GigaSMART Masking
Required License: Base
GigaSMART operations with Masking selected write over a specific portion of a packet with a specified one-byte pattern. Masking operations consist of an offset, length, and pattern as shown in Figure 1.
Figure 76 | GigaSMART Operations Page with Masking Selected |
The following table describes the fields.
Component |
Description |
Offset |
Specifies where GigaSMART should start masking data with the supplied pattern. You can specify this in terms of either a static offset from the start of the packet or a relative offset from a particular protocol layer. This lets you automatically compensate for variable length headers, specifying a mask target in terms of a particular packet header. |
Length |
Specifies how much of the packet GigaSMART should mask. The specified one-byte pattern can be repeated to mask from 1-9600 bytes. |
Pattern |
Specifies what pattern GigaSMART should use to mask the specified portion of the packet. You can specify a one-byte hex pattern (for example, 0xFF). |
Refer to the following when configuring GigaSMART operations with a Masking component:
Feature |
Description |
|||||||||||||||||||||||||||||||||
Protocol |
The following are the protocols that you can select for from the protocol drop-down list:
The GigaSMART-HC0 module can provide masking for GTP tunnels, provided the user payloads are unencrypted. Both GTPv1 and GTPv2 are supported – GTP' (GTP prime) is not supported. Keep in mind that only GTP-u (user plane packets) are masked. Control plane packets (GTP-c) are left unmodified.
|
|||||||||||||||||||||||||||||||||
Masking Offset and Length |
You can specify either a relative offset or a static offset for the masking pattern:
Note: You can only mask one contiguous portion of a packet. |
|||||||||||||||||||||||||||||||||
Recalculated CRC |
GigaSMART automatically calculates a new Ethernet CRC based on the masked packet’s length and data, and uses it to replace the existing CRC. This way, analysis tools do not report CRC errors for masked packets.
Note: IP or UDP checksum is not recalculated if masking is done on the existing IP or UDP checksum. |
|||||||||||||||||||||||||||||||||
GigaSMART Trailer |
Masking operations can optionally include the GigaSMART Trailer. If you do elect to include the GigaSMART Trailer, it will include the original packet length. Refer to GigaSMART Trailer Reference for details. |
|||||||||||||||||||||||||||||||||
In Combination with Slicing |
Masking operations can be assigned to GigaSMART groups consisting of multiple engine ports. Refer to Groups of GigaSMART Engine Ports for details. |
The example shown in Figure 2 creates a GigaSMART masking operation named Tunnel_mask. This example starts masking six bytes after the end of the TCP layer in the GTP-encapsulated packet and continues for 150 bytes, writing over the existing data with an FF pattern.
Figure 77 | GigaSMART Masking Operation |
This example shown in Figure 3 creates a GigaSMART masking operation named Mask_FIX. This example uses a static masking offset of 148 bytes and continues for the next 81 bytes, writing over the existing data with an FF pattern. This GigaSMART operation is assigned to the GigaSMART group with the alias of gs2port2.
This example simulates how to mask a FIX (Financial Information eXchange) packet so that generic information is preserved at the start and end of the FIX data portion of the packet while private information within is masked. This example does not include the optional GigaSMART Trailer.
Figure 78 | GigaSMART Operation with a Static Offset |
To display masking statistics, select GigaSMART > GigaSMART Operations (GSOP) > Statistics. The statistics for masking will be in the row labeled Masking in the GS Operations column.
Refer to Masking Statistics Definitions for descriptions of the masking statistics as well as to GigaSMART Operations Statistics Definitions.