[j-nsp] bit field match condition for firewall filter

[Paul Goyette]

One might consider the additional packet inspection capabilities
of the Adaptive Services PIC...

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of Piotr Marecki
Sent: Wednesday, May 05, 2004 12:47 PM
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] bit field match condition for firewall filter


All of us would like do it also , in particular to filter ttl  . Anyways it
is obvious that IP2 is kinda
optimized to do longest prefix match lookup ( which is used also to do L3
filters) so it cannot
match every field we would it to do so . So unless Juniper implement RE
filtering or expand FPC power pc
responsibility it won't happen.

regards

Piotr Marecki


----- Original Message -----
From: "Patrick Liu" <paliu at nortelnetworks.com>
To: <juniper-nsp at puck.nether.net>
Sent: Wednesday, May 05, 2004 9:20 PM
Subject: [j-nsp] bit field match condition for firewall filter


> Hi,
>
> I am trying to find a way to construct a firewall filter with user-defined
> bit field match. The desired bit field match conditions are as follow:
>
> - define a know bit position in packet header (reference point)
> - specify the first position of the filtered bit pattern in relation to
> reference point
> - specify the total length that matches the packet criteria
> - specify a minimum and maximum target value to apply to the match
criterion
>
> The "IP options" and "tcp-flags" match condition on Juniper don't seem to
> able to do what I just describe. Anyone have any tips?
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp