3Com 3C421600A Management Manual page 225

Generic Filter Rules
Generic filter rules are similar in format to protocol filter rules. The
following shows the rule syntax. The following is the rule syntax:
<line #> <verb> <keyword> <operator> origin = <DATA | FRAME>/
offset = <value>/length = <value>/mask = <hexadecimal value>/
value = <hexadecimal value>;
Table 59 describes each field used in the rule syntax.
Table 59 Generic Filter Rules
Field Description
Each rule must have a unique line number (1-999). You must arrange
line #
rules in increasing order.
This field can be one of the following:
verb
ACCEPT —allow packet access if the condition is met
REJECT — do not allow packet access if the condition is met
AND — logically use the AND condition with condition of the next
rule to determine if packet is accepted or rejected. Both defined
conditions must be met. IMPORTANT: No more than 15 consecutive
AND rules are permitted.
The keywords for a generic filter rule is always GENERIC.
keyword
operator The operator for a generic filter rule is always: =>
Can be either FRAME or DATA
origin
This is the number of bytes offset from the origin.
offset
This is the number of bytes to compare and mask.
length
This is the bit mask, in hexadecimal format, for logical and packet
mask
content. (00 or FF)
This value, in hexadecimal format, is used to compare with contents of
value
masked packet
For example, a generic filter rule might look like the following:
010 ACCEPT generic => origin = data/offset = 22/length = 6/
mask = 0xFFFFFFFFFFFF/value = 0x0800096f39c8;
Creating Filters 223