diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-analyzer/ippl |
reinit the tree, so we can have metadata
Diffstat (limited to 'net-analyzer/ippl')
-rw-r--r-- | net-analyzer/ippl/Manifest | 12 | ||||
-rw-r--r-- | net-analyzer/ippl/files/ippl-1.4.14-format-warnings.patch | 20 | ||||
-rw-r--r-- | net-analyzer/ippl/files/ippl-1.4.14-includes.patch | 20 | ||||
-rw-r--r-- | net-analyzer/ippl/files/ippl-1.4.14-manpage.patch | 15 | ||||
-rw-r--r-- | net-analyzer/ippl/files/ippl-1.4.14-noportresolve.patch | 347 | ||||
-rw-r--r-- | net-analyzer/ippl/files/ippl-1.4.14-privilege-drop.patch | 140 | ||||
-rw-r--r-- | net-analyzer/ippl/files/ippl.rc | 30 | ||||
-rw-r--r-- | net-analyzer/ippl/ippl-1.4.14-r3.ebuild | 54 | ||||
-rw-r--r-- | net-analyzer/ippl/ippl-1.4.14-r5.ebuild | 56 | ||||
-rw-r--r-- | net-analyzer/ippl/metadata.xml | 8 |
10 files changed, 702 insertions, 0 deletions
diff --git a/net-analyzer/ippl/Manifest b/net-analyzer/ippl/Manifest new file mode 100644 index 000000000000..92ae16ef779e --- /dev/null +++ b/net-analyzer/ippl/Manifest @@ -0,0 +1,12 @@ +AUX ippl-1.4.14-format-warnings.patch 645 SHA256 1f677214697c8fa6a0eb02dedb3a9616eb2c0ad9bcc8b6512e4195c7ecdab3fa SHA512 e3b247d5628883c4bbc5ae24e39bf4ef0910ed15dbcc7a13d586eddbea6ee1dfa5de1c4252c07fa87564da60febbb200f0e78a58cf29547db4b7446eebc73544 WHIRLPOOL 5b24b9cc5b75347ead6fecd28e1806c60a1831fe6439c62701151ec02b930421153bfde670e20bd5f4cb9c511f64df0183dc5035130ce571d5a370af87ce6a83 +AUX ippl-1.4.14-includes.patch 374 SHA256 bffdfaa881cd176d2f6900bf387613485a9fba7b35aee68f8614a26272d7f4ea SHA512 5e7c8ab27770e3f50d09ee7e1f68246828d1b540a87c50c5c1afb3bbbe646af3b3d71369dfe2e41a1f04c306d88b8ef20f2be80edca8c201f7cb6d8c5539dfc9 WHIRLPOOL de8473f766992cec5e3e5a60380e519fa29a91ac79c2c530e5b7443cd117862e8ce81ff972855474a537702ff9dcc0a1a85df964edd97cbd8476d6b7a1698f3a +AUX ippl-1.4.14-manpage.patch 306 SHA256 c1f1d47ce32c3133430312142e68e62c4aa243eed5afd8273ebe72e36ed04700 SHA512 4dc5b6ad12875c94a5b86ca380aeabb003734aabfd54b97edba20614b449dab35d8ba748e8faeda8a2bf2608158d4dd5c6e34c82b664ddf4fd12710ab81498ef WHIRLPOOL 67363710fc441665fa658b444961317d736214003df2ce0c383bc908afd4f34fdab4a690b797b8a8a5f66d813720557d63ecca3bbf998ad85c02fa2f64e5ca0e +AUX ippl-1.4.14-noportresolve.patch 10610 SHA256 469f4c308379450c44399fb973c3963a1aa0dafe7dd95d1302a3a992843065ca SHA512 591a0aaaac11f80087e2f7a53a18434c065a2d29ba6a09893f2927edbd9b0622925e5bc441657f283fe4689c21bb669bfdfd71faf900d8ff9309e25885adc7e3 WHIRLPOOL a83593cfe2d126e2293b509510697955826d60560e4677be040d6b357c8f09c95e542a5c50c6c3f13202c5ba05dcd8dbf90ac9c78ff65747c9a2d58f323ff8ce +AUX ippl-1.4.14-privilege-drop.patch 4289 SHA256 ab6839f5d9c5c74be5a8fa2cf03a236e4bc7b7096c4a5432b52ad78d39334020 SHA512 7b711bd0ac56867a6936035f63b047c1e86fe072f215dcc18eb8dada58d1087964a29b05c1eadef0303d203329a91a053e747c997d78ecd1697788e9f7a15f2f WHIRLPOOL 93cf090cb7e1db232d9979ee570e0b79c071901d8ccf78b8d1773fbec0737b34092d7fed9c279933fe3c013c323d23d0ea0da7ddcc79b0b1f55a560f83eb7fd6 +AUX ippl.rc 573 SHA256 d8c3e9b223974384a51838532010777fc4847207fa19184d708f8e42a8243b3d SHA512 2aadbb7cf33c83addef03e7815dd5d6c6a983ee0b269677d251a3b4550e2c038db4436b03a27024ea5ce12f0ca1eb2b87f33ba267e78f70afb06436119b99396 WHIRLPOOL 