[ovs-dev] IPv6 first/later fragments
Jesse Gross
jesse at nicira.com
Wed Oct 26 22:34:10 UTC 2011
On Wed, Oct 26, 2011 at 2:59 PM, Ben Pfaff <blp at nicira.com> wrote:
> Navindra Yadav pointed out in a discussion over on an ONF issue tracker
> that first/later fragment isn't as useful with IPv6: the TCP/UDP port
> numbers aren't necessarily in the first fragment, because other
> intermediate extension headers can follow the fragment header.
>
> Any idea what we should do about this?
This is always true, even for IPv4. You could have a fragment that is
split very quickly after the IP header or simply a truncated packet.
You always have to be prepared for these cases, so I don't think there
is anything to be done.
>From a parsing perspective, the distinction between first/later
fragment isn't about policy on what comes later: with the later
fragments you simply have no idea how to interpret the data that
follows the fragment header because you don't know what you're looking
at.
So the fragment status bits are just reporting reality, it's up the
controller to decide what to do for policy. Short of doing full
reassembly there's really isn't any additional information to be had.
Also, while it is possible for an entire fragment to be filled up with
extension headers this seems likely to be extremely rare in practice
to me, similar to splitting an IPv4 packet before the L4 headers.
More information about the dev
mailing list