Since I was never able to make a decent active-filter for pppd, I created a patch to ppp-2.4.2 which allows an external application to send pppd ALRM signals to wake up an idle timer instead of using an inline filter. This way, I can write a ULOGD plugin to reset the idle timer. As I do not consider myself an experienced programmer, I want someone who knows pppd to look at the patch and tell me if it makes sense. Reproducible: Always Steps to Reproduce: Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.11-gentoo-r9 i686) ================================================================= System uname: 2.6.11-gentoo-r9 i686 VIA Samuel 2 Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.4 [2.3.4 (#1, Oct 24 2004, 02:42:32)] distcc 2.16 i386-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.3.4 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4 sys-devel/binutils: 2.14.90.0.8-r1 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.4.21-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -march=c3 -fomit-frame-pointer" CHOST="i386-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=c3 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.mirrors.tds.net/gentoo ftp://ftp6.uni-erlangen.de/pub/mirrors/gentoo ftp://vlaai.snt.ipv6.utwente.nl/pub/os/linux/gentoo/ http://gentoo.mirrors.tds.net/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 aalib acpi activefilter apache2 apm avi bitmap-fonts cdr cups curl eds emboss encode foomatic foomaticdb fortran gif gstreamer imagemagick imlib jpeg libg++ libwww mad mbox mikmod motif mp3 ncurses nls ogg pam perl png python quicktime readline samba ssl tcpd tiff truetype-fonts type1-fonts vorbis xml2 zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Created attachment 66107 [details, diff] The aformentioned patch
Did you already send it to the upstream ppp developers?
Yes, but they have bugs quite old in their bug tracking system that are not yet dispatched/commented on. I thought Gentoo devs might tell me faster if this is a reasonable solution.
http://ppp.samba.org/cgi-bin/ppp-bugs/incoming?id=1245
patch looks simple and straight-forward. But nonetheless, since this is just a nice-to-have extra/new feature and not some kind of bug/security-fix, you should really wait for upstream to include it. the problem with these kind of patches is always, that the installation is gentoo-specific after and we have to support it till end of human life.
hmm... I don't see the point. sure, you could reset idle timers through ALRM signal, but why use such a hairy solution? the only event needed is transmission/reception of some kind of packages, which already is handled by active-filters. I know, active-filters support has been buggy lately (libpcap devs really need to make up their mind), but I believe ppp-2.4.2-r15 and ppp-2.4.3-r8 really solve any related problem.
I find active-filter ungodly confusing. Also, since this allows an iptables-based active filter, you can do far more complex active-filters. Example, Port Knocking.
c'mon, who on Earth will use port knocking as active filter? a) why don't you test your filters using tcpdump before using them? b) if you really want a easier way of setting active filters, I recommend you to use diald. I've used in the good old days (when my link was a dialup one) with excellent results.
a) Port-knocking is just an example. You could also use this to have any number of UIs ask the user before dialing. b) I've never found any decent documentation on diald. I've seen example config scripts, but never a thorough explanation of what each line does, etc.
Anyway, upstream got back to me and said I ought to add hooks to ppp where necessary and implement the rest as a plugin. I have no idea how to do that, but it sounds like a good idea.