On Tue, Jul 10, 2018 at 12:15 PM, Allison Mankin <[email protected]> wrote:
> Sonal, > > I’m very familiar with the flags and fields of TCP. My question is what > are the use cases for and ACL to match on URG, PSH, or the sequence > numbers? > > [SA] There were ACL examples that were published by JNPR and CSCO (and several others) that utilized these flags. Therefore, the full set of TCP flags is being supported in the model. Some such examples are: e.g. http://it-certification-network.blogspot.com/2008/12/filtering-based-on-tcp-header-flags.html https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-stateless-match-conditions-bit-field-values.html The sequence number is being supported for completeness sake. Sonal. Allison (for the Transport Area review team) > > > On Tuesday, 10 July 2018, Sonal Agarwal <[email protected]> wrote: > >> Hi Allison, >> >> Please see inline: >> >> Thanks, >> Sonal. >> >> On Mon, Jul 9, 2018 at 12:43 PM, Allison Mankin <[email protected] >> > wrote: >> >>> I've reviewed this document as part of the transport area review team's >>> ongoing effort to review key IETF documents. These comments were written >>> primarily for the transport area directors, but are copied to the >>> document's authors for their information and to allow them to address any >>> issues raised. When done at the time of IETF Last Call, the authors should >>> consider this review together with any other last-call comments they >>> receive. Please always CC tsv-art@… if you reply to or forward this >>> review.. >>> >>> Summary: >>> Almost Ready (but I do have a question) >>> >>> Technicals: >>> I reviewed that the details about TCP, UDP, ECN, and DSCP are consistent >>> with the specifications, and that the specifications are accurate. The >>> model is accurate for these. >>> >>> >>> Question: >>> What is the use case for ACLs referencing TCP PSH and URG flags, and >>> sequence numbers? These are not very predictable and I would think not >>> very useful for the work that ACLs do, but I'm willing to be informed. >>> >>> [SA] The use case for this would be for applications that use ACL's and >>> require high levels of security. Enumerating all the supported flags and >>> their bit positions makes it clear to the user. These flags and the >>> sequence number are all part of the TCP header. https://en.wikipedia.o >>> rg/wiki/Transmission_Control_Protocol >>> >> >> >>> >>> >>> >>> _______________________________________________ >>> netmod mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/netmod >>> >>> >>
_______________________________________________ netmod mailing list [email protected] https://www.ietf.org/mailman/listinfo/netmod
