| << Previous | Contents Index | Next >> |
Protocols are declared using the protocol statement:
protocol name [prot[:port]] [in|out]
name is the protocol name to declare. prot is the IP protocol, e.g. tcp, udp, icmp or a protocol number. If prot is tcp or udp, port may be specified. Note that udp ports are also applied to the UDP-Lite protocol (protocol 136) described in RFC 3828.
The final, optional field determines directionality of TCP and UDP flows; in protocols match if the source port matches the specified port number on inbound traffic, or if the destination packet matches on outbound traffic; e.g.
group webservers ip web 192.168.6.0/24 end group
protocol web-in tcp:http in protocol web-in tcp:443 in protocol web-out tcp:http out protocol web-out tcp:443 out
charge webservers -> any - inbound protocols charge webservers <- any - outbound protocols
A TCP connection from a remote host to 192.168.6.1 on port 80 will appear as being charged to charge code inbound for the inbound packets, and web-in as the protocol. The outbound packets in the same flow will be charged as outbound, but the protocol will still indicate web-in.
The phb statement assigns names to each of the possible 64 tags, and takes the form:
phb name bitmask ...
The bitmask is expressed as a six character field representing a six bit bit binary value, with 0 representing a clear bit, 1 a set bit, or x for bits that may be either set or clear. Bits are represented with the low order bit (bit 0) on the left and the high order bit (bit 5) on the right.
PHBs can be simply reported, or used for traffic rating, e.g. to allow traffic that has been prioritised within the network to be charged at a different rate. E.g.
| << Previous | Contents Index | Next >> |