Date: Fri, 25 Jul 1997 10:42:39 -0500 (CDT) From: Dave Bodenstab <imdave@mcs.net> To: brian@freebsd.org, dburr@POBoxes.com, freebsd-questions@freebsd.org Subject: Re: iijppp and debug level? Message-ID: <199707251542.KAA01722@imdave.pr.mcs.net>
next in thread | raw e-mail | index | archive | help
> > My iijppp is redialing like crazy. I'd like to find out what types of > packets are causing the redial, so that I can write an appropraite DFILTER > entry. But there is almost no documentation (that I could find) about the > iijppp "set debug" option. I don't even know if "set debug xxx" can tell > me what type of packet caused the dial! Can anyone help me out here? If > so please e-mail! Thanks! By coincidence I just went thru something like this in the past couple of days. I wanted to filter out all the packets from ad.doubleclick.net, so I needed to figure out what packets to filter and how to specify the filtering rules. I got the latest ppp source from http://(www.freebsd.org/~brian,ppp-970713.src.tar.gz and dove in. I know next to nothing about tcp and ppp protocols, but I figured out enough for me to do what I wanted. Here are the notes I made for myself for the set log command, the syntax for the set filter commands, and (for what it's worth) the filter commands I'm now using to successfully filter out ad.doubleclick.net. BTW, there's a bug in the set filter code. The first chunk fixes what appears to be a typo, and the second chunk eats a ``proto'' argument following a single address; the fix is: --- filter.c 1997/06/28 01:34:03 0.970713 +++ filter.c 1997/07/25 06:41:59 0.970713.1.2 @@ -308,7 +308,7 @@ argc--; argv++; - if (ofp->action == A_DENY) { + if (fp->action == A_DENY) { if (STREQ(*argv, "host")) { fp->action |= A_UHOST; argc--; argv++; @@ -331,6 +331,8 @@ if (proto) { argc--; argv++; } + } else { + argc--; argv++; } } else { LogPrintf(LogWARN, "Parse: Address/protocol expected.\n"); Anyway, I think you just need to ``set log +TCP/IP'' to get a trace of the packets. Hope this helps. (If you find something here that's incorrect, or if there's a better way to do this, I'd appreciate a pointer.) Dave Bodenstab imdave@mcs.net ------------------------------------------------------------ Here are my notes: SET LOG ------- set log [-+]<log type>... syslog Priority What it does ========== =================================== <log type> ::= Async - LOG_INFO Data read/written to modem Carrier - LOG_INFO Matched line containing "CARRIER" Chat - LOG_INFO Dialing and login conversation Command - LOG_INFO ppp.conf/linkup and interactive commands Connect - LOG_INFO Matched line containing "CONNECT" Debug - LOG_DEBUG HDLC - LOG_INFO HDLC packets? LCP - LOG_INFO Initial negotiation packets Link - LOG_INFO Breaks out OS Linkup/down and hisaddr= info from LCP LQM - LOG_INFO LQR packets? Phase - LOG_INFO State changes TCP/IP - LOG_INFO Routing and TCP packet headers Tun - LOG_INFO Inserts ``tunN'' in log messages Warning - LOG_WARN Error - LOG_ERR Alert - LOG_ALERT SET FILTER ---------- >From ``set log tcp/ip'' we see that each packet can be identified by: TYPE / DIRECTION / source ADDRESS / destination ADDRESS where TYPE is tcp/udp/icmp, DIRECTION is input/output, and ADDRESS is ip-number:port In the BNF grammar that follows, TYPE corresponds to <proto>, DIRECTION corresponds to the filter types `ifilter' and `ofilter', and ADDRESS is the ip/port combination. (How do afilter and dfilter fit in?) BNF grammar: <filter command> ::= 'set' <filter type> -1 | 'set' <filter type> NUMBER 'clear' | 'set' <filter type> NUMBER <action> <proto> | 'set' <filter type> NUMBER <action> <destination address> <proto> | 'set' <filter type> NUMBER <action> <source address> <destination address> <proto> <filter type> ::= 'afilter' ; keep Alive | 'dfilter' ; Dial | 'ifilter' ; Input | 'ofilter' ; Output <action> ::= 'permit' | 'deny' <deny type> <deny type> ::= <empty> | 'host' | 'port' <proto> ::= 'tcp' <tcpudp args> | 'udp' <tcpudp args> | 'icmp' <icmp args> <tcpudp args> ::= <empty> | 'src' <op> <port> <estab> | 'dst' <op> <port> <estab> | 'src' <op> <port> 'dst' <op> <port> <estab> <op> ::= 'eq' | 'lt' | 'gt' <port> ::= NAME | NUMBER <estab> ::= <empty> | 'estab' <icmp args> ::= <empty> | 'src' 'eq' NUMBER <source address> ::= <address> <destination address> ::= <address> <address> ::= 'MYADDR' <bits> | 'HISADDR' <bits> | NUMBER.NUMBER.NUMBER.NUMBER <bits> <bits> ::= <empty> ; /32 assumed | / NUMBER ------------------------------------------------------------ Here is the section from ppp.linkup containing my filtering rules: # Set routing # Filter out packets from/to ad.doubleclick.net and the like MCS: delete ALL add 0 0 HISADDR set ifilter 0 deny host 199.95.208.0/24 MYADDR tcp src eq http set ifilter 1 deny host 199.95.207.0/24 MYADDR tcp src eq http set ifilter 2 deny host 204.71.191.209 MYADDR tcp src eq http set ifilter 3 permit 0/0 0/0 set ofilter 0 deny host 199.95.208.0/24 tcp dst eq http set ofilter 1 permit 0/0 0/0 ------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707251542.KAA01722>