Subject: Re: AH + GRE works; ESP + GRE doesn't
To: Curt Sampson <cjs@cynic.net>
From: None <itojun@iijlab.net>
List: tech-net
Date: 04/21/2003 14:54:37
>I'm still trying to debug my tunnelling problems, and I've found
>something very strange. The setup looks like this:
>
> A -- B == C -- D
>
>The link between B and C is a GRE tunnel.
>
>When using no IPSec between B and C, A can ping D.
>
>When using only AH between B and C, A can ping D.
>
>When using only ESP, or AH + ESP between B and C, B can still ping C (on
>the non-tunnel addresses), but A can no longer ping D, nor can B ping C
>on the addresses of the tunnel interfaces themselves.
sys/netinet/in_gre.c:gre_mobile_input() assumes that GRE header
and IP header are continuous on a single mbuf, but the assumption
does not hold for ESP case i guess. i guess we need to fix
gre_mobile_input() to perform m_pullup().
itojun