[j-nsp] Identifying pfe icmp throttled traffic
Jeff S Wheeler
jsw at inconcepts.biz
Tue Mar 10 14:03:56 EDT 2009
On Sun, 2009-03-08 at 20:47 -0400, Jeff S Wheeler wrote:
> On Sun, 2009-03-08 at 19:10 -0500, Richard A Steenbergen wrote:
> > This is on a MX960. I had actually tried matching ttl [ 0 1 ] in
I'm still not clear on what this is supposed to be doing, vs what you
mentioned it is actually doing on your box, but the MX-series that can
match on TTL appears to be doing the same thing as the M7i, which can't.
A more detailed explanation from the Juniper folks would be helpful.
# show filter index 6 program
Program Filters:
---------------
Index Dir Cnt Text Bss Name
-------- ------ ------ ------ ------ --------
6 52 0 16 0 foo
Firewall program version 50 magic fed2beef
Name: "foo" Protocol: ip
Implicit Filter: No
Hash: 68c5232c31a1da633f8772ffacefc306
Action directory: 1 entry (52 bytes)
Text: 4 instruction words (16 bytes)
Action directory: 1 entry (52 bytes)
0: accept
-> 2:
Program instructions: 4 words
0: set flags2
match flags2 & 0x10 != 0x10 -> 3:
terminate -> action index 0
3: terminate -> discard
# show filter index 5 program
Program Filters:
---------------
Index Dir Cnt Text Bss Name
-------- ------ ------ ------ ------ --------
5 52 0 12 0 bar
Firewall program version 50 magic fed2beef
Name: "bar" Protocol: ip
Implicit Filter: No
Hash: 07c24f58442ed2e93e9b7cd2c0304056
Action directory: 1 entry (52 bytes)
Text: 3 instruction words (12 bytes)
Action directory: 1 entry (52 bytes)
0: accept
-> 1:
Program instructions: 3 words
0: match ttl > 1 -> 2:
terminate -> action index 0
2: terminate -> discard
--
Jeff S Wheeler <jsw at inconcepts.biz> +1-212-981-0607
Sr Network Operator / Innovative Network Concepts
More information about the juniper-nsp
mailing list