Date: Tue, 23 Mar 1999 23:50:08 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: jdp@polstra.com (John Polstra) Cc: ck@adsu.bellsouth.com, hackers@FreeBSD.ORG Subject: Re: Will IPFW pass GRE packets? Message-ID: <199903240750.XAA53480@bubba.whistle.com> In-Reply-To: <199903132039.MAA65042@vashon.polstra.com> from John Polstra at "Mar 13, 99 12:39:01 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
John Polstra writes: > Christian Kuhtz <ck@adsu.bellsouth.com> wrote: > > > GRE is some windows NT thing? If it is, someone has already figured this > > > out for you, the lists have it. > > > > GRE stands for "Generic Route Encapsulation" and is an IETF standard as > > defined by RFC1701 (http://www.adsu.bellsouth.com/pub/ietf/rfc/rfc1701 and > > RFC1702). It is used to tunnel all sorts of things across IPv4 networks, > > including IPv4 itself. It has jack squat to do with NT. > > Not quite true. Like a dog who must piss on every bush, Microsoft > couldn't endure the thought of following existing standards. So they > invented an "enhanced GRE header" for their PPTP tunneling. See > "draft-ietf-pppext-pptp-01.txt" from your favorite Internet Drafts > repository. > > It gets even better. They explicitly specify that checksums must be > disabled in the GRE encapsulation. And the PPP packets contained > therein are stripped of all link-level headers. Thus, as far as I can > tell, there is zero, zilch, nada error detection of any kind on the > encapsulated PPP packets (i.e., your valuable data). Tcpdump confirms > this. I think this is reasonable for what they were trying to do (PPTP). In general, the PPP link layer (which is what GRE is functioning as here) does not guarantee uncorrupted frame transmission either. So nothing is being broken by this. Also, since PPTP GRE packets contain complete IP packets within them, the checksum could be considered redundant. On the other hand, IMHO a checksum would have been worth it for the extra level of confidence. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903240750.XAA53480>