tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: keyword outbound with ppp-2.4.3

From: Karsten Keil <kkeil () suse de>
Date: Mon, 29 Nov 2004 16:02:22 +0100
On Mon, Nov 29, 2004 at 11:44:12AM +0100, Petersen.Stefan () eae com wrote:





Hello,

I have tried to use the active-filter option with ppp.
I hvae teaken a daily snapshot yesterday of libpcap, but there is an
errormsg when starting ppp:

error in active-filter expression: inbound/outbound not supported on
linktype 9_

The option in my peers-file looks like:

active-filter 'outbound and not icmp[0] != 8 and not tcp[13] & 4 != 0'



Yes direction support was removed from DLT_PPP in newer versions, I run
in the same problem some time ago.

I was told, that the reason for the remove was, that this was incorrect,
since PPP it self has no direction flag, the PPP filter added a fake
bit in the protocol header to handle this.

But here is a new DLT_PPP_WITHDIRECTION which handle this like the
old libpcap. All you have to do is, to change pppd filter code to
use DLT_PPP_WITHDIRECETION instead of DLT_PPP.
DLT_PPP_WITHDIRECTION is at least availbe from libpcap CVS version,
I do not check, if here is a new offficial version available with it.

Here is my pppd patch:

diff -ur ppp-2.4.2.org/pppd/demand.c ppp-2.4.2/pppd/demand.c
--- ppp-2.4.2.org/pppd/demand.c 2004-08-25 00:48:45.280320718 +0200
+++ ppp-2.4.2/pppd/demand.c     2004-08-25 00:36:48.441279079 +0200
@@ -50,8 +50,9 @@
 #include <sys/socket.h>
 #ifdef PPP_FILTER
 #include <net/if.h>
-#include <net/bpf.h>
+#include <pcap-bpf.h>
 #include <pcap.h>
+#include <linux/if_ether.h>
 #endif
 
 #include "pppd.h"
diff -ur ppp-2.4.2.org/pppd/options.c ppp-2.4.2/pppd/options.c
--- ppp-2.4.2.org/pppd/options.c        2004-08-25 00:49:30.960260765 +0200
+++ ppp-2.4.2/pppd/options.c    2004-08-25 01:22:21.523384931 +0200
@@ -56,7 +56,6 @@
 #endif
 #ifdef PPP_FILTER
 #include <pcap.h>
-#include <pcap-int.h>  /* XXX: To get struct pcap */
 #endif
 
 #include "pppd.h"
@@ -122,7 +121,6 @@
 #ifdef PPP_FILTER
 struct bpf_program pass_filter;/* Filter program for packets to pass */
 struct bpf_program active_filter; /* Filter program for link-active pkts */
-pcap_t  pc;                    /* Fake struct pcap so we can compile expr */
 #endif
 
 char *current_option;          /* the name of the option being parsed */
@@ -1439,12 +1437,24 @@
 setpassfilter(argv)
     char **argv;
 {
-    pc.linktype = DLT_PPP;
-    pc.snapshot = PPP_HDRLEN;
- 
-    if (pcap_compile(&pc, &pass_filter, *argv, 1, netmask) == 0)
+#ifdef DLT_PPP_WITHDIRECTION
+    pcap_t* pc = pcap_open_dead (DLT_PPP_WITHDIRECTION, PPP_HDRLEN);
+#else
+    #warning with libpcap 0.8... you are not able to use IN/OUT filters with DLT_PPP
+    pcap_t* pc = pcap_open_dead (DLT_PPP, PPP_HDRLEN);
+#endif
+    if (!pc) {
+       option_error("error in pass-filter expression: pcap_open_dead failed\n");
+       return 0;
+    }
+
+    if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == 0) {
+       pcap_close (pc);
        return 1;
-    option_error("error in pass-filter expression: %s\n", pcap_geterr(&pc));
+    }
+
+    option_error("error in pass-filter expression: %s\n", pcap_geterr(pc));
+    pcap_close (pc);
     return 0;
 }
 
@@ -1455,12 +1465,25 @@
 setactivefilter(argv)
     char **argv;
 {
-    pc.linktype = DLT_PPP;
-    pc.snapshot = PPP_HDRLEN;
- 
-    if (pcap_compile(&pc, &active_filter, *argv, 1, netmask) == 0)
+#ifdef DLT_PPP_WITHDIRECTION
+    pcap_t* pc = pcap_open_dead (DLT_PPP_WITHDIRECTION, PPP_HDRLEN);
+#else
+#warning with libpcap 0.8... you are not able to use IN/OUT filters with DLT_PPP
+    pcap_t* pc = pcap_open_dead (DLT_PPP, PPP_HDRLEN);
+#endif
+
+    if (!pc) {
+       option_error("error in active-filter expression: pcap_open_dead failed\n");
+       return 0;
+    }
+
+    if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == 0) {
+       pcap_close (pc);
        return 1;
-    option_error("error in active-filter expression: %s\n", pcap_geterr(&pc));
+    }
+
+    option_error("error in active-filter expression: %s\n", pcap_geterr(pc));
+    pcap_close (pc);
     return 0;
 }
 #endif
diff -ur ppp-2.4.2.org/pppd/sys-linux.c ppp-2.4.2/pppd/sys-linux.c
--- ppp-2.4.2.org/pppd/sys-linux.c      2004-08-25 00:49:30.976258643 +0200
+++ ppp-2.4.2/pppd/sys-linux.c  2004-08-25 00:51:26.735901663 +0200
@@ -141,7 +141,7 @@
 #endif /* IPX_CHANGE */
 
 #ifdef PPP_FILTER
-#include <net/bpf.h>
+#include <pcap-bpf.h>
 #include <linux/filter.h>
 #endif /* PPP_FILTER */

diff -ur ppp-2.4.2.org/pppd/demand.c ppp-2.4.2/pppd/demand.c
--- ppp-2.4.2.org/pppd/demand.c 2004-09-21 15:12:36.419304045 +0200
+++ ppp-2.4.2/pppd/demand.c     2004-09-21 15:12:36.419304045 +0200
@@ -349,12 +349,14 @@
        return 0;
     proto = PPP_PROTOCOL(p);
 #ifdef PPP_FILTER
+    *p = 1; /* set outbound for the filter rule */
     if (pass_filter.bf_len != 0
        && bpf_filter(pass_filter.bf_insns, p, len, len) == 0)
        return 0;
     if (active_filter.bf_len != 0
        && bpf_filter(active_filter.bf_insns, p, len, len) == 0)
        return 0;
+    *p = 0xff; /* restore original ppp header */
 #endif
     for (i = 0; (protp = protocols[i]) != NULL; ++i) {
        if (protp->protocol < 0xC000 && (protp->protocol & ~0x8000) == proto) {

-- 
Karsten Keil
SuSE Labs
ISDN development
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: