Packetmaster filter rules

Fillter rules for Packetmaster EX series

All with a read dot marked fields can be used as filter match also in combination

 

 

Packetmaster filter rules
in_port=port_number Ingress port number
dl_src=xx:xx:xx:xx:xx:xx Ethernet source address
dl_dst=xx:xx:xx:xx:xx:xx [/ xx:xx:xx:xx:xx:xx] Ethernet destination address
This keyword supports a wildcard mask following the slash. Only four masks are allowed.
− 01:00:00:00:00:00
   Match only the multicast bit. Thus, dl_dst = 01:00:00:00:00:00/01:00:00:00:00:00
   matches all multicast (including broadcast) Ethernet packets, and dl_dst =
   00:00:00:00:00:00/01:00:00:00:00:00 matches all unicast Ethernet packets.
fe:ff:ff:ff:ff:ff
   Match all bits except the multicast bit. This is probably not useful.
ff:ff:ff:ff:ff:ff
   Exact match (equivalent to omitting the mask)
− 00:00:00:00:00:00
   Wildcard all bits (equivalent to dl_dst = *).
dl_type=ethertype Ethernet Protocol type ethertype, such as 0x0806 to match ARP packets
dl_vlan_pcp=priority Matches IEEE 802.1q Priority Code Point (PCP) priority
dl_vlan=vlan Matches IEEE 802.1q Virtual LAN tag vlan
vlan_tci=tci Matches modified VLAN TCI
nw_src=ip[/netmask] IPv4 source address
nw_dst=ip[/netmask] IPv4 destination address
The optional
netmask allows restricting a match to an IPv4 address prefix. The netmask
may be specified as a dotted quad (e.g. 192.168.1.0/255.255.255.0) or as a CIDR block (e.g.
192.168.1.0/24).
When
dl_type=0x0806 or arp is specified, matches the arp_spa or arp_tpa field,
respectively, I ARP packets for IPV4 and Ethernet.
When
dl_type is wildcarded or set to a value other than 0x0800 or 0x0806, the values of
nw_src and nw_dst are ignored.
nw_proto=proto IP Protocol type proto which is specified as a decimal number between 0 and 255, inclusive
(e.g. 1 to match ICMP packets or 6 to match TCP packets)
nw_tos=tos IP ToS/DSCP traffic class field ToS which is specified as a decimal number between 0 and 255, inclusive.
tp_src=port UDP or TCP source port.
tp_dst=port

UDP or TCP destination port which is specified as a decimal number between 0 and 65535, inclusive

(e.g. 80 to match packets originating from a HTTP server)

icmp_type=type ICMP Protocol type which is specified as a decimal number between 0 and 255
When
dl_type and nw_proto take other values other than ICMP, the values of this setting is ignored.
icmp_code=code ICMP Protocol code which is specified as a decimal number between 0 and 255
When
dl_type and nw_proto take values other than ICMP, the values of this setting isignored.
idle_timeout=seconds Causes the flow to expire after the given number of seconds of inactivity
A value of 0 (the default) prevents a flow from expiring due to inactivity.
hard_timeout=seconds Causes the flow to expire after the given number of seconds, regardless of activity
A value of 0 (the default) gives the flow no hard expiration deadline.

Wildcard match fields:

  • IN_PORT
  • MAC_SA/MAC_DA
  • VLAN_ID/
  • VLAN_PCP
  • ETHER_TYPE
  • ICMP TYPE/ICMP CODE ARP_OP/ARP_SPA/ARP_TPA IPSA/IPDA/IP_DSCP
  • L3_PROTOCOL TCP_SRC_PORT/TCP_DST_PORT UDP_SRC_PORT/UDP_DST_PORT
  • GRE TUNNEL ID
  • MPLS_LABEL

Available Actions:

  • OUTPUT
  • SET_FIELD
    MAC_SA/MAC_DA/VLAN_VID/VLAN_PCP/IPV4_DA/TCP_DST_PORT/UDP_DST_PORT/
    MPLS_LABEL/MPLS_TC/TUNNEL_ID (means change the field)

 

  • PUSH_MPLS/POP_MPLS
  • PUSH_VLAN/POP_VLAN
  • DEC_IP_TTL
  • SET_MPLS_TTL
Saturday, 01 May 2010 Posted in EX2, EX5-2, EX 6, EX12