The SAProuter works with a Route Permission Table, which is used to authorize route connection. Following properties are essential for the route-check:
Source IP address
Destination IP address
Destination port
Number of previous SAProuter hops
Number of remaining SAProuter hops
The route permission file is loaded in an internal table during the SAProuter startup. The permission is checked for each accepted connection after receiving the route data. Administrative requests are rejected, if they are not from the local host. Info requests need to be authorized by the route table, too.
The permission check works with a first-match-lookup of the route data received against the route table. For a successful lookup source address, destination address and port are required to match.
Note
The number of previous and post hops are conditions for the permission, but not essential for the match.
The internal table, in which the route table is mapped, has the following fields:
Type (permitted or denied)
SNC (secure network communication required or not)
Native (native protocols permitted or not)
Previous hops (maximum number of previous hops / SAProuters)
Post hops (maximum number of following hops / SAProuters)
Source address
Source address mask
Destination address
Destination address mask
All destination ports (no port specified)
Destination port min
Destination port max
Password (required password for building up the route)
SNC name
The address masks are set, if a subnet is given in the route file. You find details about the route table in section Route Permission Table. Mapping examples of file entries into the internal table are given in Route Table Examples.