netbsd-bugs: kern/5414: tcpdump ppp doesn't respect inbound/outbound qualifiers

Subject: kern/5414: tcpdump ppp doesn't respect inbound/outbound qualifiers
To: None <gnats-bugs@gnats.netbsd.org>
From: None <ronald@chersonese.com>
List: netbsd-bugs
Date: 05/07/1998 15:48:06
>Number:         5414
>Category:       kern
>Synopsis:       tcpdump ppp doesn't respect inbound/outbound qualifiers
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May  7 02:05:01 1998
>Last-Modified:
>Originator:     Ronald Khoo
>Organization:
At Home
>Release:        19980501
>Environment:
	
System: NetBSD leek.chersonese.com 1.3E NetBSD 1.3E (LEEK) #0: Wed May 6 20:08:49 PDT 1998 root@:/usr/src/sys/arch/i386/compile/LEEK i386


>Description:
The 'inbound' and 'outbound' qualifiers are quite useful in
the construction of ppp active filter rules.  Apparently
they even work there.  However, when using tcpdump to test
those rules, they don't work.  This is because if_ppp.c
kludges the packet header for PPP_FILTER only, and not
for BPFILTER as well.
>How-To-Repeat:
Set up a ppp connection.
tcpdump -neippp0
do some traffic over it -- e.g. finger ronald@office.demon.net
notice that all traffic is marked 'O' for outbound regardless
of what the direction actually is.
Scream :-)
>Fix:
The correct fix is for bpf to treat direction as a separate
variable -- most link level protocols do not include that
information in the link header where tcpdump/bpf currently
expect it to be.  Possibly could include it as part of the
bpf header, or in the worst case change all link level
headers to include one prepended byte of direction (ugh).
But I guess this really is in LBL's court.  Who liases
with them ?

Meantime, we can work around the problem by extending the kludge
that's already in place for PPP_FILTER so that it works for BPFILTER
as well.

Should this be a change-request or a sw-bug ?

*** if_ppp.c.orig	Sun May  3 19:13:40 1998
--- if_ppp.c	Thu May  7 15:24:16 1998
***************
*** 112,117 ****
--- 112,121 ----
  #include <net/bpf.h>
  #endif
  
+ #if defined(PPP_FILTER) || NBPFILTER > 0
+ #include <net/slip.h>
+ #endif
+ 
  #ifdef VJC
  #include <net/slcompress.h>
  #endif
***************
*** 730,742 ****
  	pppdumpm(m0);
      }
  
      if ((protocol & 0x8000) == 0) {
  #ifdef PPP_FILTER
  	/*
  	 * Apply the pass and active filters to the packet,
  	 * but only if it is a data packet.
  	 */
- 	*mtod(m0, u_char *) = 1;	/* indicates outbound */
  	if (sc->sc_pass_filt.bf_insns != 0
  	    && bpf_filter(sc->sc_pass_filt.bf_insns, (u_char *) m0,
  			  len, 0) == 0) {
--- 734,749 ----
  	pppdumpm(m0);
      }
  
+ #if defined(PPP_FILTER) || NBPFILTER > 0
+     *mtod(m0, u_char *) = SLIPDIR_OUT;
+ #endif
+ 
      if ((protocol & 0x8000) == 0) {
  #ifdef PPP_FILTER
  	/*
  	 * Apply the pass and active filters to the packet,
  	 * but only if it is a data packet.
  	 */
  	if (sc->sc_pass_filt.bf_insns != 0
  	    && bpf_filter(sc->sc_pass_filt.bf_insns, (u_char *) m0,
  			  len, 0) == 0) {
***************
*** 751,757 ****
  	    || bpf_filter(sc->sc_active_filt.bf_insns, (u_char *) m0, len, 0))
  	    sc->sc_last_sent = time.tv_sec;
  
- 	*mtod(m0, u_char *) = address;
  #else
  	/*
  	 * Update the time we sent the most recent packet.
--- 758,763 ----
***************
*** 768,773 ****
--- 774,783 ----
  	bpf_mtap(sc->sc_bpf, m0);
  #endif
  
+ #if defined(PPP_FILTER) || NBPFILTER > 0
+     *mtod(m0, u_char *) = address;
+ #endif
+ 
      /*
       * Put the packet on the appropriate queue.
       */
***************
*** 1366,1371 ****
--- 1376,1385 ----
      m->m_pkthdr.len = ilen;
      m->m_pkthdr.rcvif = ifp;
  
+ #if defined(PPP_FILTER) || NBPFILTER > 0
+     *mtod(m, u_char *) = SLIPDIR_IN;
+ #endif
+ 
      if ((proto & 0x8000) == 0) {
  #ifdef PPP_FILTER
  	/*
***************
*** 1373,1379 ****
  	 * if it counts as link activity.
  	 */
  	adrs = *mtod(m, u_char *);	/* save address field */
- 	*mtod(m, u_char *) = 0;		/* indicate inbound */
  	if (sc->sc_pass_filt.bf_insns != 0
  	    && bpf_filter(sc->sc_pass_filt.bf_insns, (u_char *) m,
  			  ilen, 0) == 0) {
--- 1387,1392 ----
***************
*** 1385,1391 ****
  	    || bpf_filter(sc->sc_active_filt.bf_insns, (u_char *) m, ilen, 0))
  	    sc->sc_last_recv = time.tv_sec;
  
- 	*mtod(m, u_char *) = adrs;
  #else
  	/*
  	 * Record the time that we received this packet.
--- 1398,1403 ----
***************
*** 1398,1403 ****
--- 1410,1419 ----
      /* See if bpf wants to look at the packet. */
      if (sc->sc_bpf)
  	bpf_mtap(sc->sc_bpf, m);
+ #endif
+ 
+ #if defined(PPP_FILTER) || NBPFILTER > 0
+     *mtod(m, u_char *) = adrs;
  #endif
  
      rv = 0;
>Audit-Trail:
>Unformatted: