Index: sys/net/if_gre.c =================================================================== RCS file: /cvs/src/sys/net/if_gre.c,v retrieving revision 1.101 diff -u -p -r1.101 if_gre.c --- sys/net/if_gre.c 15 Feb 2018 01:03:17 -0000 1.101 +++ sys/net/if_gre.c 15 Feb 2018 02:55:33 -0000 @@ -563,8 +563,13 @@ gre_input_key(struct mbuf **mp, int *off if (sc == NULL) goto decline; + ifp = &sc->sc_if; + switch (gh->gre_proto) { - case htons(GRE_WCCP): + case htons(GRE_WCCP): { + struct mbuf *n; + int off; + /* WCCP/GRE: * So far as I can see (and test) it seems that Cisco's WCCP * GRE tunnel is precisely a IP-in-GRE tunnel that differs @@ -574,22 +579,23 @@ gre_input_key(struct mbuf **mp, int *off * the following: * draft-forster-wrec-wccp-v1-00.txt * draft-wilson-wrec-wccp-v2-01.txt - * - * So yes, we're doing a fall-through (unless, of course, - * net.inet.gre.wccp is 0). */ - switch (gre_wccp) { - case 1: - break; - case 2: - hlen += sizeof(gre_wccp); - break; - case 0: - default: + + if (!gre_wccp && !ISSET(ifp->if_flags, IFF_LINK0)) goto decline; - } + + /* + * If the first nibble of the payload does not look like + * IPv4, assume it is WCCP v2. + */ + n = m_getptr(m, hlen, &off); + if (n == NULL) + goto decline; + if (n->m_data[off] >> 4 != IPVERSION) + hlen += sizeof(gre_wccp); /* FALLTHROUGH */ + } case htons(ETHERTYPE_IP): #if NBPFILTER > 0 bpf_af = AF_INET; @@ -628,8 +634,6 @@ gre_input_key(struct mbuf **mp, int *off default: goto decline; } - - ifp = &sc->sc_if; m_adj(m, hlen); Index: share/man/man4/gre.4 =================================================================== RCS file: /cvs/src/share/man/man4/gre.4,v retrieving revision 1.54 diff -u -p -r1.54 gre.4 --- share/man/man4/gre.4 15 Feb 2018 02:09:21 -0000 1.54 +++ share/man/man4/gre.4 15 Feb 2018 02:55:33 -0000 @@ -112,6 +112,10 @@ virtual network idenfitier. .Nm gre optionally supports sending keepalive packets to the remote endpoint, which allows tunnel failure to be detected. +.Nm gre +interfaces can be individually configured to receive WCCP packets by +setting the link-level flag +.Cm link0 . .Sh EXAMPLES .Nm gre Configuration example: