3com 2200 用户手册
12-10
C
HAPTER
12: C
REATING
AND
U
SING
P
ACKET
F
ILTERS
Run-time storage of
packet filters
For run-time storage of packet filter programs, each Switch 2200 system
provides a maximum of 8192 bytes. There is no explicit system or
per-packet-filter overhead; however, performance considerations can result
in unused areas of the run-time storage.
provides a maximum of 8192 bytes. There is no explicit system or
per-packet-filter overhead; however, performance considerations can result
in unused areas of the run-time storage.
The run-time format is approximately eight times the size of the stored
format. Thus a 200-byte packet filter program in stored format expands to
approximately 1600 bytes in the run-time format. A single packet filter
program cannot exceed 2048 bytes in the run-time format.
format. Thus a 200-byte packet filter program in stored format expands to
approximately 1600 bytes in the run-time format. A single packet filter
program cannot exceed 2048 bytes in the run-time format.
Procedure for
Writing a Filter
The following steps show the process of writing a packet filter. Detailed
examples are provided in the section “Examples of Creating Filters” on
page 12-11.
examples are provided in the section “Examples of Creating Filters” on
page 12-11.
You write the instructions for the packet filter using the following syntax:
<opcode>[.<size>] [<operand>...] [# <comment>]
The opcode descriptions are in the section Appendix A: Packet Filter
Opcodes, Examples, and Syntax Errors. The description of the supported
operand sizes can be found in Table 12-2. The operand value is determined
by what you are testing (for example, an address or a length).
Opcodes, Examples, and Syntax Errors. The description of the supported
operand sizes can be found in Table 12-2. The operand value is determined
by what you are testing (for example, an address or a length).
Implicit operands for an instruction must be of the size expected by the
instruction. Any mismatch in implicit operand size results in an error
“operand size mismatch” when you load the program into the system.
instruction. Any mismatch in implicit operand size results in an error
“operand size mismatch” when you load the program into the system.
When writing a packet filter, be sure that you use comments (preceded by
#) to describe each step in the filter. This habit will help you to revise filters
in the future and enable others to understand and use the filters you create.
#) to describe each step in the filter. This habit will help you to revise filters
in the future and enable others to understand and use the filters you create.
To write a packet filter:
1 Assign a unique, descriptive name to the filter using the
Name
opcode.
2 Specify what to test. For example, use the
pushField
opcode to select a
field in the packet.
3 Specify what to compare to the value in step 2. For example, use the
pushLiteral
opcode to select a constant value.