Work with Socket Conditions panel

WARNING: Misuse of Socket Rules can render your system unreachable via TCP. Exercise extreme caution when using this feature. Consider adding Socket Rules as not active and testing them using the Socket Rule test feature, and setting them to be not used by that feature and testing the rule set before removing them. If you render your system unreachable via TCP, you will need to access the system via the console in order to fix the rules (or to deactivate the Socket Rule servers).

How to Get There

On the Work with Socket Rules panel, choose option 1, 2, or 3. Enter 8 for a Socket Rule.

What it Does

The Work with Socket Conditions panel allows you to view or change Socket Conditions.

Field Descriptions

System

System indicates the target of any operations you perform. When you add rules, for example, those rules will be sent to, and will affect processing on, the System named.

Server

A Server in Exit Point Manager is a controlled entry point into your system. These entry points are determined and defined by IBM. Exit Point Manager has assigned easy-to-remember names to these controlled entry points.

Function

A Function, or Server Function, in Exit Point Manager represents a class of operations that a given Server may perform. For example, the *SIGNON Server classifies its operations as those pertaining to changing passwords, generating authentication tokens, and retrieving signon information. Exit Point Manager has assigned easy-to-remember names to these Functions, such as CHGPWD, GENAUTTKN and RETRIEVE.

Rule

The Socket Rule to which this Socket Condition belongs.

A Socket Rule without a Socket Condition, or with an invalid Socket Condition, will not be enforced.

Position to Sequence

Used to position the list.

Seq

The sequence number of a Socket Condition determines the order in which it is combined with other Socket Conditions for a Socket Rule.

Connector

The connector determines how a Socket Condition relates to other Socket Conditions for a Socket Rule.

Socket Conditions with a higher order of precedence are evaluated before ones with a lower order of precedence.

The connector for the Socket Condition with the lowest sequence number is ignored.

EXAMPLE:
Given three Socket Conditions:

Seq = 10  Connector = <ignored>  evaluates to False
Seq = 20  Connector = AND        evaluates to True
Seq = 30  Connector = OR         evaluates to True

This will return True as it is equivalent to:
(False AND True) OR True
If the OR were evaluated first then it would return False as it would be equivalent to:
False AND (True OR True)

The valid values are:

OR This Socket Condition is OR'ed with others. An OR has the lowest order of precedence (evaluated last).

AND This Socket Condition is AND'ed with others. An AND has a higher order of precedence than an OR, but lower than an ORAND.

ORAND This Socket Condition is OR'ed with others. An ORAND has the highest order of precedence (evaluated first).

Field

This is the name of the field to be evaluated at run time.

The valid values are dependent on the Socket Rule.

Valid values for the QSOLISTEN server are:

LCL_PORT The local port number; an integer between 1 and 65535.

LCL_USR The user profile associated with the job issuing the listen.

LCL_USR_GRP A User Group containing the user profile associated with the job issuing the listen.

Valid values for the QSOCONNECT server are:

LCL_PORT The local port number; an integer between 1 and 65535.

RMT_PORT The remote port number; an integer between 1 and 65535.

RMT_ADDR The remote address. Valid formats are IPv4, IPv6, and Powertech Exit Point Manager ip address groups.

LCL_USR The user profile associated with the job issuing the connect.

LCL_USR_GRP A User Group containing the user profile associated with the job issuing the connect.

Valid values for the QSOACCEPT server are:

LCL_IN_PORT The local incoming port number; an integer between 1 and 65535.

LCL_BND_PORT The local bound port number; an integer between 1 and 65535.

RMT_PORT The remote port number; an integer between 1 and 65535.

RMT_ADDR The remote address. Valid formats are IPv4, IPv6, and Powertech Exit Point Manager ip address groups.

LCL_USR The user profile associated with the job issuing the accept.

LCL_USR_GRP A User Group containing the user profile associated with the job issuing the accept.

Operator

The test used for the value of the field and the criteria to evaluate this Socket Condition.

= The value of the field is equal to the criteria, or, if the criteria can be a list, the value of the field is found in that list.

<> The value of the field is not equal to the criteria, or, if the criteria can be a list, the value of the field is not found in that list.

> The value of the field is greater than the criteria.

< The value of the field is less than the criteria.

>= The value of the field is greater than or equal to the criteria.

<= The value of the field is less than or equal to the criteria.

ALWAYS

This will cause the condition to always match. It is used on the Socket Condition of the default Socket Rule, and may be used on non-default Socket Rules.

If present, it must be the only Socket Condition for a Socket Rule.

Criteria

This is the value against which the value of the selected field will be compared at run time.

The valid values are dependent on the selected Field.

Opt

Enter a valid option from the list of options provided on the list panel.

2=Change

Choose 2 to open the Change Socket Rule Condition panel, where you can change a socket rule condition.

3=Copy

Choose 3 to open the Copy Socket Rule Condition panel, where you can change a socket rule condition.

4=Delete

Choose 4 to delete the Socket Rule Condition.

5=Display

Choose 5 to display the Socket Rule Condition.

Command Keys

F3 (Exit): Exit the panel without processing any pending changes.

F5 (Refresh): Refreshes the panel with the most current data.

F6 (Create condition): Creates a new item. See

F12 (Cancel): Discards changes and returns to the prior panel.