On Fri, 7 Jan 2000 itojun@iijlab.net wrote:

> 	bpf sends encapsulated packet to userland.
> 	NetBSD 1.4.1 tcpdump(8) skips outer header, if you don't have -v on
> 	command line.   If you have -v, it will print like this:
> >16:33:38.755359 fmh.blink.com > 192.168.10.32: gre 10.1.1.1 > 10.1.1.2: icmp: echo request (gre encap)

No, on the incoming packet the outer header is not being skipped. It's
*gone*. Here's a trace with -v:

16:55:33.226786 gre gw2.blink.com > www2.blink.com: [] fmh.blink.com > 192.168.10.32: icmp: echo request (ttl 63, id 62538) (ttl 63, id 31868)
16:55:33.260027 192.168.10.32 > fmh.blink.com: icmp: echo reply (ttl 115, id 32388)

(In my original post, you'll notice that the second line didn't say
`(gre encap)', either. And ipf is filtering based on the encapsulated
addresses, not the gre addresses.

> 	NetBSD-current tcpdump needs some fix around here, due to the changes
> 	in ip header printing I made (I did not change print-gre.c) -
> 	I'll do that.  Could you give me (privately) a packet trace that
> 	includes GRE, saved by tcpdump -w?

I don't have a current machine doing a tunnel at the moment, but if you
still need it this week-end, send me e-mail and I'll try setting up a
tunnel and doing this.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   917 532 4208   De gustibus, aut bene aut nihil.
The most widely ported operating system in the world: http://www.netbsd.org