the subject says it all. this also tweaks the wccp code to sneak a
look inside the payload to see if it is ipv4 or not. the wccp
protocol specifies values for the bits that overlap the ipv4 version
nibble that cannot be set to 4, so if it isn't 4 we can assume it is
the wccp header.

in the future i would like to deprecate the sysctl.

ok?

Index: sys/net/if_gre.c
===================================================================
RCS file: /cvs/src/sys/net/if_gre.c,v
retrieving revision 1.101
diff -u -p -r1.101 if_gre.c
--- sys/net/if_gre.c    15 Feb 2018 01:03:17 -0000      1.101
+++ sys/net/if_gre.c    15 Feb 2018 02:55:33 -0000
@@ -563,8 +563,13 @@ gre_input_key(struct mbuf **mp, int *off
        if (sc == NULL)
                goto decline;
 
+       ifp = &sc->sc_if;
+
        switch (gh->gre_proto) {
-       case htons(GRE_WCCP):
+       case htons(GRE_WCCP): {
+               struct mbuf *n;
+               int off;
+
                /* WCCP/GRE:
                 *   So far as I can see (and test) it seems that Cisco's WCCP
                 *   GRE tunnel is precisely a IP-in-GRE tunnel that differs
@@ -574,22 +579,23 @@ gre_input_key(struct mbuf **mp, int *off
                 *   the following:
                 *     draft-forster-wrec-wccp-v1-00.txt
                 *     draft-wilson-wrec-wccp-v2-01.txt
-                *
-                *   So yes, we're doing a fall-through (unless, of course,
-                *   net.inet.gre.wccp is 0).
                 */
-               switch (gre_wccp) {
-               case 1:
-                       break;
-               case 2:
-                       hlen += sizeof(gre_wccp);
-                       break;
-               case 0:
-               default:
+
+               if (!gre_wccp && !ISSET(ifp->if_flags, IFF_LINK0))
                        goto decline;
-               }
+
+               /*
+                * If the first nibble of the payload does not look like
+                * IPv4, assume it is WCCP v2.
+                */
+               n = m_getptr(m, hlen, &off);
+               if (n == NULL)
+                       goto decline;
+               if (n->m_data[off] >> 4 != IPVERSION)
+                       hlen += sizeof(gre_wccp);
 
                /* FALLTHROUGH */
+       }
        case htons(ETHERTYPE_IP):
 #if NBPFILTER > 0
                bpf_af = AF_INET;
@@ -628,8 +634,6 @@ gre_input_key(struct mbuf **mp, int *off
        default:
                goto decline;
        }
-
-       ifp = &sc->sc_if;
 
        m_adj(m, hlen);
 
Index: share/man/man4/gre.4
===================================================================
RCS file: /cvs/src/share/man/man4/gre.4,v
retrieving revision 1.54
diff -u -p -r1.54 gre.4
--- share/man/man4/gre.4        15 Feb 2018 02:09:21 -0000      1.54
+++ share/man/man4/gre.4        15 Feb 2018 02:55:33 -0000
@@ -112,6 +112,10 @@ virtual network idenfitier.
 .Nm gre
 optionally supports sending keepalive packets to the remote endpoint,
 which allows tunnel failure to be detected.
+.Nm gre
+interfaces can be individually configured to receive WCCP packets by
+setting the link-level flag
+.Cm link0 .
 .Sh EXAMPLES
 .Nm gre
 Configuration example:

Reply via email to