| GIF(4) | Device Drivers Manual | GIF(4) |
gif — generic
tunnel interface
pseudo-device gif
The gif interface is a generic tunnelling
pseudo-device. It can tunnel IPv4, IPv6, and MPLS over IPv4 and IPv6, with
behavior mainly based on RFC 4213 IPv6-over-IPv4.
A gif interface can be created at runtime
using the ifconfig gifN
create command or by setting up a
hostname.if(5) configuration
file for netstart(8).
The gif interface must be configured with
the addresses used for the outer header. This can be done by using
ifconfig(8)'s
tunnel command (which uses the
SIOCSLIFPHYADDR ioctl).
The addresses of the inner header must be configured by using
ifconfig(8) in the normal way.
The routing table can be used to direct packets toward the
gif interface.
sysctl(2), etherip(4), gre(4), inet(4), inet6(4), ipsec(4), hostname.if(5), ifconfig(8), netstart(8)
E. Nordmark and R. Gilligan, Basic Transition Mechanisms for IPv6 Hosts and Routers, RFC 4213, October 2005.
T. Worster, Y. Rekhter, and E. Rosen, Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE), RFC 4023, March 2005.
The gif device first appeared in WIDE
hydrangea IPv6 kit.
Previously, gif supported RFC 3378 EtherIP
tunnels over bridge(4)
interfaces. This is now handled by
etherip(4).
There are many tunnelling protocol specifications, defined
differently from each other. gif may not
interoperate with peers which are based on different specifications, and are
picky about outer header fields. For example, you cannot usually use
gif to talk with IPsec devices that use IPsec tunnel
mode.
The current code does not check if the ingress address (outer
source address) configured to gif makes sense. Make
sure to configure an address which belongs to your node. Otherwise, your
node will not be able to receive packets from the peer, and your node will
generate packets with a spoofed source address.
If the outer protocol is IPv6, path MTU discovery for encapsulated packet may affect communication over the interface.
| July 11, 2018 | openbsd |