Here's something very strange I observe with GRE tunnels (the default tunnel mode). It looks like cisco routers send IP datagrams violating RFC 791 [Internet Protocol] over GRE tunnels. In particular, the length field of the IP header is computed incorrectly to *not* include the size of the IP header. RFC 791 says about the length field: [...] I have an application on my workstation that serves as one endpoint of a GRE tunnel. In fact, it's such a tiny perl program that I have appended it at the end of this mail. [...] We note that the length as reported in the IP header is always 20 octets less than what we receive on the socket. This leads me to the question
Do you cisco guys read RFCs? :-)
I can tell you for sure that the Cisco routers do send the packets (GRE or IP protocol 4) with a length which includes the IP header, just like the RFC. If you look I think you'll find that it is your kernel which is subtracting out the IP header length before it hands the packet to you on the raw socket. Dennis Ferguson