encryption/decryption I mean. The kernel can't decrypt the packet eventually, kernel sends out the icmp. Just remember this part last time I track it down to the kernel side. You may have to take a look at your application why the gre doesn't setup correctly.
------------ Banyan He Blog: http://www.rootong.com Email: ban...@rootong.com On 4/11/2013 9:29 AM, yihect wrote: > > At 2013-04-10 18:35:12,"Banyan He" <ban...@rootong.com> wrote: >> I remember I saw this behavior before. Mostly important thing is to find >> out if the enc/dec goes well. I was having this problem that triggers >> kernel to send out the icmp. >> > enc/dec ?? You mean the content of ip header, which has been added > in my program while using raw socket?? > > How to fix or hack it, is there some way to do research?? I feel the package > is sent to the upper GRE protocol while been intercepted with raw socket. > Is there one way to prevent this?? Thanks. > > >> ------------ >> Banyan He >> Blog: http://www.rootong.com >> Email: ban...@rootong.com >> >> On 4/10/2013 5:27 PM, yihect wrote: >>> >>> Hi, all: >>> >>> I'm playing with Gre Tunnel programming in centos 6. >>> >>> I wrote my program in these steps: >>> a, open /dev/net/tun device and ioctl with TUNSETIFF, get fd to >>> tun device, say "tun0"; >>> b, create one socket and use it to set tun0's ip address, >>> namyly SIOCSIFADDR and SIOCSIFDSTADDR; and then turn it up; >>> c, create one raw socket to send things which got from the tun0 >>> device to other machine, and to receive packages which should be feeded >>> into the tun0 device; >>> >>> Finally, I ran the program in two machines, say MA and MB, >>> synchronously, and set route info in MA and MB too. The last environment is >>> like this: >>> >>> 10.0.3.1/24 192.168.0.31/24 192.168.0.124/24 10.0.4.1/24 >>> ---------- MA ------------------------------------------- MB >>> ---------- >>> tun0 eth0 eth0 >>> tun0 >>> >>> When I ping MB in MA, and tcpdump eth0 in MA, I get: >>> >>> 15:06:39.712390 IP 192.168.0.31 > 192.168.0.124: GREv0, length 88: IP >>> 10.0.3.1 > 10.0.4.1: ICMP echo request, id 28797, seq 1, length 64 >>> 15:06:39.713232 IP 192.168.0.124 > 192.168.0.31: ICMP 192.168.0.124 >>> protocol 47 port 2048 unreachable, length 116 >>> 15:06:39.713667 IP 192.168.0.124 > 192.168.0.31: GREv0, length 88: IP >>> 10.0.4.1 > 10.0.3.1: ICMP echo reply, id 28797, seq 1, length 64 >>> 15:06:39.713754 IP 192.168.0.31 > 192.168.0.124: ICMP 192.168.0.31 >>> protocol 47 port 2048 unreachable, length 116 >>> >>> The 1st and 3rd lines is easy to understand, but what about >>> the 2nd and 4th lines??? Is the raw package been sent up into gre protocol >>> while caught by my program?? >>> >>> I have seen ICMP_PORT_UNREACH stuff been placed in ip_gre.c >>> kernel code, but say it is "Impossible event". So, what's wrong, have I >>> missed something in my program? Any suggestions are appreciated, thanks. >>> >>> >>> >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS@centos.org >>> http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos