[j-nsp] bit field match condition for firewall filter
Piotr Marecki
p.marecki at swiat.pl
Wed May 5 15:46:36 EDT 2004
All of us would like do it also , in particular to filter ttl . Anyways it
is obvious that IP2 is kinda
optimized to do longest prefix match lookup ( which is used also to do L3
filters) so it cannot
match every field we would it to do so . So unless Juniper implement RE
filtering or expand FPC power pc
responsibility it won't happen.
regards
Piotr Marecki
----- Original Message -----
From: "Patrick Liu" <paliu at nortelnetworks.com>
To: <juniper-nsp at puck.nether.net>
Sent: Wednesday, May 05, 2004 9:20 PM
Subject: [j-nsp] bit field match condition for firewall filter
> Hi,
>
> I am trying to find a way to construct a firewall filter with user-defined
> bit field match. The desired bit field match conditions are as follow:
>
> - define a know bit position in packet header (reference point)
> - specify the first position of the filtered bit pattern in relation to
> reference point
> - specify the total length that matches the packet criteria
> - specify a minimum and maximum target value to apply to the match
criterion
>
> The "IP options" and "tcp-flags" match condition on Juniper don't seem to
> able to do what I just describe. Anyone have any tips?
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list