SUMMARY: NESTED | FIELD | | METHOD
DETAIL: FIELD | METHOD

Class AMT_IPHeadersFilter

Used in features: System Defense & Heuristics
Compatible with the following Intel AMT Releases: 3.0, 3.2, 4.0, 5.0, 5.1, 6.0, 6.1, 6.2, 7.0, 8.0, 8.1, 9.0, 9.5, 10.0, 11.0 
CIM_ManagedElement
   extended by CIM_ManagedSystemElement
      extended by CIM_LogicalElement
         extended by AMT_FilterEntryBase
            extended by AMT_ComplexFilterEntryBase
               extended by AMT_IPHeadersFilter
Also see:
AMT_Hdr8021Filter
AMT_IPHeadersFilter
AMT_NetworkFilter
class AMT_IPHeadersFilter
 extends AMT_ComplexFilterEntryBase


General Information:
IPHeadersFilter contains the most commonly 
required properties for performing filtering on IP, TCP or UDP headers. 
Properties not present in an instance of the IPHeadersFilter are treated as 'all 
values'.

Qualifiers:
-------------
Version=6.0.0









  
  

    Supported Fields 
      Summary

  

     string 
      
    InstanceID Key  
The creation handle for this filter.

  

     string 
      
    Name Key  
The Name property defines the label by which the 
      Filter Entry is known and uniquely identified.

  

     string 
      
    CreationClassName Key  
CreationClassName indicates the name 
      of the class or the subclass used in the creation of an instance . . 
    .

  

     string 
      
    SystemName Key  
The scoping ComputerSystem's Name.

  

     string 
      
    SystemCreationClassName Key  
The scoping ComputerSystem's 
      CreationClassName.

  

     string 
      
    ElementName 
A 
      user-friendly name for the object . . .

  

     uint8 
      
    HdrIPVersion 
      
HdrIPVersion identifies the version of the IP addresses for IP 
      header filters . . .

  

     string[] 
      
    HdrSrcAddress 
      
HdrSrcAddress is an OctetString, of a size determined by the 
      value of the HdrIPVersion property, representing a source IP address . . 
      .

  

     string[] 
      
    HdrSrcMask 
      
HdrSrcMask is an OctetString, of a size determined by the value 
      of the HdrIPVersion property, representing a mask to be used in comparing 
      the source address in the IP header with the value represented in the 
      HdrSrcAddress property . . .

  

     string[] 
      
    HdrDestAddress 
      
HdrDestAddress is an OctetString, of a size determined by the 
      value of the HdrIPVersion property, representing a destination IP address 
      . . .

  

     string[] 
      
    HdrDestMask 
      
HdrDestMask is an OctetString, of a size determined by the 
      value of the HdrIPVersion property, representing a mask to be used in 
      comparing the destination address in the IP header with the value 
      represented in the HdrDestAddress property . . .

  

     uint8 
      
    HdrProtocolID 
      
HdrProtocolID is an 8-bit unsigned integer, representing an IP 
      protocol type . . .

  

     uint16 
      
    HdrSrcPortStart 
      
HdrSrcPortStart represents the lower end of a range of UDP or 
      TCP source ports . . .

  

     uint16 
      
    HdrSrcPortEnd 
      
HdrSrcPortEnd represents the upper end of a range of UDP or TCP 
      source ports . . .

  

     uint16 
      
    HdrDestPortStart 
      
HdrDestPortStart represents the lower end of a range of UDP or 
      TCP destination ports . . .

  

     uint16 
      
    HdrDestPortEnd 
      
HdrDestPortEnd represents the upper end of a range of UDP or 
      TCP destination ports . . .

  

     uint16[12] 
      
    TCPFlagsOn 
A set of 
      flags whose effective value in the TCP header of each packet must be ON 
      for filter to take effect

  

     uint16[12] 
      
    TCPFlagsOff 
A set 
      of flags whose effective value in the TCP header of each packet must be 
      OFF for filter to take effect

  

     uint16 
      
    FilterProfile 
      
Specifies the type of behavior exhibited by the filter.

  

     uint16 
      
    FilterDirection 
      
Specifies the traffic direction (transmit or receive) that the 
      filter governs.

