Create complex filters – Net Optics Director User Manual
Page 33
Director
29
ip_src, ip_src_mask
IPv4 source address and mask
•
ip_dst, ip_dst_mask
IPv4 destination address and mask
•
ip6_src, ip6_src_mask
IPv6 source address and mask
•
ip6_dst, ip6_dst_mask
IPv6 destination address and mask
•
l4_src_port, l4_src_port_mask Layer 4 source port and mask
•
l4_dst_port, l4_dst_port_mask Layer 4 destination port and mask
•
mac_src, mac_src_mask
MAC source address and mask
•
mac_dst, mac_dst_mask
MAC destination address and mask
•
vlan
VLAN number
•
Create Complex Filters
Multiple filter parameters can be specified in a single filter add command. Packets must satisfy all of the filter
parameters to be selected; in other words, the filter parameters have a logical AND connection.
To select all TCP traffic arriving from IP address 192.186.10.0:
Enter
1.
filter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1. A filter has been
defined to select all IPv4 TCP packets from Network Port 5 with a source IP address of 192.186.10.0; packets
matching the filter are copied to Monitor Port 1.
Enter
2.
filter commit. The filter is activated.
Monitor Port 1
Network Port 5
Source IP =
192.186.10.0
Network Port 5
Protocol =
TCP
filter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1
Logical AND filter connection
Figure 28:
A logical OR connection can be made between filters by specifying multiple filters with the same network and monitor
port lists.
To select all packets which are either TCP or UDP protocol:
Enter
1.
filter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.1. A filter has been defined to select all IPv4
TCP packets from Network Port 5 and copy them to Monitor Port 1.
Enter
2.
filter add in_ports=n1.5 ip_proto=17 action=redir redir_ports=m.1. Another filter has been defined to
select all IPv4 UDP packets from Network Port 5 and copy them to Monitor Port 1.
Enter
3.
filter commit. The filters are activated.