From owner-freebsd-hackers Wed Mar 24 10:52:35 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from wall.polstra.com (rtrwan160.accessone.com [206.213.115.74]) by hub.freebsd.org (Postfix) with ESMTP id 9765814D76 for ; Wed, 24 Mar 1999 10:52:33 -0800 (PST) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.9.1/8.9.1) with ESMTP id KAA28871; Wed, 24 Mar 1999 10:52:13 -0800 (PST) (envelope-from jdp@polstra.com) Received: (from jdp@localhost) by vashon.polstra.com (8.9.2/8.9.1) id KAA00701; Wed, 24 Mar 1999 10:52:13 -0800 (PST) (envelope-from jdp@polstra.com) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <199903240750.XAA53480@bubba.whistle.com> Date: Wed, 24 Mar 1999 10:52:12 -0800 (PST) Organization: Polstra & Co., Inc. From: John Polstra To: Archie Cobbs Subject: Re: Will IPFW pass GRE packets? Cc: hackers@FreeBSD.ORG Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Archie Cobbs wrote: > John Polstra writes: >> It gets even better. They explicitly specify that checksums must be >> disabled in the GRE encapsulation. And the PPP packets contained >> therein are stripped of all link-level headers. Thus, as far as I can >> tell, there is zero, zilch, nada error detection of any kind on the >> encapsulated PPP packets (i.e., your valuable data). Tcpdump confirms >> this. > > I think this is reasonable for what they were trying to do (PPTP). > In general, the PPP link layer (which is what GRE is functioning as > here) does not guarantee uncorrupted frame transmission either. So > nothing is being broken by this. Are you sure? PPP isn't exactly my specialty, but I've looked at RFC1662, "PPP in HDLC-like Framing," which I assume applies to standard dial-up PPP. It shows a Frame Check Sequence on every frame (see section 3.1). Without some sort of checksum, real bad stuff could happen. For example, corrupted LCP packets could be received without even knowing it. I have a hard time believing that the designers of PPP intended for that to be so likely -- serial links have very high error rates. > Also, since PPTP GRE packets contain complete IP packets within > them, the checksum could be considered redundant. But the LCP packets, for example, are not IP. They don't have any checksum of their own. Besides, the redundancy argument was exactly the rationale for having no checksum in SLIP. It was later found to be a bad idea. That's why PPP added the FCS. John --- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Self-interest is the aphrodisiac of belief." -- James V. DeLong To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message