12-14 CHAPTER 12: CREATING AND USING PACKET FILTERS
The rest of this section concentrates on the parts of the filter, showing you
how to translate the pseudocode’s requirements into filter language. The
large filter on page 12-13 is broken down into subsets to show how you can
create small filters that perform one or two tasks, and then combine them
for more sophisticated filtering. Table 12-5 shows how the purpose of each
pseudocode step is accomplished in the small series of packet filters.
Packet Filter One. This filter is designed to forward XNS packets. These
steps show how to create this filter.
1 Name the filter:
“Forward only XNS packets”
It is important to distinguish the function of each filter when it is loaded
onto a Switch 2200 that has more than one filter stored in memory. Naming
is also useful for archiving filters on an ftp server so that the filters can be
saved and loaded on one or more Switch 2200 systems.
2 Enter executable instruction #1:
pushField.w 12 # get the type field of the packet and
# place it on top of the stack
3 Enter executable instruction #2:
pushLiteral.w 0x0600 # put the type value for XNS on top
# of the stack
Table 12-5 Pseudocode Requirements Mapped to the Packet Filter
Step Accomplished Through…
1 The path to which you assign the packet filter. For administrative purposes,
this path is specified in the first two comment lines in the filter definition.
The filter must be assigned to a multicast path to filter packets with
broadcast addresses.
2 Packet Filter One — Forwarding XNS packets
3 Packet Filter Two — Checking for specified socket range
4 & 5 Combining a Subset of Filters — Forwarding IP packets within specified
socket range