freebsd stable - Dec 2003 - ipfw fwd to gif interface

Hello,

I'v tried to forward all traffic incoming on the interface (tun0) to another
one (gif0). And got following kernel message:
gif_output: recursively called too many times(2)

My configuration:

# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
	tunnel inet x.x.x.x --> y.y.y.y
	inet 10.249.1.5 --> 10.249.1.6 netmask 0xfffffffc 

x.x.x.x is on fxp0, y.y.y.y is on cisco router

Traffic is forwarded by the following rule:
# ipfw add fwd 10.249.1.6 ip from any to any out recv tun0

Packets matched by this rule, but nothing was going out gif0.

-- 
Andrey Lakhno,
land-ripe

Hello!
> From:      Andrey Lakhno <land@dnepr.net>
>
> I'v tried to forward all traffic incoming on the interface (tun0) to
another
> one (gif0). And got following kernel message:
> gif_output: recursively called too many times(2)
>
> My configuration:
>
> # ifconfig gif0
> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
>	tunnel inet x.x.x.x --> y.y.y.y
>	inet 10.249.1.5 --> 10.249.1.6 netmask 0xfffffffc
>
> x.x.x.x is on fxp0, y.y.y.y is on cisco router
>
> Traffic is forwarded by the following rule:
> # ipfw add fwd 10.249.1.6 ip from any to any out recv tun0
>
> Packets matched by this rule, but nothing was going out gif0.
 Of course, you've created forwarding loop. After getting encapsulated,
packets travel through ipfw again, and they obviously have the same receive
interface (tun0), so your rule forwarding them back to gif0. You should pass
encapsulated traffic before forwarding non-encapsulated one:

ipfw add 1010 pass ipencap from x.x.x.x to y.y.y.y
ipfw add 1020 fwd 10.249.1.6 ip from any to any out recv tun0

You may want to replace "pass" with "skipto 1030" if you
want to shape or
count ipencap traffic after these rules.

Sincerely, Dmitry
-- 
Atlantis ISP, System Administrator
e-mail:  dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE