TrafficDescriptor statement

Use the TrafficDescriptor statement to describe IP traffic in terms of one or more of the following characteristics: IP protocol, source and destination port values, job name, NetAccess security zone, and multilevel-security (MLS) label.

Restriction: The TrafficDescriptor statement is available for use only with Routing policies.

Syntax

Read syntax diagramSkip visual syntax diagram
>>-TrafficDescriptor--+------+---------------------------------->
                      '-name-'   

>--| Put Braces and Parameters on Separate Lines |-------------><

Put Braces and Parameters on Separate Lines

|--+-{--------------------------------+-------------------------|
   +-| TrafficDescriptor Parameters |-+   
   '-}--------------------------------'   

TrafficDescriptor Parameters

   .-Protocol All------.  .-SourcePortRange 0--------.   
|--+-------------------+--+--------------------------+---------->
   '-Protocol--+-Tcp-+-'  '-SourcePortRange--+-n---+-'   
               +-6---+                       '-n m-'     
               +-Udp-+                                   
               +-17--+                                   
               '-All-'                                   

   .-DestinationPortRange 0--------.                     
>--+-------------------------------+--+--------------+---------->
   '-DestinationPortRange--+-n---+-'  '-Jobname name-'   
                           '-n m-'                       

>--+-------------------+--+--------------------+----------------|
   '-SecurityZone name-'  '-SecurityLabel name-'   

Parameters

name
A string 1 - 32 characters in length specifying the name of this TrafficDescriptor statement.

Rule: If this TrafficDescriptor statement is not specified inline within another statement, a name value must be provided.

If a name is not specified for an inline TrafficDescriptor statement, a nonpersistent system name is created.
Protocol
A protocol that must be contained in an IP packet for the rule's action to be performed.
TCP or 6
Indicates TCP protocol.
UDP or 17
Indicates that the UDP protocol must be in the packet.
All
Indicates that all protocols that are relevant to the policy type that references the TrafficDescriptor statement must be in the packet. This is the default value.

Rule: For the Routing policy type, the relevant protocols are TCP and UDP.

SourcePortRange
A source port that must be contained in a TCP or UDP packet for the rule's action to be performed.

Valid values for n are in the range 0 - 65 535. If 0 is specified for n, the rule applies to any source port. If n is specified as the beginning value for a range, then 0 is not a valid value.

If an m value is specified, it must be greater than or equal to the n value and less than 65 536.

Rule: Include a blank, a colon (:), or a dash (-) as a delimiter.

Restrictions:
  • The SourcePortRange value is used only as a selector for a TCP or UDP packet. If the value TCP or UDP is specified for the Protocol parameter, the SourcePortRange parameter is further restricted to the protocol specified.
  • For Routing policies, the value specified for the SourcePortRange parameter is the source port that must be contained in an outbound TCP or UDP packet.
DestinationPortRange
A destination port that must be contained in a TCP or UDP packet for the rule's action to be performed.

Valid values for n are in the range 0 - 65 535. If 0 is specified for n, then the rule applies to any destination port. If n is specified as the beginning value for a range, then 0 is not a valid value.

If an m value is specified, it must be greater than or equal to the n value and less than 65 536.

Rule: Include a blank, a colon (:), or a dash (-) as a delimiter.

Restrictions:
  • The DestinationPortRange value is used only as a selector for a TCP or UDP packet. If the value TCP or UDP is specified for the Protocol parameter, the DestinationPortRange is further restricted to the protocol specified.
  • For Routing policies, the value specified for the DestinationPortRange parameter is the destination port that must be contained in an outbound TCP or UDP packet.
Jobname
The name value specifies the job name of the application. The name value can be up to 8 characters in length. A trailing asterisk indicates a wildcard specification. The specified name is not case sensitive, and is translated to uppercase before being compared.
SecurityZone
The name value specifies the NetAccess security zone that an IP packet must match for the rule's action to be performed. The name value can be up to 8 characters in length. The specified name is not case sensitive.

For Routing policies, the name value specifies the NetAccess security zone that an outbound IP packet must match. The outbound packet's destination IP address is used to determine the packet's NetAccess security zone in the NetAccess table defined in the TCP/IP profile. For more information about network access control, see NETACCESS statement.

SecurityLabel
The name value specifies the MLS security label that an IP packet must match for the rule's action to be performed. The name value can be up to 8 characters in length. The specified name is not case sensitive.

For Routing policies, the name value specifies the MLS security label that an outbound IP packet must match. The outbound packet's destination IP address is used to determine the packet's NetAccess security zone in the NetAccess table defined in the TCP/IP profile. The MLS security label is the label associated with the NetAccess zone. For more information, see the TCP/IP networking in a multilevel-secure environment information in z/OS Communications Server: IP Configuration Guide.

Parent topic: Reusable policy statements