GRE Header

The GRE header itself contains 4 bytes, which represent the minimum size of GRE header with no added options. The first pair of bytes (bits 0 through 15) contains the flags that indicate the presence of GRE options. Such options, if active, add additional overhead to the GRE header. The second pair of bytes is the protocol field and indicates the type of data that is carried in the GRE tunnel. Table 14-2 describes the GRE header options.

Table 14-2 GRE Header Options

GRE Header Bit

Option

Description

0

Checksum Present

Adds a 4-byte checksum field to the GRE header after the protocol field if this bit is set to 1.

2

Key Present

Adds a 4-byte encryption key to the GRE header after the checksum field if this bit is set to 1.

3

Sequence Number Present

Adds a 4-byte sequence number to the GRE header after the key field if this bit is set to 1.

13-15

GRE Version

0 indicates basic GRE, while 1 is used for PPTP.

The Checksum Present option (bit 0) adds an optional 4-byte checksum field to the GRE header. This checksum appears after the protocol field in the GRE header only if the Checksum Present bit is set. Normally, this option is not needed because other upper-layer protocols provide checksum capabilities to detect packet corruption.

The Key Present option (bit 2) adds an optional 4-byte key field to the GRE header. This clear-text key follows the checksum field. The key is used to provide basic authentication where each GRE endpoint has the key. However, the key itself is exposed in the GRE header. Due to this vulnerability, GRE encryption is not typically used. However, the key value can be used to uniquely identify multiple tunnels between two endpoints. This would be similar to an IPsec SPI.

The Sequence Number option (bit 3) adds an optional 4-byte sequence number field to the GRE header. This sequence value follows the key option. This option is used to properly sequence GRE packets upon arrival. Similar to the checksum option, this is not typically used because upper-layer protocols also offer this functionality.

Bits 13-15 indicate the GRE version number. 0 represents basic GRE, while 1 shows that the Point-to-Point Tunneling Protocol (PPTP) is used. PPTP is not covered in this book.

The second 2 bytes of the GRE header represent the Protocol field. These 16 bits identify the type of packet that is carried inside the GRE tunnel. Ethertype 0x0800 indicates IP. Figure 14-1 shows a GRE packet with all options present added to an IP header and data.

Figure 14-1 GRE Packet Format

Figure 14-1 GRE Packet Format

Tunnel IP Header

GRE Flags

Protocol Type

IP Header

Transport Header

Data

Required GRE Header

Original IP Header and Packet

Optional GRE Header

Required GRE Header

Original IP Header and Packet

Optional GRE Header

Checksum j Offset

Sequence Number

In Figure 14-1, only the required GRE header and original IP header and packet typically appear in GRE tunnel configurations. The GRE options are normally not used because upper-layer protocols provide similar functionality.

Was this article helpful?

0 0

Post a comment