Use the Current IP Filters attributes to display IP filter information for the filters currently in use by the TCP/IP stack.
Action The action to be applied to the packet when filter's condition is met. This value is stored as an integer and displayed as a string. Valid values are:
Collection Time The time and date of the data sampling. This time is displayed in the following format:
mm/dd/yy hh:mm:ss
Where:
The stored format is a string no longer than 16 characters in the format CYYMMDDHHMMSSmmm (as in 1020315064501000 for 03/15/02 06:45:01) where:
Create Time The time when the filter was created, based on how the filter was created.
This time is displayed in the following format:
mm/dd/yy hh:mm:ss
Where:
The stored format is a string no longer than 16 characters in the format CYYMMDDHHMMSSmmm (as in 1020315064501000 for 03/15/02 06:45:01) where:
Destination Address Destination IP address or addresses affected by the current filter. This address may be in IPv4 or IPv6 format. Filters apply to either IPv4 addresses or IPv6 addresses, but not both. If the filter applies to all destination IP addresses, the field will be displayed as blank and a value of "0" is stored in the table. If the filter is for a range of destination IP addresses, this is the lower address in the range. The format is a UTF-8 encoded character string of up to 45 characters.
Destination Address Granularity Indicates the origin of the destination address used for on-demand activations of tunnels associated with a dynamic anchor filter. This value is stored as an integer and displayed as a string. Valid values are:
Destination Port Granularity Indicates the origin of the destination port used for on-demand activations of tunnels associated with a dynamic anchor filter. This value is stored as an integer and displayed as a string. Valid values are:
A value of FILTER indicates the destination port comes from the filter definition. A value of PACKET indicates the destination port comes from the packet. This field is significant if the filter type indicates this is a dynamic anchor filter. If the filter is not a dynamic anchor filter, a value of zero (0) is stored and blanks are displayed in the field.
Direction Indicates the direction of the IP traffic. This value is stored as an integer and displayed as a string. Valid values are:
Filter Rule Definition Name The name specified for an IP filter rule definition. This column is stored as a 48-character string.
Filter Set Identifies which filter set is currently in use by the TCP/IP stack. One of two filter sets may be in use at any time.
This value is stored as an integer and displayed as a string. Valid values are:
Filter Use Indicator The value in this column is used to identify the filters that are matching the most packets. Values 1 to 4 are used to identify the 5 filters with the most matches, the most denies by DENY and the most denies by mismatch. Value 5 is used to identify filters 6 to 100 with the most matches. A query can return the 5 filters with the most matches by using a where clause like:
(Filter Use Indicator = 1) OR (Filter Use Indicator = 3)
A query can return the 100 filters with the most matches by adding another OR clause to the previous condition:
(Filter Use Indicator = 5)
This value is stored as a one character string and is displayed as a string. Valid values are:
This field is not displayed.
Group Name The name of the filter group that the filter rule is associated with. This field is stored as blanks if the filter rule is not associated with a filter group. The format is an alphanumeric string of up to 48 characters.
ICMP Code The Internet Control Message Protocol (ICMP) code that qualifies the ICMP Type Code attribute. This field is stored as blanks if the filter applies to all ICMP codes. This field is defined as an integer of up to 2 characters. 0 is a defined ICMP code. The value in this field is not meaningful unless a non-blank value appears in the ICMP Type Code field.
ICMP Type Code The Internet Control Message Protocol (ICMP) code that identifies the ICMP traffic to be filtered. This field is stored as blanks if the filter applies to all ICMP types. This field is defined as an integer of up to 2 characters. 0 is a defined ICMP Type Code.
IP Address Version The version of the IP addresses being used for the traffic descriptor and the security endpoints. This value is stored as an integer and displayed as a string. Valid values are:
Last Page The value in this column saves the page number of the last page of filters. It is used in queries to determine whether more pages of filters are available to retrieve. This value is stored as a 4-character string, with 0000 representing the first page.
Local Start Action Name The name specified for an IpLocalStartAction statement that is referenced by this filter. The IpLocalStartAction statement specifies how to determine the local IP, remote IP, local port, remote port, and protocol specification for the local activation of a dynamic virtual private network (VPN). This field is stored as blanks if no local start action name is associated with this filter. This field is stored as a 48-character string.
Log Indicator Indicates which packets to log. This value is stored as an integer and displayed as a string. Valid values are:
Lower Destination Address The lower address in a range of IP addresses being filtered. If the filter is for a range of destination IP addresses, this is the lower address in the range. Otherwise, this field is stored as blanks. The format is a string of up to 45 characters.
Note: For comparison, leading zeros are added for unspecified digits in IPv4 and IPv6 addresses when they are stored.
Lower Destination Port If the filter is for a range of destination IP port addresses, this is the low value for the range. This field is stored as blanks if the filter is not for a range of IP port addresses and applies to all ports. This value is represented as a 5-character string.
Lower Source Port If the filter is for a range of IP ports, this is the low value for the range. This field is stored as blanks if the filter is not for a range of IP port addresses and applies to all ports. This value is represented as a 5-character string.
NAPT Indicator Indicates whether a network address port translation (NAPT) has been detected in front of the IPSec peer. This field is significant for filters with a type of dynamic. If the filter is not dynamic, this field is stored as blanks. This value is stored as an integer and displayed as a string. Valid values are:
NAT Indicator Indicates whether network address translation (NAT) has been detected in front of the IPSEC peer. This field is significant for filters with a type of dynamic. If the filter is not dynamic, this field is stored as blanks. This value is stored as an integer and displayed as a string. Valid values are:
NAT Traversal Gateway Indicates that the peer is acting as an IPSec gateway and the tunnel uses UDP encapsulation. This field is significant for dynamic filters. If the filter is not dynamic, this field is stored as blanks. This value is stored as an integer and displayed as a string. Valid values are:
NATT Client ID If the peer is behind a NAT and a gateway and the peer supplied a client ID, indicates the NAT traversal gateway (NATT) client ID. This field contains an IPv4 dotted decimal address if the NATT Client ID Type is IPv4_ADDR. This field contains an IPv4 dotted decimal address if the NATT Client ID Type is IPv4_ADDR_RANGE. The address in the field is the lower address for the range. This field will have an MD5 hash of the client ID if the NATT Client ID Type is OTHER. If the NATT Client ID Type is 0, this field is stored as blanks. The format is a string of up to 32 characters.
NATT Client ID Type If the peer is behind a NAT and a gateway and the peer supplied a client ID, indicates what type of client ID was supplied. Otherwise, this field is stored as blanks. This value is stored as an integer and displayed as a string. Valid values are:
NATT Peer UDP Port If this is a dynamic filter for UDP-encapsulated NAT Traversal (NATT) traffic, this is the UDP port for the IKE peer. Otherwise, this field is stored as blanks. This field is represented as a character string of up to 5 characters.
NRF Original Port If this is a NAT Traversal Resolution Filter (NRF), this field contains the original remote port for the TCP or UDP traffic. Otherwise this field is stored as blanks. This field is represented as a character string of up to 5 characters.
On Demand Indicator Indicates whether on-demand activations are allowed for the traffic described for this filter. On demand activations are activations of tunnels initiated automatically when traffic requiring the use of the tunnel is sent. This field is meaningful if the filter type is one of the following:
This value is stored as an integer and displayed as a string. The field contains a zero (0) when the filter type is not one of these. Valid values are:
Origin Node The unique identifier for the TCP/IP stack being displayed. The format is an alphanumeric string no longer than 32 characters. This field is not displayed.
OSPF Type Identifies Open Shortest Path First (OSPF) protocol traffic to be filtered. This field is stored as blanks if the filter applies to all OSPF traffic. The format is an integer.
Packets Denied by Mismatch The number of packets denied due to a mismatch with this filter's action during the most recent collection interval. The format is an integer.
