Subject: Re: gif interface question
To: None <uwe@6bone.informatik.uni-leipzig.de>
From: Jun-ichiro itojun Hagino <itojun@itojun.org>
List: tech-net
Date: 02/20/2004 02:31:45
> hello,
> 
> I am using the following config:
> 
> ifconfig.rtk0
> up
> 10.18.25.33 netmask 0xfffffff8 media autoselect
> inet6 2001:638:902:1::1 prefixlen 64
> 
> ifconfig.ex0
> up
> 10.18.25.34 netmask 0xffffffff media autoselect
> tcp4csum ip4csum udp4csum
> inet6 2001:638:902:1::10 prefixlen 64
> 
> ifconfig.gif0
> up
> inet tunnel 10.18.25.33 10.174.75.253
> inet6 2001:638:0:800::902:2 2001:638:0:800::902:1 prefixlen 128
> 
> default gw is 10.18.25.38
> 
> the system use the ex0 interface as default interface, means all packets
> from the gif0 interface are using ex0 for output.
> 
> if I start 'tcpdump -i ex0 proto 41' you can see outgoing packets
> (is ok)
> if I start 'tcpdump -i gif0 proto 41' you can see incoming packets
> (is ok)

	i assme the second line is "-i rtk0".

> if I start 'tcpdump -i gif0' you can ONLY see outgoing packets. I think
> that is not right. as result it is not possible to use the gif tunnel.
> 
> is it allowed to use that config?

	gif interface implements multiple security features including ingress
	filtering.  it is likely that, your incoming packet is coming in
	from incorrect (from ingress filtering POV) interface and gets dropped.
	see gif(4) on how to disable it.

itojun