slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays statistics about dropped IP packets that contain the source route option on all cards.

Examples

# Display statistics about dropped IP packets that contain the source route option.

<Sysname> display ip option source-route statistics

Source route IP packets dropped: 4

Table 2 Command output

Field	Description
Source route IP packets dropped	Number of dropped IP packets that contain the source route option.

‌

Related commands

reset ip option source-route statistics

display ip statistics

Use display ip statistics to display IP packet statistics.

Syntax

display ip statistics [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays IP packet statistics on all cards.

Usage guidelines

IP statistics include information about received and sent packets, fragments, and reassembly.

Examples

# Display IP packet statistics.

<Sysname> display ip statistics

Input: sum 7120 local 112

bad protocol 0 bad format 0

bad checksum 0 bad options 0

Output: forwarding 0 local 27

dropped 0 no route 2

compress fails 0

Fragment:input 0 output 0

dropped 0

fragmented 0 couldn't fragment 0

Reassembling:sum 0 timeouts 0

Table 3 Command output

Field	Description
Input	Statistics about received packets: · sum—Total number of packets received. · local—Total number of packets destined for the device. · bad protocol—Total number of unknown protocol packets. · bad format—Total number of packets with incorrect format. · bad checksum—Total number of packets with incorrect checksum. · bad options—Total number of packets with incorrect option.
Output	Statistics about sent packets: · forwarding—Total number of packets forwarded. · local—Total number of packets locally sent. · dropped—Total number of packets discarded. · no route—Total number of packets for which no route is available. · compress fails—Total number of packets failed to be compressed.
Fragment	Statistics about fragments: · input—Total number of fragments received. · output—Total number of fragments sent. · dropped—Total number of fragments dropped. · fragmented—Total number of packets successfully fragmented. · couldn't fragment—Total number of packets failed to be fragmented.
Reassembling	Statistics about reassembly: · sum—Total number of packets reassembled. · timeouts—Total number of reassembly timeouts.

‌

Related commands

display ip interface

reset ip statistics

display packet-follow configuration

Use display packet-follow configuration to display configuration of the packet following feature.

Syntax

display packet-follow configuration [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays configuration of the packet following feature on the active MPU.

Examples

# Display configuration of the packet following feature for slot 1.

<Sysname> display packet-follow configuration slot 1

Follow configuration on Slot 1

Send Match Rule:

Rule count:2

ID Rule

1 (ipv4:4,1234,ffff ipv4:8,5678,ffff)

2 (app:1,22,33)

Receive Match Rule:

Rule count:2

ID Rule

1 (ipv4:4,1234,ffff ipv4:8,5678,ffff)

2 (app:1,22,33)

Match If:

If count:2

Gigabitethernet 2/0/1

Gigabitethernet 2/0/2

Statistics:

packet-follow counting 50

max count: 50 current-count: 48

Debug:

Packet-follow debugging switch is on for slot 0 (max-packet-number:10)

max count: 10 current-count: 8

Care:

Phase ID

TCP 1

Table 4 Command output

Field	Description
Follow configuration on Slot x	Configuration information on slot x.
Match Rule	Information about the configured packet following rules.
Rule count	Number of the configured rules.
ID	ID of the issued packet following rule.
Rule	Detailed information about the issued packet following rule.
Match If	Information about the configured in coming interfaces.
If count	Number of the configured incoming interfaces.
Statistics	Configuration information about the packet following statistics collection functionality.
max count	Maximum number of packets that the packet following feature can follow.
current-count	Number of packets that the packet following feature is following.
Debug	Whether debugging is enabled for the packet following feature.
max count	Maximum number of debugging information entries that can be generated.
current-count	Number of packet debugging information entries that have been generated.
Care	Information about the packet processing nodes that the packet following feature is focusing on.
Phase	Phase to which the packet processing node belongs.
ID	Tag that uniquely identifies the packet processing node within the phase.

‌

Related commands

display packet-follow statistics

packet-follow receive interface

packet-follow receive match-rule

packet-follow receive match-rule acl

packet-follow send match-rule

packet-follow send match-rule acl

reset packet-follow statistics

display packet-follow statistics

Use display packet-follow statistics to display the statistics collected by the packet following feature.

Syntax

display packet-follow statistics [ receive | send ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

send: Specifies the statistics about outgoing packets.

receive: Specifies the statistics about incoming packets.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the statistics collected by the packet following feature on the active MPU.

Usage guidelines

Application scenarios

When packet loss exists, you can use this command to view the following information for troubleshooting purposes:

· Match statistics collected for each packet following rule.

· Match statistics collected for each node along the packet processing path.

Operating mechanism

If the packet following feature is enabled to focus on certain packet processing nodes, this command only displays the statistics collected for those packet processing nodes.

The packet following feature collects statistics only when this feature is enabled and packets successfully match the configured packet following rules. If no packet following rules are configured or no packets successfully match the configured packet following rules, this feature does not collect any statistics.

Examples

# Display the statistics collected by the packet following feature for slot 1.

<Sysname> display packet-follow statistics send slot 1

Packet Follow Statistics on Slot 1:

Send:

Rule Match Times Statistics:

ID Rule Matched Succeeded Match Failed

1 (ipv4:4,1234,ffff ipv4:8,5678,ffff 2 1000

app: 1,1,3)

2 (app:1,2,3) 0 1000

Packet Follow Statistics:

SrcSlot Phase Tag Description Statistics

0 eth 1 l2 output 100

Table 5 Command output

Field	Description
Packet Follow Statistics on Slot x	Statistics collected by the packet following feature on slot x.
Receive	Statistics about incoming packets.
Send	Statistics about outgoing packets.
Rule Match Times Statistics	Match statistics collected for packet following rules.
ID	ID of the packet following rule.
Rule	Detailed information about the packet following rule.
Matched Succeeded	Number of successful matches.
Match Failed	Number of failed matches.
Packet Follow Statistics	S tatistics collected for packet processing nodes based on the packet following rules.
SrcSlot	Source slot.
Phase	Packet processing phase.
Tag	Tag that uniquely identifies the packet processing node within the module.
Description	Description of the packet processing node.
Statistics	Match statistics collected for the packet processing node.

‌

Related commands

reset packet-follow statistics

display rawip

Use display rawip to display brief information about RawIP connections.

Syntax

display rawip [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays brief information about RawIP connections on all cards.

Usage guidelines

Brief RawIP connection information includes local and peer addresses, protocol, and PCB.

Examples

# Display brief information about RawIP connections.

<Sysname> display rawip

Local Addr Foreign Addr Protocol Slot Cpu PCB

0.0.0.0 0.0.0.0 1 1 0 0x0000000000000009

0.0.0.0 0.0.0.0 1 1 0 0x0000000000000008

0.0.0.0 0.0.0.0 1 5 0 0x0000000000000002

Table 6 Command output

Field	Description
Local Addr	Local IP address.
Foreign Addr	Peer IP address.
Protocol	Protocol number.
PCB	Protocol control block.

‌

display rawip verbose

Use display rawip verbose to display detailed information about RawIP connections.

Syntax

display rawip verbose [ slot slot-number [ pcb pcb-index ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pcb pcb-index: Displays detailed RawIP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB. The index value range is 1 to 16.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays detailed information about RawIP connections on all cards.

Usage guidelines

The detailed information includes socket creator, state, option, type, protocol number, and the source and destination IP addresses of RawIP connections.

Examples

# Display detailed information about RawIP connections.

<Sysname> display rawip verbose

Total RawIP socket number: 1

Connection info: src = 0.0.0.0, dst = 0.0.0.0

Location: slot 0 cpu 0

Creator: ping[320]

State: N/A

Options: N/A

Error: 0

Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 9216 / 1 / 0 / N/A

Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A

Type: 3

Protocol: 1

Inpcb flags: N/A

Inpcb extflag: INP_EXTRCVICMPERR INP_EXTFILTER

Inpcb vflag: INP_IPV4

TTL: 255(minimum TTL: 0)

Send VRF: 0xffff

Receive VRF: 0xffff

Table 7 Command output

Field	Description
Total RawIP socket number	Total number of RawIP sockets.
Connection info	Source IP address and destination IP address.
Location	Socket location.
Creator	Name of the operation that created the socket. The number in brackets is the process number of the creator.
State	Socket state: · NOFDREF—The user has closed the connection. · ISCONNECTED—The connection has been established. · ISCONNECTING—The connection is being established. · ISDISCONNECTING—The connection is being interrupted. · ASYNC—Asynchronous mode. · ISDISCONNECTED—The connection has been terminated. · PROTOREF—Indicates strong protocol reference. · N/A—None of above state.
Options	Socket options. · SO_DEBUG—Records socket debugging information. · SO_ACCEPTCONN—Enables the server to listen connection requests. · SO_REUSEADDR—Allows the local address reuse. · SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. · SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. · SO_BROADCAST—Supports broadcast packets. · SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer. · SO_OOBINLINE—Stores the out-of-band data in the input queue. · SO_REUSEPORT—Allows the local port reuse. · SO_TIMESTAMP—Records the timestamps of the incoming packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated. · SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs. · SO_FILTER—Supports setting the packet filter criterion. This option takes effect on the incoming packets. · SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. · N/A—No options are set.
Error	Error code.
Receiving buffer (cc/hiwat/lowat/drop/state)	Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · drop—Number of dropped packets. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Sending buffer (cc/hiwat/lowat/state)	Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Type	Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types.
Protocol	Number of the protocol using the socket.
Inpcb flags	Flags in the Internet PCB: · INP_RECVOPTS—Receives IP options. · INP_RECVRETOPTS—Receives replied IP options. · INP_RECVDSTADDR—Receives destination IP address. · INP_HDRINCL—Provides the entire IP header. · INP_REUSEADDR—Reuses the IP address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_RECVIF—Records the input interface of the packet. · INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag. · INP_DONTFRAG—Sets the Don't Fragment flag. · INP_ROUTER_ALERT—Receives packets with the router alert option. Only RawIP supports this flag. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_SNDBYLSPV—Sends through MPLS. · INP_RECVTOS—Receives TOS of the packet. Only UDP and RawIP support this flag. · INP_USEICMPSRC—Uses the specified IP address as the source IP address for outgoing ICMP packets. · INP_SYNCPCB—Waits until Internet PCB is synchronized. · N/A—None of the above flags.
Inpcb extflag	Extension flags in the Internet PCB: · INP_EXTRCVPVCIDX—Records the PVC index of the received packet. · INP_RCVPWID—Records the PW ID of the received packet. · INP_EXTRCVICMPERR—Receives an ICMP error packet. · INP_EXTFILTER—Filters the contents in the received packet. · N/A—None of the above flags.
Inpcb vflag	IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags.
TTL	TTL value in the Internet PCB.
Send VRF	VRF from which the packets are sent.
Receive VRF	VRF from which the packets are received.

‌

display tcp

Use display tcp to display brief information about TCP connections.

Syntax

display tcp [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays brief information about TCP connections on all cards.

Usage guidelines

Brief TCP connection information includes local IP address, local port number, peer IP address, peer port number, and TCP connection state.

