[j-nsp] How many bits/bytes of a packet can be matched in a firewall rule on Juniper MX-series?
Saku Ytti
saku at ytti.fi
Fri Jul 9 06:31:36 EDT 2021
On Fri, 9 Jul 2021 at 13:24, embolist <embolist at pm.me> wrote:
> So, I can match a bit pattern within the first 256 bytes from the start of the IP header, is that correct?
> How many bits can I match within that first 256 bytes?
You can set the match-start from L3, L4 or payload and take 256 bytes
offset from that. The documents say 128 bits.
<bit-length> Length of integer input (1..32 bits), Optional
length of string input (1..128 bits)
https://kb.juniper.net/InfoCenter/index?page=content&id=KB34222&cat=MX_SERIES&actp=LIST
What have you done thus far? This seems eminently testable.
--
++ytti
More information about the juniper-nsp
mailing list