[j-nsp] "ping: sendto: Operation not permitted" in LAN
Saku Ytti
saku at ytti.fi
Thu Aug 18 15:18:07 EDT 2011
On (2011-08-18 10:28 -0400), Stefan Fouant wrote:
> established. This can cause strange behavior since it's only looking
> for it a simple bit match against the TCP ACK or RST fields.
> However because you are not tying it specifically to TCP traffic,
> any packets which have a 1 value at that offset will match.
Trio appears to change this, in inet6 simply doing 'match port X' without
'match next-header tcp|udp' correctly finds port X, regardless of its position
in the frame (you can move the UDP/TCP port position via extension headers).
--
++ytti
More information about the juniper-nsp
mailing list