> >> Now, assume that we were using WESP. >> >> You would need just two rules in your filter database saying the >> following: >> >> Incoming Pkt is WESP integrity Protected, then look at the nth bit and >> if its a OSPF HELLO, put it in Ospfv3HighPrioQueue. >> Incoming Pkt is WESP integrity Protected, then look at the mth bit and >> if its a OSPF ACK, put it in Ospfv3HighPrioQueue. > > This is much simpler, but also potentially inaccurate. Specifically, because > it pays no attention to the SAD info, it would grab ANY packet that passes > through the router, uses WESP, and that matches the bits that one uses to > decide of a packet is an OSPF HELLO or ACK.
Obviously the following rules would only be applied if the IP packet was addressed to the router that was doing these checks. This way it will not trap the other packets passing through this router. > >> Thus one now needs only 2 rules in the HW to prioritize packets for >> *all* OSPF adjacencies. > > Unless you used some other rules to narrow down the set of packets subject > to these quick checks, other packets may be grabbed. Same as above. It is trivial to find out if the packet is locally bound, or needs to be routed. Jack _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
