Date: Wed, 08 Jul 1998 15:39:39 +0200 From: Martin Blapp <blapp@attic.ch> To: Doug White <dwhite@resnet.uoregon.edu>, questions@FreeBSD.ORG Subject: pppd and dial on demand [1] (was: Pppd active-filter problem) Message-ID: <35A3769B.3056F30A@attic.ch> References: <Pine.BSF.3.96.980708020634.22542Z-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you for your answer. I've switched now to userland ppp but it makes some other problems. I'll describe them in a second mail ... > Where is this active filter command documented? I don't see it on the > manpage. Did the upgrade to ppp make it to -stable? my mail was about kernel pppd, not userland ppp ... I run stable 2.2.6, CVS-updated this morning ... on the 3rd man page of pppd ... << active-filter filter-expression Specifies a packet filter to be applied to data packets to determine which packets are to be regarded as link activity, and therefore reset the idle timer, or cause the link to be brought up in demand-dialling mode. This option is useful in conjunction with the idle option if there are pack- ets being sent or received regularly over the link (for example, routing information packets) which would otherwise prevent the link from ever appear- ing to be idle. The filter-expression syntax is as described for tcpdump(1), except that qualifiers which are inappropriate for a PPP link, such as ether and arp, are not permitted. Generally the filter expression should be enclosed in single- quotes to prevent whitespace in the expression from being interpreted by the shell. This option only available if both the kernel and pppd were compiled with PPP_FILTER defined. >> I've compiled both with option active-filter and it should work. But as I can see is the following packet a broadcast packet and can't be filtered with pppd ... This ****** routing packet appears all ten seconds :-(( And my provider said I should filter them out :-( 01:49:10.404038 oensingen1-s0.solnet.ch > OSPF-ALL.MCAST.NET: OSPFv2-hello 44: rtrid oensingen1-e0.solnet.ch backbone [tos 0xc0] [ttl 1] If I include some rules to filter this packet, pppd says that broadcast packets can't be filtered :-(( My rules have changed a litttle bit ... active-filter 'udp or icmp or (tcp and not (port 20 or port 21 or port 22 or port 23 or port 25 or port 80 or port 110 or port 51 or port 6000 or port 6010 or port 6667) or tcp and not (port 53 and not host ( 198.41.0.4 or 128.9.0.107 or 192.33.4.12 or 128.8.10.90 or 192.203.230.10 or 92.5.5.241 or 192.112.36.4 or 128.63.2.53 or 192.36.148.17 or 198.41.0.10 or 193.0.14.129 or 198.32.64.12 or 202.12.27.33 or 194.235.47.66 or 194.235.60.10)))' These rules should really work, but they don't because of the broadcast-packets I get all ten seconds ... > You are aware that you need to run ipfw with divert sockets to make natd > work, right? See the natd man page for details. > Natd runs stable with the patches from Julian. :) The problems with the broken tcp-connections are not a problem of natd. IMO, pppd has some problems with the connection : Jul 6 18:40:28 atreju /kernel: ppp0: bad fcs 6856, pkt len 80 Jul 6 18:40:29 atreju /kernel: ppp0: bad fcs f7c, pkt len 85 Jul 6 18:40:32 atreju /kernel: ppp0: bad fcs c25e, pkt len 83 Jul 6 18:40:42 atreju /kernel: ppp0: bad fcs 5aef, pkt len 125 Jul 6 18:41:41 atreju /kernel: ppp0: bad fcs c1c9, pkt len 282 This breaks many tcp-connections. I'm unable to telnet or run ssh from another box longer than 20 - 30 seconds. I get a "connect reset by peer" :-( Any Ideas? Please CC me with any responses. Thanks. Martin -- ------------------------------------------------------------------------ Martin Blapp, (blapp@attic.ch) Attic Internet Services, Bechburgstrasse 8, 4702 Oensingen, Switzerland Phone: +41 62 396 43 70, Fax: +41 62 396 43 72 PGP fingerprint: 4E96 1AE8 4AA6 AB40 1AD6 DB42 7623 995D 522A 1D38 ------------------------------------------------------------------------ Public key available at: http://www.attic.ch/pgp-public.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35A3769B.3056F30A>