Examples

# Display brief information about TCP connections.

<Sysname> display tcp

*: TCP connection with authentication

Local Addr:port Foreign Addr:port State Slot Cpu PCB

*0.0.0.0:21 0.0.0.0:0 LISTEN 1 0 0x000000000000c387

192.168.20.200:23 192.168.20.14:1284 ESTABLISHED 1 0 0x0000000000000009

192.168.20.200:23 192.168.20.14:1283 ESTABLISHED 1 0 0x0000000000000002

Table 8 Command output

Field	Description
*	Indicates that the TCP connection uses authentication.
Local Addr:port	Local IP address and port number.
Foreign Addr:port	Peer IP address and port number.
State	TCP connection state: · CLOSED—The server receives a disconnection request's reply from the client. · LISTEN—The server is waiting for connection requests. · SYN_SENT—The client is waiting for the server to reply to the connection request. · SYN_RCVD—The server receives a connection request. · ESTABLISHED—The server and client have established connections and can transmit data bidirectionally. · CLOSE_WAIT—The server receives a disconnection request from the client. · FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request. · CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other. · LAST_ACK—The server is waiting for the client to reply to a disconnection request. · FIN_WAIT_2—The client receives a disconnection reply from the server. · TIME_WAIT—The client receives a disconnection request from the server.
PCB	PCB index.

‌

display tcp statistics

Use display tcp statistics to display TCP traffic statistics.

Syntax

display tcp statistics [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays TCP traffic statistics on all cards.

Usage guidelines

TCP traffic statistics include information about received and sent TCP packets and Syncache/syncookie.

Examples

# Display TCP traffic statistics.

<Sysname> display tcp statistics

Received packets:

Total: 4150

packets in sequence: 1366 (134675 bytes)

window probe packets: 0, window update packets: 0

checksum error: 0, offset error: 0, short error: 0

packets dropped for lack of memory: 0

packets dropped due to PAWS: 0

duplicate packets: 12 (36 bytes), partially duplicate packets: 0 (0 bytes)

out-of-order packets: 0 (0 bytes)

packets with data after window: 0 (0 bytes)

packets after close: 0

ACK packets: 3531 (795048 bytes)

duplicate ACK packets: 33, ACK packets for unsent data: 0

keepalive packets: 0, keepalive ack packets: 64

previous segment not captured packets: 0 (0 bytes)

spurious retransmission packets: 0 (0 bytes)

zero window packets: 0, window probe ack packets: 0

Sent packets:

Total: 4058

urgent packets: 0

control packets: 50

window probe packets: 3, window update packets: 11

data packets: 3862 (795012 bytes), data packets retransmitted: 0 (0 bytes)

ACK-only packets: 150 (52 delayed)

unnecessary packet retransmissions: 0 windowfull packets: 0

zero window packets: 0

Syncache/syncookie related statistics:

entries added to syncache: 12

syncache entries retransmitted: 0

duplicate SYN packets: 0

reply failures: 0

successfully build new socket: 12

bucket overflows: 0

zone failures: 0

syncache entries removed due to RST: 0

syncache entries removed due to timed out: 0

ACK checked by syncache or syncookie failures: 0

syncache entries aborted: 0

syncache entries removed due to bad ACK: 0

syncache entries removed due to ICMP unreachable: 0

SYN cookies sent: 0

SYN cookies received: 0

SACK related statistics:

SACK recoveries: 1

SACK retransmitted segments: 0 (0 bytes)

SACK blocks (options) received: 0

SACK blocks (options) sent: 0

SACK scoreboard overflows: 0

Other statistics:

retransmitted timeout: 0, connections dropped in retransmitted timeout: 0

persist timeout: 0

keepalive timeout: 21, keepalive probe: 0

keepalive timeout, so connections disconnected: 0

fin_wait_2 timeout, so connections disconnected: 0

initiated connections: 29, accepted connections: 12, established connections:

closed connections: 50051 (dropped: 0, initiated dropped: 0)

bad connection attempt: 0

ignored RSTs in the window: 0

listen queue overflows: 0

RTT updates: 3518(attempt segment: 3537)

correct ACK header predictions: 0

correct data packet header predictions: 568

resends due to MTU discovery: 0

packets dropped due to MD5 authentication failure: 0

packets that passed MD5 authentication: 0

sent Keychain-encrypted packets: 0

packets that passed Keychain authentication: 0

packets dropped due to Keychain authentication failure: 0

user send data to tcp(times/bytes): 0 / 0

user receive data from tcp(times/bytes): 0 / 0

Related commands

reset tcp statistics

display tcp verbose

Use display tcp verbose to display detailed information about TCP connections.

Syntax

display tcp verbose [ slot slot-number [ pcb pcb-index ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pcb pcb-index: Displays detailed TCP connection information for the specified PCB. The index value range is 1 to 16.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays detailed information about TCP connections on all cards.

Usage guidelines

The detailed TCP connection information includes socket creator, state, option, type, protocol number, source IP address and port number, destination IP address and port number, and connection state.

Examples

# Display detailed information about TCP connections.

<Sysname> display tcp verbose

TCP inpcb number: 1(tcpcb number: 1)

Connection info: src = 192.168.20.200:179 , dst = 192.168.20.14:4181

Location: slot 0 cpu 0

NSR standby: N/A

Creator: bgpd[199]

State: ISCONNECTED

Options: N/A

Error: 0

Receiving buffer(cc/hiwat/lowat/state): 0 / 65700 / 1 / N/A

Sending buffer(cc/hiwat/lowat/state): 0 / 65700 / 512 / N/A

Type: 1

SocketFd:74

Reference count:1

so_file:0xd939db40

so_inode:0x0

Protocol: 6

Inpcb flags: N/A

Inpcb extflag: N/A

Inpcb vflag: INP_IPV4

TTL: 255(minimum TTL: 0)

Connection state: ESTABLISHED

TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR

NSR state: READY(M)

Send VRF: 0x0

Receive VRF: 0x0

Error count in abnormal-packet-defend period: 0

Packet Statistics:

Checksum errors: 0

Duplicate packets: 0

Part-Duplicate packets: 0

Out-of-order packets: 0

Duplicate ACK packets: 0

Out-of-order ACK packets: 0

Packets with data out of window: 0

MD5 authentication errors: 0

Keychain authentication errors: 0

Timestamp errors: 0

Total receive/send packets: 99 / 99

Receive/send packets in sequence: 47 (927 bytes) / 52 (1022 bytes)

Receive/send keepalive packets: 0 / 0

Receive keepalive ack packets: 0

Receive previous segment not captured packets: 0 (0 bytes)

send retransmission packets: 0 (0 bytes)

Send fast retransmission packets: 0 (0 bytes)

Receive spurious retransmission packets: 0 (0 bytes)

Receive/send window update packets: 0 / 0

Receive/send zero window packets: 0 / 0

Receive/send window probe packets: 0 / 0

Receive window probe ack packets: 0

Send window full packets: 0

User send data to tcp(counts/bytes): 52 / 1022

User receive data from tcp(counts/bytes): 94 / 1786

Transmission status data:

Maximum Segment Size (MSS): 512

Window Scale (wscale): 0

Retransmission Timeout (rto): 3000000.0ms

Retransmission Count/Total: 0/0

Round-trip Time (rtt/rtvar): 0.0ms/12000000.0ms

Delayed Ack Timeout (ato): 100000.0ms

Congestion Window (cwnd): 1073725440

TCP Throughput: 0.00 Mbps

sendpps/sendkbps/recvpps/recvkbps/: 0/0.000/0/0.000

iss/unack/next/max/wnd: 0/0/0/0/0

irs/undeliver/next/adv/wnd: 0/0/0/0/0

Receiving window(scale/lastadvertise/max/min): 3 / 8301 / 66432 / 66432

Sending window(scale/lastadvertise/max/min): 3 / 8304 / 66432 / 66376

NSR Info:

Total Recv/Send Count(history Recv/history Send): 41/43(41/43)

EnableMsg Recv/Send Count(history Recv/history Send): 1/2(1/2)

DisableMsg Recv/Send Count(history Recv/history Send): 0/1(0/1)

SlotchangeMsg Recv/Send Count(history Recv/history Send): 0/1(0/1)

ReadyMsg Recv/Send Count(history Recv/history Send): 2/1(2/1)

PullMsg Recv/Send Count(history Recv/history Send): 2/1(2/1)

BriefdataMsg Recv/Send Count(history Recv/history Send): 1/2(1/2)

PktMsg Recv/Send Count(history Recv/history Send): 35/35(35/35)

CmdMsg Recv/Send Count(history Recv/history Send): 0/0(0/0)

Recent Recv/Send Seq: 41/43

Recent Recv/Send Time: 11:14:44:469624 May 23 2022/11:14:44:467624 May 23 2022

Option Value:

rcvsb_timeo/sndsb_timeo/pd_type/pd_len: 0/0/0/0

so_linger: 1

ka_idle/ka_intval/ka_count: 0/0/0

so_accept_filter_str: filter1

Md5 Password:123

Tcp Key Chain: key123

Out Interface/NextHop/Local Address: 0/0.0.0.0/0.0.0.0

Filter Offset/Length/Value/Mask: 0/0/00 00 00 00 00 00 00 00 /00 00 0 00 00 00 00 00

Ip Tos/McastTTL/McastLoop/ Mcast Interface Index: 192/0/0/0

Acl Index/MacIndex: 4294967295/4294967295

Mpls Flag/Label: 0/4294967295

Kernel Event ID: 0

Send Mac: 0000-0000-0000

Bier TTL/Entropy/TunnelID: 0/0/0

Ip Option Hdr: 0x01 02 03

Time info:

Tcp connect establish: 19:42:36:858 Apr 19 2023

Usr send/datalen: 20:19:51:794 Apr 19 2023 / 19

Tcp send/datalen: 20:19:51:794 Apr 19 2023 / 19

Usr recv/datalen: 20:20:01:851 Apr 19 2023 / 19

Tcp recv/datalen: 20:20:01:850 Apr 19 2023 / 19

Retrans(datalen): - / 0

Usr connect: -

Usr shutdown: -

Usr close: -

Usr first recv epollout: 19:42:36:859 Apr 19 2023

Last info usr read: 20:20:01:850 Apr 19 2023

Usr Last recv epollevent/event: 20:20:01:850 Apr 19 2023 / 325

TimerType StarTime StopTime TimeOut

DELAY_ACK - - 0

REXMT 20:19:51:794 Apr 19 2023 20:19:51:796 Apr 19 2023 230

PERSIST - - 0

KEEP 20:20:01:850 Apr 19 2023 - 7200000

2MSL - - 0

PMTU - - 0

NSR - - 0

TimeOut Count: retransmit 0, persist: 0, keepalive: 0

Table 9 Command output

Field	Description
TCP inpcb number	Number of TCP IP PCBs.
tcpcb number	Number of TCP PCBs. This field is not displayed if the state of the TCP connection is TIME_WAIT.
Connection info	Source IP address and port number, and destination IP address and port number.
Location	Socket location.
Creator	Name of the operation that created the socket. The number in brackets is the process number of the creator.
State	Socket state: · NOFDREF—The user has closed the connection. · ISCONNECTED—The connection has been established. · ISCONNECTING—The connection is being established. · ISDISCONNECTING—The connection is being interrupted. · ASYNC—Asynchronous mode. · ISDISCONNECTED—The connection has been terminated. · ISSMOOTHING—Cross-card data smoothing is in progress. · CANBIND—The socket supports the bind operation. · PROTOREF—Indicates strong protocol reference. · ISPCBSYNCING—Cross-card PCB synchronization is in progress. · N/A—None of above state.
Options	Socket options: · SO_DEBUG—Records socket debugging information. · SO_ACCEPTCONN—Enables the server to listen connection requests. · SO_REUSEADDR—Allows the local address reuse. · SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. · SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. · SO_BROADCAST—Supports broadcast packets. · SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer. · SO_OOBINLINE—Stores the out-of-band data in the input queue. · SO_REUSEPORT—Allows the local port reuse. · SO_TIMESTAMP—Records the timestamps of the incoming packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated. · SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs. · SO_KEEPALIVETIME—Sets a keepalive time. This option is supported in TCP. · SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. · SO_FILTER—Supports setting the packet filter criterion. This option takes effect on the incoming packets. · SO_SEQPACKET—Preserves the boundaries of packets sent to the socket buffer. · SO_USCBINDEX—Obtains the user profile index from the received packets. · SO_FILLTWAMPTIME—Sets the timestamp for TWAMP. · SO_LOCAL—Local socket option. · SO_DONTDELIVER—Do not deliver the data to the application. · SO_UCM—Sets the IPoE enabling status. · SO_RAWSLOT—Raw slot. · SO_LEASEDUSERID—Obtains a usable lease. · N/A—No options are set.
Error	Error code.
Receiving buffer (cc/hiwat/lowat/state)	Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Sending buffer (cc/hiwat/lowat/state)	Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Type	Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types.
SocketFd	Used socket information.
Reference count	Reference counter for the socket.
so_file	So_file pointer.
so_inode	So_inode pointer.
Protocol	Number of the protocol using the socket.
Inpcb flags	Flags in the Internet PCB: · INP_RECVOPTS—Receives IP options. · INP_RECVRETOPTS—Receives replied IP options. · INP_RECVDSTADDR—Receives destination IP address. · INP_HDRINCL—Provides the entire IP header. · INP_REUSEADDR—Reuses the IP address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_RECVIF—Records the input interface of the packet. · INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag. · INP_DONTFRAG—Sets the Don't Fragment flag. · INP_ROUTER_ALERT—Receives packets with the router alert option. Only RawIP supports this flag. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_SNDBYLSPV—Sends through MPLS. · INP_RECVTOS—Receives TOS of the packet. Only UDP and RawIP support this flag. · INP_SYNCPCB—Waits until Internet PCB is synchronized. · INP_LOCAL—Preferentially matches the INPCB with this flag on the same card. · N/A—None of the above flags.
Inpcb extflag	Extension flags in the Internet PCB: · INP_EXTRCVPVCIDX—Records the PVC index of the received packet. · INP_RCVPWID—Records the PW ID of the received packet. · INP_EXTDONTDROP—Do not drop the received packet. · INP_EXTRCVICMPERR—Receives an ICMP error packet. · INP_EXTFILTER—Filters the contents in the received packets. · INP_EXLISTEN—Adds the INPCB carrying this flag to the listen hash table. · INP_SELECTMATCHSRCBYFIB—Uses the FIB table to select a matching source. · INP_EXTPRIVATESOCKET—Associates the INPCB with the NSR private socket. · INP_EXTNOCACHEPKT—Do not cache packets. · INP_EXTRCVVLANDOT1P—Obtains the Dot1p value of the VLAN tag in the received packet. · INP_EXTSNDDATAIF—Sets the output interface of data. · INP_EXTFREEBIND—The socket is not bound to an address or port. · INP_EXTINNERPROXY—Receives packets forwarded by the proxy. · INP_EXLISTENNET—Sets this flag when the connection information is added to the network segment linked list. · INP_EXTWHITELISTEXCLUDE— The TCP connection is on the whitelist. · N/A—None of the above flags.
Inpcb vflag	IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags.
TTL	TTL value in the Internet PCB.
TCP options	TCP options: · TF_ACKNOW—Immediately replies an ACK packet to the peer. · TF_DELACK—Delays sending ACK packets. · TF_SENTFIN—A FIN packet has been sent. · TF_RCVD_SCALE—Requests the receive window size scale factor. · TF_RCVD_TSTMP—A timestamp was received in the SYN packet. · TF_NEEDSYN—Sends a SYN packet. · TF_NEEDFIN—Sends a FIN packet. · TF_MORETOCOME—More data is to be added to the socket. · TF_LQ_OVERFLOW—The listening queue overflows. · TF_LASTIDLE—Idle connection. · TF_RXWIN0SENT—A reply with receive window size 0 was sent. · TF_FASTRECOVERY—Enters NewReno fast recovery mode. · TF_WASFRECOVERY—In NewReno fast recovery mode. · TF_SIGNATURE—MD5 signature. · TF_FORCEDATA—Forces to send one byte. · TF_TSO—TSO is enabled. · TF_PASSIVE_CONN—Passive connection. · TF_APP_SEND—The application sends data. · TF_ABNORMAL_CLOSE—The application was abnormally closed. · TF_NODELAY—Disables the Nagle algorithm that buffers the sent data inside the TCP. · TF_NOOPT—No TCP options. · TF_NOPUSH—Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers. · TF_NSR—Enables TCP NSR. · TF_REQ_SCALE—Enables the TCP window scale option. · TF_REQ_TSTMP—Enables the time stamp option. · TF_SACK_PERMIT—Enables the TCP selective acknowledgement option. · TF_ENHANCED_AUTH—Enables the enhanced authentication option.
NSR state	NSR state of the TCP connection: · CLOSED—Closed (initial) state. · CLOSING—The connection is to be closed. · ENABLED—The connection backup is enabled. · OPEN—The connection synchronization has started. · PENDING—The connection backup is not ready. · READY—The connection backup is ready. · SMOOTH—The connection data is being smoothed. Between the parentheses is the role of the connection: · M—Main connection. · S—Standby connection.
Send VRF	VRF from which the packets are sent.
Receive VRF	VRF from which the packets are received.
Error count in abnormal-packet-defend period	Number of error packets received in one abnormal-packet-defend period if attack prevention is enabled for TCP connections.
Checksum errors	Number of received packets with checksum errors.
Duplicate packets	Number of received duplicate packets.
Part-Duplicate packets	Number of received partially duplicate packets.
Out-of-order packets	Number of received out-of-order packets.
Duplicate ACK packets	Number of received duplicate ACK packets.
Out-of-order ACK packets	Number of received out-of-order ACK packets.
Packets with data out of window	Number of received packets whose serial number is out of the sliding window range.
MD5 authentication errors	Number of packets with failed MD5 authentication.
Keychain authentication errors	Number of packets with failed Keychain authentication.
Timestamp errors	Number of packets with timestamp errors.
Total receive/send packets	Number of packets sent or received after the connection was established.
Receive/send packets in sequence	Number of packets sent or received through the connection, and their total length in bytes.
Receive/send keepalive packets	Number of keepalive packets sent or received through the connection.
Receive keepalive ack packets	Number of keepalive ACK packets sent or received through the connection.
Receive previous segment not captured packets	Number of packets received through the connection that indicated packet loss before those packets, and their total length in bytes.
Send retransmission packets	Number of retransmitted packets sent through the connection, and their total length in bytes.
Send fast retransmission packets	Number of fast retransmitted packets sent through the connection, and their total length in bytes.
Receive spurious retransmission packets	Number of spuriously retransmitted packets received through the connection, and their total length in bytes.
Receive/send window update packets	Number of window update packets sent or received through the connection.
Receive/send zero window packets	Number of zero-window packets sent or received through the connection.
Receive/send window probe packets	The number of window probe packets sent or received through the connection.
Receive window probe ack packets	Number of window probe ACK packets received through the connection.
Send window full packets	Number of packets sent through the connection that fill the receiving window of the peer.
User send data to tcp(times/bytes)	Number of data transmissions to TCP and their total length in bytes.
User receive data from tcp(times/bytes)	Number of data receptions from TCP and their total length in bytes.
Maximum Segment Size (MSS)	Maximum segment size.
Window Scale (wscale)	Window scale.
Retransmission Timeout (rto)	Retransmission timeout in milliseconds.
Retransmission Count/Total	Current number retransmissions/total number of retransmissions.
Round-trip Time (rtt/rtvar)	Average round-trip time in milliseconds.
Delayed Ack Timeout (ato)	Delayed acknowledgement timeout in milliseconds.
Congestion Window (cwnd)	Sequance number of the packet at the congestion window.
TCP Throughput	TCP throughput in Mbps.
sendpps/sendbps/recvpps/recvbps	· sendpps—Number of packets sent per second. · sendbps—Bytes sent per second. · recvpps—Number of packets received per second. · recvbps—Bytes received per second.
Iss/unack/next/max/wnd	· Iss—Local initial sequence number. · unack—Sequence number of sent packet that has not been acknowledged. · next—Sequence number for next sending. · max—Maximum sequence number for sending. · wnd—Sequence number of the packet at the sending window.
Irs/undeliver/next/adv/wnd	· Irs—Peer initial sequence number. · undeliver—Sequence number of the packet that has not been reported. · next—Sequence number for next sending. · adv—Size of the receiving buffer. · wnd—Sequence number of the packet at the notification receiving window.
Receiving window(scale/lastadvertise/max/min)	Receiving window information: · scale—Window scaling factor (rcv_scale). · lastadvertise—Window value advertised in the most recent packet. · max—Historical maximum value of the sliding window. · min—Historical minimum value of the sliding window.
Sending window(scale/lastadvertise/max/min)	Sending window information: · scale—Window scaling factor (snd_scale). · lastadvertise—Window value advertised in the most recent packet. · max—Historical maximum value of the sliding window. · min—Historical minimum value of the sliding window.
Total Recv/Send Count	Total number of received/sent packets through the LIPC connection between TCP NSR main and standby connections.
EnableMsg Recv/Send Count	Number of received/sent EnableMsg messages through the LIPC connection between TCP NSR main and standby connections.
DisableMsg Recv/Send Count	Number of received/sent DisableMsg messages through the LIPC connection between TCP NSR main and standby connections.
SlotchangeMsg Recv/Send Count	Number of received/sent SlotchangeMsg messages through the LIPC connection between TCP NSR main and standby connections.
ReadyMsg Recv/Send Count	Number of received/sent ReadyMsg messages through the LIPC connection between TCP NSR main and standby connections.
PullMsg Recv/Send Count	Number of received/sent PullMsg messages through the LIPC connection between TCP NSR main and standby connections.
BriefdataMsg Recv/Send Count	Number of received/sent BriefdataMsg messages through the LIPC connection between TCP NSR main and standby connections.
PktMsg Recv/Send Count	Number of received/sent PktMsg messages through the LIPC connection between TCP NSR main and standby connections.
CmdMsg Recv/Send Count	Number of received/sent CmdMsg messages through the LIPC connection between TCP NSR main and standby connections.
history Recv/history Send	Number of received/sent history messages through the LIPC connection between TCP NSR main and standby connections.
Recent Recv/Send Seq	Sequence number of the message received/sent most recently between TCP NSR main and standby connections.
Recent Recv/Send Time	Absolute time of the most recent message receiving/sending between TCP NSR main and standby connections.
rcvsb_timeo/sndsb_timeo/pd_type/pd_len	· rcvsb_timeo—Socket receiving buffer timeout. · sndsb_timeo—Socket sending buffer timeout in jiffies. · pd_type—Socket private data type. · pd_len—Socket private data length in bytes.
so_linger	Socket linger value.
ka_idle/ka_interval/ka_cout	· ka_idle—Socket keepalive idle timeout. · ka_interval—Socket keepalive interval. · ka_cout—Socket keepalive count.
so_accept_filter_str	Name of the socket packet receiving filter.
Md5 Password	TCP MD5 password.
Tcp Key Chain	TCP keychain name.
Out Interface/NextHop/Local Address	· Out Interface—Outgoing interface. · NextHop. · Local Address.
Filter Offset/Length/Value/Mask	Pcb filter offset, length, value, and mask.
Ip Tos/McastTTL/McastLoop/Mcast Interface Index:	· Ip Tos—IP TOS value. · McastTTL—Multicast TTL. · McastLoop—Multicast loop. · Mcast Interface Index—Multicast interface index.
Acl Index/MacIndex	· Acl Index—ACL filtering parameters. · MacIndex—Layer 2 ACL parameters.
Mpls Flag/Label	MPLS flag and MPLS label.
Kernel Event ID	Kernel Event ID.
Send Mac	Peer MAC address specified for packet sending of upper-layer applications.
Bier TTL/Entropy/TunnelID	· Bier TTL. · Entropy—BIER grouping flag. · TunnelID—BIER tunnel ID.
Ip Option Hdr	IP options required in a TCP packet.
Tcp connect establish	Time when the TCP connection was established. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Tcp send/datalen	Time of the last data transmission through the TCP connection, and length of the transmitted data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Tcp recv/datalen	Time of the last data reception through the TCP connection, and length of the received data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Retrans(datalen)	Time of the last data retransmission through the TCP connection, and length of the retransmitted data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr connect	Connect time of the service calling. The format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr shutdown	Shutdown time of the service calling. The format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr close	Close time of the service calling. The format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr send/datalen	Time when the service sent data most recently, and length of the sent data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr recv/datalen	Time when the service received data most recently, and length of the received data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr first recv epollout	Time when the service received the Epollout event for the first time, in the format of hh:mm:ss:jiffies MMM:DD:YYYY.
Last info usr read	Most recent time when the service was notified to read data, in the format of hh:mm:ss:jiffies MMM:DD:YYYY.
Usr Last recv epollevent/event	Time when the service received the last Epoll event, and the event value. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
TimerType	Timer type statistics.
StarTime	Time when the timer was started, in the format of hh:mm:ss:jiffies MMM:DD:YYYY.
StopTime	Time when the timer was deleted, in the format of hh:mm:ss:jiffies MMM:DD:YYYY.
TimeOut	Timer timeout length, in seconds.
TimeOut Count	Statistics about timer timeouts.
retransmit	Retransmission timer.
persist	Persist timer.
keepalive	Keepalive timer.

‌

display tcp-proxy

Use display tcp-proxy to display brief information about TCP proxy.

Syntax

display tcp-proxy slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number.

Usage guidelines

TCP proxy splits every TCP connection that passes through it into two TCP connections to relay data packets between clients and servers. The split is transparent to the servers and clients. This feature reduces bandwidth use and improves TCP performance.

Examples

# Display brief information about TCP proxy.

<Sysname> display tcp-proxy

Local Addr:port Foreign Addr:port State Service type

192.168.56.25:1111 111.111.111.125:8080 ESTABLISHED NONE

111.111.111.125:8080 192.168.56.25:1111 ESTABLISHED NONE

Table 10 Command output

Field	Description
Local Addr:port	Local IP address and port number.
Foreign Addr:port	Peer IP address and port number.
State	TCP connection state: · CLOSED—The server receives a disconnection request's reply from the client. · LISTEN—The server is waiting for connection requests. · SYN_SENT—The client is waiting for the server to reply to the connection request. · SYN_RECEIVED—The server receives a connection request. · ESTABLISHED—The server and client have established connections and can transmit data bidirectionally. · CLOSE_WAIT—The server receives a disconnection request from the client. · FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request. · CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other. · LAST_ACK—The server is waiting for the client to reply to a disconnection request. · FIN_WAIT_2—The client receives a disconnection reply from the server. · TIME_WAIT—The client receives a disconnection request from the server.
Service type	Type of services that the TCP proxy is used for: · NONE—No service type is specified.

‌

display tcp-proxy port-info

Use display tcp-proxy port-info to display the usage of non-well-known ports for TCP proxy.

Syntax

display tcp-proxy port-info slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number.

Usage guidelines

The TCP ports are divided into well-known ports (port numbers from 0 through 1023) and non-well-known ports (port numbers from 1024 through 65535).

· Well-known ports are for certain services, for example, port 23 for Telnet service, ports 20 and 21 for FTP service, and port 80 for HTTP service.

· Non-well-known ports are available for various services. You can use the display tcp-proxy port-info command to display the usage of these ports.

Examples

# Display the usage of non-well-known ports for TCP proxy on slot 1.

<Sysname> display tcp-proxy port-info slot 1

Index Range State

16 [1024, 1087] USABLE

17 [1088, 1151] USABLE

18 [1152, 1215] USABLE

19 [1216, 1279] USABLE

20 [1280, 1343] USABLE

...

1020 [65280, 65343] USABLE

1021 [65344, 65407] USABLE

1022 [65408, 65471] USABLE

1023 [65472, 65535] USABLE

Table 11 Command output

Field	Description
Index	Index of the port range.
Range	Start port number and end port number.
State	State of the port range: · USABLE—The ports are assignable. · ASSIGNED—Some ports are dynamically assigned and some ports are not. · ALLASSIGNED—All ports are dynamically assigned. The assigned ports can be reclaimed. · TO RECLAIM—Some ports are statically assigned. The assigned ports can be reclaimed. · RESERVED—The ports are reserved. The reserved ports cannot be dynamically assigned.

‌

display udp

Use display udp to display brief information about UDP connections.

Syntax

display udp [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays brief information about UDP connections on all cards.

Usage guidelines

Brief UDP connection information includes local IP address and port number, and peer IP address and port number.

Examples

# Display brief information about UDP connections.

<Sysname> display udp

Local Addr:port Foreign Addr:port Slot Cpu PCB

0.0.0.0:69 0.0.0.0:0 1 0 0x0000000000000003

192.168.20.200:1024 192.168.20.14:69 5 0 0x0000000000000002

Table 12 Command output

Field	Description
Local Addr:port	Local IP address and port number.
Foreign Addr:port	Peer IP address and port number.
PCB	PCB index.

‌

display udp statistics

Use display udp statistics to display UDP traffic statistics.

Syntax

display udp statistics [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays UDP traffic statistics on all cards.

Usage guidelines

UDP traffic statistics include information about received and sent UDP packets.

Examples

# Display UDP traffic statistics.

<Sysname> display udp statistics

Received packets:

Total: 240

checksum error: 0, no checksum: 0

shorter than header: 0, data length larger than packet: 0

no socket on port(unicast): 0

no socket on port(broadcast/multicast): 240

not delivered, input socket full: 0

Sent packets:

Total: 0

Related commands

reset udp statistics

display udp verbose

Use display udp verbose to display detailed information about UDP connections.

Syntax

display udp verbose [ slot slot-number [ pcb pcb-index ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pcb pcb-index: Displays detailed UDP connection information for the specified PCB. The value range for the pcb-index argument is 1 to 16.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays detailed information about UDP connections on all cards.

Usage guidelines

The detailed information includes socket creator, status, option, type, protocol number, source IP address and port number, and destination IP address and port number for UDP connections.

Examples

# Display detailed UDP connection information.

<Sysname> display udp verbose

Total UDP socket number: 1

Connection info: src = 0.0.0.0:69, dst = 0.0.0.0:0

Location: slot 0 cpu 0

Creator: sock_test_mips[250]

State: N/A

Options: N/A

Error: 0

Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 41600 / 1 / 0 / N/A

Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A

Type: 2

Protocol: 17

Inpcb flags: N/A

Inpcb extflag: N/A

Inpcb vflag: INP_IPV4

TTL: 255(minimum TTL: 0)

Send VRF: 0xffff

Receive VRF: 0xffff

Table 13 Command output

Field	Description
Total UDP socket number	Total number of UDP sockets.
Connection info	Source IP address and port number, and destination IP address and port number.
Location	Socket location.
Creator	Name of the operation that created the socket. The number in brackets is the process number of the creator.
State	Socket state: · NOFDREF—The user has closed the connection. · ISCONNECTED—The connection has been established. · ISCONNECTING—The connection is being established. · ISDISCONNECTING—The connection is being interrupted. · ASYNC—Asynchronous mode. · ISDISCONNECTED—The connection has been terminated. · ISSMOOTHING—Cross-card data smoothing is in progress. · CANBIND—The socket supports the bind operation. · PROTOREF—Indicates strong protocol reference. · ISPCBSYNCING—Cross-card PCB synchronization is in progress. · N/A—None of above state.
Options	Socket options: · SO_DEBUG—Records socket debugging information. · SO_ACCEPTCONN—Enables the server to listen connection requests. · SO_REUSEADDR—Allows the local address reuse. · SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. · SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. · SO_BROADCAST—Supports broadcast packets. · SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer. · SO_OOBINLINE—Stores the out-of-band data in the input queue. · SO_REUSEPORT—Allows the local port reuse. · SO_TIMESTAMP—Records the timestamps of the incoming packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated. · SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs. · SO_KEEPALIVETIME—Sets a keepalive time. This option is supported in TCP. · SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. · SO_FILTER—Supports setting the packet filter criterion. This option takes effect on the incoming packets. · SO_SEQPACKET—Preserves the boundaries of packets sent to the socket buffer. · SO_USCBINDEX—Obtains the user profile index from the received packets. · SO_FILLTWAMPTIME—Sets the timestamp for TWAMP. · SO_LOCAL—Local socket option. · SO_DONTDELIVER—Do not deliver the data to the application. · SO_UCM—Sets the IPoE enabling status. · SO_RAWSLOT—Raw slot. · SO_LEASEDUSERID—Obtains a usable lease. · N/A—No options are set.
Error	Error code.
Receiving buffer(cc/hiwat/lowat/drop/state)	Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · drop—Number of dropped packets. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Sending buffer(cc/hiwat/lowat/state)	Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Type	Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types.
Protocol	Number of the protocol using the socket.
Inpcb flags	Flags in the Internet PCB: · INP_RECVOPTS—Receives IP options. · INP_RECVRETOPTS—Receives replied IP options. · INP_RECVDSTADDR—Receives destination IP address. · INP_HDRINCL—Provides the entire IP header. · INP_REUSEADDR—Reuses the IP address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_RECVIF—Records the input interface of the packet. · INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag. · INP_DONTFRAG—Sets the Don't Fragment flag. · INP_ROUTER_ALERT—Receives packets with the router alert option. Only RawIP supports this flag. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_SNDBYLSPV—Sends through MPLS. · INP_RECVTOS—Receives TOS of the packet. Only UDP and RawIP support this flag. · INP_SYNCPCB—Waits until Internet PCB is synchronized. · INP_LOCAL—Preferentially matches the INPCB with this flag on the same card. · N/A—None of the above flags.
Inpcb extflag	Extension flags in the Internet PCB: · INP_EXTRCVPVCIDX—Records the PVC index of the received packet. · INP_RCVPWID—Records the PW ID of the received packet. · INP_EXTRCVICMPERR—Receives an ICMP error packet. · INP_EXTFILTER—Filters the contents in the received packets. · INP_EXTDONTDROP—Do not drop the received packet. · INP_EXLISTEN—Adds the INPCB carrying this flag to the listen hash table. · INP_SELECTMATCHSRCBYFIB—Uses the FIB table to select a matching source. · INP_EXTPRIVATESOCKET—Associates the INPCB with the NSR private socket. · INP_EXTNOCACHEPKT—Do not cache packets. · INP_EXTRCVVLANDOT1P—Obtains the Dot1p value of the VLAN tag in the received packet. · INP_EXTSNDDATAIF—Sets the output interface of data. · INP_EXTFREEBIND—The socket is not bound to an address or port. · INP_EXTINNERPROXY—Receives packets forwarded by the proxy. · N/A—None of the above flags.
Inpcb vflag	IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags.
TTL	TTL value in the Internet PCB.
Send VRF	VRF from which the packets are sent.
Receive VRF	VRF from which the packets are received.

‌

management-port isolate enable

Use management-port isolate enable to enable IP packet isolation between management port and service port.

Use undo management-port isolate enable to restore the default.

Syntax

management-port isolate enable

undo management-port isolate enable

Default

IP packet isolation between management port and service port is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

With this feature enabled, the device discards IP packets received and sent on different types of ports (management or service), for example, packets received on the management port but sent out of the service port. This isolates management IP traffic and service IP traffic from each other, preventing attacks against the management network through the service network.

In scenarios where the management port forwards IP service traffic, do not enable this feature as a best practice.

Examples

# Enable IP packet isolation between management port and service port.

<Sysname> system-view

[Sysname] management-port isolate enable

ip forward-broadcast

Use ip forward-broadcast to enable an interface to forward directed broadcast packets destined for the directly connected network.

Use undo ip forward-broadcast to restore the default.

Syntax

ip forward-broadcast [ acl acl-number ]

undo ip forward-broadcast

Default

An interface cannot forward directed broadcasts destined for the directly connected network.

Views

Interface view

Predefined user roles

network-admin

Parameters

acl acl-number: Specifies an ACL by its number. The interface forwards only the directed broadcasts permitted by the ACL. The value range for basic ACLs is 2000 to 2999. The value range for advanced ACLs is 3000 to 3999.

Usage guidelines

A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.

Hackers can use directed broadcasts to attack the target network. In some scenarios, however, an interface must send such directed broadcast packets to support the following features:

· UDP helper—Converts the directed broadcasts to unicasts and forwards them to a specific server.

· Wake on LAN—Sends the directed broadcasts to wake up the hosts on the target network.

You can use this command to enable the interface to forward directed broadcast packets that are destined for directly connected network.

Examples

# Enable Ten-GigabitEthernet 3/0/1 to forward directed broadcast packets destined for the directly connected network.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ip forward-broadcast

ip icmp echo-reply traffic-priority

Use ip icmp echo-reply traffic-priority to set the forwarding priority value for ICMP echo replies in hardware.

Use undo ip icmp echo-reply traffic-priority to restore the default.

Syntax

ip icmp echo-reply traffic-priority priority-value

undo ip icmp echo-reply traffic-priority

Default

The hardware responds to ICMP echo requests according to their priorities.

Views

System view

Predefined user roles

network-admin

Parameters

traffic-priority priority-value: Specifies the forwarding priority value for ICMP echo replies in hardware. The value range is 0 to 255. The larger the value, the higher the priority.

Usage guidelines

Application scenarios

When you perform an ICMP echo test to test whether an NQA client can reach the NQA server, the NQA client sends ICMP echo requests to the NQA server. By default, the hardware of the NQA server responds to these ICMP echo requests with the lowest priority. When the NQA server forwards a large amount of packets with higher priority than ICMP echo replies, the hardware might fail to send those ICMP echo replies in time. As a result, the ICMP echo replies will be discarded due to sending timeout errors, which causes the ICMP echo test to fail.

To avoid this issue, use this command on the NQA server to increase the forwarding priority value for ICMP echo replies in hardware. When the NQA server forwards a large amount of high-priority packets, the forwarding of ICMP echo replies will not be affected in hardware.

For more information about ICMP echo-type NQA tests, see NQA configuration in Network Management and Monitoring Configuration Guide.

Operating mechanism

After you configure this feature, the hardware forwards ICMP echo replies according to the priority value configured in this command rather than the original priority values in those ICMP echo replies.

After you undo this feature, the hardware forwards ICMP echo replies according to the priority values in those ICMP echo replies.

Examples

# Set the forwarding priority value to 5 for ICMP echo replies in hardware.

<Sysname> system-view

[Sysname] ip icmp echo-reply traffic-priority 5

ip icmp error-interval

Use ip icmp error-interval to set the interval for tokens to arrive in the bucket for ICMP error messages and the bucket size.

Use undo ip icmp error-interval to restore the default.

Syntax

ip icmp error-interval interval [ bucketsize ]

undo ip icmp error-interval

Default

A token is placed in the bucket every 100 milliseconds, and the bucket allows a maximum of 10 tokens.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval for tokens to arrive in the bucket. The value range is 0 to 2147483647 milliseconds. To disable the ICMP rate limit, set the value to 0.

bucketsize: Specifies the maximum number of tokens allowed in the bucket. The value range is 1 to 200.

Usage guidelines

This command limits the rate at which ICMP error messages are sent. Use this command to avoid sending excessive ICMP error messages within a short period that might cause network congestion. A token bucket algorithm is used with one token representing one ICMP error message.

A token is placed in the bucket at intervals until the maximum number of tokens that the bucket can hold is reached.

A token is removed from the bucket when an ICMP error message is sent. When the bucket is empty, ICMP error messages are not sent until a new token is placed in the bucket.

Examples

# Set the interval to 200 milliseconds for tokens to arrive in the bucket for ICMP error messages, and set the bucket size to 40 tokens.

<Sysname> system-view

[Sysname] ip icmp error-interval 200 40

ip icmp receive enable

Use ip icmp receive enable to enable the device to receive a specific type of ICMP messages.

Use undo ip icmp receive enable to disable the device from receiving a specific type of ICMP messages.

Syntax

ip icmp { name icmp-name | type icmp-type code icmp-code } receive enable

undo ip icmp { name icmp-name | type icmp-type code icmp-code } receive enable

Default

The device receives all types of ICMP messages.

Views

System view

Predefined user roles

network-admin

Parameters

name icmp-name: Specifies an ICMP message name, a case-insensitive string of 1 to 20 characters.

type icmp-type: Specifies an ICMP message type. The value range for the icmp-type argument is 0 to 255.

code icmp-code: Specifies an ICMP message code. The value range for the icmp-code argument is 0 to 255.

Usage guidelines

CAUTION:

Disabling receiving ICMP messages of a specific type might affect network operation. Please use this feature with caution.

‌

By default, the device receives all types of ICMP messages. Such a setting might affect device performance if a large number of ICMP responses are received within a short time. To resolve this issue, you can use this command to disable the device from receiving a specific type of ICMP messages.

Table 14 shows common ICMP messages and their meanings.

Table 14 Common ICMP messages

Name	Type	Code	Description
echo	8	0	Echo request used to ping a target node.
echo-reply	0	0	Echo reply sent by a target node after receiving an echo request.
fragmentneed-dfset	3	4	Packets that need fragmentation but have the DF bit set.
host-redirect	5	1	Host redirection.
host-tos-redirect	5	3	Host ToS redirection.
host-unreachable	3	1	Unreachable host.
information-reply	16	0	Information reply.
information-request	15	0	Information request.
net-redirect	5	0	Network redirection.
net-tos-redirect	5	2	Network ToS redirection.
net-unreachable	3	0	Unreachable network.
parameter-problem	12	0	Invalid parameter.
port-unreachable	3	3	Unreachable port.
protocol-unreachable	3	2	Unreachable protocol.
reassembly-timeout	11	1	Fragment reassembly timeout.
source-quench	4	0	Source quench message.
source-route-failed	3	5	Source route failure.
timestamp-reply	14	0	Timestamp reply.
timestamp-request	13	0	Timestamp request.
ttl-exceeded	11	0	TTL exceeded in transit.

‌

Examples

# Enable the device to receive ICMP echo reply messages.

<Sysname> system-view

[Sysname] ip icmp name echo-reply receive enable

ip icmp send enable

Use ip icmp send enable to enable the device to send a specific type of ICMP messages.

Use undo ip icmp send enable to disable the device from sending a specific type of ICMP messages.

Syntax

ip icmp { name icmp-name | type icmp-type code icmp-code } send enable

undo ip icmp { name icmp-name | type icmp-type code icmp-code } send enable

Default

The device can send all types of ICMP messages except Destination Unreachable, Time Exceeded, and Redirect messages.

Views

System view

Predefined user roles

network-admin

Parameters

name icmp-name: Specifies an ICMP message name, a case-insensitive string of 1 to 20 characters.

type icmp-type: Specifies an ICMP message type. The value range for the icmp-type argument is 0 to 255.

code icmp-code: Specifies an ICMP message code. The value range for the icmp-code argument is 0 to 255.

Usage guidelines

CAUTION:

Disabling sending ICMP messages of a specific type might affect network operation. Please use this feature with caution.

‌

By default, the device sends all types of ICMP messages except Destination Unreachable, Time Exceeded, and Redirect messages. Attackers might obtain information from specific types of ICMP messages, causing security issues.

For security purposes, you can use this command to disable the device from sending ICMP messages of specific types.

To enable sending Destination Unreachable, Time Exceeded, or Redirect messages, you can perform one of the following tasks:

· Execute the ip icmp send enable command.

· Execute one of the following commands as needed:

¡ ip unreachables enable

¡ ip ttl-expires enable

¡ ip redirects enable

Table 14 shows common ICMP messages and their meanings.

Examples

# Enable the device to send ICMP echo reply messages.

<Sysname> system-view

[Sysname] ip icmp name echo-reply send enable

Related commands

ip icmp fragment discarding

ip redirects enable

ip ttl-expires enable

ip unreachables enable

ip icmp source

Use ip icmp source to specify the source address for outgoing ICMP packets.

Use undo ip icmp source to remove the specified source address for outgoing ICMP packets.

Syntax

ip icmp source [ vpn-instance vpn-instance-name ] ip-address

undo ip icmp source [ vpn-instance vpn-instance-name ]

Default

No source address is specified for outgoing ICMP packets. The default source IP addresses for different types of ICMP packets vary as follows:

· For an ICMP error message, the source IP address is the IP address of the receiving interface of the packet that triggers the ICMP error message. ICMP error messages include Time Exceeded, Port Unreachable, and Parameter Problem messages.

· For an ICMP echo request, the source IP address is the IP address of the sending interface.

· For an ICMP echo reply, the source IP address is the destination IP address of the ICMP echo request specific to this reply.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the specified address belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the ip-address argument specifies an IP address on the public network.

ip-address: Specifies an IP address.

Usage guidelines

It is a good practice to specify the IP address of the loopback interface as the source IP address for outgoing ping echo request and ICMP error messages. This feature helps network administrators to locate the sending device easily.

Examples

# Specify 1.1.1.1 as the source address for outgoing ICMP packets.

<Sysname> system-view

[Sysname] ip icmp source 1.1.1.1

ip mtu

Use ip mtu to set the interface MTU for IPv4 packets. The setting defines the largest size of an IPv4 packet that an interface can transmit without fragmentation.

Use undo ip mtu to restore the default.

Syntax

ip mtu mtu-size

undo ip mtu

Default

The interface MTU is not set.

Views

Interface view

Predefined user roles

network-admin

Parameters

mtu-size: Specifies the MTU in bytes. The value range for this argument varies by card type.

Usage guidelines

When a packet exceeds the MTU of the sending interface, the device processes the packet in one of the following ways:

· If the packet disallows fragmentation, the device discards it.

· If the packet allows fragmentation, the device fragments it and forwards the fragments.

Fragmentation and reassembling consume system resources, so set an appropriate MTU to avoid fragmentation.

If an interface supports both the mtu and ip mtu commands, the device fragments a packet based on the MTU set by the ip mtu command.

Examples

# Set the interface MTU for IPv4 packets to 1280 bytes on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ip mtu 1280

ip option enable

Use ip option enable to enable the device to process IP options in IP packets.

Use undo ip option enable to disable the device from processing IP options in IP packets.

Syntax

ip option enable

undo ip option enable

Default

The device processes IP options in IP packets.

Views

System view

Predefined user roles

network-admin

Usage guidelines

IP options are typically used for network path diagnosis or temporary transmission of specific services. When a packet with IP options arrives at an intermediate device, the device sends the packet to CPU to process IP options before forwarding it out. In a network with excessive packet exchanges, processing IP options will prevent the intermediate device from processing packets in a timely manner and cause packet loss. To avoid this situation, execute the undo ip option enable command to disable the device from processing IP options in packets to be forwarded. Then packets will be forwarded through hardware.

Disable this feature only when IP options are not used in the network.

Examples

# Enable the device to process IP options in IP packets.

<Sysname> system-view

[Sysname] ip option enable

ip option source-route enable

Use ip option source-route enable to enable processing IP packets that contain the source route option.

Use undo ip option source-route enable to disable processing IP packets that contain the source route option.

Syntax

ip option source-route enable

undo ip option source-route enable

Default

The device processes IP packets that contain the source route option.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The source route option in the IP header is used for network diagnosis and specific service transmission. By default, the device supports processing the source route option. If the option is forged by an attacker, the device will obtain incorrect source route information, affecting network diagnosis and service transmission. To avoid the situation, you can execute the undo ip option source-route enable command to drop IP packets that contain the source route option.

Examples

# Enable processing IP packets that contain the source route option.

<Sysname> system-view

[Sysname] ip option source-route enable

ip reassemble local enable

Use ip reassemble local enable to enable IPv4 local fragment reassembly.

Use undo ip reassemble local enable to disable local fragment reassembly.

Syntax

ip reassemble local enable

undo ip reassemble local enable

Default

IPv4 local fragment reassembly is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Configure this command on a device to improve fragment reassembly efficiency. An LPU performs fragment reassembly for an IPv4 packet destined for the device if it receives fragments of that packet. If this feature is disabled, all IPv4 fragments are delivered to the active MPU for reassembly.

This feature fails to reassemble an IPv4 packet if fragments of the packet are received by different LPUs.

Examples

# Enable IPv4 local fragment reassembly.

<Sysname> system-view

[Sysname] ip reassemble local enable

ip redirects enable

Use ip redirects enable to enable sending ICMP redirect messages.

Use undo ip redirects enable to disable sending ICMP redirect messages.

Syntax

ip redirects enable

undo ip redirects enable

Default

Sending ICMP redirect messages is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

ICMP redirect messages simplify host management and enable hosts to gradually optimize their routing tables.

A host that has only one route destined for the default gateway sends all packets to the default gateway. The default gateway sends an ICMP redirect message to inform the host of a correct next hop by following these rules:

· The receiving and sending interfaces are the same.

· The packet source IP address and the IP address of the packet receiving interface are on the same segment.

· There is no source route option in the received packet.

Examples

# Enable sending ICMP redirect messages.

<Sysname> system-view

[Sysname] ip redirects enable

ip ttl-expires enable

Use ip ttl-expires enable to enable sending ICMP time exceeded messages.

Use undo ip ttl-expires enable to disable sending ICMP time exceeded messages.

Syntax

ip ttl-expires enable

undo ip ttl-expires enable

Default

Sending ICMP time exceeded messages is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

A device sends ICMP time exceeded messages by following these rules:

· The device sends an ICMP TTL exceeded in transit message to the source when the following conditions are met:

¡ The received packet is not destined for the device.

¡ The TTL field of the packet is 1.

· When the device receives the first fragment of an IP datagram destined for the device itself, it starts a timer. If the timer expires before all the fragments of the datagram are received, the device sends an ICMP fragment reassembly time exceeded message to the source.

A device disabled from sending ICMP time exceeded messages does not send ICMP TTL exceeded in transit messages but can still send ICMP fragment reassembly time exceeded messages.

Examples

# Enable sending ICMP time exceeded messages.

<Sysname> system-view

[Sysname] ip ttl-expires enable

ip unreachables enable

Use ip unreachables enable to enable sending ICMP destination unreachable messages.

Use undo ip unreachables enable to disable sending ICMP destination unreachable messages.

Syntax

ip unreachables enable

undo ip unreachables enable

Default

Sending ICMP destination unreachable messages is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

A device sends ICMP destination unreachable messages by following these rules:

· The device sends the source an ICMP network unreachable message when the following conditions are met:

¡ The received packet does not match any route.

¡ No default route exists in the routing table.

· The device sends the source an ICMP protocol unreachable message when the following conditions are met:

¡ The received packet is destined for the device.

¡ The transport layer protocol of the packet is not supported by the device.

· The device sends the source an ICMP port unreachable message when the following conditions are met:

¡ The received UDP packet is destined for the device.

¡ The packet's port number does not match the running process.

· The device sends the source an ICMP source route failed message when the following conditions are met:

¡ The source uses Strict Source Routing to send packets.

¡ The intermediate device finds that the next hop specified by the source is not directly connected.

· The device sends the source an ICMP fragmentation needed and DF set message when the following conditions are met:

¡ The MTU of the sending interface is smaller than the packet.

¡ The packet has Don't Fragment set.

Examples

# Enable sending ICMP destination unreachable messages.

<Sysname> system-view

[Sysname] ip unreachables enable

packet-follow care

Use packet-follow care to enable t he packet following feature to focus on a packet processing node.

Use undo packet-follow care to disable the packet following feature from focusing on a packet processing node.

Syntax

packet-follow care phase [ tag-id ]

undo packet-follow care phase [ tag-id ]

Default

The packet following feature does not focus on any packet processing node.

Views

User view

Predefined user roles

network-admin

Parameters

phase: Specifies a packet processing phase.

tag-id: Specifies the tag of a processing node in a packet processing phase. The value range for this argument is 0 to 511.

Usage guidelines

Packet processing involves multiple phases, and each processing phase is divided into multiple processing nodes. By default, the packet following feature follows all packet processing phases and their nodes, resulting in excessive statistics and debugging information that hinders troubleshooting. To avoid this issue, enable the packet following feature to focus on the desired packet processing nodes. When you execute a display command related with the packet following feature, the command only displays the statistics and debugging information collected for the desired packet processing nodes.

If you do not specify the tag-id argument, the packet following feature will focus on all packet processing nodes.

Examples

# Enable the packet following feature to focus on processing node 1 in the TCP processing phase.

<Sysname> packet-follow care tcp 1

Related commands

debugging packet-follow

display packet-follow statistics

packet-follow counting

Use packet-follow counting to enable the packet following feature to collect statistics.

Use undo packet-follow counting to restore the default.

Syntax

packet-follow counting [ max-packet-number | no-limit ]

undo packet-follow counting

Default

The packet following feature does not collect statistics.

Views

User view

Predefined user roles

network-admin

Parameters

max-packet-number: Specifies the maximum number of packets that the packet following feature can follow, including incoming and outgoing packets.

no-limit: Allows the packet following feature to follow an unlimited number of packets.

Usage guidelines

Application scenarios

When packet loss exists, you can use the packet following feature for troubleshooting purposes. The display packet-follow statistics command can display statistics only if th e packet following feature is enabled to collect statistics and packets successfully match the configured packet following rules. If no packet following rules are configured or no packets successfully match the configured packet following rules, the packet following feature does not collect any statistics.

Operating mechanism

If you do not specify any parameters, the packet following feature will follow and collect statistics for up to 10 packets. When the number of followed packets reaches the upper limit, the packet following feature automatically stops collecting statistics.

Restoring the default setting of this command or reconfiguring this command will delete all statistics that are already collected by the packet following feature.

Examples

# Enable the packet following feature to collect statistics.

<Sysname> packet-follow counting

Related commands

display packet-follow statistics

packet-follow receive interface

packet-follow receive match-rule

packet-follow receive match-rule acl

packet-follow send match-rule

packet-follow send match-rule acl

reset packet-follow statistics

packet-follow receive interface

Use packet-follow receive interface to configure a packet following rule based on input interfaces.

Use undo packet-follow receive to restore the default.

Syntax

packet-follow receive interface interface-type interface-number

undo packet-follow receive [ interface interface-type interface-number ]

Default

No packet following rules are configured based on input interfaces.

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an input interface by its interface type and interface number. The input interface must be a physical interface or VLAN interface. You can specify a maximum of 128 input interfaces by repeating this command.

Usage guidelines

When the packet following feature follows too many packets, you can use this command to configure packet following rules based on the desired input interfaces. T he packet following feature then only follows the packets received on the desired input interfaces.

Examples

# Enable the packet following feature to follow the packets received on Gigabitethernet 2/0/1.

<Sysname> packet-follow receive interface Gigabitethernet 2/0/1

Related commands

debugging packet-follow

display packet-follow statistics

packet-follow receive match-rule

Use packet-follow receive match-rule to configure a packet following rule for incoming packets.

Use undo packet-follow receive match-rule to delete a packet following rule for incoming packets.

Syntax

packet-follow receive match-rule rule-id [ { { ipv4 | ipv6 | l2 | l4 | application } rule-string rule-mask offset } &<1-8> ]

undo packet-follow receive match-rule [ rule-id ]

Default

No packet following rules are configured for incoming packets.

