From: Petr Lapukhov (petrsoft@gmail.com)
Date: Thu Jun 01 2006 - 09:12:00 ART
Koen,
You see that url matches part of a HTTP GET _request_.
(To match hostname you need match protocol http host).
Next, mime-type. If you recall what is MIME, you may quickly
understand, that matching mime-type actually matches
part of HTTP reply BODY. That is, server respond you with
octect stream, you got a mime-header in the beginning of the
stream, which states "image/jpeg" for example.
Now you can match mime-types only if server truly responds you
with images :) In my case, I used simple text-file to "simlate" file
with "jpeg" extension. It will not be send as MIME-encoded message
with mime-type image/jpeg actually :)
So you see, that matching mime-types is related to content, and
matching url is related solely to requests being made.
BTW, if you actually want to see what do you get in response to your
HTTP request, you may use "debug ip packet detail dump" (beware!)
or more advanced:
debug ip nbar filter destination_port tcp 80
debug ip nbar capture 200 10 10 10
show ip nbar capture
HTH
Petr
2006/6/1, Koen Zeilstra <koen@koenzeilstra.com>:
>
> Petr, I sort of missed that. Sorry about that.
>
> I labbed up your config and it works with
>
> match protocol http url *.jpg
>
> however I don't get any matches on:
>
> match protocol http mim *jpg
>
>
> I applied the service-policy in and outbound. On both directions no match.
>
> Am I doing something wrong?
>
>
> class-map match-all MIME
> match protocol http mime "*jpg"
> !
> policy-map TEST2
> class MIME
> !
> interface Serial0/0
> service-policy input TEST2
> service-policy output TEST2
> !
>
>
>
>
> -----------------------
> Oh, well, I guess this is just going to be one of those lifetimes.
>
> On Thu, 1 Jun 2006, Petr Lapukhov wrote:
>
> | Koen, I alredy mention that in previous thread.. :)
> |
> | You apply policy for HTTP INBOUND. At the same time,
> | NBAR recognizes OUTGOING URLs with GET requests,
> | and classifies return traffic as HTTP stream, relatedto that
> | URLs.
> |
> | (Also, matchig MIME types will work too. But if you see stuff
> | like "*.jpeg" you should clearly think of URL matching).
> |
> | Here is a scenario where you can verify that:
> |
> | ----------
> |
> | R1 is downloading images from SW1, which is the HTTP server
> | with ip address 151.10.7.7
> |
> | R3 is in control of data streams. It utilizes policy map
> | inbound on interface Fa 0/0.
> |
> | -----------
> |
> | (Following text is best viewed with Courier New Font ;))
> |
> | R1-----R3::Fa0/0----SW1::Lo0(7.7/24)
> |
> | SW1:
> |
> | SW1#sh running-config | inc ip http
> | ip http server
> | ip http path flash:
> |
> | SW1#dir flash:*.jpeg
> | Directory of flash:/*.jpeg
> |
> | 95 -rwx 2227 Mar 2 1993 00:28:03 +00:00 image.jpeg
> |
> |
> | R3:
> | !
> | class-map match-any IMAGES
> | match protocol http url "*.jpeg"
> | match protocol http url "*.jpg"
> | match protocol http url "*.gif"
> | match protocol http url "*.png"
> | !
> | policy-map TEST
> | class IMAGES
> | police 128000
> | !
> | interface FastEthernet0/0
> | ip address 151.10.33.3 255.255.255.0
> | ip nbar protocol-discovery
> | service-policy input TEST
> | end
> |
> | R1#copy http://151.10.7.7/image.jpeg null:
> | Loading http://151.10.7.7/image.jpeg !
> | 2227 bytes copied in 0.040 secs (55675 bytes/sec)
> |
> | R1#copy http://151.10.7.7/image.jpeg null:
> | Loading http://151.10.7.7/image.jpeg !
> | 2227 bytes copied in 0.040 secs (55675 bytes/sec)
> |
> | R3#show ip nbar protocol-discovery interface fastEthernet 0/0 protocol
> http
> |
> | FastEthernet0/0
> | Input Output
> |
> | ----- ------
> |
> | Protocol Packet Count Packet Count
> |
> | Byte Count Byte Count
> |
> | 5min Bit Rate (bps) 5min Bit Rate (bps)
> |
> | 5min Max Bit Rate (bps) 5min Max Bit Rate
> (bps)
> |
> | ------------------------ ------------------------
> | ------------------------
> | http 12 24
> |
> | 5594 1544
> |
> | 0 0
> |
> | 0 0
> |
> | unknown 4 4
> |
> | 240 224
> |
> | 0 0
> |
> | 0 0
> |
> | Total 20 33
> |
> | 6189 2177
> |
> | 0 0
> |
> | 0 0
> |
> |
> | R3#show policy-map interface fastEthernet 0/0
> | FastEthernet0/0
> |
> | Service-policy input: TEST
> |
> | Class-map: IMAGES (match-any)
> | 12 packets, 5594 bytes
> | 5 minute offered rate 2000 bps, drop rate 0 bps
> | Match: protocol http url "*.jpeg"
> | 12 packets, 5594 bytes
> | 5 minute rate 2000 bps
> | Match: protocol http url "*.jpg"
> | 0 packets, 0 bytes
> | 5 minute rate 0 bps
> | Match: protocol http url "*.gif"
> | 0 packets, 0 bytes
> | 5 minute rate 0 bps
> | Match: protocol http url "*.png"
> | 0 packets, 0 bytes
> | 5 minute rate 0 bps
> | police:
> | cir 128000 bps, bc 4000 bytes
> | conformed 12 packets, 5594 bytes; actions:
> | transmit
> | exceeded 0 packets, 0 bytes; actions:
> | drop
> | conformed 2000 bps, exceed 0 bps
> |
> | Class-map: class-default (match-any)
> | 14 packets, 1236 bytes
> | 5 minute offered rate 0 bps, drop rate 0 bps
> | Match: any
> |
> |
> | HTH
> | Petr
> |
> | _______________________________________________________________________
> | Subscription information may be found at:
> | http://www.groupstudy.com/list/CCIELab.html
> |
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART
