Hi,
thank you for that fix. My solution, which uses -m found, works
perfectly now!
BTW how one can check which packets are considered in that inspect-delay
time period?
Milos
Dne 24.9.2015 v 16:48 Emeric Brun napsal(a):
Hi,
On 09/24/2015 03:42 PM, Miloš Kozák wrote:
I am getting this error:
matching method 'found' cannot be used with fetch keyword 'req.payload'
Willy've just push a fix about that!
In order to detect correct frame I do something like this do you think it is
enough?
acl px req.payload(0,4) -m bin FF00FF00
acl rib req.payload(5,4) -m bin 00000000
tcp-request content accept if px WAIT_END
tcp-request inspect-delay 1s
stick-table type binary len 4 size 50k expire 30m
stick on req.payload(5,4) table protokolX if px !rib
Presumably, I try to avoid stickiness on frames where ID is not set..
Willy've also fixed a bug related to payload and payload_lv.
I think you should replace the content rule:
tcp-request content accept if px !rib
because WAIT_END will force you to wait 1sec if px match.
R,
Emeric
