Subject: Re: Stripping GRE Too Early?
To: Curt Sampson <>
From: None <>
List: tech-net
Date: 01/07/2000 06:53:38
>It seems that under NetBSD 1.4.1, at least, when you set up a gre tunnel
>between two machines, the `real' interface that the tunnel's packets pass
>over is showing de-encapsulated incoming packets to bpf, ipfilter, etc.
>(Outgoing are shown encapsulated.) Here's an example:
>16:33:38.755359 > icmp: echo request (gre encap)
>16:33:38.788769 > icmp: echo reply
>What's up with this? Does current still do it?

	bpf sends encapsulated packet to userland.
	NetBSD 1.4.1 tcpdump(8) skips outer header, if you don't have -v on
	command line.   If you have -v, it will print like this:
>16:33:38.755359 > gre > icmp: echo request (gre encap)

	I think this is a bit confusing that the order is reversed.

	NetBSD-current tcpdump needs some fix around here, due to the changes
	in ip header printing I made (I did not change print-gre.c) -
	I'll do that.  Could you give me (privately) a packet trace that
	includes GRE, saved by tcpdump -w?