'Re: [tcpdump-workers] misprinting of GRE tunneled packets on NetBSD Sparc64'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tcpdump-workers
Subject:    Re: [tcpdump-workers] misprinting of GRE tunneled packets on NetBSD Sparc64
From:       Gert Doering <gert () greenie ! muc ! de>
Date:       2005-07-26 20:17:38
Message-ID: 20050726201738.GJ1060 () greenie ! muc ! de
[Download RAW message or body]

Hi,

On Tue, Jul 26, 2005 at 06:08:44PM +0200, Gert Doering wrote:
> On Tue, Jul 26, 2005 at 05:45:15PM +0200, Hannes Gredler wrote:
> 
> > i am anticipating a kernel issue - 
> > typically we get this error message when the kernel tells us
> > that the payload is IPv4 [and in reality is IPv6] - that makes
> > the IPv4 printer bark;
> 
> Might be an explanation, especially given the fact that the "capture 
> related" part of the NetBSD GRE implementation wasn't changed at all 
> when I added IPv6-over-GRE.

Thanks, Hannes - this was exactly the hint I was hoping for "look
*there* for problems".

Now it is working, both for IPv4 and IPv6 encapsulated in GRE/IPv4, and
both for sending and receiving packets:

gert@epsilon:/home/gert$ tcpdump -n -i gre0 -s0 -v
tcpdump: WARNING: BIOCPROMISC: Operation not permitted
tcpdump: listening on gre0, link-type NULL (BSD loopback), capture size 65535 bytes
22:12:49.707032 IP (tos 0x0, ttl 255, id 15, offset 0, flags [none], length: 100) \
10.58.58.1 > 10.58.58.58: icmp 80: echo request seq 5869 22:12:49.707057 IP (tos 0x0, \
ttl 255, id 841, offset 0, flags [none], length: 100) 10.58.58.58 > 10.58.58.1: icmp \
80: echo reply seq 5869 22:13:06.983691 2001:608:4:5555::1 > 2001:608:4:5555::5: \
[icmp6 sum ok] icmp6: echo request seq 0 (len 60, hlim 64) 22:13:06.983738 \
2001:608:4:5555::5 > 2001:608:4:5555::1: [icmp6 sum ok] icmp6: echo reply seq 0 (len \
60, hlim 64)


The error was in sys/netinet/ip_gre.c - what it did was "always set
af=AF_INET before calling bpf_mtap()".

(I plead innocence, though - this was broken for NS and Appletalk before
I even touched the code :-) ).

I'll send out a PR to the NetBSD people ASAP.


As for the "why is libpcap-current crashing" problem, I'll look into
the struct pcap size/alignment questions later today.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert@greenie.muc.de
fax: +49-89-35655025                        gert@net.informatik.tu-muenchen.de
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic