SPRUI30H November 2015 – May 2024 DRA745 , DRA746 , DRA750 , DRA756
Figure 24-198 shows the block diagram of the Static Packet Filter module. There are three main components of the static packet filter – packet header extractor to decode packet formats, rule engine to check for malformed protocol header fields and a host interface to provide control and configuration access to a host processor and to keep a log of filtered packets in system memory.
The packet parser interfaces to the three-port Ethernet switch (CPSW_3G). The CPSW_3G signals are snooped for receive traffic and the packet contents are provided to the packet header extractor. The parser can decode various network packet formats and determine the location of the header corresponding to each of the specified protocols and store the values in internal registers. The packet parser can decode VLAN, PPPoE, IP, TCP, UDP and ICMP frame formats and determine the location of each protocol header in a frame. The location of each of these headers is used by the rule engine for performing checks against preprogrammed conditions.
The rule engine monitors information in the header fields and upon detection of an abnormal combination of values in these packet header fields, issues an instruction to drop the packet to the external RFIFO interface. The rule engine can also monitor the receive rate of a particular class of packets and can limit the number of packets that actually pass through the system. The operation of rule engine is programmable and that gives flexibility to perform a range of different checks on the contents of packet to determine whether or not it should be accepted.
The event logger captures the activity in the packet filter. In addition, based upon the settings programmed by the host software, the event logger writes detailed information about any frames that have been dropped thus far. This information is written to a part of the system memory as configured by the host software.