Analyzing a strange behavior of diald, I finally went across to
what I think to be a diald bug, may be two bugs!
Diald handles in different ways a packet ignored because it
matches an "ignore" rule, and a packet ignored because it does
not match any rule. Infact the check_firewall() function in
firewall.c returns 0 in the first case and 1 in the second, as
you can see from the following:
/* Return 1 if accepting rule with non zero timeout, 0
otherwise */
return ((fw->filt.type != FW_TYPE_IGNORE || fw->filt.type !=
FW_TYPE_WAIT) && fw->filt.timeout > 0);
...
...
/* Failed to match any rule. This means we ignore the packet */
if (debug&DEBUG_FILTER_MATCH)
log_packet(0,ip_pkt,len,0);
return 1;
This caused my connection to die after just une second, when a
packet not matching any rule is received from the remote host,
before any other packet.
My be the fix is simply to put "return 0" in the last line. I
need the help of a person which know better the code! The code is
the same for 0.16.5 and 0.99.3 versions.
Another strange behavior is the manner diald treats the first
packet which fire-up the connection.
I fire-up the link with a single ping packet. This is
acknowledged by diald which give it a timeout of 60 seconds (so
my rules require). If - after that - no other packets are
transmitted, I aspect the connection will be closed in 60
seconds. Diald instead close the link after 120 seconds, i.e.
when first-packet-timeout expires.
I don't know if this is to be considered a bug or a
not-well-documented feature. In my case it just turned out to be
an hard-to-trace problem.
I would like that this problems will be addressed with fixes in
the source code or in the docs. By the way I have two suggestion
for people using current versions:
1) At the end of your rules (the file "standard.filter") add a
rule
wich instruct diald to ignore any packets not matched by other
rules: "ignore any any".
2) In the ip-up script add something which causes traffic going
across the line and which is acknowledged by some diald rule.
I added a "ping -c 1 195.110.109.2"
I posted this message to Mike Jagdis (current mantainer) and Eric
Schenk (original author) too, in the hope to have an
authoritative thought.
Niccolo Rigacci
Firenze - Italy
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
