Page 15 | AlliedWare™ OS How To Note: Hardware Filters
Appendix A: How to use the layer 4 mask in classifiers
Example 2: ports 5004-5008
In some more complex situations, we may need more than one classifier to cover all the
range we want to. Let’s take UDP destination ports between 5004-5008
According to the bolded bits, we may think that the changed bits are the last 5 bits so the
mask should be
11111111
111
00000.
But remember that if we set the last 5 bits to 0, the mask will cover 2
5
= 32 ports. But we
want to cover only 5 ports, so let’s divide 5 into 4+
1
.
Now it is really easy to write the classifiers!
create class=1 udpdp=5004 l4dmask=FFFC
create class=2 udpdp=5008
add swi hwfilt class=1,2 action=drop
Example 3: ports 333-777
A more complex situation, let’s try to write the classifiers for UDP ports between 333-777.
As we are trying to get rid of odd numbers in the beginning of our port range, we will prefer
to write classifiers for single port number for 333.
z
777-334+
1
= 444 total number of port (+
1
for including 333)
z
256 +
1
28 + 32 +
1
6 + 8 + 4 = 444 (7 classifiers)
z
7 class
1
classifier (for 333) = 8 classifiers
Now the question is how to locate these blocks. The short-cut to do that is, first, find the
position of the biggest block, which is 256 for our example. 256 should fit into one of the
following blocks:
5004
5005
5006
5007
5008
=
=
=
=
=
00010011 10001100
00010011 100011
01
00010011 100011
10
00010011 100011
11
00010011 100
10000
5004
5005
5006
5007
5008
=
=
=
=
=
00010011 10001100
00010011 10001101
00010011 10001110
00010011 10001111
00010011 10010000
4 ports
+
1 port
0
256
512
768
...
65280
-
-
-
-
-
255
512
767
1024
65536
