pppd + precompiled-active-filter
OpenWRT has long had some patches against pppd 2.4.4 for what’s called ‘Precompiled Active Filter’. This is a file, which contains the libpcap compiled filter on what should be considered ‘active’ or ‘interesting’ traffic. In the Cisco world, it’s the access-list you reference with dialer-list and dialer-group commands.
The default file that’s shipped tends to ignore icmp requests and a few other odds and ends, and is either never used, or works for everyone else. Sadly, I needed to change it.
Finding #1) tcpdump -ddd not icmp and not udp 123 and …. generates a precompiled file nicely
Finding #2) After several hours - this is not the right way to generate it. Files generated do not do what you think they do.
Finding #3) Included in the buildroot is a tool from http://www.fli4l.de/en/home/news/ called pfc.c which will build the correct filters. That’s the Floppy Linux ISDN… Floppies and ISDN - something I haven’t run into for several years.
Building it (gcc -o pfc -lpcap pfc.c) gives you a nice little tool to generate them using command line libpcap filter syntax - and guess what - they work!
I’m back
As the topic says, I’m back. My employment with MDS is over, so I feel more comfortable writing about what I’m up to and posting small hacks as I run across them. The focus of the blog will shift as I’m now contracting/consulting full time again (and much happier about it). It also means I’ll likely be hacking on Openswan and tcpdump & libpcap more often, since I’ve got some time between paying gigs.
One of the first things I’ll be working on is some updated Cisco to Openswan interop documentation, since I’ve got a PIX and my eBay’d 2600 router running again, and I know the current documentation on this particular interop sucks.
Flickr Photos
