Description
Contains the list of interfaces that SecureXL uses.
Syntax for IPv4
[Expert@MyGW:0]# ls -lR /proc/ppk/
[Expert@MyGW:0]# cat /proc/ppk/ifs |
Syntax for IPv6
[Expert@MyGW:0]# ls -lR /proc/ppk6/
[Expert@MyGW:0]# cat /proc/ppk6/ifs |
Example for IPv4
[Expert@MyGW:0]# cat /proc/ppk/ifs No | Interface | Address | IRQ | F | SIM F | Dev | Output Func | Features ------------------------------------------------------------------------------------------------------------- 2 | eth0 | 192.168.3.242 | 67 | 39 | 80 | 0xffff81023e836000 | 0x000013a0 3 | eth1 | 10.20.30.242 | 75 | 29 | 88 | 0xffff81023d508000 | 0x000013a0 4 | eth2 | 0.0.0.0 | 59 | 1 | 80 | 0xffff81023d6b4000 | 0x000013a0 5 | eth3 | 192.168.196.18 | 67 | 29 | 80 | 0xffff81023dbc1000 | 0x000013a0 6 | eth4 | 192.168.196.18 | 83 | 29 | 80 | 0xffff81023d678000 | 0x000013a0 7 | eth5 | 0.0.0.0 | 75 | 1 | 80 | 0xffff81023c6ba000 | 0x000013a0 8 | eth6 | 0.0.0.0 | 59 | 1 | 80 | 0xffff81023e370000 | 0x000013a0 11 | eth2.53 | 192.168.196.2 | 0 | 29 | 580 | 0xffff81022ca90000 | 0x000013a0 12 | eth2.52 | 192.168.196.2 | 0 | 29 | 580 | 0xffff81022c980000 | 0x000013a0 [Expert@MyGW:0]# |
Example for IPv6
[Expert@MyGW:0]# cat /proc/ppk6/ifs No | Interface | Address | IRQ | F | SIM F | Dev | Output Func | Features ------------------------------------------------------------------------------------------------------------- 2 | eth0 | fe80:0:0:0:250:56ff:fea3:3038 | 67 | 39 | 80 | 0xffff81023f57e000 | 0x000013a0 3 | eth1 | fe80:0:0:0:250:56ff:fea3:770b | 75 | 29 | 80 | 0xffff81023b9d7000 | 0x000013a0 4 | eth2 | fe80:0:0:0:250:56ff:fea3:c39 | 59 | 1 | 80 | 0xffff81023e161000 | 0x000013a0 7 | eth5 | fe80:0:0:0:250:56ff:fea3:4242 | 75 | 1 | 80 | 0xffff81023de56000 | 0x000013a0 8 | eth6 | fe80:0:0:0:250:56ff:fea3:2039 | 59 | 1 | 480 | 0xffff81023c06a000 | 0x000013a0 [Expert@MyGW:0]# |
Explanation about the configuration flags in the "F" and "SIM F" columns
The "F
" column shows the internal configuration flags that Firewall set on these interfaces.
The "SIM F
" column shows the internal configuration flags that SecureXL set on these interfaces.
Flag |
Description |
---|---|
0x001 |
If this flag is set, the SecureXL drops the packet at the end of the inbound inspection, if the packet is a "cut-through" packet. In outbound, SecureXL forwards all the packets to the network. |
0x002 |
If this flag is set, the SecureXL sends an appropriate notification whenever a TCP state change occurs (connection is established / torn down). |
0x004 |
If this flag is set, the SecureXL it sets the UDP header's checksum field correctly when the SecureXL encapsulates an encrypted packet (UDP encapsulation). If flag is not set, SecureXL sets the UDP header's checksum field to zero. It is safe to ignore this flag, if it is set to 0 (SecureXL still calculates the UDP packet's checksum). |
0x008 |
If this flag is set, the SecureXL does not create new connections that match a template, and SecureXL drops the packet that matches the template, when the Connections Table reaches the specified limit. If this flag is not set, the SecureXL forwards the packet to the Firewall. |
0x010 |
If this flag is set, the SecureXL forwards fragments to the Firewall. |
0x020 |
If this flag is set, the SecureXL does not create connections from TCP templates anymore. The Firewall can still offload connections to SecureXL. This flag only disables only the creation of TCP templates. |
0x040 |
If this flag is set, the SecureXL periodically notifies the Firewall, so it refreshes the accelerated connections in the Firewall kernel tables. |
0x080 |
If this flag is set, the SecureXL does not create connections from non-TCP templates anymore. The Firewall can still offload connections to SecureXL. This flag only disables only the creation of non-TCP templates. |
0x100 |
If this flag is set, the SecureXL allows sequence verification violations for connections that did not complete the TCP 3-way handshake process (otherwise, SecureXL must forward the violating packets to the Firewall). |
0x200 |
If this flag is set, the SecureXL allows sequence verification violations for connections that completed the TCP 3-way handshake process (otherwise, SecureXL must forward the violating packets to the Firewall). |
0x400 |
If this flag is set, the SecureXL forwards TCP [RST] packets to the Firewall. |
0x0001 |
If this flag is set, the SecureXL notifies the Firewall about HitCount data. |
0x0002 |
If this flag is set, the VSX Virtual System acts as a junction, rather than a normal Virtual System (only the local Virtual System flag is applicable). |
0x0004 |
If this flag is set, the SecureXL disables the reply counter of inbound encrypted traffic. This makes SecureXL kernel module act in the same way as the VPN kernel module does. |
0x0008 |
If this flag is set, the SecureXL enables the MSS Clamping. Refer to the kernel parameters ' |
0x0010 |
If this flag is set, the SecureXL disables the "No Match Ranges" (NMR) Templates (see sk117755). |
0x0020 |
If this flag is set, the SecureXL disables the "No Match Time" (NMT) Templates (see sk117755). |
0x0040 |
If this flag is set, the SecureXL does not send Drop Templates notifications (about dropped packets) to the Firewall (to maintain the drop counters). For example, if you set the value of the kernel parameter |
0x0080 |
If this flag is set, the SecureXL enables the MultiCore support for IPsec VPN (see sk118097). |
0x0100 |
If this flag is set, the SecureXL enables the support for CoreXL Dynamic Dispatcher (see sk105261). |
0x0800 |
If this flag is set, the SecureXL does not enforce the Path MTU Discovery for IP multicast packets. |
0x1000 |
If this flag is set, the SecureXL disables the SIM "drop_templates" feature. |
0x2000 |
If this flag is set, it indicates that an administrator enabled the Link Selection Load Sharing feature. |
0x4000 |
If this flag is set, the SecureXL disables the asynchronous notification feature. |
0x8000 |
If this flag is set, it indicates that the Firewall Connections Table capacity is unlimited. |
Examples:
Value |
Description |
---|---|
0x039 |
Means the sum of these flags:
|
0x00008a16 |
Means the sum of these flags:
|
0x00009a16 |
Means the sum of these flags:
|