These release notes support V4.6.3 of the ptx®/TCP/IP software intended for use with NUMA and Symmetry® systems. Read this document before you install and run this release of the ptx/TCP/IP software.
The following software products are prerequisites for ptx/TCP/IP V4.6.3:
The following features are part of the TCP/IP V4.6.x releases.
The version of BIND that is included in this release of ptx/TCP/IP is V4.9.8. The updated version of BIND addresses vulnerabilities announced in CERT Advisory CA-2001-02, "Multiple Vulnerabilities in BIND."
To enable porting of various third party applications to DYNIX/ptx, ptx/TCP 4.6 libraries (with some exceptions) have been modified to conform to the POSIXTM threads standard.
ATTENTION The ABI sockets library (libsocket.so.1) is NOT thread-safe.
Binaries compiled on ptx/TCP V4.1.x or later should not specify -linet to link with libinet.so. libinet.so does not contain any useful function in these releases. libinet.so is provided so that binaries built on ptx/TCP V4.0.x and earlier may run on later versions.
The following libraries/modules are thread-safe:
Note that the following libraries are not part of ptx/TCP, but are thread-safe:
The following libraries/modules are not thread-safe:
The following APIs are thread-safe and have no changes to their interfaces:
herror()
getmyinaddr()
getpeerinaddr()
inet_addr()
inet_network()
inet_makeaddr()
inet_lnaof()
inet_netof()
link_addr()
The following functions have been made thread safe without any change in their use except that they might fail with h_errno set to ENOMEM. This can happen when the system is low on memory and the implementation is not able to allocate thread-specific data.
gethostbyname()
gethostbyaddr()
getnetbyaddr()
getnetbyname()
getprotobyname()
getprotobynumber()
getservbyport()
getservbyname()
The following APIs cannot be made thread-safe without changing the interfaces. Therefore, the existing functions are left unchanged, but a new set of functions is provided.
Function |
Thread-safe Alternative |
inet_ntoa() |
inet_ntoa_r() -- additional argument: 16 byte character buffer |
link_ntoa() |
link_ntoa_r() -- additional argument: 64 byte character buffer |
Interfaces with no change:
The following APIs are left unsafe. These calls should be made on a per-process basis. Typically, multiple threads in the same process do not make these calls simultaneously. If they need to do so, an appropriate synchronization mechanism needs to be followed.
syslog()
openlog()
closelog()
setlogmask()
gethostent()
sethostent()
endhostent()
getnetent()
setnetent()
endnetent()
getprotoent()
setprotoent()
endprotoent()
getservent()
setservent()
endservent()
res_query()
res_search()
res_mkquery()
res_send()
res_init()
dn_comp()
dn_expand()
rcmd()
rresvport()
t_rcmd()
t_rrcmd()
t_rresvport()
t_cresvport()
ruserok()
rexec()
struct __res_state _res
The resolver routines use this global structure to maintain the global configuration and state information of the resolver.
This data object is left UNSAFE and cannot be used in multiple threads simultaneously. However, the calls to resolver by getXXXbyYYY() routines are thread-safe, because they have been serialized, using a mutex lock.
The NUMA quad-based architecture imposes a high cost on cross-quad traffic. To achieve higher speeds, listener processes in a system can be run on the same quad as the interface on which the data is expected for the listener. This is achieved by assigning different addresses (on the same subnet) to interfaces, and binding the listening endpoints to those addresses. Because of this setup, the data received by the server follows the most efficient path to the listening application.
To achieve quad-specific output, multiple interfaces can be linked in a multidrop set and output to any of the interfaces will be delivered through a quad-local member of the set, if there is one. This avoids costly cross-quad transfer of output data and can result in better throughput.
Improvement might also be the result of greater than media speed throughput on the same IP subnet if it is a switched network. For example, traditional ethernet setups can support only 100 Mbps on the wire. In a switched setup, multiple hosts can communicate at 100 Mbps while on the same IP subnet. With multidrop this becomes an additional advantage since the output will go out different interfaces rather than being directed out the one interface to which the route points.
This is not a general solution. To achieve the best results, you must customize the system for optimum performance.
ATTENTION The multidrop parent interface is for reference only. ifconfig commands will not work with it.
