Ruledef Configuration Mode Commands


Ruledef Configuration Mode Commands
 
 
The Ruledef Configuration Mode is used to create and manage ACS rule definitions.
Important: Up to 10 rule matches can be configured in one ruledef.
 
Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).
 
bearer
The following commands define rules for analyzing traffic based on the bearer channel:
 
bearer 3gpp apn
This command defines a rule definition to analyze and charge user traffic based on APN of the bearer flow.
Important: This command is only available in StarOS 8.1 and later.
Product
GGSN
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer 3gpp apn [ case-sensitive ] operator value
no
Removes the specified rule definition.
[ case-sensitive ]
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
value
The name of the matching APN in bearer flow.
value must be an alpha and/or numeric string of 1 through 62 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on APN of the bearer flow.
Example
The following command creates a rule definition to analyze user traffic for an APN named apn12:
bearer 3gpp apn = apn12
 
bearer 3gpp imsi
This command defines a rule definition to analyze and charge user traffic based on the International Mobile Station Identification number (IMSI) in bearer flow.
Important: This command is only available in StarOS 8.1 and later.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer 3gpp imsi { operator imsi | { !range | range } imsi-pool imsi_pool }
no
Removes the specified rule definition.
operator
Specifies how to logically match the IMSI.
operator must be one of the following:
!=: Does not equal
=: Equals
imsi
Specifies the mobile station identifier.
{ !range | range } imsi-pool imsi_pool
!range | range: Specifies the range criteria:
!range: Not in the range of
range: In the range of
imsi-pool imsi_pool: Specifies the IMSI pool name. imsi_pool must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on IMSI.
Example
The following command creates a rule definition to analyze user traffic for the IMSI number 9198838330912:
bearer 3gpp imsi = 9198838330912
 
bearer 3gpp rat-type
This command defines a rule definition to analyze and charge user traffic based on the Radio Access Technology (RAT) in bearer flow.
Important: This command is only available in StarOS 8.1 and later.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer 3gpp rat-type operator rat
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
rat
The rat type associated with the bearer flow.
geran: GSM EDGE Radio Access Network type
utran: UMTS Terrestrial Radio Access Network type
wlan: Wireless LAN type
Usage
Use this command to specify a rule definition to analyze user traffic based on RAT type.
Example
The following command creates a rule definition for analyzing user traffic for the WLAN RAT type wlan:
bearer 3gpp rat-type = wlan
 
bearer 3gpp sgsn-address
This command defines a rule definition to analyze and charge user traffic based on SGSN address associated in 3gpp bearer flow.
Important: This command is only available in StarOS 8.1 and later.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer 3gpp sgsn-address operator address
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
address
Specifies IP address of the SGSN node.
address must be an SGSN IP address expressed in standard IPv4 or IPv6 dotted decimal notation.
Usage
Use this command to specify a rule definition to analyze user traffic based on IP address of SGSN node. This command replaces the bearer sgsn-address command.
Example
The following command creates a rule definition for analyzing user traffic for an SGSN node with IP address of 19.88.3.8:
bearer 3gpp sgsn-address = 19.88.3.8
 
bearer 3gpp2 bsid
This command defines a rule definition to analyze and charge user traffic based on the 3GPP2 service Base Station Identifier (BSID) for bearer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer 3gpp2 bsid [ case-sensitive ]operator bs_id
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
bs_id
The name of the matching 3GPP2 service Base Station ID (BSID) in bearer flow.
bs_id must be an alpha and/or numeric string of 1 through 12 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on 3GPP2 service Base Station Identifier (BSID).
Example
The following command creates a rule definition for analyzing user traffic for a 3GPP2 BSID named bs001_xyz:
bearer 3gpp2 bsid = bs001_xyz
 
bearer 3gpp2 service-option
This command defines a rule definition to analyze and charge user traffic based on the 3GPP2 service with service options for bearer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer 3gpp2 service-optionoperator option_code
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: more than or equals
option_code
The code of the matching 3GPP2 service option in bearer flow.
option_code must be an integer from 0 through 1000.
Usage
Use this command to specify a rule definition to analyze user traffic based on 3GPP2 service’s service option code.
Example
The following command creates a rule definition for analyzing user traffic for a 3GPP2 service’s service option as = 1034:
bearer 3gpp2 service-option = 1034
 
bearer apn
This command defines a rule definition to analyze and charge user traffic based on APN bearer.
Important: In StarOS 8.1 and later, this command is deprecated and is replaced by the bearer 3gpp apn command.
Product
GGSN
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer apn [ case-sensitive ]operator value
no
Removes the specified rule definition.
[ case-sensitive ]
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
value
The name of the matching APN in bearer flow.
value must be an alpha and/or numeric string of 1 through 62 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on APN name.
Example
The following command creates a rule definition for analyzing user traffic for an APN name apn12:
bearer apn = apn12
 
bearer imsi
This command defines a rule definition to analyze and charge user traffic based on International Mobile Station Identification number (IMSI) in bearer flow.
Important: In StarOS 8.1 and later, this command is deprecated and is replaced by the bearer 3gpp imsi command.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer imsi { operator imsi | { !range | range } imsi-pool imsi_pool }
no
Removes the specified rule definition.
operator
Specifies how to logically match the IMSI.
operator must be one of the following:
!=: Does not equal
=: Equals
msid
Specifies the Mobile Station Identifier.
{ !range | range } imsi-pool imsi_pool
!range | range: Specifies the range criteria:
!range: Not in the range of
range: In the range of
imsi-pool imsi_pool: Specifies the IMSI pool name. imsi_pool must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on IMSI number of mobile station.
Example
The following command creates a rule definition to analyze user traffic for an IMSI number 9198838330912:
bearer imsi = 9198838330912
 
bearer rat-type
This command defines a rule definition to analyze and charge user traffic based on the Radio Access Technology (RAT) in bearer flow.
Important: In StarOS 8.1 and later, this command is deprecated and is replaced by the bearer 3gpp rat-type command.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer rat-typeoperator rat
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
rat
The rat type associated with the bearer flow.
geran: GSM EDGE Radio Access Network type
utran: UMTS Terrestrial Radio Access Network type
wlan: Wireless LAN type
Usage
Use this command to specify a rule definition to analyze user traffic based on RAT type.
Example
The following command creates a rule definition for analyzing user traffic for the WLAN RAT type wlan:
bearer rat-type = wlan
 
bearer sgsn-address
This command defines a rule definition to analyze and charge user traffic based on SGSN address associated in bearer flow.
Important: In StarOS 8.1 and later, this command is deprecated and is replaced by the bearer 3gpp sgsn-address command.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer sgsn-addressoperator address
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
address
The IP address of SGSN node.
address must be an SGSN IP address expressed in standard IPv4 or IPv6 notation.
Usage
Use this command to specify a rule definition to analyze user traffic based on IP address of SGSN node.
Example
The following command creates a rule definition for analyzing user traffic for an SGSN node with IP address of 19.88.3.8:
bearer sgsn-address = 19.88.3.8
 
bearer traffic-group
This command defines a rule definition to analyze and charge user traffic based on the traffic group number associated to the bearer flow.
Important: This functionality is only available if the license for Content Access Control (P/N: 699-00-0011) has been purchased and installed.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] bearer traffic-group operator grp_num
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
grp_num
Specifies the traffic group number.
grp_num must be an integer from 1 through 255.
Usage
Use this command to specify a rule definition to analyze user traffic based on the traffic group value. See the fa-ha-spi command in the HA Service Configuration Mode Commands chapter for more information.
Example
The following command creates a rule definition for all traffic groups assigned a value greater or equal to 23:
bearer traffic-group >= 23
 
cca
The following commands define rules for packets based on Credit Control Application:
 
cca quota-state
This command specifies the quota state of a subscriber for prepaid credit control service.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] cca quota-state operator { limit-reached | lower-bandwidth }
no
Disables the configured credit control quota state for this rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: lesser than equal
=: equals
>=: greater than equal
limit-reached
This state matches an affirmative end-of-quota indication for this rule definition from the prepay server.
lower-bandwidth
This state matches the lower-bandwidth quota state of a rating group.
Usage
This command supports URL redirection cases and creates a rule for subscriber prepaid quota state as exhausted or not exhausted.
If a subscriber has exhausted the quota but has not exhausted the qualified period, a different charging-action can applied based on the cca quota-state CLI.
Example
The following command creates a rule for subscriber to send end-of-quota indication when credit control prepay quota limit reached:
cca quota-state = limit-reached
 
cca redirect-indicator
This command configures the value of the redirect-indicator state of the credit control application.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] cca redirect-indicator operatorindicator
no
Disables the configured credit control redirect indicator for specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
indicator
Specifies the redirect indicator for AVP used for redirection of URL in RADIUS dictionary used for prepaid service.
indicator must be an integer from 0 through 4294967295.
Important: For the RADIUS server configured with different values to return for this AVP the ECS requires rule definitions to match the different values for system to associate with Charging Actions that have different redirect URLs configured.
Usage
This command is used to configure an AVP to be used from a dictionary that defines the AVP for the redirect-indicator.
For example, a RADIUS dictionary specifies the 3gpp2-release-indicator to be used for redirect indicator when RADIUS is used as the credit control application. In this case, the value for 3gpp2-release-indicator that is returned by the RADIUS prepaid server for a quota request for a given content-id is retained by system and associated with the flow.
Example
Following command specifies redirect indicator as 1234 for URL redirect AVP:
cca redirect-indicator = 1234
 
copy-packet-to-log
This command prints every packet that hits this rule to a log statement.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] copy-packet-to-log
no
Disables the feature.
Usage
Use this command to print every packet that hits this rule to a log statement.
 
dns
The following commands define rules for packets based on the DNS:
 
dns answer-name
This command defines a rule definition to analyze and charge user traffic based on the DNS answer-name.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] dns answer-name [ case-sensitive ]operator value
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
value
The value of the specified field.
value must be an alpha and/or numeric string of 1 through 255 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on answer name.
Example
The following command creates a rule definition for analyzing user traffic for a answer name of test:
dns answer-name = test
 
dns any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for DNS packets.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] dns any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify an any match rule definition for analyzing user traffic for charging purposes.
Example
The following command defines an any match rule definition for analyzing DNS user traffic:
dns any-match = TRUE
 
dns previous-state
This command defines a rule definition to analyze and charge user traffic matching the previous state expressions for DNS packets.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] dns previous-stateoperatordns_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
dns_state
dns_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the DNS previous state.
Example
The following command creates a rule definition for analyzing user traffic using a previous state of req-sent:
dns previous-state = req-sent
 
dns query-name
This command defines a rule definition to analyze and charge user traffic based on the DNS query-name.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] dns query-name [ case-sensitive ]operator value
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
value
The value of the specified field.
value must be an alpha and/or numeric string of 1 through 255 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the DNS query name.
Example
The following command creates a rule definition for analyzing user traffic using a query name of test:
dns query-name = test
 
dns return-code
This command defines a rule definition to analyze and charge user traffic based on the DNS return-code.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] dns return-codeoperator dns_response
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
dns_response
dns_response must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a DNS return code.
Example
The following command creates a rule definition for analyzing user traffic using a DNS response of refused:
dns return-code = refused
 
dns state
This command defines a rule definition to analyze and charge user traffic based on the DNS state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] dns stateoperatordns_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
dns_state
dns_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a DNS state.
Example
The following command creates a rule definition for analyzing user traffic using a DNS state of req-sent:
dns state = req-sent
 
dns tid
This command defines a rule definition to analyze and charge user traffic based on the DNS Transaction Identifier (TID).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] dns tidoperatortid_value
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
tid_value
Specifies the DNS transaction identifier for this rule definition.
tid_value must be an integer from 1 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on the DNS TID.
Example
The following command creates a rule definition for analyzing user traffic using a DNS TID value of test:
dns tid = test
 
email
This command defines a rule definition to analyze and charge user traffic based on the conditions based on e-mail parameters.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] email { cc | content { class | type } | from | size | subject | to } [ case-sensitive ]operator value
no
Removes the specified rule definition.
cc
Specifies to match on the information in the CC field of e-mail message.
content { class | type }
Specifies to match on the information in the “content-type” or “content-class” field of e-mail message.
from
Specifies to match on the information in the “from” field of e-mail message.
subject
Specifies to match on the information in the “subject” field of e-mail message.
to
Specifies to match on the information in the “to” field of e-mail message.
size
Specifies to match with the total size of e-mail message in bytes.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field of e-mail message.
operator must be one of the following except for size:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
operator must be one of the following for size:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
value
The value of the specified field. value must be an alpha and/or numeric string (allows punctuation characters) as follows:
cc: A string of 1 through 512 characters in length
content: A string of 1 through 128 characters in length
from: A string of 1 through 64 characters in length
size: A range of bytes from 1 through 4000000000 bytes
subject: A string of 1 through 128 characters in length
to: A string of 1 through 512 characters in length
Usage
Use this command to specify a rule definition to analyze user traffic based on different fields and parameters of e-mail message.
Example
The following command creates an email rule definition for analyzing user traffic for the occurrence of triangular in the ‘cc’ field of e-mail message:
email cc contains triangular@xyz.com
 
end
This command returns the CLI prompt to the Exec mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Use this command to change to the Exec mode.
 
exit
This command exits the Ruledef Configuration mode and returns to the Active Charging Configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Use this command to return to the Active Charging Configuration mode.
 
file-transfer
The following commands define rules for analyzing traffic based on file transfers:
 
file-transfer any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for file transfer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] file-transfer any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the file transfer any match status.
Example
The following command creates a file transfer rule definition for analyzing user traffic using a file transfer any match status of FASLE:
file-transfer any-match = FALSE
 
file-transfer chunk-number
This command defines a rule definition to analyze and charge user traffic based on number of chunks in a file transfer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] file-transfer chunk-numberoperator value
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
value
Specifies the number of chunks for this rule definition.
value must be an integer from 1 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on the number of chunks in a file transfer.
Example
The following command creates a file transfer rule definition for analyzing user traffic using 150 number of chunks:
file-transfer chunk-number = 150
 
file-transfer current-chunk-length
This command defines a rule definition to analyze and charge user traffic based on length of current chunk in a file transfer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] file-transfer current-chunk-lengthoperator value
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
value
Specifies the length in bytes of current chunk for this rule definition.
value must be an integer from 1 through 40000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the length of current chunk in a file transfer.
Example
The following command creates a file transfer rule definition for analyzing user traffic using current length of chunk as 1500000 bytes:
file-transfer current-chunk-length = 1500000
 
file-transfer declared-chunk-length
This command defines a rule definition to analyze and charge user traffic based on declared length of chunk in a file transfer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] file-transfer declared-chunk-lengthoperator value
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
value
Specifies the declared length, in bytes, of chunk for this rule definition.
value must be an integer from 1 through 40000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the declared length of chunk in a file transfer.
Example
The following command creates a file transfer rule definition for analyzing user traffic using declared length of chunk as 2500000 bytes:
file-transfer declared-chunk-length = 2500000
 
file-transfer declared-file-size
This command defines a rule definition to analyze and charge user traffic based on declared size of file in a file transfer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] file-transfer declared-file-sizeoperator size
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
size
Specifies the declared size of file, in bytes, for this rule definition.
size must be an integer from 1 through 40000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the declared size of file in a file transfer.
Example
The following command creates a file transfer rule definition for analyzing user traffic using declared size of file as 2500000 bytes:
file-transfer declared-file-size = 2500000
 
file-transfer filename
This command defines a rule definition to analyze and charge user traffic based on declared name of the file in a file transfer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] file-transfer filename [ case-sensitive ]operator size
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the declared name of file in a file transfer.
Example
The following command creates a file transfer rule definition for analyzing user traffic using declared name of file as star1:
file-transfer filename contains star1
 
file-transfer previous-state
This command defines a rule definition to analyze and charge user traffic based on the previous state of file transfer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] file-transfer previous-state operator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
previous_state must be one of the following:
init: Specifies previous state as initialization.
request-sent: Specifies previous state as request sent.
transfer-error: Specifies previous state as transfer error.
transfer-ok: Specifies previous state as transfer ok.
Usage
Use this command to specify a rule definition to analyze user traffic based on a previous state of file transfer.
Example
The following command creates a file transfer rule definition for analyzing user traffic using a previous file transfer state of init:
file-transfer previous-state = init
 
file-transfer state
This command defines a rule definition to analyze and charge user traffic based on the current state of file transfer Finite State Machine (FSM).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] file-transfer state operator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
state must be one of the following
init: Specifies current state as initialization.
request-sent: Specifies current state as request sent.
transfer-error: Specifies current state as transfer error.
transfer-ok: Specifies current state as transfer ok.
Usage
Use this command to specify a rule definition to analyze user traffic based on state of file transfer.
Following table describes the details of file transfer FSM states with event:
Example
The following command creates a file transfer rule definition for analyzing user traffic using a file transfer state of init:
file-transfer state = init
 
file-transfer transferred-file-size
This command defines a rule definition to analyze and charge user traffic based on transferred size of file in a file transfer.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] file-transfer transferred-file-sizeoperator size
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
size
Specifies the transferred size of file, in bytes, for this rule definition.
size must be an integer from 1 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the transferred size of file in a file transfer.
Example
The following command creates a file transfer rule definition for analyzing user traffic using transferred size of file as 2500:
file-transfer transferred-file-size = 2500
 
ftp
The following commands define rules for analyzing traffic based on File Transfer Protocol (FTP):
 
ftp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for FTP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the FTP any match status.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP any match status of FALSE:
ftp any-match = FALSE
 
ftp client-ip-address
This command defines a rule definition to analyze and charge user traffic based on FTP client IP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp client-ip-addressoperatorip_address
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
ip_address
ip_address must be the client’s IP address expressed in IPv4 dotted decimal or IPv6 colon notation.
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP client IP.
Example
The following command creates an FTP rule definition for analyzing user traffic using a client IP of 1.1.1.1:
ftp client-ip = 1.1.1.1
 
ftp client-port
This command defines a rule definition to analyze and charge user traffic based on FTP client port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp client-portoperatorport
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
port
Specifies the port number for this rule definition.
port must be an integer from 1 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP client port.
Example
The following command creates an FTP rule definition for analyzing user traffic using ftp client port 10:
ftp client-port = 10
 
ftp command args
This command defines a rule definition to analyze and charge user traffic based on FTP command argument.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp command args [ case-sensitive ]operator argument
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contains
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
argument
Specifies the argument for this rule definition.
argument must be a string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP command argument.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP command argument of test:
ftp command args = test
 
ftp command id
This command defines a rule definition to analyze and charge user traffic based on FTP command ID.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp command idoperator command_id
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
command_id
Specifies the command identifier for this rule definition.
In StarOS 9.0 and later, command_id must be an integer from 0 through 18.
In StarOS 8.3 and earlier, command_id must be an integer from 0 through 15.
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP command ID.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP command ID of 10:
ftp command id = 10
 
ftp command name
This command defines a rule definition to analyze and charge user traffic based on FTP command name.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp command name operatorcommand_name
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
command_name
Specifies the command name for this rule definition.
command_name must be one of the following:
abor: Abort command
cwd: Current working directory command
eprt: eprt command
epsv: epsv command
list: List command
mode: Transfer mode command
pass: Password command
pasv: Passive command
port: Port command
quit: Quit command
rest: Restore command
retr: Retry command
stor: Store command
stru: file structure command
syst: system command
type: Type command
user: user command
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP command name.
Example
The following command creates an FTP rule definition for analyzing user traffic using the FTP command name of list:
ftp command name = list
 
ftp connection-type
This command defines a rule definition to analyze and charge user traffic based on FTP connection type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp connection-typeoperatorconnection_type
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
connection_type
Specifies the connection type for this rule definition.
connection_type must be one of the following:
0: unknown
1: control connection
2: data connection
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP connection type.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP connection type of 1:
ftp connection-type = 1
 
ftp data-any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for FTP data packets.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp data-any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the any match status for FTP data packets.
Example
The following command creates a rule definition for analyzing user traffic using data-any-match status for FTP data packet set as FALSE:
ftp data-any-match = FALSE
 
ftp filename
This command defines a rule definition to analyze and charge user traffic based on FTP file name.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp filename [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition. string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP filename.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP filename of test:
ftp filename = test
 
ftp pdu-length
This command defines a rule definition to analyze and charge user traffic based on FTP Protocol Data Unit (PDU) length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp pdu-lengthoperator pdu_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
pdu_length
Specifies the FTP PDU length, in bytes, for this rule definition.
pdu_length must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on FTP PDU length (header + payload) in bytes.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP pdu length of 9647 bytes:
ftp pdu-length = 9647
 
ftp pdu-type
This command defines a rule definition to analyze and charge user traffic based on FTP Protocol Data Unit (PDU) type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp pdu-typeoperator pdu_type
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
pdu_type
Specifies the PDU type for this rule definition.
pdu_type must be one of the following:
0: unknown
1: command
2: reply
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP PDU type.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP PDU type of 0:
ftp pdu-type = 0
 
ftp previous-state
This command defines a rule definition to analyze and charge user traffic based on the previous state of FTP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp previous-state operator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
Specifies the previous state.
previous_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a previous state.
Example
The following command creates an FTP rule definition for analyzing user traffic using a previous FTP state of init:
ftp previous-state = init
 
ftp reply code
This command defines a rule definition to analyze and charge user traffic based on the FTP reply code.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp reply codeoperator code
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
code
Specifies the code for this rule definition.
code must be an integer from 100 through 599.
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP reply.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP reply code of 199:
ftp reply code = 199
 
ftp server-ip-address
This command defines a rule definition to analyze and charge user traffic based on the FTP server IP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp server-ip-addressoperator ip_address
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
ip_address
Specifies the server address for this rule definition.
ip_address must be expressed in IPv4 decimal notation or IPv6 colon notation.
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP server IP address.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP server IP of 1.1.1.1:
ftp server-ip-address = 1.1.1.1
 
ftp server-port
This command defines a rule definition to analyze and charge user traffic based on the FTP server port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp server-portoperator port
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
port
Specifies the FTP server port.
port must be an integer from 1 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on an FTP server port.
Example
The following command creates an FTP rule definition for analyzing user traffic using ftp server port 25:
ftp server-port = 25
 
ftp session-length
This command defines a rule definition to analyze and charge user traffic based on the FTP session-length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp session-lengthoperator session_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
session_length
Specifies the FTP session length for this rule definition.
session_length must be an integer from 1 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the FTP session’s total length.
Example
The following command creates a rule definition for analyzing user traffic using an FTP session length of 40000:
ftp session-length = 40000
 
ftp state
This command defines a rule definition to analyze and charge user traffic based on the FTP state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp stateoperator { close | command-sent | init | response-error | response-ok }
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
close
Analyzes FTP transmissions that are in a closed state.
command-sent
Analyzes FTP transmissions that are in a command sent state.
init
Analyzes FTP transmissions that are in the initialized state.
response-error
Analyzes FTP transmissions that are in the response error state.
response-ok
Analyzes FTP transmissions that are in the response ok state.
Usage
Use this command to specify a rule definition to analyze user traffic based on the current ftp session state.
Example
The following command creates an FTP rule definition for analyzing user traffic using a current FTP state of open:
ftp state = open
 
ftp url
This command defines a rule definition to analyze and charge user traffic based on the FTP URL.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp url [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
A unique name that you specify for the FTP URL.
string must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on FTP file location/path for transfer.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP URL string of ftp://rfc.ietf.org/rfc/rfc1738.txt:
ftp url = ftp://rfc.ietf.org/rfc/rfc1738.txt
 
ftp user
This command defines a rule definition to analyze and charge user traffic based on the FTP user.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ftp user [ case-sensitive ]operator ftp_user
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
ftp_user
A unique name that you specify for the FTP user. ftp_user must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the FTP user.
Example
The following command creates an FTP rule definition for analyzing user traffic using an FTP user of user1:
ftp user = user1
 
http
The following commands define rule for analyzing traffic based on Hypertext Transport Protocol (HTTP):
 
http attribute-in-data
This command enables configuring dynamic header field in application payload.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http attribute-in-data field_name [ case-sensitive ] operator string
no
Removes the specified rule definition.
case-sensitive
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
Default: Disabled
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
field_name
Specifies the name of the field.
field_name must be an alpha and/or numeric string of 1 through 31 characters in length.
string
Specifies value of the extension header.
field_name must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to configure dynamic header field in application payload.
 
http attribute-in-url
This command enables configuring dynamic header field in URL.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http attribute-in-url field_name [ case-sensitive ] operator string
no
Removes the specified rule definition.
case-sensitive
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
Default: Disabled
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
field_name
Specifies the name of the field.
field_name must be an alpha and/or numeric string of 1 through 31 characters in length.
string
Specifies value of the extension header.
field_name must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to configure dynamic header field in URL.
 
http any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for HTTP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the HTTP any match status.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP any match status of FALSE:
http any-match = FALSE
 
http content disposition
This command defines a rule definition to analyze and charge user traffic based on the optional “content disposition” field of HTTP entity header.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http content disposition [ case-sensitive ]operator content_dispos
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
content_dispos
This field offers a mechanism for the sender to transmit presentational information to the recipient, allowing each component of a message to be tagged with an indication of its desired presentation semantics.
content_dispos must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP content type. This feature is to support RFC 2616 for HTTP and RFC 1806 for Content Disposition.
Example
The following command creates an HTTP rule definition for analyzing user traffic using content-disposition field in an HTTP entity header as successful:
http content disposition = successful
 
http content length
This command defines a rule definition to analyze and charge user traffic based on HTTP content length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http content lengthoperator content_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
content_length
Specifies the HTTP body length, in bytes, for this rule definition.
content_length must be an integer from 1 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP content length.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP body length of 10000:
http content length = 10000
 
http content type
This command defines a rule definition to analyze and charge user traffic on the basis of content-type field in HTTP entity header.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http content type [ case-sensitive ]operator content_type
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
content_type
A unique content type that you specify for the HTTP rule definition.
content_type must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on content-type field in HTTP entity header.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP content type of abc100:
http content type = abc100
 
http error
This command defines a rule definition to analyze user traffic for invalid HTTP packets and other errors while parsing HTTP packets.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http error operator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to define a rule definition to analyze user traffic for invalid HTTP packets and any other errors while parsing HTTP packets. For example, FSM error, invalid header field values, ACS memory and buffer limit, packet related errors.
ECS supports pipelining of up to 32 HTTP requests on the same TCP connection. Pipeline overflow requests are not analyzed. Such overflow requests are treated as http-error. The billing system, based on this information, decides to charge or not charge, or refund the subscriber accordingly.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP error status of TRUE:
http error = TRUE
 
http first-request-packet
This command defines a rule definition to analyze and charge user traffic based on the HTTP first-request-packet.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http first-request-packetoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the HTTP first request packet.
Example
The following command creates an HTTP rule definition for analyzing user traffic testing for the first-request-packet equals TRUE:
http first-request-packet = TRUE
 
http header-length
This command defines a rule definition to analyze and charge user traffic based on HTTP header length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http header-lengthoperator header_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
header_length
Specifies the HTTP header length, in bytes, for this rule definition.
header_length must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on HTTP header length.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP header length of 10000:
http header-length = 10000
 
http host
This command defines a rule definition to analyze and charge user traffic based on HTTP host.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http host [ case-sensitive ]operator host_name
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
host_name
A unique name that you specify for the HTTP host.
host_name must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP host name.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP host of host1:
http host = host1
 
http payload-length
This command defines a rule definition to analyze and charge user traffic based on HTTP payload length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http payload-lengthoperator payload_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
payload_length
Specifies the HTTP payload (content) length, in bytes, for this rule definition.
payload_length must be an integer from 1 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP payload length.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP payload length of 10000 bytes:
http payload-length = 10000
 
http pdu-length
This command defines a rule definition to analyze and charge user traffic based on HTTP Protocol Data Unit (PDU) length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http pdu-lengthoperator pdu_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
pdu_length
Specifies the HTTP PDU length, in bytes, for this rule definition.
pdu_length must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP PDU length (header + payload) in bytes.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP PDU length of 10000 bytes:
http pdu-length = 10000
 
http previous-state
This command defines a rule definition to analyze and charge user traffic based on HTTP previous state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http previous-stateoperator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
Specifies the HTTP previous state for this rule definition.
previous_state must be one of the following:
init: init state
response-error: response error state
response-ok: response ok state
waiting-for-response: waiting for response state
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP previous state.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP previous state of response-ok:
http previous-state = response-ok
 
http referer
This command defines a rule definition to analyze and charge user traffic based on HTTP referer link.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http referer [ case-sensitive ]operator referer_name
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
referer_name
A unique name that you specify for the HTTP referer.
referer_name must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP referer name.
This feature provides the ability to operator to ECS collect or track all URLs visited during a particular subscriber session. These URLs would include the entire string of visited URLs including all referral links. This information output is used in an EDR format to use for reporting or billing functions.
For example; if subscriber begins a web session on his phone and click on the “Sports” link from his home deck and then choose ESPN and from ESPN move to an advertiser link, operator can capture all URLs for that entire session. and during this period ECS collects the URLs for a particular subscriber session an be limited to time duration or number of URLs visited.
ECS supports EDRs for this and EDRs generated contains HTTP URL and the HTTP referer fields along with other fields.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP referer to cricket.espn.com:
http referer = cricket.espn.com
 
http reply code
This command defines a rule definition to analyze and charge user traffic based on HTTP reply.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http reply codeoperator reply_code
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
reply_code
Specifies the HTTP response for this rule definition.
reply_code must be an integer from 100 through 599.
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP reply code.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP reply code of 356:
http reply code = 356
 
http request method
This command defines a rule definition to analyze and charge user traffic based on HTTP request method.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http request methodoperator request
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
request
Specifies the HTTP request for this rule definition.
request must be one of the following requests:
Usage
Use this command to specify a rule definition to analyze user traffic based on HTTP request method.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP request method of connect:
http request method = connect
 
http session-length
This command defines a rule definition to analyze and charge user traffic based on HTTP session length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http session-lengthoperator session_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
session_length
Specifies the HTTP total session length for this rule definition.
session_length must be an integer from 1 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the total HTTP session length.
Example
The following command creates an HTTP rule definition for analyzing user traffic using a total HTTP session length of 200000:
http session-length = 200000
 
http state
This command defines a rule definition to analyze and charge user traffic based on HTTP state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the HTTP state for this rule definition.
state must be one of the following:
close: closed state
response-error: response error state
response-ok: response ok state
waiting-for-response: waiting for response state
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP state.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP state of init:
http state = init
 
http transaction-length
This command defines a rule definition to analyze and charge user traffic based on HTTP transaction length (combined length of one HTTP GET Request message and associated one or more response message).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http transaction-length {operatortrans_length| { { range | !range }range_fromtorange_to} }
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
trans_length
Specifies the HTTP transaction length, in bytes, for this rule definition.
trans_length must be an integer from 1 through 4000000000.
{ range | !range } range_from to range_to
Enables or disables the range criteria for length of transaction.
range: Enables the range criteria for HTTP transaction length.
!range: Disables the range criteria for HTTP transaction length.
range_from: Specifies the start of range, in bytes, for HTTP transaction length.
range_to: Specifies the end of range, in bytes, for HTTP transaction length.
Usage
Use this command to specify a rule definition to analyze user traffic based on HTTP transaction length (one HTTP GET Request message + one or more associated response message/s) in bytes.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP transaction length of 10200 bytes:
http transaction-length = 10200
 
http transfer-encoding
This command defines a rule definition to analyze and charge user traffic based on HTTP encoding.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http transfer-encoding [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
A unique name that you specify for HTTP transfer encoding.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP transfer encoding string.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP transfer encoding string of user1:
http transfer-encoding = user1
 
http uri
This command defines a rule definition to analyze and charge user traffic based on HTTP uniform resource identifier (URI).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http uri [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
A unique name that you specify for the HTTP URI.
string must be an alpha and/or numeric string of 1 through 127 characters in length. string allows punctuation characters and it does not include the “host” portion.
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP URI.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP URI string of http://www.somehost.com:
http uri = http://www.somehost.com
 
http url
This command defines a rule definition to analyze and charge user traffic based on HTTP URL.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http url [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
A unique name that you specify for the HTTP URL.
string must be an alpha and/or numeric string of 1 through 127 characters in length. string allows punctuation characters and includes “host + URI” for HTTP PDUs.
For example, in case of the URL “http://www.google.fr/”, the host is “http://www.google.fr”, and the URI is “/”:
Hypertext Transfer Protocol GET / HTTP/1.1\r\n Request Method: GET Request URI: / Request Version: HTTP/1.1 Accept: */*\r\n Accept-Language: fr\r\n Accept-Encoding: gzip, deflate\r\n User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n Host: www.google.fr\r\n Connection: Keep-Alive\r\n \r\n
Usage
Use this command to specify a rule definition to analyze user traffic based on an HTTP URL.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP URL string of http://rfc.ietf.org/rfc/rfc1738.txt:
http url = http://rfc.ietf.org/rfc/rfc1738.txt
 
http user-agent
This command defines a rule definition to analyze and charge user traffic based on the user agent information in “user-agent” field of HTTP header.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http user-agent [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
This matches the HTTP user agent information in HTTP header.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the HTTP “user-agent” field.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP user agent as xyz.123:
http user-agent = xyz.123
 
http version
This command defines a rule definition to analyze and charge user traffic based on HTTP version information in header.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http version [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
This matches the HTTP version information in HTTP header.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the HTTP version.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an HTTP version of http4.2:
http version = http4.2
 
http x-header
This command configures and matches rules based on extension-headers (x-headers). All x-header fields must begin with “x-.”
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] http x-headername[ case-sensitive ]operator string
no
Removes the specified rule definition.
name
A unique value that you specify to use for the x-header.
name must be an alpha and/or numeric string of 1 through 31 characters in length.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
This matches the HTTP x-header information in HTTP header.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to configure and match rules based on extension-headers (x-headers). This allows additional header fields to be defined without changing the protocol. The extension-header can be any header fields which are not specified in RFC.
Example
The following command creates a rule definition for analyzing user traffic containing extension-header of test_field and value of test_string:
http x-header test_field = test_string
 
icmp
The following commands define rules for analyzing traffic based on Internet Control Message Protocol (ICMP):
 
icmp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for ICMP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] icmp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the icmp analyzed state.
Example
The following command creates a icmp rule definition for analyzing user traffic using an ICMP any match state of FALSE:
icmp any-match = FALSE
 
icmp code
This command defines a rule definition to analyze and charge user traffic based on the ICMP code.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] icmp codeoperator code
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
code
Specifies the ICMP code is for this rule definition.
code must be an integer from 0 through 255.
Usage
Use this command to specify a rule definition to analyze user traffic based on the ICMP code.
Example
The following command creates an ICMP rule definition for analyzing user traffic using an ICMP code as 23:
icmp code = 23
 
icmp type
This command defines a rule definition to analyze and charge user traffic based on the ICMP type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] icmp typeoperator type
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
type
Specifies the ICMP type for this rule definition.
type must be an integer from 0 through 255. For example, 0 for ECHO Reply, 3 for Destination Unreachable, and 5 for Redirect.
Usage
Use this command to specify a rule definition to analyze user traffic based on the ICMP type.
Example
The following command creates an ICMP rule definition for analyzing user traffic using an ICMP type as 123:
icmp type = 123
 
icmpv6
The following commands define rules for analyzing traffic based on Internet Control Message Protocol Version 6 (ICMPv6).
 
icmpv6 any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for Internet Control Message Protocol Version 6 (ICMPv6).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] icmpv6 any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the ICMPv6 analyzed state.
Example
The following command creates an ICMPv6 rule definition for analyzing user traffic using an ICMPv6 any match state of FALSE:
icmpv6 any-match = FALSE
 
icmpv6 code
This command defines a rule definition to analyze and charge user traffic based on the ICMPv6 code.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] icmpv6 codeoperator code
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
code
Specifies the ICMPv6 code is for this rule definition.
code must be an integer from 0 through 255.
Usage
Use this command to specify a rule definition to analyze user traffic based on the ICMPv6 code.
Example
The following command creates an ICMPv6 rule definition for analyzing user traffic using an ICMPv6 code as 23:
icmpv6 code = 23
 
icmpv6 type
This command defines a rule definition to analyze and charge user traffic based on the ICMPv6 type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] icmpv6 typeoperator type
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
type
Specifies the ICMPv6 type for this rule definition.
type must be an integer from 0 through 255. For example, 0 for ECHO Reply, 3 for Destination Unreachable, and 5 for Redirect.
Usage
Use this command to specify a rule definition to analyze user traffic based on the ICMPv6 type.
Example
The following command creates an ICMPv6 rule definition for analyzing user traffic using an ICMPv6 type as 123:
icmpv6 type = 123
 
if-protocol
This command allows different content IDs with certain protocols to be associated with the same.
Product
All
Privilege
Security Administrator, Administrator
Syntax
if-protocol [ http | wsp-connection-less | wsp-connection-oriented ] content-idcontent_id
no if-protocol [ http | wsp-connection-less | wsp-connection-oriented ]
no
Removes the specified rule definition.
http
Specifies HTTP protocol for the rule definition.
wsp-connection-less
This routes the packets to WSP connection less protocol.
wsp-connection-oriented
This routes the packets to WSP connection oriented protocol.
content-id content_id
Specifies content ID used to give to the rule definition.
content_id must be an integer from 1 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on if-protocol.
Example
The following command creates an if-protocol rule definition for analyzing user traffic using http and a content ID of 23:
if-protocol http content-id 23
 
imap
The following commands define rules for analyzing traffic based on Internet Message Access Protocol (IMAP):
 
imap any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for IMAP message packets.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the any-match analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using an IMAP any match state of FALSE:
imap any-match = FALSE
 
imap cc
This command defines a rule definition to analyze and charge user traffic based on the recipient address in the Carbon Copy (cc) field of e-mail in the IMAP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap cc [ case-sensitive ]operatorcc_address
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
cc_address
Specifies the string for this rule definition.
cc_address must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the recipient address in the “cc” field of e-mail in the IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using recipient address triangular@xyz.com in the “cc” field of e-mail in the IMAP message:
imap cc contains triangular@xyz.com
 
imap command
This command defines a rule definition to analyze and charge user traffic based on the embedded IMAP commands in the IMAP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap commandoperator commands
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
commands
Specifies the command for this rule definition.
commands must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the embedded command in the IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using presence of close command in the IMAP message;
imap command = close
 
imap content class
This command defines a rule definition to analyze and charge user traffic based on the “content-class” field of e-mail in the IMAP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap content class [ case-sensitive ]operatorcontent_class
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
content_class
Specifies the string for this rule definition.
content_class must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the “content-class” field of e-mail in the IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using content class as javax.mail.internet.MimeMultipart in the “content-class” field of e-mail in the IMAP message:
imap content class contains javax.mail.internet.MimeMultipart
 
imap content type
This command defines a rule definition to analyze and charge user traffic based on the “content-type” field of e-mail in the IMAP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap content type [ case-sensitive ]operatorcontent_type
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
content_type
Specifies the string for this rule definition.
content_type must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the “content-type” field of e-mail in the IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using content type TEXT/plain; charset=iso-8859-1 in the ‘content-type’ field of e-mail in the IMAP message:
imap content type contains TEXT/plain; charset=iso-8859-1
 
imap date
This command defines a rule definition to analyze and charge user traffic based on the “date” field of e-mail in the IMAP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap date [ case-sensitive ]operatordate
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
date
Specifies the string for this rule definition.
date must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on the “date” field of e-mail in the IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using date Fri, 21 Nov 1997 11:00:00 -0600 in the “date” field of e-mail in the IMAP message:
imap date contains Fri, 21 Nov 1997 11:00:00 -0600
 
imap final-reply
This command defines a rule definition to analyze and charge user traffic based on the “final-reply” value of the last IMAP final-reply message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap final-replyoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the ‘final-reply’ condition value for the last IMAP final-reply message to match the information in the analyzed field.
condition must be one of the following:
bad: final reply is invalid or bad.
no: there is no final reply.
ok: final reply is valid.
Usage
Use this command to specify a rule definition to analyze user traffic based on using the final-reply value of the last IMAP final-reply message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using the final-reply condition value as bad for the last IMAP final-reply message:
imap final-reply = bad
 
imap from
This command defines a rule definition to analyze and charge user traffic based on the “from” field of e-mail in the IMAP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap from [ case-sensitive ]operatorfrom_string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
from_string
Specifies the string for this rule definition.
from_string must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on the “from” field of e-mail in the IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using occurrence of triangular in the “from” field of e-mail in the IMAP message;
imap from contains triangular
 
imap mail-size
This command defines a rule definition to analyze and charge user traffic based on the size of e-mail in retrieved by IMAP from server.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap mail-sizeoperatormail_size
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
mail_size
Specifies the total size of mail in bytes retrieved by IMAP from server for this rule definition.
mail_size must be an integer from 0 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the size of e-mail in the IMAP message of analyzed state. This rule uses size of the given mail retrieved by IMAP from server.
Example
The following command creates IMAP rule definition for analyzing user traffic using size of e-mail as less than or equal to 23400 bytes in the IMAP message:
imap mail-size <= 23400
 
imap mailbox-size
This command defines a rule definition to analyze and charge user traffic based on the number of e-mail messages in a mailbox of an IMAP e-mail user.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap mailbox-sizeoperatormail_qty
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
mail_qty
Specifies the total number of e-mail messages in a mailbox of the IMAP user for this rule definition.
mail_qty must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on the size of mailbox of an IMAP message user of analyzed state. This rule uses number of E-mails messages contained in a mailbox.
Example
The following command creates IMAP rule definition for analyzing user traffic using number of e-mail messages in a mailbox to less than or equal to 1024:
imap mailbox-size <= 1024
 
imap message-type
This command defines a rule definition to analyze and charge user traffic based on the type of message in IMAP packet header.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap message-typeoperator type
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the message-type condition/value for the IMAP e-mail message to match the information in the analyzed field.
condition must be one of the following:
command-continuation-reply: message with command-continuation-reply type.
final-reply: message is of final reply type.
request: there is of request type.
untagged-reply: message of reply type, but without any tag.
Usage
Use this command to specify a rule definition to analyze user traffic based on using the type of message in “message-type” filed of the last IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using the message type as request for the IMAP message:
imap message-type = request
 
imap previous-state
This command defines a rule definition to analyze and charge user traffic based on the previous state of IMAP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap previous-stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the previous state of the IMAP message to match the information in the analyzed field.
state must be one of the following:
init: message in initialization state.
request-sent: message in request-sent state.
Usage
Use this command to specify a rule definition to analyze user traffic based on using the previous state of the IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using the previous state as init of the IMAP message which was in initialization state:
imap previous-state = init
 
imap session-length
This command defines a rule definition to analyze and charge user traffic based on the IMAP session length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap session-lengthoperatorsession_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
session_length
Specifies the total length of IMAP session, in bytes, for this rule definition.
session_length must be an integer from 1 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the length of IMAP session of the analyzed state.
The session length is calculated by adding together the IP payloads (i.e., starting after the IP header) of all relevant IMAP session packets.
Example
The following command creates IMAP rule definition for analyzing user traffic using session length as less than or equal to 4000 bytes for the IMAP session:
imap session-length <= 4000
 
imap session-previous-state
This command defines a rule definition to analyze and charge user traffic based on the previous state of IMAP session.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap session-previous-stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the previous state of the IMAP session to match the information in the analyzed field.
state must be one of the following:
authenticated: session authenticated
connected: session connected
init: session initialized
mailbox-selected: mailbox selected
Usage
Use this command to specify a rule definition to analyze user traffic based on using the previous state of the IMAP session of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using the previous state as init of the IMAP session which was initialized:
imap session-previous-state = init
 
imap session-state
This command defines a rule definition to analyze and charge user traffic based on the current state of IMAP session.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap session-stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the current state of the IMAP session to match the information in the analyzed field.
state must be one of the following:
authenticated: session authenticating.
connected: session connecting.
logout: session logged out.
mailbox-selected: mailbox selecting.
Usage
Use this command to specify a rule definition to analyze user traffic based on using the current state of the IMAP session of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using the current state as connected of the IMAP session which is in connecting state:
imap session-state = connected
 
imap state
This command defines a rule definition to analyze and charge user traffic based on the current state of IMAP request message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the current state of the IMAP request message to match the information in the analyzed field.
state must be one of the following:
request-sent: request message sent
response-fail: request response failed
response-ok: request response is good
Usage
Use this command to specify a rule definition to analyze user traffic based on using the current state of the IMAP request message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using the current state as response-fail of the IMAP request message when request response is failed:
imap state = response-fail
 
imap subject
This command defines a rule definition to analyze and charge user traffic based on the ‘subject’ field of e-mail in the IMAP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap subject [ case-sensitive ]operatorsubject
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
subject
Specifies the string for this rule definition.
subject must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the “subject” field of e-mail in the IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using occurrence of My test in the “subject” field of e-mail in the IMAP message:
imap subject contains My test
 
imap to
This command defines a rule definition to analyze and charge user traffic based on the ‘to’ field of e-mail in the IMAP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] imap to [ case-sensitive ]operatorsubject
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
to
Specifies the string for this rule definition.
to must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the “to” field of e-mail in the IMAP message of analyzed state.
Example
The following command creates IMAP rule definition for analyzing user traffic using occurrence of xyz.com in the “to” field of e-mail in the IMAP message:
imap to contains xyz.com
 
ip
The following commands define rules for analyzing traffic based on Internet Protocol (IP):
 
ip any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for IP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip any-matchoperatorcondition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the IP analyzed state.
Example
The following command creates IP rule definition for analyzing user traffic using an IP any match state of FALSE:
ip any-match = FALSE
 
ip downlink
This command defines a rule definition to analyze and charge user traffic matching the direction of IP packet to downlink (to subscriber).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip downlinkoperatorcondition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the IP packet direction as downlink.
Example
The following command creates IP rule definition for analyzing user traffic using an IP packet direction to downlink (to subscriber):
ip downlink = TRUE
 
ip dst-address
This command defines a rule definition to analyze and charge user traffic based on IP destination address.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip dst-address { operator { ip_address|ip_address/mask } | { !range | range } host-pool host_pool }
no
Removes the specified rule definition.
operator { ip_address | ip_address/mask }
operator: Specifies how to logically match the IP destination address.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
ip_address: Specifies IP address of the destination node for outgoing traffic in IPv4 or IPv6 standard notation. ip_address must be an IPv4 address in dotted decimal notation, or an IPv6 address in colon notation.
ip_address/mask: Specifies IP address of the destination node for outgoing traffic in IPv4 or IPv6 standard notation with subnet mask bit. ip_address/mask must be an IPv4 address in dotted decimal notation, or an IPv6 address in colon notation with subnet mask bit. The mask bit is a numeric value which is the number of bits in the subnet mask.
{ !range | range } host-pool host_pool }
!range | range: Specifies the range criteria:
!range: Not in the range of
range: In the range of
host-pool host_pool: Specifies the host pool name. host_pool must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on IP destination address.
Example
The following command creates IP rule definition for analyzing user traffic using an IP destination address of 1.1.1.1:
ip dst-address = 1.1.1.1
 
ip error
This command defines a rule definition to analyze user traffic for invalid IP packets and other errors while parsing IP packets.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip error operator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to define a rule definition to analyze user traffic for invalid IP packets and any other errors while parsing IP packets.
Example
The following command creates an IP rule definition for analyzing user traffic using an IP error status of TRUE:
ip error = TRUE
 
ip protocol
This command defines a rule definition to analyze and charge user traffic based on the protocol being transported by IP packets.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip protocol operator{protocol_assignment|protocol }
no
Removes the specified rule definition.
operator
Specifies how to logically match the IP protocol.
operator must be one of the following:
!=: Does not equal
<=: Less than equals—available only in StarOS 8.1 and later
=: Equals
>=: greater than equals—available only in StarOS 8.1 and later
protocol_assignment
Specifies the protocol by assignment number.
protocol_assignment must be an integer from 0 through 255.
For example, 1 for ICMP, 6 for TCP, and 17 for UDP.
protocol
Specifies the protocol by name. protocol must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the IP protocol.
Example
The following command creates IP rule definition for analyzing user traffic using a protocol assignment of 1:
ip protocol = 1
 
ip server-ip-address
This command defines a rule definition to analyze and charge user traffic matching the IP address of the destination, i.e. from the subscriber, of the connection.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip server-ip-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
no
Removes the specified rule definition.
operator { ip_address | ip_address/mask }
operator: Specifies how to logically match the server IP address. operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
ip_address: Specifies the server IP address in IPv4 or IPv6 standard notation. For uplink packets (from subscriber) this field matches the destination IP address in the IP header, and for downlink packets (to the subscriber) it matches the source IP address in IP header. ip_address must be an IPv4 address in dotted decimal notation, or an IPv6 address in colon notation.
ip_address/mask: Specifies the server IP address in IPv4 or IPv6 standard notation with subnet mask bit. For uplink packets (from subscriber) this field matches the destination IP address in the IP header, and for downlink packets (to the subscriber) it matches the source IP address in IP header. ip_address/mask must be an IPv4 address in dotted decimal notation, or an IPv6 address in colon notation with subnet mask bit. The mask bit is a numeric value which is the number of bits in the subnet mask.
{ !range | range } host-pool host_pool
!range | range: Specifies the range criteria:
!range: Not in the range of
range: In the range of
host-pool host_pool: Specifies the host pool name. host_pool must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on the server IP address.
Example
The following command creates an IP rule definition for analyzing user traffic using an IP server address of 1.10.1.1:
ip server-ip-address = 1.10.1.1
 
ip src-address
This command defines a rule definition to analyze and charge user traffic based on IP source address.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip src-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
no
Removes the specified rule definition.
operator { ip_address | ip_address/mask }
operator: Specifies how to logically match the IP source address.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
ip_address: Specifies IP address of the source node for incoming traffic in IPv4 or IPv6 standard notation. ip_address must be an IPv4 address in dotted decimal notation, or an IPv6 address in colon notation.
ip_address/mask: Specifies IP address of the source node for incoming traffic in IPv4 or IPv6 standard notation with subnet mask bit. ip_address/mask must be an IPv4 address in dotted decimal notation, or an IPv6 address in colon notation with subnet mask bit. The mask bit is a numeric value which is the number of bits in the subnet mask.
{ !range | range } host-pool host_pool
!range | range: Specifies the range criteria:
!range: Not in the range of
range: In the range of
host-pool host_pool: Specifies the host pool name. host_pool must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on IP source address.
Example
The following command creates an IP rule definition for analyzing user traffic using an IP source address of 1.1.1.1:
ip src-address = 1.1.1.1
 
ip subscriber-ip-address
This command defines a rule definition to analyze and charge user traffic matching the IP address of the subscriber (either source address or destination address).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip subscriber-ip-address { operator { ip_address | ip_address/mask } | { !range | range } host-pool host_pool }
no
Removes the specified rule definition.
operator { ip_address | ip_address/mask }
operator: Specifies how to logically match the subscriber IP address.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
ip_address: Specifies the subscriber IP address. Depending on the direction of packet this IP address will be either the IP source address or the IP destination address. ip_address must be an IPv4 address in dotted decimal notation, or an IPv6 address in colon notation.
ip_address/mask: Specifies the subscriber IP address with subnet mask bit. Depending on the direction of packet this IP address will either be the IP source address or the IP destination address. ip_address/mask must be an IPv4 address in dotted decimal notation, or an IPv6 address in colon notation with subnet mask bit. The mask bit is a numeric value which is the number of bits in the subnet mask.
{ !range | range } host-pool host_pool
!range | range: Specifies the range criteria:
!range: Not in the range of
range: In the range of
host-pool host_pool: Specifies the host pool name. host_pool must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on the subscriber IP address.
Example
The following command creates an IP rule definition for analyzing user traffic using an IP address of 161.10.1.1 for subscriber:
ip subscriber-ip-address = 161.10.1.1
 
ip total-length
This command defines a rule definition to analyze and charge user traffic based on IP total length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip total-lengthoperator total_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
total_length
Specifies the total length of the IP packet including payload that is for this rule definition.
total_length must be an integer from 0 through 4096.
Usage
Use this command to specify a rule definition to analyze user traffic based on the IP total length.
Example
The following command creates an IP rule definition for analyzing user traffic using an IP total length of 2000 bytes:
ip total-length = 2000
 
ip uplink
This command defines a rule definition to analyze and charge user traffic matching the direction of IP packet to uplink (from subscriber).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip uplinkoperatorcondition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the IP packet direction as uplink.
Example
The following command creates IP rule definition for analyzing user traffic using an IP packet direction to uplink (from subscriber):
ip uplink = TRUE
 
ip version
This command defines a rule definition to analyze and charge user traffic based on the IP version.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] ip version operator ip_version
no
Removes the specified rule definition.
operator
Specifies how to logically match information in the analyzed field.
operator must be = (equals).
ip_version
Specifies the IP version. ip_version must be one of the following:
Usage
Use this command to define a rule definition to analyze and charge user traffic based on the IP version.
Example
The following command creates an IP rule definition to analyze user traffic for the IP version IPv6:
ip version = ipv6
 
mms
The following commands define rules for analyzing traffic based on Multimedia Messaging Service (MMS):
 
mms any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for MMS.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the mms any match status.
Example
The following command creates an MMS rule definition for analyzing user traffic using an MMS any match status of FALSE:
mms any-match = FALSE
 
mms bcc
This command defines a rule definition to analyze and charge user traffic based on MMS Blind Carbon Copy (BCC).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms bcc [ case-sensitive ] operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS BCC value.
Example
The following command creates an MMS rule definition for analyzing user traffic containing an MMS BCC value of test1:
mms bcc contains test1
 
mms cc
This command defines a rule definition to analyze and charge user traffic based on the Carbon Copy (cc) field of MMS message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms cc [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS cc value.
Example
The following command creates an MMS rule definition for analyzing user traffic containing an MMS CC value of test1:
mms cc contains test1
 
mms content location
This command defines a rule definition to analyze and charge user traffic based on MMS content location.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms content location [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length., and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS content location value.
Example
The following command creates an MMS rule definition for analyzing user traffic containing an MMS content location value of test1:
mms content location contains test1
 
mms content type
This command defines a rule definition to analyze and charge user traffic based on MMS content type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms content type [ case-sensitive ] operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS “content-type” field value.
Example
The following command creates an MMS rule definition for analyzing user traffic containing an MMS content type as image:
mms content type contains image
 
mms downlink
This command defines the rule definition to analyze and charge user traffic based on MMS message downlink condition.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms downlinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Indicates the downlink (from the Mobile Node direction) status.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS downlink status.
Example
The following command creates an MMS rule definition for analyzing user traffic with an MMS downlink value to TRUE:
mms downlink = TRUE
 
mms from
This command defines the rule definition to analyze and charge user traffic based on the from field in MMS message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms from [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on the “from” field of an MMS message.
Example
The following command creates an MMS rule definition for analyzing user traffic containing test1 in the “from” field of MMS message:
mms from contains test1
 
mms message-id
This command defines a rule definition to analyze and charge user traffic based on the “message-id” of an MMS message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms message-id [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS message ID value.
Example
The following command creates an MMS rule definition for analyzing user traffic containing an MMS message ID of test1:
mms message-id contains test1
 
mms pdu-type
This command defines a rule definition to analyze and charge user traffic based on the MMS Protocol Data Unit (PDU) type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms pdu-typeoperator pdu_type
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
pdu_type
Specifies the MMS PDU type used for this rule definition.
pdu_type must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on type of an MMS PDU.
Example
The following command creates an MMS rule definition for analyzing user traffic for mms-pdu-type-m-http-get of MMS PDU:
mms pdu-type = mms-pdu-type-m-http-get
 
mms previous-state
This command defines a rule definition to analyze and charge user traffic based on MMS previous state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms previous-stateoperator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
Analyzes the previous state of the MMS transmissions.
previous_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS previous state.
Example
The following command creates an MMS rule definition for analyzing user traffic using an MMS previous state of retrieval-pending:
mms previous-state = retrieval-pending
 
mms response status
This command defines a rule definition to analyze and charge user traffic based on MMS response status code.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms response statusoperator status_code
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
status_code
Specifies the code for this rule definition.
status_code must be an integer from 128 through 136.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS response status.
Example
The following command creates an FTP rule definition for analyzing user traffic using an MMS response status code of 129:
mms response status != 129
 
mms state
This command defines a rule definition to analyze and charge user traffic based on the current state of MMS message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms stateoperatormms_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
mms_state
Analyzes the state of the mms transmissions.
mms_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on current state of MMS message.
Example
The following command creates an MMS rule definition for analyzing user traffic using current state of MMS message as retrieval-failed:
mms state = retrieval-failed
 
mms status
This command defines a rule definition to analyze and charge user traffic based on MMS status.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms statusoperator status
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
status
Specifies the status for this rule definition.
status must be an integer from 128 through 132.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS status.
Example
The following command creates an MMS rule definition for analyzing user traffic using an MMS status of 130:
mms status = 130
 
mms subject
This command defines a rule definition to analyze and charge user traffic using “subject” field of MMS message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms subject [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on “subject” field of an MMS message.
Example
The following command creates an MMS rule definition for analyzing user traffic for occurrence of test1 in “subject” field of MMS message:
mms subject contains test1
 
mms tid
This command defines a rule definition to analyze and charge user traffic based on MMS Transaction Identifier (tid).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms tid [ case-sensitive ]operator tid_value
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
tid_value
The value of the specified field.
tid_value must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS TID.
Example
The following command creates a rule definition for analyzing user traffic using an MMS TID value of test:
mms tid = test
 
mms to
This command defines a rule definition to analyze and charge user traffic using “to” field of MMS message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms to[ case-sensitive ]operator to_value
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
to_value
The value of the specified field.
to_value must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS to rule definition.
Example
The following command creates a rule definition for analyzing user traffic using an MMS to value of test:
mms to = test
 
mms uplink
This command defines a rule definition to analyze and charge user traffic based on MMS uplink.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms uplinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Indicates the uplink (from the Mobile Node direction) status.
Usage
Use this command to specify a rule definition to analyze user traffic based on the MMS uplink.
Example
The following command creates a rule definition for analyzing user traffic using an MMS uplink value of TRUE:
mms uplink = TRUE
 
mms version
This command defines a rule definition to analyze and charge user traffic based on MMS version.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] mms versionoperatorversion
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
version
Specifies the version for this rule definition.
version must be an integer from 1 through 65535.
Important: MMS Protocol Analyzer supports decoding of MMS version 1.0 only.
Usage
Use this command to specify a rule definition to analyze user traffic based on the MMS version.
Example
The following command creates a rule definition for analyzing user traffic using an MMS version of 1.0:
mms version = 1.0
 
multi-line-or all-lines
Defines whether to apply the OR operator to all lines in a rule definition.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] multi-line-or all-lines
no
Removes the previous configuration.
Usage
If multi-line-or is enabled for a rule definition, the logical OR operator to all the rule-lines in the rule definition is applied to decide if the rule definition matches or not. If multi-line-or is not configured, the logical AND operator is applied.
 
p2p
The following commands define rules for analyzing traffic based on Peer-to-Peer protocols:
 
p2p any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for Peer to Peer (P2P).
Product
ECS
Privilege
Administrator, Config-administrator
Syntax
[ no ] p2p any-match operator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
TRUE: The rule matches any P2P traffic.
FALSE: The rule does not match any P2P traffic.
Usage
Use this command to specify a rule definition to analyze user traffic based on the P2P any match status.
Example
The following command creates a rule definition for analyzing user traffic using an P2P any match status of TRUE:
p2p any-match = TRUE
 
p2p protocol
This command configures the system to detect specific P2P protocols for charging purposes. This command is not used for detection purposes.
Product
ECS
Privilege
Administrator, Config-administrator
Syntax
[ no ] p2p protocol operator protocol
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be = (equals).
protocol
Specifies the protocol for charging purposes.
protocol must be one of the following:
Usage
Use this command to configure detection of protocols for charging purposes. For detection purposes use the p2p detection protocol in the Active Charging Service Configuration Mode.
Example
The following command configures the system to detect orb protocol for charging purposes:
p2p protocol = orb
 
p2p traffic-type
This command defines a rule definition to analyze and charge user traffic based on the type of traffic, such as voice or non-voice.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] p2p traffic-type operator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to configure the system to detect voice or non-voice P2P traffic. When the detection of a protocol is enabled then the detection of sub-type is enabled by default.
Example
The following command configures the system to detect voice traffic:
p2p traffic-type = voice
 
pop3
The following commands define rules for analyzing traffic based on Post Office Protocol 3 (POP3):
 
pop3 any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for POP3.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the POP3 any match status.
Example
The following command creates an POP3 rule definition for analyzing user traffic using a POP3 any match status of FALSE:
pop3 any-match = FALSE
 
pop3 command args
This command defines a rule definition to analyze and charge user traffic based on the POP3 command arguments.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 command args [ case-sensitive ]operator argument
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
argument
A unique value that you specify to use for the command argument.
argument must be an alpha and/or numeric string of 1 through 40 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 command argument.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a command argument of test:
pop3 command args = test
 
pop3 command id
This command defines a rule definition to analyze and charge user traffic based on the POP3 command ID.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 command idoperator command_id
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
command_id
A unique value that you specify to use for the command argument.
command_id must be an integer from 1 through 12.
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 command ID.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a command ID of 8:
pop3 command id = 8
 
pop3 command name
This command defines a rule definition to analyze and charge user traffic based on the POP3 command name.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 command nameoperator command_name
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
command_name
command_name must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 command name.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a command name of list:
pop3 command name = list
 
pop3 mail-size
This command defines a rule definition to analyze and charge user traffic based on the POP3 mail size.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 mail-size {operator mail_size | { { range | !range }range_fromtorange_to} }
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
{ range | !range } range_from to range_to
Enables or disables the range criteria.
range: Enables the range criteria.
!range: Disables the range criteria.
range_from: specifies the start of range, and must be an integer from 1 through 4000000000.
range_to: Specifies the end range. range_to must be an integer from 1 through 4000000000, and must be greater than range_from.
mail_size
Specifies the mail size for this rule definition.
mail_size must be an integer from 1 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on POP3 mail size.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a mail size of 40000:
pop3 mail-size = 40000
 
pop3 pdu-length
This command defines a rule definition to analyze and charge user traffic based on the POP3 Protocol Data Unit (PDU) length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 pdu-length {operator pdu_length | { { range | !range }range_fromtorange_to} }
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
{ range | !range } range_from to range_to
Enables or disables the range criteria.
range: Enables the range criteria.
!range: Disables the range criteria.
range_from: Specifies the start of range, and must be an integer from 0 through 65535.
range_to: Specifies the end range. range_to must be an integer from 0 through 65535, and must be greater than range_from.
pdu_length
Specifies the POP3 PDU length for this rule definition.
pdu_length must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 PDU length (header + payload) in bytes.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a PDU length of 1000 bytes:
pop3 pdu-length = 1000
 
pop3 pdu-type
This command defines a rule definition to analyze and charge user traffic based on the POP3 PDU type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 pdu-typeoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the packet type for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 PDU type.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a PDU type of relay-packet:
pop3 pdu-type = relay-packet
 
pop3 previous-state
This command defines a rule definition to analyze and charge user traffic based on the POP3 previous state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 previous-stateoperator previous-state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
Specifies the previous state for this rule definition.
previous_state must be one of the following:
connected: connected state
data transaction: data transaction state
init: initialized state
reply-error: reply error state
reply-ok: response ok state
waiting-for-reply: waiting for reply state
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 previous state.
Example
The following command creates a POP3 rule definition for analyzing user traffic using a POP3 previous state of connected:
pop3 previous-state = connected
 
pop3 reply args
This command defines a rule definition to analyze and charge user traffic based on the POP3 reply arguments.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 reply args [ case-sensitive ]operator argument
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
argument
A unique value that you specify to use for the reply argument.
argument must be an alpha and/or numeric string of 1 through 512 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 reply argument rule definition.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a reply argument of test:
pop3 reply args = test
 
pop3 reply id
This command defines a rule definition to analyze and charge user traffic based on the POP3 reply ID.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 reply idoperator reply_id
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
reply_id
Specifies the reply ID for this rule definition.
reply_id must be one of the following:
0: Unknown reply
1: +OK reply
2: -ERR reply
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 reply ID.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a reply ID of 2:
pop3 reply id = 2
 
pop3 reply status
This command defines a rule definition to analyze and charge user traffic based on the POP3 reply status.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 reply statusoperator reply_status
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
reply_status
Specifies the reply ID for this rule definition.
reply_status must be one of the following:
+OK: reply OK
-ERR: reply error
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 reply status.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a reply status of +OK:
pop3 reply status = +ok
 
pop3 session-length
This command defines a rule definition to analyze and charge user traffic based on the POP3 session-length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 session-length { operator session_length | { range | !range } range_from to range_to }
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
session_length
Specifies the session length used for this rule definition.
session_length must be an integer from 1 through 4000000000.
{ range | !range } range_from to range_to
Enables or disables the range criteria for PoP3 session length.
range: Enables the range criteria for Pop3 session length.
!range: Disables the range criteria for PoP3 session length.
range_from: Specifies the start of range of PoP3 session length, and must be an integer from 1 through 4000000000 but less than or equal to range_to.
range_to: Specifies the end of range of PoP3 session length, and must be an integer from 1 through 4000000000 but greater than or equal to range_from.
Usage
Use this command to specify a rule definition to analyze user traffic based on the POP3 session length.
Example
The following command creates a POP3 rule definition for analyzing user traffic using a POP3 session length of 40000:
pop3 session-length = 40000
 
pop3 state
This command defines a rule definition to analyze and charge user traffic based on the POP3 state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the POP3 state for this rule definition.
state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 state.
Example
The following command creates a POP3 rule definition for analyzing user traffic using a POP3 state of close:
pop3 state = close
 
pop3 user-name
This command defines a rule definition to analyze and charge user traffic based on the POP3 user name.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] pop3 user-name [ case-sensitive ]operator user_name
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
user_name
A unique value that you specify to use for the user name.
user_name must be an alpha and/or numeric string of 1 through 64 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a POP3 username rule definition.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a user name of test:
pop3 user-name = test
 
rtcp
The following commands define rules for analyzing traffic based on the Real-time Transport Control Protocol (RTCP):
 
rtcp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for RTCP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtcp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
TRUE: The rule matches any RTCP traffic
FALSE: The rule does not match any RTCP traffic
Usage
Use this command to specify a rule definition to analyze user traffic based on the RTCP any match status.
Example
The following command creates a rule definition for analyzing user traffic using an RTCP any match status of TRUE:
rtcp any-match = TRUE
 
rtcp jitter
This command defines a rule definition to analyze and charge user traffic based upon the amount of jitter in the RTCP protocol.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtcp jitteroperator value
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
value
This value represents the amount of jitter to test against.
value must be an integer from 0 through 4294967295.
Usage
Use this command to set a rule based on the jitter in the RTCP protocol..
Example
The following command test for jitter greater than or equal to 12954:
rtcp jitter >= 12954
 
rtcp parent-proto
This command defines a rule definition to analyze and charge user traffic based on the parent protocol of the RTCP flow.
Important: This command is only available in StarOS 8.1 and StarOS 9.0 and later.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtcp parent-proto operator parent_protocol
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
parent_protocol
Specifies the RTCP parent protocol for this rule definition.
parent_protocol must be one of the following:
rtsp: Real Time Streaming Protocol
sip: Session Initiation Protocol
Usage
Use this command to specify a rule definition to analyze and charge user traffic based on the parent protocol of the RTCP flow.
Example
The following command creates an RTCP rule definition to analyze user traffic based on the parent protocol of the RTCP flow being SIP:
rtcp parent-proto = sip
 
rtcp pdu-length
This command defines a rule definition to analyze and charge user traffic based upon the Real-time Transport Protocol (RTCP) Protocol Data Unit (PDU) length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtcp pdu-lengthoperator pdu_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
pdu_length
Specifies the RTCP length, in bytes, for this rule definition.
In StarOS 8.1 and later, pdu_length must be an integer from 1 through 65535. In StarOS 8.0, pdu_length must be an integer from 1 through 2000.
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTCP PDU length (header + payload) in bytes.
Example
The following command creates a rule definition for analyzing user traffic using an RTCP PDU length of 10000 bytes:
rtcp pdu-length = 10000
 
rtcp rtsp-id
This command defines a rule definition to definition to analyze and charge user traffic using a RTSP ID associated with Real-time Transport Control Protocol (RTCP).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtp rtsp-id [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 32 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS message ID value.
Example
The following command creates an RTCP rule definition for analyzing user traffic containing an RTSP message ID of test1:
rtcp rtsp-id contains test1
 
rtcp session-length
This command defines a rule definition to analyze and charge user traffic based on the Real-time Transport Protocol (RTCP) session length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtcp session-lengthoperator session_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
session_length
Specifies the RTCP total session length for this rule definition.
In StarOS 8.1 and later, session_length must be an integer from 1 through 4000000000. In StarOS 8.0, session_length must be an integer from 1 through 40000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the RTCP total session length.
Example
The following command creates an RTCP rule definition for analyzing user traffic using a total RTCP session length of 200000:
rtcp session-length = 200000
 
rtcp uri
This command defines a rule definition to definition to analyze and charge user traffic using uniform resource identifier (URI) associated withReal-time Transport Control Protocol (RTCP).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtcp uri [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTCP URI.
Example
The following command creates an RTP rule definition for analyzing user traffic using an RTCP URI string of rtsp://www.example.org:
rtcp uri = rtsp://www.example.org
 
rtp
The following commands define rules for analyzing traffic based on the Real-time Transport Protocol (RTP):
 
rtp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for RTP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the RTP any match status.
Example
The following command creates an MMS rule definition for analyzing user traffic using an RTP any match status of TRUE:
rtp any-match = TRUE
 
rtp parent-proto
This command defines a rule definition to analyze and charge user traffic based on the parent protocol of the RTP flow.
Important: This command is only available in StarOS 8.1 and StarOS 9.0 and later.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtp parent-proto operator parent_protocol
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
parent_protocol
Specifies the RTP parent protocol for this rule definition.
parent_protocol must be one of the following:
rtsp: Real Time Streaming Protocol
sip: Session Initiation Protocol
Usage
Use this command to specify a rule definition to analyze and charge user traffic based on the parent protocol of the RTP flow.
Example
The following command creates an RTP rule definition to analyze user traffic based on the parent protocol of the RTP flow being SIP:
rtp parent-proto = sip
 
rtp pdu-length
This command defines a rule definition to analyze and charge user traffic based on the RTP Protocol Data Unit (PDU) length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtp pdu-lengthoperator pdu_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
pdu_length
Specifies the RTP PDU length, in bytes, for this rule definition.
In StarOS 8.1 and later, pdu_length must be an integer from 1 through 65535. In StarOS 8.0, pdu_length must be an integer from 1 through 2000.
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTP PDU length (header + payload) in bytes.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an RTP PDU length of 1000 bytes:
rtp pdu-length = 1000
 
rtp rtsp-id
This command defines a rule definition to analyze and charge user traffic based on the RTSP ID associated with RTP flow.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtp rtsp-id [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition.
string must be an alpha and/or numeric string of 1 through 32 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on an MMS message ID value.
Example
The following command creates an RTP rule definition for analyzing user traffic containing an RTSP message ID of test1:
rtp rtsp-id contains test1
 
rtp session-length
This command defines a rule definition to analyze and charge user traffic based on RTP session length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtp session-lengthoperator session_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
session_length
Specifies the RTP total session length for this rule definition.
In StarOS 8.1 and later, session_length must be an integer from 1 through 4000000000. In StarOS 8.0, session_length must be an integer from 1 through 40000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the RTP total session length.
Example
The following command creates an RTP rule definition for analyzing user traffic using a total RTP session length of 200000:
rtp session-length = 200000
 
rtp uri
This command defines a rule definition to analyze and charge user traffic based on the uniform resource identifier (URI) associated with RTP flow.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtp uri [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
A unique name that you specify for the RTP URI.
string must be an alpha and/or numeric string of 1 through 127 characters in length. string allows punctuation characters and it does not include the “host” portion.
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTP URI.
Example
The following command creates an RTP rule definition for analyzing user traffic using an RTP URI string of rtsp://www.example.org:
rtp uri = rtsp://www.example.org
 
rtsp
The following commands define rule for analyzing traffic based on Real Time Streaming Protocol (RTSP):
 
rtsp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for RTSP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the RTSP any match status.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP any match status of FALSE:
rtsp any-match = FLASE
 
rtsp content length
This command defines a rule definition to analyze and charge user traffic based on RTSP content length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp content lengthoperator content_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
content_length
Specifies the RTSP body length, in bytes, for this rule definition.
content_length must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTSP content length.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP body length of 10000:
rtsp content length = 10000
 
rtsp content type
This command defines a rule definition to analyze and charge user traffic based on RTSP content type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp content type [ case-sensitive ]operator content_type
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
content_type
A unique name that you specify for the RTSP content type.
content_type must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTSP content type.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP content type of abc100:
rtsp content type = abc100
 
rtsp date
This command defines a rule definition to analyze and charge user traffic matching the ‘date’ field in the RTSP message type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp date [ case-sensitive ]operator date_string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
date_string
A unique name that you specify for the date in RTSP header.
content_type must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic matching date string in RTSP header.
Example
The following command creates an RTSP rule definition for analyzing user traffic using a match for date string of 12_04_2006 in RTSP message header:
rtsp date = 12_04_2006
 
rtsp previous-state
This command defines a rule definition to analyze and charge user traffic based on RTSP previous state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp previous-stateoperator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
Specifies the RTSP previous state for this rule definition.
previous_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTSP previous state.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP previous state of ready:
rtsp previous-state = ready
 
rtsp reply code
This command defines a rule definition to analyze and charge user traffic based on RTSP reply.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp reply codeoperator code
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
code
Specifies the RTSP response for this rule definition.
code must be an integer from 100 through 599.
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTSP return code.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP return code of 356:
rtsp reply code = 356
 
rtsp request method
This command defines a rule definition to analyze and charge user traffic based on RTSP method.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp request methodoperator method
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
method
Specifies the RTSP method for this rule definition.
method must be one of the following requests:
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTSP method.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP method of announce:
rtsp request method = announce
 
rtsp request packet
This command defines a rule definition to analyze and charge user traffic based on RTSP request packet.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp request packetoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
TRUE: is request
FALSE: is response
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTSP request packet.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP response packet:
rtsp request packet != FALSE
 
rtsp rtp-seq
This command defines a rule definition to analyze and charge user traffic based on sequence “seq” field in the RTP-Info header of the RTSP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp rtp-seqoperator time_stamp
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
string
A unique name that you specify to match with the ‘seq’ field in RTP-Info header of the RTSP message.
string must be an alpha and/or numeric string of 0 through 65535 characters in Normal Play Time (NPT) time format.
Usage
Use this command to specify a rule definition to analyze user traffic matching the sequence ’seq’ field in the RTP-Info header of the RTSP response for a PLAY request.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTP-seq of 2348:
rtsp rtp-seq = 2348
 
rtsp rtp-time
This command defines a rule definition to analyze and charge user traffic based on ‘time’ field in the RTP-Info header of the RTSP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp rtp-timeoperator time_stamp
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
string
A unique name that you specify to match with the ‘time’ field in RTP-Info header of the RTSP message.
string must be an alpha and/or numeric string of 1 through 2147483647 characters in Normal Play Time (NPT) time format.
Usage
Use this command to specify a rule definition to analyze user traffic matching the ‘time’ field in the RTP-Info header of the RTSP response for a PLAY request.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTP-Time-stamp of 19970123T153600Z:
rtsp rtp-time = 19970123T153600Z
 
rtsp rtp-uri
This command defines a rule definition to analyze and charge user traffic based on the uniform resource identifier (URI) field in the RTP-Info header of the RTSP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp rtp-uri [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
A unique name that you specify to match with the URI in RTP-Info header of the RTSP message.
string must be an alpha and/or numeric string of 1 through 127 characters in length. string allows punctuation characters and it does not include the “host” portion.
Usage
Use this command to specify a rule definition to analyze user traffic matching the “URI” field in the RTP-Info header of the RTSP response for a PLAY request.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTP-URI string of rtsp://www.foo.com in RTP-info header of RTSP packet:
rtsp rtp-uri = rtsp://www.foo.com
 
rtsp session-id
This command defines a rule definition to analyze and charge user traffic based on the RTSP session ID.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp session-id [ case-sensitive ]operator session_id
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
session_id
An unique session Id for the RTSP user.
session_id must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTSP session ID.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP session ID of 0123abc100:
rtsp session-id = 0123abc100
 
rtsp session-length
This command defines a rule definition to analyze and charge user traffic based on the RTSP session length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp session-lengthoperator session_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
session_length
Specifies the RTSP session length, in bytes, for this rule definition.
session_length must be an integer from 1 through 40000000.
Usage
Use this command to specify a rule definition to analyze, compare, or match the total length of RTSP session.
The session-length is calculated by adding together the IP payloads (i.e., starting after the IP header) of all relevant packets.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP session length of 3000 bytes:
rtsp session-length = 3000
 
rtsp state
This command defines a rule definition to analyze and charge user traffic based on RTSP state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the RTSP state for this rule definition.
state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on an RTSP state.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP in state of init:
rtsp state = init
 
rtsp uri
This command defines a rule definition to analyze and charge user traffic based on the uniform resource identifier (URI) in RTSP message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp uri [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
A unique name that you specify to match with the URI in RTSP header.
string must be an alpha and/or numeric string of 1 through 127 characters in length. string allows punctuation characters and it does not include the “host” portion.
Usage
Use this command to specify a rule definition to analyze user traffic based on a URI in RTSP header.
Example
The following command creates an RTSP rule definition for analyzing user traffic using an RTSP URI string of rtsp://www..example.com:554/twister/audiotrack:
rtsp uri = rtsp://www.example.com:554/twister/audiotrack
 
rtsp uri sub-part
This command defines a rule definition to analyze and charge user traffic by parsing sub-parts of the URI in an RTSP request message.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp uri sub-part { { absolute-path | host | query } [ case-sensitive ]operator string | port {port_operator port_value | { range | !range }range_fromtorange_to} }
no
Removes the specified rule definition.
absolute-path
Specifies the absolute path matching criteria to RTSP URI in an RTSP request message.
host
Specifies the host name matching criteria to RTSP URI in an RTSP request message.
query
Specifies the query string matching criteria to RTSP URI in an RTSP request message.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
A unique absolute path/host name or query string that you specify to match with the URI in RTSP header.
string must be an alpha and/or numeric string of 1 through 127 characters in length. string allows punctuation characters and it does not include the “host” portion.
port
Specifies the port related matching for RTSP URI in an RTSP request message.
port_operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
port_value
Specifies the RTSP port number used for matching with port rule in RTSP flow.
port_value must be an integer from 0 through 65535.
{ range | !range } range_from to range_to }
Enables or disables the range criteria for RTSP flow ports.
range: Enables the range criteria for RTSP flow ports.
!range: Disables the range criteria for RTSP flow ports.
range_from: Specifies the start of range of RTSP flow ports and value must be an integer from 0 through 65535 but less than or equal to range_to.
range_to: Specifies the end of range of RTSP flow ports and value must be an integer from 0 through 65535 but more than or equal to range_from.
Usage
Use this command to specify a rule definition to analyze user traffic based on a URI sub parts like host, absolute path, port, and query in RTSP request message.
Example
The following command creates an RTSP URI sub part rule definition to analyze user traffic using an RTSP URI port number between 1023 and 1068:
rtsp uri sub-part port range 1023 to 1068
 
rtsp user-agent
This command defines a rule definition to analyze and charge user traffic matching ‘user-agent’ field in RTSP header.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] rtsp user-agent [ case-sensitive ]operator user_agent
no
Removes the specified rule definition.
case-sensitive
Default: Disabled
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
user_agent
Specifies the user agent in RTSP header for this rule definition.
user_agent must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user agent field in RTSP header.
Example
The following command creates a rule definition for analyzing user traffic using content as test in “user-agent” field of RTSP header:
rtsp user-agent = test
 
rule-application
This command specifies the application rule for the rule definition.
Product
All
Privilege
Security Administrator, Administrator
Syntax
rule-application { charging | post-processing | routing }
no rule-application
no
Removes the previous rule application configuration.
routing
Default: Disabled
Specifies that this rule definition only be used for routing purposes.
Up to 256 rule definitions can be defined for routing in an Active Charging Service.
post-processing
Important: The post-processing keyword is only available in StarOS 8.3 and later.
Specifies that this rule definition only be used for post-processing purposes. This enables processing of packets even if the rule matching for them has been disabled.
charging
Default: Enabled
Specifies that this rule definition only be used for charging purposes.
Up to 2048 rule definitions can be defined for charging application in an Active Charging Service.
Usage
Use this command to assign a rule application to a rule definition.
If, when configuring a ruledef, the rule-application is not specified, by default the system configures the ruledef as a charging ruledef.
Example
The following command assigns a rule application of charging to the current rule definition:
rule-application charging
 
sdp
The following commands define rules for analyzing traffic based on Session Description Protocol (SDP):
 
sdp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for SDP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sdp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the SDP any match status.
Example
The following command defines an any match rule definition for analyzing SDP user traffic as TRUE:
sdp any-match = TRUE
 
sdp connection-ip-address
This command defines a rule definition to analyze and charge user traffic based on SDP connection IP address.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sdp connection-ip-addressoperator ip_address
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
ip_address
The connection IP address expressed in IPv4 dotted decimal notation.
Usage
Use this command to specify a rule definition to analyze user traffic based on the SDP connection-ip-address.
Example
The following command defines a rule definition for analyzing sdp user traffic using an SDP connection-ip-address of 1.1.1.1:
sdp connection-ip-address = 1.1.1.1
 
sdp media-audio-port
This command defines a rule definition to analyze and charge user traffic based on SDP media-audio-port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sdp media-audio-portoperatorport
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
port
Specifies the port number for this rule definition.
port must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on an SDP media-audio-port.
Example
The following command creates an SDP rule definition for analyzing user traffic using SDP media audio port 10:
sdp media-audio-port = 10
 
sdp media-video-port
This command defines a rule definition to analyze and charge user traffic based on SDP media-video-port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sdp media-video-portoperator port
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
port
Specifies the port number for this rule definition.
port must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on an SDP media-video-port.
Example
The following command creates an SDP rule definition for analyzing user traffic using SDP media video port 10:
sdp media-video-port = 10
 
sdp uplink
This command defines a rule definition to analyze and charge user traffic based on SDP uplink.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sdp uplinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
FALSE: is not uplink
TRUE: is uplink
Usage
Use this command to specify a rule definition to analyze user traffic based on whether the SDP traffic is uplink or not uplink.
Example
The following command defines a rule definition for analyzing SDP user traffic using an SDP uplink status is not equal to FALSE:
sdp uplink != FALSE
 
secure-http
The following commands define rules for analyzing traffic based on Secure-HTTP:
 
secure-http any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for Secure HTTP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] secure-http any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the HTTP any match status.
Example
The following command creates an HTTPS rule definition for analyzing user traffic using an HTTPS any match status of FALSE:
secure-http any-match = FALSE
 
secure-http uplink
This command defines a rule definition to analyze and charge user traffic based on Secure-HTTP uplink.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] secure-http uplinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
FALSE: is not uplink
TRUE: is uplink
Usage
Use this command to specify a rule definition to analyze user traffic based on whether the HTTPS traffic is uplink or not uplink.
Example
The following command defines a rule definition for analyzing HTTPS user traffic using an HTTPS uplink status is not equal to FALSE:
secure-http uplink != FALSE
 
sip
The following commands define rules for analyzing traffic based on Session Initiation Protocol (SIP):
 
sip any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for SIP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the SIP any match status.
Example
The following command defines an any match rule definition for analyzing SIP user traffic:
sip any-match = TRUE
 
sip call-id
This command defines a rule definition to analyze and charge user traffic based on the SIP call ID.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip call-id [ case-sensitive ]operator call-id
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
call-id
call-id must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a SIP call ID rule definition to analyze user traffic based on a SIP call ID.
Example
The following command creates a rule definition for analyzing user traffic using a SIP call ID of test:
sip call-id = test
 
sip content length
This command defines a rule definition to analyze and charge user traffic based on the SIP content length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip content lengthoperator content_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
content_length
Specifies the SIP content length for this rule definition.
content_length must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on a SIP content length.
Example
The following command creates a SIP rule definition for analyzing user traffic using a SIP content length of 10000:
sip content length = 10000
 
sip content type
This command defines a rule definition to analyze and charge user traffic based on the SIP content type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip content type [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies content type is used in this rule definition.
string must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on a SIP content type.
Example
The following command creates a SIP rule definition for analyzing user traffic using a SIP content type as download_string:
sip content type = download_string
 
sip from
This command defines a rule definition to analyze and charge user traffic based on the SIP from.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip from [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the string for this rule definition. string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a SIP from value.
Example
The following command creates a SIP rule definition for analyzing user traffic containing a SIP from value of test1:
sip from contains test1
 
sip previous-state
This command defines a rule definition to analyze and charge user traffic based on the SIP previous state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip previous-stateoperator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
!=: does not equal
=: equals
previous_state
Specifies the SIP previous state for this rule definition.
previous_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a SIP previous state.
Example
The following command creates a SIP rule definition for analyzing user traffic using a SIP previous state of request-sent:
sip previous-state = request-sent
 
sip reply code
This command defines a rule definition to analyze and charge user traffic based on the SIP reply code.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip reply codeoperator return_code
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
return_code
Specifies the SIP return code for this rule definition.
return_code must be an integer from 100 through 699.
Usage
Use this command to specify a rule definition to analyze user traffic based on a SIP reply code.
Example
The following command creates a SIP rule definition for analyzing user traffic using a SIP reply code of 150:
sip reply code = 150
 
sip request method
This command defines a rule definition to analyze and charge user traffic based on the SIP request method.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip request methodoperator method
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
method
Specifies the SIP method for this rule definition.
method must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on SIP method.
Example
The following command defines a rule definition for analyzing SIP user traffic using SIP request method bye:
sip request method = bye
 
sip request packet
This command defines a rule definition to analyze and charge user traffic based on the SIP request packet.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip request packetoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
condition
The type of SIP packet is-request.
condition must be one of the following:
FALSE: is a response
TRUE: is a request
Usage
Use this command to specify a rule definition to analyze user traffic based on the SIP request packet.
Example
The following command defines a rule definition for analyzing SIP user traffic using a SIP request packet is equals to request:
sip request packet = TRUE
 
sip state
This command defines a rule definition to analyze and charge user traffic based on the SIP state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the sip state for this rule definition.
state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a SIP state.
Example
The following command creates a SIP rule definition for analyzing user traffic using a SIP state of request-sent:
sip state = request-sent
 
sip to
This command defines a rule definition to analyze and charge user traffic based on the “to” field of SIP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip to [ case-sensitive ]operator sip_to_field
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
sip_to_field
Specifies the SIP to value for this rule definition.
sip_to_field must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a SIP to value.
Example
The following command creates a SIP rule definition for analyzing user traffic containing a SIP to value of test1:
sip to contains test1
 
sip uri
This command defines a rule definition to analyze and charge user traffic based on the SIP URI.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] sip uri [ sub-part { headers | host | parameters | port | userinfo } ] [ case-sensitive ]operator string
no
Removes the specified rule definition.
sub-part { headers | host | parameters | port | userinfo }
This is an optional keyword that defines what sub-part of a SIP URI to check.
headers: Apply the rule to SIP URI header field.
host: Apply the rule the SIP URI host field.
parameters: Apply the rule to the SIP URI parameters field.
port: Apply the rule to the SIP URI port field.
userinfo: Apply the rule to the SIP URI userinfo field.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
The string for sub-part keyword port must be an integer and requires different operators. Use the following operators with the port keyword:
string
A unique name that you specify for a SIP URI.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
The string for sub-part keyword port must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on a SIP URI.
Example
The following command creates a SIP rule definition for analyzing user traffic using a SIP URI string:
sip uri = sip:192.168.1.51:5060sip uri = sip:nnnnn@host:5060;user=phone
 
smtp
The following defines common syntax block options. These options appear in similar commands and are detailed here for easy reference.
 
smtp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for SMTP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify an any match rule definition on analyzing user traffic based on the SMTP analyzed status.
Example
The following command defines an any match rule definition for analyzing SMTP user traffic:
smtp any-match = TRUE
 
smtp command arguments
This command defines a rule definition to analyze and charge user traffic based on the SMTP command arguments.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp command arguments [ case-sensitive ]operator argument
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
argument
A unique value that you specify to use for the command argument.
argument must be an alpha and/or numeric string of 1 through 63 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an SMTP command argument.
Example
The following command defines a rule definition for analyzing SMTP user traffic using a command argument of test:
smtp command arguments = test
 
smtp command id
This command defines a rule definition to analyze and charge user traffic based on the SMTP command ID.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp command idoperator command_id
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
command_id
A unique value that you specify to use for the command argument.
command_id must be an integer from 0 through 10.
Usage
Use this command to specify a rule definition to analyze user traffic based on an SMTP command ID.
Example
The following command defines a rule definition for analyzing POP3 user traffic using a command ID of 8:
smtp command id = 8
 
smtp command name
This command defines a rule definition to analyze and charge user traffic based on the SMTP command name.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp command nameoperator command_name
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
command_name
command_name must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on an SMTP command name.
Example
The following command defines a rule definition for analyzing SMTP user traffic using a command name of data:
smtp command name = data
 
smtp mail-size
This command defines a rule definition to analyze and charge user traffic based on the SMTP mail size.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp mail-size {operator mail_size| { { range | !range }range_fromtorange_to} }
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
mail_size
Specifies the mail size, in bytes, for this rule definition.
mail_size must be an integer from 1 through 40000000.
{ range | !range } range_from to range_to
Enables or disables the range criteria.
range: Enables the range criteria.
!range: Disables the range criteria.
range_from: Specifies the start of range, and must be an integer from 1 through 40000000.
range_to: Specifies the end range. range_to must be an integer from 1 through 40000000, and must be greater than range_from.
Usage
Use this command to specify a rule definition to analyze user traffic based on SMTP mail size.
Example
The following command defines a rule definition for analyzing SMTP user traffic using a mail size of 40000:
smtp mail-size = 40000
 
smtp pdu-length
This command defines a rule definition to analyze and charge user traffic based on the SMTP protocol data unit (PDU) length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp pdu-length {operator pdu_length | { { range | !range } range_fromtorange_to } }
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
pdu_length
Specifies the SMTP PDU length, in bytes, for this rule definition.
pdu_length must be an integer from 1 through 65535.
{ range | !range } range_from to range_to
Enables or disables the range criteria.
range: Enables the range criteria.
!range: Disables the range criteria.
range_from: Specifies the start of range, and must be an integer from 1 through 65535.
range_to: Specifies the end range. range_to must be an integer from 1 through 65535, and must be greater than range_from.
Usage
Use this command to specify a rule definition to analyze user traffic based on an SMTP packet length.
Example
The following command defines a rule definition for analyzing SMTP user traffic using a PDU length of 1600 bytes:
smtp pdu-length = 1600
 
smtp previous-state
This command defines a rule definition to analyze and charge user traffic based on the SMTP previous state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp previous-stateoperator pre_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
pre_state
Specifies the previous state for this rule definition.
pre_state must be one of the following:
close: closed state
init: initialized state
response-error: reply error state
response-ok: response ok state
waiting-for-response: waiting for response state
Usage
Use this command to specify a rule definition to analyze user traffic based on an SMTP previous state.
Example
The following command creates an SMTP rule definition for analyzing user traffic using an SMTP previous state of closed:
smtp previous-state = closed
 
smtp recipient
This command defines a rule definition to analyze and charge user traffic based on the SMTP recipient.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp recipient [ case-sensitive ]operator argument
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
argument
A unique value that you specify to use for the response argument.
argument must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a recipient rule definition.
Example
The following command defines a rule definition for analyzing SMTP user traffic using a recipient of test:
smtp recipient = test
 
smtp reply arguments
This command defines a rule definition to analyze and charge user traffic based on the SMTP reply argument.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp reply arguments[ case-sensitive ]operator argument
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
argument
Specifies the string for this rule definition.
argument must be an alpha and/or numeric string of 1 through 63 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on an SMTP reply argument.
Example
The following command creates an SMTP reply argument rule definition for analyzing user traffic using a reply argument of test:
smtp reply arguments = test
 
smtp reply id
This command defines a rule definition to analyze and charge user traffic based on the SMTP reply ID.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp reply id operator reply_id
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
reply_id
Specifies the reply ID for this rule definition.
reply_id must be one of the following:
0: +NO reply
1: +OK reply
2: -ERR reply
Usage
Use this command to specify a rule definition to analyze user traffic based on an SMTP reply ID.
Example
The following command defines a rule definition for analyzing SMTP user traffic using a reply ID of 2:
smtp reply id = 2
 
smtp reply status
This command defines a rule definition to analyze and charge user traffic based on the SMTP reply status.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp reply statusoperator reply_status
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
reply_status
Specifies the response ID for this rule definition.
reply_status must be one of the following:
+OK: response OK
-ERR: response error
Usage
Use this command to specify a rule definition to analyze user traffic based on an SMTP reply status.
Example
The following command defines a rule definition for analyzing SMTP user traffic using a reply status of +OK:
smtp reply status = +OK
 
smtp sender
This command defines a rule definition to analyze and charge user traffic based on the SMTP sender.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp sender[ case-sensitive ]operator sender
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
sender
Specifies the session length used for this rule definition.
sender must be an alpha/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on the SMTP session length.
Example
The following command creates an SMTP rule definition for analyzing user traffic using an SMTP sender of test:
smtp sender = test
 
smtp session-length
This command defines a rule definition to analyze and charge user traffic based on the SMTP session-length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp session-length {operator sess_length| { range | !range }range_fromtorange_to}
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
sess_length
Specifies the session length for this rule definition.
sess_length must be an integer from 1 through 40000000.
{ range | !range } range_from to range_to
Enables or disables the range criteria.
range: Enables the range criteria.
!range: Disables the range criteria.
range_from: Specifies the start of range, and must be an integer from 1 through 40000000.
range_to: Specifies the end range. range_to must be an integer from 1 through 40000000, and must be greater than range_from.
Usage
Use this command to specify a rule definition to analyze user traffic based on the SMTP session length.
Example
The following command creates an SMTP rule definition for analyzing user traffic using an SMTP session length of 4000000:
smtp session-length = 4000000
 
smtp state
This command defines a rule definition to analyze and charge user traffic using SMTP state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] smtp stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the SMTP state for this rule definition.
state must be one of the following:
close: closed state
init: initialized state
response-error: response of error state
response-ok: response of ok state
waiting-for-response: waiting for response state
Usage
Use this command to specify a rule definition to analyze user traffic based on SMTP state.
Example
The following command creates an SMTP rule definition for analyzing user traffic using an SMTP state of close:
smtp state = close
 
tcp
The following commands define rules for analyzing traffic based on Transmission Control Protocol (TCP):
 
tcp analyzed out-of-order
This command specifies counting/charging of all TCP out-of-order packets that are received and buffered at ACSMgr/SessMgr due to non receipt of earlier packet(s) in sequence.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp analyzed out-of-orderoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
FALSE: not analyzed
TRUE: analyzed
Usage
This command is used to set the status flag to ‘analyzed’ or ‘not analyzed’ for all TCP packets received at the ACSMgr/SessMgr prior to their earlier packets.
When a packet reaches ACSMgr/SessMgr prior to earlier packet(s), particular packet with subsequent packets are buffered at ACSMgr/SessMgr as TCP out-of-order packets and ACSMgr/SessMgr waits for missing packet(s) till time-out duration expires. If the packet(s) with the missing sequence number(s) arrives with in time-out duration, all buffered packets with correct sequence will be presented to upper layers (HTTP etc.) for analysis; otherwise buffered TCP out-of-order packets will be sent to charging with analysis done flag at TCP/IP layer only.
If this command is enabled the TCP out-of-order packets marked and sent to TCP analyzer as analyzed for charging action otherwise discarded.
Example
The following command sets to analyze TCP out-of-order packets:
tcp analyzed out-of-order = TRUE
 
tcp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for TCP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
FALSE: not analyzed
TRUE: analyzed
Usage
Use this command to specify a rule definition to analyze user traffic based on the tcp any match status.
Example
The following command defines an any match rule definition for analyzing TCP user traffic:
tcp any-match = TRUE
 
tcp connection-initiator
This command defines a rule definition to analyze and charge user traffic based on the TCP connection initiator.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp connection-initiatoroperatorsubscriber
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
subscriber
Specifies that the connection is being initiated by the subscriber.
Usage
Use this command to specify a rule definition to analyze user traffic based on the TCP connection initiator and to allow the operator to differentiate between connection initiated by subscriber or the subscriber is acting as a TCS ( Transaction Control Server) server.
Example
The following command creates TCP rule definition for analyzing user traffic using an TCP connection initiator as subscriber:
tcp connection-initiator = subscriber
 
tcp downlink
This command defines a rule definition to analyze and charge user traffic matching the direction of TCP packets to downlink (to subscriber).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp downlinkoperatorcondition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the TCP packet direction as downlink.
Example
The following command creates TCP rule definition for analyzing user traffic using an TCP packet direction to downlink (to subscriber):
tcp downlink = TRUE
 
tcp dst-port
This command defines a rule definition to analyze and charge user traffic based on destination TCP port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp dst-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
no
Removes the specified rule definition.
operator
Specifies how to logically match the port number.
operator must be one of the following:
!=: Does not equal
<=: Less than or equals
=: Equals
>=: Greater than or equals
port_number
Specifies the port number to match.
port_number must be an integer from 1 through 65535.
range | !range
Specifies the range criteria:
!range: Not in the range
range: In the range
start_range to end_range
Specifies the starting and ending port numbers for the range of destination TCP ports.
start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range.
port-map port_map
Specifies the port map for the port range.
port_map must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on destination TCP port.
Example
The following command creates a TCP rule definition for analyzing user traffic matching destination port for TCP as 10:
tcp dst-port = 10
 
tcp duplicate
This command defines a rule definition to analyze and charge user traffic using duplicate TCP packet.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp duplicateoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
FALSE: not duplicated/retransmitted
TRUE: duplicated/retransmitted
Usage
Use this command to specify a duplicate rule definition for analyzing user traffic.
Example
The following command defines a duplicate rule definition with a value of TRUE:
tcp duplicate = TRUE
 
tcp either-port
This command defines a rule definition to analyze and charge user traffic using either (destination or source) TCP port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp either-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
no
Removes the specified rule definition.
operator
Specifies how to logically match the port number.
operator must be one of the following:
!=: Does not equal
<=: Less than or equals
=: Equals
>=: Greater than or equals
port_number
Specifies the port number to match.
port_number must be an integer from 1 through 65535.
range | !range
Specifies the range criteria:
!range: Not in the range
range: In the range
start_range to end_range
Specifies the starting and ending port numbers for the port range.
start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range.
port-map port_map
Specifies the port-map for the port range.
port_map must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on either TCP port.
Example
The following command creates a TCP rule definition for analyzing user traffic matching destination or source port for TCP as 10:
tcp either-port = 10
 
tcp error
This command defines a rule definition to identify any erroneous TCP packets.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp erroroperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to identify any erroneous TCP packets.
Example
The following command creates a TCP rule definition for identifying an erroneous TCP packet:
tcp error = TRUE
 
tcp flag
This command defines a rule definition to analyze and charge user traffic based on the TCP flag.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp flagoperator value
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!contains: does not contain
contains: contains
!=: does not equal
=: equals
value
The value of the specified field.
value must be one of the following:
ack: TCP FLAG ACK
fin: TCP FLAG FIN
push: TCP FLAG PUSH
reset: TCP FLAG RESET
syn: TCP FLAG SYN
Usage
Use this command to specify a flag rule definition for analyzing user traffic.
Example
The following command defines a flag rule definition with a value of reset:
tcp flag = reset
 
tcp initial-handshake-lost
This command defines a rule definition to identify a TCP flow where the initial handshake was not seen.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp initial-handshake-lostoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to identify a TCP flow where the initial handshake was not seen.
Example
The following command creates a TCP rule definition for identifying a TCP flow where the initial handshake was not seen:
tcp initial-handshake-lost = TRUE
 
tcp payload
This command defines a rule definition to analyze and charge user traffic based on Hex/ASCII string content in payload protocol-signature field of TCP payload.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp payload starts-with { hex-signature hex_string | string-signature string }
no
Removes the specified rule definition.
hex-signature hex_string
Specifies hexadecimal protocol signature in payload field.
hex_string must be a dash-delimited list of hex data of size smaller than 32.
string-signature string
Specifies protocol signature in payload field.
string must be a string of 1 through 32 characters in length.
Usage
Use this command to define a rule definition to analyze user traffic based on a match for Hex/ASCII string content in payload protocol-signature field.
Example
The following command creates a TCP rule definition to identify user traffic using TCP protocol signature as tcp1:
tcp payload starts-with string-signature tcp1
 
tcp payload-length
This command defines a rule definition to analyze and charge user traffic based on the TCP payload length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp payload-lengthoperator payload_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
payload_length
Specifies the tcp payload length for this rule definition.
payload_length must be an integer from 0 through 40000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on a TCP payload length.
Example
The following command creates a TCP rule definition for analyzing user traffic using a TCP payload length of 10000:
tcp payload-length = 10000
 
tcp previous-state
This command defines a rule definition to analyze and charge user traffic using previous state of TCP packet.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp previous-stateoperator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
Specifies the TCP previous state for this rule definition.
previous_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a TCP previous state.
Example
The following command creates a TCP rule definition for analyzing user traffic using a TCP previous state of time-wait:
tcp previous-state = time-wait
 
tcp session-length
This command defines a rule definition to analyze and charge user traffic using TCP session length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
sess_length
Specifies the TCP session length, in bytes, for this rule definition.
sess_length must be an integer from 0 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on the TCP session length.
Example
The following command creates a TCP rule definition for analyzing user traffic using a TCP session length of 2000 bytes:
tcp session-length = 2000
 
tcp src-port
This command defines a rule definition to analyze and charge user traffic based on source TCP port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp src-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
no
Removes the specified rule definition.
operator
Specifies how to logically match the port number.
operator must be one of the following:
!=: does not equal
<=: Less than or equals
=: equals
>=: greater than or equals
port_number
Specifies the port number to match.
port_number must be an integer from 1 through 65535.
range | !range
Specifies the range criteria:
!range: Not in the range
range: In the range
start_range to end_range
Specifies the starting and ending port numbers for the port range.
start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range.
port-map port_map
Specifies the port map for the port range.
port_map must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on source TCP port.
Example
The following command creates a TCP rule definition for analyzing user traffic matching source port for TCP as 10:
tcp src-port = 10
 
tcp state
This command defines a rule definition to analyze and charge user traffic using current state of TCP packet.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the TCP state for this rule definition.
state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a TCP state.
Example
The following command creates a TCP rule definition for analyzing user traffic using a TCP state of close:
tcp state = close
 
tcp uplink
This command defines a rule definition to analyze and charge user traffic matching the direction of TCP packets to uplink (from subscriber).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] tcp uplinkoperatorcondition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the TCP packet direction as uplink.
Example
The following command creates TCP rule definition for analyzing user traffic using an TCP packet direction to uplink (from subscriber):
tcp uplink = TRUE
 
udp
The following commands define rules for analyzing traffic based on User Datagram Protocol (UDP):
 
udp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for UDP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] udp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the UDP analyzed status.
Example
The following command defines an any match rule definition for analyzing UDP user traffic:
udp any-match = TRUE
 
udp downlink
This command defines a rule definition to analyze and charge user traffic based on the UDP downlink.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] udp downlinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a UDP downlink condition.
Example
The following command creates a UDP rule definition for analyzing user traffic using UDP downlink condition TRUE:
udp downlink = TRUE
 
udp dst-port
This command defines a rule definition to analyze and charge user traffic based on destination UDP port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] udp dst-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
no
Removes the specified rule definition.
operator
Specifies how to logically match the port number.
operator must be one of the following:
!=: Does not equal
<=: Less than or equals
=: Equals
>=: Greater than or equals
port_number
Specifies the port number to match.
port_number must be an integer from 1 through 65535.
!range | range
Specifies the range criteria.
!range: Not in the range
range: In the range
start_range to end_range
Specifies the starting and ending port numbers for the port range.
start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range.
port-map port_map
Specifies the port map for the port range.
port_map must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on destination UDP port.
Example
The following command creates a UDP rule definition for analyzing user traffic matching destination port for UDP as 10:
udp dst-port = 10
 
udp either-port
This command defines a rule definition to analyze and charge user traffic using either (destination or source) UDP port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] udp either-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
no
Removes the specified rule definition.
operator
Specifies how to logically match the port number.
operator must be one of the following:
!=: Does not equal
<=: Less than or equals
=: Equals
>=: Greater than or equals
port_number
Specifies the port number to match.
port_number must be an integer from 1 through 65535.
!range | range
Specifies the range criteria.
!range: Not in the range
range: In the range
start_range to end_range
Specifies the starting and ending port numbers for the port range.
start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range.
port-map port_map
Specifies the port map for the port range.
port_map must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on either UDP port.
Example
The following command creates a UDP rule definition for analyzing user traffic matching destination or source port for UDP as 10:
udp either-port = 10
 
udp payload
This command defines rule to analyze and charge user traffic based on the match for Hex/ASCII string content in payload protocol-signature field in UDP payload.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] udp payload starts-with { hex-signaturehex_string | string-signature string }
no
Removes the specified rule definition.
hex-signature hex_string
Specifies hexadecimal protocol signature in payload field.
hex_string must be a dash-delimited list of hex data of size smaller than 32.
string-signature string
Specifies protocol signature in payload field.
string must be a string of 1 through 32 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on a match for Hex/ASCII string content in payload protocol-signature field.
Example
The following command creates a UDP rule definition for analyzing user traffic using a UDP protocol signature as udp1:
udp payload starts-with string-signature udp1
 
udp src-port
This command defines a rule definition to analyze and charge user traffic based on source UDP port.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] udp src-port { operator port_number | { !range | range } { start_range to end_range | port-map port_map } }
no
Removes the specified rule definition.
operator
Specifies how to logically match the port number.
operator must be one of the following:
!=: Does not equal
<=: Less than or equals
=: Equals
>=: Greater than or equals
port_number
Specifies the port number to match.
port_number must be an integer from 1 through 65535.
!range | range
Specifies the range criteria.
!range: Not in the range
range: In the range
start_range to end_range
Specifies the starting and ending port numbers for the port range.
start_range must be an integer from 1 through 65535.
end_range must be an integer from 1 through 65535, and must be greater than start_range.
port-map port_map
Specifies the port map for the port range.
port_map must be a string of 1 through 63 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on source UDP port.
Example
The following command creates a UDP rule definition for analyzing user traffic matching source port for UDP as 10:
udp src-port = 10
 
udp uplink
This command defines a rule definition to analyze and charge user traffic based on the UDP uplink.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] udp uplinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a UDP uplink condition.
Example
The following command creates a UDP rule definition for analyzing user traffic using UDP uplink condition TRUE:
udp uplink = TRUE
 
wsp
The following commands define rules for analyzing traffic based on Wireless Session Protocol (WSP):
 
wsp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for WSP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify an any match WSP rule definition on analyzing user traffic.
Example
The following command defines an any match rule definition for analyzing WSP user traffic:
wsp any-match = TRUE
 
wsp content type
This command defines a rule definition to analyze and charge user traffic based on the WSP content type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp content type [ case-sensitive ]operator content_type
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
content_type
content_type must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WSP content type.
Example
The following command creates a SIP rule definition for analyzing user traffic using a WSP content of test:
wsp content type = test
 
wsp downlink
This command defines a rule definition to analyze and charge user traffic using WSP downlink.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp downlinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Indicates the downlink (from the Mobile Node direction) status.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WSP downlink condition.
Example
The following command defines a rule definition for analyzing WSP user traffic based on the WSP downlink condition of TRUE:
wsp downlink = TRUE
 
wsp first-request-packet
This command defines a rule definition to analyze and charge user traffic based on the WSP first-request-packet.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp first-request-packetoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the WSP first request packet.
Example
The following command creates an WSP rule definition for analyzing user traffic testing for the first-request-packet equals TRUE:
wsp first-request-packet = TRUE
 
wsp host
This command defines a rule definition to analyze and charge user traffic using WSP host.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp host [ case-sensitive ]operator host_name
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
host_name
A unique name that you specify for the WSP host.
host_name must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WSP host name.
Example
The following command creates a WSP rule definition for analyzing user traffic containing a WSP host of host1:
wsp host contains host1
 
wsp pdu-length
This command defines a rule definition to analyze and charge user traffic based on the WSP Protocol Data Unit (PDU) length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
pdu_length
Specifies the WSP PDU length, in bytes, for this rule definition.
pdu_length must be an integer from 1 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WSP PDU length (header + payload) in bytes.
Example
The following command creates a WSP rule definition for analyzing user traffic using an WSP PDU length of 10000 bytes:
wsp pdu-length = 10000
 
wsp pdu-type
This command defines a rule definition to analyze and charge user traffic using WSP Protocol Data Unit (PDU) type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp pdu-typeoperator pdu_type
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
pdu_type
Specifies the WSP PDU type used for this rule definition.
pdu_type must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WSP PDU type value.
Example
The following command creates a WSP rule definition for analyzing user traffic containing a WSP PDU type resume:
wsp pdu-type resume
 
wsp previous-state
This command defines a rule definition to analyze and charge user traffic using WSP previous state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp previous-stateoperator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
Specifies the previous state for this rule definition.
previous_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WSP previous state.
Example
The following command creates a WSP rule definition for analyzing user traffic using a WSP previous state of response-ok:
wsp previous-state = response-ok
 
wsp reply code
This command defines a rule definition to analyze and charge user traffic based on the WSP reply code.
Product
All
Privilege
Security Administrator, Administrator
Syntax
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
return_code
Specifies the WSP return code for this rule definition.
return_code must be an integer from 0 through 101.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WSP reply code.
Example
The following command creates a WSP rule definition for analyzing user traffic using a WSP reply code of 50:
wsp reply code = 50
 
wsp session-length
This command defines a rule definition to analyze and charge user traffic using WSP session length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than equals
=: equals
>=: greater than equals
sess_length
Specifies the WSP session length, in bytes, for this rule definition.
sess_length must be an integer from 1 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on the WSP session length.
Example
The following command creates a WSP rule definition for analyzing user traffic using a WSP session length of 2000 bytes:
wsp session-length = 2000
 
wsp session-management
This command defines a rule definition to analyze and charge user traffic based on WSP session management information.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp session-management { previous-state | state }operator state
no
Removes the specified rule definition.
previous-state
Specifies WSP previous state information.
state
Specifies WSP current state information.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the WSP state.
For previous-state, state must be one of the following:
For state, state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on WSP session management information.
Example
The following command creates a WSP rule definition for analyzing user traffic based on WSP session-management current state of connecting:
wsp session-management state = connecting
 
wsp state
This command defines a rule definition to analyze and charge user traffic using WSP state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the WSP state for this rule definition.
state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WSP state.
Example
The following command creates a WSP rule definition for analyzing user traffic using a WSP state of connecting:
wsp state = connecting
 
wsp tid
This command defines a rule definition to analyze and charge user traffic using WSP Transaction Identifier (TID).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp tidoperator tid_value
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
tid_value
Specifies the transaction identifier for this rule definition.
tid_value must be an integer from 0 through 255.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WSP tid.
Example
The following command creates a rule definition for analyzing user traffic using a WSP TID value of 22:
wsp tid = 22
 
wsp total-length
This command defines a rule definition to analyze and charge user traffic using WSP total packet length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp total-lengthoperator total_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than equals
=: equals
>=: greater than equals
total_length
Specifies the total length of the WSP packet including payload for this rule definition.
total_length must be an integer from 1 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on the WSP total length.
Example
The following command creates a WSP rule definition for analyzing user traffic using an WSP total length of 2000 bytes:
wsp total-length = 2000
 
wsp transfer-encoding
This command defines a rule definition to analyze and charge user traffic using WSP transfer-encoding.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp transfer-encoding [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
string must be of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on WSP transfer-encoding.
Example
The following command creates a WSP rule definition for analyzing user traffic containing a WSP transfer encoding that contains the number 7:
wsp transfer-encoding contains 7
 
wsp uplink
This command defines a rule definition to analyze and charge user traffic using WSP uplink.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp uplink operator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Indicates the uplink (to the Mobile Node direction) status.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the WSP uplink status.
Example
The following command creates a rule definition for analyzing user traffic using a WSP uplink value of TRUE:
wsp uplink = TRUE
 
wsp url
This command defines a rule definition to analyze and charge user traffic using WSP URL.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp url [ case-sensitive ]operator url
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
url
url must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on the WSP URL.
Example
The following command creates a rule definition for analyzing user traffic using a WSP URL of wsp://wiki.tcl.tk:
wsp url = wsp://wiki.tcl.tk
 
wsp user-agent
This command defines a rule definition to analyze and charge user traffic using WSP user agent.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp user-agent [ case sensitive ]operator user_agent
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
user_agent
Specifies the WSP user agent for this rule definition.
user_agent must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on the WSP user agent.
Example
The following command creates a rule definition for analyzing user traffic containing a WSP user agent of test:
wsp user-agent contains test
 
wsp x-header
This command defines a rule definition to analyze and charge user traffic based on WSP extension-headers (x-headers).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wsp x-header name [ case-sensitive ] operator string
no
Removes the specified rule definition.
name
A unique value that you specify to use for the x-header.
name must be an alpha and/or numeric string of 1 through 31 characters in length.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
Specifies the value of the extension header.
string must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this CLI to configure any x-header field in WSP and parse it. The extension-header mechanism allows additional header fields to be defined without changing the protocol. The extension-header can be any header fields that are not specified in RFC/standard.
Example
The following command creates a rule definition for analyzing user traffic containing WSP extension-header of test_field and value of test_string:
wsp x-header test_field = test_string
 
wtp
The following commands define rules for analyzing traffic based on Wireless Transaction Protocol (WTP):
 
wtp any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for WTP.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the WTP any match status.
Example
The following command defines an any match rule definition for analyzing WTP user traffic:
wtp any-match = TRUE
 
wtp downlink
This command defines a rule definition to analyze and charge user traffic using WTP downlink.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp downlinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Indicates the downlink (from the Mobile Node direction) status.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WTP downlink condition.
Example
The following command defines a rule definition for analyzing WTP user traffic based on the WTP downlink condition of TRUE:
wtp downlink = TRUE
 
wtp gtr
This command defines a rule definition to analyze and charge user traffic based on the WTP Group Transmission Flag (GTR).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp gtroperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WTP GTR condition.
Example
The following command defines a rule definition for analyzing WTP user traffic based on the WTP GTR condition of TRUE:
wtp gtr = TRUE
 
wtp pdu-length
This command defines a rule definition to analyze and charge user traffic using WTP Protocol Data Unit (PDU) length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp pdu-typeoperator pdu_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
pdu_length
Specifies the WTP PDU length, in bytes, for this rule definition.
pdu_length must be an integer from 1 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on WTP PDU length (header + payload) in bytes.
Example
The following command creates a WTP rule definition for analyzing user traffic using an WTP PDU length of 9647 bytes:
ftp pdu-length = 9647
 
wtp pdu-type
This command defines a rule definition to analyze and charge user traffic based on the WTP Protocol data Unit (PDU) type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp pdu-typeoperator pdu_type
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
pdu_type
Specifies the WTP PDU type used for this rule definition.
pdu_type must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WTP PDU type value.
Example
The following command creates a WTP rule definition for analyzing user traffic containing a WTP PDU type result:
wtp pdu-type result
 
wtp previous-state
This command defines a rule definition to analyze and charge user traffic using WTP previous state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp previous-stateoperator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
Specifies the WTP previous state for this rule definition. previous_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WTP previous state.
Example
The following command creates a WTP rule definition for analyzing user traffic using a WTP previous state of ack_sent:
wtp previous-state = ack-sent
 
wtp rid
This command defines a rule definition to analyze and charge user traffic based on the WTP Re-transmission Indicator (RID) flag.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp ridoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WTP RID.
Example
The following command creates a rule definition for analyzing user traffic containing a WTP RID condition of TRUE:
wtp rid = TRUE
 
wtp state
This command defines a rule definition to analyze and charge user traffic using WTP state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the WTP state for this rule definition.
state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WTP state.
Example
The following command creates a WTP rule definition for analyzing user traffic using a WTP state of close:
wtp state = close
 
wtp tid
This command defines a rule definition to analyze and charge user traffic based on the WTP Transaction Identifier (tid).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp tidoperator tid_value
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
tid_value
Specifies the transaction identifier for this rule definition.
tid_value must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WTP TID.
Example
The following command creates a rule definition for analyzing user traffic containing a WTP TID value of 22:
wtp tid = 22
 
wtp transaction class
This command defines a rule definition to analyze and charge user traffic based on the WTP Transaction Class (TCL) state.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp transaction classoperator transaction_class
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
!=: does not equal
=: equals
transaction_class
Specifies the WTP TCL for this rule definition.
transaction_class must be an integer from 0 through 2.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WTP transaction class.
Example
The following command creates a WTP rule definition for analyzing user traffic using a WTP transaction class of 2:
wtp transaction class = 2
 
wtp ttr
This command defines a rule definition to analyze and charge user traffic based on the WTP Trailer Transmission flag (TTR).
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp ttroperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WTP TTR condition.
Example
The following command defines a rule definition for analyzing WTP user traffic based on the WTP TTR condition of TRUE:
wtp ttr = TRUE
 
wtp uplink
This command defines a rule definition to analyze and charge user traffic using WTP uplink.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] wtp uplinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Indicates the uplink (to the Mobile Node direction) status.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the WTP uplink status.
Example
The following command creates a rule definition for analyzing user traffic using a WTP uplink value of TRUE:
wtp uplink = TRUE
 
www
The following commands define rules for analyzing traffic based on World Wide Web (WWW):
 
www any-match
This command defines a rule definition to analyze and charge user traffic based on any match (catch-all) expression for WWW.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www any-matchoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the WWW any match status.
Example
The following command defines an any match rule definition for analyzing WWW user traffic:
www any-match = TRUE
 
www content type
This command defines a rule definition to analyze and charge user traffic based on the WWW content type.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www content type [ case-sensitive ]operator content_type
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
content_type
content_type must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WWW content type.
Example
The following command creates a SIP rule definition for analyzing user traffic using a WWW content of test:
www content type = test
 
www downlink
This command defines a rule definition to analyze and charge user traffic based on the WWW downlink conditions.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www downlinkoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Indicates the downlink (from the Mobile Node direction) status.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WWW downlink condition.
Example
The following command defines a rule definition for analyzing WWW user traffic based on the WWW downlink condition of TRUE:
www downlink = TRUE
 
www first-request-packet
This command defines a rule definition to analyze and charge user traffic based on the Wide Web (WWW) first-request-packet.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www first-request-packetoperator condition
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
condition
Specifies the condition for this rule definition.
condition must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on the WWW first request packet.
Example
The following command creates an WW rule definition for analyzing user traffic testing for the first-request-packet equals TRUE:
www first-request-packet = TRUE
 
www header-length
This command defines a rule definition to analyze and charge user traffic based on the WWW packet header length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www header-lengthoperator header_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
header_length
Specifies the WWW packet header length, in bytes, for this rule definition.
header_length must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WWW packet header length.
Example
The following command creates an HTTP rule definition for analyzing user traffic using an WWW packet header length of 10000:
www header-length = 10000
 
www host
This command defines a rule definition to analyze and charge user traffic based on the WWW host.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www host [ case-sensitive ]operator host_name
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
host_name
A unique name that you specify for the WWW host.
host_name must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WWW host name.
Example
The following command creates a WWW rule definition for analyzing user traffic using a WWW host of host1:
www host = host1
 
www payload-length
This command defines a rule definition to analyze and charge user traffic based on the WWW payload length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www payload-lengthoperator payload_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
payload_length
Specifies the WWW payload length for this rule definition.
payload_length must be an integer from 1 through 4000000000.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WWW payload length.
Example
The following command creates a WWW rule definition for analyzing user traffic using a WWW payload length of 10000:
www payload-length = 10000
 
www pdu-length
This command defines a rule definition to analyze and charge user traffic based on the WWW Protocol Data Unit (PDU) length.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www pdu-lengthoperator pdu_length
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
pdu_length
Specifies the WWW PDU length, in bytes, for this rule definition.
pdu_length must be an integer from 0 through 65535.
Usage
Use this command to specify a rule definition to analyze user traffic based on WWW PDU length (header + payload) in bytes.
Example
The following command creates an FTP rule definition for analyzing user traffic using a WWW PDU length of 9767 bytes:
www pdu-length = 9767
 
www previous-state
This command defines a rule definition to analyze and charge user traffic based on the previous state of WWW.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www previous-stateoperator previous_state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
previous_state
Specifies the WWW previous state for this rule definition.
previous_state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WWW previous state.
Example
The following command creates a WWW rule definition for analyzing user traffic using a WWW previous state of init:
www previous-state = init
 
www reply code
This command defines a rule definition to analyze and charge user traffic based on the WWW reply code arguments.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www reply codeoperator response_code
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
<=: less than or equals
=: equals
>=: greater than or equals
response_code
A unique value that you specify to use for the response.
response must be an integer from 100 through 599.
Usage
Use this command to specify a rule definition to analyze WWW user traffic based on a reply code rule definition.
Example
The following command defines a rule definition for analyzing WWW user traffic using a reply code of 110:
www reply code = 110
 
www state
This command defines a rule definition to analyze and charge user traffic based on the current state of WWW.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www stateoperator state
no
Removes the specified rule definition.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
=: equals
state
Specifies the WWW state for this rule definition.
state must be one of the following:
Usage
Use this command to specify a rule definition to analyze user traffic based on a WWW state.
Example
The following command creates a WWW rule definition for analyzing user traffic using a WWW state of close:
www state = close
 
www transfer-encoding
This command defines a rule definition to analyze and charge user traffic based on the WWW transfer encoding.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www transfer-encoding [ case-sensitive ]operator string
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field.
operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
string
A unique name that you specify for WWW transfer encoding.
string must be an alpha and/or numeric string of 1 through 127 characters in length, and can contain punctuation characters.
Usage
Use this command to specify a rule definition to analyze user traffic based on a WWW transfer encoding string.
Example
The following command creates an HTTP rule definition for analyzing user traffic using a WWW transfer encoding string of user1:
www transfer-encoding = user1
 
www url
This command defines a rule definition to analyze and charge user traffic based on the WWW URL.
Product
All
Privilege
Security Administrator, Administrator
Syntax
[ no ] www url [ case-sensitive ]operator url
no
Removes the specified rule definition.
case-sensitive
Default: Disabled.
This keyword makes the rule case sensitive. By default, rule definitions are not case sensitive.
operator
Specifies how to logically match the information in the analyzed field. operator must be one of the following:
!=: does not equal
!contains: does not contain
!ends-with: does not end with
!starts-with: does not start with
=: equals
contains: contains
ends-with: ends with
starts-with: starts with
url
url must be an alpha and/or numeric string of 1 through 127 characters in length.
Usage
Use this command to specify a rule definition to analyze user traffic based on the WWW URL.
Example
The following command creates a rule definition for analyzing user traffic using the WWW URL www.abc.com:
www url = www.abc.com
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883