Hi Owen, On 1/21/2014 12:13 PM, Owen DeLong wrote: > On Jan 18, 2014, at 23:19 , Frank Habicht <ge...@geier.ne.tz> wrote: >> c) v6 with a few extension headers > In this case, it will be at 40+o+n octets into the packet where o is the > number of octets contained in headers prior to the TCP header and n is > defined as in (b) above.
my point tried to be that it can be hard for an ASIC to know 'o' >> now program a chip to filter based on this port number... > I think you might want to be more specific. After all, an ARM 9 is a > chip which can easily be programmed to do so (in fact, I can point to > iptables/ip6tables as running code which does this on the ARM 9). I was thinking about hardware that's forwarding packets "not in software" some of those boxes probably want to limit tcp ports 179 and 22. > So... I suppose that whether your complaint has merit depends entirely > on whether or not extension headers become more common on IPv6 packets > than options have become on IPv4 packets or not and also on how hard it > is to build fast-path hardware that bypasses extension headers that it > does not care about. Since you only need to parse the first two fields ^^^^ ? > of each extension header (Next Header Type and Header Length) ... recursively for all extension headers ... > to know > everything you need to bypass the current header, it shouldn't be too > hard to code that into a chip... who's done that so far? Up to what number of EHs or octet-length? Thanks, Frank