Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ppp active filters

92 views
Skip to first unread message

Peter Tselios

unread,
Apr 19, 2002, 10:32:27 AM4/19/02
to
Hallo,
I have ppp2.4.1 and 2.4.10 kernel on my linux box. I want to know if the
active filter is enamble and if so how can I compile ppp with active
filters? In my kernel I have added the active filter and I have recompiled
the ppp with the option PPP_FILTER=1 but the pppd says that active-filter
is not a recognized option.
Any ideas.
Thanks,
--
Peter Tselios

Clifford Kite

unread,
Apr 19, 2002, 1:32:35 PM4/19/02
to
Peter Tselios <t...@nospam.aegean.gr> wrote:

> I have ppp2.4.1 and 2.4.10 kernel on my linux box. I want to know if the
> active filter is enamble and if so how can I compile ppp with active
> filters? In my kernel I have added the active filter and I have recompiled
> the ppp with the option PPP_FILTER=1 but the pppd says that active-filter
> is not a recognized option.

Did you uncomment the FILTER=yes in pppd/Makefile?

BTW, from - admittedly limited - personal experience, I don't believe
that Linux PPP filtering is ready for prime time.

-- Clifford Kite Email: "echo xvgr_yv...@ri1.arg|rot13"
PPP-Q&A links, downloads: http://users3.ev1.net/~ckite/public_html/
"[Every individual] intends only his own security, only his own gain. And
he is in this led by an invisible hand to promote an end which was no part
of his intention. By pursuing his own interest, he frequently promotes that
of society more effectually than when he really intends to promote it."
-Adam Smith, "The Wealth of Nations"

Bill Unruh

unread,
Apr 19, 2002, 2:24:01 PM4/19/02
to
Peter Tselios <t...@nospam.aegean.gr> writes:

]Hallo,


]I have ppp2.4.1 and 2.4.10 kernel on my linux box. I want to know if the
]active filter is enamble and if so how can I compile ppp with active
]filters? In my kernel I have added the active filter and I have recompiled
]the ppp with the option PPP_FILTER=1 but the pppd says that active-filter
]is not a recognized option.

man pppd
This option is currently only available under NetBSD, and then only
if both the kernel and pppd were compiled with PPP_FILTER defined.

linux is not NetBSD

Peter Tselios

unread,
Apr 20, 2002, 6:56:10 AM4/20/02
to
Clifford Kite wrote:

> Peter Tselios <t...@nospam.aegean.gr> wrote:
>
>> I have ppp2.4.1 and 2.4.10 kernel on my linux box. I want to know if the
>> active filter is enamble and if so how can I compile ppp with active
>> filters? In my kernel I have added the active filter and I have
>> recompiled the ppp with the option PPP_FILTER=1 but the pppd says that
>> active-filter is not a recognized option.
>
> Did you uncomment the FILTER=yes in pppd/Makefile?

^^^^^^^
I didn't find anything like that. Either I did not noticed that, or the
|grep is not working well on my machine :)....
I will try it, since I do not have any other choice (unless you know how to
configure iptables in order to drop the lcp packages....)
Thanks,
Peter


> BTW, from - admittedly limited - personal experience, I don't believe
> that Linux PPP filtering is ready for prime time.
>
> -- Clifford Kite Email: "echo xvgr_yv...@ri1.arg|rot13"
> PPP-Q&A links, downloads: http://users3.ev1.net/~ckite/public_html/
> "[Every individual] intends only his own security, only his own gain. And
> he is in this led by an invisible hand to promote an end which was no part
> of his intention. By pursuing his own interest, he frequently promotes
> that of society more effectually than when he really intends to promote
> it."
> -Adam Smith, "The Wealth of Nations"

--
Peter Tselios

Clifford Kite

unread,
Apr 20, 2002, 3:14:55 PM4/20/02
to
Peter Tselios <t...@nospam.aegean.gr> wrote:
> Clifford Kite wrote:

>> Did you uncomment the FILTER=yes in pppd/Makefile?
> ^^^^^^^
> I didn't find anything like that. Either I did not noticed that, or the
> |grep is not working well on my machine :)....

Yes, it should have been FILTER=y, sorry.

--
Clifford Kite Email: "echo xvgr_yv...@ri1.arg|rot13"
PPP-Q&A links, downloads: http://users3.ev1.net/~ckite/public_html/

/* Editing with vi is a lot better than using a huge swiss army knife.
Use =} to wrap paragraphs in vi. Or put map ^] !}fmt -72^M in
~/.exrc and use ^] to wrap to 72 columns or whatever you choose. */

Peter Tselios

unread,
Apr 21, 2002, 8:21:53 AM4/21/02
to
Clifford Kite wrote:
> Yes, it should have been FILTER=y, sorry.
^^^^^^^^^^^
I have tried that. So, either I am doing something wrong or I have problems
with the kernel/pppd.
More details:
Kernel: 2.4.10
pppd: 2.4.1
Error: options.c:95: parse error before `pc'
options.c:95: warning: type defaults to `int' in declaration of `pc'
options.c:95: warning: data definition has no type or storage class
options.c: In function `setpassfilter':
options.c:1403: request for member `linktype' in something not a structure
or union
options.c:1403: `DLT_PPP' undeclared (first use in this function)
options.c:1403: (Each undeclared identifier is reported only once
options.c:1403: for each function it appears in.)
options.c:1404: request for member `snapshot' in something not a structure
or union
options.c:1406: warning: implicit declaration of function `pcap_compile'
options.c:1408: warning: implicit declaration of function `pcap_geterr'
options.c: In function `setactivefilter':
options.c:1419: request for member `linktype' in something not a structure
or union
options.c:1419: `DLT_PPP' undeclared (first use in this function)
options.c:1420: request for member `snapshot' in something not a structure
or union
options.c: At top level:
options.c:93: storage size of `pass_filter' isn't known
options.c:94: storage size of `active_filter' isn't known


Sorry for the msg size, but I have the previous error when I write make
FILTER=y.
BTW, I had the same errors when I tried the FILTER=Y, I saw the
-DPPP_FILTER at the gcc command.

Any ideas? I remind you that I have enabled the PPP_FILTER option at the
kernel and the PPP is compiled INTO the kernel not at module.
--
Peter Tselios

Clifford Kite

unread,
Apr 21, 2002, 11:52:01 AM4/21/02
to
Peter Tselios <t...@nospam.aegean.gr> wrote:
> Clifford Kite wrote:
>> Yes, it should have been FILTER=y, sorry.
> ^^^^^^^^^^^
> I have tried that. So, either I am doing something wrong or I have problems
> with the kernel/pppd.
> More details:
> Kernel: 2.4.10
> pppd: 2.4.1
> Error: options.c:95: parse error before `pc'
> options.c:95: warning: type defaults to `int' in declaration of `pc'
> options.c:95: warning: data definition has no type or storage class

I don't recall any problems when I compiled pppd with

FILTER=y

after removing the # at the beginning of the line in the Makefile.

Keep in mind while reading the comments below that later on in the
Makefile the line

INCLUDE_DIRS= -I../include

points to pppd/include as an include directory.

This is line 95 of options.c here:

pcap_t pc; /* Fake struct pcap so we can compile expr */

The error likely (this qualifier is necessary because I'm not a
C programmer, although I can read C to a limited extent) means
that pcap_t isn't defined, or can't be defined because pcap isn't
defined, and so it defaults to int. The defintion of pcap_t is in
/usr/include/pcap.h here (libpcap must be installed as noted in the
comments in the Makefile preceding the FILTER=y option) and pcap is
defined in pppd/include/pcap-int.c.

This is near the beginning of pppd/options.c:

#ifdef PPP_FILTER
#include <pcap.h>
#include <pcap-int.h> /* XXX: To get struct pcap */
#endif

I hope this helps you to figure out what's wrong there. I can only guess
that you don't have a pristine pppd source (e.g., one from ftp.samba.org),
or didn't install libpcap.

It still doesn't change the fact that Linux pppd filtering is not yet
correctly implemented and that you are wasting your time.

--
Clifford Kite Email: "echo xvgr_yv...@ri1.arg|rot13"
PPP-Q&A links, downloads: http://users3.ev1.net/~ckite/public_html/

/* Better is the enemy of good enough. */

0 new messages