From owner-freebsd-net@FreeBSD.ORG  Wed Feb  1 14:23:46 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A251E106564A;
	Wed,  1 Feb 2012 14:23:46 +0000 (UTC)
	(envelope-from eugen@grosbein.pp.ru)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5])
	by mx1.freebsd.org (Postfix) with ESMTP id 0B6688FC14;
	Wed,  1 Feb 2012 14:23:45 +0000 (UTC)
Received: from eg.sd.rdtc.ru (localhost [127.0.0.1])
	by eg.sd.rdtc.ru (8.14.5/8.14.5) with ESMTP id q11ENdSM045086;
	Wed, 1 Feb 2012 21:23:39 +0700 (NOVT)
	(envelope-from eugen@grosbein.pp.ru)
Message-ID: <4F294AEB.3060405@grosbein.pp.ru>
Date: Wed, 01 Feb 2012 21:23:39 +0700
From: Eugene Grosbein <eugen@grosbein.pp.ru>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; ru-RU;
	rv:1.9.2.13) Gecko/20110112 Thunderbird/3.1.7
MIME-Version: 1.0
To: "Eric W. Bates" <ericx@ericx.net>
References: <4F28C168.9010206@ericx.net> <4F28E1C7.4060209@grosbein.pp.ru>
	<4F28F284.7070301@FreeBSD.org> <4F294839.6060803@ericx.net>
In-Reply-To: <4F294839.6060803@ericx.net>
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: 8bit
Cc: freebsd-net@FreeBSD.org, Doug Barton <dougb@FreeBSD.org>
Subject: Re: allowing gif thru ipfw
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2012 14:23:46 -0000

01.02.2012 21:12, Eric W. Bates пишет:
> On 2/1/2012 3:06 AM, Doug Barton wrote:
>> If it's a hurricane electric tunnel don't you want protocol 41?
> 
> Well, it's a straight up gif. Right this second I'm trying to suss out 
> which protocol gif's use. If it's documented, I can't find it. The 
> closest bit I can find on the man page is:
> 
> The behavior of gif is mainly based on RFC2893 IPv6-over-IPv4 configured 
> tunnel.
> 
> I tried to read the pertinent parts of the RFC, but it doesn't really 
> discuss "type" or "protocol". It does talk about some header size issues.
> 
> Since ipfw is obviously blocking something and I can't get a handle on 
> it with tcpdump, I'm groping for an understanding of the shape of the 
> gif packets.

Have you tried "tcpdump -i em_vlan5 -nnvvs0 host $he_tun and not tcp and not udp and not icmp" ?

I do not use IPv6 over IPv4 tunnels and not sure.
Perhaps, that is IPIP protocol (number 94 decimal)?

Eugene Grosbein