Bug 71247 - Please enable active-filter/pass-filter support in ppp/neat
Please enable active-filter/pass-filter support in ppp/neat
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: ppp (Show other bugs)
7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Thomas Woerner
:
: 64997 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-08-10 20:59 EDT by Michael Meissner
Modified: 2007-04-18 12:45 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-08-16 12:09:45 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to enable filter (341 bytes, patch)
2003-08-22 22:08 EDT, Craig Kelley
no flags Details | Diff
Updated spec file to build ppp with active filtering (6.07 KB, text/plain)
2003-08-22 22:09 EDT, Craig Kelley
no flags Details

  None (edit)
Description Michael Meissner 2002-08-10 20:59:09 EDT
Description of Problem:

As distributed, the Red Hat 7.3 ppp daemon does not support ppp filtering, which
makes setting up a dial-on demand gateway somewhat problematical.  If you don't
have active/pass filtering, ntp and dns will tend to keep the link up with their
constant babbling.  I downloaded the rawhide version 2.4.1-7 of ppp, and it
still does not have filtering enabled.  I built a ppp by hand, modifying the
Makefile to add FILTER=y, and installed the binary on my system, and it works.

Once ppp supports active filtering, a related problem is neat and the scripts in
/etc/sysconfig/network-scripts/ifcfg-ppp* don't have a good way of dealing with
the spaces that the active/pass filtering rules need.  I got around this by
editing /etc/ppp/options directly to add the filter support.

I will note that the 2.4.18-5 kernel configs have PPP_FILTER enabled.

After this it would be helpful to have examples in your setup guide for setting
up modems for common situations like dial-on demand.  Also changing the manual
page to say it now works on Linux would be helpful.

Version-Release number of selected component (if applicable):

2.4.1-3 of ppp (also rawhide ppp 2.4.1-7).

How Reproducible:

Always.

Steps to Reproduce:
1. Set up ppp on the system.
2. echo "active-filter '!(port ntp || tcp port domain || (udp dst port domain &&
 udp src port domain))'" >> /etc/ppp/options
3. ifup ppp0

Actual Results:

ppp complains that it doesn't know about active-filter.

Expected Results:

ppp supports active and pass filters.

Additional Information:
Comment 1 Craig Kelley 2003-08-22 22:08:05 EDT
Created attachment 93874 [details]
Patch to enable filter

This patch will enable the active filter in ppp.
Comment 2 Craig Kelley 2003-08-22 22:09:04 EDT
Created attachment 93875 [details]
Updated spec file to build ppp with active filtering

This spec file will build ppp with the active filter patch
Comment 3 Craig Kelley 2003-08-22 22:11:22 EDT
This patch works on i386, which is 99% of the users out there.  I notice that
RedHat have disabled ppp filtering in some other architectures in the kernel
builds, so those would fail to work with these patches.  This requires libpcap
to be installed (promiscuous ppp).
Comment 4 Peter Bieringer 2003-12-09 20:25:29 EST
*** Bug 64997 has been marked as a duplicate of this bug. ***
Comment 5 Thomas Woerner 2004-08-16 12:09:45 EDT
Please verify this with a newer version of Red Hat Enterprise Linux or
Fedora Core and reopen it against the new version if it still occurs.

Closing as "not a bug" for now.
Comment 6 Craig Kelley 2004-08-16 15:01:58 EDT
This *bug* is fixed in Fedora Core 2; but in rhel3 it's still broken:

# cat >> /etc/ppp/options
active-filter 'tcp dst port 22 or dst port 53'
^D
# pppd
pppd: In file /etc/ppp/options: unrecognized option 'active-filter'
# rpm -qa | grep ^ppp
ppp-2.4.1-14

I'm not sure how to update the operating system tags; and I'm not the
bug owner, so I'll let someone else reopen it.

Note You need to log in before you can comment on or make changes to this bug.