|
DCMTK
Version 3.6.9
OFFIS DICOM Toolkit
|
ppsscpfs [options] [port]
The ppsscpfs application implements a Service Class Provider (SCP) for the Modality Performed Procedure Step (MPPS) Service. The application will listen on a specified TCP/IP port for incoming association requests from an MPPS SCU. In case an association was acknowledged and MPPS information was received, the ppsscpfs application will store the received information on the file system in a directory which can be specified through corresponding program options. The ppsscpfs application also supports the Verification Service Class as an SCP.
port tcp/ip port number to listen on
(this parameter is required unless the --inetd option is specified)
-h --help
print this help text and exit
--version
print version information and exit
--arguments
print expanded command line arguments
-q --quiet
quiet mode, print no warnings and errors
-v --verbose
verbose mode, print processing details
-d --debug
debug mode, print debug information
-ll --log-level [l]evel: string constant
(fatal, error, warn, info, debug, trace)
use level l for the logger
-lc --log-config [f]ilename: string
use config file f for the logger
-s --single-process
single process mode
--fork
fork child process for each association (default)
automatic data correction:
+dc --enable-correction
enable automatic data correction (default)
-dc --disable-correction
disable automatic data correction
application entity title mapping:
-tmi --no-use-called-aet
ignore called AE title (default)
+tmi --use-called-aet
map called AE title to subdirectory name
UID generation:
-sn --serial-number [s]erial number: integer (1..9999)
serial number of this installation, will be added
to SOP instance UID (for GO-Kard only)
character set:
-cs1 --charset-latin1
accept ISO_IR 100 only (default)
-csa --charset-any
accept any character set
compatibility:
--allow-unknown
accept unknown attributes and treat as type 3
--allow-illegal
gracefully ignore forbidden N-SET attributes
--ignore-missing
ignore missing N-CREATE attributes (DANGEROUS)
-rul --ret-obj-uid-in-al
return SOP Instance UID in N-CREATE-RSP dataset
--enable-integrismpps
accept Philips Integris private attributes
preferred network transfer syntaxes:
+x= --prefer-uncompr
prefer explicit VR local byte order (default)
+xe --prefer-little
prefer explicit VR little endian TS
+xb --prefer-big
prefer explicit VR big endian TS
+xi --implicit
accept implicit VR little endian TS only
network host access control (tcp wrapper):
-ac --access-full
accept connections from any host (default)
+ac --access-control
enforce host access control rules
other network options:
-id --inetd
run from inetd super server (not with --fork)
# not available on all systems (e.g. not on Windows)
--refuse
refuse association
--reject
reject association if no implementation class UID
-pdu --max-pdu [n]umber of bytes: integer (4096..131072)
set max receive pdu to n bytes (default: 16384)
-dhl --disable-host-lookup
disable hostname lookup
transport protocol stack:
-tls --disable-tls
use normal TCP/IP connection (default)
+tls --enable-tls [p]rivate key file, [c]ertificate file: string
use authenticated secure TLS connection
private key password (only with --enable-tls):
+ps --std-passwd
prompt user to type password on stdin (default)
+pw --use-passwd [p]assword: string
use specified password
-pw --null-passwd
use empty string as password
key and certificate file format:
-pem --pem-keys
read keys and certs as PEM file (default)
-der --der-keys
read keys and certificates as DER file
certification authority:
+cf --add-cert-file [f]ilename: string
add certificate file to list of certificates
+cd --add-cert-dir [d]directory: string
add certificates in d to list of certificates
+crl --add-crl-file [f]ilename: string
add certificate revocation list file
(implies --enable-crl-vfy)
+crv --enable-crl-vfy
enable leaf CRL verification
+cra --enable-crl-all
enable full chain CRL verification
security profile:
+ph --list-profiles
list supported TLS profiles and exit
+pg --profile-8996
BCP 195 RFC 8996 TLS Profile (default)
+pm --profile-8996-mod
Modified BCP 195 RFC 8996 TLS Profile
# only available if underlying TLS library supports
# all TLS features required for this profile
+py --profile-bcp195-nd
Non-downgrading BCP 195 TLS Profile (retired)
+px --profile-bcp195
BCP 195 TLS Profile (retired)
+pz --profile-bcp195-ex
Extended BCP 195 TLS Profile (retired)
+pb --profile-basic
Basic TLS Secure Transport Connection Profile (retired)
# only available if underlying TLS library supports 3DES
+pa --profile-aes
AES TLS Secure Transport Connection Profile (retired)
+pn --profile-null
Authenticated unencrypted communication
(retired, was used in IHE ATNA)
ciphersuite:
+cc --list-ciphers
list supported TLS ciphersuites and exit
+cs --cipher [c]iphersuite name: string
add ciphersuite to list of negotiated suites
+dp --dhparam [f]ilename: string
read DH parameters for DH/DSS ciphersuites
server name indication:
--no-sni
do not use SNI (default)
--expect-sni [s]erver name: string
expect requests for server name s
pseudo random generator:
+rs --seed [f]ilename: string
seed random generator with contents of f
+ws --write-seed
write back modified seed (only with --seed)
+wf --write-seed-file [f]ilename: string (only with --seed)
write modified seed to file f
peer authentication:
-rc --require-peer-cert
verify peer cert, fail if absent (default)
-vc --verify-peer-cert
verify peer certificate if present
-ic --ignore-peer-cert
don't verify peer certificate
general:
-od --output-directory [d]irectory: string (default: ".")
write MPPS files to existing directory d
post-1993 value representations:
+u --enable-new-vr
enable support for new VRs (UN/UT) (default)
-u --disable-new-vr
disable support for new VRs, convert to OB
XML output:
-xod --xml-directory [d]irectory: string (default: none)
write final state MPPS objects in XML format
to existing directory d (if defined)
The semantic impacts of the above mentioned options is clear for the majority of options. Some particular options, however, are so specific that they need detailed descriptions which will be given in this passage.
Option –serial-number is intended for situations in which the ppsscpfs application has to generate one or more new DICOM UIDs. In such a case, the integer which is passed to the application through this option will be added to the given UID root, so that it is possible to generate unique UIDs.
Options –use-called-aet and –no-use-called-aet can be used to enable or disable the function that the called application entity title (provided by a calling SCU) will be used to manage received MPPS information within the data destination, i.e within the file system. The advantage of managing received MPPS information on the basis of a certain called application entity title is that different SCUs can be configured in a way so that they all use different called application entity titles, which in turn would allow a user on the SCP side to uniquely identify the MPPS information which was received from a particular SCU. For using the –used-called-aet option, it is required, that a directory with the name equal to each supported (calling) application entity title already exists in the file system. The received objects are then stored in the appropriate directory. Otherwise the association is refused with a "bad application entity service" error message. Please note, that using the –use-called-aet option one can implement a simple access control, which allows only predefined AEs to connect to ppsscpfs (the AEs, for which directories exist).
Option –ret-obj-uid-in-al is a workaround for the Philips Integris RIS-interface which implements the DICOM MPPS service incorrectly. The option will make the application return the MPPS object's SOP instance UID in the N-CREATE-RSP messages attribute list.
Option –enable-integrismpps is used to turn on support for all attributes which are sent by the Philips Integris RIS-interface in MPPS N-Create and N-Set messages. Always turn on this option if this application is communicating with Philips Integris RIS-interface.
The ppsscpfs application supports the following SOP Classes as an SCP:
VerificationSOPClass 1.2.840.10008.1.1 ModalityPerformedProcedureStep 1.2.840.10008.3.1.2.3.3 ModalityPerformedProcedureStepRetrieve 1.2.840.10008.3.1.2.3.4
The ppsscpfs application will accept presentation contexts for all of the abovementioned supported SOP Classes using any of the transfer syntaxes:
LittleEndianImplicitTransferSyntax 1.2.840.10008.1.2 LittleEndianExplicitTransferSyntax 1.2.840.10008.1.2.1 BigEndianExplicitTransferSyntax 1.2.840.10008.1.2.2
The default behaviour of the ppsscpfs application is to prefer transfer syntaxes having an explicit encoding over the default implicit transfer syntax. If ppsscpfs is running on big-endian hardware it will prefer BigEndianExplicit to LittleEndianExplicit transfer syntax (and vice versa). This behaviour can be changed with the –prefer options (see above).
The ppsscpfs application does not support extended negotiation.
When compiled on Unix platforms with TCP wrapper support, host-based access control can be enabled with the –access-control command line option. In this case the access control rules defined in the system's host access control tables for ppsscpfs are enforced. The default locations of the host access control tables are /etc/hosts.allow and /etc/hosts.deny. Further details are described in hosts_access(5).
On Posix platforms, ppsscpfs can be initiated through the inetd(8) super server. This requires that ppsscpfs be configured in the /etc/inetd.conf configuration file. A typical configuration line could look like this:
acr-nema stream tcp nowait root /usr/sbin/ppsscpfs -id +ac -od /tmp/pps
where -id (–inetd) activates the inetd mode in which the DICOM association is actually accepted by inetd and passed to ppsscpfs, +ac (–access-control) activates the TCP wrapper based access control described above and -od (–output-directory) defines the directory in which ppsscpfs stores incoming MPPS objects. Note that the service name ("acr-nema" in this example) determines the port number on which DICOM associations are accepted and must be defined in /etc/services. When runnning from inetd, the stdout and stderr streams are discarded. However, you can still configure logging via the –log-config option (see below).
Please note that when run through inetd, ppsscpfs is executed with root privileges, which may be a security risk.
The level of logging output of the various command line tools and underlying libraries can be specified by the user. By default, only errors and warnings are written to the standard error stream. Using option –verbose also informational messages like processing details are reported. Option –debug can be used to get more details on the internal activity, e.g. for debugging purposes. Other logging levels can be selected using option –log-level. In –quiet mode only fatal errors are reported. In such very severe error events, the application will usually terminate. For more details on the different logging levels, see documentation of module "oflog".
In case the logging output should be written to file (optionally with logfile rotation), to syslog (Unix) or the event log (Windows) option –log-config can be used. This configuration file also allows for directing only certain messages to a particular output stream and for filtering certain messages based on the module or application where they are generated. An example configuration file is provided in <etcdir>/logger.cfg).
All command line tools use the following notation for parameters: square brackets enclose optional values (0-1), three trailing dots indicate that multiple values are allowed (1-n), a combination of both means 0 to n values.
Command line options are distinguished from parameters by a leading '+' or '-' sign, respectively. Usually, order and position of command line options are arbitrary (i.e. they can appear anywhere). However, if options are mutually exclusive the rightmost appearance is used. This behaviour conforms to the standard evaluation rules of common Unix shells.
In addition, one or more command files can be specified using an '@' sign as a prefix to the filename (e.g. @command.txt). Such a command argument is replaced by the content of the corresponding text file (multiple whitespaces are treated as a single separator unless they appear between two quotation marks) prior to any further evaluation. Please note that a command file cannot contain another command file. This simple but effective approach allows to summarize common combinations of options/parameters and avoids longish and confusing command lines (an example is provided in file <datadir>/dumppat.txt).
The ppsscpfs utility will attempt to load DICOM data dictionaries specified in the DCMDICTPATH environment variable. By default, i.e. if the DCMDICTPATH environment variable is not set, the file <datadir>/dicom.dic will be loaded unless the dictionary is built into the application (default for Windows).
The default behaviour should be preferred and the DCMDICTPATH environment variable only used when alternative data dictionaries are required. The DCMDICTPATH environment variable has the same format as the Unix shell PATH variable in that a colon (":") separates entries. On Windows systems, a semicolon (";") is used as a separator. The data dictionary code will attempt to load each file specified in the DCMDICTPATH environment variable. It is an error if no data dictionary can be loaded.
Copyright (C) 2002-2024 by OFFIS e.V., Escherweg 2, 26121 Oldenburg, Germany.