Processing the cte records for SYSTCPER

The zERT information server (SYSTCPER) presents information about the cryptographic protection state of TCP and Enterprise Extender connections throughout the life of each connection. Type 119 SMF zERT connection detail records (subtype 11) are stored in the data buffer to reflect this activity. Each record in the data buffer is a complete SMF type 119 subtype 11 SMF record.

Additionally, if requested, the server fills one or more buffers with the list of currently active connections. This list is provided as type 119 zERT connection detail records (subtype 11) with event type set to Connection Initiation, so that entries in the list are indistinguishable from newly established connections (except that the connection establishment timestamp value is earlier than the time the NMI client program connected to the SYSTCPER service). The cryptographic protection attributes reported in these records reflects the current protection state. This set of records is sent only once per new AF_UNIX connection to the SYSTCPER service, after the initialization.

For the zERT information server, the ctefmtid for the CTE is always equal to the subtype of the SMF record (11) following the CTE in the data buffer.

Applications can use this interface to dynamically monitor the cryptographic protection attribues for all active TCP and Enterprise Extender connections.

As a result of timing issues, an application may encounter one or more of these situations:

  • It is possible that an application will receive two initiation records for a given connection. This can occur if the connection is established around the time the client connects, its initiation record will be sent, as well as a record identifying it as a preexisting established connection.
  • It is possible that an application will receive a change or termination record for a connection for which it has not received an initiation record.
  • It is possible that an application will receive a change record for a connection, where the change record reports the same cryptographic protection attributes that were described in the initiation record for the connection.
Client applications should be prepared to handle these possibilities.

SMF recording for zERT connection detail records does not need to be active for this service to function. Moreover, activating this service does not cause zERT connection detail SMF records to be recorded to the z/OS® System Management Facility.

C structures for mapping the SMF type 119 records can be found in ezasmf.h. Assembler mappings for the structures can be found in EZASMF77 in SYS1.MACLIB.