- SrcIpAddr
- The source IP address of the traffic to be tested or protected.
- DestIpAddr
- The destination IP address of the traffic to be tested or protected.
- Protocol Specification
- A protocol keyword can be selected from those shown in the syntax
diagram, or a protocol number of the traffic to be tested. The IP
traffic test matches on protocol when the IP filter contains the same
protocol number or when the IP filter applies to all protocols.
- SrcPortDestPort
- If the TCP or UDP protocol keywords are specified, then source
and destination port numbers must be supplied. Port number 0 indicates
to match any port.
For traffic that traverses a NAT, an internal
remote port translation function is used in some cases to increase
usability. Remote port translation is applicable only to ephemeral
ports (ports in the range 1024 - 65 535). If the remote
port translation function is being used, then there is both an original
remote port value and a translated remote port value. The traffic
test treats the input remote port (source port for an inbound packet,
destination port for an outbound packet) as the original port value.
In most cases when remote port translation is performed, the specific
port value is not known and the value 0 should be specified on input
to the traffic test. For more details about NAT traversal and remote
port translation, see the remote port translation information
in the z/OS Communications Server: IP Configuration
Guide.
- Direction Specification
- The traffic direction can be specified as in or out. If the traffic
direction keyword is not specified, then both in and out directions
are used.
- SecurityClass
- If the traffic direction keyword in is specified, then
a security class must be supplied. A SecurityClass value of 0 indicates
to match any security class.
- -r format
- Displays IP Security information in a given format. The default
format is detail. See The ipsec command general report concepts for a description of the different
report formats.