Date: Tue, 3 Aug 2004 19:11:45 +0200 (SAST) From: David Siebörger <drs@seska.ict.ru.ac.za> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/69957: if_gre sends bogus (IPv0) packets Message-ID: <20040803171145.05E0A19C0@seska.ict.ru.ac.za> Resent-Message-ID: <200408031720.i73HKBLO082933@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 69957 >Category: kern >Synopsis: if_gre sends bogus (IPv0) packets >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 03 17:20:11 GMT 2004 >Closed-Date: >Last-Modified: >Originator: David Siebörger >Release: FreeBSD 5.2-CURRENT >Organization: Rhodes University Computer Users Society >Environment: System: FreeBSD dagwood.ict.ru.ac.za 5.2-CURRENT FreeBSD 5.2-CURRENT #21: Tue Aug 3 18:48:08 SAST 2004 drs@dagwood.ict.ru.ac.za:/usr/obj/usr/src/sys/DAGWOOD i386 >Description: In a recent (cvsup'ed one or two days ago), if_gre appears to send malformed packets. The IP version of the encapsulating packets is set to 0. if_gre worked fine in 5.1-RELEASE. In 5.2.1-RELEASE, it is broken in a different way, which I've yet to thoroughly investigate. >How-To-Repeat: Configure a gre interface and ping the far side of the tunnel: # ifconfig gre0 create # ifconfig gre0 172.16.0.1/30 172.16.0.2 tunnel dagwood pita-fe0-0 link1 # ping 172.16.0.2 PING 172.16.0.2 (172.16.0.2): 56 data bytes ^C --- 172.16.0.2 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss While capturing the packets sent: # tcpdump -vvi fxp0 -s 1500 host pita-fe0-0 tcpdump: listening on fxp0, link-type EN10MB (Ethernet), capture size 1500 bytes 19:08:59.961225 arp who-has pita-fe0-0.ict.ru.ac.za tell dagwood.ict.ru.ac.za 19:08:59.961927 arp reply pita-fe0-0.ict.ru.ac.za is-at 00:0c:ce:0b:cd:a0 19:08:59.961966 IP0 (tos 0x0, ttl 30, id 174, offset 0, flags [none], length: 108) dagwood.ict.ru.ac.za > pita-fe0-0.ict.ru.ac.za: [] IP (tos 0x0, ttl 64, id 174, offset 0, flags [none], length: 84) 172.16.0.1 > 172.16.0.2: icmp 64: echo request seq 0 Note that the encapsulating packet is marked "IP0", because the version field is set to zero. >Fix: This patch fixes the problem for me, but assumes that gre tunnels are only carried over IPv4.... It has been tested using a Cisco 2600 and a 5.1-RELEASE machine as the far ends of the tunnel. --- sys/net/if_gre.c.orig Tue Aug 3 16:28:55 2004 +++ sys/net/if_gre.c Tue Aug 3 16:29:24 2004 @@ -376,6 +376,7 @@ if (sc->g_proto != IPPROTO_MOBILE) { gh->gi_src = sc->g_src; gh->gi_dst = sc->g_dst; + ((struct ip*)gh)->ip_v = IPPROTO_IPV4; ((struct ip*)gh)->ip_hl = (sizeof(struct ip)) >> 2; ((struct ip*)gh)->ip_ttl = GRE_TTL; ((struct ip*)gh)->ip_tos = ip->ip_tos; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040803171145.05E0A19C0>