Signature - HP FlexNetwork MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Usage guidelines
Whether the specified port number or port range is used to match the packets' source or destination
ports depends on the configuration of the direction command:
•
This command applies to the source ports if the direction command is not configured or the
direction to-client command is configured.
•
This command applies to the destination ports if the direction to-server command is
configured.
If you execute this command multiple times for the same NBAR rule, the most recent configuration
takes effect.
Examples
# Configure user-defined NBAR rule abcd to match packets with port numbers 2001 through 2004.
<Sysname> system-view
[Sysname] nbar application abcd protocol http
[Sysname-nbar-application-abcd] service-port range 2001 2004
Related commands
direction
signature
Use signature to configure a signature for a user-defined NBAR rule.
Use undo signature to cancel the signature configuration.
Syntax
signature [ signature-id ] [ field field-name ] [ offset offset-value ] { hex hex-vector | regex
regex-pattern | string string }
undo signature signature-id
Default
No signatures exist for a user-defined NBAR rule.
Views
NBAR rule view
Predefined user roles
network-admin
Parameters
signature-id: Specifies the signature ID in the range of 1 to 65535. If you do not specify this argument
when creating a signature, the system automatically assigns the signature a signature ID and
records the signature ID. The increment of automatically assigned signature IDs is 5. A new
signature ID is the nearest unassigned multiple of the increment to the latest automatically assigned
signature ID. For example, if the system automatically assigns ID 5 to a signature, the next signature
ID to be assigned automatically will be 10. If signature ID 10 has been assigned manually to a
signature, the next signature ID to be assigned automatically will be 15.
field field-name: Specifies a protocol field by its name. The specified protocol field must be
predefined. This option is available for configuration only if the NBAR rule is applied to HTTP
packets. If you do not specify this option, the configured signature takes effect on all fields in HTTP
packets.
offset offset-value: Specifies the offset from the beginning of the data field, in bytes. A packet
matches the signature after the offset. If you do not specify this option, a packet matches the
704
Advertisement
