--- ppp-2.4.3/pppd/Makefile.linux.noext 2005-04-22 17:20:18.690280797 +0200 +++ ppp-2.4.3/pppd/Makefile.linux 2005-04-22 17:20:18.705281060 +0200 @@ -60,6 +60,8 @@ # Linux distributions: Please leave TDB ENABLED in your builds. USE_TDB=y +NOEXT_TRAFFIC=y + HAS_SHADOW=y USE_PAM=y #HAVE_INET6=y @@ -94,6 +96,10 @@ endif endif +ifdef NOEXT_TRAFFIC +CFLAGS += -DNOEXT_TRAFFIC +endif + # EAP SRP-SHA1 ifdef USE_SRP CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include --- ppp-2.4.3/pppd/auth.c.noext 2004-11-12 11:30:51.000000000 +0100 +++ ppp-2.4.3/pppd/auth.c 2005-04-22 17:20:18.707281095 +0200 @@ -242,6 +242,11 @@ extern char *crypt __P((const char *, const char *)); +#ifdef NOEXT_TRAFFIC +/* Boolean to care for external traffic or not. Defined in options.c */ +extern int noexttraffic; +#endif + /* Prototypes for procedures local to this file. */ static void network_phase __P((int)); @@ -1158,6 +1163,14 @@ tlim = idle_time_hook(&idle); } else { itime = MIN(idle.xmit_idle, idle.recv_idle); +#ifdef NOEXT_TRAFFIC /* modified version, additional commandline-switch noext-traffic */ + if (!noexttraffic) + itime = MIN(idle.xmit_idle, idle.recv_idle); + else + itime = idle.xmit_idle; +#else /* standard version */ + itime = MIN(idle.xmit_idle, idle.recv_idle); +#endif tlim = idle_time_limit - itime; } if (tlim <= 0) { --- ppp-2.4.3/pppd/options.c.noext 2004-11-09 23:33:35.000000000 +0100 +++ ppp-2.4.3/pppd/options.c 2005-04-22 17:22:16.197351975 +0200 @@ -122,6 +122,10 @@ #endif +#ifdef NOEXT_TRAFFIC +int noexttraffic = 0; /* decide whether or not we want to care for traffic from extern */ +#endif + extern option_t auth_options[]; extern struct stat devstat; @@ -302,6 +306,9 @@ { "active-filter", 1, setactivefilter, "set filter for active pkts", OPT_PRIO }, #endif +#ifdef NOEXT_TRAFFIC + { "noext-traffic", o_bool, (void *)&noexttraffic, "ignore external pkts for timeout", 1 }, +#endif #ifdef MAXOCTETS { "maxoctets", o_int, &maxoctets, --- ppp-2.4.3/pppd/pppd.8.noext 2004-11-13 13:22:49.000000000 +0100 +++ ppp-2.4.3/pppd/pppd.8 2005-04-22 17:26:08.705494299 +0200 @@ -290,6 +290,20 @@ \fIdebug\fR. This information can be directed to a file by setting up /etc/syslog.conf appropriately (see syslog.conf(5)). .TP +.B noext-traffic +Do not count incoming traffic against the idle time set with the idle +option. The default idle option behavior is to count both outgoing +and incoming traffic. This can be very helpful when remote hosts +keeping sending unwanted traffic, thereby keeping the connection up. + +Note that this \fIcannot\fR prevent programs from responding to incoming +requests and in doing so defeat the idle option. The route program +\fIreject\fR parameter might help in that case when enough is known about +IP address space of the site generating the unwanted requests. If you +initiated contact with the site generating the requests, say with a +web browser, then denying ingress with the "reject" parameter probably +won't be a viable option. +. .B default\-asyncmap Disable asyncmap negotiation, forcing all control characters to be escaped for both the transmit and the receive direction.