Subject: Re: Stripping GRE Too Early?
To: None <email@example.com>
From: Curt Sampson <firstname.lastname@example.org>
Date: 01/06/2000 16:58:34
On Fri, 7 Jan 2000 email@example.com wrote:
> bpf sends encapsulated packet to userland.
> NetBSD 1.4.1 tcpdump(8) skips outer header, if you don't have -v on
> command line. If you have -v, it will print like this:
> >16:33:38.755359 fmh.blink.com > 192.168.10.32: gre 10.1.1.1 > 10.1.1.2: icmp: echo request (gre encap)
No, on the incoming packet the outer header is not being skipped. It's
*gone*. Here's a trace with -v:
16:55:33.226786 gre gw2.blink.com > www2.blink.com:  fmh.blink.com > 192.168.10.32: icmp: echo request (ttl 63, id 62538) (ttl 63, id 31868)
16:55:33.260027 192.168.10.32 > fmh.blink.com: icmp: echo reply (ttl 115, id 32388)
(In my original post, you'll notice that the second line didn't say
`(gre encap)', either. And ipf is filtering based on the encapsulated
addresses, not the gre addresses.
> NetBSD-current tcpdump needs some fix around here, due to the changes
> in ip header printing I made (I did not change print-gre.c) -
> I'll do that. Could you give me (privately) a packet trace that
> includes GRE, saved by tcpdump -w?
I don't have a current machine doing a tunnel at the moment, but if you
still need it this week-end, send me e-mail and I'll try setting up a
tunnel and doing this.
Curt Sampson <firstname.lastname@example.org> 917 532 4208 De gustibus, aut bene aut nihil.
The most widely ported operating system in the world: http://www.netbsd.org