Packets Matched The total number of packets that matched this filter's condition and action during the most recent collection interval. The format is an integer.
Page The value in this column is used to group the filters into logical pages. Each page contains 500 filters. Links are implemented so that you can request all the filters on a particular page. This value is stored as a 4-character string, with 0000 representing the first page.
Percent Total Packets Denied by Mismatch The percentage of total packets denied due to an action mismatch by this filter compared to the total packets denied due to an action mismatch by all filters on the TCP/IP stack since the stack was started. The format is a number between 0 and 100 inclusive.
Percent Total Packets Matched The percentage of total packets matched by this filter compared to the total packets matched by all filters on the TCP/IP stack since the stack was started. The format is a number between 0 and 100 inclusive.
Protocol Granularity Indicates the origin of the protocol used for on-demand activations of tunnels associated with a dynamic anchor filter. This value is stored as an integer and displayed as a string. Valid values are:
Protocol Number IP protocol number to match in the IPv4 or IPv6 header of packets. If the filter applies to all IP protocols, this field is stored as blanks. This value is expressed as a string of up to 3 characters. 0 is a valid IP protocol number.
Rule ID This column concatenates the Filter Rule Definition Name, Rule Tag and Tunnel ID into a single string that can be used to uniquely identify filter rules. The Rule ID is used to identify rules on graph views so that the values displayed on the graphs can be correlated with the rows in the table view. The three components of the Rule ID are separated by a colon (:) character. If the rule is not associated with a Tunnel ID, that component of the ID is omitted. This column is represented as a character string of 106 characters. This field is not displayed.
Rule Tag The filter rule definition name extension. The extension is assigned by the stack to identify related rules derived from the same definition. The column is stored as an 8-character string. This field is not displayed.
Scope The type of traffic that this filter applies to. This value is stored as an integer and displayed as a string. Valid values are:
Security Class The IP filter security class. This filter is applied to all packets traversing the IP interfaces, and these interfaces are associated with security classes. This value is expressed as an integer between 0 and 255 inclusive. A value of zero (0) means that all security classes are filtered. If a non-zero value is specified for the security class, then the filter applies to data traversing all interfaces associated with the specified security class.
Sequence Number The value in this column is used to ensure that filters are displayed in the order that the network management interface (NMI) returns them. This value is represented as an integer.
Source Address Source IP address or addresses that the filter applies to. Filters apply to either IPv4 addresses or IPv6 address, but not both. If the filter applies to all destination IP addresses, the field will be displayed as blank and a value of "0" is stored in the table. If the filter is for a range of source IP addresses, this field displays the lower address in the range. The format is a UTF-8 encoded character string of up to 45 characters.
Note: For comparison, leading zeros are added for unspecified digits in IPv4 and IPv6 addresses when they are stored.
Source Address Granularity Indicates the origin of the source address used for on-demand activations of tunnels associated with a dynamic anchor filter. This value is stored as an integer and displayed as a string. Valid values are:
Source Port Granularity Indicates the origin of the source port used for on-demand activations of tunnels associated with a dynamic anchor filter. This value is stored as an integer and displayed as a string. Valid values are:
State Current filter state. This value is stored as an integer and displayed as a string. Valid values are:
SWSA Shadow Indicator Indicates whether the filter originated from a distributing stack (SHADOW) or the local stack (NOT_SHADOW). This value is only meaningful for dynamic filters. If the filter type is not dynamic, the value is set to 0 and a blank is displayed. This value is stored as an integer and displayed as a string. Valid values are:
A value of SHADOW indicates that the filter originated from a distributing stack. This indicator is significant if filter type is dynamic. If the filter type is not dynamic, a value of zero (0) is stored and blanks are displayed in the field.
Sysplex Name The name of the sysplex that the monitored system is part of. This field is not displayed.
System ID The SMF system ID. The format is an alphanumeric string no longer than 4 characters. This field is not displayed.
TCP Connect Indicates what types of TCP connect attempts are to be filtered. TCP connect attempts (SYN packets) in the direction opposite that specified in this field do not match this filter. This field is meaningful for generic or anchor filters only. It is zero (0) when the filter is not one of these types. This value is stored as an integer and displayed as a string. Valid values are:
TCPIP STC Name The name of the TCP/IP job. The format is an alphanumeric string no longer than 8 characters. This field is not displayed.
Total Packets Denied by Mismatch The total number of packets denied due to a mismatch with this filter's action since the start of the TCP/IP stack. The value in this column can be added to the product of 1,073,741,824 and the value in the Total Packets Denied by Mismatch (in G) column to calculate the cumulative number of packets denied by mismatch. The format is an integer.
Total Packets Denied by Mismatch (in G) The total number of packets denied due to a mismatch with this filter's action since the start of the TCP/IP stack, divided by 1,073,741,824. The value in this column can be multiplied by 1,073,741,824 and added to the value in the Total Packets Denied By Mismatch column to calculate the cumulative number of packets denied by mismatch. The format is an integer.
Total Packets Matched The total number of packets that matched this filter's condition and action since the start of the TCP/IP stack. The value in this column can be added to the product of 1,073,741,824 and the value in the Total Packets Matched (in G) column to calculate the cumulative number of packets matched. The format is an integer.
Total Packets Matched (in G) The total number of packets that matched this filter's condition and action since the start of the TCP/IP stack, divided by 1,073,741,824. The value in this column can be multiplied by 1,073,741,824 and added to the value in the Total Packets Matched column to calculate the cumulative number of packets matched. The format is an integer.
Tunnel ID Identifier for the associated tunnel. The tunnel ID is generated by the stack. It is not unique. Several related tunnels may have the same tunnel ID. The related tunnels are different instances of the same security association. Usually the related instances exist due to the expiration and refresh of tunnels.This field will be blank if filter is not associated with a tunnel. The ID is a character string of up to 48 characters.
Type Indicates the filter type. This value is stored as an integer and displayed as a string. Valid values are:
Update Time The time when the filter was updated, based on how the filter was created.
This time is displayed in the following format:
mm/dd/yy hh:mm:ss
Where:
The stored format is a string no longer than 16 characters in the format CYYMMDDHHMMSSmmm (as in 1020315064501000 for 03/15/02 06:45:01) where:
Upper Destination Address If the filter is for a range of destination IP addresses, this is the high value for the range. If the filter does not apply to a range of destination IP addresses, the field is displayed as blank and a value of zero "0" is stored in the table. The format is a UTF-8 encoded character string of up to 45 characters.
Upper Destination Port If the filter is for a range of destination IP port addresses, this is the high value for the range. This field is stored as blanks if the filter is not for a range of IP port addresses and applies to all ports. This value is represented as a 5-character string.
Upper NATT Client ID If the peer is behind a NAT and a gateway and the peer supplied a client ID, indicates the upper address range of the NAT traversal gateway (NATT) client ID. This field contains an IPv4 dotted decimal address if the NATT Client ID Type is IPv4_ADDR_RANGE. If the NATT Client ID Type is 0, 1, or 4, this field is stored as blanks. This field is a character string of up to 15 characters.
Upper Source Address If the filter is for a range of source IP addresses, this is the high value for the range. If the filter does not apply to a range of destination IP addresses, the field is displayed as blank and a value of zero "0" is stored in the table. The format is a UTF-8 encoded character string of up to 45 characters.
Upper Source Port If the filter is for a range of source IP port addresses, this is the high value for the range. This field is stored as blanks if filter is not for a range of IP port addresses and applies to all ports. This value is represented as a 5-character string.
VPN Action Name The name specified on a virtual private network (VPN) action definition statement. The VPN action describes how to protect the traffic that flows on the tunnel. It specifies attributes of the tunnel, such as what type of encryption to use. The name is a character string of up to 48 characters.