I noticed that the ipsec -F add commands were appearing to work correctly, retcode 0 and the files in /var/dm/filters updated appropriately, but oddly no packet filtering took place. An ipsec -F display command showed no filters in the stack and defensive mode inactive. Specifying the stack name on the ipsec command makes no difference to either the add or the display results.
This only occurrs on FILESYSTYPE(INET) stacks on our zOS 1.12 systems, zOS 1.11 INET or CINET stacks sharing the same dmd.conf file with the 1.12 systems work just fine. A 1.12 FILESYSTYPE(CINET) stack worked just fine in my systems sandbox sysplex until I changed it to FILESYSTYPE(INET). A trace reveals that DMD is not resolving the non-CINET stack name but no other errors (and frustratingly enough I can't seem to get details on the cause of the rc 121 from the trace...) DMStackConfig identifies the stack, mode active - according to DMD. The trace shows this getting parsed and dispatched just fine. The DMD log indicates everything is initializing correctly with the TCPIP stack. An analysis of the TCPIP ipsec info from a dump of the TCPIP address space makes it look like the filters simply aren't there. I've looked over my TCPIP and resolver setups but I can't find anything different from one system to the next that should cause issue like this, and in fact we define the stack name all over the place even though we are using what would be the default anyway. Anybody happen to know where DMD gets the stack name from, or how to display what search order it's using, or have a technique for tracing the ipsec command? Thomas Ambros Operating Systems and Connectivity Engineering 518-436-6433 This communication may contain privileged and/or confidential information. It is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of this information. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose such information for any purpose other than to provide the services for which you are receiving the information. 127 Public Square, Cleveland, OH 44114 If you prefer not to receive future e-mail offers for products or services from Key send an e-mail to mailto:dnereque...@key.com with 'No Promotional E-mails' in the SUBJECT line. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
