Hi Owen, On 1/21/2014 12:13 PM, Owen DeLong wrote:
On Jan 18, 2014, at 23:19 , Frank Habicht <geier@geier.ne.tz> wrote:
c) v6 with a few extension headers In this case, it will be at 40+o+n octets into the packet where o is the number of octets contained in headers prior to the TCP header and n is defined as in (b) above.
my point tried to be that it can be hard for an ASIC to know 'o'
now program a chip to filter based on this port number... I think you might want to be more specific. After all, an ARM 9 is a chip which can easily be programmed to do so (in fact, I can point to iptables/ip6tables as running code which does this on the ARM 9).
I was thinking about hardware that's forwarding packets "not in software" some of those boxes probably want to limit tcp ports 179 and 22.
So... I suppose that whether your complaint has merit depends entirely on whether or not extension headers become more common on IPv6 packets than options have become on IPv4 packets or not and also on how hard it is to build fast-path hardware that bypasses extension headers that it does not care about. Since you only need to parse the first two fields ^^^^ ? of each extension header (Next Header Type and Header Length) ... recursively for all extension headers ...
to know everything you need to bypass the current header, it shouldn't be too hard to code that into a chip... who's done that so far? Up to what number of EHs or octet-length?
Thanks, Frank