Limiting packet size with CHX-I payload filter

I would like to limit DNS packet size to for example 90 bytes. I made a traffic stream for dst port UDP 53 and associated with payload filter.

In payload filter I defined bounduaries as:
start \s (start of packet)
end \p (end of packet).

In field If number of bytes after start and before any other flag exceeds: I putted here 90 Connection Flow then I selected Drop packet, close connection and I selected the same for Primary Action.

Then when I sended to DNS packets with size exceeded 90 bytes, they were not blocked.
What I'm doing wrong?

 

I can't answer your question soniak, but here's another place to ask if nobody here knows the answer:

http://fluxgfx.com/ssc/

 

soniak,
The info for the rule looks correct,.. I did re-install CHX-I to check. The rule is working correctly. I think you just need to step back,... have a break,.. and then re-check your rules.

 

For now I have only this one rule. I double check everything, and even if I set 1 byte in field with number of bytes, queries are resolved successfully. (I cleaned resolver cache before test).

 

Hi, I need to go out (work) for a couple of hours,.. when I get back, I will re-istall CHX-I, and remake the rules you mention, and will post them so we can compare. o.k.?

 

soniak,
I have re-installed, and set up the payload rule again, and all working correctly. Have attached image for you to compare rules.