I'm using diald-0.99.4 to control a DSL link. To make this work I had
to hack two items, and I also added to dctrl. (Patches below.) I've
been using it in production for about 3 weeks with complete reliability.
In dev.c, the call to iface_start and the code to determine the interface
number were pulled out of dev_set_addrs and moved to dev_start.
In shell.c (run_shell), a dup-ed instance of stdout was closed
in the child process.
In dctrl, a button was added to clear the log text, and a menu choice
was added that sends the reset command.
Responding to requests for sample configurations, here's mine. Kernel
is 2.2.13, distribution is Slackware 7.0. The machine with DSL has three
interfaces:
eth0 10baseT to 2nd home office machine
eth1 DSL (10baseT)
eth2 Proxim Symphony wireless 802.11 to "CouchNet"
James F. Carter Voice 310 825 2897 FAX 310 206 6673
UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Internet: [EMAIL PROTECTED] (finger for PGP key)
UUCP:...!{ucsd,ames,ncar,gatech,purdue,rutgers,decvax,uunet}!math.ucla.edu!jimc
=========== /etc/diald.conf =============
# /etc/diald.conf for Fafnir's DSL interface, by jimc, 200-05-06
# (Main controls are at the end.)
# Packet filter parameters, determines which packets can bring the line up.
# Rules for TCP packets.
# Keep incessant named zone transfers from holding the link up. (See UDP below)
ignore tcp tcp.dest=tcp.domain
ignore tcp tcp.source=tcp.domain
# keep empty packets from holding the link up. The length of a TCP packet
# with no data is 40 bytes.
ignore tcp ip.tot_len=40,tcp.live
# make sure http transfers hold the link for a "long" time because the user
# is probably going to click on something else soon.
accept tcp 900 tcp.dest=tcp.www
accept tcp 900 tcp.source=tcp.www
# For any other TCP connection, keep the link up for the standard "short"
# time when it terminates. [jimc decided that to avoid having the link
# bounce up and down, TCP packets should cause a "long" opening.]
accept tcp 900 any
# Once the link is no longer live, we try to shut down the connection
# quickly. Note that if the link is already down, a state change
# will not bring it back up.
keepup tcp 5 !tcp.live
ignore tcp !tcp.live
# Rules for UDP packets
# Don't bring up the link for various services that broadcast all the time.
ignore udp udp.dest=udp.who
ignore udp udp.source=udp.who
ignore udp udp.dest=udp.route
ignore udp udp.source=udp.route
ignore udp tcp.dest=udp.route
ignore udp tcp.source=udp.route
ignore udp udp.dest=udp.ntp
ignore udp udp.source=udp.ntp
ignore udp udp.dest=udp.timed
ignore udp udp.source=udp.timed
# The distributed sample file discriminates against UDP namedaemon packets;
# however, jimc runs a caching nameserver, so needs the net brought up for
# the standard "short" time when named needs it.
accept udp 60 udp.dest=udp.domain
accept udp 60 udp.source=udp.domain
# Multicast protocol (advertisment?) messages shouldn't bring up the link.
ignore igmp any
# Anything else gets a standard "long" time up.
accept udp 900 any
# ICMP echo packets produce a "short" net opening.
accept icmp 60 udp.dest=udp.echo
accept icmp 60 tcp.dest=tcp.echo
# Other ICMP packets are ignored for the purposes of bring the link up or down.
ignore icmp any
# Any packets not caught above cause a "short" net opening.
accept any 60 any
# Main configuration controls
mode dev
device eth1
linkname DSL
linkdesc "Fafnir's DSL Interface"
scheduler other
priority -10
# Used by dctrl for monitoring info. The TCP port is protected by hosts.deny.
fifo "/var/run/diald.ctl"
tcpport 4100
authsimple "/usr/local/lib/diald/authsimple.txt"
local 192.9.200.1
remote 10.0.0.1
netmask 255.255.252.0
dynamic
sticky
# Sliding window size: delay (100 ms) * speed (768 Kb) + 30%
# window 131072
defaultroute
# This only affects statistics display:
demasq
# Debug flags: 1 = filter, 4 = arp, 8 = verbose, 0x10 = state,
# 0x20 = tick per second, 0x40 = connection queue
# debug 0x1c
ifsetup /usr/local/lib/diald/ifsetup.sh
connect-timeout 5
disconnect-timeout 5
redial-timeout 5
stop-dial-timeout 5
kill-timeout 5
first-packet-timeout 5
================== /usr/local/lib/diald/authsimple.txt ==============
# "Simple" authorization file for diald.
# Format: name <whitespace> right, right, ... (comma and/or space separated).
# The "rights" are the names of commands that may be issued.
# The default (lacking this file) is control, auth, monitor.
# The user issues the command "auth simple name" and the line for the matching
# name determines what he can do. In the file the name may be * for anyone.
jimc control, config, block, unblock, force, unforce, down, up, delquit, quit,
reset, queue, debug, dynamic, monitor, message, connect, demand, nodemand, auth
* control, auth, monitor
================== /etc/hosts.allow ===============
# Allow SAMBA from the local net, and nowhere else.
smbd : 192.9.200., 192.9.201., 127.0.0.1
nmbd : 192.9.200., 192.9.201., 127.0.0.1
# diald is allowed only from the local net.
diald : 192.9.200., 192.9.201.
================== /etc/hosts.deny ================
# Allow SAMBA from the local net, and nowhere else.
smbd : ALL
nmbd : ALL
# 4100 is the ad-hoc diald control port, allowed only from the local net.
diald : ALL
================== /usr/local/lib/diald/ifsetup.sh ================
#!/bin/sh
# diald script for Fafnir's DSL, called to set up or take down the interface.
# By [EMAIL PROTECTED], 2000-05-06
# Command line arguments: {start|stop} {proxy|link} interface
# The script is responsible to ifconfig the interface, and to set routes.
# For proxy, it wants the default route into the tap.
# We're using 192.9.200.*/24 and 192.9.201.*/24 as the two house intranets,
# and 10.0.0.1 as the tap IP address.
# This file sets up a simple firewall on the DSL interface.
# stdout is probably connected to the (nonexistent) modem. All output to stderr.
exec 1>&2
mode=$2
case $mode in
link)
localip=10.0.0.1
broadcast=10.0.0.255
;;
proxy)
localip=10.0.1.1
broadcast=10.0.1.255
;;
*)
echo "$0: expecting mode 'link' or 'proxy', this script doesn't work for mode
'$2'"
exit 4
;;
esac
ifc=$3
case $1 in
start)
ifconfig $ifc $localip broadcast $broadcast netmask 255.255.255.0 up
case $mode in
link)
#Traffic from either house net to the outside world
#is subjected to IP masquerade.
/sbin/ipchains -A forward \
-s 192.9.200.0/23 -d \! 192.9.200.0/23 -j MASQ
#Traffic between house nets is passed through.
/sbin/ipchains -A forward \
-s 192.9.200.0/23 -d 192.9.200.0/23 -j ACCEPT
#Thru traffic by hackers to the house net is tossed.
/sbin/ipchains -P forward DENY
# /etc/rc.d/rc.inet1 does: ipchains -P forward ACCEPT
# -R = don't mess with /etc/resolv.conf.
# -d = syslog(LOG_DEBUG) major actions.
# dhcpcd takes care of inserting the default route.
/sbin/dhcpcd -R -d $ifc < /dev/null
;;
proxy)
route add default metric 2 dev $ifc
;;
esac
;;
stop)
case $mode in
link)
pidf=/var/run/dhcpcd-$ifc.pid
if [ -s $pidf ] ; then
kill `cat $pidf`
fi
#Flush the firewall, pass all packets (within house net)
/sbin/ipchains -F forward
/sbin/ipchains -P forward ACCEPT
ifconfig $ifc down
;;
proxy)
route del default metric 2 dev $ifc
# The tap is not taken down; diald still wants to transmit
# over the tap.
;;
esac
;;
*)
echo "$0: polarity was '$1', should be 'start' or 'stop'"
exit 4
;;
esac
exit 0
=================== Source patches ===================
*** dev.c.orig Tue Jan 4 02:15:42 2000
--- dev.c Mon May 8 22:03:55 2000
***************
*** 30,35 ****
--- 30,48 ----
rx_count = -1;
mon_syslog(LOG_INFO, "Open device %s", current_dev);
dead = 0;
+
+ /* Try to get the interface number if we don't know it yet. */
+ if (link_iface == -1) {
+ int n;
+ n = strcspn(current_dev, "0123456789" );
+ link_iface = atoi(current_dev + n);
+ if (n > sizeof(device_node)-1)
+ n = sizeof(device_node)-1;
+ strncpy(device_node, current_dev, n);
+ device_node[n] = '\0';
+ }
+ iface_start("link", device_node, link_iface,
+ local_ip, remote_ip, broadcast_ip, metric);
}
/*
***************
*** 53,68 ****
ulong laddr = 0, raddr = 0, baddr = 0;
struct ifreq ifr;
- /* Try to get the interface number if we don't know it yet. */
- if (link_iface == -1) {
- int n;
- n = strcspn(current_dev, "0123456789" );
- link_iface = atoi(current_dev + n);
- if (n > sizeof(device_node)-1)
- n = sizeof(device_node)-1;
- strncpy(device_node, current_dev, n);
- device_node[n] = '\0';
- }
SET_SA_FAMILY (ifr.ifr_addr, AF_INET);
--- 66,71 ----
***************
*** 148,155 ****
broadcast_ip ? broadcast_ip : "");
}
- iface_start("link", device_node, link_iface,
- local_ip, remote_ip, broadcast_ip, metric);
if (proxy.stop)
proxy.stop(&proxy);
--- 151,156 ----
*** shell.c.orig Sun Oct 10 14:43:05 1999
--- shell.c Mon May 8 22:06:31 2000
***************
*** 31,37 ****
return -1;
}
! if (pid == 0) {
if (d >= 0) {
/* Run in a new process group and foreground ourselves
* on the tty (SIGTTOU is ignored).
--- 31,37 ----
return -1;
}
! if (pid == 0) { /*In the child*/
if (d >= 0) {
/* Run in a new process group and foreground ourselves
* on the tty (SIGTTOU is ignored).
***************
*** 75,80 ****
--- 75,81 ----
dup2((p[1] >= 0 ? p[1] : 0), 1);
dup2((p[1] >= 0 ? p[1] : 0), 2);
}
+ if (p[1] >= 0) close(p[1]);
/* set the current device (compat) */
if (current_dev)
***************
*** 94,100 ****
_exit(127);
/* NOTREACHED */
}
!
if (p[1] >= 0) close(p[1]);
if (mode & SHELL_WAIT) {
--- 95,101 ----
_exit(127);
/* NOTREACHED */
}
! /* In the parent process */
if (p[1] >= 0) close(p[1]);
if (mode & SHELL_WAIT) {
*** bin/dctrl.orig Sun Feb 21 07:15:09 1999
--- bin/dctrl Mon Jun 5 16:23:29 2000
***************
*** 795,800 ****
--- 795,802 ----
-command "fifoCmd down"
.menu.control.m add command -label "Terminate on idle" -underline 0 \
-command "fifoCmd delayed-quit"
+ .menu.control.m add command -label "Reset-reconfig" -underline 0 \
+ -command "fifoCmd reset" ;#jimc hack
.menu.control.m add command -label "Quit diald" -underline 0 \
-command "fifoCmd quit"
pack .menu.control -side left
***************
*** 1005,1010 ****
--- 1007,1014 ----
frame .message.menu -relief raised -bd 2
pack .message.menu -side top -anchor nw -fill x -expand 0
label .message.menu.label -text "Information"
+ button .message.menu.clear -text Clear -command \
+ {.message.vis.text delete 1.0 end} ;# jimc hack
menubutton .message.menu.loglevel -text "Log Level" -menu .message.menu.loglevel.m
-underline 0
menu .message.menu.loglevel.m
.message.menu.loglevel.m add radiobutton -label {Emergency} \
***************
*** 1024,1030 ****
.message.menu.loglevel.m add radiobutton -label {Debug} \
-variable monloglevel -value 7 -command { setMonitor }
pack .message.menu.label -side left
! pack .message.menu.loglevel -side right
frame .message.vis
text .message.vis.text -bor 0 \
-height 8 -width 60 -highlightthickness 0 -insertontime 0 \
--- 1028,1034 ----
.message.menu.loglevel.m add radiobutton -label {Debug} \
-variable monloglevel -value 7 -command { setMonitor }
pack .message.menu.label -side left
! pack .message.menu.loglevel .message.menu.clear -side right
frame .message.vis
text .message.vis.text -bor 0 \
-height 8 -width 60 -highlightthickness 0 -insertontime 0 \
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
