Implementing Sequential Tests In A Packet Filter - 3Com LANPLEX 6000 User Manual
Administration console
Hide thumbs
Also See for LANPLEX 6000:
- Installation manual (16 pages) ,
- Datasheet (2 pages) ,
- User manual (74 pages)
Table of Contents
Advertisement
14-8
C
14: C
HAPTER
REATING AND
U
P
F
SING
ACKET
ILTERS
Implementing Sequential Tests in a Packet Filter
Filter language expressions are normally evaluated to completion —
a packet is accepted if the value remaining on the top of the stack is
non-zero. Frequently, however, a single test is insufficient to filter packets
effectively. Where more tests are warranted, you want to accept a packet
that either:
Satisfies at least one criterion specified in two or more tests (ORs the results
of the tests), or
Satisfies all criteria specified in two or more tests (ANDs the results of the
tests)
The accept and reject instructions are used to implement sequential tests,
as shown in Figure 14-2. When using accept or reject, construct the packet
filter so that the tests more likely to be satisfied are performed before tests
that are less likely to be satisfied.
Accept
(Use for OR-ing tests)
First test
Non-zero
result?
Yes
No
Next test
Figure 14-2 Accept and Reject Instructions
First test
Non-zero
Accept packet
result?
and terminate
test sequence
Next test
Reject
(Use for AND-ing tests)
Reject packet
Yes
and terminate
test sequence
No
Advertisement
Table of Contents
