From owner-freebsd-net@FreeBSD.ORG  Tue Jan 25 17:11:35 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F414D16A4CE
	for <freebsd-net@freebsd.org>; Tue, 25 Jan 2005 17:11:34 +0000 (GMT)
Received: from postfix3-2.free.fr (postfix3-2.free.fr [213.228.0.169])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 75FF943D45
	for <freebsd-net@freebsd.org>; Tue, 25 Jan 2005 17:11:34 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from tatooine.tataz.chchile.org
	(vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98])
	by postfix3-2.free.fr (Postfix) with ESMTP id DAE35C183;
	Tue, 25 Jan 2005 18:11:32 +0100 (CET)
Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000)
	id EBBD8408E; Tue, 25 Jan 2005 18:11:20 +0100 (CET)
Date: Tue, 25 Jan 2005 18:11:20 +0100
From: Jeremie Le Hen <jeremie@le-hen.org>
To: Nickolay Kritsky <Nickolay.Kritsky@astra-sw.com>
Message-ID: <20050125171120.GH59685@obiwan.tataz.chchile.org>
References: <D86BF562467D944EB435513F725B236A07C122@exchange.stardevelopers4msi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <D86BF562467D944EB435513F725B236A07C122@exchange.stardevelopers4msi.com>
User-Agent: Mutt/1.5.6i
cc: freebsd-net@freebsd.org
cc: Jeremie Le Hen <jeremie@le-hen.org>
Subject: Re: gif(4) and bpf(4)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jan 2005 17:11:35 -0000

> Please do the following:
> 
> ping -r -S 192.168.1.1 192.168.4.13 >/dev/null 2>&1 &
> netstat -I gif0 -w 1
> and see if any packets are counted.

Weirdly, although I get the ICMP echo-reply, the gif0 interface are
not updated.

%%%
  yoda:sys# ping -qc 1 -r -S 192.168.1.1 192.168.4.13 
  PING 192.168.4.13 (192.168.4.13) from 192.168.1.1: 56 data bytes
  
  --- 192.168.4.13 ping statistics ---
  1 packets transmitted, 1 packets received, 0% packet loss
  round-trip min/avg/max/stddev = 56.012/56.012/56.012/0.000 ms
  
  yoda:sys# ping -r -S 192.168.1.1 192.168.4.13 >/dev/null 2>&1 &
  [1] 63114
  
  yoda:sys# netstat -I gif0 -w 1
              input         (gif0)           output
     packets  errs      bytes    packets  errs      bytes colls
           0     0          0          0     0          0     0
           0     0          0          0     0          0     0
           0     0          0          0     0          0     0
           0     0          0          0     0          0     0
           0     0          0          0     0          0     0
           0     0          0          0     0          0     0
           0     0          0          0     0          0     0
           0     0          0          0     0          0     0
  ^C
%%%

> If you are using IPSec, maybe your packets are encrypted before they go
> to gif. See this article:
> http://groups-beta.google.com/group/sol.lists.freebsd.net/browse_frm/thread/de878d5a36d383f1/ffa608ca991d0c3c?q=tcpdump+gif+freebsd&_done=%2Fgroups%3Fq%3Dtcpdump+gif+freebsd%26&_doneTitle=Back+to+Search&&d#ffa608ca991d0c3c

I prefer this one ;-) :
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=236856+0+archive/2001/freebsd-net/20010506.freebsd-net

Ok, you got it !
In fact, I'm aware that using a gif(4) tunnel and IPSec transport mode is
merely the same as IPSec tunnel mode only and that gif(4) with tunnel mode
is useless, but when I set up my IPSec tunnel, we wanted to have it as
quick as possible, my friend insisted to use gif(4)+tunnel mode, so I did
it.  I was planning to change this later back to gif(4)+transport mode
because I believed that the IPSec tunnel was *inside* the gif(4) tunnel,
thus consuming too much bandwidth.  In fact it appeared that my gif(4)
interface is totally useless in my setup.  I'm going to switch to
transport mode ASAP and tell my friend he owes me and you all a beer.

> Can you post your IPSec policy (with sensitive info removed, of course).

Of course, although this is useless now.  Here it is anyway:
%%%
  yoda:sys# setkey -DP
  192.168.4.0/24[any] 192.168.1.0/24[any] any
          in ipsec
          esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require
          spid=7 seq=1 pid=63145
          refcnt=1
  192.168.1.0/24[any] 192.168.4.0/24[any] any
          out ipsec
          esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require
          spid=8 seq=0 pid=63145
          refcnt=1
%%%

> (Google rulez :-) )

I used Google (but not Google Groups) to look for various strings :
"tcpdump gif0", "gif bpf", ...  restricting the search to
site:lists.freebsd.org but I didn't found this post.  If I did, I
wouldn't have wasted bandwidth for this thread.  I'm sorry.  At least,
I hope this will be useful later for someone else.  This thread is
after all a bunch of concentrated informations about gif(4) debugging
and IPSec.

Many, many thanks to Bruce and Nickolay, as well as Alex who got the
point too.

Best regards,
-- 
Jeremie Le Hen
jeremie@le-hen.org