GigaSMART Masking

Required License: Base

GigaSMART operations with Masking selected write over a specific portion of a packet with a specified one-byte pattern. Masking operations consist of an offset, length, and pattern as shown in 1.

1 GigaSMART Operations Page with Masking Selected

The following table describes the fields.

Component

Description

Offset

Specifies where GigaSMART should start masking data with the supplied pattern. You can specify this in terms of either a static offset from the start of the packet or a relative offset from a particular protocol layer. This lets you automatically compensate for variable length headers, specifying a mask target in terms of a particular packet header.

Length

Specifies how much of the packet GigaSMART should mask. The specified one-byte pattern can be repeated to mask from 1-9600 bytes.

Pattern

Specifies what pattern GigaSMART should use to mask the specified portion of the packet. You can specify a one-byte hex pattern (for example, 0xFF).

Refer to the following when configuring GigaSMART operations with a Masking component:

Feature

Description

Protocol

The following are the protocols that you can select for from the protocol drop-down list:

o IPV4 – Mask starting a specified number of bytes after the IPv4 header.
o IPV6 – Mask starting a specified number of bytes after the IPv6 header.
o UDP – Mask starting a specified number of bytes after the UDP header.
o TCP – Mask starting a specified number of bytes after the TCP header.
o FTP– Identify using TCP port 20. Mask payloads using offset from the TCP header.
o https – Identify using TCP port 443. Mask payloads using offset from the TCP header.
o SSH – Identify using TCP port 22. Mask payloads using offset from the TCP header.

The GigaSMART-HC0 module can provide masking for GTP tunnels, provided the user payloads are unencrypted. Both GTPv1 and GTPv2 are supported – GTP' (GTP prime) is not supported. Keep in mind that only GTP-u (user plane packets) are masked. Control plane packets (GTP-c) are left unmodified.

o GTP – Mask starting a specified number of bytes after the outer GTP header.
o GTP-IPV4 – Mask starting a specified number of bytes after the IPv4 header inside the encapsulating GTP packet.
o GTP-UDP – Mask starting a specified number of bytes after the UDP header inside the encapsulating GTP packet.
o GTP-TCP – Mask starting a specified number of bytes after the TCP header inside the encapsulating GTP packet.

Masking Offset and Length

You can specify either a relative offset or a static offset for the masking pattern:

■   Static offsets begin masking a specific number of bytes from the start of the packet. Choose a static offset by setting Protocol to None and supplying an Offset from <0~9000> bytes. Zero (0) indicates the start of the Ethernet frame.
■   Relative offsets begin masking a specified number of bytes from the end of a particular header – IPv4, IPv6, and so on. Choose a relative offset by selecting any of the following values for the protocol argument and supplying an offset from the specified protocol header of <1~9000> bytes:

Note:  You can only mask one contiguous portion of a packet.

Recalculated CRC

GigaSMART automatically calculates a new Ethernet CRC based on the masked packet’s length and data, and uses it to replace the existing CRC. This way, analysis tools do not report CRC errors for masked packets.

Note:  IP or UDP checksum is not recalculated if masking is done on the existing IP or UDP checksum.

GigaSMART Trailer

Masking operations can optionally include the GigaSMART Trailer. If you do elect to include the GigaSMART Trailer, it will include the original packet length. Refer to GigaSMART Trailer Reference for details.

In Combination with Slicing

Masking operations can be assigned to GigaSMART groups consisting of multiple engine ports. Refer to Groups of GigaSMART Engine Ports for details.

The example shown in 2 creates a GigaSMART masking operation named Tunnel_mask. This example starts masking six bytes after the end of the TCP layer in the GTP-encapsulated packet and continues for 150 bytes, writing over the existing data with an FF pattern.

2 GigaSMART Masking Operation

This example shown in 3 creates a GigaSMART masking operation named Mask_FIX. This example uses a static masking offset of 148 bytes and continues for the next 81 bytes, writing over the existing data with an FF pattern. This GigaSMART operation is assigned to the GigaSMART group with the alias of gs2port2.

This example simulates how to mask a FIX (Financial Information eXchange) packet so that generic information is preserved at the start and end of the FIX data portion of the packet while private information within is masked. This example does not include the optional GigaSMART Trailer.

3 GigaSMART Operation with a Static Offset

To display masking statistics, select GigaSMART > GigaSMART Operations (GSOP) > Statistics. The statistics for masking will be in the row labeled Masking in the GS Operations column.

Refer to Masking Statistics Definitions for descriptions of the masking statistics as well as to GigaSMART Operations Statistics Definitions.