12-14 CHAPTER 12: CREATING AND USING PACKET FILTERS

The rest of this section concentrates on the parts of the filter, showing you how to translate the pseudocode’s requirements into filter language. The large filter on page 12-13 is broken down into subsets to show how you can create small filters that perform one or two tasks, and then combine them for more sophisticated filtering. Table 12-5 shows how the purpose of each pseudocode step is accomplished in the small series of packet filters.

Table 12-5 Pseudocode Requirements Mapped to the Packet Filter

Step

Accomplished Through…

1The path to which you assign the packet filter. For administrative purposes, this path is specified in the first two comment lines in the filter definition. The filter must be assigned to a multicast path to filter packets with broadcast addresses.

2Packet Filter One — Forwarding XNS packets

3Packet Filter Two — Checking for specified socket range

4& 5 Combining a Subset of Filters — Forwarding IP packets within specified socket range

Packet Filter One. This filter is designed to forward XNS packets. These steps show how to create this filter.

1Name the filter:

“Forward only XNS packets”

It is important to distinguish the function of each filter when it is loaded onto a Switch 2200 that has more than one filter stored in memory. Naming is also useful for archiving filters on an ftp server so that the filters can be saved and loaded on one or more Switch 2200 systems.

2Enter executable instruction #1:

pushField.w 12 #

get the

type field of the packet and

#

place it

on top of the stack

3Enter executable instruction #2:

pushLiteral.w 0x0600 #

put

the type value for XNS on top

#

of

the stack

Page 151
Image 151
3Com 2200 manual Enter executable instruction #1, Enter executable instruction #2