Use the ifadmin utility to create multidrop interfaces and child interfaces linked to a parent. Support of multidrop includes the following ifadmin options:
/etc/ifadmin multidrop <name>
/etc/ifadmin link <parent name> <child name>
/etc/ifadmin unlink <parent name> <child name>
Here is an example:
# /etc/ifadmin multidrop md0
# /etc/ifadmin link md0 pe0
# /etc/ifadmin link md0 pe4
# /etc/ifadmin link md0 pe8
Use the multidrop option to ifadmin to create a multidrop interface. After creating an interface, administrators can add one or more (non-multidrop) interfaces as children of the multidrop interface. Output to any of the child interfaces is sent to the nearest (in terms of quad location) child interface for output. The ifadmin unlink option removes an interface from consideration for output that is done through the multidrop interface.
ATTENTION The interfaces forming a multidrop must conform as follows:
All must have the same type (for example, all ITX or all Ethernet).
All must have compatible flags (identical except for RUNNING and UP).
All must have identical MTUs.
The FreeBSD resh Version 8.3 has been ported to ptx/TCP V4.6.0. This replaces the earlier TLI-based implementation distributed with ptx/TCP.
New command arguments are as follows:
The ftp distributed from ptx/TCP V4.6.0 onwards will be a BSD sockets-based implementation as compared to the TLI-based version distributed in the previous ptx/TCP releases. This is a port of FreeBSD ftp Version 8.4.
Note the following changes in the commands supported by ftp.
New Command Line Option
Also if the ftp binary is renamed as pftp or if the environment variable FTP_PASSIVE_MODE is defined, ftp operates in the passive mode.
New ftp Commands
chmod mode filename
Changes the permissions models of the specified filename on the remote system to mode.
idle [ seconds ]
Sets the inactivity timer on the remote server to the specified seconds. If seconds is omitted, the current inactivity timer is printed.
modtime filename
Shows the last modified time of the specified filename on the remote system.
newer filename
Gets the file only if the modified time of the remote file is more recent than the file on the current system. If the file does not exist on the current system, the remote file is considered newer. Otherwise, this command is identical to get.
nlist [ remote-directory ] [ local-file ]
Prints a list of the files in a directory on the remote machine. If remote-directory is left unspecified, the current working directory is used. If interactive prompting is on, ftp will prompt you to verify that the local-file argument is indeed the target local file for receiving nlist output. If no local-file is specified or if the local-file contains only a dash (-), the output is sent to the terminal.
reget remote-file [ local-file ]
reget acts like get, except that if local-file exists and is smaller than remote-file, local-file is presumed to be a partially transferred copy of remote-file and the transfer is continued from the apparent point of failure. Use this command when transferring very large files over networks that are prone to dropping connections.
remotestatus [file-name ]
With no arguments, shows status of remote machine. If file-name is specified, shows status of file-name on remote machine.
restart marker
Restarts the immediately following get or put command at the indicated marker. On UNIX systems, marker is usually a byte offset into the file. restart can be used to specify the byte offset from where the subsequent get/put should fetch the file, while reget starts from the apparent point of failure (depending on file size of previously transferred file).
site arg1 arg2
The arguments specified are sent verbatim to the remote FTP server as a SITE command.
size file-name
Returns the size of file-name on the remote machine.
system
Shows the type of operating system running on the remote machine.
umask [ newmask ]
Sets the default umask on the remote server to newmask. If newmask is omitted, the current umask is printed.
Changes in the .netrc File
The .netrc file contains login and initialization information used by the autologin process. It resides in your home directory. The .netrc file will recognize the token default.
This is the same as the machine name except that the default matches any name. There can be only one default token and it must be after all machine tokens. This is normally used as follows:
default login anonymous password user@site
This gives you an automatic anonymous ftp login to machines not specified in .netrc. This can be overriden by using the -n flag to disable autologin.
Commands Dropped in This Release
The FreeBSD ftpd Version 8.4 has been ported to ptx/TCP/IP V4.6.0. This replaces the earlier TLI-based implementation distributed with ptx/TCP/IP.
-D Option
The -D option allows ftpd to detach and become a daemon, accepting connections on the FTP port and forking children processes to handle them. This involves less overhead than starting ftpd from inetd and is, therefore, useful on busy servers to reduce load.
