From owner-freebsd-bugs@FreeBSD.ORG  Tue Aug  3 17:20:13 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A6C2116A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Tue,  3 Aug 2004 17:20:13 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8863443D5E
	for <freebsd-bugs@hub.freebsd.org>;
	Tue,  3 Aug 2004 17:20:13 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i73HKBMb082934
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 3 Aug 2004 17:20:11 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i73HKBLO082933;
	Tue, 3 Aug 2004 17:20:11 GMT
	(envelope-from gnats)
Resent-Date: Tue, 3 Aug 2004 17:20:11 GMT
Resent-Message-Id: <200408031720.i73HKBLO082933@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	David Siebörger <drs@seska.ict.ru.ac.za>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EEB1016A4CE
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue,  3 Aug 2004 17:11:50 +0000 (GMT)
Received: from server.rucus.ru.ac.za (server.rucus.ru.ac.za [146.231.115.1])
	by mx1.FreeBSD.org (Postfix) with SMTP id BD9DE43D53
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue,  3 Aug 2004 17:11:48 +0000 (GMT)
	(envelope-from drs@seska.ict.ru.ac.za)
Received: (qmail 22495 invoked by uid 1025); 3 Aug 2004 17:11:46 -0000
Received: (qmail-scanner-1.22 22494 invoked by uid 82);
	03 Aug 2004 17:11:46 -0000
Received: from seska.ict.ru.ac.za (146.231.123.32)
  by server.rucus.ru.ac.za with SMTP; 3 Aug 2004 17:11:46 -0000
Received: by seska.ict.ru.ac.za (Postfix, from userid 1001)
	id 05E0A19C0; Tue,  3 Aug 2004 19:11:45 +0200 (SAST)
Message-Id: <20040803171145.05E0A19C0@seska.ict.ru.ac.za>
Date: Tue,  3 Aug 2004 19:11:45 +0200 (SAST)
From: David Siebörger <drs@seska.ict.ru.ac.za>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: kern/69957: if_gre sends bogus (IPv0) packets
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: David Siebörger <drs@seska.ict.ru.ac.za>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Aug 2004 17:20:13 -0000


>Number:         69957
>Category:       kern
>Synopsis:       if_gre sends bogus (IPv0) packets
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 03 17:20:11 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     David Siebörger
>Release:        FreeBSD 5.2-CURRENT
>Organization:
Rhodes University Computer Users Society
>Environment:
System: FreeBSD dagwood.ict.ru.ac.za 5.2-CURRENT FreeBSD 5.2-CURRENT #21: Tue Aug  3 18:48:08 SAST 2004     drs@dagwood.ict.ru.ac.za:/usr/obj/usr/src/sys/DAGWOOD  i386

>Description:
In a recent (cvsup'ed one or two days ago), if_gre appears to send malformed
packets.  The IP version of the encapsulating packets is set to 0.

if_gre worked fine in 5.1-RELEASE.  In 5.2.1-RELEASE, it is broken in a
different way, which I've yet to thoroughly investigate.

>How-To-Repeat:
Configure a gre interface and ping the far side of the tunnel:

# ifconfig gre0 create
# ifconfig gre0 172.16.0.1/30 172.16.0.2 tunnel dagwood pita-fe0-0 link1
# ping 172.16.0.2
PING 172.16.0.2 (172.16.0.2): 56 data bytes
^C
--- 172.16.0.2 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

While capturing the packets sent:

# tcpdump -vvi fxp0 -s 1500 host pita-fe0-0
tcpdump: listening on fxp0, link-type EN10MB (Ethernet), capture size 1500 bytes
19:08:59.961225 arp who-has pita-fe0-0.ict.ru.ac.za tell dagwood.ict.ru.ac.za
19:08:59.961927 arp reply pita-fe0-0.ict.ru.ac.za is-at 00:0c:ce:0b:cd:a0
19:08:59.961966 IP0 (tos 0x0, ttl  30, id 174, offset 0, flags [none], length: 108) dagwood.ict.ru.ac.za > pita-fe0-0.ict.ru.ac.za: [] IP (tos 0x0, ttl  64, id 174, offset 0, flags [none], length: 84) 172.16.0.1 > 172.16.0.2: icmp 64: echo request seq 0

Note that the encapsulating packet is marked "IP0", because the version
field is set to zero.

>Fix:
This patch fixes the problem for me, but assumes that gre tunnels are only
carried over IPv4....  It has been tested using a Cisco 2600 and a
5.1-RELEASE machine as the far ends of the tunnel.

--- sys/net/if_gre.c.orig	Tue Aug  3 16:28:55 2004
+++ sys/net/if_gre.c	Tue Aug  3 16:29:24 2004
@@ -376,6 +376,7 @@
 	if (sc->g_proto != IPPROTO_MOBILE) {
 		gh->gi_src = sc->g_src;
 		gh->gi_dst = sc->g_dst;
+		((struct ip*)gh)->ip_v = IPPROTO_IPV4;
 		((struct ip*)gh)->ip_hl = (sizeof(struct ip)) >> 2;
 		((struct ip*)gh)->ip_ttl = GRE_TTL;
 		((struct ip*)gh)->ip_tos = ip->ip_tos;


>Release-Note:
>Audit-Trail:
>Unformatted: