Exact Definition of numbers-match bitmask-match and fragmentation-type
Matt Corallo
birdlist at as397444.net
Fri Apr 2 21:30:17 CEST 2021
The match classifiers for flowspec (numbers-match bitmask-match and fragmentation-type) don't appear to be exactly
specified in the documentation anywhere. eg
1) Based on the grouping in the examples, I'd think && and || are parsed first, followed by , and .. ie 1 && 2,3 means 1
AND (two OR three) not (1 AND 2) or 3. Same would apply for fragmentation-type, which makes the spacing in the flow4
example somewhat confusing, though obviously it doesn't change the logic given its all ORs.
2) What are the full list of possible operators? From the examples there is at least <, <=, >, >=, &&, ||, ",", .., and !.
3) I can make a pretty good guess as to what each operator means, but it doesn't seem to be written down anywhere.
Separately, the documentation seems to indicate dscp applies for both IPv4 flowspec as well as IPv6 flowspec as-is,
however this is somewhat confusing - is DSCP intended to match on v4 ECN bits as well, or is the expected length of DSCP
simply 8 bits instead for v6 and matched against the traffic class?
Finally, and I suppose this is an RFC question not a BIRD question, how does the fragment field interact with the next
header field in v6 - I assume a router is expected to parse a fragment header before checking next header, irrespective
of the fragment bits (unless they require all bits unset)?
Thanks,
Matt
More information about the Bird-users
mailing list