  

     boolean 
      
    ActionEventOnMatch 
      
Specifies whether an Event should be created in the Event 
      Manager when this filter is matched.

  

     uint32 
      
    FilterProfileData 
      
An extra data parameter which is used depending on the 
      FilterProfile: It is left blank for Drop/Pass/Statistics filters, but is 
      required for Rate Limit filters . . .




  
  

    Methods Summary

  

     
    Create(Instance, 
      ResourceCreated) 
Creates a new instance of this class

  

     
    Get(Instance) 
Gets the 
      representation of the instance

  

     
    Delete() 
Deletes an 
      instance

  

     
    Pull(EnumerationContext, 
      MaxElements) 
Pulls instances of this class, following an 
      Enumerate operation

  

     
    Enumerate() 
      
Enumerates the instances of this class

  

     
    Release(EnumerationContext) 
      
Releases an enumeration context




  
  

    Field 
Detail


InstanceID Key 
public string InstanceID



  
General Information:
The creation handle for this 
  filter.

Product Specific Usage:
Corresponds to EOI filter 
  creation 
  handle

Qualifiers:
-------------
Key
Override=InstanceID
MaxLen=8


  

  





Name Key 
public string Name



  
General Information:
The Name property defines the label by 
  which the Filter Entry is known and uniquely identified.

Product 
  Specific Usage:
This represents the Filter name. This field is 
  required. 
If the filter was created via another interface with an empty 
  name, this property will show 
  'none'.

Qualifiers:
-------------
Key
Override=Name
MaxLen=16


  

  





CreationClassName Key 
public string CreationClassName



  
General Information:
CreationClassName indicates the name of the 
  class or the subclass used in the creation of an instance. When used with the 
  other key properties of this class, this property allows all instances of this 
  class and its subclasses to be uniquely 
  identified.

Qualifiers:
-------------
Key
MaxLen=20


  

  





SystemName Key 
public string SystemName



  
General Information:
The scoping ComputerSystem's 
  Name.

Qualifiers:
-------------
Key
MaxLen=15
Propagated=CIM_ComputerSystem.Name


  

  





SystemCreationClassName Key 
public string SystemCreationClassName



  
General Information:
The scoping ComputerSystem's 
  CreationClassName.

Qualifiers:
-------------
Key
MaxLen=20
Propagated=CIM_ComputerSystem.CreationClassName


  

  





ElementName 
public string ElementName



  
General Information:
A user-friendly name for the object. This 
  property allows each instance to define a user-friendly name in addition to 
  its key properties, identity data, and description information. 
Note that 
  the Name property of ManagedSystemElement is also defined as a user-friendly 
  name. But, it is often subclassed to be a Key. It is not reasonable that the 
  same property can convey both identity and a user-friendly name, without 
  inconsistencies. Where Name exists and is not a Key (such as for instances of 
  LogicalDevice), the same information can be present in both the Name and 
  ElementName properties. Note that if there is an associated instance of 
  CIM_EnabledLogicalElementCapabilities, restrictions on this properties may 
  exist as defined in ElementNameMask and MaxElementNameLen properties defined 
  in that class.

Product Specific Usage:
Constant value of 
  'Intel(r) AMT System Defense 
  Filter'

Qualifiers:
-------------
MaxLen=40


  

  





HdrIPVersion 
public uint8 HdrIPVersion



  
General Information:
HdrIPVersion identifies the version of the 
  IP addresses for IP header filters. It is also used to determine the sizes of 
  the OctetStrings in the six properties HdrSrcAddress, HdrSrcAddressEndOfRange, 
  HdrSrcMask, HdrDestAddress, HdrDestAddressEndOfRange and HdrDestMask, as 
  follows: 
ipv4(4): OctetString(SIZE (4)) 
ipv6(6): OctetString(SIZE 
  (16|20)), 
depending on whether a scope identifier is present. 

If a 
  value for this property is not provided, then the filter does not consider IP 
  version in selecting matching packets, i.e., IP version matches for all 
  values. In this case, the HdrSrcAddress, HdrSrcAddressEndOfRange, HdrSrcMask, 
  HdrDestAddress, HdrDestAddressEndOfRange and HdrDestMask must also be not 
  present.

Product Specific Usage:
This property is considered 
  REQUIRED for Intel AMT implementations of this 
  class

Qualifiers:
-------------
ValueMap={4, 
  6}
Values={IPv4, 
  IPv6}
ModelCorrespondence={CIM_IPHeadersFilter.HdrSrcAddress, 
  CIM_IPHeadersFilter.HdrSrcAddressEndOfRange, CIM_IPHeadersFilter.HdrSrcMask, 
  CIM_IPHeadersFilter.HdrDestAddress, 
  CIM_IPHeadersFilter.HdrDestAddressEndOfRange, 
  CIM_IPHeadersFilter.HdrDestMask}


  

  





HdrSrcAddress 
public string[] HdrSrcAddress



  
General Information:
HdrSrcAddress is an OctetString, of a size 
  determined by the value of the HdrIPVersion property, representing a source IP 
  address. When there is no HdrSrcAddressEndOfRange value, this value is 
  compared to the source address in the IP header, subject to the mask 
  represented in the HdrSrcMask property. (Note that the mask is ANDed with the 
  address.) When there is a HdrSrcAddressEndOfRange value, this value is the 
  start of the specified range (i.e., the HdrSrcAddress is lower than the 
  HdrSrcAddressEndOfRange) that is compared to the source address in the IP 
  header and matches on any value in the range. 

If a value for this 
  property is not provided, then the filter does not consider HdrSrcAddress in 
  selecting matching packets, i.e., HdrSrcAddress matches for all 
  values.

Product Specific Usage:
Mask and Address must be used 
  together (using only an address without a mask or visa versa is not 
  supported)

Qualifiers:
-------------
OctetString
MaxLen=16
ModelCorrespondence={CIM_IPHeadersFilter.HdrIPVersion}


  

  





HdrSrcMask 
public string[] HdrSrcMask



  
General Information:
HdrSrcMask is an OctetString, of a size 
  determined by the value of the HdrIPVersion property, representing a mask to 
  be used in comparing the source address in the IP header with the value 
  represented in the HdrSrcAddress property. 

If a value for this 
  property is not provided, then the filter does not consider HdrSrcMask in 
  selecting matching packets, i.e., the value of the HdrSrcAddress or the source 
  address range must match the source address in the packet exactly. If a value 
  for this property is provided, then HdrSrcAddressEndOfRange MUST NOT be 
  provided.

Product Specific Usage:
Mask and Address must be 
  used together (using only an address without a mask or visa versa is not 
  supported)

Qualifiers:
-------------
OctetString
MaxLen=16
ModelCorrespondence={CIM_IPHeadersFilter.HdrIPVersion}


  

  





HdrDestAddress 
public string[] HdrDestAddress



  
General Information:
HdrDestAddress is an OctetString, of a size 
  determined by the value of the HdrIPVersion property, representing a 
  destination IP address. When there is no HdrDestAddressEndOfRange value, this 
  value is compared to the destination address in the IP header, subject to the 
  mask represented in the HdrDestMask property. (Note that the mask is ANDed 
  with the address.) When there is a HdrDestAddressEndOfRange value, this value 
  is the start of the specified range (i.e., the HdrDestAddress is lower than 
  the HdrDestAddressEndOfRange) that is compared to the source address in the IP 
  header and matches on any value in the range. 

If a value for this 
  property is not provided, then the filter does not consider HdrDestAddress in 
  selecting matching packets, i.e., HdrDestAddress matches for all 
  values.

Product Specific Usage:
Mask and Address must be used 
  together (using only an address without a mask or visa versa is not 
  supported)

Qualifiers:
-------------
OctetString
MaxLen=16
ModelCorrespondence={CIM_IPHeadersFilter.HdrIPVersion}


  

  





HdrDestMask 
public string[] HdrDestMask



  
General Information:
HdrDestMask is an OctetString, of a size 
  determined by the value of the HdrIPVersion property, representing a mask to 
  be used in comparing the destination address in the IP header with the value 
  represented in the HdrDestAddress property. 

If a value for this 
  property is not provided, then the filter does not consider HdrDestMask in 
  selecting matching packets, i.e., the value of the HdrDestAddress or the 
  destination address range must match the destination address in the packet 
  exactly. If a value for this property is provided, then 
  HdrDestAddressEndOfRange MUST NOT be provided.

Product Specific 
  Usage:
Mask and Address must be used together (using only an address 
  without a mask or visa versa is not 
  supported)

Qualifiers:
-------------
OctetString
MaxLen=16
ModelCorrespondence={CIM_IPHeadersFilter.HdrIPVersion}


  

  





HdrProtocolID 
public uint8 HdrProtocolID



  
General Information:
HdrProtocolID is an 8-bit unsigned integer, 
  representing an IP protocol type. This value is compared to the Protocol field 
  in the IP header. 

If a value for this property is not provided, then 
  the filter does not consider HdrProtocolID in selecting matching packets, 
  i.e., HdrProtocolID matches for all values.

Product Specific 
  Usage:
A value of 6 is required for TCP-type filters; a value of 17 is 
  required for UDP-type filters. 
Only TCP or UDP filters can have port 
  filtering information; only TCP filters can have TCP flags information.

  

  





HdrSrcPortStart 
public uint16 HdrSrcPortStart



  
General Information:
HdrSrcPortStart represents the lower end of 
  a range of UDP or TCP source ports. The upper end of the range is represented 
  by the HdrSrcPortEnd property. The value of HdrSrcPortStart MUST be no greater 
  than the value of HdrSrcPortEnd. A single port is indicated by equal values 
  for HdrSrcPortStart and HdrSrcPortEnd. 

A source port filter is 
  evaluated by testing whether the source port identified in the IP header falls 
  within the range of values between HdrSrcPortStart and HdrSrcPortEnd, 
  INCLUDING these two end points. 

If a value for this property is not 
  provided, then the filter does not consider HdrSrcPortStart in selecting 
  matching packets, i.e., there is no lower bound in matching source port 
  values.

  

  





HdrSrcPortEnd 
public uint16 HdrSrcPortEnd



  
General Information:
HdrSrcPortEnd represents the upper end of a 
  range of UDP or TCP source ports. The lower end of the range is represented by 
  the HdrSrcPortStart property. The value of HdrSrcPortEnd MUST be no less than 
  the value of HdrSrcPortStart. A single port is indicated by equal values for 
  HdrSrcPortStart and HdrSrcPortEnd. 

A source port filter is evaluated 
  by testing whether the source port identified in the IP header falls within 
  the range of values between HdrSrcPortStart and HdrSrcPortEnd, INCLUDING these 
  two end points. 

If a value for this property is not provided, then the 
  filter does not consider HdrSrcPortEnd in selecting matching packets, i.e., 
  there is no upper bound in matching source port values.

  

  





HdrDestPortStart 
public uint16 HdrDestPortStart



  
General Information:
HdrDestPortStart represents the lower end 
  of a range of UDP or TCP destination ports. The upper end of the range is 
  represented by the HdrDestPortEnd property. The value of HdrDestPortStart MUST 
  be no greater than the value of HdrDestPortEnd. A single port is indicated by 
  equal values for HdrDestPortStart and HdrDestPortEnd. 

A destination 
  port filter is evaluated by testing whether the destination port identified in 
  the IP header falls within the range of values between HdrDestPortStart and 
  HdrDestPortEnd, INCLUDING these two end points. 

If a value for this 
  property is not provided, then the filter does not consider HdrDestPortStart 
  in selecting matching packets, i.e., there is no lower bound in matching 
  destination port values.

  

  





HdrDestPortEnd 
public uint16 HdrDestPortEnd



  
General Information:
HdrDestPortEnd represents the upper end of 
  a range of UDP or TCP destination ports. The lower end of the range is 
  represented by the HdrDestPortStart property. The value of HdrDestPortEnd MUST 
  be no less than the value of HdrDestPortStart. A single port is indicated by 
  equal values for HdrDestPortStart and HdrDestPortEnd. 

A destination 
  port filter is evaluated by testing whether the destination port identified in 
  the IP header falls within the range of values between HdrDestPortStart and 
  HdrDestPortEnd, INCLUDING these two end points. 

If a value for this 
  property is not provided, then the filter does not consider HdrDestPortEnd in 
  selecting matching packets, i.e., there is no upper bound in matching 
  destination port values.

  

  





TCPFlagsOn 
public uint16[12] TCPFlagsOn



  
General Information:
A set of flags whose effective value in the 
  TCP header of each packet must be ON for filter to take 
  effect

Product Specific Usage:
Current implementation 
  supports flags FIN, SYN, RST, PUSH, ACK, URG, ECNE, CWR. 
ECNE and CWR 
  first supported in Release 
  4.0.

Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 5, 
  6, 7, 8}
Values={FIN, SYN, RST, PUSH, ACK, URG, ECNE, CWR, NS}


  

  





TCPFlagsOff 
public uint16[12] TCPFlagsOff



  
General Information:
A set of flags whose effective value in the 
  TCP header of each packet must be OFF for filter to take 
  effect

Product Specific Usage:
Current implementation 
  supports flags FIN, SYN, RST, PUSH, ACK, URG, ECNE, CWR. 
ECNE and CWR 
  first supported in Release 
  4.0.

Qualifiers:
-------------
ValueMap={0, 1, 2, 3, 4, 5, 
  6, 7, 8}
Values={FIN, SYN, RST, PUSH, ACK, URG, ECNE, CWR, NS}


  

  





FilterProfile 
public uint16 FilterProfile



  
General Information:
Specifies the type of behavior exhibited by 
  the 
  filter.

Qualifiers:
-------------
Required
ValueMap={0, 
  1, 2, 3, 4}
Values={Statistics + Pass, Statistics + Drop, Rate Limit, Pass, 
  Drop}


  

  





FilterDirection 
public uint16 FilterDirection



  
General Information:
Specifies the traffic direction (transmit 
  or receive) that the filter 
  governs.

Qualifiers:
-------------
Required
ValueMap={0, 
  1}
Values={Transmit filter, Receive filter}


  

  





ActionEventOnMatch 
public boolean ActionEventOnMatch



  
General Information:
Specifies whether an Event should be 
  created in the Event Manager when this filter is 
  matched.

Qualifiers:
-------------
Required


  

  





FilterProfileData 
public uint32 FilterProfileData



  
General Information:
An extra data parameter which is used 
  depending on the FilterProfile: It is left blank for Drop/Pass/Statistics 
  filters, but is required for Rate Limit filters. It indicates the maximum 
  number of events per second (should be greater than 0). Rate limits are not 
  exact. Typically several more packets than the number in the rate limit will 
  be allowed to pass before traffic is blocked. If the boundary is critical, set 
  the maximum number of events to a lower value

  

  






  
  

    Method 
Detail


Create
public  Create([IN]AMT_IPHeadersFilter Instance, [OUT] REF AMT_IPHeadersFilter ResourceCreated)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_CIRCUIT_BREAKER_REALM

General 
  Information:
Creates a new instance of this class

Product 
  Specific Usage:
The following properties must be included in any 
  representation of AMT_IPHeadersFilter: 

InstanceID 
Name 
  
CreationClassName 
SystemName 
SystemCreationClassName 
  
FilterProfile 
FilterDirection 
ActionEventOnMatch 

API is 
  blocked in client control mode 






Get
public  Get([OUT]AMT_IPHeadersFilter Instance)



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_CIRCUIT_BREAKER_REALM

General 
  Information:
Gets the representation of the instance





Delete
public  Delete()



  
Permission Information:
Permitted realms: 
  ADMIN_SECURITY_CIRCUIT_BREAKER_REALM

General 
  Information:
Deletes an instance





Pull
public  Pull([IN]String EnumerationContext, [IN]String MaxElements)



  
Permission Information:
All users permitted to use method, only 
  instances to whom the user has permissions will be returned

General 
  Information:
Pulls instances of this class, following an Enumerate 
  operation





Enumerate
public  Enumerate()



  
Permission Information:
All users permitted to use 
  method

General Information:
Enumerates the instances of this 
  class





Release
public  Release([IN]String EnumerationContext)



  
Permission Information:
All users permitted to use 
  method

General Information:
Releases an enumeration 
  context






  
  

    SUMMARY: NESTED | FIELD | METHOD
  

  

    DETAIL: FIELD | METHOD



  
  

    
      
Copyright © 2006-2022, Intel 
      Corporation. All rights 
reserved.