Manualshelf

Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
321322323324325326327328329330
B-1
B
FILTER EXPRESSION SYNTAX
This appendix describes the syntax used to define user access rights (allowed traffic filters and
redirected traffic filters), QoS classification types, bridged traffic, and HTTP Proxy filters.
It includes the following sections:
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Filter Specification Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1
Tcpdump Primitives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2
Introduction
The 700wl Series system uses filters defined in tcpdump syntax to specify user access rights (Allowed
Traffic filters and Redirected Traffic filters), bridged traffic, and proxy filters. Incoming packets are
tested against these filters to determine whether those packets should be forwarded, redirected, or
bridged.
This appendix describes the syntax of the filter specifications used by the 700wl Series system for
defining Allowed and Redirected Traffic filters, QoS classification types that specify source and
destination addresses, Bridged traffic, and HTTP Proxy filters.
Filter Specification Syntax
Each filter specification is an expression formed using the tcpdump syntax. If an incoming packet
matches the filter (the expression is “true”) then the packet is forwarded, redirected, or bridged,
depending on the type of filter. If no expression in the set of filters is true, the packet is dropped.
An expression consists of one or more primitives. Primitives usually consist of an ID (name or number)
preceded by one or more qualifiers. There are three different kinds of qualifier:
Type qualifiers indicate the type of object to which the ID name refers. Possible types are
host, net
and
port. If there is no type qualifier, host is assumed.
Examples are:
host myHost”, net 122.43”, or port 44”.
Direction qualifiers specify a particular transfer direction— from the ID (
src), to the ID (dst), either
to or from (
src or dst) or both to and from (src and dst). If there is no direction qualifier, src
or dst
is assumed. For null link layers (i.e. point to point protocols such as slip) the inbound and
outbound qualifiers can be used to specify a desired direction.
Examples are:
“src myHost”, “dst net 122.43”, or “src or dst port ftp-data”.