> I was wondering if there was a way, through filters or otherwise, to block
> a packet from a specified port if the link is down, but pass it if the
> link is up on a dial-on-demand link.
>
> Specifically, I would like to run xntpd on my machine. Since xntpd likes
> to send out packets every couple of minutes or so, it continually brings
> up the link. What I'd like my OR to do is if the link is up, to pass the
> ntp packet. If the link is down, I would like it to stay down and the
> packet dropped.
Since I haven't gotten a whole lot of replies, I did some digging. If you
can get your hands on the image of the COMOS kernel, (or any executable,
for that matter) and do a "strings" on it, it will reveal all sorts of
interesting and sometimes usefull information.
First, you need to get the image of the COMOS kernel. No, not that thing
you download from Livingston's ftp site, but the kernel that is compressed
inside it. The thing you download is basicly a self uncompressing image,
that does a bit of memory checking and setup before it uncompress itsself.
(gleaned this info by doing a strings on it)
What you do is load this image in your favorite binary editor (I prefer
emacs) and delete everything up to the first "\032\213" sequence. (your
"magic" file is always useful for hints on what you are looking for, I was
pretty sure I was looking for a \032\something) Anyhow, if you save the
resulting file to something like "test.gz" and type "file test.gz" it will
say something like this:
% file test.gz
test.gz: gzip compressed data, deflated, original filename, last
modified: Thu Mar 19 18:20:42 1998, os: Unix
And, if you uncompress this with gzip, you will have the COMOS kernel.
...you will probably get a message like:
gunzip: test.gz: decompression OK, trailing garbage ignored
This is ok. So, If we do a "strings test | grep filter" we get, among
other things,
ipxfilter
sapfilter
ofilter
ifilter
dfilter
Now, we all know what the first four are, but the last one?? So I gave it
a try:
my-or> set location swcp dfilter test
New dial filter set for location swcp
my-or> show location swcp
Location: swcp Type: On Demand
Destination: 198.59.115.101 Netmask: 255.255.255.0
Protocol: PPP Options: Quiet, Compression, Multilink
Input Filter: swcp-in Output Filter:
Dial Filter: test
Group: 2 Max Ports: 1
Idle Timeout: 1 minutes High Mark: 0 bytes
Mtu: 1500 Async Map: 00000000
Now, I don't know about you, but my documentation doesn't say anything
about a "dial filter".
Some experimentation shows me that any packet permitted by the Dial Filter
will bring up the link, any denied by the filter will not cause the
location to dial but once the link is up any traffic permitted by the
Input Filter and the Output Filter will keep it up.
This isn't exactly what I would like, but it's certainly "good enough" for
now.
Does anyone at Livingston care to comment on this?
-- Steven.
- To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>