Subject: Re: Truly bizarre problem with GRE tunnel.
To: None <firstname.lastname@example.org>
From: Christos Zoulas <email@example.com>
Date: 12/03/2005 22:26:25
In article <firstname.lastname@example.org>,
Lars-Johan Liman <email@example.com> wrote:
>Some time ago I used to have a GRE tunnel from home to my
>server. Worked like a charm (for the limited value of "charm" that
>applies to tunnels ...).
>Tunnel not used much. Time passed.
>Recently upgraded home to 3.99.11. Server is still at 1.6ZK. Tried to
>re-establish tunnel. Failure.
>After _MUCHO_ debugging (Ethereal Is Your Friend(TM)), I have now
>At home, on the _OUTGOING_ side, the encapsulated packets are
>fine. (tcpdump on physical interface (tlp0), not tunnel inteface
>At server, on the _INCOMING_ side, the same encapsulated packets
>arrive with the "IP length" header field of the _ENCAPSULATED_
>(inner) packet byte swapped. That, and ONLY that, is byte swapped.
>(e.g., 0x0054 becomes 0x5400).
>21:05:29.728223 220.127.116.11 > 18.104.22.168: gre truncated-ip - 21420
>bytes missing! 22.214.171.124 > 126.96.36.199: icmp: echo request seq 288
>Some diff-serv params of the container (outer) packet are also
>changed, but that's less disturbing.
>What in heaven's name is going on?
>Is ther _ANY_ chance that this pertains to NetBSD? ("Nooooo!" is my
>Tell me that this _HAS_ to be my ISP(s) playing tricks on me. My
>current guess is a bug in some intermediate system, that actually
>tries to de-compile my GRE stuff and poke around inside it. (And if
>so, I have very clear opinions about messing _inside_ my packets ...)
>Anyone else seen this?
I think that we had this backwards and it was causing interoperability
problems, and it was changed. Can you recompile your ZC system with this
RCS file: /cvsroot/src/sys/net/if_gre.c,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- if_gre.c 5 Sep 2003 23:02:42 -0000 1.48
+++ if_gre.c 11 Dec 2003 00:22:29 -0000 1.49
@@ -330,7 +330,7 @@
((struct ip*)gh)->ip_hl = (sizeof(struct ip)) >> 2;
((struct ip*)gh)->ip_ttl = ip_gre_ttl;
((struct ip*)gh)->ip_tos = ip->ip_tos;
- gh->gi_len = m->m_pkthdr.len;
+ gh->gi_len = htons(m->m_pkthdr.len);
Alternatively use a gif tunnel. You'll be much happier.