Page 14 | AlliedWare™ OS How To Note: Hardware Filters
Appendix A: How to use the layer 4 mask in classifiers
Example
1
: ports 2000-2003
Let’s say we want to have a UDP port range of 2000-2003, then the mask we need to have is:
The changed bits from 2000-2003 are bolded. We must now write a L4 mask which will meet
these requirements. The easiest way to do is, we must set the changed bits (between 2000
and 2003) in the mask to 0. In our example, they are the last 2 bits. So our mask should be:
We must convert the binary number of
11111111
111111
00 to hex, which ends in
FF FC
.
The classifier for UDP destination ports between 2000-2003 should be:
Create class=1 udpdp=2000 l4dmask=FFFC
Points to remember
In our first example we choose a starting port number in which the last 2 bits were 0 and
also choose the number of the ports as 4 (power of 2) to simplify the example.
Before going into the complex examples, there are some points to remember for the L4
mask calculation:
z
if the beginning port is an odd number (last bit
1
), to cover a range of ports, you will need
an extra
1
classifier compared to the even-beginning ports.
z
you can easily calculate the total number of ports in a mask by using the formula 2
x
(where
x is the number of the 0's at the end of the mask). For example, a mask of
1111111111111
000 will cover a range of 2
3
= 8 ports.
z
Divide the total number of the ports you want to cover into a sum of powers of 2. For
example, a range of 77 ports could be divided into:
64 + 8 + 4 +
1
=77
This shows us that a group of 77 ports could be covered by a minimum of 4 classifiers.
2000
2001
2002
2003
=
=
=
=
00010011 10001100
00010011 1000110
1
00010011 100011
1
0
00010011 100011
11
2000
2001
2002
2003
L4 Mask
=
=
=
=
=
00010011 10001100
00010011 1000110
1
00010011 100011
1
0
00010011 100011
11
11111111 111111
00
