DEVHIDE
Login Or Sign up

Tcpdump captured traffic for GRE reassembled packets

72 Views Asked by At

Suppose there is a GRE tunnel logical interface (e.g. gre0) configured on Linux 4.6 kernel.

sudo ip tunnel add gre0 mode gre remote 10.10.10.1 local 172.168.1.1

Execute tcpdump as follows tcpdump -i gre0. From my understanding tcpdump/libpcap will open an AF_PACKET raw socket to capture incoming/outgoing packets on gre0.

What about if packets are fragmented when sent towards us from the remote GRE tunnel end-point ? Are they reassembled on our Linux box kernel before being sent over the AF_PACKET raw socket ?

Edit: digging into implementation, the gre packet processing is done in the context of ip_local_deliver() function since when the gre, ip_gre module is loaded in kernel space there is not a specific protocol handler registered for gre packet handling at struct ptype level

root@ubuntu:/root# lsmod | grep gre
ip_gre                 24576  0
gre                    16384  1 ip_gre
ip_tunnel              24576  1 ip_gre
root@ubuntu:/root# 
root@ubuntu:/root# 
root@ubuntu:/root# cat /proc/net/ptype 
Type Device      Function
0800          ip_rcv
0806          arp_rcv
86dd          ipv6_rcv
root@ubuntu:/root#
sockets system-calls tcpdump libpcap tunneling
Original Q&A
0

There are 0 best solutions below

Related Questions in SOCKETS

Related Questions in SYSTEM-CALLS

Related Questions in TCPDUMP

Related Questions in LIBPCAP

Related Questions in TUNNELING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.