[c-nsp] Flexible Packet Match
Dennis Bohn
BOHN at adelphi.edu
Thu Dec 9 11:13:26 EST 2010
Hello:
I have been going back and forth with Cisco TAC about Flexible Packet Matching (FPM).
At the moment, I am trying to configure a nested class in the tcdf file. In the future, I am interested in defining specific packet matches to drop. I have read all documentation that I can find on Cisco's site, including:
Read 'readme_first.txt"
Looked at this:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6723/prod_qas0900aecd804b915e.html
Looked at this:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6723/product_data_sheet0900aecd8034bd93.html
So, I am looking for a guide to the Cisco schema for FPM, and perhaps a table showing a cli command and the matching xml syntax.
Any help appreciated. Here is the immeditate problem:
Standard IP access list 15
10 permit 192.168.55.12
20 permit 192.168.131.27
Class Map match-any ccenternat (id 17)
Match access-group 15
##the regex is cisco's and does work as a standalone xml file
<?xml version="1.0" encoding="UTF-8"?>
<tcdf>
<class name="bt" type="stack" match="any">
<match>
<regex start="l2-start" offset="54" size="32" value="\x13BitTorrent\x20protocol"></regex>
<regex start="l2-start" offset="54" size="32" value="GET\x20.*\?info_hash="></regex>
<regex start="l2-start" offset="54" size="32" value="[a|A][z|Z][v|V][e|E][r|R]\x01"></regex>
</match>
</class>
<class name="thisone" type="access-control" match="all">
<match>
<class name="bt"></class>
<class name="ccenternat"></class>
</match>
</class>
<policy type="access-control" name="tcp_policy">
<class name="thisone"></class>
<action>drop</action>
</policy>
</tcdf>
best,
dennis
More information about the cisco-nsp
mailing list