TCX Sky Communications Programming Ref
TCX Sky Communications Programming Ref
TCx Sky
Communications Programming
Reference
Version 1.2
TC62-0036-03
1
Note:
Before using this information and the product it supports, be sure to read Safety Information-Read This First, Warranty
Information, Uninterruptible Power Supply Information, and the information under Notices.
December 2019
This edition applies to Version 1.2 of the licensed program TCx Sky (program number 4690-SK1) and to all subsequent
releases and modifications until otherwise indicated in new editions.
If you send information to Toshiba Global Commerce Solutions (Toshiba), you grant Toshiba a nonexclusive right to use or
distribute whatever information you supply in any way it believes appropriate without incurring any obligation to you.
© Copyright Toshiba Global Commerce Solutions, Inc. 2013, 2019
Contents
Figures.......................................................5 Telnet server......................................................................44
Enhanced Telnet server (ADXHSIUL.286)................... 45
Tables........................................................ 7 LPR client (ADXHSIRL.286)........................................... 47
Rexec client (ADXHSIXL.286)........................................ 48
PCNFSD authentication server...................................... 48
Safety.........................................................9 4690 TCP/IP programming libraries.....................................49
16-bit to 32-bit conversion............................................... 49
Retrieving the local host name..............................................50
About this guide..................................... 11 TCP/IP in the terminal............................................................50
Who should use this guide.................................................... 11
Where to find more information...........................................11
TCx Sky Library................................................................11 Chapter 3. Using IP Filters..................... 51
Notice statements....................................................................12 IP Filters Overview................................................................. 51
Filter rules................................................................................ 51
Configuring filters...................................................................51
Summary of changes............................. 13 User-defined filter rules.................................................. 51
December 2019.........................................................................13 Predefined filter rules...................................................... 52
March 2019............................................................................... 13 Direction............................................................................ 52
December 2018.........................................................................13 Subnet masks.................................................................... 52
Examples of filter rules....................................................52
Filters and intrusion detection and prevention........... 54
Chapter 1. Introduction to 4690 IP Filter commands ................................................................57
genfilt command (adxipsgf.386).....................................57
communications..................................... 15 actfilt command (adxipsaf.386)...................................... 60
TCP/IP support........................................................................15
chfilt command (adxipscf.386)....................................... 61
mvfilt command (adxipsmf.386).................................... 63
rmfilt command (adxipsrf.386).......................................64
Chapter 2. Using TCP/IP in the lsfilt command (adxipslf.386)......................................... 64
operating system....................................17 gentun command (adxipsgt.386)....................................65
4690 TCP/IP file naming conventions.................................. 17 ipsecstat command (adxipsst.386)................................. 66
Configuring 4690 TCP/IP....................................................... 19
Enhanced loopback address configuration using
ifconfig...................................................................................... 21 Chapter 4. Using the Linux Secure
Identifying a network router.................................................21 Shell in the Operating System...............69
Using TCP/IP Host Names.................................................... 22
Introduction to SSH................................................................ 69
resolv File...........................................................................22
Coexistence with and Migration from 4690 Version 6
Hosts File........................................................................... 22
SSH............................................................................................ 69
Linux applications and Host Name resolution............23
Enabling SSH........................................................................... 70
Configuring TCP Keepalive and Connection
Hybrid File Name Use in Configuration Files....................70
Establishment Timer Values..................................................23
SSH Server (sshd)....................................................................71
Setting Up and Using Other TCP/IP Applications.............24
SSH sessions.............................................................................72
INETD Superserver (ADXHSI9L.286)........................... 24
Enhanced security permissions.............................................72
FTP Client (ADXHSIGL.286).......................................... 24
4690 OS account lockout........................................................ 73
FTP Server (ADXHSIFL.286).......................................... 25
Configuring the SSH server...................................................73
NFS server (ADXHSINL.386)......................................... 27
Other comments on SSH configuration............................... 73
NFS client (ADXHSIDL.286)...........................................29
Troubleshooting the SSH server........................................... 74
Telnet client (ADXHSIVL.286)....................................... 29
Secure FTP server....................................................................75
BOOTP client (ADXHSIBL.286)..................................... 29
SSH client programs............................................................... 75
BOOTP server (ADXHSIAL.286)................................... 30
Troubleshooting SSH Client Configuration issues............ 76
Configuring the PXE environment and DHCP
SSH Client shell....................................................................... 76
Server (DHCPD.386)........................................................ 31
Secure FTP client..................................................................... 77
Using TCC and PXE in a routed environment.............39
Secure Copy (SCP).................................................................. 77
Using the Remote Terminal Utility................................40
SSH key generator...................................................................78
SNMP agent (ADXHSI1L.286)........................................42
SFTP/SCP file permissions.....................................................78
Notice statements
Notices in this guide are defined as follows:
Note
These notices provide important tips, guidance, or advice.
Important
These notices provide information or advice that might help you avoid inconvenient or
problem situations.
Attention
These notices indicate potential damage to programs, devices, or data. An attention notice
is placed just before the instruction or situation in which damage could occur.
CAUTION
These statements indicate situations that can be potentially hazardous to you. A caution
statement is placed just before the description of a potentially hazardous procedure step
or situation.
DANGER
These statements indicate situations that can be potentially lethal or extremely hazardous
to you. A danger statement is placed just before the description of a potentially lethal or
extremely hazardous procedure step or situation.
December 2019
This edition of TCx Sky 1.2 includes:
• The addition of the Sky Product Build tool for generating Product Control files
• Support for Python 3 and terminal support of Python applications
• Container updates
• Support for TCx 300 4810-3x0 and 3x1
• Support for TCx 700 4900-xx6 and xx7
March 2019
This edition of TCx Sky Version 1 Release 1.2 includes support for iButton, KVM support, DB
support for postgres, Remote terminal hard drive format, Rxtx - Locking to serial port, extended
graphics screen support of pseudo keypad, and Windows preload system support. Includes fixes
and security updates.
December 2018
This edition of TCx Sky Version 1 Release 1.1 includes support for TCx 800 all-in-one POS
system, TCx Dual Station Printer, TCx Single Station Printer and Infrastructure for McAffee
Whitelisting. Includes fixes and security updates.
This guide assumes that you are familiar with communications concepts and functions.
Knowledge of communication protocols is vital in understanding this chapter and this guide.
4690 OS is now TCx Sky. Toshiba Global Commerce Solutions has partnered with Wind River®
to create TCx Sky, building the reliability of 4690 OS onto a base of Wind River Linux, the
leading embedded Linux provider. The term "4690 OS" continues to appear throughout the
documentation and product screens.
TCP/IP support
TCP/IP protocols are supported by the 4690 Operating system. In addition, common TCP/IP
applications are provided by the operating system. User-level access to TCP/IP is provided
through the socket programming interface to allow users to write their own applications. Details
of 4690 TCP/IP support are provided in this document.
This chapter describes using TCP/IP in both store controllers and terminals. Configuring the PXE
environment and configuring a DHCP server are discussed in this chapter. The chapter assumes
you are familiar with TCP/IP and, therefore, describes only how TCP/IP is used with the
operating system. If you need detailed information about TCP/IP, see the Transmission Control
Protocol/Internet Protocol for 4690 Application Interface Guide, which can be found at
www.toshibacommerce.com. Select Support > Publications to find information on the following
items.
TCP/IP support within the operating system is implemented as a communications device driver,
similar to the NetBIOS driver. 4690 TCP/IP can operate concurrently with NetBIOS and Terminal
Controller Communications (TCC) protocols.
4690 TCP/IP is supported on the Ethernet network. All Ethernet adapters supported by the
operating system are supported by 4690 TCP/IP. All 4690 TCP/IP functions and applications are
available on the Ethernet LAN. 4690 TCP/IP is supported on only one Ethernet interface.
User-level access to the driver is provided through the socket programming interface. A socket
runtime library is provided that can be linked to user-written applications. In addition to the
TCP/IP driver and socket library, a SNMP agent is implemented.
The 4690 TCP/IP stack does not provide the client or server implementation of the SOCKS proxy
protocol. In the case of an internal (enterprise) network within a firewall, TCP/IP applications are
not enabled to communicate through that firewall.
4690 TCP/IP can operate in one of two 4690 system configurations:
• 4690 LAN environment in which Distributed Data Application (DDA) is being used for store
controller communications, file mirroring, and file services. In this environment the 4690
store controller can have a role of Master, File Server, Alternate Master, Alternate File Server,
or Subordinate.
• Non-DDA LAN environment in which the store controller operates independent of any other
controller on the LAN. Typically, this environment consists of a single store controller
connected with other machines using a LAN adapter. It is normally designated as the Master
store controller although there are no Alternate or Subordinate store controllers.
When running TCP/IP applications in the controller, it is recommended that the HOSTNAME
logical name be defined to the value of the TCP/IP host name of the controller.
where ip_address contains this machine’s (host) Internet address in a dotted decimal format. For
example 9.67.39.81 is a valid address. The assignment of addresses for a proprietary network are
enterprise defined. Addresses for the public Internet must be obtained from the administrators
of the Internet. All TCP/IP hosts in the network should have a unique Internet address. The
logical name lan0 represents the Ethernet interface.
Depending upon your configuration, you might have to use the netmask parameter on the
ifconfig command. For example:
ifconfig lan0 <ip_address> netmask 255.255.248.0
This parameter tells the TCP/IP stack how to interpret the IP address.
Note: IP addresses can be specified as decimal, hexadecimal, or octal. A leading 0x indicates hex.
A leading 0 (zero) indicates octal. Anything else indicates decimal. For example, the following
three IP addresses are identical.
• 9.67.39.83
• 0x9.0x43.0x27.0x53
• 011.0103.047.0123
In TCP/IP files that contain IP addresses, any leading zeros in the addresses are interpreted as
octal, not decimal. However, in terminal configuration, IP addresses are read as decimal.
If your system will run Linux applications which require IP communications, the eloopaddr
parameter may also be required on the ifconfig command. Refer to “Enhanced loopback
address configuration using ifconfig” on page 21 for more details.
After configuring TCP/IP on a 4690 store controller, it is advisable to use the following utilities to
ensure that your network is configured properly.
• netstat -a displays the addresses of the configured IP network interfaces.
• ifconfig lan0 displays IP configuration information for the specified interface.
• ping <ip address> sends an echo request to <ip address> to determine if a remote host is
accessible. If successful, your TCP/IP network is operational.
ADXHSI2L can accept a single parameter that indicates the maximum number of sockets that
can be active at any one time. If no parameter is specified, the default is 48 sockets, which is
sufficient for most instances. If more sockets are needed, enter a value between 49 and 600 after
the ADXHSI2L command. For example, to configure 217 sockets, edit the line to read:
adxhsi2l 217
Note:
1. Additional memory is allocated for each socket above 48 (about 2 KB per socket) regardless
of whether the socket has an active connection. Also, when set to a value, the maximum
number of sockets cannot be changed by a subsequent call of ADXHSI2L. The maximum
number of sockets can be set only once after a machine IPL. The maximum sockets value
represents the combined total of both UDP and TCP sockets.
ifconfig lan0 10.1.1.1 netmask 255.255.255.0 eloopaddr last (configures the eloopaddr
as 10.1.1.254)
To configure the enhanced loopback address on the terminal, modify the Terminal IP
configuration file, adx_spgm:ipconfig.dat, and add a new line to configure the eloopaddr
parameter as follows:
After changing adx_spgm:ipconfig.dat, run terminal loadshrink (adxrtccl) and reload the
terminal.
To configure the enhanced loopback address on a controller configured for bootp, add an
ifconfig command to the bootp configuration file, adx_sdt1:adxbp??z.bat, with only the
eloopaddr parameter as follows:
ifconfig lan0 eloopaddr last
where router_ip_address identifies the Internet address of the network router in a dotted decimal
format. The ROUTE command should follow the IFCONFIG command in the configuration
batch file ADXIP??Z.BAT.
resolv File
TCP/IP attempts to contact the name server only if the C:\ADX_SDT1\ADXHSIRF.DAT RESOLV
file exists and identifies the domain and the address of the name server. During the 4690 TCP/IP
installation, a sample RESOLV file is copied onto the 4690 store controller. The domain and
nameserver entries in this sample RESOLV file are commented out. If your TCP/IP network uses
a name server, you should uncomment both of these entries in the RESOLV file and then change
them to match your IP network configuration. Otherwise, host names are resolved using your
local HOSTS file (See “Hosts File” on page 22).
You do not need to modify the sample RESOLV file if you are not using a name server. But, any
invalid entries in this file (such as an invalid IP address in the name server entry) causes name
resolution to be attempted, which could result in unnecessary delays.
Note: A 4690 store controller cannot be a name server. Therefore, the RESOLV file should not
identify a 4690 host Internet address. Refer to the sample RESOLV file for the format of its entries.
Hosts File
The local HOSTS file, C:\ADX_SDT1\ADXHSIHF.DAT, is searched for a match if any of these
conditions exists:
• A RESOLV file does not exist or is not configured
• The name server cannot resolve the name to an Internet address
• The ADXDSN2S logical name is defined
The HOSTS file correlates a host name to an Internet address. You can have numerous host
name and Internet address pairs in the HOSTS file. If you are not using a name server, you
should update the HOSTS file with names and addresses of those hosts with whom this machine
will normally communicate.
A sample HOSTS file is copied onto the controller when 4690 TCP/IP is installed. Some example
HOSTS file entries are shown below:
9.67.39.80 cc # 4690 controller CC
9.67.39.81 dd # 4690 controller DD
9.67.39.82 isp # TCP/IP In-Store Processor
TRUSERS file
This file, C:\ADX_SDT1\ADXHSIUF.DAT, should contain an entry for each client with whom
the server will maintain an FTP session. You should update this file with the FTP clients to
which you want to grant access.
In addition to user ID and password information in the TRUSERS file, each entry lists the read
and write access privileges for that user. Access can be granted per drive or directory for
physical drives A:, C:, and D: and RAM drives T:, U:, V:, and W:. In addition, the 4690 printer
can be used as a file transfer destination for copying files directly from the client to a print
queue, for example prn7:.
A sample TRUSERS file is copied onto the controller during 4690 TCP/IP installation. This file
contains an entry for user anonymous (no password required) and gives read and write access to
the C:\ drive and its subdirectories.
Specify multiple drives or directories by listing them on the same line, separated by a blank, as
shown in the following example.
Note: The TRUSERS file must exist in order for the FTP server to successfully initialize. If the
server cannot access the C:\ADX_SDT1\ADXHSIUF.DAT file, it will reject the client logon
request, log a system message, and then terminate.
This command causes the 4690 FTP server to start testpgm.286 as a 4690 background application.
The FTP server returns a message to the FTP client stating that the program has been started.
The server does not wait for the background program to complete.
The program name must be fully path-qualified and is limited to 22 characters. If using path-
qualified program names from a UNIX client, you might need to surround the entire quote
string in double quotes if the backslash character is required. Optionally, you can use forward
slash for the path name delimiter.
Program parameters can be specified immediately following the program name, each separated
by at least one blank. The length of the parameter list cannot exceed 46 characters. The program
will be started with default priority of 200 and cannot be changed.
User authority to start background applications using the quote command is granted through the
TRUSERS file. A special execution access privilege is granted to clients using the ex: tag for the
user. This tag is similar to the rd: and wr: tags used to grant read and write privileges. The
sample TRUSERS file, ADXHSIUF.DAT, contains an entry for user:anonymous (no password
required), and grants read access (rd:) for drive C:\ (and all subdirectories of the root directory).
The sample TRUSERS file also contains an entry for user:ftpuser with the password of
4690tcpip, and grants write access (wr:) for drive C:\ (and all subdirectories of the root
directory), read access (rd:) for drive C:\ (and all subdirectories of the root directory), and
background application initiation access (ex:). This entry is shown as:
user: anonymous
rd: c:\
user: ftpuser 4690tcpip
wr: c:\
rd: c:\
ex:
Note: The 'ex:' tag does not require additional parameters. Any user without execution authority
will receive a message from the FTP server indicating that they are not authorized to start
background applications.
Performance
In many cases, a typical NFS server (UNIX-based) will be running on a high-performance
network server machine with multiple clients concurrently mounted to multiple file systems. In
addition, the high-performance server might be a dedicated file server in the network and,
therefore, can have little or no other contention for its CPU. NFS clients are designed with the
intention that there is a high-performance server available. It is extremely likely that a client will
send multiple block-read requests simultaneously (such as if reading from the 4690 files) or
transmit multiple block-write requests simultaneously (such as if writing to the 4690 files).
In addition, most clients have relatively short timeout values if a response from the server is not
received. When the timeout expires, a retransmission of the block-read or block-write occurs.
This timeout/retransmission sequence can actually make the load worse on the potentially
already loaded server. Performance of the 4690 NFS server can be degraded under these
conditions, especially considering the controller can be executing many applications of higher
priority than NFS.
There are two approaches you could take if you suspect that your NFS performance could
improve. First, to help alleviate potential performance degradation, you should change the NFS
read/write timeout for the mounted file system (4690 drive) to a higher value than the default.
For example, on the AIX® operating system, the NFS client timeout is 0.7 seconds. A
recommended timeout of 7-10 seconds might help keep retransmissions low due to timer
expiration. Second, consider using FTP when a large file transfer is required.
Note: The previous example includes comment lines, which begin with the pound sign (#), to
explain the intent of the line. Comment lines are optional. This example is not meant to imply
that comment lines are required as part of the file.
The EXPORTS file is read only during NFS server startup. Therefore, if you change the
EXPORTS file, you must stop and restart the NFS server for the changes to take effect.
ADXBP??Z.BAT
ifconfig lan0 <ip_address> ...
route add default <router_ip_address> ...
Using this example, when the BOOTP server is available and does respond, the BOOTP client
updates the batch file ADXBP??Z.BAT. It then returns control to the configuration batch file
ADXIP??Z.BAT, which then invokes the newly created configuration.
However, in the event that the BOOTP server is unavailable or does not respond to the BOOTP
client request in the timeout period, the 4690 would be able to initialize its interface based on the
current contents of the ADXBP??Z.BAT file.
Note: Prior to contacting a BOOTP server, the BOOTP client clears the IP address of the
controller, so the IP configuration batch file must be run if network initialization is to occur. This
is the case whether the BOOTP request was successful or failed.
PXE Configuration
Complete the following steps to configure the PXE environment:
1. Change the boot protocol in your terminal setup to PXE. Because this process is different for
each terminal type, refer to the manuals that shipped with your terminal for instructions on
how to change the boot protocol.
Note: If the terminal has a hard disk drive, disable the hard disk drive in the boot sequence
in your terminal setup.
2. Ensure the 4690 controller is configured for TCP/IP. See “Configuring 4690 TCP/IP” on page
19 for additional information.
3. Configure the DHCP server environment on the 4690 controller as described in
“Configuring the DHCP Server” on page 32.
The Subnet address is the address of the subnet of this controller as configured in
ADXIPxxZ.BAT. The subnet address is specified in dotted decimal notation, for example,
9.17.32.0 or 128.81.22.0. The subnet must be within the subnet mask, and the address can be no
longer in bits than the subnet mask. For example, if the subnet mask is 255.255.255.0, the address
9.67.10.128 is too long. The subnet address can be optionally followed by the Subnet Mask or a
range.
The Subnet Mask for the subnet is specified in dotted decimal notation or in integer format. A
subnet mask divides the subnet address into a subnet portion and a host portion. If no value is
entered for the subnet mask, the default is the class mask that is appropriate for an A, B, or C
This entry allows TCP/IP applications to address the terminal as host name, T0055005, rather
than the dotted decimal IP address. The #DHCP comment indicates that this entry was added by
DHCPINFO utility
DHCPINFO is a utility for displaying DHCP Server configuration information and lease status,
for removing leases, and for applying updates to the DHCP server configuration. The format for
the DHCPINFO Utility is shown below.
Where:
• dhcpinfo with no options displays DHCP server configuration information and lease status
on the local machine.
• -s specifies a remote server IP address for displaying status, removing leases, updating the
DHCP server, RTU configuration or supplemental boot mode configuration.
• -r specifies the IP address of an individual lease to remove or "all" for removing all leases.
• -u updates the DHCP server configuration using the current active configuration file. This
option allows you to apply a modified DHCP configuration without a controller IPL.
• -t applies the DHCP Remote Terminal Utility (RTU) option with the specified RTU Server IP
address or removes the applied RTU option if 0 is specified. The DHCP RTU option is active
only in DHCP server memory and is not retained on a controller IPL. Also, dhcpinfo -t
internally performs a DHCP configuration update (dhcpinfo -u) to apply the RTU option
settings; therefore any modifications in the active DHCP Server configuration file will also be
applied with dhcpinfo -t. Refer to “Using the Remote Terminal Utility” on page 40.
• -b supps applies the DHCP option to enable network supplemental boot or removes the
option if 0 is specified. By default, supplemental boot mode is enabled for a period of five
minutes and is automatically disabled after this time period. For more information on the
network supplemental boot option, refer to "Booting Enhanced Supplementals over the
network" in the TCx Sky User's Guide.
• -v -b supps parameter to set a time-out period (0-60 minutes) for the supplemental boot
mode other than the default of 5 minutes. A value of 0 indicates no time-out on supplemental
boot mode and the user may manually disable using the -b 0 parameter.
Examples:
dhcpinfo
displays the status of the DHCP server on the local machine
dhcpinfo -s 1.1.1.2
displays the status of the DHCP server that is running at IP address 1.1.1.2
dhcpinfo -r 1.1.1.5
removes the lease for the IP address 1.1.1.5 (local server)
dhcpinfo -r all
removes all the leases assigned by the local DHCP server
dhcpinfo -u
updates the configuration of the DHCP server running on the local machine
dhcpinfo -t 1.1.1.1
sets DHCP RTU option to 1.1.1.1 on local DHCP server
dhcpinfo -t 0
clears DHCP RTU option on local DHCP server
dhcpinfo -t 0 -s 1.1.1.2
clears DHCP RTU option on DHCP server 1.1.1.2
dhcpinfo -b supps
enables network supplemental boot on the DHCP server on the local machine for a
period of 5 minutes
dhcpinfo -b supps -v 10
extends the period of time the supplemental boot is enabled to 10 minutes
dhcpinfo -b supps -v 0
enables network supplemental without a timeout period
dhcpinfo -b 0
disables network supplemental boot on the DHCP server on the local machine
dhcpinfo -b 0 -s 1.1.1.2
disables network supplemental boot on the DHCP server that is running at IP address
1.1.1.2
Following is a sample of output from the DHCPINFO Utility along with descriptions of the
output fields.
Address:
The IP addresses that are configured for assignment by this DHCP server.
Status:
• Available - The address is available for assignment by the DHCP server.
Lease:
The amount of time in seconds of the lease for this address. The amount of time might
also be "Infinite" if it is a permanent lease. Reserved and in use addresses are also timed
with a short lease.
Client ID:
The MAC address of the client.
Last Leased:
The time when the DHCP server last assigned the address.
RTU Server:
The IP address that is configured for RTU by this DHCP server or none if an RTU server
is not configured.
A DHCP option is used to trigger RTU requests on the terminal. The DHCP RTU option includes
the IP address of the controller running the RTU server. The user configures the RTU DHCP
option on each controller running a DHCP server. When a PXE terminal is booted, the RTU
DHCP option is included with the DHCP information provided to the terminal PXE bootstrap
and indicates to request RTU information from the RTU server running at the IP address
specified.
The DHCP RTU option is configured in one of two ways. The first method is to update the
DHCP Server Configuration file with the rtuserver keyword followed by the IP address of the
controller running the RTU server as shown below:
rtuserver 1.1.1.1
When the DHCP configuration file has been modified, the DHCP configuration is applied using
either dhcpinfo -u or by a controller IPL.
Another method of configuring the DHCP option is to use the -t parameter of the dhcpinfo
command to enable or disable RTU dynamically. Refer to “DHCPINFO utility” on page 36 for
more information.
If the RTU option is enabled, the terminal sends a request to the RTU server to inquire if it
should load a special image. The server responds with either an image name to load or indicates
to continue booting normally. The terminal uses TFTP to transfer the image and notifies the
server of the success or failure of the load. If successful, the terminal passes control to the RTU
image and the server updates its list of terminals to be processed indicating this terminal has
completed its RTU image load. The server also modifies the RTU configuration file with a
comment character (#) in column 1 of that entry. If the RTU image does not load, the terminal
remains in the RTU list to be attempted again on the next terminal reload and the terminal
continues to boot normally.
The RTU server maintains a log with time-stamped entries indicating success or failure of
terminals loading RTU images. Other RTU status, errors and informational messages are also
logged by the RTU server to maintain a history of RTU activity.
Note: The results of the actual utility started by the RTU service are not available to 4690 OS.
MIB-II
Extension of the MIB objects can be accomplished using the SNMP Distributed Program
Interface (SNMP DPI) for 4690. The SNMP DPI enables enterprise-specific MIB objects to be
Telnet server
The 4690 Telnet server can support a VT100, ANSITERM, or 3151 Telnet client. The following
4690 Telnet server characteristics must be noted:
• Only one client can access the 4690 Telnet server at a time.
• When logged on to the 4690 Telnet server, the client shares the main system keyboard and
display.
For an alternative Telnet server that does not have these limitations, see “Enhanced Telnet server
(ADXHSIUL.286)” on page 45.
Operation
A Telnet entry should be included in the INETD data file, C:\ADX_SDT1\ADXHSIIF.DAT, so
that the INETD superserver can start the Telnet server when a client attempts a connection. The
example INETD data file copied onto the store controller during 4690 TCP/IP installation
contains a Telnet entry. The INETD superserver will start the Telnet server automatically
whenever a client issues a connection request.
Using a keyboard
The 4690 System Request function is mapped to the tilda-backquote (~`) key transmitted by the
Telnet client. Other function keys transmitted from the PS/2®-style keyboards are known to
operate consistently with function keys entered from the 4690 keyboard.
Note: Due to time delays in some network environments, the Telnet server might need to issue
more than one read to get an entire function key sequence. For most networks, a 50 ms delay is
sufficient for the entire key sequence to arrive. If you are using a WAN environment or a slow
network, you might need to define the logical name TNDESCTO to the number of milliseconds
you want the Telnet server to wait for an entire function key sequence. The default is 50 ms.
Suggested values are 250 to 1000 ms (1/4 to 1 full second).
The local keyboard will be unlocked upon a normal or abnormal end of the Telnet server, or it
can be unlocked with the following command:
ADXHSILL UNLOCK
Also, you can lock and unlock the local keyboard from any screen without using the ADXHSILL
command directly. Typing Ctrl+B blocks the local keyboard and typing Ctrl+U unblocks it.
Log files
The 4690 Telnet server is actually composed of two processes working together. Program
ADXHSIIL.286 is the keyboard input process, and program ADXHSISL.286 is the screen output
process. Both of these programs can log messages into the ADXHSIIL.LOG and ADXHSISL.LOG
files in the ADX_UPGM subdirectory.
Operation
A Telnet entry should be included in the INETD data file, C:\ADX_SDT1\ADXHSIIF.DAT, so
the INETD superserver can start the Telnet server when a client attempts a connection. The
example INETD data file copied onto the store controller during 4690 TCP/IP installation
contains the following entry for the regular Telnet server:
telnet tcp ADX_SPGM:ADXHSIIL.286
Note: The INETD superserver will start the Telnet server automatically whenever a client issues
a connection request.
Using a keyboard
By default, the backquote character (`) is mapped to the 4690 System Request function. However,
you can change this by defining a user logical file name of ADXTNDSR, which contains the
ASCII value for the single character you want to map to the 4690 System Request. Also, if you
are using a VT220 client, you can use Alt+F12 as an alternate way to generate a 4690 SysRq.
For example, click Controller Configuration, User Logical File Names, and define the name
ADXTNDSR to have a value of 1. Now, when you Telnet into the 4690 store controller, pressing
Ctrl+A takes you to the system keys menu.
Log files
The 4690 Enhanced Telnet server does not log messages to any files. Information messages will
be displayed on the background application control panel in the MESSAGE field for the
corresponding Telnet server.
This command sends the print job to the remote TCP/IP LPD print server.
Note: If you want to use the LPR_SRV or LPR_PRT logical names, as described in “LPR client
(ADXHSIRL.286)” on page 47, with the print spooler function, these logical names must be
system-level defined logical names. The print spooler will not find process-level logical names.
where:
Name
Specifies the address of an array of bytes where the host name is to be stored
NameLength
Specifies the length of the Name array
Upon successful completion, a value of 0 (zero) is returned, and the Name array contains the
TCP/IP host name of the local host. If the gethostname() function is unsuccessful, a value of -1
is returned.
In order to retrieve the local host name, you must define the user-defined logical name
HOSTNAME. This logical name contains the fully-qualified TCP/IP host name of the local host.
Upon successful completion, the Name array will contain the value of the HOSTNAME logical
name. If HOSTNAME is not defined, gethostname() will complete successfully and the Name
array will contain “localhost” for the TCP/IP host name. For more information on user-defined
logical names, see the TCx Sky User's Guide.
This chapter describes using IP Filters in your 4690 operating system. IP Filter support is only
available on 4690 controllers and only provides filtering for the native 4690OS TCP/IP stack.
Refer to the TCx Sky Planning, Installation and Configuration Guide for information about enabling
IP Filters during system configuration.
Note:
1. The options included in this product can help your company address the PCI DSS
requirements.
2. The customer is responsible for evaluation, selection and implementation of security
features, administrative procedures and appropriate controls.
3. PCI DSS is Payment Card Industry Data Security Standards.
IP Filters Overview
Filtering is a function in which incoming and outgoing packets can be accepted or denied based
on a variety of characteristics called rules. This function allows you to configure the store
controller to control the traffic between this controller and other hosts. Filtering is done on a
variety of packet properties, such as source and destination addresses, subnet masks, protocol,
port, fragmentation, interface, and tunnel definition. This filtering is done at the IP layer, so no
changes are required to the applications.
Filter rules
Filter rules provide basic firewall functionality to those who want to restrict traffic to or from
their machine in an intranet or in a network that does not have the protection of a true firewall.
In this scenario, filter rules provide a second barrier of protection around a group of machines.
After the filter rules are generated, they are stored in a table and loaded into the driver. When
packets are ready to be sent or received from the network, the filter rules are checked in the list
from top to bottom to determine whether the packet should be permitted, denied, or sent
through a tunnel. The criteria of the rule are compared to the packet characteristics until a match
is found or the default rule is reached.
Configuring filters
Filtering can be simple, using mostly auto-generated filter rules, or can be customized by
defining very specific filter functions based on the properties of the IP packets. Each line in a
filter table is known as a rule. A collection of rules determine what IP packets are accepted in and
out of the machine and how they are directed. Filter rules can control many aspects of
communications, including source and destination addresses and masks, protocol, port number,
direction, fragment control, tunnel, and interface type. The types of filter rules are as follows:
• User-defined filter rules
• Predefined filter rules
Direction
The direction flag (-w) of the genfilt command specifies whether the rule should be used
during input packet processing or output packet processing or both. When filtering is turned on,
at least one rule determines the fate of any incoming or outgoing network packet. For example,
when a packet is sent out from host A to host B, the outgoing IP packet has the source address of
A and the destination address of B. On host A this packet is processed by the filter driver during
the outbound processing and on host B during the inbound processing.
Note: The direction both implies that the associated rule is used for both incoming and outgoing
packets. However, it does not mean that the rule is applied when the source and destination
addresses are reversed. For instance, if server A has a rule with A as source address and B as
destination address and the direction is set to both, then the rule does not apply on server A to
an incoming packet with B as the source address and A as the destination address. Typically the
both option is used in gateways that forward the packets.
Subnet masks
Associated with filter rules are Subnet masks.Subnet masks are used to group a set of IP addresses
that are associated with a filter rule. The mask value is logically ANDed with the IP address in
the filter rule (using binary format) and compared to the IP address specified in the packet. For
example, a filter rule with a source IP address of 10.10.10.4 and a subnet mask of
255.255.255.255 (binary 11111111.11111111.11111111.11111111) specifies that an exact match
must occur of the IP address.
A 10.10.10.x subnet is specified using a subnet mask of 255.255.255.0. An incoming address
would have the subnet mask applied to it, then the combination would be compared to the IP
address/subnet mask combination in the filter rule. For example, an address of 10.10.10.100
becomes 10.10.10.0 after the subnet mask is applied, which matches the filter rule. A subnet mask
of 255.255.255.240 allows any value for the last four bits in the address.
1 permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 ah any 0 any 0 both all packets 0 all
0 none none
2 permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 esp any 0 any 0 both all packets 0 all
0 none none
0 permit 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 all any 0 any 0 both all packets 0 all
0 none none Default Rule
Rules 3 and 4 Set of auto-generated rules that filter traffic between addresses 10.10.1.2 and
10.10.1.3 through tunnel 1. Rule 3 is for outbound traffic and rule 4 is for
inbound traffic.
Rules 7 User-defined filter rules that filter outbound file transfer protocol (FTP) service
through 12 from 10.10.1.2 and 10.10.1.5 through tunnel 3.
Commands to generate:
genfilt -s 10.10.1.2 -d 10.10.1.5 -a P -c tcp -o gt -p 1023 -O
eq -P 21 -t 3 -w O
genfilt -s 10.10.1.5 -d 10.10.1.2 -a P -c tcp/ack -o eq -p 21 -O
gt -P 1023 -t 3 -w I
genfilt -s 10.10.1.5 -d 10.10.1.2 -a P -c tcp -o eq -p 20 -O gt
-P 1023 -t 3 -w I
genfilt -s 10.10.1.2 -d 10.10.1.5 -a P -c tcp/ack -o gt -p 1023
-O eq -P 20 -t 3 -w O
genfilt -s 10.10.1.2 -d 10.10.1.5 -a P -c tcp -o gt -p 1023 -O
gt -P 1023 -t 3 -w O
Rule 0 Predefined rule, known as the default rule, which is always placed at the end
of the table. In this example, it permits all packets that do not match the other
filter rules. It can be set to deny all traffic not matching the other filter rules.
Each rule can be viewed separately (using the lsfilt command) to list each field with its value.
For example, entering lsfilt –n 7 shows the following (lsfilt with no parameters would list all the
rules in this format):
Rule 7:
Rule action : permit
Source Address : 10.10.1.2
Source Mask : 255.255.255.255
Destination Address : 10.10.1.5
Destination Mask : 255.255.255.255
Protocol : tcp
Source Port : gt 1023
Destination Port : eq 21
Direction : outbound
Fragment control : all packets
Tunnel ID number : 3
Interface : all
Auto-Generated : no
Expiration Time : 0
Description :
Note: A hexadecimal pattern is differentiated from a text pattern by the leading 0x.
• Files that contain patterns — A file can contain a list, one per line, of text patterns or
hexadecimal patterns.
Rule 0:
Rule action : permit
Source Address : 0.0.0.0
Source Mask : 0.0.0.0
Destination Address : 0.0.0.0
Destination Mask : 0.0.0.0
Protocol : all
Source Port : any 0
Destination Port : any 0
Direction : both
Fragment control : all packets
Tunnel ID number : 0
Interface : all
Auto-Generated : no
Expiration Time : 0
Description : Default Rule
When host 10.10.1.3 attempts an FTP to host 10.10.1.2, a dynamically created effective rule
appears in the active filter list (lsfilt -a) to deny all traffic from host 10.10.1.3 for 2 minutes. The
expiration time shown in the filter rule is approximate as indicated by the tilde (˜). When
the expiration time is reached, the rule is automatically deleted from the active list as shown in
the following example.
Beginning of filter rules.
Rule 1:
Rule action : deny
Source Address : 10.10.1.3
Source Mask : 255.255.255.255
Destination Address : 0.0.0.0
Destination Mask : 0.0.0.0
Protocol : all
Source Port : any 0
Destination Port : any 0
Direction : both
Fragment control : all packets
Tunnel ID number : 0
Interface : all
˜Expiration Time : 92
Rule 2:
Rule action : shunHost
Source Address : 10.10.1.0
Source Mask : 255.255.255.0
Destination Address : 10.10.1.2
Destination Mask : 255.255.255.255
Protocol : tcp
Source Port : any 0
Destination Port : eq 21
Direction : both
Fragment control : all packets
Tunnel ID number : 0
Rule 3:
Rule action : permit
Source Address : 0.0.0.0
Source Mask : 0.0.0.0
Destination Address : 0.0.0.0
Destination Mask : 0.0.0.0
Protocol : all
Source Port : any 0
Destination Port : any 0
Direction : both
Fragment control : all packets
Tunnel ID number : 0
Interface : all
Expiration Time : 0
Timed rules
Timed rules specify the amount of time, in seconds, that the filter rule is applied after it is made
effective with the actfilt -u command. The expiration time is specified with the -e option of the
genfilt command. For more information, see “actfilt command (adxipsaf.386)” on page 60 and
“genfilt command (adxipsgf.386)” on page 57.
Note: Timers have no effect on IF, ELSE or ENDIF rules. If an expiration time is specified in a
shun host or shun port rule, the time applies only to the effect rule that is initiated by the shun
rule. Shun rules have no expiration time.
IP Filter commands
Filters are configured, activated, managed, and displayed using command line functions. These
command line functions save the filter records in configuration files and pass the configuration
to the appropriate drivers by means of special calls. The following sections describe the
commands.
Purpose
Adds a filter rule to the filter configuration database.
Syntax
genfilt [ -n fid] [ -a D|P|I|L|E|H|S ] -s s_addr -m s_mask [-d d_addr] [ -M d_mask] [ -c protocol] [ -
o s_opr] [ -p s_port] [ -O d_opr] [ -P d_port] [ -w I|O|B ] [ -f Y|N|O|H ] [ -t tid] [ -i interface] [-D
description] [-e expiration_time] [-x quoted_pattern] [-X pattern_filename ]
Flags
-a action
The following action values are allowed:
• D (deny) blocks traffic.
• P (permit) allows traffic.
• I (if) makes this an IF filter rule.
• L (else) makes this an ELSE filter rule.
• E (endif) makes this an ENDIF filter rule.
• H (shunHost) makes this a SHUN HOST filter rule.
• S (shunPort) makes this a SHUN PORT filter rule.
Permit is the default action, if no other action is specified.
All IF rules must be closed with an associated ENDIF rule. These conditional rules can be
nested, but correct nesting and scope must be adhered to or the rules will not load
correctly with the actfilt command.
-c protocol
Specifies the protocol. The valid values are: udp, icmp, tcp, tcp/ack, esp, ah, and all. The
value all indicates that the filter rule will apply to all the protocols. The protocol can also
be specified numerically (between 1 and 252). The default value is all.
-D description
A short text description for the filter rule, specified as a quoted character string. This is an
optional flag for user-defined filter rules. Descriptions are truncated at 80 characters.
-d a_addr
Specifies the destination address. It can be an IP address or a host name. If a host name is
specified, the first IP address returned by the name server for that host will be used. This
value, along with the destination subnet mask, will be compared against the destination
address of the IP packets. If unspecified, the destination address defaults to 0.0.0.0
(indicating “any” address).
-e expiration_time
Specifies the expiration time. The expiration time is the amount of time the rule should
remain active in seconds. The expiration_time does not remove the filter rule from the
database. The expiration_time relates to the amount of time the filter rule is active while
processing network traffic. If no expiration_time is specified, then the life time of the filter
rule is infinite. If expiration_time is specified in conjunction with a SHUN PORT (-a S) or
SHUN HOST (-a H) filter rule, then this is the amount of time the remote port or remote
host is denied or shunned when the filter rule parameters are met. If expiration_time is
specified independent of a shun rule, then this value is the amount of time the filter rule
will remain active after the filter rules are loaded into the driver and start processing
network traffic. The valid values for expiration_time are 0 – 2592000 seconds, where 0
represents no expiration.
-f Y|N|O|H
Specifies the fragmentation control. This flag specifies that this rule will apply to either all
packets (Y), fragment headers and unfragmented packets only (H), fragments and
fragment headers only (O), or unfragmented packets only (N). The default value is Y.
-m s_mask
Specifies the source subnet mask. This is used in the comparison of the source address of
the IP packet with the source address of the filter rule. This parameter is required if –d is
not specified. If unspecified, the subnet mask defaults to 255.255.255.255, indicating an
exact match with the specified source address, unless the source address is 0.0.0.0. An IP
address of 0.0.0.0 defaults to a mask of 0.0.0.0 for correct operation of the filter.
-M d_mask
Specifies the destination subnet mask. This is used in the comparison of the destination
address of the IP packet with the destination address of the filter rule. If unspecified, the
subnet mask defaults to 255.255.255.255, indicating an exact match with the specified
destination address, unless the destination address is 0.0.0.0. An IP address of 0.0.0.0
defaults to a mask of 0.0.0.0 for correct operation of the filter.
-n fid
Specifies the filter rule ID for filter rule placement. The new rule will be added BEFORE
the specified filter rule. The ID must be greater than 0 and less than the last filter ID +1, as
shown by the lsfilt command. If this flag is not used, the new rule will be added to the
end of the filter rule table.
-o s_opr
Specifies the source port or ICMP type operation. This is the operation that will be used
in the comparison between the source port or ICMP type of the packet and the source
port or ICMP type (-p flag) specified in this filter rule. The valid values are: lt (less than),
le (less than or equal), gt (greater than), ge (greater than or equal), eq (equal), neq (not
equal), and any. The default value is any.
-O d_opr
Specifies the destination port or ICMP code operation. This is the operation that will be
used in the comparison between the destination port or ICMP code of the packet and the
destination port or ICMP code (-P flag) specified in this filter rule. The valid values are: lt
(less than), le (less than or equal), gt (greater than), ge (greater than or equal), eq (equal),
neq (not equal), and any. The default value is any.
-p s_port
Specifies the source port or ICMP type. This is the value or ICMP type that will be
compared to the source port or ICMP type of the IP packet. The -o option must be
specified when the -p option is used.
-P d_port
Specifies the destination port or ICMP code. This is the value or ICMP code that will be
compared to the destination port or ICMP code of the IP packet. The -O option must be
specified when the -P option is used.
-s s_addr
Specifies the source address. It can be an IP address or a host name. If a host name is
specified, the first IP address returned by the name server for that host will be used. This
value, along with the source subnet mask, will be compared against the source address of
the IP packets.
-w direction
Specifies whether the rule applies to incoming packets (I), outgoing packets (O), or both
(B). The default value is B. It is not valid to use O (outgoing packets) with the -x or -X
pattern options. It is valid to specify the (B) both directions with the pattern options, but
only the incoming packets are checked against the patterns.
-x quoted_pattern
Specifies a pattern to compare against network traffic. The pattern can be specified as a
quoted ASCII character string or a hexadecimal pattern preceded by 0x. The pattern is a
minimum of 4 and a maximum of 2048 ASCII characters or hexadecimal bytes.
Hexadecimal patterns must be specified as full bytes (2 hexadecimal characters per byte).
For long patterns, use the -X option with a pattern file because of the command line size
limitation.
-X pattern_filename
Specifies the pattern file name. If more than one pattern is associated with this filter rule,
then a pattern file name must be used. The pattern file must be in the format of one
pattern per line. A pattern is an unquoted character string, interpreted as an ASCII string
unless preceded by 0x, in which case it is interpreted as a hexadecimal pattern. Each
pattern is a minimum of 4 and a maximum of 2048 ASCII characters or hexadecimal
bytes. Each pattern in the file will be truncated at 2048 ASCII characters or hexadecimal
bytes. Hexadecimal patterns must be specified as full bytes (2 hexadecimal characters per
byte). This file is read when the filter rules are activated.
Note: The 4690 XE editor has a limit of approximately 1024 characters per line; therefore,
pattern files with longer patterns should be created on a different system and transferred
to the controller.
Purpose
Activates or deactivates the filter rules.
Syntax
actfilt -d|u [ -z P|D ] [ -i]
Description
Use the actfilt command to activate or deactivate the filter rules. This command activates or
deactivates the filter rules in the active driver filter table. After being activated, filters will be
matched with incoming and outgoing packets. IPsec filter rules for this command are configured
using the genfilt command.
Flags
-d
Deactivates the active filter rules. This flag cannot be used with the -u flag.
-z P|D
Sets the action of the default filter rule to “permit” (P) or “deny” (D). The default filter
rule is the last rule in the filter rule table that will apply to traffic that does not apply to
any other filter rules in the table. Setting the action of this rule to “permit” will allow all
traffic that does not apply to any other filter rules. Setting this action to “deny” will not
allow traffic that does not apply to any other filter rules.
-i
Initialization flag. This flag only applies when the -u flag is also used. If the -i flag is used,
all the filter rules with an “active” status will be activated. If not used, all the filter rules
in the filter rule table will be activated. The actfilt -u -i command is issued during IPL to
activate the filter rules that were active just before the IPL.
Purpose
Changes a filter rule.
Syntax
chfilt -n fid [ -a D|P|I|L|E|H|S ] [-s s_addr] [-m s_mask] [ -d d_addr] [ -M d_mask] [ -c protocol] [ -
o s_opr] [ -p s_port] [ -O d_opr] [ -P d_port] [ -w I|O|B ] [ -f Y|N|O|H ] [ -t tid] [ -i interface] [-D
description] [-e expiration_time] [-x quoted_pattern] [-X pattern_filename ]
Description
Use the chfilt command to change the definition of a filter rule in the filter rule table. Specify one
or more parameters to change in the filter specified by the -n parameter. All other filter
parameters remain as previously configured by the genfilt command. Auto-generated filter
rules and manual filter rules can be changed by this command. If an auto-generated filter rule is
modified by the chfilt command, it becomes a manual filter rule. IPsec filter rules for this
command are configured using the genfilt command.
Flags
-a action
The following action values are allowed:
• D (deny) blocks traffic.
• P (permit) allows traffic.
• I (if) makes this an IF filter rule.
• L (else) makes this an ELSE filter rule.
• E (endif) makes this an ENDIF filter rule.
• H (shunHost) makes this a SHUN HOST filter rule.
• S (shunPort) makes this a SHUN PORT filter rule.
All IF rules must be closed with an associated ENDIF rule. These conditional rules can be
nested, but correct nesting and scope must be adhered to or the rules will not load
correctly with the actfilt command.
-D description
A short text description for the filter rule, specified as a quoted character string. This is an
optional flag for user-defined filter rules. Descriptions are truncated at 80 characters.
-d a_addr
Specifies the destination address. It can be an IP address or a host name. If a host name is
specified, the first IP address returned by the name server for that host will be used. This
value, along with the destination subnet mask, will be compared against the destination
address of the IP packets.
-e expiration_time
Specifies the expiration time. The expiration time is the amount of time the rule should
remain active in seconds. The expiration_time does not remove the filter rule from the
database. The expiration_time relates to the amount of time the filter rule is active while
processing network traffic. If no expiration_time is specified, then the life time of the filter
rule is infinite. If the expiration_time is specified in conjunction with a SHUN PORT (-a S)
or SHUN HOST (-a H) filter rule, then this is the amount of time the remote port or
remote host is denied or shunned when the filter rule parameters are met. If the
expiration_time is specified independent of a shun rule, then this value is the amount of
time the filter rule will remain active after the filter rules are loaded into the kernel and
start processing network traffic. The valid values for expiration_time are 0 – 2592000
seconds, where 0 represents no expiration.
-f Y|N|O|H
Specifies the fragmentation control. This flag specifies that this rule will apply to either all
packets (Y), fragment headers and unfragmented packets only (H), fragments and
fragment headers only (O), or unfragmented packets only (N).
-i interface
Specifies the name of IP interfaces to which the filter rule applies. The examples of the
interface name are: all, tr0, and en0.
-m s_mask
Specifies the source subnet mask. This mask will be applied to the source address (-s flag)
when compared with the source address of the IP packet.
-M d_mask
Specifies the destination subnet mask. This mask will be applied to the destination
address (-d flag) when compared with the destination address of the IP packet.
-n fid
Specifies the ID of the filter rule to change. It must exist in the filter rule table and it
cannot be 0. (Rule 0 is the default filter rule and cannot be changed with chfilt command).
-o s_opr
Specifies the source port or ICMP type operation. This is the operation that will be used
in the comparison between the source port or ICMP type of the packet and the source
port or ICMP type (-p flag) specified in this filter rule. The valid values are: lt (less than),
le (less than or equal), gt (greater than), ge (greater than or equal), eq (equal), neq (not
equal), and any. The -o option must be specified when the -p option is used.
-p s_port
Specifies the source port or ICMP type. This is the value or ICMP type that will be
compared to the source port or ICMP type of the IP packet.
-P d_port
Specifies the destination port or ICMP code. This is the value or ICMP code that will be
compared to the destination port or ICMP code of the IP packet.
-s s_addr
Specifies the source address. It can be an IP address or a host name. If a host name is
specified, the first IP address returned by the name server for that host will be used. This
value, along with the source subnet mask, will be compared against the source address of
the IP packets.
-t tid
Specifies the ID of the tunnel related to this filter rule. All the packets that match this filter
rule must go through the specified tunnel. A value of 0 indicates that no tunnels are
associated with this filter.
-w direction
Specifies whether the rule applies to incoming packets (I), outgoing packets (O), or both
(B). It is not valid to use O (outgoing packets) with the -x or -X pattern options. It is valid
to specify the (B) both directions with the pattern options, but only the incoming packets
are checked against the patterns.
-x quoted_pattern
Specifies a pattern to compare against network traffic. The pattern can be specified as a
quoted ASCII character string or a hexadecimal pattern preceded by 0x. The pattern is a
minimum of 4 and a maximum of 2048 ASCII characters or hexadecimal bytes.
Hexadecimal patterns must be specified as full bytes (2 hexadecimal characters per byte).
For long patterns, use the -X option with a pattern file because of command line size
limitations.
-X pattern_filename
Specifies the pattern file name. If more than one pattern is associated with this filter rule,
then a pattern file name must be used. The pattern file must be in the format of one
pattern per line. A pattern is an unquoted character string, interpreted as an ASCII string
unless preceded by 0x, in which case it is interpreted as a hexadecimal pattern. The
pattern is a minimum of 4 and a maximum of 2048 ASCII characters or hexadecimal
bytes. Hexadecimal patterns must be specified as full bytes (2 hexadecimal characters per
byte). This file is read when the filter rules are activated.
Purpose
Moves a filter rule.
Description
Use the mvfilt command to change the position of a filter rule in the filter rule table. IPsec filter
rules for this command are configured using the genfilt command.
Flags
-p p_fid
Filter rule ID. It specifies the previous position of the rule in the filter rule table. The
values of 0 and the last filter position in the filter table are not valid since the default filter
rule is unmovable and becomes the last filter rule when activated.
-n n_fid
Filter rule ID. It specifies the new position of the rule in the filter rule table after the move.
The values of 0 and the last filter position in the filter table are not valid since the default
filter rule is unmovable and becomes the last filter rule when activated.
Purpose
Removes a filter rule from the filter rule table.
Syntax
rmfilt -n fid | all [-f] [-q]
Description
Use the rmfilt command to remove filter rules from the filter rule table. Actions by this
command will not affect the active driver filter list until the actfilt command is executed. IPsec
filter rules for this command are configured using the genfilt command. Only manual filter rules
can be removed.
Flags
-n fid | all
The ID of the filter rule to remove from the filter rule table. The value of 0 is not valid for
this flag since it is the default filter rule. If all is specified, all the user-defined filter rules
will be removed.
-f
Force to remove auto-generated filter rules. The -f flag works with -n all to remove all the
filter rules (user-defined and auto-generated filter rules) except rule number 0.
-q
The -q flag indicates “quiet mode” and suppresses the per-filter informational messages.
Syntax
lsfilt [-n fid_list] [-a]
Description
Use the lsfilt command to list filter rules and their status. lsfilt displays filters from the filter
configuration database (without -a) or from the active driver filter list (with -a). The default filter
rule is always displayed last when listing filter rules since it is always the last rule applied to
filter network traffic. The default filter rule ID is 0 in the filter configuration database and, when
activated, it becomes the last or highest filter ID in the filter table.
Note: Filter description fields are not listed in the active driver filter list. No filter description
text will be displayed when active rules are listed.
Flags
-a
List only the active filter rules. The active filter rules are rules that are currently in use by
the filter driver. If -a is omitted, all the filter rules in the filter rule table will be listed.
-n fid_list
Specifies the IDs of filter rules to be displayed. The fid_list is a single filter ID or a list of
filter IDs separated by a space, a comma (,) or a dash (-), where “-” represents a range.
Filter ID 0 (the default rule) cannot be specified in a range, but can be listed separately.
For example, lsfilt -n 1-3,0 will list filter rules 1,2,3, and 0. The -n option is not valid for
active filter rules. This flag cannot be used with the -a flag.
Purpose
Creates a tunnel definition in the tunnel database.
Syntax
gentun -s src_host_IP_address -d dst_host_IP_address [-m tunnel |transport] [-e [src_esp_algo]] [-a
[src_ah_algo]] [-b src_esp_auth_algo] [-p src_policy] [-E dst_esp_algo] [-A [dst_ah_algo]] [-B
dst_esp_auth_algo] [-P dst_policy] [-k src_esp_key] [-h src_ah_key] [-c src_esp_auth_key] [-K
dst_esp_key] [-H dst_ah_key] [-C dst_esp_auth_key] [-n src_esp_spi] [-u src_ah_spi] [-N dst_esp_spi] [-
U dst_ah_spi] [ -l lifetime] [-y Y|N] [-f fw_address [-x dst_mask]] [-g]
Description
The gentun command creates a definition of a tunnel between a local host and a tunnel partner
host. The associated auto-generated filter rules for the tunnel can be optionally generated by this
command.
-A dst_ah_algo
Destination AH Authentication Algorithm, used by destination for IP packet
authentication. If this flag is not used, the value used by the -a flag is used.
-b src_esp_auth_algo
Source ESP Authentication Algorithm.
-B dst_esp_auth_algo
Destination ESP Authentication Algorithm. If this flag is not used, it is set to the same
value as the -b flag.
-c src_esp_auth_key
Source ESP Authentication Key. It must be a hexadecimal string started with 0x. If this
flag is not used, the system will generate one for you.
-C dst_esp_auth_key
Destination ESP Authentication Key. It must be a hexadecimal string started with 0x. If
this flag is not used, it is set to the same value as the -c flag.
Purpose
Lists status of IP Security devices and statistics for IP Security packets.
Syntax
ipsecstat [-c ] [-d ]
Description
The ipsecstat command, used without flags, displays the status of the IP Security drivers and the
statistics of IP Security packets. The command can be used with flags to only list the status of IP
Security drivers or to reset statistics counters to zero.
Flags
-c
Resets statistics counters (after displaying current value). The -c flag cannot be used with
the -d flag.
-d
Lists only the status of the IP Security drivers. The -d flag cannot be used with the -c flag.
IPSec Statistics -
Total incoming packets: 454
Incoming AH packets: 100
Incoming ESP packets: 100
Total outgoing packets: 116
Outgoing AH packets: 100
Outgoing ESP packets: 100
Total incoming packets dropped: 0
Filter denies on input: 0
AH did not compute: 0
ESP did not compute: 0
AH replay violation: 0
ESP replay violation: 0
IPsec tunnel/policy mismatch: 0
Total outgoing packets dropped: 0
Filter denies on output: 0
Tunnel cache entries added: 2
Tunnel cache entries expired: 0
Tunnel cache entries deleted: 0
Introduction to SSH
SSH is a standards-based application and an associated set of networking protocols that
provides secure, encrypted communications over an untrusted network (for example, the
Internet) between servers and clients.
The SSH implementation in TCx Sky is a set of Linux programs that use the OpenSSH source
code base as well as a set of launcher (proxy) programs that allow access to the SSH programs
from a 4690 command shell. This chapter will explain how to use OpenSSH with TCx Sky as well
as any TCx Sky unique behaviors. Information on SSH concepts, how to use OpenSSH programs,
and the meaning of various configuration options and flags can be found on the internet or in
books on OpenSSH. Reference http://www.openssh.com for information about OpenSSH
programs and configuration.
The version of OpenSSH initially shipped with TCx Sky Version 1 Release 1 is version 7.5,
however this will be updated as needed in future releases to ensure the security and stability of
secure sessions. This chapter will discuss any migration issues and may be able to aid in
migration when this happens. For example, support for the UsePrivilegeSeparation server
configuration keyword has been deprecated in version 7.5 release of OpenSSH and will cause the
server to fail to start if it is specified.
Note: The minimum key size for SSH RSA keys is 768 bits. In the future, OpenSSH will increase
this to 1024 bits. RSA keys are created with a default key size of 2048, however the version of
SSH initially shipped with 4690 Version 6 (version 3.8) had a 1024 bit default size. It is suggested
that you evaluate any existing key files and ensure the key size is adequate. The automatically
created host key files are generated using OpenSSH's default key sizes for each key type (or in
the case of DSA, the only allowed size).
Enabling SSH
The OpenSSH programs are part of the Linux subsystem on 4690 and as a result are always
present. However in order to run the SSH server or provide 4690 access to programs such as the
SSH client or Secure FTP, the “SSH” (ADXXTSSH.DAT) must be installed. This extension is
configurable for controllers only.
The 4690 programs that are part of SSH (sshdctl.386, vx_sshcl.386, vx_sshfl.386, and vx_sshcp.
386) are not installed on 4690 until the extension is enabled in configuration and 4690 is
restarted. Like other extension based programs (i.e. mbrowser) the program files are placed in
f:/adx_spgm.
SSH sessions
The default shell for users logging into 4690 is a program (sshsession) that creates a login session
for 4690 users (displaying the 4690 login screen). As with legacy SSH in prior versions of 4690,
one or more auxiliary consoles must be configured for this to work. The number of simultaneous
remote sessions is equal to the number of auxiliary consoles configured (which is at most 8). This
limit does not apply if a different command is provided by the client or forced in the
configuration file.
If an SSH client provides a command to run instead of using the default shell, this command is
always run using the default shell of the Linux user that logs in (vxuser). The default shell for
vxuser is /bin/sh which corresponds to the bash shell. This is different behavior than legacy SSH,
which expected the name of a 4690 program or batch file. If you wish to run a 4690 program
using this mechanism, you have a several different ways of doing it:
• Run the program directly by providing bash with the Linux name of the program. For
example, /mnt/c/adx_spgm/adxzudir.286.
• If you need to use 4690 command shell commands or operations such as redirection, it would
be simplest to write a BAT file and put the operations in there. However, if you wish to send
this using an SSH command you must send the command in such a way that neither the
client shell nor server shell (bash) attempt to do the redirection early. For example, if you
wish to run the 4690 command dir and save this to the file c:/dir.out on 4690, the
following will work from a Windows machine:
ssh user@host /mnt/c/adx_spgm/command.286 -c "'dir -s c:/ > c:/dir.out'"
If you wish to run a bash shell or any other Linux program that requires a terminal, you will
need to tell the program to create a one. With the OpenSSH command ssh, this is done by using
the -t flag.
sshdctl [command]
If no command is given, sshdctl will provide a brief summary of server status as well as
identify common problems like a missing server configuration file. Other available commands
are:
status -
Provides more detailed server status information that will be more useful to someone
used to managing Linux systemd services.
log -
Display the SSHD server log
reload -
Reload the server configuration file and restart SSHD. This does not end any existing
ssions.
help -
Display a summary of available commands
If the server didn’t start, it is probably due to an error in the configuration file or some external
reason (port in use, etc). The first step is to examine the configuration file to see if the 4690
processing reported any problems. Any messages added by 4690 will be in comments starting
with adxsshd. The 4690 accessible file adxvxlog:sshd_config is a link to the server
configuration file. You may use XE to edit the file (but not make changes since adxvxlog: is read-
only).
If the configuration file looks OK or if the server is running but not operating as expected, run
sshdctl log to examine the log entries generated by the sshd server. This should reveal
information about the cause of the problem. Increasing the level of information logged by
changing the LogLevel configuration property may also help, but be aware of the warnings in
the SSHD documentation (specifically that using the DEBUG levels may cause privacy/security
issues).
After changing the SSH server configuration file (or any files referenced by it such as key files),
the SSH server needs to be restarted to use the changed information. This may be done by warm
rebooting 4690 or by running sshdctl restart. Existing SSH client sessions are not ended
when the SSH server is restarted. If the server is indirectly restarted by warm booting 4690, any
existing sessions that are accessing 4690 resources such as sftp/scp sessions or 4690 console
sessions will lose access to those 4690 resources.
get c:/tmp/file.dat
put local.dat get adx_idt1:remote.dat
The client will display messages indicating that the following are the remote file names:
/cdrive/f_drive/c:/tmp/file.dat
/cdrive/f_drive/adx_idt1:remote.dat
In order to identify the 4690 path within a file name, the sftp server code on 4690 searched for a
colon. The start of the 4690 path is the first character after the immediately preceding slash. In
the above example, this will be:
c:/tmp/file.dat
adx_idt1:remote.dat
In order to transfer a file name containing a colon (i.e. a file that is on the F: drive and would
normally not be accessible by 4690 programs), add a colon to the path immediately following
any slash or at the beginning of a relative path. The single colon will be removed and the rest of
the path passed to Linux. For example to retrieve the file /tmp/hello:world, then either
change to that directory and run get :hello:world or use get /:tmp/hello:world or
get “/tmp/:hello:world”). In 4690 Version 6, a separate sftp server was shipped with 4690
(ADXSSHPL.386). This program was used internally by the legacy SSH server. There is no
replacement for this program in TCx Sky because it is not needed.
[[userid@]host:]path
Because of this, 4690 path names would not normally be able to be used without also using a
host name. For the convenience of 4690 users, scp has been modified so that, if the file name
starts with a colon (that is, the host name is empty), it's assumed the file is a local file and the rest
of the file is used as-is. (This is unlike other OpenSSH implementations that would also treat the
file name as a local file name and would consider the colon part of the name). For example, if
you want to copy the file adx_stld:adxtm001.log to f:/logs on a remote 4690 machine
you could use the command:
scp :adx_stld:adxtm001.log remotehost:f:/logs/
In some cases you may be able to double the colon when the source filename is a remote file.
This is because internally scp invokes a copy of itself on the remote machine. For example, to
copy the file adx_stld:adxtm001.log from a host named “cc” to the same location as above,
you would use the command:
scp cc::adx_stld:adxtm007.log remotehost:f:/logs/
In this case, the first colon is used to separate the host name from the file name. The second colon
is used to indicate that the file name adx_stld:adxtm001.log set to the host cc is a local file
and that adx_stld is not the host name. Doubling the colon would also be required if a file
name with a drive letter was used:
scp cc::c:/adx_stld/adxtm042.log remotehost:f:/logs/
user: 1 2 3
wr: c:/users c:/adx_sdt1
rd: c:/users c:/adx_sdt1 c:/adx_spgm
rd: f:/data/input
wr: f:/data/output
The “user” keyword should be followed by a list of one or more user ids separated by spaces.
The user keyword should be followed by one or more lines defining the permissions for that
user. All permissions following user keywords are applied to the user(s) listed until the next user
keyword is read (or the end of the file). If there are no permission keywords following the entry
for a user or if a user is not listed in the file, then that user is considered to have no access at all
and will not be able to access 4690 using sftp. If a user is listed after more than one user keyword
in the file, only the first set of permissions are used.
The following keywords are used to indicate permissions for a user. The permissions keyword
should be followed by one or more directory names separated by spaces. If a user is allowed (or
denied) access to a directory, then that permission is recursive; it applies to all files in that
directory as well as subdirectories. The paths are considered hybrid 4690 paths; non-absolute
paths are resolved relative to the root directory of the C: drive.
• rd – Read permissions. The user is allowed to read (get) files from the directories listed after
this keyword. Read permission is also required to use the ls command to list files in a
directory and is also required for the source directory of a file being renamed.
• wr – Write permission. The user is allowed to write (put) files into the directories listed after
this keyword. Write permission is required for the target directory of a renamed file.
• rd^ / wr^ - These permissions are the inverse of the read and write permissions above. A
user is denied read or write access to any directories after one of these keywords. Deny access
is only checked if a user otherwise has read access to a file. This allows privileged users be
granted access to an entire drive (e.g. C:/) but to exclude specific directories on that drive (e.g.
C:/private).
The directory names above are hybrid paths as discussed above. Non-absolute paths are
resolved relative to the root of the C drive (c:/). Both read and write permission are required to
delete a file.
When using SFTP to transfer files to other systems, the initial current directory on the remote
system is typically the user's home directory. However SFTP in TCx Sky code mirrors the
behavior of the legacy SFTP code. Specifically the initial remote directory is set to the first
directory to which the user has write access (as listed by the wr keyword). If a user doesn't have
write access to any directories, then the initial remote directory is set to the first directory to
which the user has read access (as listed by the rd keyword). If a user has neither read nor write
permissions specified, then they will not be able to use sftp or scp to access files.
Note that any process launched by SSH runs as the Linux user “vxuser” (and group “vx4690”).
Access to Linux files and directories is limited to those that to which vxuser has access. In
addition, 4690 file access permissions may also prevent other files from being accessed (for
example files opened in exclusive mode or image versions of distributed files). For security
reasons, all users are prevented from changing, deleting or renaming
ADX_SDT1:VX_SSHXH.DAT using sftp.
When converting the legacy SFTP permission file for use with TCx Sky, it is important to be
aware of the following differences between the two files:
Lines can be up to 4096 bytes long (including the carriage return and line feed) with SSH (vs 80
bytes for legacy). Any bytes after 4096 are ignored.
More than one user id may follow the user keyword. 4690 SFTP silently ignores additional ids.
The paths are hybrid 4690 paths. This will primarily affect paths starting with a slash or
backslash. In legacy SSH these would have been files on the C: drive; in TCx Sky these are
relative to the root directory of the Linux file system.
Path names (for both the file being accessed and in the permissions file) are fully resolved before
allowing access. Thus, adding both f:/ and /mnt/f to allow access to files on the F: drive is not
required, either one alone will work.
This chapter introduces the Remote Command Processor (RCP) and explains its usage.
Introduction to RCP
The Remote Command Processor (RCP) is a 4690 application that enables you to perform the
following functions:
• Run the 4690 system applications on a remote 4690 system
• Initiate applications on the store controller
• Run any user application on a remote 4690 system
• Initiate an application on any node if using the Multiple Controller Feature
For example, if a local store is experiencing system problems, the remote site needs a system log
report from the store to analyze the problem. The RCP application is used to format the report.
When the report is formatted, it can be retrieved from the remote site for printing and analysis.
The exchange of information between the remote site and RCP happens as follows:
1. The remote site creates and transmits a SELECTION file and COMMAND file (or files) to
the remote store controller.
2. The remote site sends the command to start RCP on the remote store controller.
3. RCP reads the SELECTION file to find the name of the appropriate COMMAND file.
4. RCP finds and reads the COMMAND file and begins formatting the system log.
5. The remote site retrieves the formatted report.
To use RCP, you must first create two files: an RCP SELECTION file and an RCP COMMAND
file. The files may be transferred to a store controller at a remote site. RCP creates or appends to
a third file, the RCP STATUS file, when RCP executes.
Although RCP is a background application, it is not automatically started when the system IPLs.
You must start the application each time you want to use it. See “Starting RCP” on page 125 for
more information about starting RCP.
File name
RCP assumes the file resides in ADX_IDT1 and has an extension of DAT.
ADX_IDT1:filename.DAT
In a LAN environment, the distribution attributes of the RCP SELECTION file must be
Compound, Distribute On Close. The SELECTION file can contain one or more COMMAND file
names, but each file name must be on a separate line. In addition, each line must be ended by
ASCII CR/LF characters.
Because you can have several RCP COMMAND files, you must edit the RCP SELECTION file
each time you use it to ensure that the file contains the appropriate COMMAND file name. For
example, if you want to use ASM and that RCP COMMAND file is named ASM.DAT, you
would edit the RCP SELECTION file to ensure that it contained the file name ASM.DAT.
After building the RCP SELECTION file, transfer the file to the remote store controller. When
you are ready to initiate an RCP function, start RCP as described in “Starting RCP” on page 125.
Note: Certain commands cause the store controller to IPL. If the COMMAND file includes these
commands, the commands following them are not executed when RCP processes the
COMMAND file.
The following example starts the module-level report formatter on all controllers in a LAN. A
single output file named ADX_SDT1:ADXCSSDF.DAT exists on the master controller. This file
contains all the reports from each store controller.
**::ADXCSS0L N 3 S
For this example, whenever you run USERAPPL on a LAN system on any store controller other
than the master, RCP copies ADX_UDT1:UAOUT1.DAT and ADX_UDT4:UAOUT2.DAT to the
master store controller into the same subdirectories from where the files came. Whenever you
run UAPPL2, RCP copies ADX_IDT1:SALESRPT.DAT to the master store controller into the
ADX_IDT1 subdirectory.
When the user output file exists, it must be a Compound file, which means it exists on every
store controller in a LAN environment. The user output name file is not used in a non-LAN
environment.
tt:tt:tt Preparing to start a command. These messages are written when RCP is
tt:tt:tt Command execution is attempting to start a command on another
complete. node in a LAN environment. You can use
these messages as a debugging aid if other
expected messages are not written in the
STATUS file, especially when starting an
application. RCP writes the first message just
before it attempts to start a command. RCP
writes the second message when the it
recognizes the command is no longer running.
The return code from the previous command This message is written when RCP has
is xxxxxxxx. determined that the command started by RCP
is finished. RCP provides the return code in
hexadecimal.
The final return code is xxxxxxxx. This message written when RCP has started all
the commands requested in the COMMAND
files, and provides the lowest value return
code from all the commands in hexadecimal.
The STATUS file has at least two entries for each application that runs. The first entry contains
the following elements:
• Time the application was started
• Processing status of the application
• Application name and parameters
The second entry indicates the application completion status, which can be one of the following:
Success
Function completed without problems.
Failure
Function did not complete successfully.
Partial
Only a portion of the function was performed or none of the function was completed, and
the incorrect parameters are identified.
RCP Commands
This section explains RCP commands and their parameters. You can include these commands in
your RCP COMMAND file as needed. All mandatory parameters for a command are listed.
Optional parameters are enclosed in brackets.
Use the following command to start RCP from the host.
Format
ADXCSH0L i [x] [o]
Where:
i=
The STATUS file reset indicator:
Y=
Reset the RCP STATUS file before executing any command.
N=
Do not reset the RCP STATUS file.
x=
The IPL indicator:
IPL =
RCP started as a result of an IPL and special processing must be performed.
o=
The options associated with RCP:
-2 =
The alternate STATUS file ADX_SDT1:ADXCSHAF.DAT is to be used for messages
generated by RCP. You can start RCP from an application using the ADXSTART
support. A separate STATUS file from the remote RCP applications and the local
RCP applications is available on the remote command processor. When you use the
-2 parameter, RCP creates the file ADX_SDT1:ADXCSHAF.DAT when RCP starts.
It is recommended that you use the STATUS file reset parameter on the RCP command to reset
the STATUS file. Set the status reset indicator to N on commands that are in the COMMAND
file. By entering Y for the STATUS file reset parameter in the COMMAND file, you erase the first
Re-IPL Command
This command is used to re-IPL all terminals, re-IPL one or all store controllers, cold boot a store
controller, or dump and reload a store controller.
Format
ADXCS20L i n
Where:
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
n=
re-IPL request:
11 =
Re-IPL all terminals.
13 =
Reload store controller executing the RCP request.
14 =
Reload all store controllers on LAN system.
16 =
Cold boot store controller executing the RCP request.
17 =
Dump and cold boot store controller executing the RCP request.
Example
ADXCS20L Y 14
This command reloads all store controllers on the LAN if the command is executed at the master
store controller.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
n=
Remote STC Request on:
12 =
all terminals
15 =
specific terminal
t=
Terminal number - applicable only when using 15 (specific terminal).
Example
The following command requests that Remote STC be run in terminal 34.
ADXCS20L Y 15 34
The following command requests that Remote STC be run on all terminals.
ADXCS20L Y 12
Where:
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
1=
Terminal dump.
2=
Store controller dump.
Example
ADXCSL0L Y 2
This command resets the RCP STATUS file and requests that a store controller dump be
formatted in the report file named ADX_SDT1:ADXCSLRF.DAT.
Trace Commands
Trace commands are available for the collection of System Trace Data and Performance
Monitoring Data through RCP. Trace collection is available for the store controller hard disk
drive, Ethernet or device channel to aid in Problem Analysis. In addition, performance data may
be collected to understand utilization for key resources such as the hard disk drive, CPU or
device channel.. The COMMAND file contains the commands and parameters that initiate the
Start⁄Stop Trace. The format of the commands and parameters are described in the following
commands.
Note: System traces and performance traces are mutually exclusive.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
t=
Monitoring time for terminals in minutes (10 - 60). Monitoring time for controllers in
hours (0 - 24). t is a five-character starting time indicated as HH:MM, where:
:=
Colon (:) or period (.)
MM =
Time in minutes (0 - 59)
d=
Device identification:
1–999
Terminal number in decimal
*
Controller
Note: You can use the HH:MM format only with controller monitoring. The device identification
must be an asterisk (*). The maximum time you can set is 24:00, and the time must be in the five-
character format. For example, 1:30 a.m. must be entered as 01:30 or 01.30.
Example 1
ADXCSQ0L Y 1 10 *
This command resets the STATUS file and requests performance monitoring for the store
controller for 10 minutes.
Example 2
ADXCSQ0L Y 1 30 23
This command resets the STATUS file and requests performance monitoring for terminal
number 23 for 30 minutes.
Example 3
ADXCSQ0L Y 1 24:00 *
This command resets the STATUS file and requests performance monitoring for the store
controller for 24 hours.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
b
Available reports:
1=
All
2=
Disk
3=
CPU
5=
Device channel
o
Report style:
1=
Graph
2=
Raw utilizations
st
Five-character starting time in an HH:MM format. The default is to report all the data
collected.
HH =
Time in hours (9-24)
:=
Colon (:) or period (.)
MM =
Time in minutes (0-59)
et
Five-character ending time in an HH:MM format. This parameter is required if you select
a starting time.
Note: The first three parameters are required. et and st are only for reporting data that has
been collected for more than one hour.
Example 1
ADXCSP0L Y 1 2
This command resets the STATUS file and requests that the data for all devices for the entire
collection period be in a raw utilization format.
This command resets the STATUS file and requests that the data collected for the CPU from 2:30
a.m. until 2:30 p.m. be in a graphical output.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
p=
Trace type:
2=
Disk
w=
Wrap character:
Y=
Wrap when trace full.
N=
No wrap; stop tracing when trace is full.
Example
ADXCSQ0L Y 2 2 Y
This command resets the STATUS file and collects trace data for the hard disk drive, wrapping
when the trace is full.
i=
STATUS file reset indicator:
N=
Do not reset the RCP STATUS file.
d=
Device identification:
1–999
Terminal number in decimal
w=
Wrap character:
Y=
Wrap when trace full.
N=
No wrap; stop tracing when trace is full.
Example
ADXCSQ0L Y 2 4 15 N
This command resets the STATUS file and starts a trace for the device channel for terminal 15,
stopping the trace when the trace is full.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset STATUS file.
d=
Device identification for device control
1–999
Terminal number in decimal
w=
Wrap character:
N=
No wrap; stop tracing when trace is full.
Example
ADXCSQ0L N 2 * 777 Y
This command starts a trace for the device channel for terminal number 777 and wraps when the
trace is full. This example does not reset the STATUS file.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
f=
Change configuration option parameter:
1=
Any Service Access Point (SAP)
2=
Terminal Controller Communications (TCC)
Note: See the following section for tracing Terminal Controller Communications
(TCC).
4=
NetBIOS
5=
TCP/IP
7=
Specific SAP value
Note: See the following section for tracing a Service Access Point (SAP).
w=
Wrap character:
N=
Stop tracing when the trace is full.
ADXCSQ0L i 2 6 2 d w
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
d=
Device identification:
1–999
= Terminal Number in decimal
w=
Wrap character:
Y=
Wrap when trace is full.
N=
Stop tracing when the trace is full.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
s=
Service Access Point (2 hex digits):
EB =
TCC
F0 =
NetBIOS
AA =
TCP IP
xx =
any other specific SAP value.
w=
Wrap character:
Y=
Wrap when trace is full.
N=
Stop tracing when the trace is full.
Example
ADXCSQ0L Y 2 6 7 AA N
This example has a Service Access Point value of AA and the trace stops when it is full.
If starting the trace generates any messages, they can be viewed by checking the contents of the
STATUS file ADX_SDTI:ADXCSHSF.DAT.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
t=
Type of trace to be formatted:
1=
All
3=
Disk
5=
Device channel
7=
Ethernet
d: =
Optional. Disk ID when the type of trace to be formatted is a disk. If this parameter is not
specified, the output defaults to the C: disk drive.
f=
Type of output file to be created. If this parameter is not specified, the output defaults to
formatted output. The formatted output file contains only one report. This parameter is
optional.
F=
Formatted system trace report file (ADX_SDT1:ADXCSMTF.DAT), or Performance
monitor report file (ADX_SDT1:ADXCSPRF).
U=
Unformatted trace report file (ADX_SDT1:ADXCSMUF.DAT).
a=
Action to be performed on the trace file. If this parameter is not specified, the output file
contains only one report. This parameter is optional.
-A =
Append the output trace report file to the current trace output file.
Example
ADXCSM0L Y 3 D: F
This command resets the RCP STATUS file and requests the D: disk trace entries to be formatted
to the report file named ADX_SDT1:ADXCSMTF.DAT.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
f=
Format of file:
F=
Formatted system trace report file (ADX_SDT1:ADXCSMTF.DAT).
U=
Unformatted file (ADX_SDT1:ADXCSMUF.DAT).
o=
Current data status:
A=
Append
B=
Erase
Note: The command must have the p, f, o parameters or it is treated as a trace formatter
command attempt.
Command Explanation
Erases the unformatted output file and writes an empty header
record to the output file.
ADXCSM0L Y 8 U B
After the disk trace data is written to the unformatted output file, the header record is updated.
The header record in the unformatted output allows you to format the unformatted data file.
Typically, the host retrieves this file and transmits it to a master 4690 store controller. After
erasing existing trace data files, the file can be renamed to ADXCSOHF.DAT, and you can use
the screen interface to format the trace data collected in this file.
The unformatted file has no size restrictions. The traces are appended and can be processed later.
If more than one type of trace is in the unformatted file, you can process all or selected traces.
For example, you can process all disk trace entries in the order they were added to the file.
Example 2
Command Explanation
Erases the data in the formatted output file
ADX_SDT1:ADXCSMTF.DAT.
ADXCSM0L Y 8 F B
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
b=
The log you choose to be reported and the format type:
• Short formats:
1=
Store controller hardware errors
2=
Terminal hardware errors
3=
Terminal events
4=
Store controller events
5=
System events
6=
Application events
7=
Format all sections 1 through 6
• Long formats:
A=
Store controller hardware errors
C=
Terminal events
D=
Store controller events
E=
System events
F=
Application events
G=
Format all sections A through F
sd =
8-character starting date in the format mm⁄dd⁄yy
mm =
Month (01 - 12)
dd =
Day of the month (01 - 31)
yy =
Year (00 - 99):
86 to 99 =
1986 to 1999
00 to 85 =
2000 to 2085
st =
5-character starting time in the format HH:MM:
HH =
Hour (00 - 23)
MM =
Minute of the hour (00 - 59)
ed =
Ending date, in the format mm⁄dd⁄yy
et =
Ending time, in the format HH:MM
c=
Store controller ID:
*=
All store controller IDs. This value is valid if the section of the system log being
reported is store controller related.
If the section of the system log is terminal-related, this field is ignored.
t=
Terminal ID:
1 to 999 =
Terminal IDs in decimal
*=
All terminal ID. This value is valid if the section of the system log being reported is
terminal-related.
If the section of the system log is store controller-related, this field is ignored.
s=
Source number:
001-127 =
Source numbers
*=
All source numbers
See the TCx Sky Messages Guide for source numbers and their descriptions.
r=
Type of output to be acted on. If this parameter is not coded, the formatted output file
contains only this report. This is an optional parameter.
1=
Format report into new output file (ADX_SDT1:ADXCSNRF.DAT).
2=
Append formatted report to current output file.
3=
Put unformatted data into new output file (ADX_SDT1:ADXCSNUF.DAT).
4=
Append unformatted report to current output file.
Example
This command requests a system log report for store controller events from all sources. The
example requests the report to cover events beginning at 2:00 p.m. on 11⁄12⁄86 (November 12,
1986) and ending at 2:00 p.m. on 11⁄17⁄86 (November 17, 1986). The report is formatted into the
file named ADX_SDT1:ADXCSNRF.DAT.
i=
Status reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
r=
Output file to be affected:
F=
Formatted output file (ADX_SDT1:ADXCSNRF.DAT)
U=
Unformatted data output file (ADX_SDT1:ADXCSNUF.DAT)
z=
Action for the output file:
A=
Append data to output file (do not reset the output file)
B=
Reset the output file (erase existing data in file)
ADXCSN0L Y 8 F B
ADXCSN0L N 1 02⁄24⁄87 12:00 02⁄25⁄87 12:00 * * * 2
ADXCSN0L N 3 02⁄24⁄87 12:00 02⁄25⁄87 12:00 * * * 2
ADXCSN0L N 5 02⁄24⁄87 12:00 02⁄25⁄87 12:00 * * * 2
This example creates a formatter report file that contains only the data from the store controller
hardware log, terminal event log, and the system event log. The three reports in this example are
appended to the existing formatted report file.
Example 2
ADXCSN0L Y 8 U A
ADXCSN0L N 1 02⁄24⁄87 12:00 02⁄25⁄87 12:00 * * * 4
ADXCSN0L N 3 02⁄24⁄87 12:00 02⁄25⁄87 12:00 * * * 4
ADXCSN0L N 5 02⁄24⁄87 12:00 02⁄25⁄87 12:00 * * * 4
This example keeps the data previously contained in the unformatted output file. The last three
commands append the unformatted data from the store controller hardware log, the terminal
event log, and the system event log to the existing unformatted output file.
Example 3
When the file management command is not used, as in this example, the resulting formatted
report file contains the data previously in the file. These commands append the reports for the
store controller hardware log, terminal event log, and the system event log to the existing
formatted output file.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
x=
Change configuration option parameter:
4=
Activate configuration. All other values are invalid.
y=
Activation configuration option parameter:
2=
Controller configuration
3=
System configuration
Example
ADXCSC0L Y 4 2
This example command causes the store controller to attempt activation of the controller
configuration files.
Error checking exists to verify the number and the values of the parameters that were passed to
the controller. If this activation of the configuration causes any messages, they can be viewed by
checking the contents of the STATUS file ADX_SDT1:ADXCSHSF.DAT.
DD::ADXCSD0L N 3 1
Format
ADXCSD0L i n s [a]
Where:
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
n=
Type of configuration reported:
1=
All of configuration
4=
System configuration
2 or 5 =
Terminal configuration
s=
Configuration status:
1=
Active configuration
2=
Inactive configuration
a=
Action to perform on the output file. If this parameter is not coded, the configuration
report output file contains only this report.
-A =
Append report to current output file.
Example
ADXCSD0L Y 3 1
ADXCSD0L N 2 2 -A
This example creates a formatted report file that contains the data for the store controller and
terminal configurations. The command saves the report in the file named
ADX_SDT1:ADXCSDTF.
The report will be saved in the file named ADX_SDT1:ADXCSDTF.DAT.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
1=
Product Summary Report
2=
Complete report with module integrity (checksum)
3=
Complete report without module integrity (no checksum)
4=
Module-level APAR report
5=
APAR search
6=
Installed features report
A checksum is an operation performed on each module to ensure that the module has not
been changed since it was first placed on the 4690 store controller by ASM.
f=
Product being reported. The letter f is the fifth letter of the Product Control File name,
ADXCfTpD.DAT.
Note: If the f is missing, S is assumed to be the fifth letter.
p=
Product being reported. The letter p is the seventh letter of the Product Control File name,
ADXCfTpD.DAT.
Note: The combination of f and p are used to determine the product. ADXCSTSD.DAT
reports on the base operating system.
Some examples are:
G=
4690 Application Program Product (General Sales, Supermarket, or Chain Drug
Application)
P=
Price Management Feature for the General Sales Application
S=
Operating System
B=
4690 Optionals
You can include a maximum of 21 installed products. If you want to include products other than
those shown, you must create a Product Control File for each product.
Example 1
ADXCSS0L Y 3 S
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
t=
Length of time the alarm is sounded.
1 - 99
= Number of seconds in decimal.
*=
Sound continuously. If the coded value is not valid, the default of “*” is used.
c=
Store controller ID. Must be present in LAN system as valid ID or *. No default is
assumed.
s=
System message:
-Y =
Use the configured severity level for the system message display panel and the
message number to determine if the message is to be alarmed.
-N =
Use only the message number to determine if the message is to be alarmed. This
value is the default.
The default is used if the coded value is not valid.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
t=
Length of time the alarm is sounded.
1 - 99
= Number of seconds in decimal.
*=
Sound continuously. The asterisk (*) is the default.
The default is used if the coded value is not valid.
s=
System message:
-Y =
Use the configured severity level for the system message display panel and
the message number to determine if the message is to be alarmed.
-N =
Use only the message number to determine if the message is to be alarmed.
This value is the default.
The default is used if the coded value is not valid.
ADXCS10L Y 3 10 *
In this example, the activate command resets the STATUS file and causes a 10-second alarm for
all store controllers in the system for any messages in the alarm message files. The system
message severity level is ignored because the optional parameter is not present (defaults
selection to -N).
Example 2
ADXCS10L Y 3 * * -Y
In this example, the activate command resets the STATUS file and causes a continuous alarm for
all store controllers in the system for any messages meeting the system message severity level
because the optional parameter -Y indicates YES for message level selection.
Example 3
ADXCS10L Y 3 10 EE -Y
ADXCS10L Y 3 20 -N
In this example, the activate command resets the STATUS file, causes a 20-second alarm, and
sets the message level selection to NO. The system message severity level is ignored.
Example 2
ADXCS10L Y 3 * -Y
In this example, the activate command resets the STATUS file, causes a continuous alarm and
sets the message level selection -Y to YES. Only messages meeting the system message severity
level sound the alarm.
Example 3
ADXCS10L N 3 2
In this example, the activate command appends to the STATUS file and causes a 2-second alarm
for messages in the audible alarm file. The system message severity level is ignored (selection
defaulted to -N).
Example 4
ADXCS10L Y 3 *
In this example, the activate command resets the STATUS file and causes a continuous alarm for
all messages in the audible alarm message file. The default for message level (option not present)
selection is -N.
Example 5
ADXCS10L Y 3 10 DD -Y
This example illustrates an incorrect store controller ID. This command resets the STATUS file,
causes a 10-second alarm, and activates the audible alarm function in a LAN system store
controller with a valid ID of DD. For this example, a store controller DD does not exist, so the
command fails.
Deactivate Command
This command deactivates the audible alarm command.
Format
ADXCS10L i 4 [c]
Where:
i=
STATUS file reset indicator:
N=
Do not reset the RCP STATUS file.
c=
The store controller ID to deactivate:
CC - ZZ
= Store controller ID.
*=
All store controllers. This optional parameter is valid for multiple store controller
systems only.
Example
ADXCS10L Y 4 *
This command resets the RCP STATUS file and deactivates the audible alarm on all store
controllers.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
c=
Store controller ID whose audible alarm status is to be reported:
CC - ZZ
= Store controller ID.
*=
All store controllers. This optional parameter is valid for multiple store controller
systems only.
Example
ADXCS10L Y 2 *
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
a=
Action to be performed on the product:
1 or TST
= Test
2 or CNL
= Cancel
3 or ACC
= Accept
Note: For this parameter, you can use all numeric characters, all alphabetic characters, or
both. For example, you can use 1 to test and CNL to cancel in the same command.
f=
Product being activated. The f is the fifth letter of the Product Control File name. The
Product Control File for a product is found on the product’s master installation or
Corrective media under the format ADXCfTpD.DAT.
Note: If the f is missing, S is assumed to be the fifth letter. The S indicates that the report
module level assumes the maintenance is in ADX_SMNT (the system maintenance
subdirectory) unless otherwise specified.
p=
Product being activated. The p is the seventh letter of the Product Control File name. The
Product Control File for a product is found on the product’s master installation or
Corrective media under the format ADXCfTpD.DAT.
Note: The combination of f and p are used to determine the product. ADXCSTSD.DAT
reports on the base operating system.
Some examples are:
P=
Price Management Feature for the General Sales Application
S=
Operating System
B=
4690 Optionals
If you want to include products other than those shown above, you must create a Product
Control File for each one. You cannot perform two actions on the same product in the
same parameter list.
TL =
Terminal load indicator. You can cause all terminals to be reloaded upon completion of
ASM by including the terminal load indicator, TL, in the command. The TL can be in any
position after the STATUS file reset indicator.
BY =
Bypass LAN problems indicator. You can optionally bypass LAN problems detected by
ASM by including the bypass indicator, BY, in the command. BY can be in any position
after the STATUS file reset indicator.
NI =
No IPL indicator. You can optionally get ready for the activation of the maintenance by
including the no-IPL indicator, NI, in the command. Checksums are verified,
maintenance is distributed, and the activation file is built. All that remains to activate the
maintenance is a manual IPL of the controller.
Example 1
ADXCST0L Y 1S 2G TL
This command resets the RCP STATUS file, puts the product indicated by Product Control File
ADXCSTSD.DAT into TEST mode, cancels the maintenance for the product named by the
Product Control File, ADXCSTGD.DAT, and reloads all terminals.
Example 2
This command resets the RCP STATUS file, puts the product indicated by the Product Control
File, ADXCSTSD.DAT, into test mode, cancels the maintenance for the product named by the
Product Control File, ADXCSTGD.DAT, and reloads all terminals.
SkyCheck Command
If you are migrating from 4690 OS V6R4 or V6R5 there are a number of TCx Sky prerequisites
regarding supported machine types, configuration options and resource requirements. The
SkyCheck tool is provided on the migrate CD/DVD to check for the most common problems that
may occur during OS migration.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
n=
Request system function. A value of 11 specifies that all terminals will be loaded.
Example 1
ADXCS20L Y 11
This command resets the RCP STATUS file before the system function is started. The requested
system function is Load All Terminals.
On a system with the Multiple Controller Feature installed and running, terminals attached to
each store controller can be loaded. For example, the terminals are attached to store controller
CC and DD in a three-controller system. Controller EE is the store controller attached to the host
line. You would send a COMMAND file containing the following:
CC::ADXCS20L Y 11
DD::ADXCS20L N 11
This COMMAND file would cause RCP to start the Load All Terminals program on the store
controllers whose ID precedes the function name. The terminals attached to store controller CC
and DD are loaded.
Loading terminals in a LAN environment is needed to support all terminals. ADXCS20L support
only loads those terminals attached to the store controller where ADXCS20L is running.
Example 2
DD::ADXCS20L N 11
This COMMAND will cause RCP to start the Load All Terminals program on the store controller
whose ID precedes the function name. All of the terminals that are reachable via the LAN by the
DD controller will be reloaded. This example does not reset the RCP STATUS file.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset STATUS file.
Example
ADXCS20L Y 12
This command resets the RCP STATUS file before the system function is executed. The requested
system function is the Remote Set Terminal Characteristics.
Note: This command must be executed at the master store controller.
Y=
Reset the RCP STATUS file and write output there.
N=
Do not reset RCP STATUS file but write output there.
BACKGRND
Running in background (no output).
"blank"
Running in foreground (Command Mode) with output to the console.
command
One or more of the following separated by spaces:
+1
Increment the current time by one hour.
-1
Decrease the current time by one hour.
-B
Broadcast current time without altering.
-Q
No output (quiet mode).
-T HHMMSS
Change the current time to HHMMSS.
-D YYMMDD
Change the date to YYMMDD.
Note: This comment will run only on the master controller if on a multiple controller network.
Some commands are mutually exclusive (+1, -1, -B, -T) and only the last command is recognized.
You must set the time if you set the date (that is, -D requires the -T). The order of the commands
is not important. All of the commands implicitly broadcast their changes; you do not need to
manually broadcast the time after making a change. You should use +1/-1 wherever possible to
avoid inherent delays with setting the time directly. The system date and time can also be set
using the system functions menu option. See the TCx Sky User's Guide for details on using this
method.
Example
ADXCS80L Y +1
This command resets the RCP STATUS file and increments the current time by one hour. By
default, the output of this application includes the time before execution and the time after
execution if one of the parameters should cause the time to change.
i=
STATUS file reset indicator:
Y=
Reset the RCP STATUS file before the command executes.
N=
Do not reset the RCP STATUS file.
n=
Selects the options:
1=
File compression
2=
File decompression
f=
Type of files requested:
1=
Single file or wildcard (*) files
2=
File named in the source is a list file (see “List File Format for File
Compression⁄Decompression” on page 119 for details)
3=
Source is a subdirectory
4=
Source is a disk drive
s=
Source file specification:
d=
Destination file specification:
Valid ways of identifying the destination files are:
• When the source is a file name, the destination can be one of the following:
• Not specified
• Drive
• Drive and subdirectory
• Drive, subdirectory, file name, and optional file extension
• Subdirectory
• Subdirectory, file name, and file extension
• When the source is a list file name, you cannot specify a destination. Any destination
you specify is ignored. See “List File Format for File Compression⁄Decompression” on
page 119 for details.
• When the source is a subdirectory, the destination must be one of the following:
• Not specified
• Drive
• Drive and subdirectory
• Subdirectory
• When the source is a drive, the destination must be one of the following:
• Not specified
• Drive
• When the destination is not specified, the destination is the same as the source.
Note: You can specify a node name. If you do not specify a node, the local node ID is
assumed. Logical names are acceptable.
Note: System limitations prevent using more than 46 characters for parameters on programs
started using RCP. Therefore, if the parameters for a compression⁄decompression operation
exceed 46 characters, use one of the following methods to shorten the command line:
• Use logical names for source and destination file names.
• Use a list file containing the parameters (which can exceed 46 characters) and possibly
containing more than one request.
Example 1
f=
Indicates the type of files requested:
1=
Single file or wildcard files are requested.
3=
The source is a subdirectory.
4=
The source is a disk drive.
If 2 is specified, an error results and processing continues with the next entry in the list
file.
s=
The source file specification:
• For single files, you must specify the drive, subdirectory, file name, and optional file
extension. The file name and file extension can have wildcards. Logical names are
acceptable.
• For a subdirectory, you must specify the drive and subdirectory. Logical names are
acceptable.
• When using option 4 on the f parameter (the source is a disk drive), the s parameter
must contain a drive letter followed by a colon.
Note: A node name can be specified. If no node is specified, the local node ID
assumed.
d=
The destination file specification.
Valid ways of identifying the destination file are:
• When the source is a file name, the destination must be one of the following:
• Not specified
• Drive
• Drive and subdirectory
• Drive, subdirectory, file name, and optional file extension
• Subdirectory
• Subdirectory, file name, and optional file extension
• When the source is a subdirectory, the destination must be one of the following:
cr-lf =
Delimiters that indicate the end of an entry in the list file. These are the carriage return
and line feed characters in ASCII. Most editors place these characters in the file when you
press the Enter key.
The end of file (EOF) character is optional at the end of the list file.
c:\program.log
ADX_SPGM:*.LOG
ADX_IDT1:ADXCSHCF.*
ADX_IPGM:???TS10L.SYM
ADX_UPGM:*.SYM
f:/myProgram/Logs/* -s
i=
STATUS file reset indicator:
• Y = Reset the RCP STATUS file before the command executes.
• N = Do not reset the RCP STATUS file.
n=
Type of files selected:
1 - 63 = the sum f1+f2+f3+f4+f5+f6,
where each fn is selected from:
Not applicable
=0
Terminal Dump
=2
Controller Dump
=4
Performance Report
= 16
d=
Destination. This is an optional parameter:
e=
Compressed file size. This is an optional parameter:
• 1 = 1024 KB
• 2-9 = Maximum number of megabytes per each output file
• * = All outputs to one file
x=
Single keyword description for problem abstract. This is an optional parameter.
Example 1
ADXCSR0L Y 13 4 2 PMR56789
This example:
• Resets the RCP STATUS file
• Gathers the Controller Dump, System Log, and System Trace because 4 + 1 + 8 equals 13
• Compresses output files to the C: drive
• Each output file is no larger than 2048 KB in size
• Problem abstract file contains PMR56789 keyword
It is assumed that the System Log and System Trace were previously formatted using
ADXCSN0L and ADXCSM0L.
Example 2
ADXCSR0L N 16
This example:
• Does not reset the RCP STATUS file
• Gathers the Performance Report only
• Compresses output files to the default drive
• Each output file is no larger than the default size
• No keyword is placed in the problem abstract file
It is assumed that the Performance Report was previously formatted using ADXCSP0L.
Example 3
ADXCSR0L N 34 D: *
This example:
• Does not reset the RCP STATUS file
• Gathers the Module Level Report and Terminal Dump because 32 + 2 equals 34
• Writes output files to the D: drive
• Compresses all output to one large file
• No keyword is placed in the problem abstract file
It is assumed that the Module Level Report was previously formatted using ADXCSS0L.
i=
STATUS file reset indicator:
• Y = Reset the RCP STATUS file before the command executes.
• N = Do not reset the RCP STATUS file.
Example
ADXSSC0L Y
This command resets the RCP STATUS file and extracts the store-specific data from the active
files and writes the data to ADX_SPGM:ADXSSCDF.DAT.
i=
STATUS file reset indicator:
• Y = Reset the RCP STATUS file before the command executes.
• N = Do not reset the RCP STATUS file.
Example
ADXSSC1L Y
This command resets the RCP STATUS file and writes the extracted store-specific data to the
inactive files.
Example
C:/ADX_SDT1/4900786.150
Note that this file will be saved on the controller that is CONTROLLING the terminal in an MCF
environment. The log file with the results of the CMOS Save function is saved in C:/
ADX_SDT1/TMCMOSSA.<terminal ID>.
The Terminal CMOS Update function (adxtal4l.286 -U) applies the CMOS settings from file
C:/ADX_SDT1/<machinetypemodel>.<biosversion> on the controller to the target
terminals identified in the C:/ADX_IDT1/ADXTALTF.DAT configuration file. The log file with
the results of the CMOS Update function is saved in C:/ADX_SDT1/TMCMOSUP.<terminal
ID>.
After updating the CMOS settings on a terminal, a cold boot is required on the terminal for the
CMOS settings to take effect.
For debugging purpose, there is one additional log file. The program ADXTAL4L.286 creates
ADX_SDT1:ADXTAL4F.DAT on the controller that contains information about each execution of
ADXTAL4L.286.
Note: The file will grow indefinitely. The user may erase the file as needed to control its size.
The following table explains some of the messages that are logged.
Starting RCP
You can start RCP from an application program. If you are using a LAN system, RCP must be
run on the Master controller.
The command tail string containing the name of the application would be "APPLX". The double
quotes are not part of the string; they show the extent of the string. The command tail string
containing the parameters would be:
"PARM1 PARM2 PARM3 PARM4"
Note: The number of spaces between parameters remains exactly as they were entered on the
command line. However, if the user entered several blank characters after the last parameter,
these spaces would not appear in the parameter list string.
Input can come from Display Manager screens or from the basic I/O functions of the
programming language in addition to the command tail. Output can go anywhere that the
application wants to direct it. Both the keyboard and the video display are available to the
application.
Background Applications
RCP Applications
As with 4680 or 4690 applications, parameters are passed in the command tail when the
application is started in the background by RCP. For example, you can start an application
named APPLY from RCP using the COMMAND file containing the following line.
APPLY PARM1 PARM2 PARM3 PARM4
The command tail string containing the name of the application would be "APPLY". The double
quotes are not part of the string; they show the extent of the string. The command tail string
containing the parameters would be:
"BACKGRND PARM1 PARM2 PARM3 PARM4 "
The operating system inserts the BACKGRND parameter into the command tail. This parameter
is inserted at the beginning of the command tail parameter string to inform the application that it
was started in the background. This is important because background applications do not have
keyboards available for input and they do not have video screens available for output. However,
the background application does have a status line on the background status screen that you can
use to write messages.
Also, note that the number of spaces between parameters is reduced to one. RCP does this to
ensure the maximum number of characters are passed to the application because there is a 45-
The command tail string containing the name of the application would be "APPLY". The double
quotes are not part of the string; they show the extent of the string. The command tail string
containing the parameters would be:
"BACKGRND PARM1 PARM2 PARM3 "
The operating system inserts the BACKGRND parameter into the command tail. This parameter
is inserted at the beginning of the command tail parameter string to inform the application that it
was started in the background. This is important because background applications do not have
keyboards available for input and they do not have video screens available for output.
Note that the spaces between parameters are maintained. In this example, the PARM4 parameter
would not be passed to the application because it is beyond the 45-character limit for
background application parameter lists.
Background applications cannot have screens or keyboards associated with them. This reduces
the possibilities for input and output. Input can only come from places not requiring an
interactive user (for example, disk files). Output cannot be placed on any screen.
Foreground Applications
Applications started in the foreground are different from applications started using the other
methods. These are applications that are started by choosing an option on a 4690 screen. You
configure these applications on the secondary application screen.
No parameters can be configured for applications started in the foreground. However, that does
not mean there are no parameters for the application to consider. For example, if you start an
application named APPLZ from the secondary application screen, the command tail string
containing the name of the application would be “APPLZ”. The double quotes are not part of the
string; they show the extent of the string. The command tail string containing the parameters
would be:
"FOREGRND"
The FOREGRND parameter informs the application that it was started as a foreground
application and there is a video screen and keyboard associated with it. This is important
because foreground applications typically are interactive applications and communicate with
you using the video screen and keyboard.
Foreground applications have the most I/O flexibility. Input can come from any place and
output can go anywhere.
IPL Processing
When processing is needed during an IPL of the 4690 store controller, RCP can provide support
using a special SELECTION file named ADX_SDT1:ADXCSHDF.DAT. When RCP is started
during the IPL, it checks for the SELECTION file first. If the special SELECTION file exists, RCP
runs all commands listed in the COMMAND files. If any command in the SELECTION file
causes the store controller to IPL, when RCP is started again it runs the next command until all
commands have been executed.
To activate the unique IPL processing, you must configure RCP (ADXCSH0L) to be started in the
background on IPL of the store controller.
Note: You must code the IPL parameter before RCP knows that this is the special IPL type of
processing.
For a LAN, the master store controller is the only store controller that RCP is started on for the
IPL processing. RCP is not started on every node in a LAN environment during the IPL of the
store controller.
In this example, the goal is to execute a user-written program, USERPROG, followed by the
Apply Software Maintenance command, ADXCST0L. After maintenance has been applied, the
ADXCSS0L command generates a module level report.
The USERPROG generates ADXCSHDF.DAT before ending and contains PREIPL.DAT. The
PREIPL.DAT file contains the command:
MOVEDATA ADX_UDT1 ADX_UBUL
When the ADXCST0L program runs, the store controller IPLs. RCP is started after the
maintenance has been applied. The MOVEDATA program is executed first, followed by the
execution of ADXCSS0L. RCP finds the ADXCSHDF.DAT file created by the USERPROG
program.
If RCP was not running immediately before the 4690 store controller IPLed, RCP does not issue
the list of commands identified by the ADXCSHCF.DAT file. RCP issues these commands only
when RCP is running immediately before a store controller IPL.
Bytes 0 - 4
Record key
• For a store controller record:
bytes 0 - 1
Controller ID (ASCII, value range CC-ZZ)
bytes 2 - 4
ASCII, value 000
• For a terminal record:
bytes 0 - 1
ASCII, value 00
bytes 2 - 4
Terminal No. (ASCII, value range 001-999)
Bytes 5 - 11
Machine Type⁄Mod. No. (ASCII nnnnaaa)
• nnnn = 4 numeric digits
• aaa = 3 alphanumeric characters
Bytes 12 - 19
Serial No. (ASCII mm-sssss)
• For a store controller record, nn-nnnnn (ASCII, seven-digit Personal System/2 (PS⁄2)
serial no.)
• For a terminal record, mm-sssss (ASCII)
bytes 12 - 13
mm -- Plant of Manufacture
byte 14
Dash character (-)
bytes 15 - 19
sssss -- Sequence No.
Bytes 20 - 27
Planar Card EC No. (ASCII)
Bytes 28 - 34
Power Supply EC No. (ASCII)
This does not exist on a 4694 machine and appears as dashes (--)
Bytes 35 - 37
4683 Model 001 80286 ROS ID⁄EC No. pair (binary)
This appears as zeros on a 4694 machine
Bytes 38 - 97
30 8051 ID⁄EC Nos. (binary)
Bytes 98 - 99
Reserved
Bytes 0 - 2
Record key (ASCII, value range 001-999)
Byte 3
WoL Supported (byte, value range 0-1)
Bytes 4 - 9
MAC address (Byte Array[6])
Bytes 10 - 127
Reserved
The MAC address recorded in this file is the "burned-in" MAC address of the POS terminal
Ethernet port.
The byte labelled "WoL Supported" reports 0 if Wake on LAN is not supported by this terminal
and reports 1 if Wake on LAN is supported by this terminal.
At present, only Enhanced Mode terminals are recorded in this file. Additional entries or record
data may be added in the future.
The operating system Keyed File Utility can convert the keyed file to a flat file, if an alternate
format is required. If so, remember to refresh the flat file periodically because the data changes
as POS terminals are added or renumbered and hardware replacement procedures alter the
effective MAC address of a given terminal number.
Regarding reverse lookup, entries are added or refreshed periodically as terminals reboot;
entries are never removed. As a result, program processing must take into account that obsolete
records might exist if terminal numbers are abandoned over time and those obsolete records
The following paragraph does not apply to the United Kingdom or any other country where
such provisions are inconsistent with local law: TOSHIBA GLOBAL COMMERCE SOLUTIONS
PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR
PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain
transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are
periodically made to the information herein; these changes will be incorporated in new editions
of the publication. Toshiba Global Commerce Solutions may make improvements and/or
changes in the product(s) and/or program(s) described in this publication at any time without
notice.
Toshiba Global Commerce Solutions may use or distribute any of the information you supply in
any way it believes appropriate without incurring any obligation to you.
Any references in this information to non-Toshiba Global Commerce Solutions Web sites are
provided for convenience only and do not in any manner serve as an endorsement of those Web
sites. The materials at those Web sites are not part of the materials for this Toshiba Global
Commerce Solutions product and use of those Web sites is at your own risk.
Information concerning non-Toshiba Global Commerce Solutions products was obtained from
the suppliers of those products, their published announcements or other publicly available
sources. Toshiba Global Commerce Solutions has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related to non-Toshiba Global
Commerce Solutions products. Questions on the capabilities of non-Toshiba Global Commerce
Solutions products should be addressed to the suppliers of those products.
This information is for planning purposes only. The information herein is subject to change
before the products described become available.
Notices 139
empfohlene Kabel angeschlossen werden. Toshiba Global Commerce Solutions übernimmt keine
Verantwortung für die Einhaltung der Schutzanforderungen, wenn das Produkt ohne
Zustimmung der Toshiba Global Commerce Solutions verändert bzw. wenn
Erweiterungskomponenten von Fremdherstellern ohne Empfehlung der Toshiba Global
Commerce Solutions gesteckt/eingebaut werden.
EN 55032 Klasse A Geräte müssen mit folgendem Warnhinweis versehen werden: “Warnung:
Dieses ist eine Einrichtung der Klasse A. Diese Einrichtung kann im Wohnbereich Funk-
Störungen verursachen; in diesem Fall kann vom Betreiber verlangt werden, angemessene
Maβnahmen zu ergreifen und dafür aufzukommen.”
Deutschland: Einhaltung des Gesetzes über die elektromagnetische Verträglichkeit von
Geräten
Dieses Produkt entspricht dem “Gesetz über die elektromagnetische Verträglichkeit von Geräten
(EMVG)”. Dies ist die Umsetzung der EU-Richtlinie 2014/30/EU in der Bundesrepublik
Deutschland.
Zulassungsbescheinigung laut dem Deutschen Gesetz über die elektromagnetische
Verträglichkeit von Geräten (EMVG) (bzw. der EMC EG Richtlinie 2014/30/EU) für Geräte der
Klasse A
Dieses Gerät ist berechtigt, in Übereinstimmung mit dem Deutschen EMVG das EG-
Konformitätszeichen - CE - zu führen.
Verantwortlich für die Einhaltung der EMV Vorschriften ist der Hersteller:
Toshiba Global Commerce Solutions
3901 South Miami Blvd.
Durham, NC 27703
United States of America
Der verantwortliche Ansprechpartner des Herstellers in der EU ist:
Toshiba Global Commerce Solutions, Inc.
Brand Manager - Europe, Middle East & Africa
Z.1 Researchpark 160, 1731 Asse, Belgium
Tel: 33-6845-35093
e-mail: [email protected]
Generelle Informationen:
Das Gerät erfüllt die Schutzanforderungen nach EN 55024 und EN 55032 Klasse A.
Notices 141
Attention: This is a Class A product based on the standard of the Voluntary Control Council for
Interference (VCCI). If this equipment is used in a domestic environment, radio interference may
occur, in which case, the user may be required to take corrective actions.
This is electromagnetic wave compatibility equipment for business (Type A). Sellers and users
need to pay attention to it. This is for any areas other than home.
Notices 143
Note: This mark applies only to countries within the European Union (EU) and Norway.
Appliances are labeled in accordance with European Directive 2012/19/EU concerning waste
electrical and electronic equipment (WEEE). The Directive determines the framework for the
return and recycling of used appliances as applicable throughout the European Union. This label
is applied to various products to indicate that the product is not to be thrown away, but rather
reclaimed upon end of life per this Directive.
Remarque : Cette marque s’applique uniquement aux pays de l’Union Européenne et à la
Norvège. L’etiquette du système respecte la Directive européenne 2012/19/EU en matière de
Déchets des Equipements Electriques et Electroniques (DEEE), qui détermine les dispositions de
retour et de recyclage applicables aux systèmes utilisés à travers l’Union européenne.
Conformément à la directive, ladite étiquette précise que le produit sur lequel elle est apposée ne
doit pas être jeté mais être récupéré en fin de vie.
In accordance with the European WEEE Directive, electrical and electronic equipment (EEE) is to
be collected separately and to be reused, recycled, or recovered at end of life. Users of EEE with
the WEEE marking per Annex IV of the WEEE Directive, as shown above, must not dispose of
end of life EEE as unsorted municipal waste, but use the collection framework available to
customers for the return, recycling, and recovery of WEEE. Customer participation is important
to minimize any potential effects of EEE on the environment and human health due to the
potential presence of hazardous substances in EEE. For proper collection and treatment, contact
your local Toshiba Global Commerce Solutions representative.
Disposal of IT products should be in accordance with local ordinances and regulations.
Battery safety
FG:!"#$%&。()*+,,-./0"#1234"。
-.:6"#78198:;、6"#=>? 100°C (212°F) @A、BC1DE。 (C003)
For Taiwan:
Notice: This mark applies only to countries within the European Union (EU)
Batteries or packaging for batteries are labeled in accordance with European Directive
2013/56/EU concerning batteries and accumulators and waste batteries and accumulators. The
Directive determines the framework for the return and recycling of used batteries and
accumulators as applicable throughout the European Union. This label is applied to various
Notices 145
batteries to indicate that the battery is not to be thrown away, but rather reclaimed upon end of
life per this Directive.
Les batteries ou emballages pour batteries sont étiquetés conformément aux directives
européennes 2013/56/EU, norme relative aux batteries et accumulateurs en usage et aux batteries
et accumulateurs usés. Les directives déterminent la marche à suivre en vigueur dans l'Union
Européenne pour le retour et le recyclage des batteries et accumulateurs usés. Cette étiquette est
appliquée sur diverses batteries pour indiquer que la batterie ne doit pas être mise au rebut mais
plutôt récupérée en fin de cycle de vie selon cette norme.
In accordance with the European Directive 2013/56/EU, batteries and accumulators are labeled to
indicate that they are to be collected separately and recycled at end of life. The label on the
battery may also include a chemical symbol for the metal concerned in the battery (Pb for lead,
Hg for mercury and Cd for cadmium). Users of batteries and accumulators must not dispose of
batteries and accumulators as unsorted municipal waste, but use the collection framework
available to customers for the return, recycling and treatment of batteries and accumulators.
Customer participation is important to minimize any potential effects of batteries and
accumulators on the environment and human health due to the potential presence of hazardous
substances. For proper collection and treatment, contact your local Toshiba Global Commerce
Solutions representative.
This notice is provided in accordance with Royal Decree 106/2008 of Spain: The retail price of
batteries, accumulators and power cells includes the cost of the environmental management of
their waste.
For California:
Perchlorate material – special handling may apply
Refer to www.dtsc.ca.gov/hazardouswaste/perchlorate.
The foregoing notice is provided in accordance with California Code of Regulations Title 22,
Division 4.5, Chapter 33: Best Management Practices for Perchlorate Materials. This product/part
includes a lithium manganese dioxide battery which contains a perchlorate substance.
Notices 147
148 Communications Programming Reference
Index
BOOTP client with TCP/IP applications 29 commands (continued)
A BOOTP server with TCP/IP applications 30 start trace for RCP: all traces 93
start trace for RCP: device channel 92
actfilt command 60 start trace for RCP: loop, hard disk
activating
audible alarm for all store
C drive, host line 92
start⁄stop trace for RCP 89
controllers 110 stop performance command for
cable ferrite requirement 143
audible alarm for one store RCP 96
characteristics of terminal, setting 115
controller 110 stop trace for RCP 97
chfilt command 61
command for audible alarm function, system log formatter for RCP 100
Class A compliance statement
LAN system 108 system log formatter for RCP,
Australia and New Zealand 140
command for audible alarm function, example 103
China 141
non-LAN system 108 trace for RCP 89
European Union 139
remote audible alarm example using trace formatter for RCP 97
FCC (USA) 138
RCP 110 communications
Germany 139
ADXCS20L 87, 114 introduction to 15
Industry Canada 138
ADXCS30L 116 management 133
Japan 141
ADXCSH0L 86 Communications and Systems
Russia 141
ADXCSM0L 98, 122 Management
command file for RCP 82
ADXCSN0L 100, 122 MAC address data file 134
command to load all terminals 114
ADXCSP0L 90, 122 vital product data file 133
commands
ADXCSQ0L 92 compressing files
activate audible alarm for LAN
ADXCSR0L 121 file compression⁄decompression,
system 108
ADXCSS0L 106, 122 RCP 116
activate audible alarm for LAN system,
adxipsaf.386 60 list file format for file
examples 109
adxipscf.386 61 compression⁄decompression, RCP 119
activate audible alarm for non-LAN
adxipsgf.386 57 on hard disk drive, RCP 116
system 108
adxipsgt.386 65 on media, RCP 116
activate audible alarm for non-LAN
adxipslf.386 64 remotely, RCP 117
system, examples 110
adxipsmf.386 63 configuration
ADCS START USER PROGRAM for
adxipsrf.386 64 set date and time 115
starting RCP 125
adxipsst.386 66 set terminal characteristics 115
apply software maintenance 112
apply software maintenance command 112 configuration activation command,
audible alarm 108
applying software maintenance from a host RCP 104
BIND request for starting RCP 125
site 115 configuration data formatter command,
configuration activation for RCP 104
audible alarm RCP 105
configuration data formatter for
activate a store controller 110 configuration, PXE 32
RCP 105
activate all store controllers 110 configuring DHCP server 35
deactivate audible alarm 110
activate command for LAN system 108 configuring TCP/IP for 4690 OS
dump formatter 88
activate command for non-LAN controllers 19
dump formatter, remote (RCP) 88
system 108 configuring, DHCP server 32
ethernet trace 94
commands 108
file compression⁄decompression,
deactivate a store controller 110
RCP 116
deactivate all store controllers 110
deactivate command 110
file management command for trace for D
RCP 98, 99
examples for LAN system 109
file management for system log for damage from electrostatic discharge 143
examples for non-LAN system 110
RCP 103 deactivate
report audible alarm status
format performance data 90 audible alarm for one or all store
command 111
INITIATE FUNCTION for starting controllers 110
report audible alarm status for a store
RCP 125 command for audible alarm
controller 111
list file format for file function 110
report audible alarm status for all store
compression⁄decompression, RCP 119 remote audible alarm using RCP
controllers 111
load all terminals 114 command file 111
setting alarm duration 110
processing multiples for RCP 130 decompressing files
using Remote Command Processor
re-IPL command for RCP 87 file compression⁄decompression,
(RCP) 110, 111
Remote Command Processor 86 RCP 116
audible alarm commands 108
remote STC 87 list file format for file
report audible alarm status 111 compression⁄decompression, RCP 119
report module level for RCP 106 remotely, RCP 117
B run remote STC in one terminal, remote DHCP configuration file 33
(RCP) 87 DHCP configuration options 34
battery return program 145 start performance for RCP 89 DHCP server
Index 151
Telecommunications regulatory
statement 138
Telnet client with TCP/IP applications 29
terminal characteristics, setting 115
terminal, remote dump 88
terminal, remote STC 87
time and date, setting 115
trace commands for RCP 89
trace formatter (remote)
example for RCP 98
file management command 98, 99
remote trace formatting 98, 99
trace formatter command for RCP 97
trademarks 147
troubleshooting DHCP server 38
U
user created output files for RCP 83
using host names, TCP/IP
configuring TCP keepalive timer
value 23
defining search order 22
hosts file 22
resolv file 22
using other TCP/IP applications
BOOTP client 29
BOOTP server 30
Enhanced Telnet server 45
FTP client 24
FTP server 25
INETD superserver 24
LPR client 47
NFS client 29
NFS server 27
PCNFSD authentication server 48
rexec client 48
SNMP agent 42
Telnet client 29
Telnet server 44
using RCP command files on LAN
systems 82
using the Remote Command Processor 81
utility, DHCPINFO 36
V
vital product data file 133
vital product data record format 133