On Fri, Feb 8, 2013 at 3:41 PM, Saul St. John <sstj...@cs.wisc.edu> wrote: > On 02/07/2013 07:12 PM, Jesse Gross wrote: >> >> On Thu, Feb 7, 2013 at 3:23 PM, Saul St. John<sstj...@cs.wisc.edu> wrote: >>> >>> 2) Is it possible to similarly ignore (transport-mode) AH in IPv4 >>> packets, >>> >>> or does the presence of an AH preclude matching against L4 ports? >> >> It should be possible although the case for it is less clear since >> with IPv6 the extension headers are part of the L3 header, where as in >> IPv4 they are acting like an L4 header. > > For transport mode AH, is that a real distinction, or just a semantic kludge > around IPv4 not defining an extension header mechanism? After all, as > RFC4302 states, "In the IPv6 context, AH is viewed as an end-to-end > payload".
It's definitely a kludge and technically a violation of how IPv6 packets are supposed to be parsed. However, as far as defining a general framework goes without calling out specific protocols, I think it more or less matches what most people are looking for. >> As a result, if we went down >> this path and started adding protocols to skip it would change >> behavior over time. > > Sorry, I wasn't clear. I was asking whether this was possible with Open > vSwitch as currently written. I gather it's not. No, it's not. >>> 3) Can the current behavior be reconciled with OF 1.3's IPv6 extension >>> header handling, or will implementing that necessitate a breaking change? >> >> I don't think it is a problem to add support for OpenFlow's extension >> header support since that essentially appears as a extra field that is >> a mask of the headers skipped. > > So, the first time I read the OF 1.3 spec, I came away with the impression > that to skip extension headers like this, you'd need to have an > OFPAT_SET_FIELD action that cleared the OFPIEH_AUTH bit from the > OXM_OF_IPV6_EXTHDR. > > That's (clearly) insane, and I understand better now, but I'm left sorta > curious what that action should even do... :-) I believe that the intention of the OpenFlow spec for parsing is pretty similar to the OVS model (plus the extra field that I mentioned). My guess is that clearing bits from the extension header is unlikely to be supported on any switch. _______________________________________________ discuss mailing list discuss@openvswitch.org http://openvswitch.org/mailman/listinfo/discuss