-R Option
The -R option allows ftpd to revert to historical behavior with regard to security checks on user operations and restrictions on PORT requests. Currently, ftpd will only honor PORT commands directly to unprivileged ports on the remote user's host (which violates the FTP protocol specification but closed some security holes).
-S Option
The -S option allows ftpd to log all anonymous transfers to the file /var/log/ftpd when this file exists. The anonymous transfer logs will not be written to EES since these are neither events nor error conditions of ftpd. This is a security measure of logging all anonymous ftp transfers.
-T maxtimeout Option
This option specifies the maximum timeout period that a client can request. The maximum period allowed can be set to maxtimeout seconds with the -T option. The default is two hours.
-a address Option
This option has an effect only when the -D option is specified. After specifying both options, ftpd will accept connections only on the specified address.
-p file Option
This option has an effect only when the -D option is specified. After specifying both options, ftpd will write the daemon's process ID to a file.
-A Option
This option allows anonymous ftp access.
The following non-standard or UNIX specific commands are supported by the SITE request:
MDTM and SIZE are not specified in RFC 959, but will appear in the next updated FTP RFC.
You can use the /etc/nologin file to disable ftp access. If this file exists, ftp displays it and exits. If the /etc/ftpwelcome file exists, ftp prints it before issuing the ready message. If the /etc/ftpmotd file exists, ftp prints it after a successful login.
If a STAT command is received during a data transfer, preceded by a Telnet IP and sync, transfer status will be returned.
ftpd does an additional authentication of users as follows:
The login name must not be a member of a group specified in the /etc/ftpusers file. Entries in the file interpreted as group are prefixed by an @ sign. The user must have a shell listed in the /etc/shells file. If a user name appears in the /etc/ftpchroot file, or the user is a member of a group with a group entry in this file (that is, one prefixed with @) the session's root will be changed to the user's login directory by chroot for an anonymous or ftp account. However, the user must still supply a password. This feature is a compromise between a fully anonymous account and a fully privileged account. The user's account should be set up with the same considerations as an anonymous ftp account (for example, with local bin, etc, and lib directories).
If the system has multiple IP addresses, ftpd supports the idea of virtual hosts, which allows you to define multiple anonymous ftp areas, each one allocated to a different internet address. The /etc/ftphosts file contains information pertaining to each of the virtual hosts. Each host is defined on its own line, which contains a number of fields separated by white space:
Defining a virtual host for the primary IP address or host name changes the default for ftp logins to that address. You can leave the user, statfile, welcome, and motd fields blank, or use a single hyphen (-) to indicate that the default value should be used.
The following new files affect the behavior of ftpd:
This ftpd does not have the command line option -m, which the previous version used to log anonymous ftp sessions.
Since this ftpd is a sockets-based implementation, the entry in inetd.conf should be as follows:
ftp stream tcp nowait root /usr/etc/ftpd ftpd
This will be ensured at installation time.
The ifconfig command distributed with previous versions of ptx/TCP/IP was not consistent in reporting errors. This made the writing of scripts difficult. The ifconfig in ptx/TCP/IP V4.6.0 reports the following error codes:
ATTENTION ifconfig will attempt to set the interface flags only if the new flags being specified are different from the flags already set on the interface.
ptx/TCP/IP V4.4 and V4.5 implementations required you to add the LLC header size to the MTU being assigned to an interface. This has been modified to be consistent with industry standards. The interface MTU now corresponds to the data portion only and does not include the LLC header.
For example, the ethernet MTU is now 1500 (not 1502). If you use SNAP, it is 1492.
telnet has been modified to negotiate options only when establishing a connection to port 23. (The default telnet port is 23.) If the remote port is prefixed with a dash or minus sign (-), then telnet options will be negotiated.
The default mode on startup is character-at-a-time. The default modes may be overridden by specifying the desired mode in .telnetrc or by specifying the mode after escaping to the telnet prompt.
The maximum UDP datagram that may be sent is limited by STRMSGSZ or (65535 - size of UDP and IP headers), whichever is smaller. The size of UDP and IP header without options is 28 bytes. Thus, the maximum UDP datagram is 65507 bytes. The presence of IP options increases the IP header size. This will further reduce the corresponding maximum datagram size. Previously, ptx/TCP/IP had a limit of 16K on UDP message size. The STRMSGSZ limit can be configured by setting the kernel parameter STRMSGSZ. The lower bound specified for STRMSGSZ is 16K.
ATTENTION BSD sockets are not affected by STRMSGSZ value. The maximum datagram size when using the BSD sockets API has always been 65535 - (size of (UDP + IP headers)).
In versions of ptx/TCP/IP V4.5.x, the packets sent to the local interface (which are looped back) were not seen by tcpdump. To enable tcpdump to see these packets, the virtual interface gloop was added. To see these packets, do the following:
tcpdump -i gloop
The global loop (gloop) interface is not really an interface. tcpdump will issue the following warning:
tcpdump: WARNING: SIOCGIFADDR: gloop: Invalid argument
Ignore this warning. tcpdump will now show all packets sent to any of the local interfaces. Further filtering based on the exact IP address is possible.
rarpd over LANE is not supported.
IP reassembly buffers are no longer allocated statically. The MAX_REASSQ configuration parameter has been dropped. Instead, two new parameters are used:
In previous versions of ptx/TCP/IP, the inpcb and tcpcb structures were statically allocated at boot time according to a pre-configured limit. This had several drawbacks:
The limit could not be altered without rebuilding the kernel and rebooting.
An excessively high limit wastes memory.
Allocations could not be made local to each quad.
Lower performance is caused by false sharing of cache lines.
Protocol control blocks (PCBs) used by ptx/TCP/IP V4.6 are now allocated dynamically as needed, rather than statically at kernel build time (as was the case in the past). This affects the method used to configure the number of PCBs as follows:
The parameters N_TCP_PCB_FREE, N_UDP_PCB_FREE, and N_RAW_PCB_FREE no longer exist. The parameter MAX_IP_PROTO undergoes a name change (it becomes N_DEV_IP, described below).
The following new parameters appear:
NSOCKET - This is the number of sockets you may allocate system-wide. Note that almost everything in TCP is now a socket; in particular, BSD sockets, ABI sockets and TLI opens of /dev/tcp or /dev/udp are all actually sockets. Opens of /dev/ip and COFF binaries using UNIX domain sockets are not really sockets underneath. For initial kernel configuration, the value of NSOCKET may be set to the sum of the old N_TCP_PCB_FREE, N_UDP_PCB_FREE, and N_RAW_PCB_FREE parameters. Note that, since memory is not allocated until sockets are used, there is no up-front memory penalty for padding NSOCKET with extremely high values.
The socket limit (which is initalized by NSOCKET) may be changed while the system is running via kmstune of the tcp.socket pool.
N_DEV_TCP, N_DEV_UDP, N_DEV_IP - These are the number of STREAMS opens of /dev/tcp, /dev/udp and /dev/ip allowed. These limit the number of ABI sockets and TLI endpoints, each of which consumes one stream for either /dev/tcp or /dev/udp. These parameters are not dynamically configurable (these are the number of devsw_allocs done at boot time for the respective devices). Within TCP, rlogin and telnet are both TLI-based, and consume /dev/tcp streams.
Note that these parameters are not tunable at runtime.
N_DEV_IP is MAX_IP_PROTO, with the name changed to make the nomenclature consistent.
The kmstune adjustable structure pools used are named tcp.socket, tcp.socket_peer and tcp.vnode. The socket_peer and vnode pools are implicitly limited by the socket pool; so there is no need to explicitly limit them.
ATTENTION If you install ptx/TCP/IP V4.6.x on a system that has earlier versions of ptx/TCP/IP, you will find that the following TCP/IP kernel parameters will be deleted from the site files:
To install this release of ptx/TCP/IP, refer to the DYNIX/ptx and Layered Products Software Installation Release Notes.
ATTENTION If you are installing this release of ptx/TCP/IP over a previous version of ptx/TCP/IP, you need to perform the following steps to ensure a successful installation. If you are performing a scratch install, you can ignore the rest of this caution.
During the installation, you may need to modify the preview log for ptx/TCP/IP. Note that the files /etc/inetd.conf, /var/tcp/ifaddrs, /var/tcp/routetab, /etc/mail/sendmail.cf, and /etc/mail/aliases are always retained from the previous installation, regardless of their CONFLICT entries in the preview log.
Carefully examine the CONFLICTS entries in the preview.log file that are generated by the ptx/INSTALL program. The default answers might not be what you want.
Files such as /etc/hosts, /etc/services/, and etc/hosts.equiv might have a value of REPLACE rather than SKIP. You will need to restore your original files after the installation or change REPLACE to SKIP for the CONFLICTS entries in the preview.log file during the installation to ensure that your host-specific custom files are preserved.
ptx/TCP/IP replaces the /etc/services file. If ptx/CLUSTERS is also installed on your system, this action will remove the ptx/CLUSTERS information from the file. To retain the information, you must change the preview log entry for /etc/services from CONFLICT-REPLACE to CONFLICT-SKIP.
ATTENTION The reshd, ftpd, and rexecd distributed with this release are BSD-sockets based and not TLI implementations. reshd was a TLI implementation until ptx/TCP/IP V4.4.1. In this release of ptx/TCP/IP, rexecd will be disabled by default. Upon the installation of this release of ptx/TCP/IP, inetd.conf entries, such as
ftp tli tcp nowait root /usr/etc/ftpd ftpd
shell tli tcp nowait root /usr/etc/reshd reshd
exec tli tcp nowait root /usr/etc/rexecd rexecdwill be modified to the following:
ftp stream tcp nowait root /usr/etc/ftpd ftpd
shell stream tcp nowait root /usr/etc/reshd reshd
#exec stream tcp nowait root /usr/etc/rexecd rexecdAlso note that this change in inetd.conf will occur irrespective of choosing CONFLICT-SKIP or CONFLICT-replace. The inetd.conf being replaced will be saved in /usr/options/tcp/inetd_conf/inetd.conf.
The following documentation is available on the online documentation CD and at http://webdocs.numaq.ibm.com/:
ptx/TCP/IP Overview
ptx/TCP/IP Administration Guide
ptx/TCP/IP Programming Manual
ptx/TCP/IP Sockets Manual
ptx/TCP/IP Kernel Error Messages
This section lists the following problem-report summaries:
The number that appears in parentheses in the title of each problem report is the problem-tracking-system number assigned to the report.
ptx/TCP/IP V4.6.3 includes fixes for the following software defects:
(255351) A panic occurred in tcpmux_usrsrv because of a corrupted lock.
(255116) A treetop lock led to a deadlock when a memory failure occurred.
(255387) A buffer overflow vulnerability was found and fixed in xntpd.
(255100) An MMU fault panic occurred while interfaces were being added and deleted.
(255057) When the clone route for a local interface timed out, there was a brief period (before the route was recreated) when a connection to a local interface could return ENETUNREACH.
(254865) ftpd wrote bad records to /var/adm/wtmp.
(254825) During a cluster transition, the system panicked after a route flush command.
(254779) Stack corruption and information leak vulnerabilities were found and fixed in BIND V4.9.7 and V8.2.2.
(254648) syslogd did not handle EINTR for output, which led to disabled logs.
(254445) The telnet client did not correctly turn off binary mode.
(254438) When an uninitialized ifconf structure was passed to the SIOCGIFCONF field, the process hung and error messages were dipslayed.
(254414) Fragmentation with IP options failed to be delivered.
(254310) socketpair() returned incorrect information when errno was not set properly.
(254250) A net route was unexpectedly added by the route command.
(254222) The miniroot was not sufficiently robust to run restores when it was booted from the CD.
(254134) The telnet -port option was broken for the service name.
(253087) tcpdump with -p flag on the ATM LANE interface panicked the system.
(252816) The "Type of Route Field" on the "Delete Route" ptx/ADMIN menu form did not display "host," "net," or "empty."
(250594) Every 30 minutes, sendmail logged to syslog a message that SMTP-MAIL died on a signal 8 message.
(250177) The method for obtaining the load average now supports a getkerndata (MISC_DATAID) call.
(248944) The ptx/ADMIN menu system did not detect inconsistent ifnets and ifaddrs.
(234913) The output of the command arp ip_addr displayed the IP address twice.
ptx/TCP/IP V4.6.2 includes fixes for the following software defects:
(253709) Overlapped routes caused a system panic.
(253651) sockmod could lose output data on close.
(253166) An uninitialized variable in in_ifinit() could cause a system panic.
(252887) routed was confused when looking up interface names.
(252128) A t_optmgmt() call on a UDP endpoint caused a system panic.
(251473) A rogue tn_santa caused a system panic and returned the error TCP: tn_santa: naughty: TF_OPEN set.
(247733) A STREAMS ioctl on a raw BSD socket can cause a system panic.
(253397) p_lock: self deadlock! caused a system panic in tcp_unbind().
(252990) soo_close loop resulted in a system panic.
(252079) "Ifadmin attach" of a non-STREAMS device could cause a system panic.
(251764) The system panicked when it encountered a softclock: bad mutex in tc,mutex/tocell error.
(252262) The system panicked when it tried to send a udp packet with a length of greater than 64K.
(253598) STREAMS buffer starvation could cause a system panic.
(253702) When the deletion of a route was attempted, it failed with the error: bad value.
(253325) DHCP user/vendor-class options did not work.
(252155) Routed could not deal with overlapping interface names.
(251959, 252535, 252061) netstat -r failed with large routing tables (ENOBUFS)
(251415) The mib2agt did not always properly close file descriptors.
(251400) gethostbyaddr failed to read past a bad address in /etc/hosts.
(251035, 250835) The mib2agt dumped core.
(248727) The route command could not handle more than 12 bytes of AF_LINK address.
(253119) Multiple interrupt characters caused ftp to spin.
(252954) DHCPD did not properly handle a multi-homed host.
(252576) The SIGCHLD signal was not properly handled by ftpd -D.
(252189) ifconfigall only attached interfaces listed in the ifaddrs file.
(251503) syslogd did not use non-blocking writes to fifos/pipes.
(251195) MTU path discovery did not increase the MTU once it was lowered.
(253231) inetd would only listen on 64 file descriptors.
(252150) A possible memory leak occurred during IP reassembly.
(251921) netstat did not flush stdout on a SIGUP and output was lost.
This section lists open problems in this release of ptx/TCP/IP.
ATTENTION Time synchronization on Symmetry systems can be affected by the bootflags command.
You can start the time daemon /usr/etc/xntpd at boot-time by uncommenting the appropriate lines in /etc/rc2.d/S50netservers. This is advisable only if you invoke /usr/etc/ntpdate -b before the xntpd starts, otherwise the time delta between the host clock and the reference clock might be too large for the xntpd daemon.
On Symmetry systems the system time will be adversely affected by the execution of a bootflags command with options that display the firmware boot parameters: -bh, -bs, -bo, and -bv. Using bootflags with these options has the side-effect of suspending the system clock for several tens of milliseconds. This error will quickly be corrected by the normal operation of xntpd. You should not execute multiple bootflags -bx commands in succession. Doing so will slow the clock faster than xntpd can handle as it attempts to correct the time. The bootflags -bx commands should be used infrequently to avoid introducing a large cumulative error in the system time.
On clustered systems the bootflags problem can cause this warning message to be printed during boot:
WARNING: Time in the cluster is NOT synchronized to within 100 msecs!
During boot the /etc/rc2.d/S99scandump script executes a bootflags -bh command. Shortly after that the /etc/rc2.d/S99cta_in script executes /usr/bin/clust_check_time, which compares the system time to the time on the other clustered nodes. Because xntpd has not had much time to adjust the clock after the bootflags command, the delta may exceed 100ms. If you see this message you can check the system time again a few minutes after boot to verify that xntpd has synchronized the time with the other clustered nodes.
This problem does not occur on NUMA systems.
Multiple SYNs may not be unique if connection requests arrive while the system clock has not changed (the system clock has a 10-millisecond resolution).
Sendmail expects the local host name to be a fully qualified domain name. To check that it has a fully qualified host name, it expects to see at least one dot in the name. If it does not find a dot in the name, it will assume that there was an error in the name lookups, and will pause for a period of time waiting for the name server to settle out. This causes an unnecessary delay for /etc/host based systems that do not fully qualify their host names.
Workaround: Add an alias to the host that contains a dot at the end of the name, as in the following example:
10.1.2.3 myhost myhost.
Lack of support for the old IP_GET_IF_CONFIG ioctl breaks COFF compatibility for the RPC library. Old COFF binaries which use IP_GET_IF_CONFIG ioctl will no longer work.
routed can flip flop the routes between aliases if they exist on the same subnet.
Workaround: Avoid aliases on the same subnet, if possible.
The ifconfig -a command lists the pathname of the device. If the device clone information is not found in the /etc/devinfo file or there is no devinfo file for the device, then /dev is searched for the actual device entry. This slows the command down.