kern/69957: if_gre sends bogus (IPv0) packets

David Siebörger drs at
Tue Aug 3 10:20:13 PDT 2004

>Number:         69957
>Category:       kern
>Synopsis:       if_gre sends bogus (IPv0) packets
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 03 17:20:11 GMT 2004
>Originator:     David Siebörger
>Release:        FreeBSD 5.2-CURRENT
Rhodes University Computer Users Society
System: FreeBSD 5.2-CURRENT FreeBSD 5.2-CURRENT #21: Tue Aug  3 18:48:08 SAST 2004     drs at  i386

In a recent (cvsup'ed one or two days ago), if_gre appears to send malformed
packets.  The IP version of the encapsulating packets is set to 0.

if_gre worked fine in 5.1-RELEASE.  In 5.2.1-RELEASE, it is broken in a
different way, which I've yet to thoroughly investigate.

Configure a gre interface and ping the far side of the tunnel:

# ifconfig gre0 create
# ifconfig gre0 tunnel dagwood pita-fe0-0 link1
# ping
PING ( 56 data bytes
--- ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

While capturing the packets sent:

# tcpdump -vvi fxp0 -s 1500 host pita-fe0-0
tcpdump: listening on fxp0, link-type EN10MB (Ethernet), capture size 1500 bytes
19:08:59.961225 arp who-has tell
19:08:59.961927 arp reply is-at 00:0c:ce:0b:cd:a0
19:08:59.961966 IP0 (tos 0x0, ttl  30, id 174, offset 0, flags [none], length: 108) > [] IP (tos 0x0, ttl  64, id 174, offset 0, flags [none], length: 84) > icmp 64: echo request seq 0

Note that the encapsulating packet is marked "IP0", because the version
field is set to zero.

This patch fixes the problem for me, but assumes that gre tunnels are only
carried over IPv4....  It has been tested using a Cisco 2600 and a
5.1-RELEASE machine as the far ends of the tunnel.

--- sys/net/if_gre.c.orig	Tue Aug  3 16:28:55 2004
+++ sys/net/if_gre.c	Tue Aug  3 16:29:24 2004
@@ -376,6 +376,7 @@
 	if (sc->g_proto != IPPROTO_MOBILE) {
 		gh->gi_src = sc->g_src;
 		gh->gi_dst = sc->g_dst;
+		((struct ip*)gh)->ip_v = IPPROTO_IPV4;
 		((struct ip*)gh)->ip_hl = (sizeof(struct ip)) >> 2;
 		((struct ip*)gh)->ip_ttl = GRE_TTL;
 		((struct ip*)gh)->ip_tos = ip->ip_tos;


More information about the freebsd-bugs mailing list