current-users: Re: Truly bizarre problem with GRE tunnel.

Subject: Re: Truly bizarre problem with GRE tunnel.
To: None <current-users@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: current-users
Date: 12/03/2005 22:26:25
In article <228xv1zxlh.fsf@aptop.autonomica.net>,
Lars-Johan Liman  <liman@autonomica.se> wrote:
>Some time ago I used to have a GRE tunnel from home to my
>server. Worked like a charm (for the limited value of "charm" that
>applies to tunnels ...).
>
>Tunnel not used much. Time passed.
>
>Recently upgraded home to 3.99.11. Server is still at 1.6ZK. Tried to
>re-establish tunnel. Failure.
>
>After _MUCHO_ debugging (Ethereal Is Your Friend(TM)), I have now
>concluded that:
>
>At home, on the _OUTGOING_ side, the encapsulated packets are
>fine. (tcpdump on physical interface (tlp0), not tunnel inteface
>(gre0).)
>
>At server, on the _INCOMING_ side, the same encapsulated packets
>arrive with the "IP length" header field of the _ENCAPSULATED_
>(inner) packet byte swapped. That, and ONLY that, is byte swapped.
>(e.g., 0x0054 becomes 0x5400).
>
>21:05:29.728223 82.182.146.229 > 192.71.228.16: gre truncated-ip - 21420
>bytes missing! 192.71.228.166 > 192.71.80.70: icmp: echo request seq 288
>[tos 0x30] 
>
>Some diff-serv params of the container (outer) packet are also
>changed, but that's less disturbing.
>
>What in heaven's name is going on?
>
>Is ther _ANY_ chance that this pertains to NetBSD? ("Nooooo!" is my
>answer.)
>
>Tell me that this _HAS_ to be my ISP(s) playing tricks on me. My
>current guess is a bug in some intermediate system, that actually
>tries to de-compile my GRE stuff and poke around inside it. (And if
>so, I have very clear opinions about messing _inside_ my packets ...)
>
>Anyone else seen this?
>
>				Cheers,
>				  /Liman

I think that we had this backwards and it was causing interoperability
problems, and it was changed. Can you recompile your ZC system with this
patch:

Index: if_gre.c
===================================================================
RCS file: /cvsroot/src/sys/net/if_gre.c,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- if_gre.c	5 Sep 2003 23:02:42 -0000	1.48
+++ if_gre.c	11 Dec 2003 00:22:29 -0000	1.49
@@ -330,7 +330,7 @@
 		((struct ip*)gh)->ip_hl = (sizeof(struct ip)) >> 2;
 		((struct ip*)gh)->ip_ttl = ip_gre_ttl;
 		((struct ip*)gh)->ip_tos = ip->ip_tos;
-		gh->gi_len = m->m_pkthdr.len;
+		gh->gi_len = htons(m->m_pkthdr.len);
 	}
 
 	ifp->if_opackets++;

Alternatively use a gif tunnel. You'll be much happier.

christos