IBM Books

AIS V3.3 Protocol Config Ref Vol 1

Configuring and Monitoring NetBIOS Filtering

This chapter describes the NetBIOS filtering configuration commands. These commands let you configure NetBIOS filtering as an added feature to ASRT bridging. Configuration commands are accessed from the NetBIOS config> prompt.

Included are the following sections:

Accessing the ASRT and the DLSW Configuration Environments

To display the NetBIOS filtering prompt from the ASRT environment, enter the commands as shown in the following example: 

    Config> protocol asrt
    Adaptive Source Routing Transparent Bridge user configuration
 
    ASRT config> netbios
    NetBIOS Support User Configuration
 
    NetBIOS config> set filters name or byte
    NetBIOS filtering configuration
 
    NetBIOS filter config>

To display the NetBIOS config> prompt from the DLSw configuration environment: 

    Config> protocol dls
    DLSw protocol user configuration
 
    DLSw config> netbios
    NetBIOS Support User Configuration
 
    NetBIOS config> set filters name or byte
    NetBIOS filtering configuration
 
    NetBIOS filter config>

Table 13 shows the NetBIOS filtering configuration commands.

NetBIOS Filtering Configuration Commands

Note:The NetBIOS filtering configuration commands are not effective immediately. You must restart or reload the device before they become effective.

Table 13. NetBIOS Filtering Configuration Commands
Command Function
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
 Create   Creates byte filter and host-name filter lists for NetBIOS filtering. 
 Delete   Deletes byte filter and host-name filter lists for NetBIOS filtering. 
 Disable   Disables NetBIOS filtering on the bridging router. 
 Enable   Enables NetBIOS filtering on the bridging router. 
 Filter-on   Assigns a created filter to a specific port. This filter can then be applied to all NetBIOS packets input or output on the specified port. 
 List   Displays all information concerning created filters. 
 Update   Adds information to or deletes information from a host-name or byte filter list. 
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Response to NetBIOS Configuration Commands

The NetBIOS configuration (Talk 6) commands are not effective immediately. They remain pending until you issue the reload or restart command.

Create

Use the create command to create a byte filter-list or host-name filter list.

Syntax:

create
byte-filter-list filter-list
 
name-filter-list filter-list

byte-filter-list filter-list
Creates a byte filter-list name for NetBIOS filtering. You can use up to 16 characters to identify the list being built. Filter-list must be a unique name that has not been used previously with the create byte-filter-list or create name-filter-list command.

Example: create byte-filter-list newyork

name-filter-list filter-list
Creates a host-name filter-list name for NetBIOS filtering. You can use up to 16 characters to identify the name filter-list being built. Filter-list must be a unique name that has not been used previously with the create byte-filter-list or create name-filter-list command.

Example: create name-filter-list atlanta

Delete

Use the delete command to delete byte filter lists, host-name filter lists, and filters created using the filter-on input or filter-on output command. The command removes all information associated with byte and host-name filter lists. It also frees the user-defined string as a name for a new filter list.

Syntax:

delete
byte-filter-list filter-list
 
name-filter-list filter-list
 
filter input port#
 
filter output port#

byte-filter-list filter-list
Deletes a byte filter-list created for NetBIOS filtering. Filter-list is the user-defined string being used to identify the byte filter-list being deleted.

Example: delete byte-filter-list newyork

name-filter-list filter-list
Deletes a host-name filter-list created for NetBIOS filtering. Filter-list is the user-defined string that is used to identify the name-filter-list being deleted.

Example: delete name-filter-list atlanta

filter input port#
Deletes a filter that was created using the filter-on input command. The command removes all information associated with the filter and fills any resulting gap in filter numbers.

Example: delete filter input 2

filter output port#
Deletes a filter that was created using the filter-on output command. The command removes all information associated with the filter and fills any resulting gap in filter numbers.

Example: delete filter output 2

Disable

Use the disable command to globally disable NetBIOS name and byte filtering on the router.

Syntax:

disable
netbios-filtering

Example: disable netbios-filtering

Enable

Use the enable command to globally enable NetBIOS name and byte filtering on the router.

Syntax:

enable
netbios-filtering

Example: enable netbios-filtering

Filter-on

This command assigns one or more previously configured filter lists to the input or output of a specific port.

Syntax:

filter-on
input port# filter-list <operator filter-list . . . >
 
output port# filter-list <operator filter-list . . . >

input port# filter-list <operator filter-list . . . >
This command assigns one or more filter lists to incoming packets on a specific port. The resulting filter is then applied to all NetBIOS packets input on the specified port.

Port# is a configured bridge port number on the router. The port number identifies this filter. Enter list to see a list of port numbers. Filter-list is a string previously entered using the create command. To add additional filter lists to this port, enter AND or OR in all capital letters followed by the filter list name.
Note:Multiple operators can be used to create a complex filter. If you enter multiple operators, they must all be entered at the same time on the same command line.

The filter created by this command is applied to all incoming NetBIOS packets on the specified port. Each filter list on the command line is evaluated left to right along with any operators that are present. An Inclusive evaluation of a filter list is equivalent to a True condition and an Exclusive evaluation is equivalent to a False condition. If the result of the evaluation of the filter-lists is True, the packet is bridged. Otherwise, the packet is filtered (dropped).

If the packet is not one of the types supported by NetBIOS filtering then all host-name filter lists for this filter are designated "Inclusive" (True). If an input filter already exists for specified port number, an error message is displayed.

Example: filter-on input 2 newyork AND boston

output port# filter-list <operator filter-list . . . >
This command assigns one or more filters to outgoing packets on a port. This filter is then applied to all NetBIOS packets output on that port.

Port# is a configured bridge port number on the router. The port number identifies this filter. Enter list to see a list of port numbers. Filter-list is a string previously entered using the create command. Enter an optional operator as either AND or OR in all capital letters. If an operator is present, it must be followed by a filter-list name. The port number is used to identify this filter.
Note:Multiple operators can be used. This creates a complex filter. If one or more operators are present, they must all be entered at the same time on the same command line.

The filter created by this command is applied to all NetBIOS packets output on the specified port number. Each filter list on the command line is evaluated left to right along with any operators that are present. An Inclusive evaluation of a filter list is equivalent to a True condition and an Exclusive evaluation is equivalent to a False condition. If the result of the evaluation of the filter-lists is True, the packet is bridged. Otherwise, the packet is filtered (dropped).

If the packet is not one of the types supported by NetBIOS filtering then all host-name filter lists for this filter are designated "Inclusive" (True). If an output filter already exists for specified port number, an error message is displayed.

Example: filter-on output 2 newyork OR boston

List

Use the list NetBIOS Filtering command to display all information concerning created filters.

Syntax:

list

Example: list 

            NetBIOS Filtering: Disabled
 
            NetBIOS Filter Lists
            --------------------
 
            Handle           Type
 
            nlist            Name
            newyork          Byte
 
            NetBIOS Filters
            ---------------
 
            Port #      Direction      Filter List Handle(s)
 
            3           Output         nlist

NetBIOS Filtering:
Displays whether NetBIOS filtering is enabled or disabled.

NetBIOS Filter Lists
Displays the user-defined name (handle) of the configured filter lists. For type, "Name" indicates a host-name filter list and "Byte" indicates a byte filter list.

NetBIOS Filters
Displays the assigned port number and direction (input or output) of each filter. Filter List Handles displays the names of the filter lists making up the filter.

Update

Use the update command to add or delete information from host-name or byte filter lists. The filter-list is a string previously entered using the create byte (or name) filter-list prompt. This command brings you to the NetBIOS Byte (or Name) filter-list Config> prompt, which lets you perform update tasks to the specified filter list. At this prompt you can add, delete, list, or move filter-items from byte and host-name filter lists. At this prompt you can also set the default value of each filter list to Inclusive or Exclusive.

Using the add subcommand creates a filter item within the filter list. The first filter item created is assigned number 1, the next one is assigned number 2, and so on. After you enter a successful add subcommand, the router displays the number of the filter item just added.
Note:Adding more filter items to filter lists adds to processing time (due to the time it takes to evaluate each filter item in the list) and can affect performance in heavy NetBIOS traffic.

The order in which filter items are specified for a given filter list is important as this determines the way in which the filter items are applied to a packet. The first match that occurs stops the application of filter items, and the filter list is evaluated as either Inclusive or Exclusive (depending on the Inclusive or Exclusive designation of the matched filter item). If none of the filter items of a filter list produces a match, then the default condition (Inclusive or Exclusive) of the filter list is returned.

The delete subcommand specifies the number of a filter item to be deleted from the filter list. When a delete subcommand is given, any hole created in the list is filled in. For example, if filter items 1, 2, 3, and 4 exist and filter item 3 is deleted, then filter item 4 will be renumbered to 3.

The default subcommand lets you change the default setting of the filter list to either Inclusive or Exclusive. If a filter list evaluates as Inclusive, then the packet is bridged. Otherwise, the packet is filtered.

The move subcommand is available to renumber filter items within a filter list. The first argument to the move subcommand is the number of the filter list to be moved. The second argument to the move subcommand is the number of the filter list after which the first filter list should be moved.

Syntax:

update
byte-filter-list . . .
 
name-filter-list . . .

byte-filter-list filter-list
Updates information belonging to a byte filter-list. The filter-list parameter is a string previously entered via the create byte-filter-list command. This command brings you to the next NetBIOS BYTE filter-list Config> command level (see example). At this level you can perform update tasks to the specified filter-list.

Example: update byte-filter-list newyork 

            NetBIOS Byte newyork Config>

At this prompt level you can execute several commands. Each available command is listed under "Update Byte-Filter Command Options".

name-filter-list filter-list
Updates information belonging to a name-filter list. This command is identical to the byte-filter-list command, except that it specifies a name-filter list rather than a byte-filter list. The filter-list parameter is a string previously entered using the create name-filter-list prompt. This command brings you to the next NetBIOS Name filter-list Config> command level (see example). At this level you can perform update tasks to the specified filter-list.

Example: update name-filter-list accounting 

            NetBIOS Name accounting Config>

At this prompt level you can execute several commands. Each available command is listed under "Update Name-Filter (Command Options)".

Update Byte-Filter-List (Command Options)

This section lists the command options available for the update byte-filter-list command:

add inclusive byte-offset hex-pattern <hex mask>
Adds a filter item to the byte filter list. If the byte filter item that is added produces a match with a NetBIOS packet, the filter list it belongs to will evaluate to Inclusive (True).

If the offset and pattern of a byte filter item represent bytes that do not exist in a NetBIOS packet (that is, if the packet is shorter than was intended when setting up a byte-filter list), then the filter item will not be applied to the packet and the packet will not be filtered. If a series of byte filter items is used to set up a single NetBIOS filter list, then a packet will not be tested for filtering if any of the byte filter items within the NetBIOS filter list represent bytes that do not exist in the NetBIOS packet.

Example: add inclusive 

           Byte Offset  [0] ?
           Hex Pattern  [] ?
           Hex Mask (<CR> for no mask)  [] ?

add exclusive byte-offset hex-pattern <hex mask>
Adds a filter item to the byte filter list. This command is identical to the add inclusive command, except that if the result of the comparison between the filter item and a NetBIOS packet results in a match, then the filter list evaluates to Exclusive (False). Datagram Broadcast Packets can be specified to be discarded by using this command with a byte offset of 4 and a byte pattern of 09.

If the offset and pattern of a byte filter item represent bytes that do not exist in a NetBIOS packet (that is, if the packet is shorter than was intended when setting up a byte-filter list), then the filter item will not be applied to the packet and the packet will not be filtered. If a series of byte filter items is used to set up a single NetBIOS filter list, then a packet will not be tested for filtering if any of the byte filter items within the NetBIOS filter list represent bytes that do not exist in the NetBIOS packet.

Example: add exclusive 

           Byte Offset  [0] ?
           Hex Pattern  [] ?
           Hex Mask  (<CR> for no mask)  [] ?

default include
Changes the default setting of the filter list to "inclusive." This command indicates that if no filter items of the filter list match the contents of the packet being considered for filtering, the filter list will be evaluated as Inclusive. This is the default setting.

default exclude
Changes the default setting of the filter list to "exclusive." This command indicates that, if no filter items of the filter list match the contents of the packet being considered for filtering, the filter list will be evaluated as Exclusive.

delete filter-item
Deletes a filter item from the filter list.

Filter-item is a decimal number representing a filter item that was previously created by the add command.

list
Displays information related to filter items in the specified filter list. 
BYTE Filter List Name:     Engineering
BYTE Filter List Default:  Exclusive
Filter Item # Inc/Ex       Byte Offset    Pattern          Mask
1          Inclusive        14         0x123456          0xFFFF00
2          Exclusive         0         0x9876            0xFFFF
3          Exclusive        28         0x1000000         0xFF00FF00

move filter-item1 filter-item2
Reorders filter items within the filter list. The filter item whose number is specified by filter-item1 is moved and renumbered to be just after filter item2.

exit
Exits to the previous command prompt level.

Update Name-Filter-List (Command Options)

The following section lists the command options available for the update name-filter-list command:

add inclusive ASCII host-name <LAST-hex number>
Adds a filter item to the host-name filter list. With this command, the host name fields of the NetBIOS packets are compared with the host-name given in this command. The following list shows how these comparisons are made:

If there is a match (taking into account wildcard designations in this command), then the filter list evaluates to Inclusive. If not, the next filter item of the filter list (if any) of the filter is applied to the packet. If the packet is not one of the four types supported by NetBIOS Name filtering, then the packet is bridged.

add inclusive HEX hexstring
Adds a filter item to the host-name filter list. This command is functionally the same as the add inclusive ASCII command. However, the representation of hostname is different. This command supplies the hostname as a series of hexadecimal numbers (with no 0x in front).

add exclusive ASCII host-name <LAST-hex-number>
Adds a filter item to the host-name filter list. This command is identical to the add inclusive ASCII command, except that packets that are matched against this filter item produce an Exclusive result for the filter list.

add exclusive HEX hexstring
Adds a filter item to the name filter list. This command is functionally the same as the add inclusive hex command, except that packets that are matched against this filter item produce an Exclusive result for the filter list.

default include
Changes the default setting of the filter list to "inclusive." This command indicates that, if no filter items of the filter list match the contents of the packet being considered for filtering, the filter list will evaluate to Inclusive. This is the default setting.

default exclude
Changes the default setting of the filter list to "exclusive." This command indicates that, if no filter items of the filter list match the contents of the packet being considered for filtering, the filter list is evaluated as Exclusive.

delete filter-item
Deletes a filter item from the filter list.

list
Displays information related to filter items in the specified filter-list. 
NAME Filter List Name: nlist
NAME Filter List Default: Exclusive
 
Filter Item #   Type    Inc/Ex        Hostname       Last Char
 
      1         ASCII   Inclusive     EROS
      2         ASCII   Inclusive     ATHENA
      3         ASCII   Exclusive     FOOBAR

move filter-item1 filter-item2
Reorders filter items within the filter list. The filter item whose number is specified by filter-item1 is moved and renumbered to be just after filter-item2.

exit
Exits to the previous command prompt level.

Monitoring NetBIOS Filtering

This section describes the NetBIOS Filtering monitoring commands. These commands let you monitor and display NetBIOS Filter information as an added feature to ASRT bridging. Monitoring commands are entered at the NetBIOS > monitoring prompt.

Changes you make at the NetBIOS> monitoring prompt affect both bridging and DLSw.

Accessing the ASRT and the DLSw NetBIOS Filtering monitoring Environments

To display the NetBIOS> monitoring prompt from the ASRT monitoring environment, enter the netbios command at the ASRT> prompt: 

    + protocol asrt
 
    ASRT> netbios
    NetBIOS Support User monitoring
 
    NetBIOS monitoring> set filters name or byte
 
    NetBIOS filter>

To display the NetBIOS> monitoring prompt from the DLSw monitoring environment: 

    + protocol dls
    DLSw> netbios
    NetBIOS Support User monitoring
 
    NetBIOS Console> set filters name or byte
    NetBIOS filtering
 
    NetBIOS filter>

NetBIOS Filtering Monitoring Commands

Table 14 lists the NetBIOS filtering commands.

Table 14. NetBIOS Filtering Monitoring Commands Summary
Command Function
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
 List   Displays all information concerning created filters. 
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

List

Use the list NetBIOS Filtering command to display all information concerning created filters.

Syntax:

list
byte-filter-lists
 
filters
 
name-filter-lists

byte-filter-lists
Displays information related to filter items in the specified byte-filter-list.

Example: list byte-filter-lists 

BYTE Filter-List Name:  Engineering
BYTE Filter-List Default:  Exclusive
 
Filter Item # Inc/Ex     Byte Offset  Pattern      Mask
 
1             Inclusive     14        0x123456    0xFFFF00
2             Exclusive      0        0x9876      0xFFFF
3             Exclusive     28        0x1000000   0xFF00FF00

Filter Item#
Specifies the filter item number of the filter item. Filter items are evaluated in numerical order when determining the Inclusive/Exclusive status of the filter list.

Inc/Ex
Specifies the default status of the filter item.

Byte-offset
Specifies the number of bytes (in decimal) to offset into the packet being filtered. This starts at the NetBIOS header of the packet.

Pattern
The hexadecimal number used to compare with the bytes starting at the byte-offset of the NetBIOS header. Syntax rules for hex-pattern include no 0x in front, a maximum of 32 numbers, and an even number of hex numbers.

Mask
If present, must be the same length as hex-pattern and is logically ANDed with the bytes in the packet, starting at byte-offset, before the result is compared for equality with hex_pattern. If the hex-mask argument is omitted, it is considered to be all binary 1s.

filters
Displays information related to all configured filters.

Example: list filters 

NetBIOS Filtering: Enabled
 
    Port #      Direction      Filter List Handle(s)   Pkts Filtered
 
       1          Input        valencia                       0
       2          Output       raleigh                        0

name-filter-lists
Displays information related to filter items in the specified name-filter-list.

Example: list name-filter-lists 

NAME Filter List Name: nlist
NAME Filter List Default: Exclusive
 
 
Filter Item #   Type    Inc/Ex     Hostname   Last Char
 
 1              ASCII   Inclusive  EROS       <0x03>
 2              ASCII   Inclusive  ATHENA
 3              ASCII   Exclusive  FOOBAR

Filter Item#
Specifies the filter item number of the filter item. Filter items are evaluated in numerical order when determining the Inclusive/Exclusive status of the filter list.

Inc/Ex
Specifies the default status of the filter item.

Type
"ASCII" indicates a host-name filter item added as ASCII characters. "Hex" indicates a host name filter item added as hexadecimal numbers

Host-name
ASCII string up to 16 characters long. A question mark (?) can be used in hostname to indicate a single-character wildcard. An asterisk (*) can be used as the final character of hostname to indicate a wildcard for the remainder of the hostname. If hostname contains fewer than 15 characters, it is padded to the 15th character with ASCII spaces. Hostname can contain any character but the following:

. / \ [ ] : | < > + = ; , <space>

Last char
Used if host-name contains fewer than 16 characters. It is a hexadecimal number (with no 0x in front of it) which indicates the value to be used for the last character. If the LAST argument is not specified on a hostname less than 16 characters, then a "?" wildcard is supplied for the 16th character.

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]