[j-nsp] bit field match condition for firewall filter
Patrick Liu
paliu at nortelnetworks.com
Wed May 5 17:07:43 EDT 2004
Is there a way to obtain an eval license of Adaptive Services PIC?
-----Original Message-----
From: Paul Goyette [mailto:pgoyette at juniper.net]
Sent: Wednesday, May 05, 2004 4:07 PM
To: juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] bit field match condition for firewall filter
One might consider the additional packet inspection capabilities of the
Adaptive Services PIC...
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of Piotr Marecki
Sent: Wednesday, May 05, 2004 12:47 PM
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] bit field match condition for firewall filter
All of us would like do it also , in particular to filter ttl . Anyways it
is obvious that IP2 is kinda optimized to do longest prefix match lookup (
which is used also to do L3
filters) so it cannot
match every field we would it to do so . So unless Juniper implement RE
filtering or expand FPC power pc responsibility it won't happen.
regards
Piotr Marecki
----- Original Message -----
From: "Patrick Liu" <paliu at nortelnetworks.com>
To: <juniper-nsp at puck.nether.net>
Sent: Wednesday, May 05, 2004 9:20 PM
Subject: [j-nsp] bit field match condition for firewall filter
> Hi,
>
> I am trying to find a way to construct a firewall filter with
> user-defined bit field match. The desired bit field match conditions
> are as follow:
>
> - define a know bit position in packet header (reference point)
> - specify the first position of the filtered bit pattern in relation
> to reference point
> - specify the total length that matches the packet criteria
> - specify a minimum and maximum target value to apply to the match
criterion
>
> The "IP options" and "tcp-flags" match condition on Juniper don't seem
> to able to do what I just describe. Anyone have any tips?
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list