Filter
Top Products
Chapter 5
Packet Classification and Labelling
E-NIT-CTC-20041213-0013 v0.5
36
Ackclass The ackclass parameter is used to select the DiffServ queue for single ACK segments
of a TCP connection.
Bidirectional Bi-directional labeling of connections is used to copy the label (Routing and/or QoS)
from the initiator stream to the returning stream. Bi-directional labels cannot be used
in the forwarding table.
Inheritance When inheritance is enabled, this label will be copied to streams of all child
connections in the same direction (so for a bi-directional label to all child streams).
This allows to automatically classify (label) child streams and/or connections using
any supported ALG
A child connection is a connection that is setup automatically by a parrent
connection.
Example In active mode FTP the client connects from a random unprivileged port (N > 1024)
to the FTP server's command port, port 21. Then, the client starts listening to port
N+1 and sends the FTP command PORT N+1 to the FTP server. The server will
then connect back to the client's specified data port from its local data port, which is
port 20.
From the server-side firewall's standpoint, to support active mode FTP the following
communication channels need to be opened:
FTP server's port 21 from anywhere (Client initiates connection)
FTP server's port 21 to ports > 1024 (Server responds to client's control port)
FTP server's port 20 to ports > 1024 (Server initiates data connection to
client's data port)
FTP server's port 20 from ports > 1024 (Client sends ACKs to server's data
port)
Ackclass values Description
0..15 The internal class number.
prioritize If selected the ACK segments will be given a higher
priority than the defclass. (Ackclass +2)
defclass If selected the same class will be used as defined in
the defclass parameter.
Bidirectional values Description
disable Disables the label for the return stream.
enable Enables the label for the return stream.
Inheritance values Description
disable Disables the label for child connections.
enable Enables the label for child connections.