Flowspec matches for unassigned protocols or imp types and codes

[adrian62]

We use flowspec mostly for blocking or mitigating various kinds of attacks. As such, often we want to match traffic whose header fields may not always be 'valid' in the sense that a specific meaning is not assigned to them. Attackers don't necessarily follow standards :) Take for example protocols: there are many values that are not assigned. Exabgp allows us to specify the protocol (or ICMP types and codes) by value (in my example 15), but when we receive such a route from the api we get something like =unknown protocol type 15.

While this is useful for a user interface or human reading logs, it requires exception code to handle the unassigned values.

Describe the solution you'd like I am asking for guidance for creating a patch to eliminate the unknown ... type text and just leaving the expression, in the example above =15 meaning to match exactly protocol 15.

Describe alternatives you've considered Exception code receiving from the exabgp API can look for unknown ... and remove it, leaving just the operator(s) and value.

Additional context If others would have interest maybe this could be made a configurable option.