-style dates and times for files. |
|
UPPER_CASE_DEFAULT |
Assumes file names are in uppercase on the server until it sees the $ character used to toggle case. |
|
VMS_FILENAMES |
Specifies that the NFS client should not perform the usual mapping between OpenVMS and UNIX-style file names. This option can be used to permit all OpenVMS file names to be stored using the NFS client; however, its use prevents the NFS client from being used to access files which do not conform to the OpenVMS file name conventions. |
|
VMS_SERVER |
Specifies that the NFS server is a MultiNet NFS server of revision V3.0 or later and supports OpenVMS-specific extensions to the NFS protocol to store file attributes. If the NFS server does not support these extensions, the mount will fail. This option is equivalent to the /VMS_SERVER qualifier and overrides any other semantics specified. |
/SOFT
Specifies that, if the NFS client is unable to reach the NFS server after the time period specified by /TIMEOUT, an error is returned to the user (SS$_UNREACHABLE). If the file system is mounted without the /SOFT qualifier, the NFS client retries the operation forever.
/TIMEOUT=timeout
Specifies the total time, in tenths of a second, that it takes for an RPC request to timeout. Retries are attempted via UDP for an interval of one-fifth the value specified for /TIMEOUT. The minimum value allowed for this setting is 30 tenths of a second. /TIMEOUT does not affect TCP timeouts.
/TRANSPORT=( [ tcp | udp] )
Specifies the underlying transport used for the NFS requests. (The default is UDP if /TRANSPORT is not specified.) The TCP transport can be used with servers that support it. If you specify both transports, TCP is tried first; if it fails, the mount uses UDP.
/UNIQUE_FILENO (default)
/NOUNIQUE_FILENO
Specifies whether or not the NFS server is to generate unique file numbers for each file (most NFS servers do). If the NFS client knows that file numbers are unique, it uses a faster algorithm to refresh stale directory entries in the cache. The /NOUNIQUE_FILENO qualifier is equivalent to /SEMANTICS=NOUNIQUE_FILENO.
/VMS_SERVER
Specifies that the NFS server is a MultiNet NFS server of revision V3.0 or later and supports OpenVMS-specific extensions to the NFS protocol to store file attributes. If the NFS server does not support these extensions, the mount fails. This qualifier is equivalent to /SEMANTICS=VMS_SERVER and overrides any other semantics specified.
/VOLUME=volume_name
Specifies the display name of the mounted volume (which appears via SHOW DEVICE). (The default is the remote mount_point name.)
/WRITE (default)
/NOWRITE
Specifies whether or not the file system is to be mounted for both read and write access. /NOWRITE prevents users from modifying the file system.
/WRITE_SIZE=write_size
Specifies the maximum size of packets written by the NFS client. The default, 8192, is correct for most servers.
/WSEXTENT=pages
Specifies the working set extent for the NFS_CLIENT_ACP process. This process is created when the first NFS file system is mounted. The qualifier is ignored on subsequent mounts. The default is 20000 pages.
/WSQUOTA=pages
Specifies the working set quota for the NFS_CLIENT_ACP process. This process is created when the first NFS file system is mounted. The qualifier is ignored on subsequent mounts. The default is 2000 pages.
This example shows how to mount the remote file system /usr on the server named "sunset" on the local mount device NFS3:.
$ MULTINET
NFSMOUNT SUNSET::"/usr" disk$sunset
%NFSMOUNT-I-MOUNTED, SUN::/ufs NFS mounted on _NFS3:
$
This example illustrates the use of /PROCESSOR=UNIQUE, creating four ACP processes - one for each device.
$ MULTINET NFSMOUNT/VMS/PROCESSOR=UNIQUE SCOOBY::USERS: SCOOBY1
$ MULTINET NFSMOUNT/VMS/PROCESSOR=UNIQUE SCOOBY::USERS2: SCOOBY2
$ MULTINET NFSMOUNT/VMS/PROCESSOR=UNIQUE SHAGGY::USERS: SHAGGY1
$ MULTINET NFSMOUNT/VMS/PROCESSOR=UNIQUE SHAGGY::USERS2: SHAGGY2
This example illustrates the use of /PROCESSOR=SAME. In this example, all access to the server named SCOOBY goes through one ACP process, and all access to SHAGGY goes through another process.
$ MULTINET NFSMOUNT/VMS SCOOBY::USERS: SCOOBY1
$ MULTINET NFSMOUNT/VMS/PROCESSOR=SAME=SCOOBY1 SCOOBY::USERS2: SCOOBY2
$ MULTINET NFSMOUNT/VMS SHAGGY::USERS: SHAGGY1
$ MULTINET NFSMOUNT/VMS/PROCESSOR=SAME=SHAGGY1 SHAGGY::USERS2: SHAGGY2
Performs test queries on the domain name service (DNS) system. When invoked with no parameters, MULTINET NSLOOKUP allows commands to be run interactively. The below table lists the commands that can be run in interactive mode.
|
Command |
Description |
|
name |
Prints information about name using the default server. |
|
name server |
Prints information about name using server. |
|
exit |
Exits NSLOOKUP. |
|
finger [user] |
Finger the optional user at the current default host. |
|
help or ? |
Prints help information. |
|
set all |
Prints the current status of all options. |
|
set class=class |
Sets the query class to one of these: IN, CHAOS, HESIOD, or ANY. |
|
set [no]debug |
Prints debugging information. |
|
set [no]d2 |
Prints exhaustive debugging information. |
|
set [no]defname |
Appends the domain name to each query. |
|
set [no]recurse |
Asks for a recursive answer to a query. |
|
set [no]vc |
Always uses a virtual circuit. |
|
set domain=name |
Sets the default domain name to name. |
|
set port=port |
Sets the port number on which to send a query. |
|
set root=name |
Sets the root name server to name. |
|
set retry=n |
Sets the number of retries to n. |
|
set srchlist=name1 |
Sets the domain to name1 and the search list to name1 through name6. |
|
set timeout=n |
Sets the timeout interval to n. |
|
set query-type=type or set type=type |
Sets the resource record (RR) type to query for. |
|
server name |
Sets the default server to name, using the current default server. |
|
lserver name |
Sets the default server to name, using the original default server. |
|
root |
Sets the current default server to the root. |
|
ls [ option] name [>file] |
Lists the domain name, with output
optionally going to file.
-a List fully-qualified names and aliases |
MULTINET NSLOOKUP [name] [nameserver]
name
Specifies a host or domain name.
nameserver
Specifies the name server to query.
/CLASS=recordclass
Specifies which class records are asked for. Valid classes are ANY, IN, CHAOS, and HESIOD. (The default is /CLASS=IN, Internet records.)
/DEBUG
/NODEBUG (default)
Causes the resolver to print debugging information, including formatted responses.
/DEBUG2
/NODEBUG2 (default)
Causes the resolver to print formatted queries, and additional, less useful debugging information.
/DEFNAMES (default)
/NODEFNAMES
Specifies that the resolver adds this system's domain name to any name not explicitly terminated with a period. /DEFNAMES is the default.
/DNSRCH (default)
/NODNSRCH
Specifies that the resolver searches up the domain tree from this system's name for any name not explicitly terminated with a period.
/DOMAIN=domainname
Specifies a default domain other than the domain of this host.
/IGNTC
/NOIGNTC (default)
Tells the resolver to ignore truncation in responses.
/PORT=port
Specifies a port other than the standard nameserver port of 53.
/RECURSE (default)
/NORECURSE
Requests that the name server use recursion to answer the query.
/RETRY=retrycount
Specifies the number of retries the resolver makes when querying a name server via UDP (by default, 4).
/ROOT_SERVER=rootservername
Specifies a root name server other than A.ROOT-SERVERS.NET.
/TIMEOUT=seconds
Specifies a different period to wait for responses. The default is 4 seconds.
/TYPE=recordtype
Specifies which type resource records are asked for. The default is /TYPE=A (address records).
All standard DNS record types are supported. The table below
gives a partial list of valid values for the
/TYPE qualifier.
|
Resource Record |
Description |
Resource Record |
Description |
|
A |
Address records |
MR |
Mail rename domain name |
|
ANY |
Any |
MX |
Mail exchanger |
|
AXFR |
Zone transfer |
NS |
Authoritative name server |
|
CNAME |
Fully-qualified name for an alias |
PTR |
Domain name pointer |
|
GID |
Group ID |
SOA |
Start of a zone of authority |
|
HINFO |
Host information |
TXT |
Arbitrary text |
|
MAILB |
Mailbox for a user |
UID |
User ID |
|
MB |
Mailbox domain name |
UINFO |
Arbitrary user information |
|
MG |
Mail group member |
WKS |
Well-known service description |
|
MINFO |
Mailbox or mail list information |
|
|
/VC
/NOVC (default)
Specifies that the resolver uses virtual circuits instead of datagram queries.
Performs dynamic updates to the domain name service (DNS) server. NSUPDATE can read commands from a specified file or from the terminal.
NSUPDATE can be used with the UNIX-style syntax by defining it as a foreign command:
$ NSUPDATE :== $MULTINET:NSUPDATE
Both the UNIX-style options and the OpenVMS qualifiers are listed below.
NSUPDATE reads input records, one per line, each line contributing a resource record to an update request. All domain names used in a single update request must belong to the same DNS zone. A blank line causes the accumulated records to be formatted into a single update request and transmitted to the zone's authoritative name servers. Additional records may follow, which are formed into additional, completely independent, update requests. For the last request to be transmitted, a blank line must end the input.
Records take one of two general forms:
· Prerequisite records specify conditions that must be satisfied before the request will be processed.
· Update records specify changes to be made to the DNS database.
An update request consists of zero or more prerequisites and one or more updates. Each update request is processed atomically, that is, all prerequisites must be satisfied before all updates will be performed.
NSUPDATE understands the input record formats listed in the below table:
|
Command |
Description |
|
prereq nxdomain name |
Requires that no RR of any type exists with name name. |
|
prereq nxrrset name [class] type |
Requires that no RR exists of the specified type and name. |
|
prereq yxdomain name |
Requires that at least one RR named name must exist. |
|
prereq yxrrset name [class] type [data...] |
Requires that a RR exists of the specified type and name. If data is specified, it must match exactly. |
|
update add name ttl [class] type data... |
Adds a new RR with specified ttl, type, and data. |
|
update delete name [class] [type [data...]] |
Deletes RRs named name. If type (and possibly data) is specified, only matching records will be deleted. |
MULTINET NSUPDATE [filename]
filename
Specifies a file containing NSUPDATE commands to be executed.
-d
/DEBUG
/NODEBUG (default)
Causes the resolver to print debugging information.
