GRE and PF problem

Sten Daniel Sørsdal lists at
Fri Jul 15 09:30:30 GMT 2005

Stephen J. Bevan wrote:
> Giovanni P. Tirloni writes:
>  >   I don't know how PF keeps tracks of ICMP packets but there must be a 
>  > way for it to distinguish between a packet destined to or 0.2.
> An ICMP ECHO REQUEST message has a 16-bit id field which can be
> altered by NAT to identify the originating machine.
> There isn't really an equivalent when using a minimal GRE header.  If
> GRE checksums are turned on then the 16-bit Reserved1 field could be
> abused for NAT purposes.

Not for GRE but for PPTP (which uses GRE but with a slight addition).
CALL ID, a unique number assigned by the PPTP server per session.
AFAIK. There are some firewalls out there that uses this ID.

Sten Daniel Sørsdal

More information about the freebsd-net mailing list