xref: /openbsd/share/man/man4/gre.4 (revision 891d7ab6)

.\" $OpenBSD: gre.4,v 1.33 2011/04/04 15:54:07 claudio Exp $
.\" $NetBSD: gre.4,v 1.10 1999/12/22 14:55:49 kleink Exp $
.\"
.\" Copyright 1998 (c) The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to The NetBSD Foundation
.\" by Heiko W.Rupp <hwr@pilhuhn.de>
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
.\" TO, THE  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
.\" CONTRACT, STRICT  LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 4 2011 $
.Dt GRE 4
.Os
.Sh NAME
.Nm gre
.Nd encapsulating network device
.Sh SYNOPSIS
.Cd "pseudo-device gre"
.Sh DESCRIPTION
The
.Nm
network interface allows tunnel construction using the Cisco GRE or
the Mobile-IP (RFC 2004) encapsulation protocols.
.Pp
.Tn GRE ,
.Tn WCCPv1 ,
and
.Tn MobileIP
are enabled with the following
.Xr sysctl 3
variables respectively in
.Pa /etc/sysctl.conf :
.Bl -tag -width "net.inet.mobileip.allow"
.It Va net.inet.gre.allow
Allow GRE packets in and out of the system.
.It Va net.inet.gre.wccp
Allow WCCPv1-style GRE packets into the system (depends on the above).
.It Va net.inet.mobileip.allow
Allow MobileIP packets in and out of the system.
.El
.Pp
A
.Nm
interface can be created at runtime using the
.Ic ifconfig gre Ns Ar N Ic create
command or by setting up a
.Xr hostname.if 5
configuration file for
.Xr netstart 8 .
.Pp
This driver currently supports the following modes of operation:
.Bl -tag -width abc
.It GRE encapsulation (IP protocol number 47).
Encapsulated datagrams are prepended by an outer datagram and a GRE header.
The GRE header specifies the type of the encapsulated datagram
and thus allows for tunneling other protocols than IP like
e.g. AppleTalk.
GRE mode is the default tunnel mode on Cisco routers.
This is also the default mode of operation of the
.Nm
interfaces.
.It MOBILE encapsulation (IP protocol number 55).
Datagrams are encapsulated into IP, but with a much smaller
encapsulation header.
This protocol only supports IP in IP encapsulation, and is intended
for use with mobile IP.
.El
.Pp
The network interfaces are named
.Li gre0 ,
.Li gre1 ,
etc.
The number of interfaces is given by the corresponding
.Ic pseudo-device
line in the system configuration file.
.Nm gre
interfaces support the following
.Xr ioctl 2 Ns s :
.Bl -tag -width Ds
.It Dv GRESADDRS Fa "struct ifreq *"
Set the IP address of the local tunnel end.
.It Dv GRESADDRD Fa "struct ifreq *"
Set the IP address of the remote tunnel end.
.It Dv GREGADDRS Fa "struct ifreq *"
Query the IP address that is set for the local tunnel end.
.It Dv GREGADDRD Fa "struct ifreq *"
Query the IP address that is set for the remote tunnel end.
.It Dv GRESPROTO Fa "struct ifreq *"
Set the operation mode to the specified IP protocol value.
The protocol is passed to the interface in the
.Va ifr_flags
field of the
.Vt ifreq
structure.
The operation mode can also be set with the following modifiers to
.Xr ifconfig 8 :
.Pp
.Bl -tag -width "-link0" -offset indent -compact
.It Cm link0
.Dv IPPROTO_GRE
.It Cm -link0
.Dv IPPROTO_MOBILE
.El
.It Dv GREGPROTO Fa "struct ifreq *"
Query operation mode.
.El
.Pp
Note that the IP addresses of the tunnel endpoints may be the same as the
ones defined with
.Xr ifconfig 8
for the interface (as if IP is encapsulated), but need not be, as e.g. when
encapsulating AppleTalk.
.Sh EXAMPLES
Configuration example:
.Bd -literal
Host X ---- Host A ------------ tunnel ------------ Cisco D ---- Host E
               \e                                      /
                \e                                    /
                 +------ Host B ------ Host C ------+
.Ed
.Pp
On Host A (OpenBSD):
.Bd -literal -offset indent
# route add default B
# ifconfig greN create
# ifconfig greN A D netmask 0xffffffff linkX up
# ifconfig greN tunnel A D
# route add E D
.Ed
.Pp
On Host D (Cisco):
.Bd -literal -offset indent
Interface TunnelX
 ip unnumbered D   ! e.g. address from Ethernet interface
 tunnel source D   ! e.g. address from Ethernet interface
 tunnel destination A
ip route C <some interface and mask>
ip route A mask C
ip route X mask tunnelX
.Ed
.Pp
OR
.Pp
On Host D (OpenBSD):
.Bd -literal -offset indent
# route add default C
# ifconfig greN create
# ifconfig greN D A
# ifconfig greN tunnel D A
.Ed
.Pp
To reach Host A over the tunnel (from Host D), there has to be an
alias on Host A for the Ethernet interface:
.Pp
.Dl # ifconfig <etherif> alias Y
.Pp
and on the Cisco:
.Pp
.Dl ip route Y mask tunnelX
.Pp
Keepalive packets may optionally be sent to the remote endpoint, which
decapsulates and returns them, allowing tunnel failure to be detected.
Enable them like this:
.Bd -literal -offset indent
# ifconfig greN keepalive period count
.Ed
.Pp
This will send a keepalive packet every
.Ar period
seconds.
If no response is received in
.Ar count
*
.Ar period
seconds, the link is considered down.
To return keepalives, the remote host must be configured to forward packets:
.Bd -literal -offset indent
# sysctl net.inet.ip.forwarding=1
.Ed
.Sh NOTES
The MTU of
.Nm
interfaces is set to 1476 by default to match the value used by Cisco routers.
This may not be an optimal value, depending on the link between the two tunnel
endpoints.
It can be adjusted via
.Xr ifconfig 8 .
.Pp
For correct operation, the
.Nm
device needs a route to the destination, that is less specific than the
one over the tunnel.
(There needs to be a route to the decapsulating host that
does not run over the tunnel, as this would create a loop.)
.Pp
In order for
.Xr ifconfig 8
to actually mark the interface as up, the keyword
.Cm up
must be given last on its command line.
.Pp
The kernel must be set to forward datagrams by issuing the appropriate
option to
.Xr sysctl 8 .
.Pp
The GRE interface will accept WCCPv1-style GRE encapsulated packets
from a Cisco router.
Some magic with the packet filter configuration
and a caching proxy like squid are needed to do anything useful with
these packets.
.Sh SEE ALSO
.Xr atalk 4 ,
.Xr inet 4 ,
.Xr ip 4 ,
.Xr netintro 4 ,
.Xr options 4 ,
.Xr hostname.if 5 ,
.Xr protocols 5 ,
.Xr ifconfig 8 ,
.Xr netstart 8 ,
.Xr sysctl 8
.Rs
.%R RFC 1701
.%T Generic Routing Encapsulation
.Re
.Rs
.%R RFC 1702
.%T Generic Routing Encapsulation over IPv4 networks
.Re
.Rs
.%R RFC 2004
.%T Minimal Encapsulation within IP
.Re
.Rs
.%O http://www.wrec.org/Drafts/draft-ietf-wrec-web-pro-00.txt
.%T Web Cache Coordination Protocol V1.0
.Re
.Rs
.%O http://www.wrec.org/Drafts/draft-wilson-wrec-wccp-v2-00.txt
.%T Web Cache Coordination Protocol V2.0
.Re
.Sh AUTHORS
.An Heiko W.Rupp Aq hwr@pilhuhn.de
.Sh BUGS
GRE RFC not yet fully implemented (no GRE options).
.Pp
For the WCCP GRE encapsulated packets we can only reliably accept
WCCPv1 format; WCCPv2 formatted packets add another header which will
skew the decode, and results are not defined (i.e. don't do WCCPv2).