netbsd-bugs: port-arm32/9425: pppd active filters fail to work

Subject: port-arm32/9425: pppd active filters fail to work
To: None <gnats-bugs@gnats.netbsd.org>
From: Mike Pumford <mpumford@black-star.demon.co.uk>
List: netbsd-bugs
Date: 02/15/2000 13:54:40
>Number:         9425
>Category:       port-arm32
>Synopsis:       pppd active filters fail to work
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    port-arm32-maintainer (NetBSD/arm32 Portmaster)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Feb 15 13:54:00 2000
>Last-Modified:
>Originator:     Mike Pumford
>Organization:
	
>Release:        current 02/02/2000
>Environment:

System: NetBSD black-star.demon.co.uk 1.4R NetBSD 1.4R (BLACK-STAR) #4: Thu Feb 3 22:52:33 GMT 2000 root@black-star.demon.co.uk:/usr/src/netbsd/sys/arch/arm32/compile/BLACK-STAR arm32


>Description:
The active-filter-in/active-filter-out options appear to have no effect.
I attempted to set up an active filter which would ignore ntp packets 
as link activity. Despite this the link will not idle out even if the only
traffic (shown by tcpdump) is ntp. To try and eliminate user error I 
tried reversing the logic of the active-filter rules but this has no 
effect. The kernel was compiled with the PFIL_HOOK, PPP_FILTER and 8
bpfilter defices.
This is the tcpdump output from the first case starting with the first 
packet which I consider activity:

21:38:51.906124 nbwww.isc.org.www > black-star.demon.co.uk.62569: . ack 513 win 17520 <nop,nop,timestamp 9421953 1911449>
21:38:53.158865 black-star.demon.co.uk.ntp > tele-auth-0-de0.ns.demon.net.ntp:  v3 client strat 3 poll 6 prec -14
21:38:53.280837 tele-auth-0-de0.ns.demon.net.ntp > black-star.demon.co.uk.ntp:  v3 server strat 2 poll 6 prec -17
21:39:16.159706 black-star.demon.co.uk.ntp > ntp.demon.co.uk.ntp:  v3 client strat 3 poll 6 prec -14
21:39:16.286922 ntp.demon.co.uk.ntp > black-star.demon.co.uk.ntp:  v3 server strat 2 poll 6 prec -18
21:39:57.161069 black-star.demon.co.uk.ntp > tele-auth-0-de0.ns.demon.net.ntp:  v3 client strat 3 poll 6 prec -14
21:39:57.284533 tele-auth-0-de0.ns.demon.net.ntp > black-star.demon.co.uk.ntp:  v3 server strat 2 poll 6 prec -17
21:40:20.162300 black-star.demon.co.uk.ntp > ntp.demon.co.uk.ntp:  v3 client strat 3 poll 6 prec -14
21:40:20.287471 ntp.demon.co.uk.ntp > black-star.demon.co.uk.ntp:  v3 server strat 3 poll 6 prec -18

Should have idle timeout here but the ntp traffic continues

21:41:01.154007 black-star.demon.co.uk.ntp > tele-auth-0-de0.ns.demon.net.ntp:  v3 client strat 3 poll 6 prec -14

The output with the logic of the filter rules reversed is identical.

>How-To-Repeat:
Set up a ppp conection using pppd with the following lines in /etc/ppp/options:

idle 120
active-filter-in 'port ntp'
active-filter-out 'port ntp'

or 

idle 120
active-filter-in 'not port ntp'
active-filter-out 'not port ntp'

Run xntpd to do time synchronisation across the ppp link.

>Fix:
Unknown
>Audit-Trail:
>Unformatted: