Hmmm. Setting the ttl to the same as in the encapsulated packet kills
traceroute a bit. Why can't we just refuse to IP-encapsulate any packets which
are already IP-encapsulated?
Slightly more reasonably, we could have the tunnel driver go through the IPIP
headers one by one until it reaches the real IP packet in the middle, and
refuse to package it if it has ever been sent out by this tunnel device.
-- David Woodhouse, CB3 9AN http://dwmw2.robinson.cam.ac.uk/ dwmw2@cam.ac.uk Tel: 0976 658355 D.W.Woodhouse@nortel.co.uk Tel: 01279 402332