Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jan 2005 19:18:51 +0300
From:      "Nickolay Kritsky" <Nickolay.Kritsky@astra-sw.com>
To:        "Jeremie Le Hen" <jeremie@le-hen.org>, <freebsd-net@freebsd.org>
Subject:   RE: gif(4) and bpf(4)
Message-ID:  <D86BF562467D944EB435513F725B236A07C122@exchange.stardevelopers4msi.com>

next in thread | raw e-mail | index | archive | help
Please do the following:

ping -r -S 192.168.1.1 192.168.4.13 >/dev/null 2>&1 &
netstat -I gif0 -w 1
and see if any packets are counted. If you are using IPSec, maybe your =
packets are encrypted before they go to gif. See this article:
http://groups-beta.google.com/group/sol.lists.freebsd.net/browse_frm/thre=
ad/de878d5a36d383f1/ffa608ca991d0c3c?q=3Dtcpdump+gif+freebsd&_done=3D%2Fg=
roups%3Fq%3Dtcpdump+gif+freebsd%26&_doneTitle=3DBack+to+Search&&d#ffa608c=
a991d0c3c

Can you post your IPSec policy (with sensitive info removed, of course).

(Google rulez :-) )

Nick

-----Original Message-----
From: Jeremie Le Hen [mailto:jeremie@le-hen.org]
Sent: Tuesday, January 25, 2005 7:09 PM
To: Jeremie Le Hen; freebsd-net@freebsd.org
Subject: Re: gif(4) and bpf(4)


> Interesting. It seems gif isn't passing anything back at all. Can you =
verify
> that the routes for the addresses you're pinging traverse gif0? I'd
> probably also try csjp@'s bpfstat tool to get a closer look at what's
> going on in bpf.

Yes they are (network on the other side of the tunnel is 192.168.4.0/24) =
:
%%%
  yoda:tools# netstat -rnf inet
  Routing tables
 =20
  Internet:
  Destination        Gateway            Flags    Refs      Use  Netif =
Expire
  default            <hidden gw>        UGSc       24 17513460    ep0
  <hidden net>/24    link#4             UC          1        0    ep0
  <hidden ip>        127.0.0.1          UGHS        0       70    lo0
  <hidden gw>        00:07:cb:0e:2e:70  UHLW       25        0    ep0   =
1188
  127.0.0.1          127.0.0.1          UH          3   816372    lo0
  192.168.0          link#2             UC          1        0   sis1
  192.168.0.4        00:a0:cc:da:9f:62  UHLW        2     2188   sis1    =
625
  192.168.1          link#1             UC          6        0   sis0
  192.168.1.1        00:09:5b:1a:48:94  UHLW        1    31599    lo0
  192.168.1.2        00:09:5b:1a:4f:4d  UHLW        0      752   sis0   =
1199
  192.168.1.25       00:04:23:89:e5:84  UHLW        0      562   sis0    =
353
  192.168.1.53       00:04:23:89:e5:84  UHLW        2   167625   sis0   =
1156
  192.168.1.222      00:04:23:89:e5:84  UHLW        2  7601091   sis0    =
262
  192.168.1.255      ff:ff:ff:ff:ff:ff  UHLWb       0       15   sis0
  192.168.4          192.168.4.13       UGSc        0   691911   gif0
  192.168.4.13       192.168.1.1        UH          3     6949   gif0
%%%

I got bpfstat on csjp@'s FreeBSD webpage, but it is designed to work
with devfs.  Running RELENG_4, it just does not compile :-(.

> Also try assigning a local address to an instance of gif on the =
affected
> system and pinging a destination through it using the -r and -S =
options
> whilst running tcpdump to be sure.

Here is it, with the interface configuration :

%%%
  yoda:sys# ifconfig gif0
  gif0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
          tunnel inet <hidden ip> --> <hidden peer ip>
          inet6 fe80::209:5bff:fe1a:4894%gif0 prefixlen 64 scopeid 0xa=20
          inet 192.168.1.1 --> 192.168.4.13 netmask 0xffffff00=20

  yoda:sys# ping -r -S 192.168.1.1 192.168.4.13 >/dev/null 2>&1 &
  [1] 63095

  yoda:sys# /usr/local/sbin/tcpdump -c 2 -ni ep0 'esp'
  tcpdump: verbose output suppressed, use -v or -vv for full protocol =
decode
  listening on ep0, link-type EN10MB (Ethernet), capture size 96 bytes
  17:06:09.008978 IP 82.233.239.98 > 82.66.245.132: =
ESP(spi=3D0x0f5d2cbd,seq=3D0x3a9)
  17:06:09.046998 IP 82.66.245.132 > 82.233.239.98: =
ESP(spi=3D0x00439e94,seq=3D0x3a9)
  2 packets captured
  106 packets received by filter
  0 packets dropped by kernel

  yoda:sys# /usr/local/sbin/tcpdump -y null -c 2 -ni gif0 'esp'
  tcpdump: data link type null
  tcpdump: verbose output suppressed, use -v or -vv for full protocol =
decode
  listening on gif0, link-type NULL (BSD loopback), capture size 96 =
bytes
  ^C
  0 packets captured
  0 packets received by filter
  0 packets dropped by kernel
%%%

> Can you post the revision(s) of the source files? e.g.:
> 	src/sys/net/if_gif.c
> 	src/sys/netinet/in_gif.c
> 	src/sys/netinet6/in6_gif.c
> ...and uname -a?

I already looked on CVSweb, but I saw no relevant commit log.

%%%
  yoda:sys# ident net/if_gif.c netinet/in_gif.c netinet6/in6_gif.c=20
  net/if_gif.c:
       $FreeBSD: src/sys/net/if_gif.c,v 1.4.2.15 2002/11/08 16:57:13 ume =
Exp $
       $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $
 =20
  netinet/in_gif.c:
       $FreeBSD: src/sys/netinet/in_gif.c,v 1.5.2.11 2003/01/23 21:06:45 =
sam Exp $
       $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $
 =20
  netinet6/in6_gif.c:
       $FreeBSD: src/sys/netinet6/in6_gif.c,v 1.2.2.7 2003/01/23 =
21:06:47 sam Exp $
       $KAME: in6_gif.c,v 1.49 2001/05/14 14:02:17 itojun Exp $
  yoda:sys# uname -a=20
  FreeBSD yoda.tataz.chchile.org 4.10-STABLE FreeBSD 4.10-STABLE #44: =
Wed Jul  7 03:35:21 CEST 2004     =
root@yoda.tataz.chchile.org:/usr/src/sys/compile/YODA  i386
%%%

> Hope this helps,

I hope too ;-).
Many thanks,
Regards,
--=20
Jeremie Le Hen
jeremie@le-hen.org
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D86BF562467D944EB435513F725B236A07C122>