Re: IPIP Tunnelling.

Alan Cox (alan@lxorguk.ukuu.org.uk)
Tue, 5 Aug 1997 20:26:01 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alain.Knaff@poboxes.com: "Patch to make 2.1.48's paralell port modules work with kerneld"
Previous message: Philippe Strauss: "Getting nutt..."
In reply to: A.N.Kuznetsov: "Re: IPIP Tunnelling."

> > automatically by the IP output code? Normal IP packets get given the IP
> > address of the output device when they're sent, don't they?
> Sure, you are right, but reread the statement that I stressed above.

A tunnel should be placing the output device as the encapsulating address
for the tunnel. Probably that should be looked up when you up the interface
and bound. You can't use other addresses as people very aggressively filter
bad sources nowdays

> > Another thing I'd like to do is add IPIP compression to the tunnel driver.
> > What's the best way to go about it?
> I believe you need to invent new protocol and register it to avoid
> conflicts :-)

If you use IPIP then providing both ends agree anything goes. It would
probably be more polite to use compressed data in UDP to a port of
your choice.

Another option is to implement L2F/PPTP.

> Nope, it should not be IPIP. Unfortunately, IPIP protocol is
> interpreted specially by several IP stacks. It is not worth
> to confuse them.

Oh its great fun. The IP to 127.0.0.1 in IP in IP in IP in IP ..
(repeat to 64K) packet is a fantastic way to play "shoot the computer"
with some stacks.

The point is valid not so much because of IP stacks but because some
very smart firewalls look into IPIP headers.

Alan

Next message: Alain.Knaff@poboxes.com: "Patch to make 2.1.48's paralell port modules work with kerneld"
Previous message: Philippe Strauss: "Getting nutt..."
In reply to: A.N.Kuznetsov: "Re: IPIP Tunnelling."