0(X'0') |
|
4 |
Binary |
The following list identifies the bits,
their names, and meaning.
- X'80000000', SMF119IS_IPDynUDPEncap: UDP encapsulation indicator.
The tunnel uses UDP encapsulation mode.
- X'40000000', SMF119IS_IPDynLclNAT: Local NAT indicator. A NAT
has been detected in front of the local security endpoint.
- X'20000000', SMF119IS_IPDynRmtNAT: Remote NAT indicator. A NAT
has been detected in front of the remote security endpoint.
- X'10000000', SMF119IS_IPDynRmtNAPT: Remote NAPT indicator. An
NAPT has been detected in front of the remote security endpoint.
Result: Some NAPTs might be undetected.
In that case, the SMF119IS_IKETunRmtNAT bit is set, but this bit
is not set.
- X'08000000', SMF119IS_IPDynRmtGW: Remote NAT traversal gateway
indicator. The tunnel uses UDP encapsulation and the remote security
endpoint is acting as an IPSec gateway.
|
0(X'0') Cont. |
|
Cont. |
Cont. |
One of the following values: - X'04000000', SMF119IS_IPDynRmtZOS: Remote z/OS® indicator. The remote peer has been detected
to be z/OS. The remote peer
might be running z/OS but
it might not be detected as such, if NAT traversal is not enabled.
- X'02000000', SMF119IS_IPDynCanInitP2: Dynamic tunnel (P2) initiation
indicator. If set, the local security endpoint can initiate dynamic
tunnel negotiations with the remote security endpoint; otherwise,
the remote security endpoint must initiate dynamic tunnel negotiations.
Either side can initiate refreshes.
- X'01000000', SMF119IS_IPDynSrcIsSingle: Single source address
indicator. Traffic source address is indicated by the SMF119IS_IPDynSrcAddr4
or SMF119IS_IPDynSrcAddr6 fields.
- X'00800000', SMF119IS_IPDynSrcIsPrefix: Prefixed source address
indicator. Traffic source address is indicated by the SMF119IS_IPDynSrcAddr4
or SMF119IS_IPDynSrcAddr6, fields and the source address prefix is
indicated by the SMF119IS_IPDynSrcAddrPrefix field.
- X'00400000', SMF119IS_IPDynSrcIsRange: Ranged source address indicator.
Traffic source address range is indicated by the SMF119IS_IPDynSrcAddr4
and SMF119IS_IPDynSrcAddrRange4 fields, or by the SMF119IS_IPDynSrcAddr6
and SMF119IS_IPDynSrcAddrRange6 fields.
- X'00200000', SMF119IS_IPDynDstIsSingle: Single destination address
indicator. Traffic destination address is indicated by the SMF119IS_IPDynDstAddr4
or SMF119IS_IPDynDstAddr6 fields.
|
0(X'0') Cont |
|
Cont. |
Cont. |
One of the following values: - X'000100000', SMF119IS_IPDynDstIsPrefix:Prefixed destination address
indicator. Traffic destination address is indicated by the SMF119IS_IPDynDstAddr4
or SMF119IS_IPDynDstAddr6 fields, and destination address prefix is
indicated by the SMF119IS_IPDynDstAddrPrefix field.
- X'00080000', SMF119IS_IPDynDstIsRange: Ranged destination address
indicator. Traffic destination address range is indicated by the SMF119IS_IPDynDstAddr4
and SMF119IS_IPDynDstAddrRange4 fields, or by the SMF119IS_IPDynDstAddr6
and SMF119IS_IPDynDstAddrRange6 field.
- X'00040000', SMF119IS_IPDynTransportOpaque: Opaque transport selector
indicator. If set, the dynamic tunnel is protecting data traffic where
the upper layer selectors, source and destination ports, ICMP or ICMPv6
type and code or IPv6 Mobility header type are not available as a
result of fragmentation.
- All remaining bits: Reserved
|
4(X'4') |
SMF119IS_IPDynVPNRule |
48 |
EBCDIC |
Dynamic VPN rule name for this tunnel. This
field is blank if there is no local dynamic VPN rule. |
52(X'34') |
SMF119IS_IPDynP1TunnelID |
48 |
EBCDIC |
Tunnel ID for this tunnel's parent IKE (phase
1) tunnel. As a result of refreshes, this tunnel ID might represent
multiple related IKE tunnels. |
100(X'64') |
SMF119IS_IPDynLifesize |
8 |
Binary |
Tunnel lifesize. Nonzero values indicate the
lifesize value limit for the tunnel, in bytes. |
108(X'6C') |
SMF119IS_IPDynLifesizeRefresh |
8 |
Binary |
Tunnel lifesize refresh. Nonzero values indicate
the lifesize value at which the tunnel is refreshed, in bytes. |
116(X'74') |
SMF119IS_IPDynLifetimeExpire |
4 |
Binary |
Tunnel lifetime. Indicates the time at which
the tunnel expires, in UNIX format. |
120(X'78') |
SMF119IS_IPDynLifetimeRefresh |
4 |
Binary |
Tunnel lifetime refresh. Indicates the time
at which the tunnel is refreshed, in UNIX format. |
124(X'7C') |
SMF119IS_IPDynVPNLifeExpire |
4 |
Binary |
Tunnel VPN lifetime expire. Nonzero values indicate
the time at which the tunnel family ceases to be refreshed, in UNIX format. This field retains
its original value for a refreshed tunnel.
|
128(X'80') |
SMF119IS_IPDynActMethod |
1 |
Binary |
One of the following tunnel activation methods: - SMF119IS_DYNTUN_USER (1): User activation (from the command line).
- SMF119IS_DYNTUN_REMOTE (2): Remote activation from IPSec peer.
- SMF119IS_DYNTUN_ONDEMAND (3): On-demand activation caused
by IP traffic.
- SMF119IS_DYNTUN_TAKEOVER (5): SWSA activation as a result
of a DVIPA takeover.
- SMF119IS_DYNTUN_AUTOACT (6): Auto-activation
This field retains its original value for a refreshed tunnel.
|
129(X'81') |
SMF119IS_IPDynRsvd2 |
3 |
Binary |
Reserved bits |
132(X'84') |
SMF119IS_IPDynRmtUDPPort |
2 |
Binary |
If the tunnel uses UDP encapsulation mode, this
value is the IKE UDP port of the remote security endpoint; otherwise,
the value is 0. |
134(X'86') |
SMF119IS_IPDynRsvd3 |
2 |
Binary |
Reserved bits |
136(X'88') |
SMF119IS_IPDynSrcNATOA |
4 |
Binary |
Source NAT original IP address. NAT original
IP addresses are exchanged only for certain UDP-encapsulated tunnels.
During NAT traversal negotiations, the IKE peer sends the source IP
address that it is aware of. If NAT traversal negotiation did
not occur or if an IKEv1 peer did not send a source NAT-OA payload,
the value of this field is 0.
Restriction: An IKEv1
peer at a pre-RFC3947 NAT traversal support level cannot send a source
NAT-OA payload.
|
140(X'8C') |
SMF119IS_IPDynDstNATOA |
4 |
Binary |
Destination NAT original IP address. NAT original
IP addresses are exchanged only for certain UDP-encapsulated tunnels.
During NAT traversal negotiations, the IKE peer sends the destination
IP address that it is aware of. If NAT traversal negotiation did
not occur or if an IKEv1 peer did not send a source NAT-OA payload,
the value of this field is 0.
Restriction: An IKEv1
peer at a pre-RFC3947 NAT traversal support level cannot send a source
NAT-OA payload.
|
144(X'90') |
SMF119IS_IPDynProtocol |
1 |
Binary |
Protocol for tunnel data. If the value is 0,
the tunnel includes all protocols. |
145(X'91') |
SMF119IS_IPDynRsvd4 |
3 |
Binary |
Reserved bits |
148(X'94') |
SMF119IS_IPDynSrcPort |
2 |
Binary |
Low end of source port range for tunnel data
or 0 if the tunnel is not limited to TCP or UDP. |
150(X'96') |
SMF119IS_IPDynDstPort |
2 |
Binary |
Low end of destination port range for tunnel
data, or 0 if the tunnel is not limited to TCP or UDP. |
152(X'98') |
SMF119IS_IPDynSrcAddr4 |
4 |
Binary |
One of the following values: - If the SMF119IS_IPDynSrcIsSingle field is set, this field is the
IPv4 or IPv6 source address for tunnel data.
- If the SMF119IS_IPDynSrcIsPrefix field is set, this field is the
IPv4 or IPv6 source address base for tunnel data.
- If the SMF119IS_IPDynSrcIsRange field is set, this field is the
low end of the IPv4 or IPv6 source address range for tunnel data.
|
152(X'98') |
SMF119IS_IPDynSrcAddr6 |
16 |
Binary |
One of the following values: - If SMF119IS_IPTunFlagIPv6 is set, this field is the 16–byte IPv6
local security endpoint address.
- If SMF119IS_IPTunFlagIPv6 is clear, this field is the 4–byte
IPv4 local security endpoint address.
|
168(X'A8') |
SMF119IS_IPDynSrcAddrRange4 |
4 |
Binary |
If the SMF119IS_IPDynSrcIsRange field is set,
this field is the highest address in the range of the IPv4 or IPv6
source addresses tunnel data. |
168(X'A8') |
SMF119IS_IPDynSrcAddrRange6 |
16 |
Binary |
If the SMF119IS_IPDynSrcIsRange field is set,
this field is the highest address in the range of the IPv4 or IPv6
source addresses tunnel data. |
184(X'B8') |
SMF119IS_IPDynDstAddr4 |
4 |
Binary |
One of the following values: - If the SMF119IS_IPDynDstIsSingle field is set, this field is the
IPv4 or IPv6 destination address for tunnel data.
- If the SMF119IS_IPDynDstIsPrefix field is set, this field is the
IPv4 or IPv6 destination address base for tunnel data.
- If the SMF119IS_IPDynDstIsRange field is set, this field is the
lowest IPv4 or IPv6 destination address in the range for tunnel data.
|
184(X'B8') |
SMF119IS_IPDynDstAddr6 |
16 |
Binary |
One of the following values: - If the SMF119IS_IPDynDstIsSingle field is set, this field is the
IPv4 or IPv6 destination address for tunnel data.
- If the SMF119IS_IPDynDstIsPrefix field is set, this field is the
IPv4 or IPv6 destination address base for tunnel data.
- If the SMF119IS_IPDynDstIsRange field is set, this field is the
lowest IPv4 or IPv6 destination address in the range for tunnel data.
|
200(X'C8') |
SMF119IS_IPDynDstAddrRange4 |
4 |
Binary |
If the SMF119IS_IPDynDstIsRange field is set,
this field is the highest IPv4 or IPv6 destination address in the
range range for tunnel data. |
200(X'C8') |
SMF119IS_IPDynDstAddrRange6 |
16 |
Binary |
If the SMF119IS_IPDynDstIsRange field is set,
this field is the highest IPv4 or IPv6 destination address in the
range range for tunnel data. |
216(X'D8') |
SMF119IS_IPDynSrcAddrPrefix |
1 |
Binary |
If the SMF119IS_IPDynSrcIsPrefix field is set,
this field is the length of the tunnel data source address prefix
in bits. |
217(X'D9') |
SMF119IS_IPDynDstAddrPrefix |
1 |
Binary |
If the SMF119IS_IPDynDstIsPrefix field is set,
this field is the length of the tunnel data destination address prefix
in bits. |
218(X'DA') |
SMF119IS_IPDynMajorVer |
1 |
Binary |
Major version of the IKE protocol in use. Only
the low-order 4 bits are used. |
219(X'DB') |
SMF119IS_IPDynMinorVer |
1 |
Binary |
Minor version of the IKE protocol in use. Only
the low-order 4 bits are used. |
220(X'DC') |
SMF119IS_IPDynType |
1 |
Binary |
Low end of ICMP, ICMPv6, or MIPv6 type range
for tunnel data; otherwise, this value is 0 if the tunnel is not limited
to ICMP, ICMPv6, or MIPv6. |
221(X'DD') |
SMF119IS_IPDynTypeRange |
1 |
Binary |
High end of ICMP, ICMPv6, or MIPv6 type range
for tunnel data; otherwise this value is 0 if the tunnel is not limited
to ICMP, ICMPv6, or MIPv6. A tunnel applying to all type values is
indicated as a value in the range 0- 255. |
222(X'DE') |
SMF119IS_IPDynCode |
1 |
Binary |
Low end of ICMP or ICMPv6 code range for tunnel
data; otherwise this value is 0 if the tunnel is not limited to ICMP
or ICMPv6. |
223(X'DF') |
SMF119IS_IPDynCodeRange |
1 |
Binary |
High end of ICMP or ICMPv6 code range for tunnel
data; otherwise, this value is 0 if the tunnel is not limited to ICMP
or ICMPv6. A tunnel applying to all code values is indicated as a
value in the range 0 - 255. |
224(X'E0') |
SMF119IS_IPDynSrcPortRange |
2 |
Binary |
High end of source port range for tunnel data;
otherwise this value is 0 if the tunnel is not limited to TCP or UDP.
A tunnel applying to all source port values is indicated as a value
in the range 0- 65 535. |
226(X'E2') |
SMF119IS_IPDynDstPortRange |
2 |
Binary |
High end of destination port range for tunnel
data, or 0 if the tunnel is not limited to TCP or UDP. A tunnel applying
to all destination port values is indicated as a value in the range
0 - 65 535. |
228(X'E4') |
SMF119IS_IPDynGeneration |
4 |
Binary |
Tunnel generation number. The first dynamic
tunnel with a particular tunnel ID has generation 1. Subsequent refreshes
of this dynamic tunnel have the same tunnel ID but higher generation
numbers. |