From owner-freebsd-hackers Tue Mar 23 23:51:51 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 1BD80153D8 for ; Tue, 23 Mar 1999 23:51:22 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id XAA53480; Tue, 23 Mar 1999 23:50:08 -0800 (PST) From: Archie Cobbs Message-Id: <199903240750.XAA53480@bubba.whistle.com> Subject: Re: Will IPFW pass GRE packets? In-Reply-To: <199903132039.MAA65042@vashon.polstra.com> from John Polstra at "Mar 13, 99 12:39:01 pm" To: jdp@polstra.com (John Polstra) Date: Tue, 23 Mar 1999 23:50:08 -0800 (PST) Cc: ck@adsu.bellsouth.com, hackers@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG John Polstra writes: > Christian Kuhtz wrote: > > > GRE is some windows NT thing? If it is, someone has already figured this > > > out for you, the lists have it. > > > > GRE stands for "Generic Route Encapsulation" and is an IETF standard as > > defined by RFC1701 (http://www.adsu.bellsouth.com/pub/ietf/rfc/rfc1701 and > > RFC1702). It is used to tunnel all sorts of things across IPv4 networks, > > including IPv4 itself. It has jack squat to do with NT. > > Not quite true. Like a dog who must piss on every bush, Microsoft > couldn't endure the thought of following existing standards. So they > invented an "enhanced GRE header" for their PPTP tunneling. See > "draft-ietf-pppext-pptp-01.txt" from your favorite Internet Drafts > repository. > > It gets even better. They explicitly specify that checksums must be > disabled in the GRE encapsulation. And the PPP packets contained > therein are stripped of all link-level headers. Thus, as far as I can > tell, there is zero, zilch, nada error detection of any kind on the > encapsulated PPP packets (i.e., your valuable data). Tcpdump confirms > this. I think this is reasonable for what they were trying to do (PPTP). In general, the PPP link layer (which is what GRE is functioning as here) does not guarantee uncorrupted frame transmission either. So nothing is being broken by this. Also, since PPTP GRE packets contain complete IP packets within them, the checksum could be considered redundant. On the other hand, IMHO a checksum would have been worth it for the extra level of confidence. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message