Bug 71247

Summary: Please enable active-filter/pass-filter support in ppp/neat
Product: [Retired] Red Hat Linux Reporter: Michael Meissner <redhat>
Component: pppAssignee: Thomas Woerner <twoerner>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: namonai, pb
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-08-16 16:09:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch to enable filter
none
Updated spec file to build ppp with active filtering none

Description Michael Meissner 2002-08-11 00:59:09 UTC 
Description of Problem:

As distributed, the Red Hat 7.3 ppp daemon does not support ppp filtering, which
makes setting up a dial-on demand gateway somewhat problematical.  If you don't
have active/pass filtering, ntp and dns will tend to keep the link up with their
constant babbling.  I downloaded the rawhide version 2.4.1-7 of ppp, and it
still does not have filtering enabled.  I built a ppp by hand, modifying the
Makefile to add FILTER=y, and installed the binary on my system, and it works.

Once ppp supports active filtering, a related problem is neat and the scripts in
/etc/sysconfig/network-scripts/ifcfg-ppp* don't have a good way of dealing with
the spaces that the active/pass filtering rules need.  I got around this by
editing /etc/ppp/options directly to add the filter support.

I will note that the 2.4.18-5 kernel configs have PPP_FILTER enabled.

After this it would be helpful to have examples in your setup guide for setting
up modems for common situations like dial-on demand.  Also changing the manual
page to say it now works on Linux would be helpful.

Version-Release number of selected component (if applicable):

2.4.1-3 of ppp (also rawhide ppp 2.4.1-7).

How Reproducible:

Always.

Steps to Reproduce:
1. Set up ppp on the system.
2. echo "active-filter '!(port ntp || tcp port domain || (udp dst port domain &&
 udp src port domain))'" >> /etc/ppp/options
3. ifup ppp0

Actual Results:

ppp complains that it doesn't know about active-filter.

Expected Results:

ppp supports active and pass filters.

Additional Information:
Comment 1 Craig Kelley 2003-08-23 02:08:05 UTC 
Created attachment 93874 [details]
Patch to enable filter

This patch will enable the active filter in ppp.
Comment 2 Craig Kelley 2003-08-23 02:09:04 UTC 
Created attachment 93875 [details]
Updated spec file to build ppp with active filtering

This spec file will build ppp with the active filter patch
Comment 3 Craig Kelley 2003-08-23 02:11:22 UTC 
This patch works on i386, which is 99% of the users out there.  I notice that
RedHat have disabled ppp filtering in some other architectures in the kernel
builds, so those would fail to work with these patches.  This requires libpcap
to be installed (promiscuous ppp).
Comment 4 Peter Bieringer 2003-12-10 01:25:29 UTC 
*** Bug 64997 has been marked as a duplicate of this bug. ***
Comment 5 Thomas Woerner 2004-08-16 16:09:45 UTC 
Please verify this with a newer version of Red Hat Enterprise Linux or
Fedora Core and reopen it against the new version if it still occurs.

Closing as "not a bug" for now.
Comment 6 Craig Kelley 2004-08-16 19:01:58 UTC 
This *bug* is fixed in Fedora Core 2; but in rhel3 it's still broken:

# cat >> /etc/ppp/options
active-filter 'tcp dst port 22 or dst port 53'
^D
# pppd
pppd: In file /etc/ppp/options: unrecognized option 'active-filter'
# rpm -qa | grep ^ppp
ppp-2.4.1-14

I'm not sure how to update the operating system tags; and I'm not the
bug owner, so I'll let someone else reopen it.