-
Notifications
You must be signed in to change notification settings - Fork 78
AggregateFilter
AggregateFilter — Click element; filters packets based on aggregate annotation
AggregateFilter(ACTION_1 AGGREGATES, ..., ACTION_N AGGREGATES)
Ports: 1 input, 1-254 outputs
Processing: push
Drivers: userlevel
Filters packets based on their aggregate annotations. AggregateFilter's configuration string is an arbitrary number of filters, which are ACTION-AGGREGATES pairs. Packets are tested against the filters in order and processed according to the ACTION in the first filter that matched. A packet matches a filter if its aggregate annotation is listed in that filter's AGGREGATES.
Each ACTION is either a port number, which specifies that the packet should be sent out on that port; 'allow', which is equivalent to '0'; or 'drop' or 'deny', which means drop the packet. Packets that match none of the filters are dropped. AggregateFilter has an arbitrary number of outputs.
The AGGREGATES arguments are space-separated lists of aggregate values, which are unsigned integers. You can also specify ranges like '0-98'. The special AGGREGATES 'all' and '-' both correspond to all aggregates.
AggregateFilter will warn about aggregate filters that match no packets, or AGGREGATES components that were ignored (because of an earlier filter matching the same aggregate).
This configuration filters out a couple aggregates from the output of AggregateIPFlows.
require(aggregates)
FromDump(~/work/traces/2x10^5.dmp, STOP true, FORCE_IP true)
-> AggregateIPFlows(ICMP true)
-> AggregateFilter(allow 1093 3500 972 865 1765 988 1972 1225)
-> ...
IPFilter, Classifier, IPClassifier, AggregateIP, AggregateIPFlows
Generated by click-elem2man from ../elements/analysis/aggregatefilter.hh:6 on 2018/10/03.