Re: [squid-users] squid wccp & linux 2.4 GRE tunnel

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 7 Jan 2002 08:04:51 +0100

On Monday 07 January 2002 07.01, Joe Cooper wrote:

> Perhaps it could be viewed this way. I think of it in terms of GRE
> being a well-known and documented protocol, and the WCCP identity number
> is also well-known and documented...seems broken or at least ornery not
> to support it.

Well... from the GRE documentation (RFC2784, coauthored by Cisco):

2.4. Protocol Type (2 octets)

   The Protocol Type field contains the protocol type of the payload
   packet. These Protocol Types are defined in [RFC1700] as "ETHER
   TYPES" and in [ETYPES]. An implementation receiving a packet
   containing a Protocol Type which is not listed in [RFC1700] or
   [ETYPES] SHOULD discard the packet.

Where Cisco found their protocol type 883E I do not know, but it is
certainly not mentioned in any of the above documents, not even listed as
reserved by Cisco. So any GRE implementation supporting WCCP can in effect
be argued as broken.

But sure, having (optional) support for such brokenness can indeed be nice.

The only place defining the protocol type 883E is the (since long expired)
Cisco WCCP Internet Drafts.

> I think the reason Cisco chose a different number is that one may wish
> to implemenet packet filters based on the type of GRE. There are a
> number of legitimate uses for GRE tunnels across WAN links, but fewer
> reasons to have a WCCP GRE tunnel over a WAN (DoS or man in the middle
> exploits come to mind). Just a thought.

Using GRE tunnels over WAN links do make sense. In fact one of the reasons
why GRE is the way it is.

Your reasoning on why Cisco selected to invent a new GRE protocol for ther
WCCP IP over GRE frames is not very valid imho, but may still be the
actual reason. By such reasoning every unique kind of GRE tunnel should
have it's unique (ethernet) protocol type which quite obviously does not
scale.

The protocol type of GRE is meant to indicate the binary type of the GRE
payload data (next level header), just like the protocol type in any of
the other layers, not the application used to select to route the packets
over GRE. The routing application is defined by the endpoints.

Regards
Henrik
Received on Mon Jan 07 2002 - 00:06:39 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:39 MST