netbsd-bugs: bin/33722: pppd 2.4.3 active-filter functions botched

Subject: bin/33722: pppd 2.4.3 active-filter functions botched
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <srp@tworoads.net>
List: netbsd-bugs
Date: 06/13/2006 20:20:00
>Number:         33722
>Category:       bin
>Synopsis:       pppd  2.4.3 active-filter functions botched
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jun 13 20:20:00 +0000 2006
>Originator:     Scott Presnell
>Release:        NetBSD 3.0_STABLE
>Organization:
	Self
>Environment:
System: NetBSD dirt.tworoads.net 3.0_STABLE NetBSD 3.0_STABLE (SAAR.MP) #1: Mon Jan 16 09:54:14 PST 2006 root@low.tworoads.net:/usr/src/sys/arch/i386/compile/SAAR.MP i386
Architecture: i386
Machine: i386
>Description:

    I recently updated a machine running NetBSD 2.0 to 3.0
After doing so, I noticed pppd wasn't working. After trimming
down the configuration file I have a minimum case: it's something
to do with active-filter-{in,out} statements.  (After removing
just those statements my demand dial connection to the ISP works).

>How-To-Repeat:

(both pppd and the kernel in question have PPP_FILTER defined).

for /etc/ppp/options this works:

tty02
9600
debug
dryrun

Output:

    pppd options in effect:
    debug           # (from /etc/ppp/options)
    dryrun          # (from /etc/ppp/options)
    /dev/tty02              # (from /etc/ppp/options)
    9600            # (from /etc/ppp/options)



This fails with the following (correct behaviour):

tty02
9600
debug
active-filter-in 'no udp'
dryrun

output:

    pppd: error in active-filter-in expression: syntax error

    pppd options in effect:
    debug           # (from /etc/ppp/options)
    dryrun          # (from /etc/ppp/options)
    active-filter-in xxx # [don't know how to print value]          # (from /etc/ppp/options)
    /dev/tty02              # (from /etc/ppp/options)
    9600            # (from /etc/ppp/options)
       

this generates no output:

tty02
9600
debug
active-filter-in 'not udp'
dryrun

it exits with exitcode 2, which would seem to indicate an options failure.

>Fix:

Inspection of the NetBSD 2.0 code suggests whoever rewrote the
set*filter_{in,out} functions when moving from pppd version 2.4.1 to 2.4.3
reversed the sense of the return codes. :-/
This patch allows pppd to start with the active-filter statments in place.
(the filters appear to be operating as expeted, though I will keep an eye
on this).


=== patch to options.c ===
--- dist/pppd/pppd/options.c.orig	2006-06-12 12:09:32.000000000 -0700
+++ dist/pppd/pppd/options.c	2006-06-12 12:13:09.000000000 -0700
@@ -319,14 +319,14 @@
 #endif
 
 #ifdef PPP_FILTER
-    { "pass-filter-in", 1, setpassfilter_in,
+    { "pass-filter-in", o_special, setpassfilter_in,
       "set filter for packets to pass inwards", OPT_PRIO },
-    { "pass-filter-out", 1, setpassfilter_out,
+    { "pass-filter-out", o_special, setpassfilter_out,
       "set filter for packets to pass outwards", OPT_PRIO },
 
-    { "active-filter-in", 1, setactivefilter_in,
+    { "active-filter-in", o_special, setactivefilter_in,
       "set filter for active pkts inwards", OPT_PRIO },
-    { "active-filter-out", 1, setactivefilter_out,
+    { "active-filter-out", o_special, setactivefilter_out,
       "set filter for active pkts outwards", OPT_PRIO },
 #endif
 
@@ -1475,13 +1475,13 @@
     char **argv;
 {
     pcap_t *pc;
-    int ret = 0;
+    int ret = 1;
 
     pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535);
     if (pcap_compile(pc, &pass_filter_in, *argv, 1, netmask) == -1) {
 	option_error("error in pass-filter-in expression: %s\n",
 		     pcap_geterr(pc));
-	ret = 1;
+	ret = 0;
     }
     pcap_close(pc);
 
@@ -1496,13 +1496,13 @@
     char **argv;
 {
     pcap_t *pc;
-    int ret = 0;
+    int ret = 1;
 
     pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535);
     if (pcap_compile(pc, &pass_filter_out, *argv, 1, netmask) == -1) {
 	option_error("error in pass-filter-out expression: %s\n",
 		     pcap_geterr(pc));
-	ret = 1;
+	ret = 0;
     }
     pcap_close(pc);
 
@@ -1517,13 +1517,13 @@
     char **argv;
 {
     pcap_t *pc;
-    int ret = 0;
+    int ret = 1;
 
     pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535);
     if (pcap_compile(pc, &active_filter_in, *argv, 1, netmask) == -1) {
 	option_error("error in active-filter-in expression: %s\n",
 		     pcap_geterr(pc));
-	ret = 1;
+	ret = 0;
     }
     pcap_close(pc);
 
@@ -1538,13 +1538,13 @@
     char **argv;
 {
     pcap_t *pc;
-    int ret = 0;
+    int ret = 1;
 
     pc = pcap_open_dead(DLT_PPP_WITH_DIRECTION, 65535);
     if (pcap_compile(pc, &active_filter_out, *argv, 1, netmask) == -1) {
 	option_error("error in active-filter-out expression: %s\n",
 		     pcap_geterr(pc));
-	ret = 1;
+	ret = 0;
     }
     pcap_close(pc);