Here's something very strange I observe with GRE tunnels (the default
tunnel mode). It looks like cisco routers send IP datagrams violating RFC 791
[Internet Protocol] over GRE tunnels. In particular, the length field of
the IP header is computed incorrectly to *not* include the size of the
IP header. RFC 791 says about the length field:
I have an application on my workstation that serves as one endpoint
of a GRE tunnel. In fact, it's such a tiny perl program that I have
appended it at the end of this mail.
We note that the length as reported in the IP header is
always 20 octets less than what we receive on the socket.
This leads me to the question
Do you cisco guys read RFCs?
I can tell you for sure that the Cisco routers do send the packets (GRE
or IP protocol 4) with a length which includes the IP header, just like
the RFC. If you look I think you'll find that it is your kernel which is
subtracting out the IP header length before it hands the packet to you on
the raw socket.