[c-nsp] Flexible Packet Match

Rob Taylor robetayl at cisco.com
Thu Dec 9 12:32:46 EST 2010 

Dennis,

I dont see "ccenternat" defined anywhere, though you are calling it in 
the nested class "thisone".

The XML DOES validate, but I believe you must define the class 
"ccenternet" before you can match against "ccenternat".

Hope this helps,

Rob

On 12/9/2010 11:13 AM, Dennis Bohn wrote:
> Hello:
> I have been going back and forth with Cisco TAC about Flexible Packet Matching (FPM).
>
> At the moment, I am trying to configure a nested class in the tcdf file.  In the future, I am interested in defining specific packet matches to drop.  I have read all documentation that I can find on Cisco's site, including:
>
> Read 'readme_first.txt"
> Looked at this:
> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6723/prod_qas0900aecd804b915e.html
>
> Looked at this:
> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6723/product_data_sheet0900aecd8034bd93.html
>
> So, I am looking for a guide to the Cisco schema for FPM, and perhaps a table showing a cli command and the matching xml syntax.
>
> Any help appreciated.  Here is the immeditate problem:
> Standard IP access list 15
>      10 permit 192.168.55.12
>      20 permit 192.168.131.27
>
> Class Map match-any ccenternat (id 17)
>     Match access-group  15
>
> ##the regex is cisco's and does work as a standalone xml file
> <?xml version="1.0" encoding="UTF-8"?>
> <tcdf>
>
>      <class name="bt" type="stack" match="any">
>          <match>
>              <regex start="l2-start" offset="54" size="32" value="\x13BitTorrent\x20protocol"></regex>
>              <regex start="l2-start" offset="54" size="32" value="GET\x20.*\?info_hash="></regex>
>              <regex start="l2-start" offset="54" size="32" value="[a|A][z|Z][v|V][e|E][r|R]\x01"></regex>
>          </match>
>      </class>
>
>
>       <class name="thisone" type="access-control" match="all">
>          <match>
>                  <class name="bt"></class>
>                  <class name="ccenternat"></class>
>          </match>
>       </class>
>
>      <policy type="access-control" name="tcp_policy">
>          <class name="thisone"></class>
>          <action>drop</action>
>      </policy>
>
> </tcdf>
>
> best,
> dennis
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the cisco-nsp mailing list