Creating Packet Filters 12-7
The Ethernet and FDDI packet fields in Figure 12-1 are used as operands in
the packet filter. The two simplest operands are described in Table 12-3.
The operators that you specify in the packet filter allow the filter to make
a logical decision about whether the packet should be forwarded or
discarded. These operators are described in Table 12-4.
The operators and, or,
and exclusive or are bit-wise operators. Each bit of
the operands is logically compared to produce the resulting bit.
Table 12-3 Packet Filter Operands
Operand Description Opcode
packet field A field in the packet that can reside at any offset.
The size of the field can be 1, 2, 4, or 6 bytes.
Typically, you only specify a 6-byte field when you
want the filter to examine a 48-bit address.
pushField
constant A literal value to which you are comparing a packet
field. As with a field, a constant can be 1, 2, 4, or 6
bytes long.
pushLiteral
Table 12-4 Packet Filter Operators
Operator Result Opcode
equal true if operand 1 = operand 2 eq
not equal true if operand 1 ≠ operand 2 ne
less than true if operand 1 < operand 2 lt
less than or equal true if operand 1 ≤ operand 2 le
greater than true if operand 1 > operand 2 gt
greater than or equal true if operand 1 ≥ operand 2 ge
and operand 1 bit-wise AND operand 2 and
or operand 1 bit-wise OR operand 2 or
exclusive or operand 1 bit-wise XOR operand 2 xor
not true if operand 1 = false not
shift left operand 1 SHIFT LEFT operand 2 shiftl
shift right operand 1 SHIFT RIGHT operand 2 shiftr