35f7e5a5bd5d71c2446112d96dff3d8e6e8d06ddbd41bbe11157e8a6c2b817573246568551aba574ebc2ed676cbc0dc66417b9ddfe030f079932723ae968f452 +DIST ippl-1.4.14.tar.gz 54030 SHA256 e1808c65e498036de2529d053dbaa95ba3f6821e2c7196d4dcbb5039489cfeb4 SHA512 3d71afc3ec7a0420cc9b269bf67dc008a777464c68d233dfbad4ee7a2dd2b960e114500e42866977e31b9dbeee26bbefea937fef8a09aa41cf87f96361ba0088 WHIRLPOOL aeab98a00d31583f19d4c98839f8eef4adbb263e274df2cd4065910e8a05d19e432be235de378e4039abc8465ff4fe8c11fcae1e95aa4e5dd34565acd4169c2a +EBUILD ippl-1.4.14-r3.ebuild 1164 SHA256 14312ab7486cba9e5d4dd789b8c4585c6150b0c689935b7f6edc21286740d015 SHA512 1d840eb3757d941ba84955d80799425f45732db03151b5b00e45a6cf7e97b84ed7b4c3c017677d99748cb8d88b1b119796acc6ea01c0a5b1938022416fa85c1c WHIRLPOOL 550415122f5440dd515db8c9e426ede5d59b38411f234141f7385b0918088fac7553fd81fbdaa7654067db50fce6c8411707ab0b1560b65b075bdce83ed86720 +EBUILD ippl-1.4.14-r5.ebuild 1133 SHA256 84a34d088fd8451406ae257af59992e6a67549589accbd9c297295be133fdc82 SHA512 6da05595f41493eee312d43f6120ebb961806e949a132a28541d38e0b501305650b51e386bd08f89d709afd4b56a28380eb0014ddb56e274625e84af319669ce WHIRLPOOL 1cf97c60dc3219ad2b2d058765e8319768ee4e13119f2265abe0f324c66b997a1f7999e9b9c8ffbbf7c25aa363e44c699273b520a363c3cc155bdbd3d26e4cdc +MISC ChangeLog 2822 SHA256 74f48cb11aa4eb8ed3d793bf9a737d759df913e55471017a670d20593ad33603 SHA512 3b8192dd83a7584fc8511dae0f980f9b8f3c8bb5eb6e1574a26ad3fcf3d571115c000e7e5d8515748d3ff882995c444251ef6d81b7aff9ac933827277960cf32 WHIRLPOOL a53cc1f6286a8fd192daab2834cd30b2b14a3bd3c9cdcd9da37b6db10d03fea393d2e15253eba4059abeb382e1601c6d00d970847af6445fab5378422d2d333b +MISC ChangeLog-2015 4060 SHA256 2ad780985057265fdfe2aa37649897056f11d9e941736a0a5ff692c088b4aab7 SHA512 789900b4dd8e5a897e06b8ecbea08a0621d604df0cf682e4493d5623904c1d9311eefd958b72929751d5e30b4c949e36dae2d9f266dbe0097e0d6d7d6925f98b WHIRLPOOL 3d58be7ab47c86f5c1516f8772173c1e6d5803802c4577cecf6774aa10e6bc039b3a834ea984a5d10c30f6cb65ac52845c023c06d06c8975755546c85963d1fb +MISC metadata.xml 276 SHA256 d15d6b6bd9ffc8a642c7469d01788ba9158efb4ca27fcf3324d9e52d1b70ec93 SHA512 f0e6c6bc89659e01e157d9bf30d0a2f3fd2d71bc26c8d12489c4a44fc5237159946e25b46e7295ab4676aea63559194977a0b1e76aced31d81cf6387dd0f4250 WHIRLPOOL 26b9e81575f613b751f76234013c30a8da84a1c0dd75c12b8df32706ee753691bbc889a2dec5001cc8c4b05c47aca49ed9fabbb5a6fefed74aaa86d6c3f56cee diff --git a/net-analyzer/ippl/files/ippl-1.4.14-format-warnings.patch b/net-analyzer/ippl/files/ippl-1.4.14-format-warnings.patch new file mode 100644 index 000000000000..db6cfcd7e1d0 --- /dev/null +++ b/net-analyzer/ippl/files/ippl-1.4.14-format-warnings.patch @@ -0,0 +1,20 @@ +--- a/Source/log.c ++++ b/Source/log.c +@@ -147,7 +147,7 @@ + } + + if (repeats > 0) { +- snprintf(date, 27, asctime(localtime(&last_repeat))); ++ snprintf(date, 27, "%s", asctime(localtime(&last_repeat))); + snprintf(repeat_message, 40, "last message repeated %d time(s)\n", repeats); + write(fd, date+4, strlen(date)-10); + write(fd, " ", 1); +@@ -155,7 +155,7 @@ + repeats = 0; + } + +- snprintf(date, 27, asctime(localtime(¤t))); ++ snprintf(date, 27, "%s", asctime(localtime(¤t))); + write(fd, date+4, strlen(date)-10); + write(fd, " ", 1); + write(fd, entry, (strlen(entry) < 1023) ? strlen(entry) : 1023 ); diff --git a/net-analyzer/ippl/files/ippl-1.4.14-includes.patch b/net-analyzer/ippl/files/ippl-1.4.14-includes.patch new file mode 100644 index 000000000000..12b2832fa342 --- /dev/null +++ b/net-analyzer/ippl/files/ippl-1.4.14-includes.patch @@ -0,0 +1,20 @@ +--- a/Source/filter.c ++++ b/Source/filter.c +@@ -22,6 +22,7 @@ + + #include <stdlib.h> + #include <ctype.h> ++#include <string.h> /* memcpy() */ + + #include <fnmatch.h> + +--- a/Source/main.c ++++ b/Source/main.c +@@ -37,6 +37,7 @@ + #include <pwd.h> + #include <stdlib.h> + #include <getopt.h> ++#include <grp.h> /* initgroups() */ + + #include "defines.h" + #include "configuration.h" diff --git a/net-analyzer/ippl/files/ippl-1.4.14-manpage.patch b/net-analyzer/ippl/files/ippl-1.4.14-manpage.patch new file mode 100644 index 000000000000..d17e5939cdee --- /dev/null +++ b/net-analyzer/ippl/files/ippl-1.4.14-manpage.patch @@ -0,0 +1,15 @@ +patch by Marc Haber <mh+debian-packages@zugschlus.de> + +--- a/Docs/ippl.conf.man ++++ b/Docs/ippl.conf.man +@@ -222,9 +222,7 @@ + .SS Protocol + .PP + protocol is one of the supported protocols (see the protocols +-section), except the +-.I all +-keyword, which is not supported. ++section). + + .SS Description + .PP diff --git a/net-analyzer/ippl/files/ippl-1.4.14-noportresolve.patch b/net-analyzer/ippl/files/ippl-1.4.14-noportresolve.patch new file mode 100644 index 000000000000..919623040f7f --- /dev/null +++ b/net-analyzer/ippl/files/ippl-1.4.14-noportresolve.patch @@ -0,0 +1,347 @@ +patch by Marc Haber <mh+debian-packages@zugschlus.de> + +--- a/Docs/ippl.conf.man ++++ b/Docs/ippl.conf.man +@@ -92,6 +92,13 @@ + .PP + By default, IP address resolution is disabled for all the protocols. + ++Ippl by default resolves tcp/udp port numbers to their respective ++service names. If you pass a protocol to the noportresolve option, ++ippl logs the port number instead. This is a Debian specific extension. ++ ++By default service resolving is enabled, since this is the behaviour ++of the upstream program. ++ + .SH LOGGING FORMAT + + .BR ippl +@@ -198,6 +205,12 @@ + .I noresolve + disable IP address resolution. + .PP ++.I portresolve ++enable IP service resolution. ++.PP ++.I noportresolve ++disable IP service resolution. ++.PP + .I ident + use ident logging (only for TCP). + .PP + +--- a/Source/configuration.c ++++ b/Source/configuration.c +@@ -60,6 +60,7 @@ + extern unsigned int dns_expire; + extern unsigned short log_protocols; + extern unsigned short resolve_protocols; ++ extern unsigned short portresolve_protocols; + extern unsigned short icmp_format; + extern unsigned short tcp_format; + extern unsigned short udp_format; +@@ -71,6 +72,7 @@ + dns_expire = DNS_EXPIRE; + log_protocols = NONE; + resolve_protocols = 0; /* Do not resolve by default */ ++ portresolve_protocols = RUN_TCP | RUN_UDP | RUN_ICMP; /* Resolve by default */ + icmp_format = LOGFORMAT_NORMAL; + tcp_format = LOGFORMAT_NORMAL; + udp_format = LOGFORMAT_NORMAL; + +--- a/Source/filter.c ++++ b/Source/filter.c +@@ -46,6 +46,7 @@ + + extern unsigned short use_ident; + extern unsigned short resolve_protocols; ++extern unsigned short portresolve_protocols; + extern unsigned short icmp_format; + extern unsigned short tcp_format; + extern unsigned short udp_format; +@@ -66,7 +67,7 @@ + #ifdef FILTER_DEBUG + void display_info(struct log_info *info, int entries) { + +- log.log(log.level_or_fd, "DBG: (e:%d) log:%d ident:%d resolve:%d closing:%d format:%d", entries, info->log, info->ident, info->resolve, info->logclosing, info->logformat); ++ log.log(log.level_or_fd, "DBG: (e:%d) log:%d ident:%d resolve:%d portresolve: %d, closing:%d format:%d", entries, info->log, info->ident, info->resolve, info->portresolve, info->logclosing, info->logformat); + } + #endif + +@@ -200,6 +201,19 @@ + break; + } + } ++ if (info->portresolve == -1) { ++ switch (protocol) { ++ case IPPROTO_ICMP: ++ info->portresolve = portresolve_protocols & RUN_ICMP; ++ break; ++ case IPPROTO_TCP: ++ info->portresolve = portresolve_protocols & RUN_TCP; ++ break; ++ case IPPROTO_UDP: ++ info->portresolve = portresolve_protocols & RUN_UDP; ++ break; ++ } ++ } + } + + struct log_info do_log(const __u32 from, const __u32 to, const __u16 type, const __u16 srctype, const short protocol) { +@@ -244,6 +258,7 @@ + info.log = p->log; + info.ident = p->ident; + info.resolve = p->resolve; ++ info.portresolve = p->portresolve; + info.logformat = p->logformat; + info.logclosing = p->logclosing; + set_defaults(protocol, &info); +@@ -265,6 +280,7 @@ + info.log = p->log; + info.ident = p->ident; + info.resolve = p->resolve; ++ info.portresolve = p->portresolve; + info.logformat = p->logformat; + set_defaults(protocol, &info); + #ifdef FILTER_DEBUG +@@ -280,7 +296,7 @@ + info.log = TRUE; + info.ident = use_ident; + info.logclosing = log_closing; +- info.logformat = info.resolve = -1; ++ info.logformat = info.resolve = info.portresolve = -1; + set_defaults(protocol, &info); + + #ifdef FILTER_DEBUG + +--- a/Source/filter.h ++++ b/Source/filter.h +@@ -53,6 +53,7 @@ + struct filter_entry { + short log; /* TRUE for "log", FALSE for "ignore" */ + short ident; /* TRUE if we should use ident */ ++ short portresolve; /* TRUE if we should resolve TCP/UDP services */ + short resolve; /* TRUE if we should resolve IP addresses */ + short logformat; /* format used to log */ + short logclosing; /* TRUE to log closing TCP connections */ +@@ -72,6 +73,7 @@ + short log; + short ident; + short resolve; ++ short portresolve; + short logclosing; + short logformat; + }; + +--- a/Source/ippl.l ++++ b/Source/ippl.l +@@ -75,6 +75,9 @@ + [lL][oO][gG][cC][lL][oO][sS][iI][nN][gG] return LOGCLOSING; + [nN][oO][lL][oO][gG][cC][lL][oO][sS][iI][nN][gG] return NOLOGCLOSING; + ++[nN][oO][pP][oO][rR][tT][rR][eE][sS][oO][lL][vV][eE] return NOPORTRESOLVE; ++[pP][oO][rR][tT][rR][eE][sS][oO][lL][vV][eE] return PORTRESOLVE; ++ + [nN][oO][rR][eE][sS][oO][lL][vV][eE] return NORESOLVE; + [rR][eE][sS][oO][lL][vV][eE] return RESOLVE; + + +--- a/Source/ippl.y ++++ b/Source/ippl.y +@@ -61,6 +61,7 @@ + + /* Should name resolving be done? */ + unsigned short resolve_protocols; ++unsigned short portresolve_protocols; + + /* Logging format for each protocol */ + unsigned short icmp_format; +@@ -100,7 +101,7 @@ + %token<stringval> IP HOSTMASK IDENTIFIER FILENAME + %token<longval> NUMBER + +-%token LOGFORMAT DETAILED SHORT NORMAL RESOLVE NORESOLVE IDENT NOIDENT LOGCLOSING NOLOGCLOSING ++%token LOGFORMAT DETAILED SHORT NORMAL RESOLVE NORESOLVE IDENT NOIDENT LOGCLOSING NOLOGCLOSING PORTRESOLVE NOPORTRESOLVE + %token RUN RUNAS EXPIRE LOG_IN LOG IGNORE FROM TO TYPE PORT SRCPORT OPTION COMMA + %token ICMP TCP UDP ALL + +@@ -138,6 +139,11 @@ + | NORESOLVE ProtoList EOL + { resolve_protocols &= ~$2; } + ++ | PORTRESOLVE ProtoList EOL ++ { portresolve_protocols |= $2; } ++ | NOPORTRESOLVE ProtoList EOL ++ { portresolve_protocols &= ~$2; } ++ + | LOGCLOSING EOL + { log_closing = TRUE; } + | NOLOGCLOSING EOL +@@ -249,6 +255,7 @@ + switches.log = -1; + switches.ident = use_ident; + switches.resolve = -1; ++ switches.portresolve = -1; + switches.logformat = -1; + switches.logclosing = log_closing; + } +@@ -259,6 +266,7 @@ + $$->ident = switches.ident; + $$->logclosing = switches.logclosing; + $$->resolve = switches.resolve; ++ $$->portresolve = switches.portresolve; + $$->logformat = switches.logformat; + $$->protocol = $4.protocol; + $$->loginfo = $4.loginfoval; +@@ -287,6 +295,8 @@ + | NOIDENT { switches.ident = FALSE; } + | RESOLVE { switches.resolve = RUN_ICMP | RUN_TCP | RUN_UDP; } + | NORESOLVE { switches.resolve = 0; } ++ | PORTRESOLVE { switches.portresolve = RUN_ICMP | RUN_TCP | RUN_UDP; } ++ | NOPORTRESOLVE { switches.portresolve = 0; } + | SHORT { switches.logformat = LOGFORMAT_SHORT; } + | NORMAL { switches.logformat = LOGFORMAT_NORMAL; } + | DETAILED { switches.logformat = LOGFORMAT_DETAILED; } + +--- a/Source/main.c ++++ b/Source/main.c +@@ -48,6 +48,10 @@ + #include "filter.h" + #include "pidfile.h" + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + /* Logging mechanism */ + struct loginfo log; + + +--- a/Source/netutils.c ++++ b/Source/netutils.c +@@ -237,15 +237,21 @@ + * Get a service name for a specified protocol + */ + +-void service_lookup(char *proto, char *service, __u16 port) { ++void service_lookup(char *proto, char *service, __u16 port, int portresolve) { + struct servent *se; + + pthread_mutex_lock(&service_mutex); +- se = getservbyport(port, proto); +- if (se == NULL) ++ if (portresolve) ++ { ++ se = getservbyport(port, proto); ++ if (se == NULL) ++ snprintf(service, SERVICE_LENGTH, "port %d", ntohs(port)); ++ else { ++ snprintf(service, SERVICE_LENGTH, "%s", se->s_name); ++ } ++ } ++ else { + snprintf(service, SERVICE_LENGTH, "port %d", ntohs(port)); +- else { +- snprintf(service, SERVICE_LENGTH, "%s", se->s_name); + } + pthread_mutex_unlock(&service_mutex); + } + +--- a/Source/netutils.h ++++ b/Source/netutils.h +@@ -53,6 +53,6 @@ + const __u32 src_addr, const __u16 src_port, + const __u32 dst_addr, const __u16 dst_port); + +-void service_lookup(char *proto, char *service, __u16 port); ++void service_lookup(char *proto, char *service, __u16 port, int portresolve); + + #endif + +--- a/Source/tcp.c ++++ b/Source/tcp.c +@@ -51,6 +51,7 @@ + struct loginfo tcp_log; + extern struct loginfo log; + extern unsigned short resolve_protocols; ++extern unsigned short portresolve_protocols; + + /* + * Structure of a TCP packet +@@ -88,7 +89,7 @@ + *details ='\0'; + host_print(remote_host, IPHDR.saddr, + info.resolve); +- service_lookup("tcp", service, TCPHDR.dest); ++ service_lookup("tcp", service, TCPHDR.dest, info.portresolve); + if (info.logformat == LOGFORMAT_DETAILED) { + get_details(details, + IPHDR.saddr, +@@ -186,7 +187,7 @@ + *details ='\0'; + host_print(remote_host, IPHDR.saddr, + info.resolve); +- service_lookup("tcp", service, TCPHDR.dest); ++ service_lookup("tcp", service, TCPHDR.dest, info.portresolve); + if (info.logformat == LOGFORMAT_DETAILED) { + get_details(details, + IPHDR.saddr, + +--- a/Source/udp.c ++++ b/Source/udp.c +@@ -81,7 +81,7 @@ + *details ='\0'; + host_print(remote_host, IPHDR.saddr, + info.resolve); +- service_lookup("udp", service, UDPHDR.dest); ++ service_lookup("udp", service, UDPHDR.dest, info.portresolve); + if (info.logformat == LOGFORMAT_DETAILED) { + get_details(details, + IPHDR.saddr, + +--- a/ippl.conf ++++ b/ippl.conf +@@ -4,13 +4,15 @@ + # User used + # --------- + # Specify the user (declared in /etc/passwd) used to run the +-# logging threads. +-#runas nobody ++# logging threads. The ippl process visible in the process table ++# is still running as root! Look in /proc/pid/task to see the threads ++# running as ippl ++runas ippl + + # Resolve hostnames? + # ------------------ +-# Uncomment the line below to disable DNS lookups +-#noresolve all ++# Uncomment the line below to enable DNS lookups ++#resolve all + + # Use ident? + # ---------- +@@ -38,9 +40,14 @@ + # ---------------- + run icmp tcp + # Uncomment the line below to log UDP traffic. +-# See ippl.conf(5) for recommandations. ++# See ippl.conf(5) for recommendations. + #run udp + ++# Resolve tcp/udp port to service name? ++# ------------------------------------- ++# portresolve icmp tcp udp ++# Set noportresolve <protocol-list> to log port numbers instead ++ + # Logging format + # ---------------- + # If you want to see the destination address, the ports, etc +@@ -63,6 +70,3 @@ + # Do not log DNS queries + #ignore udp port domain + #ignore udp srcport domain +- +-# End of configuration +-# Copyright (C) 1998-1999 Hugo Haas - Etienne Bernard + diff --git a/net-analyzer/ippl/files/ippl-1.4.14-privilege-drop.patch b/net-analyzer/ippl/files/ippl-1.4.14-privilege-drop.patch new file mode 100644 index 000000000000..0f6d03684a93 --- /dev/null +++ b/net-analyzer/ippl/files/ippl-1.4.14-privilege-drop.patch @@ -0,0 +1,140 @@ +privilege-drop by Marc Haber <mh+debian-packages@zugschlus.de> + +--- a/Source/icmp.c ++++ b/Source/icmp.c +@@ -39,6 +39,8 @@ + #include "log.h" + #include "filter.h" + #include "configuration.h" ++#include <string.h> ++#include <errno.h> + + /* Socket */ + int icmp_socket; +@@ -296,14 +298,16 @@ + + icmp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); + if (icmp_socket <= 0) { +- log.log(log.level_or_fd, "FATAL: Unable to open icmp raw socket"); ++ int error = errno; ++ log.log(log.level_or_fd, "FATAL: Unable to open icmp raw socket\nERROR No: %d\nERROR : %s", error, strerror(error)); + exit(1); + } + +- setgid(((struct passwd *)nobody)->pw_gid); ++ /* Don't do this here - race conditions will arise */ ++ /* setgid(((struct passwd *)nobody)->pw_gid); + initgroups(((struct passwd *)nobody)->pw_name, + ((struct passwd *)nobody)->pw_gid); +- setuid(((struct passwd *)nobody)->pw_uid); ++ setuid(((struct passwd *)nobody)->pw_uid); */ + + for(;;) { + if (read(icmp_socket, (__u8 *) &pkt, ICMP_CAPTURE_LENGTH) == -1) { +--- a/Source/main.c ++++ b/Source/main.c +@@ -153,6 +153,17 @@ + run_thread(&udp_t, log_udp, (void *)account); + } + ++ /* Sleep 1 sec to allow the other threads to catchup */ ++ /* Not the best way to solve the issue but it works */ ++ sleep(1); ++ ++ /* Drop privileges */ ++ ++ setgid(((struct passwd *)account)->pw_gid); ++ initgroups(((struct passwd *)account)->pw_name, ++ ((struct passwd *)account)->pw_gid); ++ setuid(((struct passwd *)account)->pw_uid); ++ + } + + +@@ -160,8 +171,10 @@ + * reload_configuration + * + * Stops the threads and reloads the configuration ++ * ++ * -- DEPRECATED (due to privilege drop cannot reload - needs a restart!) + */ +-void reload_configuration() { ++void reload_configuration_DEPRECATED() { + extern pthread_mutex_t log_mutex, service_mutex, dns_mutex, r_mux, w_mux; + extern pthread_cond_t w_cond; + extern int readers; +@@ -353,8 +366,10 @@ + * Function executed when we receive a SIHUP signal + */ + void sighup(int sig) { +- reload_configuration(); +- log.log(log.level_or_fd, "IP Protocols Logger: reloaded configuration."); ++ // DEPRECATED - reload_configuration(); ++ // log.log(log.level_or_fd, "IP Protocols Logger: reloaded configuration."); ++ log.log(log.level_or_fd, "IP Protocols Logger: reload configuration is unsupported."); ++ die(sig); + signal(SIGHUP, sighup); + } + +--- a/Source/tcp.c ++++ b/Source/tcp.c +@@ -44,6 +44,8 @@ + #include "filter.h" + #include "configuration.h" + #include "ident.h" ++#include <errno.h> ++#include <string.h> + + /* Socket */ + int tcp_socket; +@@ -258,14 +260,16 @@ + + tcp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_TCP); + if (tcp_socket <= 0) { +- log.log(log.level_or_fd, "FATAL: Unable to open tcp raw socket"); ++ int error = errno; ++ log.log(log.level_or_fd, "FATAL: Unable to open tcp raw socket\nERROR No: %d\nERROR : %s", error, strerror(error)); + exit(1); + } + +- setgid(((struct passwd *)nobody)->pw_gid); ++ /* Don't do this here - race conditions will arise */ ++ /* setgid(((struct passwd *)nobody)->pw_gid); + initgroups(((struct passwd *)nobody)->pw_name, + ((struct passwd *)nobody)->pw_gid); +- setuid(((struct passwd *)nobody)->pw_uid); ++ setuid(((struct passwd *)nobody)->pw_uid); */ + + for(;;) { + if (read(tcp_socket, (__u8 *) &pkt, TCP_CAPTURE_LENGTH) == -1) { +--- a/Source/udp.c ++++ b/Source/udp.c +@@ -39,6 +39,8 @@ + #include "filter.h" + #include "configuration.h" + #include "ident.h" ++#include <errno.h> ++#include <string.h> + + /* Socket */ + int udp_socket; +@@ -138,14 +140,16 @@ + + udp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); + if (udp_socket <= 0) { +- log.log(log.level_or_fd, "FATAL: Unable to open udp raw socket"); ++ int error = errno; ++ log.log(log.level_or_fd, "FATAL: Unable to open udp raw socket\nERROR No: %d\nERROR : %s", error, strerror(error)); + exit(1); + } + +- setgid(((struct passwd *)nobody)->pw_gid); ++ /* Don't do this here - race conditions will arise */ ++ /* setgid(((struct passwd *)nobody)->pw_gid); + initgroups(((struct passwd *)nobody)->pw_name, + ((struct passwd *)nobody)->pw_gid); +- setuid(((struct passwd *)nobody)->pw_uid); ++ setuid(((struct passwd *)nobody)->pw_uid); */ + + for(;;) { + if (read(udp_socket, (__u8 *) &pkt, UDP_CAPTURE_LENGTH) == -1) { diff --git a/net-analyzer/ippl/files/ippl.rc b/net-analyzer/ippl/files/ippl.rc new file mode 100644 index 000000000000..e16ccfc6c4e3 --- /dev/null +++ b/net-analyzer/ippl/files/ippl.rc @@ -0,0 +1,30 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need net +} + +checkconfig() { + if [ ! -f /etc/ippl.conf ] + then + eerror "Please create /etc/ippl.conf" + return 1 + fi + return 0 +} + +start() { + checkconfig || return $? + ebegin "Starting ippl" + start-stop-daemon --start --quiet --pidfile /run/ippl.pid \ + --exec /usr/sbin/ippl + eend $? "Failed to start ippl" +} + +stop() { + ebegin "Stopping ippl" + start-stop-daemon --stop --quiet --pidfile /run/ippl.pid + eend $? "Failed to stop ippl" +} diff --git a/net-analyzer/ippl/ippl-1.4.14-r3.ebuild b/net-analyzer/ippl/ippl-1.4.14-r3.ebuild new file mode 100644 index 000000000000..9f807cd264aa --- /dev/null +++ b/net-analyzer/ippl/ippl-1.4.14-r3.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="4" + +inherit eutils toolchain-funcs user + +DESCRIPTION="A daemon which logs TCP/UDP/ICMP packets" +HOMEPAGE="http://pltplp.net/ippl/" +SRC_URI="http://pltplp.net/ippl/archive/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc x86" +IUSE="" + +DEPEND="virtual/yacc + >=sys-devel/flex-2.5.4a-r4" +RDEPEND="" + +src_prepare() { + epatch \ + "${FILESDIR}"/ippl-1.4.14-noportresolve.patch \ + "${FILESDIR}"/ippl-1.4.14-manpage.patch \ + "${FILESDIR}"/ippl-1.4.14-privilege-drop.patch \ + "${FILESDIR}"/ippl-1.4.14-includes.patch + sed -i Source/Makefile.in \ + -e 's|^LDFLAGS=|&@LDFLAGS@|g' \ + || die "sed Source/Makefile.in" + sed -i Makefile.in \ + -e 's|make |$(MAKE) |g' \ + || die "sed Makefile.in" + # fix for bug #351287 + sed -i -e '/lex.yy.c/s/ippl.l/& y.tab.c/' Source/Makefile.in \ + || die "sed src/Makefile.in" + tc-export CC +} + +src_install() { + dosbin Source/ippl + + insinto "/etc" + doins ippl.conf + + doman Docs/{ippl.8,ippl.conf.5} + + dodoc BUGS CREDITS HISTORY README TODO + + newinitd "${FILESDIR}"/ippl.rc ippl +} + +pkg_postinst() { + enewuser ippl +} diff --git a/net-analyzer/ippl/ippl-1.4.14-r5.ebuild b/net-analyzer/ippl/ippl-1.4.14-r5.ebuild new file mode 100644 index 000000000000..e436f03ac433 --- /dev/null +++ b/net-analyzer/ippl/ippl-1.4.14-r5.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit eutils toolchain-funcs user + +DESCRIPTION="A daemon which logs TCP/UDP/ICMP packets" +HOMEPAGE="http://pltplp.net/ippl/" +SRC_URI="http://pltplp.net/ippl/archive/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="amd64 ~ppc x86" + +DEPEND="virtual/yacc + >=sys-devel/flex-2.5.4a-r4" + +src_prepare() { + epatch \ + "${FILESDIR}"/ippl-1.4.14-noportresolve.patch \ + "${FILESDIR}"/ippl-1.4.14-manpage.patch \ + "${FILESDIR}"/ippl-1.4.14-privilege-drop.patch \ + "${FILESDIR}"/ippl-1.4.14-includes.patch \ + "${FILESDIR}"/ippl-1.4.14-format-warnings.patch + + sed -i Source/Makefile.in \ + -e 's|^LDFLAGS=|&@LDFLAGS@|g' \ + || die + + sed -i Makefile.in \ + -e 's|make |$(MAKE) |g' \ + || die + + # fix for bug #351287 + sed -i -e '/lex.yy.c/s/ippl.l/& y.tab.c/' Source/Makefile.in \ + || die + + tc-export CC +} + +src_install() { + dosbin Source/ippl + + insinto "/etc" + doins ippl.conf + + doman Docs/{ippl.8,ippl.conf.5} + + dodoc BUGS CREDITS HISTORY README TODO + + newinitd "${FILESDIR}"/ippl.rc ippl +} + +pkg_postinst() { + enewuser ippl +} diff --git a/net-analyzer/ippl/metadata.xml b/net-analyzer/ippl/metadata.xml new file mode 100644 index 000000000000..74c2baebb4ec --- /dev/null +++ b/net-analyzer/ippl/metadata.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> + <email>netmon@gentoo.org</email> + <name>Gentoo network monitoring and analysis project</name> +</maintainer> +</pkgmetadata> |