Simulations
These are simulation outputs demonstrating how modules in the filter behave. First though is a diagram of the filter and its modules
The Ethernet module reads nybbles of data off the wire and groups them to form bytes. The Ethernet fields such as the MAC addresses are stripped and the frame is check to see if it carries an IP packet indicated by the protocol field having the value 0x0800. If an IP packet is found the bytes are passed on to the IPrx module on the rising edge of new_packet_data. packet_present is a signal to IPrx that a packet is present.
The IPrx module reads bytes of data from the Ethernet module and parse then until the protocol and IP addresses are read. If the IP packet carries a TCP datagram the datagram_present flag is raised to alert the TCPrx module of this. IP fields are then passed to the Trie module to match the fields to the rules.
The TCPrx module is similar to the IPrx module in that it parse fields and records the port numbers of the TCP datagram. The port numbers are then passed to the PortBitVec module to be matched against values in the rule.
The IPrx and TCPrx modules both return bit vectors at different times indicating which rules were matched by a packet. Each '1' in the bit vector represents a match and a '0' represents no match for that rule. The Aggregator module ANDs the bit vectors together to produce a combined result indicating which rule match the packet as a whole.
The Count module receives the bit vector output by the Aggregator module and increments the appropriate counters.
