On 02/07/2013 07:12 PM, Jesse Gross wrote:
On Thu, Feb 7, 2013 at 3:23 PM, Saul St. John<sstj...@cs.wisc.edu> wrote:
2) Is it possible to similarly ignore (transport-mode) AH in IPv4 packets,
or does the presence of an AH preclude matching against L4 ports?
It should be possible although the case for it is less clear since
with IPv6 the extension headers are part of the L3 header, where as in
IPv4 they are acting like an L4 header.
For transport mode AH, is that a real distinction, or just a semantic
kludge around IPv4 not defining an extension header mechanism? After
all, as RFC4302 states, "In the IPv6 context, AH is viewed as an
end-to-end payload".
As a result, if we went down
this path and started adding protocols to skip it would change
behavior over time.
Sorry, I wasn't clear. I was asking whether this was possible with Open
vSwitch as currently written. I gather it's not.
3) Can the current behavior be reconciled with OF 1.3's IPv6 extension
header handling, or will implementing that necessitate a breaking change?
I don't think it is a problem to add support for OpenFlow's extension
header support since that essentially appears as a extra field that is
a mask of the headers skipped.
So, the first time I read the OF 1.3 spec, I came away with the
impression that to skip extension headers like this, you'd need to have
an OFPAT_SET_FIELD action that cleared the OFPIEH_AUTH bit from the
OXM_OF_IPV6_EXTHDR.
That's (clearly) insane, and I understand better now, but I'm left sorta
curious what that action should even do... :-)
_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss
