How to generate a packet filter device driver in Ultrix

[Jeffrey Mogul]

In article <5132 at vela.acs.oakland.edu> schemers at vela.acs.oakland.edu (Roland Schemers III) writes:
>I finally took the plunge and got nfswatch, had the kernel compiled with
>the packet filter, etc.  Then I ran nfswatch. Works pretty nice, shows
>a lot of interesting things. Then I said ok, thats neat, and did a 
>
>/etc/pfconfig -p ln0
>
>To turn of promiscuous mode. To my suprise I started getting a TON of complaints
>that no one could connect to any system via LAT! The only system they could
>connect to was mine! Strange? I finally though maybe I did something by
>using nfswatch. The second I rebooted my machine everyone could use LAT
>again! I tried this a couple of times, and everytime I took ln0 out of
>promscuous mode no one could use LAT!
>
>Has anyone seen this before?? Are you supposed to keep the interface in
>promiscuous mode once you have used it that way?

I suspect you are running Ultrix 4.1 ... I've heard that this bug
appeared in 4.1, but that it wasn't in 4.0.  (I don't know if this is
so.)  Anyway, it's certainly not intentional!

This will be fixed in the next release, as far as I know.  Scant
solace, I realize.  Basically, for now one should not run
promiscuous-mode applications on a LAT-accessed system.

Since running nfswatch or tcpdump on a busy network can eat up most of
the CPU, it's probably best to run them on an otherwise unused
workstation.  Yes, I know that nfswatch has nifty features that make
sense only if you run it on an NFS server, but most of the time you can
do just as well by spying on the server from afar.  In fact, there are
other reasons why running nfswatch on the NFS server won't work quite
right; these, too, should be fixed in the next release.

-Jeff