From owner-freebsd-net@FreeBSD.ORG  Fri Jul 15 09:30:30 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5A1B816A41C
	for <freebsd-net@freebsd.org>; Fri, 15 Jul 2005 09:30:30 +0000 (GMT)
	(envelope-from lists@wm-access.no)
Received: from lakepoint.domeneshop.no (lakepoint.domeneshop.no
	[194.63.248.54])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ADBF443D49
	for <freebsd-net@freebsd.org>; Fri, 15 Jul 2005 09:30:29 +0000 (GMT)
	(envelope-from lists@wm-access.no)
Received: from [192.168.8.8] (14.80-203-184.nextgentel.com [80.203.184.14])
	(authenticated bits=0)
	by lakepoint.domeneshop.no (8.13.4/8.13.4) with ESMTP id j6F9URNP006658
	for <freebsd-net@freebsd.org>; Fri, 15 Jul 2005 11:30:27 +0200
Message-ID: <42D78221.9070409@wm-access.no>
Date: Fri, 15 Jul 2005 11:30:09 +0200
From: =?ISO-8859-1?Q?Sten_Daniel_S=F8rsdal?= <lists@wm-access.no>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-net@freebsd.org
References: <42D536EC.5030500@webmail.sub.ru>	<9f9a8c4005071322311907b4b@mail.gmail.com>	<42D60832.9090206@webmail.sub.ru>
	<42D65FE4.2030801@tirloni.org>	<42D6ACAD.3030708@webmail.sub.ru>
	<42D6D164.30000@tirloni.org>
	<17111.20794.216380.961758@localhost.localdomain>
In-Reply-To: <17111.20794.216380.961758@localhost.localdomain>
X-Enigmail-Version: 0.92.0.0
OpenPGP: id=AE7F1636
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Subject: Re: GRE and PF problem
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jul 2005 09:30:30 -0000

Stephen J. Bevan wrote:
> Giovanni P. Tirloni writes:
>  >   I don't know how PF keeps tracks of ICMP packets but there must be a 
>  > way for it to distinguish between a packet destined to 192.168.0.1 or 0.2.
> 
> An ICMP ECHO REQUEST message has a 16-bit id field which can be
> altered by NAT to identify the originating machine.
> 
> There isn't really an equivalent when using a minimal GRE header.  If
> GRE checksums are turned on then the 16-bit Reserved1 field could be
> abused for NAT purposes.

Not for GRE but for PPTP (which uses GRE but with a slight addition).
CALL ID, a unique number assigned by the PPTP server per session.
AFAIK. There are some firewalls out there that uses this ID.

-- 
Sten Daniel Sørsdal