12-12 CHAPTER 12: CREATING AND USING PACKET FILTERS

Packet Filter Solution

The solution described here is to create a highly sophisticated packet filter that prevents only the broadcast packets from the market data servers from being forwarded onto the segments that are not part of an active trading floor.

Before writing the packet filter, it is important to understand the functions that the filter must provide. The broadcast packets that are transmitted by the servers are based on either TCP/IP or XNS protocol. In both cases, the broadcast packets have socket values that are greater than 0x076c and less than 0x0898. The socket value is located 24 bytes into the packet in IP data- grams and 30 bytes into the packet in XNS datagrams.

You can use this information to create pseudocode that simplifies the process of writing the actual filter. It helps to write the pseudocode in outline form, as shown here:

1Determine if the packet has a broadcast address. (Use the packet filter path assignment.)

2Determine if the packet is an XNS datagram.

3Check socket values and discard the packet if:

a The socket value is greater than or equal to 0x76c

AND

b The socket value is less than 0x898

4Determine if the packet is an IP datagram.

5Check socket values and discard the packet if:

a The socket value is greater than or equal to 0x76c

AND

b The socket value is less than 0x898

6End the filter.

Page 149
Image 149
3Com 2200 manual Creating and Using Packet Filters