admin管理员组

文章数量:1123001

I'm trying to build an nftables rule which can throttle SCTP traffic which contains DIAMETER. I would further like to only drop Authentication Information Requests (AIR). So in general everything should pass, except AIRs which exceeds a certain limit/threshold.

This is my current version:

nft add rule filter input ip daddr 1.2.3.4 sctp @th,64,32 0x0000013e limit rate over 10/second drop

The idea is that @th,64,32 matches the 32-bit field (DIAMETER command code) starting at byte offset 64 from the SCTP payload and 0x0000013e is the hexadecimal for 318 (Authentication Information Request).

I've tried to decode things from Wireshark, but not entirely sure. Also not sure how to test it in a good way.

Can anyone validate, edit and/or help me with testing it?

本文标签: linuxAsk for validation of nftables rule for throttling SCTPDIAMETER AIRsStack Overflow

版权声明:本文标题:linux - Ask for validation of nftables rule for throttling SCTPDIAMETER AIRs - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736540170a1944377.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。