Subject: Re: Stripping GRE Too Early?
To: Curt Sampson <firstname.lastname@example.org>
From: None <email@example.com>
Date: 01/07/2000 06:53:38
>It seems that under NetBSD 1.4.1, at least, when you set up a gre tunnel
>between two machines, the `real' interface that the tunnel's packets pass
>over is showing de-encapsulated incoming packets to bpf, ipfilter, etc.
>(Outgoing are shown encapsulated.) Here's an example:
>16:33:38.755359 fmh.blink.com > 192.168.10.32: icmp: echo request (gre encap)
>16:33:38.788769 192.168.10.32 > fmh.blink.com: icmp: echo reply
>What's up with this? Does current still do it?
bpf sends encapsulated packet to userland.
NetBSD 1.4.1 tcpdump(8) skips outer header, if you don't have -v on
command line. If you have -v, it will print like this:
>16:33:38.755359 fmh.blink.com > 192.168.10.32: gre 10.1.1.1 > 10.1.1.2: icmp: echo request (gre encap)
I think this is a bit confusing that the order is reversed.
NetBSD-current tcpdump needs some fix around here, due to the changes
in ip header printing I made (I did not change print-gre.c) -
I'll do that. Could you give me (privately) a packet trace that
includes GRE, saved by tcpdump -w?