Views

User view

Predefined user roles

network-admin

Parameters

rule-id: Specifies a rule ID for the packet following rule. A smaller rule ID indicates a higher priority. The value range for this argument is 0 to 127.

ipv4: Specifies the offset starting from the IPv4 packet header.

ipv6: Specifies the offset starting from the IPv6 packet header.

l2: Specifies the offset starting from the Layer 2 frame header.

l4: Specifies the offset starting from the Layer 4 packet header.

application: Specifies the offset starting from the application layer header. For RAWIP packets, the application header follows the IPv4 or IPv6 packet header.

rule-string: Specifies a rule string of hexadecimal characters. The string length must be even and cannot exceed 40 bytes.

rule-mask: Specifies a mask for the rule string, which is used to perform AND operation against packets. The mask must be a string of hexadecimal characters and the mask length must be the same as the rule string length.

offset: Specifies the offset value. The value range for this argument is 0 to 65535. This argument specifies the location of the content compared by the packet following feature. For example, if you set the value to 8, this feature matches against incoming packets by comparing the content from the eighth byte (counting from the specified packet header).

&<1-8>: Indicates that you can specify the previous parameters up to 8 times.

Usage guidelines

Application scenarios

When packet loss exists, you can use the packet following feature for troubleshooting purposes. After you configure specific packet following rules, the packet following feature can follow incoming packets from Layer 2 to Layer 4 in the OSI model. Then, you can use the display packet-follow statistics and debugging packet-follow command to view the statistics collected by the packet following feature and debugging information of this feature.

Operating mechanism

· If you specify none of the ipv4, ipv6, l2, l4, and application keywords, no packet filtering criterion is specified and all packets can match the rule.

· The packet following feature successfully matches an incoming packet only if the following conditions exist:

¡ The packet successfully matches a packet following rule configured by this command. This requirement is met as long as the packet matches all criteria in a rule.

¡ If packet following rules based on input interfaces also exist, the packet must successfully match one of those input interface-based rules.

· This command supports configuring up to 128 rules. The logical relationships among those rules are OR. An incoming packet successfully matches those rules as long as the packet matches any of them.

· If you execute the undo packet-follow receive match-rule command without specifying the rule-id argument, this command will delete all packet following rules for incoming packets.

Examples

# Configure a packet following rule for incoming ARP packets.

<Sysname> packet-follow receive match-rule 1 l2 0806 ffff 12

Related commands

debugging packet-follow

display packet-follow statistics

packet-follow counting

packet-follow receive match-rule acl

Use packet-follow receive match-rule acl to configure an ACL-type packet following rule for incoming packets.

Use undo packet-follow receive match-rule to delete an ACL-type packet following rule for incoming packets.

Syntax

packet-follow receive match-rule rule-id acl { [ ipv6 ] { advanced-acl-number | basic-acl-number } | mac mac-acl-number }

undo packet-follow receive match-rule [ rule-id ]

Default

No ACL-type packet following rules are configured for incoming packets.

Views

User view

Predefined user roles

network-admin

Parameters

rule-id: Specifies the number of the user-defined incoming packet matching rule. This value represents the priority. The smaller the value, the higher the priority. The value range is 0 to 127.

acl: Filters Ethernet packets by an ACL.

ipv6: Filters Ethernet packets by an IPv6 ACL. With this keyword specified, you can only specify an advanced ACL or basic ACL.

mac: Filters Ethernet packets by a Layer 2 ACL.

advanced-acl-number: Specifies an advanced ACL by its number. The value range for this argument is 3000 to 3999.

basic-acl-number: Specifies the basic ACL in a range of 2000 to 2999.

advanced-acl-number: Specifies the advanced ACL in a range of 3000 to 3999.

Usage guidelines

Application scenarios

Operating mechanism

· The packet following feature successfully matches an incoming packet only if the following conditions exist:

¡ The packet successfully matches a packet following rule configured by this command. This requirement is met as long as the packet matches all criteria in a rule.

¡ If packet following rules based on input interfaces also exist, the packet must successfully match one of those input interface-based rules.

· If you execute the undo packet-follow receive match-rule command without specifying the rule-id argument, this command will delete all packet following rules for incoming packets.

Examples

# Configure a packet following rule that uses ACL 2000 to match against incoming packets.

<Sysname> packet-follow receive match-rule 1 acl 2000

Related commands

debugging packet-follow

display packet-follow statistics

packet-follow counting

packet-follow send match-rule

Use packet-follow send match-rule to configure a packet following rule for outgoing packets.

Syntax

packet-follow send match-rule rule-id [ { { ipv4 | ipv6 | l4 | application } rule-string rule-mask offset } &<1-8> ]

undo packet-follow send match-rule [ rule-id ]

Default

No packet following rules are configured for outgoing packets.

Views

User view

Predefined user roles

network-admin

Parameters

rule-id: Specifies a rule ID for the packet following rule. A smaller rule ID indicates a higher priority. The value range for this argument is 0 to 127.

ipv4: Specifies the offset starting from the IPv4 packet header.

ipv6: Specifies the offset starting from the IPv6 packet header.

l4: Specifies the offset starting from the Layer 4 packet header.

application: Specifies the offset starting from the application layer header. For RAWIP packets, the application header follows the IPv4 or IPv6 packet header.

rule-string: Specifies a rule string of hexadecimal characters. The string length must be even and cannot exceed 40 bytes.

offset: Specifies the offset value. The value range for this argument is 0 to 65535. This argument specifies the location of the content compared by the packet following feature. For example, if you set the value to 8, this feature matches against outgoing packets by comparing the content from the eighth byte (counting from the specified packet header).

&<1-8>: Indicates that you can specify the previous parameters up to 8 times.

Usage guidelines

Application scenarios

When packet loss exists, you can use the packet following feature for troubleshooting purposes. After you configure specific packet following rules, the packet following feature can follow outgoing packets from Layer 2 to Layer 4 in the OSI model. Then, you can use the display packet-follow statistics and debugging packet-follow command to view the statistics collected by the packet following feature and debugging information of this feature.

Operating mechanism

· If you specify none of the ipv4, ipv6, l4, and application keywords, no packet filtering criterion is specified and all packets can match the rule.

· The packet following feature successfully matches an outgoing packet only if the following conditions exist:

¡ The packet successfully matches a packet following rule configured by this command. This requirement is met as long as the packet matches all criteria in a rule.

¡ If packet following rules based on input interfaces also exist, the packet must successfully match one of those input interface-based rules.

· This command supports configuring up to 128 rules. The logical relationships among those rules are OR. An outgoing packet successfully matches those rules as long as the packet matches any of them.

· If you execute the undo packet-follow send match-rule command without specifying the rule-id argument, this command will delete all packet following rules for outgoing packets.

Examples

# Configure a packet following rule for outgoing packets.

<Sysname> packet-follow send match-rule 1 application 1111 ffff 12

Related commands

debugging packet-follow

display packet-follow statistics

packet-follow counting

packet-follow send match-rule acl

Use packet-follow send match-rule acl to configure an ACL-type packet following rule for outgoing packets.

Syntax

packet-follow send match-rule rule-id acl { [ ipv6 ] { advanced-acl-number | basic-acl-number } }

undo packet-follow send match-rule [ rule-id ]

Default

No ACL-type packet following rules are configured for outgoing packets.

Views

User view

Predefined user roles

network-admin

Parameters

rule-id: Specifies the number of the user-defined outgoing packet matching rule. This value represents the priority. The smaller the value, the higher the priority. The value range is 0 to 127.

acl: Filters Ethernet packets by an ACL.

ipv6: Filters Ethernet packets by an IPv6 ACL. With this keyword specified, you can only specify an advanced ACL or basic ACL.

advanced-acl-number: Specifies an advanced ACL by its number. The value range for this argument is 3000 to 3999.

basic-acl-number: Specifies the basic ACL in a range of 2000 to 2999.

Usage guidelines

Application scenarios

When packet loss exists, you can use the packet following feature for troubleshooting purposes. After you configure specific packet following rules, the packet following feature can follow outgoing packets from Layer 2 to Layer 4 in the OSI model. Then, you can use the display packet-follow statistics and debugging packet-follow command to view the statistics collected by the packet following feature and debugging information of this feature.

Operating mechanism

· The packet following feature successfully matches an outgoing packet only if the following conditions exist:

¡ The packet successfully matches a packet following rule configured by this command. This requirement is met as long as the packet matches all criteria in a rule.

¡ If packet following rules based on input interfaces also exist, the packet must successfully match one of those input interface-based rules.

· If you execute the undo packet-follow send match-rule command without specifying the rule-id argument, this command will delete all packet following rules for outgoing packets.

Examples

# Configure a packet following rule that uses ACL 2000 to match against outgoing packets.

<Sysname> packet-follow send match-rule 1 acl 2000

Related commands

debugging packet-follow

display packet-follow statistics

packet-follow counting

reset ip option source-route statistics

Use reset ip option source-route statistics to clear statistics about dropped IP packets that contain the source route option.

Syntax

reset ip option source-route statistics [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears statistics about dropped IP packets that contain the source route option on all cards.

Examples

# Clear statistics about dropped IP packets that contain the source route option.

<Sysname> reset ip option source-route statistics

Related commands

display ip option source-route statistics

reset ip statistics

Use reset ip statistics to clear IP traffic statistics.

Syntax

reset ip statistics [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears IP traffic statistics on all cards.

Usage guidelines

Use this command to clear history IP traffic statistics before you collect IP traffic statistics for a time period.

Examples

# Clear IP traffic statistics.

<Sysname> reset ip statistics

Related commands

display ip interface

display ip statistics

reset packet-follow statistics

Use reset packet-follow statistics to clear the statistics collected by the packet following feature.

Syntax

reset packet-follow statistics [ receive | send ] [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

send: Specifies the statistics about outgoing packets.

receive: Specifies the statistics about incoming packets.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears the statistics collected by the packet following feature on the active MPU.

Usage guidelines

If you do not specify a card or member device, this command clears the statistics collected by the packet following feature for all cards or member devices.

Examples

# Clear the statistics collected by the packet following feature for slot 1.

<Sysname> reset packet-follow statistics slot 1

Related commands

display packet-follow statistics

reset tcp statistics

Use reset tcp statistics to clear TCP traffic statistics.

Syntax

reset tcp statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear TCP traffic statistics.

<Sysname> reset tcp statistics

Related commands

display tcp statistics

reset udp statistics

Use reset udp statistics to clear UDP traffic statistics.

Syntax

reset udp statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear UDP traffic statistics.

<Sysname> reset udp statistics

Related commands

display udp statistics

snmp-agent trap enable tcp

Use snmp-agent trap enable tcp to enable SNMP notifications for TCP events.

Use undo snmp-agent trap enable tcp to disable SNMP notifications for TCP events.

Syntax

snmp-agent trap enable tcp [ md5fail | syn-flood ] *

undo snmp-agent trap enable tcp [ md5fail | syn-flood ] *

Default

SNMP notifications for TCP events are enabled.

