On Wed, Oct 12, 2011 at 06:12:27PM -0700, Jesse Gross wrote: > On Tue, Oct 11, 2011 at 4:05 PM, Ben Pfaff <[email protected]> wrote: > > Until now, OVS has handled IP fragments more awkwardly than necessary. ??It > > has not been possible to match on L4 headers, even in fragments with offset > > 0 where they are actually present. ??This means that there was no way to > > implement ACLs that treat, say, different TCP ports differently, on > > fragmented traffic; instead, all decisions for fragment forwarding had to > > be made on the basis of L2 and L3 headers alone. > > > > This commit improves the situation significantly. ??It is still not possible > > to match on L4 headers in fragments with nonzero offset, because that > > information is simply not present in such fragments, but this commit adds > > the ability to match on L4 headers for fragments with zero offset. ??This > > means that it becomes possible to implement ACLs that drop such "first > > fragments" on the basis of L4 headers. ??In practice, that effectively > > blocks even fragmented traffic on an L4 basis, because the receiving IP > > stack cannot reassemble a full packet when the first fragment is missing. > > > > This commit works by adding a new "fragment type" to the kernel flow match > > and making it available through OpenFlow as a new NXM field named > > NXM_NX_IP_FRAG. ??Because OpenFlow 1.0 explicitly says that the L4 fields > > are always 0 for IP fragments, it adds a new OpenFlow fragment handling > > mode that fills in the L4 fields for "first fragments". ??It also enhances > > ovs-ofctl to allow users to configure this new fragment handling mode and > > to parse the new field. > > > > Signed-off-by: Ben Pfaff <[email protected]> > > Bug #7557. > > Is this a new version?
No, something weird happened. Reading the Received: headers, this is a copy I sent it on Tuesday after Nicira's internal SMTP server was decommissioned. Somehow it reappeared and got reinjected into the ether. Ignore it. _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
