NetBSD Problem Report #38388

From cube@cubidou.net  Tue Apr  8 21:50:32 2008
Return-Path: <cube@cubidou.net>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id 858C763B293
	for <gnats-bugs@gnats.NetBSD.org>; Tue,  8 Apr 2008 21:50:32 +0000 (UTC)
Message-Id: <20080408215029.C2A3B14CDD@yoda.cubidou.net>
Date: Tue,  8 Apr 2008 23:50:29 +0200 (CEST)
From: cube@cubidou.net
Reply-To: cube@cubidou.net
To: gnats-bugs@gnats.NetBSD.org
Subject: ipnat won't let GRE get redirected
X-Send-Pr-Version: 3.95

>Number:         38388
>Category:       kern
>Synopsis:       ipnat won't let GRE get redirected
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 08 21:55:00 +0000 2008
>Last-Modified:  Mon Jun 02 11:45:01 +0000 2008
>Originator:     Quentin Garnier
>Release:        NetBSD 4.0
>Organization:
	NetBSD
>Environment:
NetBSD/i386
>Description:
	ipnat will drop incoming GRE packets if you try to redirect that
	protocol.

	Also, the PPTP proxy (undocumented of course) doesn't work.
	Maybe that's worth another PR, maybe not.
>How-To-Repeat:
	Redirect GRE in any way, specifically or not.

	E.g.:

		rdr on iface external/32 -> internal/32 gre
	or even
		rdr on iface external/32 -> internal/32

	And note that protocol 47 doesn't get through.  With the second
	line, protocol 46 and 48 do get through.
>Fix:
	Remove all the remaining references to IPPROTO_GRE in the code of
	ipfilter does solve the issue (but does not make the pptp proxy
	work of course).
	A lot of them are already commented out.  I'm not sure exactly
	which of the remaining ones is the culprit, but commenting them
	all out was enough for me.

>Audit-Trail:
From: Darren Reed <darrenr@fastmail.net>
To: cube@cubidou.net,  gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: Re: kern/38388
Date: Mon, 02 Jun 2008 04:42:53 -0700

 At one point I was going to try and demultiplex GRE "connections" based on
 what was in the GRE header...

 If you can send me some complete packet dumps using tcpdump of live GRE
 packets then I'd be interested to see them...

 I would be curious to know which are the magic lines that when commented
 out make it work for you...

 Darren
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.