Wireless LAN – WLAN
90
3.5
Extended WLAN protocol filters
BAT54-Rail/F..
Release
7.54
06/08
3.5.2 Procedure for filter test
If no filter rules are defined for an interface, all packets from and destined to
it are transmitted without alteration. As soon as a filter rule has been defined
for an interface, all packets to be transferred via this interface are checked
prior to being processed.
V As a first step, the information required for checking is read out of the
packets:
V DHCP source MAC:
V Destination MAC address of the packet:
V Protocol, e.g. IPv4, IPX, ARP
V Sub-protocol, e.g. TCP, UDP or ICMP for IPv4 packets, ARP Request
or ARP Response for ARP packets
V IP address and network mask (source and destination) for IPv4 pack-
ets
V Source and destination port for IPv4 TCP or IPv4 UDP packets
V As a second step, this information is checked against the information from
the filter rules. All those rules in which the source or destination interface
is included in the interface list are considered. Checking of the rules for
the individual values is as follows:
V For DHCP source MAC, protocol and sub-protocol, the values read out
of the packets are checked for consistency with the values defined in
the rule.
V With IP addresses, the source and destination address of the packet
are checked to see whether they lie within the range formed by the IP
address and the network mask of the rule.
V Source and destination ports are checked to see whether they lie in the
range between start port and end port.
If none of the rule values specified (not filled by wildcards) agree with the
values read out of the packet, the rule is not considered applicable and is
disregarded. If several rules apply, the most accurate rule action is car-
ried out. Parameters are more accurate the further down the list of
parameters they are or the further right they appear in the protocol table.
To Next Page
Loading...
