Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Pipe75 and Ethernet data filters.
Peter Lalor <plalor@infoasis.com> wrote:
>Scott Hess wrote:
>>I've been unable to get data filters working for Ethernet.
>
>I don't know all the details, but you need to allow ARP on an
>Ethernet.
<...>
>Check out <http://www.ascend.com/696.html, which deals with writing
>filters generally, and ARP specifically.
Indeed, that was the problem - I can't believe I didn't see that
clause in reviewing the document.
For those who didn't get it, the problem is that when the Pipeline
receives a packet, it goes to check the IP address using the ARP
cache to resolve MAC address to IP. If the IP isn't in the ARP
cache, it sends out an ARP request to find out the appropriate IP
address. Unfortunately, the ARP response never makes it through
the filter because there's no MAC->IP mapping in the cache... so
you have to provide a GENERAL filter on the portion of the raw
ethernet packet which indicates it's an ARP packet (though, to tell
the truth, it's just a two-byte filter, and I'm thinking I want to
pull out a reference book and see if I can't make it a _little_
more precise).
At least that's my read of the situation. It obviously doesn't
just trust the IP address in the packet being filtered, because I
had Forward rules to handle those.
Thanks,
---
scott hess <scott@doubleu.com> (606) 578-0412 http://www.doubleu.com/
<Favorite unused computer book title: The Compleat Demystified Idiots
Guide to the Zen of Dummies in a Nutshell in Seven Days, Unleashed>
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: