Soemthing strange seems to happening with raw sockets and protocol 47 in
6.2. If I open a raw socket on protocol 47 I never receive anything.
“Something” seems to be absorbing protocol 47 packets even though the
ngre option isn’t set on the stack. Any ideas?
Murf
I took a look at the stack and found the answer myself - 6.2 has added
“support” for GRE — a classic case of an added “feature” making the
product less useful. The added GRE support is incompatible with Cisco’s use
(or at least one of Cisco’s uses) of GRE, and setting the ngre option to
zero simply turns the stack into a packet sink for GRE packets. But we
should be able to hack the stack and patch the protocol switch on the
fly…
Murf
“John A. Murphy” wrote:
Soemthing strange seems to happening with raw sockets and protocol 47 in
6.2. If I open a raw socket on protocol 47 I never receive anything.
“Something” seems to be absorbing protocol 47 packets even though the
ngre option isn’t set on the stack. Any ideas?Murf
What is Cisco’s use?
-seanb
John A. Murphy <murf@perftech.com> wrote:
I took a look at the stack and found the answer myself - 6.2 has added
“support” for GRE — a classic case of an added “feature” making the
product less useful. The added GRE support is incompatible with Cisco’s use
(or at least one of Cisco’s uses) of GRE, and setting the ngre option to
zero simply turns the stack into a packet sink for GRE packets. But we
should be able to hack the stack and patch the protocol switch on the
fly…Murf
“John A. Murphy” wrote:
Soemthing strange seems to happening with raw sockets and protocol 47 in
6.2. If I open a raw socket on protocol 47 I never receive anything.
“Something” seems to be absorbing protocol 47 packets even though the
ngre option isn’t set on the stack. Any ideas?Murf
In Cisco’s WCCP protocol (used to communicate with caches, such as SQUID), the GRE
header is eight bytes long and does not fit the model used in the NetBSD gre_h.
Cisco’s GRE packets wouldn’t make it through the code in ip_gre.c due to the value
found in the ptype field of the gre_h structure, even if they made it past the
tunnel lookup code and if the length could be determined. I’m currently patching
the protocol switch to make GRE an “unsupported protocol” again, and all is well.
Murf
Sean Boudreau wrote:
What is Cisco’s use?
-seanb
John A. Murphy <> murf@perftech.com> > wrote:
I took a look at the stack and found the answer myself - 6.2 has added
“support” for GRE — a classic case of an added “feature” making the
product less useful. The added GRE support is incompatible with Cisco’s use
(or at least one of Cisco’s uses) of GRE, and setting the ngre option to
zero simply turns the stack into a packet sink for GRE packets. But we
should be able to hack the stack and patch the protocol switch on the
fly…Murf
“John A. Murphy” wrote:
Soemthing strange seems to happening with raw sockets and protocol 47 in
6.2. If I open a raw socket on protocol 47 I never receive anything.
“Something” seems to be absorbing protocol 47 packets even though the
ngre option isn’t set on the stack. Any ideas?Murf