Views

System view

Predefined user roles

network-admin

Parameters

md5fail: Generates SNMP notifications for MD5 authentication failures. By default, the device generates SNMP notifications for MD5 authentication failures.

syn-flood: Generates SNMP notifications for TCP SYN flood attacks. By default, the device generates SNMP notifications for TCP SYN flood attacks.

Usage guidelines

This command enables the device to generate SNMP notifications for critical events in the TCP module:

· To enable SNMP notification for MD5 authentication failures, specify the md5fail keyword. When the device fails MD5 authentication during TCP connection establishment, the device generates an SNMP notification.

· To enable SNMP notification for TCP SYN flood attacks, specify t he syn-flood keyword. When the device detects a flow-based or interface-based TCP SYN flood attack, the device generates an SNMP notification.

The syn-flood keyword takes effect only after you configure the tcp anti-syn-flood flow-based enable or tcp anti-syn-flood interface-based enable command on the device. For more information about these commands, see IP-based attack prevention commands in Security Command Reference.

The SNMP notifications are sent to the SNMP module. For the SNMP notifications to be sent correctly, you must also configure SNMP. For more information about SNMP configuration, see SNMP configuration in Network Management and Monitoring Configuration Guide.

If you specify neither the md5fail keyword nor the syn-flood keyword, SNMP notifications are enabled for both MD5 authentication failures and TCP SYN flood attacks.

Examples

# Disable SNMP notifications for TCP events.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable tcp

statistics l3-packet enable

Use statistics l3-packet enable to enable Layer 3 packet statistics collection.

Use undo statistics l3-packet enable to disable Layer 3 packet statistics collection.

Syntax

statistics l3-packet enable

undo statistics l3-packet enable

Default

Layer 3 packet statistics collection is disabled.

Views

Interface view

Predefined user role

network-admin

Usage guidelines

With this feature enabled on an interface, the device counts incoming and outgoing IP packets on the interface. To display the collected statistics, execute the display ip statistics command.

When the interface is processing a large number of packets, enabling Layer 3 packet statistics collection will cause high CPU usage and degrade the forwarding performance. If the statistics are not necessary, to ensure the device performance, disable this feature.

Examples

# Enable statistics collection for incoming Layer 3 packet on Ten-GigabitEthernet 3/0/1.

<Sysname> system

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] statistics l3-packet enable

Related commands

display ip interface

display ip statistics

display ipv6 interface

display ipv6 statistics

tcp log enable

Use tcp log enable to enable TCP logging.

Use undo tcp log enable to disable TCP logging.

Syntax

tcp log enable

undo tcp log enable

Default

TCP logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The logs are sent to the information center of the device. For the logs to be output correctly, you must also configure the information center on the device. For more information about information center configuration, see Network Management and Monitoring Configuration Guide.

To avoid memory consumption caused by log recording, you can use the undo tcp log enable command to disable TCP logging.

Examples

# Enable TCP logging.

<Sysname> system-view

[Sysname] tcp log enable

tcp modify-mss

Use tcp modify-mss to adjust the TCP maximum segment size (MSS) of TCP SYN packets that go through the device.

Use undo tcp modify-mss to restore the default.

Syntax

tcp modify-mss value

undo tcp modify-mss

Default

The device does not adjust the MSS value in the TCP SYN packets that go through it.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the MSS value in bytes. The value range is 32 to 9600.

Usage guidelines

The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment. If the negotiated TCP MSS value of both ends is large, the datagram size might be larger than the intermediate device MSS (output interface MTU minus 40). In this case, the intermediate device will fragment the datagram, causing forwarding delay.

The tcp modify-mss command can help prevent the datagram from being fragmented by adjusting the MSS value in the transient TCP SYN packets.

This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist.

This command specifies the MSS of TCP SYN packets on an intermediate device. If MPLS is enabled on the interface, do not execute the command on the interface.

This command does not take effect on tunneled TCP SYN packets.

Examples

# Adjust the TCP MSS value of TCP SYN packets that go through the device to 300.

<Sysname> system-view

[Sysname] tcp modify-mss 300

Related commands

tcp mss

Use tcp mss to set the TCP maximum segment size (MSS).

Use undo tcp mss to restore the default.

Syntax

tcp mss value

undo tcp mss

Default

The TCP MSS is not set.

Views

Interface view

Predefined user roles

network-admin

Parameters

value: Specifies the TCP MSS in bytes. The minimum value is 128 bytes. The maximum value equals the maximum MTU that the interface supports minus 40.

Usage guidelines

The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment. If the size of a TCP segment is smaller than the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, TCP fragments the segment according to the receiver's MSS.

If you set the TCP MSS on an interface, the size of each TCP segment received or sent on the interface cannot exceed the MSS value.

This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist.

This configuration is effective only on IP packets. If MPLS is enabled on the interface, do not set the TCP MSS on the interface.

Examples

# Set the TCP MSS to 300 bytes on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] tcp mss 300

tcp path-mtu-discovery

Use tcp path-mtu-discovery to enable TCP path MTU discovery.

Use undo tcp path-mtu-discovery to disable TCP path MTU discovery.

Syntax

tcp path-mtu-discovery [ aging age-time | no-aging ]

undo tcp path-mtu-discovery

Default

TCP path MTU discovery is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

aging age-time: Specifies the aging time for the path MTU, in the range of 10 to 30 minutes. The default aging time is 10 minutes.

no-aging: Does not age out the path MTU.

Usage guidelines

After you enable TCP path MTU discovery, all new TCP connections detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation.

After you disable TCP path MTU discovery, the system stops all path MTU timers. The TCP connections established later do not detect the path MTU, but the TCP connections previously established still can detect the path MTU.

Examples

# Enable TCP path MTU discovery and set the path MTU aging time to 20 minutes.

<Sysname> system-view

[Sysname] tcp path-mtu-discovery aging 20

tcp syn-cookie enable

Use tcp syn-cookie enable to enable SYN Cookie to protect the device from SYN flood attacks.

Use undo tcp syn-cookie enable to disable SYN Cookie.

Syntax

tcp syn-cookie enable

undo tcp syn-cookie enable

Default

SYN Cookie is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

A TCP connection is established through a three-way handshake:

1. The sender sends a SYN packet to the server.

2. The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED state, and replies with a SYN ACK packet to the sender.

3. The sender receives the SYN ACK packet and replies with an ACK packet. Then, a TCP connection is established.

An attacker can exploit this mechanism to mount SYN flood attacks. The attacker sends a large number of SYN packets, but they do not respond to the SYN ACK packets from the server. As a result, the server establishes a large number of TCP semi-connections and cannot handle normal services.

SYN Cookie can protect the server from SYN flood attacks. When the server receives a SYN packet, it responds to the request with a SYN ACK packet without establishing a TCP semi-connection.

The server establishes a TCP connection and enters ESTABLISHED state only when it receives an ACK packet from the sender.

Examples

# Enable SYN Cookie.

<Sysname> system-view

[Sysname] tcp syn-cookie enable

tcp timer fin-timeout

Use tcp timer fin-timeout to set the TCP FIN wait timer.

Use undo tcp timer fin-timeout to restore the default.

Syntax

tcp timer fin-timeout time-value

undo tcp timer fin-timeout

Default

The TCP FIN wait timer is 675 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds.

Usage guidelines

TCP starts the FIN wait timer when the state of a TCP connection changes to FIN_WAIT_2. If no FIN packet is received within the timer interval, the TCP connection is terminated.

If a FIN packet is received, TCP changes the connection state to TIME_WAIT. If a non-FIN packet is received, TCP restarts the timer and tears down the connection when the timer expires.

Examples

# Set the TCP FIN wait timer to 800 seconds.

<Sysname> system-view

[Sysname] tcp timer fin-timeout 800

tcp timer syn-timeout

Use tcp timer syn-timeout to set the TCP SYN wait timer.

Use undo tcp timer syn-timeout to restore the default.

Syntax

tcp timer syn-timeout time-value

undo tcp timer syn-timeout

Default

The TCP SYN wait timer is 75 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time-value: Specifies the TCP SYN wait timer in the range of 2 to 600 seconds.

Usage guidelines

TCP starts the SYN wait timer after sending a SYN packet. Within the SYN wait timer if no response is received or the upper limit on TCP connection tries is reached, TCP fails to establish the connection.

Examples

# Set the TCP SYN wait timer to 80 seconds.

<Sysname> system-view

[Sysname] tcp timer syn-timeout 80

tcp timestamps enable

Use tcp timestamps enable to enable the device to encapsulate the TCP Timestamps option in outgoing TCP packets.

Use undo tcp timestamps enable to disable the device from encapsulating the TCP Timestamps option in outgoing TCP packets.

Syntax

tcp timestamps enable

undo tcp timestamps enable

Default

The TCP Timestamps option is encapsulated in outgoing TCP packets.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Devices at each end of the TCP connection can calculate the RTT value by using the TCP Timestamps option carried in TCP packets. For security purpose in some networks, you can disable the TCP Timestamps option encapsulation at one end of the TCP connection to prevent intermediate devices from obtaining the option information.

This command takes effect only on new connections that are established after you execute the command. Existing TCP connections are not affected.

Examples

# Enable the device to encapsulate the TCP Timestamps option in outgoing TCP packets.

<Sysname> system-view

[Sysname] undo tcp timestamps enable

tcp window

Use tcp window to set the size of the TCP receive/send buffer.

Use undo tcp window to restore the default.

Syntax

tcp window window-size

undo tcp window

Default

The size of the TCP receive/send buffer is 63 KB.

Views

System view

Predefined user roles

network-admin

Parameters

window-size: Specifies the size of the TCP receive/send buffer, in the range of 1 to 64 KB.

Examples

# Set the size of the TCP receive/send buffer to 3 KB.

<Sysname> system-view

[Sysname] tcp window 3

Field	Description
bad formats	Number of received messages with error format.
bad checksum	Number of received messages with checksum errors.
echo	Number of received or sent ICMP echo request messages.
destination unreachable	Number of received or sent destination unreachable messages.
source quench	Number of received or sent source quench messages.
redirects	Number of received or sent redirect messages.
echo replies	Number of received or sent echo reply messages.
parameter problem	Number of received or sent parameter problem messages.
timestamp	Number of received timestamp request messages or number of sent timestamp reply messages.
information requests	Number of received information request messages.
mask requests	Number of received or sent mask request messages.
mask replies	Number of received or sent mask reply messages.
invalid type	Number of received messages with invalid type.
router solicit	Number of received RS messages.
broadcast/multicast echo requests ignored	Number of dropped incoming broadcast or multicast echo request messages.
broadcast/multicast timestamp requests ignored	Number of dropped incoming broadcast or multicast timestamp request messages.
information replies	Number of sent information reply messages.
time exceeded	Number of received or send ICMP time exceeded messages
bad address	Number of sent messages with invalid destination addresses.
packet error	Number of sent error messages.
router advert	Number of received or sent RA messages.

05-Layer 3—IP Services Command Reference

Application scenarios

Operating mechanism

Application scenarios

Operating mechanism

ip icmp receive enable

Application scenarios

Operating mechanism

Application scenarios

Operating mechanism

Application scenarios

Operating mechanism

Application scenarios

Operating mechanism

Application scenarios

Operating mechanism

reset ip statistics

tcp mss

tcp timestamps enable

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us