Class AMT_IPHeadersFilter
Used in features: System Defense &
Heuristics
Compatible with the following Intel AMT Releases: 3.0,
3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0
CIM_ManagedElement
CIM_ManagedSystemElement
CIM_LogicalElement
AMT_FilterEntryBase
AMT_ComplexFilterEntryBase
AMT_IPHeadersFilter
Also see:
AMT_Hdr8021FilterAMT_IPHeadersFilterAMT_NetworkFilter
class AMT_IPHeadersFilter
- extends AMT_ComplexFilterEntryBase
General Information:
IPHeadersFilter contains the most commonly
required properties for performing filtering on IP, TCP or UDP headers.
Properties not present in an instance of the IPHeadersFilter are treated as 'all
values'.
Qualifiers:
-------------
Version=6.0.0
Supported Fields
Summary |
string
|
InstanceID The creation handle for this filter.
|
string
|
Name The Name property defines the label by which the
Filter Entry is known and uniquely identified.
|
string
|
CreationClassName CreationClassName indicates the name
of the class or the subclass used in the creation of an instance . .
.
|
string
|
SystemName The scoping ComputerSystem's Name.
|
string
|
SystemCreationClassName The scoping ComputerSystem's
CreationClassName.
|
string
|
ElementName A
user-friendly name for the object . . .
|
uint8
|
HdrIPVersion
HdrIPVersion identifies the version of the IP addresses for IP
header filters . . .
|
string[]
|
HdrSrcAddress
HdrSrcAddress is an OctetString, of a size determined by the
value of the HdrIPVersion property, representing a source IP address . .
.
|
string[]
|
HdrSrcMask
HdrSrcMask is an OctetString, of a size determined by the value
of the HdrIPVersion property, representing a mask to be used in comparing
the source address in the IP header with the value represented in the
HdrSrcAddress property . . .
|
string[]
|
HdrDestAddress
HdrDestAddress is an OctetString, of a size determined by the
value of the HdrIPVersion property, representing a destination IP address
. . .
|
string[]
|
HdrDestMask
HdrDestMask is an OctetString, of a size determined by the
value of the HdrIPVersion property, representing a mask to be used in
comparing the destination address in the IP header with the value
represented in the HdrDestAddress property . . .
|
uint8
|
HdrProtocolID
HdrProtocolID is an 8-bit unsigned integer, representing an IP
protocol type . . .
|
uint16
|
HdrSrcPortStart
HdrSrcPortStart represents the lower end of a range of UDP or
TCP source ports . . .
|
uint16
|
HdrSrcPortEnd
HdrSrcPortEnd represents the upper end of a range of UDP or TCP
source ports . . .
|
uint16
|
HdrDestPortStart
HdrDestPortStart represents the lower end of a range of UDP or
TCP destination ports . . .
|
uint16
|
HdrDestPortEnd
HdrDestPortEnd represents the upper end of a range of UDP or
TCP destination ports . . .
|
uint16[12]
|
TCPFlagsOn A set of
flags whose effective value in the TCP header of each packet must be ON
for filter to take effect
|
uint16[12]
|
TCPFlagsOff A set
of flags whose effective value in the TCP header of each packet must be
OFF for filter to take effect
|
uint16
|
FilterProfile
Specifies the type of behavior exhibited by the filter.
|
uint16
|
FilterDirection
Specifies the traffic direction (transmit or receive) that the
filter governs.
|
boolean
|
ActionEventOnMatch
Specifies whether an Event should be created in the Event
Manager when this filter is matched.
|
uint32
|
FilterProfileData
An extra data parameter which is used depending on the
FilterProfile: It is left blank for Drop/Pass/Statistics filters, but is
required for Rate Limit filters . . .
|
Methods Summary |
|
Create(Instance,
ResourceCreated) Creates a new instance of this class
|
|
Get(Instance) Gets the
representation of the instance
|
|
Delete() Deletes an
instance
|
|
Pull(EnumerationContext,
MaxElements) Pulls instances of this class, following an
Enumerate operation
|
|
Enumerate()
Enumerates the instances of this class
|
|
Release(EnumerationContext)
Releases an enumeration context
|
InstanceID
public string InstanceID
- General Information:
The creation handle for this
filter.
Product Specific Usage:
Corresponds to EOI filter
creation
handle
Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=8
Name
public string Name
- General Information:
The Name property defines the label by
which the Filter Entry is known and uniquely identified.
Product
Specific Usage:
This represents the Filter name. This field is
required.
If the filter was created via another interface with an empty
name, this property will show
'none'.
Qualifiers:
-------------
Key
Override=Name
MaxLen=16
CreationClassName
public string CreationClassName
- General Information:
CreationClassName indicates the name of the
class or the subclass used in the creation of an instance. When used with the
other key properties of this class, this property allows all instances of this
class and its subclasses to be uniquely
identified.
Qualifiers:
-------------
Key
MaxLen=20
SystemName
public string SystemName
- General Information:
The scoping ComputerSystem's
Name.
Qualifiers:
-------------
Key
MaxLen=15
Propagated=CIM_ComputerSystem.Name
SystemCreationClassName
public string SystemCreationClassName
- General Information:
The scoping ComputerSystem's
CreationClassName.
Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_ComputerSystem.CreationClassName
ElementName
public string ElementName
- General Information:
A user-friendly name for the object. This
property allows each instance to define a user-friendly name in addition to
its key properties, identity data, and description information.
Note that
the Name property of ManagedSystemElement is also defined as a user-friendly
name. But, it is often subclassed to be a Key. It is not reasonable that the
same property can convey both identity and a user-friendly name, without
inconsistencies. Where Name exists and is not a Key (such as for instances of
LogicalDevice), the same information can be present in both the Name and
ElementName properties. Note that if there is an associated instance of
CIM_EnabledLogicalElementCapabilities, restrictions on this properties may
exist as defined in ElementNameMask and MaxElementNameLen properties defined
in that class.
Product Specific Usage:
Constant value of
'Intel(r) AMT System Defense
Filter'
Qualifiers:
-------------
MaxLen=40
HdrIPVersion
public uint8 HdrIPVersion
- General Information:
HdrIPVersion identifies the version of the
IP addresses for IP header filters. It is also used to determine the sizes of
the OctetStrings in the six properties HdrSrcAddress, HdrSrcAddressEndOfRange,
HdrSrcMask, HdrDestAddress, HdrDestAddressEndOfRange and HdrDestMask, as
follows:
ipv4(4): OctetString(SIZE (4))
ipv6(6): OctetString(SIZE
(16|20)),
depending on whether a scope identifier is present.
If a
value for this property is not provided, then the filter does not consider IP
version in selecting matching packets, i.e., IP version matches for all
values. In this case, the HdrSrcAddress, HdrSrcAddressEndOfRange, HdrSrcMask,
HdrDestAddress, HdrDestAddressEndOfRange and HdrDestMask must also be not
present.
Product Specific Usage:
This property is considered
REQUIRED for Intel AMT implementations of this
class
Qualifiers:
-------------
ValueMap={4,
6}
Values={IPv4,
IPv6}
ModelCorrespondence={CIM_IPHeadersFilter.HdrSrcAddress,
CIM_IPHeadersFilter.HdrSrcAddressEndOfRange, CIM_IPHeadersFilter.HdrSrcMask,
CIM_IPHeadersFilter.HdrDestAddress,
CIM_IPHeadersFilter.HdrDestAddressEndOfRange,
CIM_IPHeadersFilter.HdrDestMask}
HdrSrcAddress
public string[] HdrSrcAddress
- General Information:
HdrSrcAddress is an OctetString, of a size
determined by the value of the HdrIPVersion property, representing a source IP
address. When there is no HdrSrcAddressEndOfRange value, this value is
compared to the source address in the IP header, subject to the mask
represented in the HdrSrcMask property. (Note that the mask is ANDed with the
address.) When there is a HdrSrcAddressEndOfRange value, this value is the
start of the specified range (i.e., the HdrSrcAddress is lower than the
HdrSrcAddressEndOfRange) that is compared to the source address in the IP
header and matches on any value in the range.
If a value for this
property is not provided, then the filter does not consider HdrSrcAddress in
selecting matching packets, i.e., HdrSrcAddress matches for all
values.
Product Specific Usage:
Mask and Address must be used
together (using only an address without a mask or visa versa is not
supported)
Qualifiers:
-------------
OctetString
MaxLen=16
ModelCorrespondence={CIM_IPHeadersFilter.HdrIPVersion}
HdrSrcMask
public string[] HdrSrcMask
- General Information:
HdrSrcMask is an OctetString, of a size
determined by the value of the HdrIPVersion property, representing a mask to
be used in comparing the source address in the IP header with the value
represented in the HdrSrcAddress property.
If a value for this
property is not provided, then the filter does not consider HdrSrcMask in
selecting matching packets, i.e., the value of the HdrSrcAddress or the source
address range must match the source address in the packet exactly. If a value
for this property is provided, then HdrSrcAddressEndOfRange MUST NOT be
provided.
Product Specific Usage:
Mask and Address must be
used together (using only an address without a mask or visa versa is not
supported)
Qualifiers:
-------------
OctetString
MaxLen=16
ModelCorrespondence={CIM_IPHeadersFilter.HdrIPVersion}
HdrDestAddress
public string[] HdrDestAddress
- General Information:
HdrDestAddress is an OctetString, of a size
determined by the value of the HdrIPVersion property, representing a
destination IP address. When there is no HdrDestAddressEndOfRange value, this
value is compared to the destination address in the IP header, subject to the
mask represented in the HdrDestMask property. (Note that the mask is ANDed
with the address.) When there is a HdrDestAddressEndOfRange value, this value
is the start of the specified range (i.e., the HdrDestAddress is lower than
the HdrDestAddressEndOfRange) that is compared to the source address in the IP
header and matches on any value in the range.
If a value for this
property is not provided, then the filter does not consider HdrDestAddress in
selecting matching packets, i.e., HdrDestAddress matches for all
values.
Product Specific Usage:
Mask and Address must be used
together (using only an address without a mask or visa versa is not
supported)
Qualifiers:
-------------
OctetString
MaxLen=16
ModelCorrespondence={CIM_IPHeadersFilter.HdrIPVersion}
HdrDestMask
public string[] HdrDestMask
- General Information:
HdrDestMask is an OctetString, of a size
determined by the value of the HdrIPVersion property, representing a mask to
be used in comparing the destination address in the IP header with the value
represented in the HdrDestAddress property.
If a value for this
property is not provided, then the filter does not consider HdrDestMask in
selecting matching packets, i.e., the value of the HdrDestAddress or the
destination address range must match the destination address in the packet
exactly. If a value for this property is provided, then
HdrDestAddressEndOfRange MUST NOT be provided.
Product Specific
Usage:
Mask and Address must be used together (using only an address
without a mask or visa versa is not
supported)
Qualifiers:
-------------
OctetString
MaxLen=16
ModelCorrespondence={CIM_IPHeadersFilter.HdrIPVersion}
HdrProtocolID
public uint8 HdrProtocolID
- General Information:
HdrProtocolID is an 8-bit unsigned integer,
representing an IP protocol type. This value is compared to the Protocol field
in the IP header.
If a value for this property is not provided, then
the filter does not consider HdrProtocolID in selecting matching packets,
i.e., HdrProtocolID matches for all values.
Product Specific
Usage:
A value of 6 is required for TCP-type filters; a value of 17 is
required for UDP-type filters.
Only TCP or UDP filters can have port
filtering information; only TCP filters can have TCP flags information.
HdrSrcPortStart
public uint16 HdrSrcPortStart
- General Information:
HdrSrcPortStart represents the lower end of
a range of UDP or TCP source ports. The upper end of the range is represented
by the HdrSrcPortEnd property. The value of HdrSrcPortStart MUST be no greater
than the value of HdrSrcPortEnd. A single port is indicated by equal values
for HdrSrcPortStart and HdrSrcPortEnd.
A source port filter is
evaluated by testing whether the source port identified in the IP header falls
within the range of values between HdrSrcPortStart and HdrSrcPortEnd,
INCLUDING these two end points.
If a value for this property is not
provided, then the filter does not consider HdrSrcPortStart in selecting
matching packets, i.e., there is no lower bound in matching source port
values.
HdrSrcPortEnd
public uint16 HdrSrcPortEnd
- General Information:
HdrSrcPortEnd represents the upper end of a
range of UDP or TCP source ports. The lower end of the range is represented by
the HdrSrcPortStart property. The value of HdrSrcPortEnd MUST be no less than
the value of HdrSrcPortStart. A single port is indicated by equal values for
HdrSrcPortStart and HdrSrcPortEnd.
A source port filter is evaluated
by testing whether the source port identified in the IP header falls within
the range of values between HdrSrcPortStart and HdrSrcPortEnd, INCLUDING these
two end points.
If a value for this property is not provided, then the
filter does not consider HdrSrcPortEnd in selecting matching packets, i.e.,
there is no upper bound in matching source port values.
HdrDestPortStart
public uint16 HdrDestPortStart
- General Information:
HdrDestPortStart represents the lower end
of a range of UDP or TCP destination ports. The upper end of the range is
represented by the HdrDestPortEnd property. The value of HdrDestPortStart MUST
be no greater than the value of HdrDestPortEnd. A single port is indicated by
equal values for HdrDestPortStart and HdrDestPortEnd.
A destination
port filter is evaluated by testing whether the destination port identified in
the IP header falls within the range of values between HdrDestPortStart and
HdrDestPortEnd, INCLUDING these two end points.
If a value for this
property is not provided, then the filter does not consider HdrDestPortStart
in selecting matching packets, i.e., there is no lower bound in matching
destination port values.
HdrDestPortEnd
public uint16 HdrDestPortEnd
- General Information:
HdrDestPortEnd represents the upper end of
a range of UDP or TCP destination ports. The lower end of the range is
represented by the HdrDestPortStart property. The value of HdrDestPortEnd MUST
be no less than the value of HdrDestPortStart. A single port is indicated by
equal values for HdrDestPortStart and HdrDestPortEnd.
A destination
port filter is evaluated by testing whether the destination port identified in
the IP header falls within the range of values between HdrDestPortStart and
HdrDestPortEnd, INCLUDING these two end points.
If a value for this
property is not provided, then the filter does not consider HdrDestPortEnd in
selecting matching packets, i.e., there is no upper bound in matching
destination port values.
TCPFlagsOn
public uint16[12] TCPFlagsOn
- General Information:
A set of flags whose effective value in the
TCP header of each packet must be ON for filter to take
effect
Product Specific Usage:
Current implementation
supports flags FIN, SYN, RST, PUSH, ACK, URG, ECNE, CWR.
ECNE and CWR
first supported in Release
4.0.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 5,
6, 7, 8}
Values={FIN, SYN, RST, PUSH, ACK, URG, ECNE, CWR, NS}
TCPFlagsOff
public uint16[12] TCPFlagsOff
- General Information:
A set of flags whose effective value in the
TCP header of each packet must be OFF for filter to take
effect
Product Specific Usage:
Current implementation
supports flags FIN, SYN, RST, PUSH, ACK, URG, ECNE, CWR.
ECNE and CWR
first supported in Release
4.0.
Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 5,
6, 7, 8}
Values={FIN, SYN, RST, PUSH, ACK, URG, ECNE, CWR, NS}
FilterProfile
public uint16 FilterProfile
- General Information:
Specifies the type of behavior exhibited by
the
filter.
Qualifiers:
-------------
Required
ValueMap={0,
1, 2, 3, 4}
Values={Statistics + Pass, Statistics + Drop, Rate Limit, Pass,
Drop}
FilterDirection
public uint16 FilterDirection
- General Information:
Specifies the traffic direction (transmit
or receive) that the filter
governs.
Qualifiers:
-------------
Required
ValueMap={0,
1}
Values={Transmit filter, Receive filter}
ActionEventOnMatch
public boolean ActionEventOnMatch
- General Information:
Specifies whether an Event should be
created in the Event Manager when this filter is
matched.
Qualifiers:
-------------
Required
FilterProfileData
public uint32 FilterProfileData
- General Information:
An extra data parameter which is used
depending on the FilterProfile: It is left blank for Drop/Pass/Statistics
filters, but is required for Rate Limit filters. It indicates the maximum
number of events per second (should be greater than 0). Rate limits are not
exact. Typically several more packets than the number in the rate limit will
be allowed to pass before traffic is blocked. If the boundary is critical, set
the maximum number of events to a lower value
Create
public Create([IN]AMT_IPHeadersFilter Instance, [OUT] REF AMT_IPHeadersFilter ResourceCreated)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_CIRCUIT_BREAKER_REALM
General
Information:
Creates a new instance of this class
Product
Specific Usage:
The following properties must be included in any
representation of AMT_IPHeadersFilter:
InstanceID
Name
CreationClassName
SystemName
SystemCreationClassName
FilterProfile
FilterDirection
ActionEventOnMatch
API is
blocked in client control mode
Get
public Get([OUT]AMT_IPHeadersFilter Instance)
- Permission Information:
Permitted realms:
ADMIN_SECURITY_CIRCUIT_BREAKER_REALM
General
Information:
Gets the representation of the instance
Delete
public Delete()
- Permission Information:
Permitted realms:
ADMIN_SECURITY_CIRCUIT_BREAKER_REALM
General
Information:
Deletes an instance
Pull
public Pull([IN]String EnumerationContext, [IN]String MaxElements)
- Permission Information:
All users permitted to use method, only
instances to whom the user has permissions will be returned
General
Information:
Pulls instances of this class, following an Enumerate
operation
Enumerate
public Enumerate()
- Permission Information:
All users permitted to use
method
General Information:
Enumerates the instances of this
class
Release
public Release([IN]String EnumerationContext)
- Permission Information:
All users permitted to use
method
General Information:
Releases an enumeration
context