ipspIpHeadFiltType
IPSEC-POLICY-MIB ·
.1.3.6.1.2.1.153.1.8.1.2
Object
column
r/w
Bits
This defines the various tests that are used when evaluating
a given filter. The results of each test are ANDed together
to produce the result of the entire filter. When processing
this filter, it is recommended for efficiency reasons that
the filter halt processing the instant any of the specified
tests fail.
Once a row is 'active', this object's value may not be
changed unless all the appropriate columns needed by the new
value to be imposed on this object have been appropriately
configured.
The various tests definable in this table are as follows:
sourceAddress:
- Tests if the source address in the packet lies between
the ipspIpHeadFiltSrcAddressBegin and
ipspIpHeadFiltSrcAddressEnd objects.
Note that setting these two objects to the same address
will limit the search to the exact match of a single
address. The format and length of the address objects
are defined by the ipspIpHeadFiltIPVersion column.
A row in this table containing a ipspIpHeadFiltType
object with the sourceAddress object bit but without the
ipspIpHeadFiltIPVersion, ipspIpHeadFiltSrcAddressBegin
and ipspIpHeadFiltSrcAddressEnd objects set will cause
the ipspIpHeadFiltRowStatus object to return the notReady
state.
destinationAddress:
- Tests if the destination address in the packet lies
between the ipspIpHeadFiltDstAddressBegin and
ipspIpHeadFiltDstAddressEnd objects. Note that setting
these two objects to the same address will limit the
search to the exact match of a single address. The
format and length of the address objects are defined by
the ipspIpHeadFiltIPVersion column.
A row in this table containing a ipspIpHeadFiltType
object with the destinationAddress object bit but without
the ipspIpHeadFiltIPVersion,
ipspIpHeadFiltDstAddressBegin and
ipspIpHeadFiltDstAddressEnd objects set will cause the
ipspIpHeadFiltRowStatus object to return the notReady
state.
sourcePort:
- Tests if the source port of IP packets using a protocol
that uses port numbers (at this time, UDP or TCP) lies
between the ipspIpHeadFiltSrcLowPort and
ipspIpHeadFiltSrcHighPort objects. Note that setting
these two objects to the same address will limit the
search to the exact match of a single port.
A row in this table containing a ipspIpHeadFiltType
object with the sourcePort object bit but without the
ipspIpHeadFiltSrcLowPort, and ipspIpHeadFiltSrcHighPort
objects set will cause the ipspIpHeadFiltRowStatus object
to return the notReady state.
destinationPort:
- Tests if the source port of IP packets using a protocol
that uses port numbers (at this time, UDP or TCP) lies
between the ipspIpHeadFiltDstLowPort and
ipspIpHeadFiltDstHighPort objects. Note that setting
these two objects to the same address will limit the
search to the exact match of a single port.
A row in this table containing a ipspIpHeadFiltType
object with the sourcePort object bit but without the
ipspIpHeadFiltDstLowPort, and ipspIpHeadFiltDstHighPort
objects set will cause the ipspIpHeadFiltRowStatus object
to return the notReady state.
protocol:
- Tests to see if the packet being processed is for the
given protocol type.
A row in this table containing a ipspIpHeadFiltType
object with the protocol object bit but without the
ipspIpHeadFiltProtocol object set will cause the
ipspIpHeadFiltRowStatus object to return the notReady
state.
ipv6FlowLabel:
- Tests to see if the packet being processed contains an
ipv6 Flow Label which matches the value in the
ipfIPv6FlowLabel object. Setting this bit mandates that
for the packet to match the filter, it must be an IPv6
packet.
A row in this table containing a ipspIpHeadFiltType
object with the ipv6FlowLabel object bit but without the
ipfIPv6FlowLabel object set will cause the
ipspIpHeadFiltRowStatus object to return the notReady
state.
Context
- MIB
- IPSEC-POLICY-MIB
- OID
.1.3.6.1.2.1.153.1.8.1.2- Type
- column
- Access
- readwrite
- Status
- current
- Parent
- ipspIpHeaderFilterEntry
Syntax
Bits
Values & Constraints
Enumerated Values
0 | sourceAddress |
1 | destinationAddress |
2 | sourcePort |
3 | destinationPort |
4 | protocol |
5 | ipv6FlowLabel |