On (2011-08-18 10:28 -0400), Stefan Fouant wrote: > established. This can cause strange behavior since it's only looking > for it a simple bit match against the TCP ACK or RST fields. > However because you are not tying it specifically to TCP traffic, > any packets which have a 1 value at that offset will match.
Trio appears to change this, in inet6 simply doing 'match port X' without 'match next-header tcp|udp' correctly finds port X, regardless of its position in the frame (you can move the UDP/TCP port position via extension headers). -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