-k keydir+keyname
/KEY=(KEYNAME=key[,KEYDIR=directory])
Specifies a TSIG key for NSUPDATE to use to sign its updates. The default value for KEYDIR is the current default directory.
Note: On Unix, the syntax is keydir:keyname. On OpenVMS, the colon is replaced by a plus sign (+). The keyname must be specified to match the key and private filenames, with periods instead of dollar signs. This may not match the domain name if DNSKEYGEN had to abbreviate it to fit into an OpenVMS file name.
-v
/VC
/NOVC (default)
Specifies that the resolver uses virtual circuits (TCP) instead of datagram (UDP) messages.
The following example illustrates the interactive use of NSUPDATE to change an IP address by deleting any existing A records for a domain name and then inserting a new one. Since no prerequisites are specified, the new record will be added even if there were no existing records to delete.
|
Note: The trailing blank line is required to process the request.
|
$ multinet
nsupdate
> update delete test.example.com A
> update add test.example.com 3600 A 10.1.1.1
>
In this example, a CNAME alias is added to the database only if there are no existing A or CNAME records for the domain name.
$ multinet
nsupdate
> prereq nxrrset www.example.com A
> prereq nxrrset www.example.com CNAME
> update add www.example.com 3600 CNAME test.example.com
>
Sends ICMP Echo Request packets to the specified host to measure network packet loss and latency. MULTINET PING returns the following status codes:
|
Status Code |
Description |
|
SS$_NORMAL |
Successful PING. |
|
SS$_IVBUFLEN |
An invalid length was specified on the /DATA_LENGTH qualifier. The maximum value is 65468. |
|
SS$_NOSUCHNODE |
Failed attempt to PING an unknown host. |
|
SS$_PROTOCOL |
Remote system is not configured to support ICMP. |
|
SS$_NOPRIV |
Access to PING denied by the system manager. |
|
SS$_DATALOST |
Some PING responses were received, but some were lost; that is, a PING success rate of less than 100%. |
|
SS$_UNREACHABLE |
No responses were received. |
MULTNET PING6 performs the same function for IPv6 networks, sending ICMP6 packets over IPv6.
MULTINET PING host
host
Specifies the host to ping.
/ADDRESSES
Sends a node information query packet instead of an ICMP6 echo request to request the addresses which the host responds to. Not all systems support node information query packets. This qualifier is only valid for MULTINET PING6.
/DATA_LENGTH=number-of-bytes
Specifies the number of bytes of data to attach to ICMP Echo Request packets. If not specified, a reasonable default value is supplied. Increase the data length to check for gateways that do not fragment IP packets correctly.
/DEBUG
/NODEBUG (default)
Enables socket-level debugging in the MultiNet kernel. This qualifier is usually only useful for debugging the MultiNet kernel.
/IPV6
Specifies that an IPv6 ping is desired. (The default is IPv4.)
/FLOOD
Indicates that MULTINET PING is used to flood the network with ICMP Echo packets. MULTINET PING /FLOOD transmits these packets 100 times per second or whenever a response is received. Requires SYSPRV privilege.
/NUMBER_OF_PACKETS=number_of_packets_to_send
Specifies the number of ICMP echo responses received before terminating. If not specified, MULTINET PING runs until you press Ctrl/C.
/PRELOAD=number_of_packets_to_send
Specifies the number of packets sent in rapid succession before entering the normal mode of operation.
/QUIET
/NOQUIET (default)
Causes MULTINET PING to not display information when packets are received.
/RECORD_ROUTE
Displays a list of IP routers that the ICMP Echo Request packets traverse. This qualifier uses the IP record route option to display a list of IP routers that the ICMP echo request packet traverses. Not all implementations of IP handle this option correctly, so the use of /RECORD_ROUTE may result in a garbled response.
/ROUTE (default)
/NOROUTE
Disables IP routing of ICMP packets. The default, /ROUTE, allows IP routing to get the packet to destinations separated by gateways.
/VERBOSE
/NOVERBOSE (default)
Displays extra information as ICMP packets are sent or received.
This example shows using PING to test the round-trip delay to a distant host.
$ MULTINET
PING WWW.EXAMPLE.COM
PING WWW.EXAMPLE.COM (192.168.64.3) : 56 data bytes
64 bytes from 192.168.64.3: icmp_seq=1 time=670 ms
64 bytes from 192.168.64.3: icmp_seq=2 time=670 ms
64 bytes from 192.168.64.3: icmp_seq=3 time=670 ms
64 bytes from 192.168.64.3: icmp_seq=4 time=650 ms Ctrl/C
----WWW.EXAMPLE.COM PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round trip (ms) min/avg/max = 650/663/670
Uses the TCP TIME service to query a remote system for the current time and sets the clock on the local system to that time.
MULTINET RDATE host
host
Specifies the name or Internet address of the host to query.
/DELTA
/NODELTA (default)
Displays the time difference between the local and remote hosts, expressed in standard VMS time format.
/LOG
/NOLOG
Displays a message indicating that the time has been set. The /NOLOG qualifier suppresses this message.
/SET
/NOSET
RDATE usually sets the VMS time; /NOSET retrieves, but does not set, the current time.
Provides local access to a remote tape or CD-ROM device on the specified remote host. RMTALLOC does not actually read from or write to the magnetic tape, or read from the CD-ROM; other programs supplied with the VMS Operating System provide this support. Optionally, RMTALLOC can associate a logical name with the device.
MULTINET RMTALLOC host.domain[::][["]device-name["]] [logical-name[:]]
host.domain
Specifies the remote host name on which the tape or CD-ROM device is allocated (the domain name - either just the domain name or the fully qualified domain name - of the remote host).
device-name
Specifies an optional device name entered with single or double colons. If the device name contains special characters, such as a UNIX-style device name (/dev/rst8), enclose the name in double quotes ("/dev/rst8").
logical-name
Specifies the name associated with the device. Use a name you created or one designated by your system manager. The string is from 1 to 255 alphanumeric characters. If the string contains spaces, enclose the string in single quotes. (Do not use trailing colons.) The logical name you specify becomes a process name, with the device name as the equivalence name. The logical name remains defined until it is explicitly deleted or until your process terminates.
/CD
/NOCD (default)
Specifies that the remote device is a CD-ROM rather than a tape device. When /CD is specified, the local device takes the RCDxxx: name. When /NOCD is specified, the local device takes the RMTxxx: name. The remote system is tested to ensure that the specified device type exists; if not, an error displays and RMTALLOC fails.
|
Note: /CD cannot be used with either the /SEMANTICS or /WRITE qualifiers.
|
/LOG (default)
/NOLOG
Displays a message indicating the name of the local device allocated, and the official host name of the remote host and device name.
/PASSWORD[=password]
Specifies the password to use to access the remote host. You may optionally specify the password as the qualifier value (which is not recommended). Specifying /PASSWORD without the value causes the password to be prompted for and read without echoing it (if the current input device supports it). If present, this qualifier causes RMTALLOC to use the REXEC server on the remote host rather than the RSHELL server.
[ blocksize=blocksize ]
[ comment="comment" ]
[ density=density ]
/SEMANTICS= [( [ label="label" ] )]
[ [no]mount ]
[ [no]rewind ]
[ [no]unload ]
Specifies attributes for a magnetic tape device. Do not use with the /CD qualifier. Enter keywords separated by commas and enclosed in parentheses. These values pass information to the system operator at the remote system. For example, the values in LABEL and COMMENT display on the remote system console and request that the tape name indicated by LABEL be mounted.
|
Attribute |
Description |
|
BLOCKSIZE |
Specifies the remote tape blocksize. |
|
COMMENT |
Specified as a string enclosed in double quotes; the information is displayed in the remote OPCOM message, either appended to or replacing the default text, depending on whether the resulting length is less than the maximum of 78 characters. Supplying the COMMENT value is the only way you can send a tape-specific message to the remote operator.
The OPCOM message from the DCL MOUNT/COMMENT command is not passed to the remote RMT server; this message is only sent to OPCOM for a local operation. The default RMTALLOC command causes the remote tape to be mounted foreign, causing an OPCOM message to be generated if the tape drive is offline.
The default RMTALLOC command is equivalent to the RMTALLOC
Without the comment, RMTALLOC provides user, node, and device information, as shown in this example:
%%% OPCOM 25-MAR-2018 11;24:35.46 %%%
|
|
DENSITY |
Specifies the density in bits per inch (BPI). |
|
LABEL |
Indicates the name by which the tape is known to the remote system. This could be your name, a site-specific numbering scheme, and so on. |
|
[NO]MOUNT |
Indicates whether the tape needs to be mounted. This option does not replace the MOUNT command; it only means that RMTALLOC should continue until the remote tape is mounted. |
|
[NO]REWIND |
Indicates whether the tape must be rewound before or after use. |
|
[NO]UNLOAD |
Indicates whether the tape must be unloaded from the drive after use. |
|
Note: The remote tape drive must be able to write variable length blocks to permit VMS BACKUP to work correctly. Sun QIC tapes cannot do this and do not work with the VMS BACKUP utility. The RMTALLLOC /SEMANTICS=NOMOUNT command does not work correctly with multivolume BACKUP save sets. When using RMTALLOC to allocate a remote VMS TMSCP tape drive, the VMS COPY utility cannot copy files from a tape if the TMSCP tape drive is served from a different node than the one specified in the RMTALLOC command.
|
/TRUNCATE_USERNAME
/NOTRUNCATE_USERNAME (default)
Truncates VMS user names to eight characters or less. Under UNIX, the remote user name has a maximum of eight characters. If a longer user name is supplied to such a system, a "remuser too long" error results and RMTALLOC fails.
/UNIX_SERVER=value
Specifies that RMTALLOC provide special handling for systems with problematic tape devices. Accepted values are:
|
Value |
Description |
|
BROKEN |
Enables one OpenVMS BACKUP save set to be written to a remote UNIX tape. Use this value for SunOS 4.1 and SunOS 4.1.2. May also be useful on other UNIX-incompatible tapes and servers. |
|
UNIX |
Enables full OpenVMS tape functionality on an ULTRIX tape drive. |
/USERNAME=remote-username
Specifies the remote user name to which you want to log in. If not specified, the default is the user name associated with your process.
/VMS_ATTRIBUTES (default)
/NOVMS_ATTRIBUTES
Verifies whether the remote RMT server is also running MultiNet. If it is, RMT uses an improved RMT protocol to transfer VMS device attributes and I/O completion status values between your system and the remote host. Because this negotiation is compatible with UNIX implementations of RMT (including BSD and SunOS), it is enabled by default, but may be disabled if compatibility problems arise.
/WRITE (default for mag tapes)
/NOWRITE (default for CD-ROMs)
Specifies that the tape is not write-protected; if /NOWRITE is specified, the tape is write-protected. /WRITE cannot be specified with /CD.
This example illustrates the use of the VMS TAR utility. (VMS TAR is a public domain program available from CETS.) First the tape is allocated with RMTALLOC, then the drive is mounted. Next, a file is written to the tape, the tape contents are listed, and the file is extracted back from the tape. Finally, the tape is dismounted and deallocated.
$ RMTALLOC
CONE.EXAMPLE.COM::MUA0: MYTAPE
%RMT-I-ALLOC, _MYSYS$RMT1: allocated (CONE.EXAMPLE.COM::MUA0:)
$ MOUNT
/FOREIGN /RECORD_SIZE=512 /BLOCK_SIZE=10240 MYTAPE
%MOUNT-I-MOUNTED, MYTAPE mounted on _MYSYS$RMT1:
$ TAR
/ARCHIVE=MYTAPE WRITE AFILE.TXT
%TAR-S-WRITTEN, written USERS:[ME]AFILE.TXT;1 (13495 bytes)
%TAR-S-TOTWRITE, total of 1 file written
$ TAR
LIST /ARCHIVE=MYTAPE
Listing of archive _MYSYS$RMT2:
-rw------ 0/ 0 13495 24 Apr 2018 14:31 afile.txt
Total of 1 files listed, 1 files in archive.
$ TAR
/ARCHIVE=MYTAPE EXTRACT AFILE.TXT
%TAR-S-TOTCREAT, total of 0 files created, 1 file scanned
$ DISMOUNT _MYSYS$RMT1:
$ DEALLOCATE _MYSYS$RMT1:
This example illustrates how to allocate access to a UNIX tape.
$ RMTALLOC
FOO::"/deV/rst42" UNIXTAPE
%RMT-I-ALLOC, _MIURA$RMT7: allocated (FOO.EXAMPLE.COM::/dev/rst8)
$
This example allocates remote UNIX operating system tape device /dev/rst42 on host FOO.EXAMPLE.COM and associates UNIXTAPE with the _MIURA$RMT7 local pseudo-device.
$ RMTALLOC/CD/NOWRITE
CONTROL::DISK$CD: DISK$CONTROL_CD/USER=SYSTEM
%RMT-I-ALLOC _GRUB$RCD3: allocated (CONTROL.EXAMPLE.COM::DISK$CD:)
$
MOUNT/OVER=ID DISK$CONTROL_CD:
%MOUNT-I-WRITELOCK, volume is write locked
%MOUNT-I-MOUNTED, VMS055LST1 mounted on _GRUB$RCD3:
$ DISMOUNT DISK$CONTROL_CD:
$ DEALLOCATE
DISK$CONTROL_CD
$
This example allocates a CD-ROM for access between two VMS systems. The drive is allocated, mounted, dismounted, and deallocated.
The next example allocates a CD-ROM drive on a remote machine running UNIX.
$ RMTALLOC
/CD/NOWRITE SYS1:: DISK$SYS1_CD/USER=ROOT
%RMT-I-ALLOC, _GRUB$RCD3: allocated (SYS1.EXAMPLE.COM::/dev/rsr0)
$ MOUNT
/OVER=ID DISK$MEL_CD:
%MOUNT-I-WRITELOCK, volume is write locked
%MOUNT-I-MOUNTED, VMS055LST2 mounted on _GRUB$RCD3:
$ DISMOUNT DISK$MEL_CD:
$ DEALLOCATE
DISK$MEL_CD:
$
This example allocates a UNIX CD drive. The device name defaults to /dev/rsr0. You could specify another device name, using the same example with the SYS1::"/dev/rsr42" value in the RMTALLOC command. After the device is allocated in the previous example, it is mounted, dismounted, and finally deallocated.
The next example allocates a tape and then invokes BACKUP to write to it.
$ REPLY /ENABLE
$ RMTALLOC
COMMENT="PLEASE MOUNT TAPE #A1234" WHORFIN::MKA500: TAPE
%%%%%%%%%% OPCOM 25-MAR-2018 11:24:35.46 %%%%%%%%%%%
(FROM NODE WHORFIN AT 25-MAR-2018 11:24:35.44)
REQUEST 87, FROM USER HOLMES ON WHORFIN
Please mount device _WHORFIN$mka500:
RMT tape service request from WHORFIN.EXAMPLE.COM
Please mount tape #A1234
%%%%%% OPCOM 25-MAR-2018 11:25:29.12 %%%%%%%%%%%
(FROM NODE HOLMES
25-MAR-2004 11:25:29.12)
REQUEST 87 WAS SATISFIED.
%RMT-I-ALLOC, _HOLMES$RMT2: ALLOCATED (WHORFIN.EXAMPLE.COM::MKA500:)
$ INIT TAPE: FOO
$ BACKUP/LOG/INGORE=LABEL/VERIFY
USERS:[ATMA.TEST]*.EXE;0 TAPE:EXES.BCK/SAVE
%MOUNT-I-MOUNTED, FOO MOUNTED ON _HOLMES$RMT2:
. .
$ BACKUP/LOG/IGNORE=LABEL/VERIFY
USERS:[ATMA.TEST]*.H;0 TAPE:H.BCK/SAVE
. .
$ BACKUP/LOG/INGORE=LABEL/VERIFY
USERS:[ATMA.TEST]*.C;0 TAPE:C.BCK/SAVE
. .
$ DISMOUNT/NOUNLOAD TAPE:
$ MOUNT/OVER=ID
TAPE:
%MOUNT-I-MOUNTED, FOO MOUNTED ON _HOLMES$RMT2:
$ DIR
TAPE:
DIRECTORY _HOLMES$RMT2:[]
EXES.BCK;1 H.BCK;1 C.BCK;1
TOTAL OF 3 FILES.
$ DISMOUNT TAPE:
$ DEALL
TAPE:
$
This example allocates access to a tape, then writes to it.
When issuing a RMTALLOC to a remote MultiNet system, the remote tape drive must be online with the tape physically loaded. Otherwise, RMTALLOC fails with the error, %SYSTEM-F-MEDOFL, medium is offline.
You can override this default with the /SEMANTICS=MOUNT qualifier. RMTALLOC does not complete until a tape has physically been loaded and the tape drive is online. Use the /SEMANTICS=COMMENT keyword to specify a mount message to send to the operator via OPCOM.
Uses Remote Procedure Calls (RPCs) to send a network broadcast message to all users on the specified host. If you specify the host as an asterisk (*), the message is broadcast to all hosts on Ethernets to which the local host is attached.
MULTINET RWALL [qualifier1] [qualifier2 . . . ] ["message_text"]
RWALL messages are only received on hosts that support RWALL service.
message_text
Contains the message to broadcast.
/HEADER[="header_text"]
/NOHEADER
Adds header text to the specified message. If you use the /NOHEADER qualifier, RWALL does not preface any header text to the specified message. By default, the header is prefaced with "Broadcast message from username@hostname:", although you may specify any header text as the value of this qualifier.
/HOST=[hostname]
Specifies the host on which the message is displayed. The default is /HOST=LOCALHOST, which prints the message on the host from which the RWALL command was invoked. If you specify the qualifier as /HOST=*, the network broadcast displays on all directly reachable hosts on all connected networks that support broadcasting. /HOST=* is most appropriate for network-wide system shutdown messages.
This example shows how to broadcast a shutdown message to users on the local host.
$ MULTINET
RWALL "Node ROMEO is shutting down"
RWALL MESSAGE:
Broadcast message from HOLMES@ROMEO: Node ROMEO is shutting down
Modifies Address Resolution Protocol (ARP) tables. These tables are normally modified dynamically by the ARP protocol. Use with MULTINET SHOW /ARP to view the contents of the ARP table.
/ADD=(PROTOCOL=protocol,HOST_ADDRESS=host_addr, ETHER_ADDRESS=ether_addr)
Adds a specified host-to-Ethernet address translation to the ARP tables. The PROTOCOL specification identifies which protocol (IP, for example) is being described. The HOST_ADDRESS specification gives the host address in IP form. The ETHER_ADDRESS specification gives the hardware Ethernet address in the form aa:bb:cc:dd:ee:ff, where aa through ff are specified in hexadecimal. If not specified, the default is PROTOCOL=IP.
/COMMUNITY_NAME=string
Overrides the default community string (private) for remote SNMP SET requests. The /SNMP_HOST qualifier must be present if the /COMMUNITY_NAME qualifier is specified.
/DELETE=host
Deletes the specified host-to-Ethernet address translation from the ARP tables.
/FLUSH
Flushes the current ARP table. By default only temporary entries are flushed. If the qualifier /PERMANENT is specified, all entries are flushed.
/PERMANENT
/TEMPORARY (default)
Indicates that the translation to be added is kept (or deleted) permanently (used with the /ADD or /FLUSH qualifiers). The default (/TEMPORARY) indicates that this entry is considered for normal ARP table purging of old entries.
/PROXY
Used with the /ADD qualifier, indicates that the translation to the local host's Ethernet address is published on behalf of another host.
/PUBLISH
Indicates that the translation to be added is published on behalf of another host (that is, this host should answer with the specified translation on behalf of the other host). This qualifier is used with the /ADD qualifier.
/SNMP_HOST=hostname
Specifies the host affected by the MULTINET SET /ARP command. The SNMP agent on the remote host must support read-write access to elements of the MIB-II variable ipNetToMedia.
This example displays the contents of the ARP table. Note: if the host name and IP address are longer than the "Host Network Address" field, they are truncated to fit.
$ MULTINET
SHOW /ARP /SYMBOLIC=NAMESERVER
Multinet ARP table:
Host Network Address Ethernet Address Arp Flags
---------------------- ---------------- ---------
FSGATE.CC.EXAMPLE.COM (IP 128.0.33.123 AA:00:04:00:79:4C Temporary
EXPLORER.ME.EXAMPLE.COM (IP 128.0.41.1 08:00:11:00:90:B0 Temporary
GOOFY.CC.EXAMPLE.COM (IP 128.0.83.122) 08:00:20:01:27:6D Temporary
BEGWS2.BEG.EXAMPLE.COM (IP 128.0.30.23 AA:00:04:00:65:4C Temporary
ARPAGATEWAY.EXAMPLE.COM (IP 128.0.11.2 AA:00:04:00:0F:4C Temporary
PORTAL1.CC.EXAMPLE.COM (IP 128.0.19.10 08:00:4C:00:23:CE Temporary
WILMA.CC.EXAMPLE.COM (IP 128.0.7.125) AA:00:04:00:64:4C Temporary
FS4.CC.EXAMPLE.COM (IP 128.0.19.251) AA:00:04:00:12:4C Temporary
This example is often used to solve a problem that occurs in environments with a mixture of UNIX 4.2 BSD and 4.3 BSD systems. 4.2 BSD systems use zero-filled (nn.mm.0.0) IP broadcast addresses, while 4.3 BSD systems use ones-filled (nn.mm.255.255) broadcast addresses. To prevent 4.2 BSD systems from creating Ethernet "broadcast storms" when they issue ARP requests for the 4.3 BSD broadcast address, the above command publishes an ARP translation for the ones-filled broadcast address.
$ MULTINET
SET /ARP /ADD=(HOST=128.0.255.255,-
PROTOCOL=IP, ETHER=0:0:D:E:A:D) /PUBLISH
$
This example flushes all temporary ARP table entries.
$ MULTINET SET /ARP /FLUSH
$
Configures the DECnet TCPAx: devices for running DECnet-over-UDP circuits.
/BUFFERS=buffercount
Specifies the number of buffers the driver preallocates for this device (by default, 6).
/CLOSE
Shuts down and deletes a socket created with the socket() routine. After issuing a CLOSE command, the socket cannot be used again until the MULTINET SET/DECNET command is reissued.
/CONNECT
Issues a connect() call to bind the remote address of the socket to the address specified in /REMOTE_ADDRESS.
/DEVICE=device
Specifies the DECnet device name (by default, TCPA0:).
/FILTER_OUT_OF_ORDER=AUTOMATIC (default)
/FILTER_OUT_OF_ORDER=OFF
/FILTER_OUT_OF_ORDER=ON
Controls the handling of out-of-order DECnet packets arriving via IP. Prior to VMS V4.7, DECnet could not handle packets arriving out-of-order and would drop the line if it received them. If you have any VMS V4.6 or earlier systems in your DECnet network with which you are communicating, you must use the /FILTER_OUT_OF_ORDER=ON qualifier. The default action /FILTER_OUT_OF_ORDER=AUTOMATIC, selects the correct filtering based on the VMS version of the current system only.
/LOGDATA
Specifies that send() and recv() log a sample of the data passed through them to OPCOM. Use this qualifier only for debugging network problems.
/LOGERRORS
Specifies that send() and recv() errors are logged to OPCOM. The default is to log all errors except these.
/PORT=UDP-port-number
Specifies the UDP port number to use for communication (by default, 700).
/REMOTE_ADDRESS=ip-address
Specifies the peer's IP address.
/TCP=mode
/TCP=CONNECT
/TCP=LISTEN
Specifies that DECnet is encapsulated in TCP instead of UDP. This mode is not supported by the normal configuration utility, but is of use over high-loss lines. LISTEN specifies that this end of the connection listens on the specified port; CONNECT specifies that this end attempts to connect to the listener on the specified port.
Controls the FILTER_SERVER process of the MultiNet Intrusion Detection and Prevention subsystem.
/DEBUG=level
Specifies the level of debug for the filter server. Zero indicates no debug should be written to the log file, while increasing numbers indicate increasing amounts of debug will be written. This parameter should normally never be set above 4 without explicit instruction by Process Software.
/CLEAR_FILTERS
Causes the FILTER_SERVER process to remove all filters set by IPS on all interfaces configured for IPS. This may be used with SET /IPS /START and SET /IPS/RESTART, or may be used by itself with SET /IPS/CLEAR_FILTERS. When used by itself this causes a running IPS subsystem to remove the IPS filters and reset the event count information for the source address associated with each filter being removed.
/RELOAD
Causes the filter server to re-read and parse the configuration files. Note that this will not wipe out existing event and rule information; it will simply update it so no potential filter information will be lost.
/RESTART
Stop and restart the filter server. All existing event and rule information will be lost and reloaded from the configuration files.
/START
Start the filter server if it’s not already running.
/STOP
Stop the filter server. All existing event and rule information will be lost.
Sets parameters for the specified network device. This command is invoked automatically by the network startup command file generated by the NET-CONFIG utility.
MULTINET SET/INTERFACE interface
interface
Specifies the name of the interface to change; for example, se0.
/ADDRESS=network_address
Specifies a network address to assign to the network interface. The address format is dependent on the protocol specified with the /PROTOCOL specifier:
· IP-address is of the form AA.BB.CC.DD
· IPX-address is a hexadecimal value
· IPv6-address is of the form XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
/ARP (default)
/NOARP
/NOARP disables the Address Resolution Protocol on the specified interface (supported only on Ethernet interfaces).
/COMMON_LINK=line-ids
The /COMMON_LINK qualifier works for systems that have multiple interfaces on a common Ethernet, FDDI, or Token Ring cable. The system manager configures this support using the following qualifier:
$ MULTINET SET /INTERFACE xxx/COMMON_LINK=(yyy[,zzz...])
xxx is the hardware device that the pseudo device that has the actual IP address of the machine is tied to (see the MultiNet Installation and Administrator’s Guide for an example on how to set up a pseudo device). yyy and zzz are device names like se0, se1, and se2. With this qualifier, MultiNet links the interfaces together. A performance benefit of this linking occurs if data is to be transmitted on an interface that happens to be busy, MultiNet assigns the data to the least busy linked interface for transmission.
This linking also provides a level of redundancy. If a linked interface is shut down using MULTINET SET/INTERFACE/DOWN or if a fatal error is detected with the interface and an automatic restart cannot be attempted, then any routing table entries or pseudo devices associated with the shutdown interface will be failed over to one of the common link interfaces.
· The joined interfaces must be connected to the same cable.
· The joined interfaces must have the same MTU.
The actual IP address for SYSA.EXAMPLE.COM is 192.168.0.1; this address is used for a pseudo device (pd0), which uses se0.
$
multinet configure/network
MultiNet Network Configuration Utility V5.5(104)
[Reading in MAXIMUM configuration from MULTINET:MULTINET.EXE]
[Reading in configuration from MULTINET:NETWORK_DEVICES.CONFIGURATION]
NET-CONFIG>show
Interface Adapter CSR Address
Flags/Vector
--------- ------- -----------
------------
se0
(Shared VMS Ethernet/FDDI) -NONE- -NONE- -NONE-
[TCP/IP: 192.168.1.1, IP-SubNet: 255.255.255.0]
[VMS Device: EWA0, Link Level: Ethernet]
se1 (Shared VMS Ethernet/FDDI) -NONE- -NONE- -NONE-
[TCP/IP: 192.168.1.2, IP-SubNet: 255.255.255.0]
[VMS Device: EWB0, Link Level: Ethernet]
pd0 (Secondary Ethernet Address) -NONE- -NONE- -NONE-
[TCP/IP: 198.168.0.1, IP-SubNet: 255.255.255.0]
[Hardware-Device: se0]
Official
Host Name: sysa.example.com
Domain Nameserver: 127.0.0.1
Timezone: EST
Timezone Rules: US/EASTERN
Load UCX $QIO driver: TRUE
Load PWIP (Pathworks) driver: TRUE
SNMP Agent X subagents are enabled
NET-CONFIG>
If DECnet is being used, then MULTINET:SE1_CONFIGURE.COM will need to be created (see MULTINET_ROOT:[MULTINET.EXAMPLES]SE0_CONFIGURE.COM) to configure SE1 without the DECnet Ethernet address.
The command
$ MULTINET SET /INTERFACE SE0/COMMON_LINK=(SE1)
can be added to the SE1_CONFIGURE.COM, or put in MULTINET:LOCAL_INITIALIZATION.COM so that it will be executed each time MultiNet is started.
/COMMUNITY_NAME=string
Overrides the default community string (private) for remote SNMP SET requests. The /SNMP_HOST qualifier must be present if the /COMMUNITY_NAME qualifier is specified.
/CREATE
Requests that a dynamic interface (e.g. gif1) be created
/DELETE
Requests that a dynamic interface (e.g. gif) be deleted.
/D1
/NOD1 (default)
Enables or disables the device-dependent IFF_D1 flag.
/D2
/NOD2 (default)
Enables or disables the device-dependent IFF_D2 flag.
/D3
/NOD3 (default)
Enables or disables the device-dependent IFF_D3 flag.
/DEBUG
/NODEBUG (default)
Enables interface-specific debugging. Some interfaces have debugging code and send debugging information to the users with OPCOM OPERATOR messages enabled.
/DECNET_ETHERNET_ADDRESS (default)
/NODECNET_ETHERNET_ADDRESS
Initializes a DECnet shared Ethernet interface to determine what Ethernet address to use. If other protocols are currently using the device, the Ethernet address cannot be changed and this qualifier is ignored.
The default behavior, /DECNET_ETHERNET_ADDRESS, is used by MULTINET SET /INTERFACE to look at the SCSSYSTEMID SYSGEN parameter and set the Ethernet address to match. If SCSSYSTEMID is not set, the address on the Ethernet card's PROM is used.
If /NODECNET_ETHERNET_ADDRESS is specified, MultiNet uses the PROM address.
/DOWN
Marks the network interface as not UP and packets are no longer accepted or transmitted. See /UP for more information.
/DYNAMIC
/NODYNAMIC (default)
Reverts the terminal line to a normal VMS terminal line if a modem hangup occurs. Use /DYNAMIC to create dynamic-dialup SLIP links with the /LINK_LEVEL=SLIP qualifier. When creating a dynamic SLIP link, CMKRNL, LOG_IO, and SYSPRV privileges are required.
/EXTRACT_FILTERS=file
Reads all non-expired filters from the specified interface and writes them to the specified filename in the same text format that would be used as input to the MU SET/INTERFACE/FILTER command.
/FFI_BUFFERS=number_of_buffers
Initializes a shared VMS Ethernet or FDDI interface, and specifies the number of packet buffers to allocate to each protocol port of the VMS device driver (by default, 4).
/FILTER=filter_file
/NOFILTER (default)
Associates a file containing a packet filter list with a particular network interface. The contents of this file are parsed and the individual filters are loaded for the interface. If the file MULTINET:FILTER-interface.DAT exists when MultiNet is started, the MultiNet startup procedure will automatically load these filters for the specific interface.
/FORMAT=[NORMAL | COMMA]
Log events in the specified format. If NORMAL, then the formatting used by MULTINET SHOW/INTERFACE/FILTER is used. If COMMA, then a comma-delimited line is output to the file. This can then be loaded into, for example, a spreadsheet for analysis. If the log destination is OPCOM, use of the /FORMAT qualifier is illegal.
/HARDWARE_DEVICE=primary_interface
Specifies the name of the real interface for a secondary IP address device, and connects the interface to the specified primary interface.
/INTERVAL=seconds
Reporting interval in seconds. The minimum reporting interval is seconds, so that a flood of filter events doesn't adversely impact the system. The minimum interval that can be specified is 5 seconds. If no interval has been specified when logging is enabled (see the /LOG qualifier in this section), an interval of 5 seconds will be used.
/IP_BROADCAST=ip_address
Specifies a non-standard IP broadcast address. The default IP broadcast address has all bits in the host part of an IP address set to 1 (the standard format under 4.3 BSD). Some sites may still use the 4.2 BSD standard of IP broadcasts with the host part of an IP address set to 0.
/IP_SUBNET_MASK=ip_address
Specifies the network portion of the interface IP address. ip_address is an IP address in which each bit corresponding to a bit in the network portion is set to 1. All interfaces on the same subnet must have the same subnet mask.
By default, MultiNet uses the subnet mask implied by the interface's IP address. Do not use the default subnet mask if your site has subnets. For example, the default subnet mask of an interface with the address 161.44.128.15 is 255.255.0.0. (255.255.255.0 would be a suitable subnet mask if that interface is on a subnet, and there are fewer than 256 subnets, and the total number of hosts is less than 256.)
/IP6_SUBNET_MASK=length
Specifies the length of the IPv6 subnet mask. The range of this is from 1 to 128 bits. The default length is 128.
[ 802 ]
[ ethernet ]
[ extended_8022 ]
[ ppp ]
/LINK_LEVEL=([ proteon ])
[ slip ]
[ standard_8022 ]
[ raw_8023 ]
Specifies the type of device being initialized. Use /LINK_LEVEL with the /VMS_DEVICE qualifier. This qualifier supersedes the former /SLIP_DEVICE and /PROTEON_DEVICE qualifiers.
· Specify 802 or STANDARD_8022 for IEEE 802.2 encapsulation.
· Specify EXTENDED_8022 for IEEE 802.2 with SNAP (System Network Access Protocol) extensions.
· Specify PPP for Point-to-Point Protocol devices.
· Specify SLIP for Serial Line Internet Protocol (SLIP) devices.
· Specify RAW_8023 for 802.3 encapsulation.
· Specify ETHERNET for ETHERNET_II encapsulation.
/LOCAL=node_name
Specifies the name of the local node on this side of an IP interface; may be used with DECnet and PSI links.
/LOG=[filename | OPCOM]
Used to turn logging on or off for those filters that contain the LOG qualifier in their definition. The logging may be to OPCOM or the specified file. Turn logging off using /NOLOG.
/MTU=mtu
Specifies the Maximum Transmission Units - the size of IP packets over a given interface. Not all devices support the use of /MTU, and there may be additional, device-dependent restrictions dictating when it can be used.
/MULTICAST=ALL
Enables reception of all multicast packets. Use this qualifier only for OpenVMS VAX V5.5-2 and later. Reception is enabled automatically in OpenVMS VAX V6.1 and OpenVMS AXP versions.
/PEER=peer_name
Specifies the name of the node on the other side of an IP interface; used with DECnet and PSI links.
/POINT_TO_POINT_DESTINATION=ip_address
Specifies the IP address of the node on the other side of a point-to-point interface.
/PPP_NOICMP
Prevents ICMP packets from being passed to IP via the PPP interface.
/PPP_OPTIONS=options_list
Specifies values for the PPP options included in a comma-separated option_list. The following options may be enabled:
|
ACCM=mark |
MRU=size |
|
AUTHENTICATION=method |
NOICMP |
|
COMPRESS_PROTOCOL |
TCP_COMPRESSION |
|
COMPRESS_ADDRESS_AND_CONTROL |
TERMINATION_RETRIES=count |
|
CONFIGURATION_RETRIES=count |
TIMEOUT=seconds |
|
IDLE=seconds |
|
/PROTOCOL=protocol_name
Specifies the protocol to which the /ADDRESS qualifier refers (by default, IP). For IPv6 use I6.
/PREFIX=ipv6_prefix
Specifies the IPv6 prefix for an interface to use to generate a global IPv6 address. The default prefix length is 64, or a different value can be specified with the IP6_SUBNET_MASK qualifier.
/RARP
/NORARP (default)
Initializes the VMS Ethernet device to receive RARP packets. The /RARP qualifier is used with the /VMS_DEVICE qualifier. The RARP packet type is disabled by default and must be enabled to use the RARP service on VMS Ethernet devices.
/SEND_QUEUE_LENGTH=number
Specifies the maximum queue length for packets waiting to be sent from the interface. The minimum value is 10, default values are interface specific. If an interface has a heavy transmit load and is showing dropped packets, then specifying a larger number here may help.
/SNMP_HOST
Specifies the host affected by the MULTINET SET /INTERFACE command. The SNMP agent on the remote host must support read-write access to the MIB-II variable ifAdminStatus.
/SNMP_HOST can only be used with the /UP or /DOWN qualifiers.
The device specified with the /SNMP_HOST qualifier may be either the full text string of the remote interface name or the numeric index of the interface to be set. You can display a list of remote interface names with the MULTINET SHOW/INTERFACE/SNMP_HOST command.
/TRAILERS
/NOTRAILERS (default)
Enables IP trailer encapsulation for the specified interface (only supported on Ethernet and FDDI interfaces). If trailers are enabled, the use of IP trailer encapsulation is negotiated between hosts as a byproduct of IP-to-Ethernet address resolution using Address Resolution Protocol (ARP). On an HP Ethernet controller, /TRAILERS must be used with /VMS to initialize the trailer protocol ports.
/TUNNEL=(DESTINATION_ADDRESS=ip_address, GATEWAY_ADDRESS=ip_address)
Set up a tunnel with a gif interface. Specifies the local (gateway) and remote (destination) public addresses when setting tunnel addresses. Tunnels also need a local address set with /ADDRESS and a remote address set with /POINT_TO_POINT_DESTINATION. For more detail see chapter 11 in the Administrator’s Guide.
/UP (default)
/DOWN
/UP marks the network interface as "up" and ready to accept or transmit packets. /DOWN marks the network interface "down" and packets are no longer accepted or transmitted.
/VMS_DEVICE=vms_device
Initializes an interface that has an associated VMS device, telling the MultiNet kernel which VMS device to associate with the IP device. If /VMS_DEVICE is used with /DOWN, the specified VMS device is disconnected from the IP device and made available to other VMS applications.
This example disables the se0 interface.
$ MULTINET SET/INTERFACE SE0 /DOWN
This example enables the se0 interface with the address 192.0.0.1.
$ MULTINET SET/INTERFACE SE0 /UP/ADDRESS=192.0.0.1
This example enables a dynamic SLIP line.
$ MULTINET SET/INTERFACE SL1 /DYNAMIC/LINK_LEVEL=SLIP/VMS_DEVICE
Enter the following command at MultiNet startup:
$ MULTINET SET/INTERFACE PD0/COMMON_LINK=(SE0,SE1)
The PD0 has the real IP address, the SEn devices have something else (like 10.n.n.n).
$ MULTINET SET/INTERFACE SE0 /LOG=OPCOM/INTERVAL=10
enables logging to OPCOM, with a reporting interval of 10 seconds.
$ MULTINET SET/INTERFACE SE0 /LOG=FOO.DAT/FORMAT=COMMA
enables logging to the file FOO.DAT in comma-delimited format, and a reporting interval of 5 seconds (the default).
$ MULTINET SET /INTERFACE SE0 /NOLOG
This disables all logging for the interface, closing all open log files.
Specifies static IP routing, including the default route. This command is invoked automatically by the network startup command file generated by the Network Configuration Utility (NET-CONFIG). Before making changes with SET /ROUTE, use MULTINET SHOW /ROUTE to view the routing information.
/ADD=(DESTINATION=ip-address,GATEWAY=ip-address
[,NETMASK=network-mask]
[,INTERFACE][,MASK_LENGTH=integer])
Adds a static IP route to the MultiNet kernel routing tables.
· The DESTINATION specification gives the network or host for which the routing information is valid.
· The GATEWAY specification gives the next hop for the packet to take on its way to the destination.
· The optional INTERFACE keyword forces the routing to be for a locally connected interface, and is normally not used.
· The optional NETMASK specification dictates which bits of the DESTINATION ip-address comprise the network portion of an ip-address. If not specified, the DESTINATION address is given a class-based network mask.
· The optional MASK_LENGTH specifies the length in bits of the mask to apply to the DESTINATION address. Either NETMASK or MASK_LENGTH can be specified, not both.
/COMMUNITY_NAME=string
Overrides the default community string (private) for remote SNMP SET requests. The /SNMP_HOST qualifier must be present if the /COMMUNITY_NAME qualifier is specified.
/DELETE=(DESTINATION=ip-address, GATEWAY=ip-address
[,NETMASK=network-mask]
[,INTERFACE])
Deletes an IP route from the MultiNet kernel routing tables.
· The DESTINATION specification gives the network or host for which the routing information is valid.
· The GATEWAY specification gives the next hop for the packet to take on its way to the DESTINATION.
· The optional INTERFACE keyword forces the routing to be for a locally connected interface, and is normally not used.
· The optional NETMASK specification dictates which bits of the DESTINATION ip-address comprise the network portion of an ip-address. If not specified, the DESTINATION address is given a class-based network mask.
/FLUSH
Deletes all IP routes in the MultiNet kernel.
/FORCE_HOST
Interprets the DESTINATION as a host address when used with the /ADD or the /DELETE qualifiers.
/FORCE_NETWORK
Interprets the DESTINATION as a network address when used with the /ADD or the /DELETE qualifiers.
/NETWORK_IMAGE=file-spec
Specifies the network image associated with the running MultiNet kernel. This is used to read IP routing information in the MultiNet kernel. If not specified, the image currently loaded is used.
/PROTOCOL=protocol_name
Specifies the protocol that the route applies to. The default is IP, use I6 for IPv6.
/SNMP_HOST=hostname
Specifies an IP host. The SNMP agent on the remote host must support read-write access to elements of the MIB-II variable ipRouteTable.
This example displays the current state of the MultiNet routing tables. /NOSYMBOLIC forces MULTINET SHOW/ROUTE to display the information numerically.
$ MULTINET SHOW /ROUTE /NOSYMBOLIC
MultiNet IP Routing tables:
Destination Gateway Flags Refcnt Use Interface
------------ ------- ------ ------ --- ---------
127.0.0.1 127.0.0.1 Up,Host 2 2529 lo0
192.0.0.1 192.0.0.2 Up,Host 3 10521 sl0
0.0.0 192.0.0.1 Up,Gateway 3 6105 sl0
192.0.0.64 192.0.0.65 Up 2 2372 se0
This example deletes the default route to EXAMPLE.COM.
$ MULTINET
SET/ROUTE/DELETE=(DEST=DEFAULT,GATE=192.0.0.1)
Delete Route DEFAULT, Gateway EXAMPLE.COM
$
Specifies the local time zone name that was either previously compiled into MultiNet or is a name from a selected time zone in the time zone database files.
MULTINET SET /TIMEZONE localzone
localzone
The name of the local time zone; for example, PST.
/LOG
/NOLOG (default)
Displays a list of the time zones that are loaded, and a list of the compiled-in zones that were selected but not loaded because they were compiled in.
/SELECT=(rule1 [,rule2 [...]])
Specifies a list of countries or time zones to load. Specifying a country loads all time zones in that country.
/FILES=(file1 [,file2 [...]])
Specifies a list of files from which to load the time zone data. The default is MULTINET:TIMEZONES.DAT. Locally-written rules are normally added to MULTINET:TIMEZONES.LOCAL.
This example sets the local timezone to PST.
$ MULTINET SET /TIMEZONE PST
This example sets the local time zone to MST and loads Arizona time zone rules.
$ MULTINET SET /TIMEZONE MST/SELECT="US/ARIZONA"
Manually manipulates the IPsec SA/SP database. In order to use SETKEY, a foreign command needs to be defined.
$ SETKEY :== $MULTINET:SETKEY.EXE
Note that only UNIX-style options can be used. For more details, please refer to Chapter 31 in the MultiNet Installation and Administrator’s Guide.
setkey [-v] -c
setkey [-v] -f filename
setkey [-aPv] -D
setkey [-Pv] -F
setkey [-h] –x
SETKEY adds, updates, dumps, or flushes Security Association Database (SAD) entries, as well as Security Policy Database (SPD) entries in the kernel.
SETKEY takes a series of operations from the file named MULTINET:IPSEC.CONF (when invoked with -f filename).
|
Note: Since SETKEY supports both uppercase and lowercase command options, these have to be enclosed within quotation marks (e.g, setkey “-F”).
|
|
-a |
Also displays the SAD (Security Association Database) entries. A SAD entry is when it has expired, but it may still be referenced by SPD (Security Policy Database) entries. |
|
-D |
Dumps the SAD entries. If used with -P, the SPD entries are dumped. |
|
-F |
Flushes the SAD entries. If used with -P, the SPD entries are flushed. |
|
-xx |
Makes each timestamp unformatted. |
|
-h |
Adds hexadecimal dump on -x mode. |
|
-l |
Loops forever with short output on -D. |
|
-P |
Dumps (when specified with -D) or flush (with -F) the SPD entries. |
|
-v |
Verbose. The program will dump messages exchanged on PF_KEY socket, |
|
-x |
Loops forever and dumps all the messages transmitted to the PF_KEY socket. |
|
-f filename |
File that contains the operations to be performed. For more information about the operations, see the Header Operations section below. |
Header Operations have the following grammar. Note that lines starting with hashmarks (#) are treated as comment lines.
Adds a SAD entry:
$ add src dst protocol spi [extensions] algorithm... ;
Shows a SAD entry:
$ get src dst protocol spi ;
Removes a SAD entry:
$ delete src dst protocol spi ;
Removes all SAD entries that match the specification:
$ delete all src dst protocol ;
Clears all SAD entries matched by the protocol:
$ flush [protocol] ;
Dumps all SAD entries matched by the protocol:
$ dump [protocol] ;
Adds an SPD entry:
$ spdadd src_range dst_range upperspec policy ;
Deletes an SPD entry:
$ spddelete src_range dst_range upperspec -P direction ;
Clears all SPD entries:
$ spdflush ;
Dumps all SPD entries:
$ spddump ;
Meta-Arguments
Meta-arguments used in the header operations are as follows:
src
dst
Source/destination of the secure communication is specified as an IPv4
address. setkey
does not consult hostname-to-address for arguments src and dst.
They must be in numeric form.
protocol
protocol is one of following:
· esp - ESP based on rfc2405
· ah - AH based on rfc2402
spi
Security Parameter Index (SPI)
for the SAD and the SPD. It must be decimal number or hexadecimal number (with
0x attached). You cannot use the set of SPI values in the range 0 through 255.
extensions
|
-m mode |
Specifies a security protocol mode for use. mode is one of following: transport, tunnel or any. The default value is any. |
|
-E ealgo key |
Specifies an encryption algorithm |
|
-A aalgo key |
Specifies an authentication algorithm. If -A is used with protocol esp, it will be treated as ESP payload authentication algorithm. |
protocol esp accepts -E and -A. protocol accepts -E only. protocol ah accepts -A only.
key must be double-quoted character string or series of hexadecimal digits. Possible values for ealgo, aalgo and calgo are specified in a separate section.
src_range
dst_range
These are selections of the secure communication specified as IPv4/v6 address or IPv4/v6 address range, and it may accompany TCP/UDP port specification. This takes the following form:
address
address/prefixlen
address[port]
address/prefixlen[port]
prefixlen and port must be decimal number. The square bracket around port is really necessary – it’s not a documentation convention.
setkey does not consult hostname-to-address for arguments src and dst. They must be in numeric form.
upperspec
Upper-layer protocol to be used. icmp and any can be specified. any stands for “any protocol”. You can also use the protocol number.
|
Note: upperspec does not work against forwarding case at this moment, as it requires extra reassembly at forwarding node (not implemented at this moment). There are many protocols in /etc/protocols, but protocols other than TCP, UDP, and ICMP may not be suitable to use with IPSec.
|
policy
policy is the one of following:
-P direction discard
-P direction none
-P direction ipsec protocol/mode/src-dst/level
You must specify the policy’s direction as
either out or in.
discard means the packet matching indexes will be discarded.
none means that IPsec operations will not take place onto the packet.
ipsec means that IPSEC operation will take place onto the packet.
ah, esp, or ipcomp must be set as protocol.
mode is either transport or tunnel.
If mode is tunnel, you must specify the end-point addresses of the SA as src and dst with - between these addresses, which is used to specify the SA. If mode is transport, both src and dst can be omitted.
level is to be one of the following: default, use, require, or unique. If the SA is not available in every level, the kernel will request getting the SA to the key exchange daemon.
default means the kernel consults to the system wide default against protocol you specified, e.g. esp_trans_deflev sysctl variable, when the kernel processes the packet.
use means that the kernel uses an SA if it's available, otherwise the kernel keeps normal operation.
require means an SA is required whenever the kernel sends a packet matched with the policy.
unique is the same as require, except that unique allows the policy to bind with the unique outbound SA. If you use the SA by manual keying, you can put the decimal number as the policy identifier after unique, provided it is separated by a colon similar to this example: unique:number. number must be between 1 and 32767. It corresponds to extensions -u.
The following list shows the supported algorithms. Following is a list of authentication algorithms that can be used as aalgo in -A of the protocol parameter:
|
Algorithm |
Key Len (bits) |
Comment |
|
hmac-md5 |
128 |
ah: rfc2403 |
|
128 |
ah-old: rfc2085 |
|
|
hmac-sha1 |
160 |
ah: rfc2404 |
|
160 |
ah-old: 128bit ICV (no document) |
|
|
keyed-md5 |
128 |
ah: 96bit ICV (no document) |
|
128 |
ah-old: rfc1828 |
|
|
keyed-sha1 |
160 |
ah: 96bit ICV (no document) |
|
160 |
ah-old: 128bit ICV (no document) |
|
|
null |
0 to 2048 |
for debugging |
|
hmac-sha2-256 |
256 |
ah: 96bit ICV (no document) |
|
256 |
ah-old: 128bit ICV (no document) |
|
|
hmac-sha2-384 |
384 |
ah-old: 128bit ICV (no document) |
|
384 |
ah-old: 128bit ICV (no document) |
|
|
hmac-sha2-512 |
512 |
ah: 96bit ICV (no document) |
|
512 |
ah-old: 128bit ICV (no document) |
Following is a list of encryption algorithms that can be used as ealgo in -E ealgo
of protocol parameter:
|
Algorithm |
Key Length (Bits) |
Comment |
|
des-cbc |
64 |
esp-old: rfc1829, esp: rfc2405 |
|
3des-cbc |
192 |
rfc2451 |
|
blowfish-cbc |
40 to 448 |
rfc2451 |
|
cast128-cbc |
40 to 128 |
rfc2451 |
add 10.0.11.41 10.0.11.33 esp
0x110010
-E des-cbc “ESP with”
-A hmac-md5 “authentication!!” ;
flush ;
dump esp ;
spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
-P out ipsec esp/transport/192.168.0.1-192.168.1.2/require ;
Displays MultiNet network information.
MULTINET SHOW
/ALL
Displays information provided by all other MULTINET SHOW qualifiers.
/ARP
Displays the Address Resolution Protocol (ARP) tables.
/BUFFERS
Displays MultiNet kernel memory usage statistics.
/COMMUNITY_NAME=community
Overrides the default community string (public) for remote SNMP requests. The /SNMP_HOST qualifier must be present if the /COMMUNITY_NAME qualifier is specified. A value must be passed to this qualifier.
/CONFIGURATION
Displays network interface configuration information.
[ all, ]
[ pid, ]
/CONNECTIONS[=( [ process_names ] )]
[ nokernel ]
Displays network connections.
· If you specify MULTINET SHOW with no qualifiers, /CONNECTIONS is the default.
· If you specify the ALL keyword, sockets associated with active listeners also display.
· If you specify the PID keyword, the process ID (PID) displays.
· If you specify the PROCESS_NAMES keyword, the name of the process that owns each socket displays. Sockets not associated with a process (for example, an inbound TELNET session) display with a process name of kernel.
· If you specify PID or PROCESS_NAMES and the NOKERNEL keyword, connections not associated with processes do not display.
|
Warning! Line information is truncated if the display width is too small. As a consequence, IP addresses may appear incomplete. To display more complete information, increase the display width with the SET TERM /WIDTH=value or MULTINET SHOW /CONNECTIONS /WIDTH=value at the command prompt.
|
/CONTINUOUS
Updates the display continuously with information about the network by using the VMS Screen Management Graphics (SMG) library routines. If used with more than one other qualifier, MULTINET SHOW cycles between the different displays.
/IPS
When used with the /CONFIG=filename qualifier, writes the current stats of the filter server to the specified filename.
/FULL
Displays more information about a queue. Use /FULL only with /QUEUE. (See /QUEUE for more information.)
/HOST
Displays addresses and names for the host name specified.
/INTERFACE
Displays information about a specific interface. Use the MULTINET SHOW /STATISTICS command to display the available interfaces, then use SHOW /INTERFACE to display additional information on each interface.
/IP
Shows network connections. (/IP is the same as /CONNECTION.)
/MIB_VAR=mibIIvalue
Displays the value of SNMP MIB variables; used with the /SNMP_HOST qualifier. This value can be any MIB II variable described in RFC-1213.
[ all, ]
[ multinet, ]
/LICENSE[=( [nfs_server, ] ])
[nfs_client ]
Displays the status of MultiNet software product licenses. Without a keyword, this qualifier displays license information including the authorization for MultiNet products. The ALL keyword is the default. All other values display license status for the specified product.
[ all, ]
/NFSMOUNT[=( [ directory, ] )]
[ exports ]
Indicates which hosts are mounted on your system, and what mount points are exported by the server.
· ALL displays all remote mounts.
· DIRECTORY displays directories that have been remotely mounted by clients.
· EXPORTS displays a list of exported file systems.
Use /NFSMOUNT with /REMOTE to display information about a remote host.
/OUTPUT=file_spec
Specifies a filename to which the command output is written. The default is SYS$OUTPUT.
[ all, ]
[ internet, ]
[ ip, ]
[ ipx, ]
/PROTOCOLS= [ ns, ]
[ spx, ]
[ tcp ]
Specifies the protocols about which information is displayed. The default, /PROTOCOLS=ALL, displays information about all active protocols. Use /PROTOCOLS with other qualifiers. The quantity of information displayed varies by queue hardware; for example, UNIX shows more than just queues handled by other independent vendor's queue controllers.
[ /full ]
/QUEUE=queue_name [ /nofull ] (default)
Displays the contents of the specified local VMS and corresponding remote LPD protocol queues. Use the TCP LPD service to access the contents of the remote queue for display. If /FULL is specified, the queue is displayed in long form. If the remote system is also running MultiNet, the long form is identical to the short form. MultiNet queues configured with the STREAM protocol cannot be displayed with this command.
/REMOTE_HOST=host
Displays network status and configuration information about a remote host by using the NETSTAT service. The host specification can be either a host name or address. The remote host must support the NETSTAT service for this command to work.
If the remote host is also a MultiNet system, this command is the same as running MULTINET SHOW /ALL on the remote host.
[ /destinations=(dest1[,dest2, . . .
]) ]
/ROUTE [ /gateways=(gateway1[,gateway2, . . . ]) ]
[ /interfaces=(interface1[,interface2, . . . ])]
Displays routing information for the IP, IPX, NS, and SPX protocols.
· /DESTINATIONS displays only routes to these destination addresses; this qualifier is only valid for IP routes.
· /GATEWAYS displays only routes through these gateways; this qualifier is only valid for IP routes.
· /INTERFACES displays only routes through these interfaces.
You can use all other MULTINET SHOW qualifiers with MULTINET SHOW /ROUTE.
|
Note: The /ROUTE qualifier must precede all other qualifiers.
|
/RPC_PORTMAP
Displays the currently registered RPC protocols by contacting the RPC portmapper.
[ interface ]
/STATISTICS[= [ protocol] ]
[ all]
Displays network interface statistics, protocol statistics, or both. If /STATISTICS is specified with no value, interface statistics are displayed.
/SNMP_HOST=hostname
Used with the following MULTINET SHOW qualifiers to obtain information from a remote SNMP agent. You can override the default community name (public) using the /COMMUNITY_NAME qualifier.
/COMMUNITY_NAME
/CONNECTIONS[=(all)]
/ARP
/MIB_VAR
/ROUTE (note: /ROUTE
must precede /SNMP_HOST on the command line)
/STATISTICS
[ host_table (default)
]
/SYMBOLIC_ADDRESSES [= [ nameserver ] ]
/NOSYMBOLIC_ADDRESSES [ nameserver_first ]
Determines how certain fields in the output are formatted before being displayed to the user. These qualifiers are used with the other MULTINET SHOW qualifiers.
· /SYMBOLIC_ADDRESSES=HOST_TABLE specifies that the static host tables are used to translate IP addresses to host names, network numbers to network names, and port numbers to service names.
· /SYMBOLIC_ADDRESSES=NAMESERVER specifies that the Domain Name System (DNS) is queried to translate IP addresses into host names if the normal host table lookup fails. This operation can generate many queries to DNS domain servers (and can, therefore, be quite slow).
· /SYMBOLIC_ADDRESSES=NAMESERVER_FIRST specifies that the DNS is queried first to translate IP addresses into host names, falling back to the host tables if the query should fail.
· /NOSYMBOLIC_ADDRESSES specifies that "raw" protocol addresses and port number are displayed in the output, rather than determining the host, network, and service names that correspond to the addresses and numbers.
/TCP
Shows network connections. (/TCP is the same as /CONNECTION.)
/VERSION
Displays the MultiNet version and the version of the VMS Operating System.
/WIDTH=width
Specifies the width of displayed output when used with the /ARP, /CONNECTIONS, /ROUTE, and /STATISTICS qualifiers. The width must be greater than 80.
This example shows how to use the /OUTPUT qualifier to direct the output of a MULTINET SHOW command to the file MULTINET.ALL.
$ MULTINET
SHOW /ALL /OUTPUT=MULTINET.ALL
$
$ MULTINET
SHOW
MultiNet Active Connections:
Proto Rcv-Q Snd-Q Local Address (Port) Foreign Address State
----- ----- ----- -------------------- --------------- -----
TCP 0 0 LOCALHOST(790) LOCALHOST(RPC) TIME_WAIT
TCP 0 0 LOCALHOST(1033) LOCALHOST(SMTP) TIME_WAIT
TCP 0 0 EXAMPLE(NETSTAT) WARBUCKS(3335) FIN_WAIT_2
TCP 0 0 EXAMPLE(FTP) WARBUCKS(3334) ESTABLISHED
TCP 0 0 EXAMPLE(1031) WARBUCKS(TELNET) ESTABLISHED
UDP 0 0 EXAMPLE(NAMESERV) *(*)
UDP 0 0 LOCALHOST(NAMESERV) *(*)
UDP 0 0 EXAMPLE(DECNET) IU(DECNET)
$ MULTINET SHOW /CONFIGURATION
** Configuration for file "MULTINET:NETWORK_DEVICES.CONFIGURATION" **
Device Adapter CSR Address Flags/Vector
------ ------- ----------- ------------
se0 (Shared VAX/VMS Ethernet) -NONE- -NONE- -NONE-
s10 (Serial Line IP) -NONE- -NONE- -NONE-
dn0 (IP over DECNet link) -NONE- -NONE- -NONE-
$ MULTINET SHOW /STATISTICS=INTERFACE
MultiNet Network Interface statistics:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Collis
---- --- ------- ------- ----- ----- ----- ----- ------
se0 1500 EXAMPLE-NET EXAMPLE.COM 150 0 116 0 0
s10 1006 EXAMPLE-NET EXAMPLE.COM 597 0 697 0 0
pd0 1500 EXAMPLE-NET 192.0.0.1 0 0 0 0 0
dno* 1500 EXAMPLE-NET EXAMPLE.COM 0 0 0 0 0
lo0 1536 LOOPBACK-NET LOCALHOST 53 0 53 0 0
$
This example displays the status of MultiNet licenses.
$ MULTINET
SHOW /LICENSE
Process Software MultiNet 5.5 Rev A, HP rx2600 (1.30GHz/3.0MB), OpenVMS I64
V8.4-L1
Product License Authorization
--------- ------- -------------
MULTINET Yes A-2336-15873
NFS-SERVER Yes A-2336-15879
NFS-CLIENT Yes A-2336-15882
$
In this example, user ROSE on host EXAMPLE.COM has issued a print request to print the file PROGRAMMERS.PS on the REMOTE_PS local queue. The REMOTE_PS queue, however, is a MultiNet VMS remote print queue that uses the LPD protocol to send the print request to the print queue SYS$PS on host 192.0.0.89.
The MULTINET SHOW /QUEUE command is then used to display the contents of both queues; the remote queue first (SYS$PS on EXAMPLE) then the local queue (REMOTE_PS).
$ PRINT
/QUEUE=REMOTE_PS PROGRAMMERS.PS
Job PROGRAMMERS (queue REMOTE_PS, entry 972) started on REMOTE_PS
$ MULTINET
SHOW /QUEUE=REMOTE_PS
Jobname Username Entry Blocks Status
------- -------- ----- ------ ------
MANAGE DAISY 111 988 Printing
INSTALL DAISY 115 238 Pending
Printer queue REMOTE_PS, on EXAMPLE::NLP0:"192.0.0.89/SYS$PS"
Jobname Username Entry Blocks Status
------- -------- ----- ------ ------
PROGRAMMERS ROSE 972 1112 Printing at block 370
$
This example displays the routing table on the local host without doing IP address-to-name translation.
$ MULTINET
SHOW /ROUTE /NOSYMB
MultiNet IP Routing tables:
Destination Gateway Flags Refcnt Use Interface
----------- ------- ----------- ------ --- ---------
10.41.228.129 127.0.0.1 Up,Gateway,H 0 0 lo0
127.0.0.1 127.0.0.1 Up,Host 2 53 lo0
10.41.228.130 10.41.228.129 Up,Host 3 340 sl0
10.41.228.131 10.41.228.129 Up,Host 0 0 dn0
0.0.0 10.41.228.130 Up,Gateway 0 353 sl0
10.41.228.64 10.41.228.65 Up 2 112 se0
10.41.228 10.41.228.1 Up 0 0 pd0
$
This example displays local host information.
$ MULTINET
SHOW/ROUTE/DESTINATIONS=127.0.0.1
MultiNet IP Routing tables:
Destination Gateway Flags Refcnt Use Interface
----------- ------- ----- ------ --- ---------
LOCALHOST LOCALHOST Up,Host 1 464 lo0
$
This example displays the interface SE1 along with its associated packet filters.
$ MULTINET SHOW /INTERFACE SE1 /FILTERS
Device se1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,D2>
VMS Device = EWB0
IP Address = 192.168.0.16
No common links defined
MultiNet Packet Filter List for se1:
Logging is disabled
Source Address / Port
Action Proto Hits Destination Address / Port
------ ----- ----- ------------------------------------------
deny tcp 0 192.168.0.11/32
192.168.0.0/24 eq 22
LOG
START: 16-MAY-2008 10:33:19 END: 16-MAY-2008 10:38:19
permit ip 13484 0.0.0.0/0
0.0.0.0/0
FLTSVR
Average 0 bytes out, 0 bytes in per second
Average 0 packets
out, 0 packets in per second
This example displays the current version of MultiNet and the VMS Operating System.
$ MULTINET
SHOW /VERSION
Process Software MultiNet 5.5 Rev A, HP rx2600 (1.30GHz/3.0MB), OpenVMS I64
V8.4-H1
Displays the contents of Ethernet packet headers that match the specified Boolean expression. To stop the dump, press Ctrl+C.
MULTINET TCPDUMP [expression]
The following restrictions apply to the use of MULTINET TCPDUMP.
For example, to print the start and end packets (the SYN and FIN packets) of each TCP conversation that involves a remote host:
$ MULTINET TCPDUMP NOT (TCP[13] & 3 = 0) AND NOT SRC –
_$ AND DST NET LOCALNET
· PHY_IO, LOG_IO, and SYSPRV or BYPASS privileges are required to use TCPDUMP.
· The packet filter code is not very efficient and adds significant overhead to your VMS system when monitoring a busy network. In addition, if you are using DNS and a problem occurs with name server access, TCPDUMP can appear to hang while waiting for a response from the network.
· IP options are ignored and not displayed.
· Understands PPP frames and does not treat all data as IP datagrams.
· No attempt is made to reassemble IP fragments or at least compute the right length for the higher level protocol.
· Name server inverse queries are not dumped correctly. An empty question section is printed rather than the real query in the answer section.
· Though TCPDUMP recognizes IPsec packets, it does not decrypt encrypted packets.
expression
Selects which packets are dumped. If an expression is not given, all packets on the net are dumped. Otherwise, only packets for which the expression is "true" are dumped. Enter HELP MULTINET TCPDUMP EXPRESSION for a list of expression values.
/AFTER=time
Selects packets dated after the specified time. The time value can be any valid OpenVMS time specification (absolute, delta, or a combination of the two).
/BEFORE=time
Selects packets dated prior to the specified time. The time value can be any valid OpenVMS time specification (absolute, delta, or a combination of the two).
/COUNT=number_of_packets
Exits TCPDUMP after the specified number of packets is received. The default is 0, or no limit.
/DEBUG
Displays debugging information.
/DEVICE=devicename
Specifies the VMS device name of the Ethernet device to use. By default, TCPDUMP searches for ECA0, EIA0, EWA0, EZA0, EXA0, EFA0, ETA0, ERA0, ESA0, ICA0, IRA0, LLA0, XEA0, and XQA0 devices.
/DOMAINS
/NODOMAINS
Displays host names with the domain information; /NODOMAINS strips the domain names.
/EBCDIC
Modifies the behavior of the /HEXADECIMAL qualifier by adding the EBCDIC translation of the data in addition to the ASCII translation to the TCPDUMP output.
/ETHERNET_HEADER
Displays the Ethernet header (source, destination, protocol, and length) on each dump line.
/FILE_FORMAT=SNIFFER
Use in conjunction with /READ_BINARY or /WRITE_BINARY to read or generate output automatically formatted for display on version 2.0 Network General sniffers.
/FOREIGN_NUMERICALLY
Displays "foreign" Internet addresses numerically rather than symbolically.
/HEXADECIMAL_DUMP
Displays each packet (less its 14-byte Ethernet header) in hexadecimal format. Up to 64 bytes of the packet are printed.
/INTERFACE=device
Specifies the device to trace. Valid devices are those for Ethernet/FDDI (se), the loopback connection (lo0), SLIP lines (sl), PPP lines (ppp), PSI connections (psi), and IP-over-DECNET connections (dn). This qualifier cannot be used with the /DEVICE qualifier.
/NUMERICALLY
Specifies that host addresses and port numbers are not converted to names on output.
/OUTPUT=filename
Redirects TCPDUMP output to a file.
/QUIET
Specifies that less protocol information is displayed, making output lines shorter.
/READ_BINARY=binary_file
Reads in a file previously written using the /WRITE_BINARY qualifier. (Refer to /WRITE_BINARY for more information.)
This file is written in libpcap format. When the interface specified is an Ethernet device the data in the file can be analyzed with Ethereal and similar tools.
You can use /READ_BINARY with /FILE_FORMAT=SNIFFER to read output formatted automatically for display on version 2.0 Network General sniffers. This feature permits sites to analyze Network General analyzer, rather than only examining the TCPDUMP packets.
/RPC
Interprets RPC calls in the output.
/SNAPSHOT_SIZE=snaplen
Indicates the specified number of bytes of data to capture from each packet rather than the default of 54 bytes (which is adequate for most applications). 96 bytes is adequate for IP, ICMP, TCP, and UDP, but may truncate protocol information from name server and NFS packets.
/TIMESTAMPS=value
/NOTIMESTAMPS (default)
Causes TCPDUMP to display a timestamp on each output line. Accepted values are DEFAULT, UNIX, DELTA, and RELATIVE. The /NOTIMESTAMPS qualifier disables the TCPDUMP timestamp on each output line.
/VERBOSE
Provides additional information in the output listing.
/WRITE_BINARY=binary_file
Stores the output of TCPDUMP in a file. Use this qualifier to "record" the TCPDUMP information until you press Ctrl+Y. After recording the output of a TCPDUMP session, use /READ_BINARY to read in the binary file for examination.
You can use /WRITE_BINARY with /FILE_FORMAT=SNIFFER to generate output automatically formatted for display on version 2.0 Network General sniffers. This feature permits sites to analyze Network General analyzer, rather than only examining the TCPDUMP packets.
This example displays all traffic addressed to or transmitted from host OL.EXAMPLE.COM.
$ MULTINET TCPDUMP HOST OL.EXAMPLE.COM
18:56:24.25 BIG.EXAMPLE.COM.x11 > OL.EXAMPLE.COM.1030:.ack 2152730 win 4096.
This example displays all traffic between local hosts and hosts at the network IRIS-ETHER.
$ MULTINET
TCPDUMP NET IRIS-ETHER
. . .
This example displays all FTP traffic being sent to host BETTY.EXAMPLE.EDU.
$ MULTINET
TCPDUMP -
_$ DST HOST BETTY.EXAMPLE.EDU AND (PORT FTP OR PORT
FTP-DATA)
This example displays IP traffic not sent from or destined for the network IRIS-ETHER. If IRIS-ETHER is the local network, only transient traffic displays.
$ MULTINET TCPDUMP IP AND NOT NET IRIS-ETHER
Attempts to trace the route that an IP packet follows to another Internet host.
MULTINET TRACEROUTE host [data_length]
TRACEROUTE finds the intermediate hops by sending probe packets with a small TTL (time-to-live), then listening for an ICMP "time exceeded" reply from a gateway. It starts probing with a TTL of one, then increases by one in each successive probe until an ICMP "port unreachable" reply is received (indicating that a probe reached the host) or the TTL exceeded 30 (the default maximum).
By default, three probes are sent at each TTL setting, and a line is printed showing the TTL, the gateway address, and round trip time of each probe. If the probe answers come from different gateways, the address of each responding system is printed. If there is no response within a five-second timeout interval, a * is printed for that probe. TRACEROUTE prints a ! after the time if the TTL is less than or equal to one. The following table shows other possible annotations:
|
Annotation |
Meaning |
|
!H |
Host unreachable |
|
!N |
Network unreachable |
|
!P |
Protocol unreachable |
|
!S |
Source route failed |
|
!F |
Fragmentation needed |
The !S and !F annotations are rare and indicate that the associated gateway is not working properly. If most of the probes result in "unreachable" annotations, TRACEROUTE stops running and exits.
host
Specifies the target host to which you want to determine the route.
data_length
Specifies the amount of data sent in each ICMP Echo Request packet.
/DEBUG
/NODEBUG (default)
Enables socket-level debugging in the MultiNet kernel. This qualifier is used only for debugging the MultiNet kernel.
/IPV6
Specifies that an IPv6 trace is desired. (The default is IPv4.)
/MAXIMUM_TTL=maximum_ttl
Specifies the maximum TTL (time-to-live) to explore looking for ICMP Time Exceeded responses. If not specified, the default of 30 hops is used.
/MINIMUM_TTL=minimum_ttl
Specifies the minimum TTL to explore looking for ICMP Time Exceeded responses. If not specified, the default of 1 hop is used.
/NUMBER_OF_PROBES=n
Specifies the number of probe packets sent to each hop (by default, 3).
/OUTPUT=filename
Redirects TRACEROUTE output to a file.
/PORT=udp_port
Specifies a non-standard port number. TRACEROUTE sends data to an unused port and expects an error message. If the default port of 33434 is in use, use /PORT to specify another.
/ROUTE (default)
/NOROUTE
Disables any IP routing of the ICMP packets. The default, /ROUTE, allows IP routing to send the packet to destinations separated by gateways.
/SOURCE=ip_address
Specifies the local IP address from which packets are sent.
/SYMBOLIC_ADDRESSES (default)
/NOSYMBOLIC_ADDRESSES
Specifies that IP addresses are displayed numerically instead of being converted into host names.
/TYPE_OF_SERVICE=tos
Specifies the Type-Of-Service (TOS) field of the IP packet. The default TOS is 0 (no specific type of service).
/VERBOSE
/NOVERBOSE (default)
Displays extra information as ICMP packets are sent or received.
/WAIT_TIME=seconds
Specifies how long TRACEROUTE waits for responses (by default, 5 seconds).
This example shows tracing a route to an NSFnet gateway. Note: lines 2 and 3 are the same. This is because the gateway lilac-dmc.Berkeley.Edu has a kernel bug that causes the system to forward packets with a TTL of zero.
$ MULTINET
TRACEROUTE NIS.NSF.NET
traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 38 byte packet
1 FLOWERS.BARRNET.NET (192.41.228.71) 0 ms 0 ms 0 ms
2 UCSC.BARRNET.NET (131.119.46.7) 10 ms 0 ms 20 ms
3 SU1.BARRNET.NET (131.119.1.5) 10 ms 20 ms 20 ms
4 SU-B.BARRNET.NET (131.119.254.201) 20 ms 20 ms 20 ms
5 E-NSS.BARRNET.NET (192.31.48.244) 50 ms 10 ms 20 ms
6 t3-1.cnss9.t3.nsf.net (140.222.9.2) 20 ms 10 ms 20 ms
7 t3-3.cnss8.t3.nsf.net (140.222.8.4) 20 ms 30 ms 30 ms
8 t3-0.cnss24.t3.nsf.net (140.222.24.1) 70 ms 60 ms 60 ms
9 t3-0.cnss40.t3.nsf.net (140.222.40.1) 70 ms 70 ms 60 ms
10 t3-0.cnss41.t3.nsf.net (140.222.41.1) 70 ms 70 ms 60 ms
11 t3-0.enss131.t3.nsf.net (140.222.131.1) 70 ms 80 ms 80 ms
12 nis.nsf.net (35.1.1.48) 80 ms 80 ms 70 ms
$
The X11DEBUG utility performs four tests that check the most common causes of problems encountered when running X11 clients over MultiNet:
· Checks for the UCX driver.
· Verifies that a DISPLAY has been defined with the SET DISPLAY command.
· Checks TCP/IP connections.
· Verifies that the X11 client can access the server.
If any of these tests fail, X11DEBUG recommends a course of action to resolve the problem. Otherwise, X11DEBUG displays the message, "%X11DEBUG-S-PASSEDALL, passed all X11 tests."
MULTINET X11DEBUG [/LOG]
/LOG
/NOLOG (default)
Enables additional debugging information.