The if-match ipv6 tcp syn-flag command configures a matching rule for multi-field (MF) classification based on the value of SYN flag in the IPv6 TCP packet header.
The undo if-match ipv6 tcp syn-flag command deletes a matching rule for MF classification based on the value of SYN flag in the IPv6 TCP packet header.
No matching rules are configured for MF classification based on the value of SYN Flag in the IPv6 TCP packet header.
The if-match tcp syn-flag command configures a matching rule for complex traffic classification based on the SYN Flag value in the TCP packet header.
The undo if-match tcp syn-flag command cancels the configuration.
By default, the matching rule for complex traffic classification based on the SYN Flag value in the TCP packet header is not configured in traffic classifier view.
if-match tcp syn-flag { { tcpflag-value [ mask tcpflag-mask ] } | { bit-match { established | fin | syn | rst | psh | ack | urg | ece | cwr | ns } } }
if-match ipv6 tcp syn-flag { { tcpflag-value-ipv6 [ mask tcpflag-mask-ipv6 ] } | { bit-match { established | fin | syn | rst | psh | ack | urg } } }
undo if-match tcp syn-flag { { tcpflag-value [ mask tcpflag-mask ] } | { bit-match { ack | cwr | ece | established | fin | ns | psh | rst | syn | urg } } }
undo if-match ipv6 tcp syn-flag { { tcpflag-value-ipv6 [ mask tcpflag-mask-ipv6 ] } | { bit-match { established | fin | syn | rst | psh | ack | urg } } }
| Parameter | Description | Value |
|---|---|---|
| tcpflag-value |
Specifies the value of SYN Flag in the TCP packet header. |
The value is an integer ranging from 0 to 511. |
| mask tcpflag-mask-ipv6 |
Specifies the mask corresponding to the SYN flag value in the IPv6 TCP packet headers. |
The value is an integer ranging from 0 to 63. |
| mask tcpflag-mask |
Specifies the mask corresponding to the SYN flag value in the TCP packet headers. |
The value is an integer ranging from 0 to 511. |
| bit-match |
Matches SYN Flag against the rule on a per-bit basis. |
- |
| established |
Matches TCP packets in the Established state. |
- |
| fin |
Matches TCP packets based on the FIN flag. |
- |
| syn |
Matches TCP packets based on the SYN flag. |
- |
| rst |
Matches TCP packets based on the RST flag. |
- |
| psh |
Matches TCP packets based on the PSH flag. |
- |
| ack |
Matches TCP packets based on the ACK flag. |
- |
| urg |
Matches TCP packets based on the URG flag. |
- |
| ece |
Matches TCP packets based on the ECE flag. |
- |
| cwr |
Matches TCP packets based on the CWR flag. |
- |
| ns |
Matches TCP packets based on the NS flag. |
- |
| tcpflag-value-ipv6 |
Specifies the SYN flag value in the IPv6 TCP packet headers. |
The value is an integer ranging from 0 to 63. |
Usage Scenario
If a traffic policy needs to be configured for IPv6 TCP packets carrying a specified SYN flag value, run the if-match ipv6 tcp syn-flag command in the traffic classifier view to configure a matching rule for MF classification based on the value of SYN flag in the IPv6 TCP packet header, and then configure the corresponding traffic behavior and traffic policy and apply the traffic policy to an interface.
To configure a certain traffic policy for the traffic with a certain SYN Flag value, you can run this command in the traffic classifier view to configure a matching rule for complex traffic classification based on the SYN Flag value. Then, you need to configure the corresponding traffic behavior and traffic policy, and apply the policy to interfaces.Prerequisites
A traffic classifier has been configured in the system view and the traffic classifier view is displayed.
Configuration Impact
The action defined in the traffic behavior will be implemented for IPv6 TCP packets matching the SYN flag value-based ACL rule.
The traffic action in the traffic behavior bound to the traffic classifier is performed for the packets matching the specified SYN Flag value.Follow-up Procedure
Configure a traffic behavior and traffic policy, and associate the traffic classifier with the traffic behavior in the traffic policy. Apply the traffic policy to an interface.
Precautions
You can configure a maximum of 16 such rules for a traffic classifier. To be specific, one traffic classifier can match a maximum of 16 SYN flag value-based matching rules. A later setting does not override an earlier setting.
After this command is configured, the SYN flag values are sorted out based on the configuration sequence. An SYN flag value-based matching rule can be deleted only when all the parameters specified in the delete command are the same as those in the rule. The deletion sequence can be different from the configuration sequence.<HUAWEI> system-view [~HUAWEI] traffic classifier class1 [*HUAWEI-classifier-class1] if-match ipv6 tcp syn-flag 1
<HUAWEI> system-view [~HUAWEI] traffic classifier class1 [*HUAWEI-classifier-class1] if-match tcp syn-flag 1