Creating Packet Filters
12-5
Table 12-2 describes the instructions and stacks of a packet filter.
Table 12-2
Packet Filter Instructions and Stacks — Descriptions and Guidelines
Element
Descriptions and Guidelines
Instructions
Each instruction in a packet filter definition must be on a separate line in the packet
filter definition file.
Instruction format
An instruction consists of an opcode followed by explicit operands and a comment.
Although comments are optional, it is recommended that you use them throughout
the packet filter for easier administration of the filters. The opcode includes an explicit
operand size specification.
The general syntax of an instruction is:
<opcode>[.<size>] [<operand>...] [# <comment>]
For example:
pushliteral.l 0xffffff00 #load the type field mask
Use any combination of uppercase and lowercase letters for the opcode and size.
The contents of a line following the first # (outside a quoted string) are ignored.
Operand sizes
The following operand sizes are supported:
■
1 byte = .b
■
2 bytes = .w
■
4 bytes = .l
■
6 bytes = .a (Included primarily for use with 48-bit, IEEE, globally assigned MAC
addresses)
Maximum length
The maximum length for a filter definition is 4096 bytes.
Stack
The packet filter language uses a stack to store the operands that will be used by an
instruction and the results of the instruction.
Operands are popped from the stack as required by the instructions. An instruction
using two or more operands takes the first operand from the top of the stack, with
subsequent operands taken in order from succeeding levels of the stack.
The stack is a maximum of 64 bytes long, with space in the stack allocated in multiples
of 4 bytes. This rule provides for a maximum of 16 operands on the stack.
An address size operand (.a) consumes 8 bytes on the stack, decreasing the maximum
number of operands on the stack.
Summary of Contents for SUPERSTACK 2200
Page 41: ......
Page 75: ......
Page 173: ...13 12 CHAPTER 13 CONFIGURING ADDRESS AND PORT GROUPS TO USE IN PACKET FILTERS ...