Date: Sat, 13 Mar 1999 12:39:01 -0800 (PST) From: John Polstra <jdp@polstra.com> To: ck@adsu.bellsouth.com Cc: hackers@freebsd.org Subject: Re: Will IPFW pass GRE packets? Message-ID: <199903132039.MAA65042@vashon.polstra.com> In-Reply-To: <002c01be6d13$0cdc8f60$7aad98cd@oreo.adsu.bellsouth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <002c01be6d13$0cdc8f60$7aad98cd@oreo.adsu.bellsouth.com>, Christian Kuhtz <ck@adsu.bellsouth.com> wrote: > > GRE is some windows NT thing? If it is, someone has already figured this > > out for you, the lists have it. > > GRE stands for "Generic Route Encapsulation" and is an IETF standard as > defined by RFC1701 (http://www.adsu.bellsouth.com/pub/ietf/rfc/rfc1701 and > RFC1702). It is used to tunnel all sorts of things across IPv4 networks, > including IPv4 itself. It has jack squat to do with NT. Not quite true. Like a dog who must piss on every bush, Microsoft couldn't endure the thought of following existing standards. So they invented an "enhanced GRE header" for their PPTP tunneling. See "draft-ietf-pppext-pptp-01.txt" from your favorite Internet Drafts repository. It gets even better. They explicitly specify that checksums must be disabled in the GRE encapsulation. And the PPP packets contained therein are stripped of all link-level headers. Thus, as far as I can tell, there is zero, zilch, nada error detection of any kind on the encapsulated PPP packets (i.e., your valuable data). Tcpdump confirms this. John -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Self-interest is the aphrodisiac of belief." -- James V. DeLong To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903132039.MAA65042>