mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-11 07:22:22 +00:00
- Remove net-mgmt/arpwatch-devel in favour of net-mgmt/arpwatch, which have a
newer version anyway PR: ports/104026 Submitted by: Thomas Abthorpe <thomas@goodking.ca> (arpwatch maintainer) Approved by: arpwatch-devel maintainer's address bouncing
This commit is contained in:
parent
641396607f
commit
72cd52f197
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=174743
1
MOVED
1
MOVED
@ -2487,3 +2487,4 @@ devel/avr-gcc|devel/avr-gcc-3|2006-10-05|retire AVR-GCC 3.x
|
||||
devel/avr-gcc-devel|devel/avr-gcc|2006-10-06|make AVR-GCC 4.x the default version
|
||||
astro/gdesklets-goodweather||2006-10-07|Expired: no longer downloadable
|
||||
deskutils/goats||2006-10-07|Expired: no longer downloadable
|
||||
net-mgmt/arpwatch-devel|net-mgmt/arpwatch|2006-10-07|Devel port no longer needed
|
||||
|
@ -19,7 +19,6 @@
|
||||
SUBDIR += arpalert
|
||||
SUBDIR += arpscan
|
||||
SUBDIR += arpwatch
|
||||
SUBDIR += arpwatch-devel
|
||||
SUBDIR += arts++
|
||||
SUBDIR += aspathtree
|
||||
SUBDIR += asused
|
||||
|
@ -1,53 +0,0 @@
|
||||
# New ports collection makefile for: arpwatch-devel
|
||||
# Date created: 11 November 2003
|
||||
# Whom: Matthew George <mdg@secureworks.net>
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
PORTNAME= arpwatch
|
||||
PORTVERSION= 2.1.a13
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= net-mgmt
|
||||
MASTER_SITES= ftp://ftp.ee.lbl.gov/
|
||||
PKGNAMESUFFIX= -devel
|
||||
DISTNAME= arpwatch-2.1a13
|
||||
|
||||
MAINTAINER= mdg@secureworks.net
|
||||
COMMENT= Monitor arp & rarp requests
|
||||
|
||||
CONFLICTS= arpwatch-2.*
|
||||
|
||||
GNU_CONFIGURE= yes
|
||||
HAS_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --quiet
|
||||
INSTALL_TARGET= install install-man
|
||||
MAN8= arpwatch.8 arpsnmp.8
|
||||
|
||||
USE_RC_SUBR= yes
|
||||
RC_SCRIPTS_SUB= PREFIX=${PREFIX} RC_SUBR=${RC_SUBR}
|
||||
|
||||
MAKE_ENV= PTHREAD_CFLAGS="${PTHREAD_CFLAGS}" PTHREAD_LIBS="${PTHREAD_LIBS}"
|
||||
|
||||
post-patch:
|
||||
@${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \
|
||||
${FILESDIR}/arpwatch.sh > ${WRKDIR}/arpwatch.sh
|
||||
|
||||
post-install:
|
||||
if [ ! -d ${PREFIX}/arpwatch ]; then \
|
||||
${MKDIR} ${PREFIX}/arpwatch; \
|
||||
${CHMOD} 755 ${PREFIX}/arpwatch; \
|
||||
${CHOWN} root:operator ${PREFIX}/arpwatch; \
|
||||
fi
|
||||
${TOUCH} ${PREFIX}/arpwatch/arp.dat
|
||||
${CHMOD} 644 ${PREFIX}/arpwatch/arp.dat
|
||||
${TOUCH} ${PREFIX}/arpwatch/ether.dat
|
||||
${CHMOD} 644 ${PREFIX}/arpwatch/ether.dat
|
||||
for file in ethercodes.dat d.awk e.awk p.awk; do \
|
||||
${INSTALL_DATA} ${WRKSRC}/$$file ${PREFIX}/arpwatch/.; \
|
||||
done
|
||||
${INSTALL_SCRIPT} ${WRKSRC}/arp2ethers ${PREFIX}/arpwatch/.
|
||||
${INSTALL_SCRIPT} ${WRKDIR}/arpwatch.sh ${PREFIX}/etc/rc.d/arpwatch.sh
|
||||
@${CAT} ${PKGMESSAGE}
|
||||
|
||||
.include <bsd.port.mk>
|
@ -1,3 +0,0 @@
|
||||
MD5 (arpwatch-2.1a13.tar.gz) = b9ff9739cdd2c0e9807b2d05860e4811
|
||||
SHA256 (arpwatch-2.1a13.tar.gz) = 57025d5d1c883961ad7bbe53e5f0d73fa4b55659c28ee7722dddfc9c1512ee76
|
||||
SIZE (arpwatch-2.1a13.tar.gz) = 152779
|
@ -1,31 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# PROVIDE: arpwatch
|
||||
# REQUIRE: NETWORKING SERVERS
|
||||
# BEFORE: DAEMON
|
||||
# KEYWORD: shutdown
|
||||
|
||||
#
|
||||
# Add the following lines to /etc/rc.conf to enable arpwatch:
|
||||
# arpwatch_enable (bool): Set to "NO" by default.
|
||||
# Set it to "YES" to enable arpwatch
|
||||
# arpwatch_flags (str): Set to "-N" by default.
|
||||
# Extra flags passed to start command
|
||||
#
|
||||
. %%RC_SUBR%%
|
||||
|
||||
name="arpwatch"
|
||||
rcvar=`set_rcvar`
|
||||
|
||||
command="%%PREFIX%%/sbin/arpwatch"
|
||||
|
||||
[ -z "$arpwatch_enable" ] && arpwatch_enable="NO"
|
||||
[ -z "$arpwatch_flags" ] && arpwatch_flags="-N"
|
||||
|
||||
load_rc_config $name
|
||||
|
||||
run_rc_command "$1"
|
||||
|
@ -1,33 +0,0 @@
|
||||
--- Makefile.in.orig Wed Jun 14 20:39:55 2000
|
||||
+++ Makefile.in Wed Apr 14 15:16:06 2004
|
||||
@@ -45,15 +45,15 @@
|
||||
PROG = arpwatch
|
||||
CCOPT = @V_CCOPT@
|
||||
INCLS = -I. @V_INCLS@
|
||||
-DEFS = -DDEBUG @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
|
||||
+DEFS = @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
|
||||
|
||||
# Standard CFLAGS
|
||||
-CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
|
||||
+CFLAGS = $(CCOPT) $(PTHREAD_CFLAGS) $(DEFS) $(INCLS)
|
||||
|
||||
# Standard LIBS
|
||||
-LIBS = @LIBS@
|
||||
+LIBS = @LIBS@ $(PTHREAD_LIBS)
|
||||
# Standard LIBS without libpcap.a
|
||||
-SLIBS = @LBL_LIBS@
|
||||
+SLIBS = @LBL_LIBS@ $(PTHREAD_LIBS)
|
||||
|
||||
INSTALL = @INSTALL@
|
||||
SENDMAIL = @V_SENDMAIL@
|
||||
@@ -110,8 +110,8 @@
|
||||
$(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
|
||||
|
||||
install: force
|
||||
- $(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
|
||||
- $(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
|
||||
+ $(INSTALL) -s -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
|
||||
+ $(INSTALL) -s -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
|
||||
|
||||
install-man: force
|
||||
$(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
|
@ -1,25 +0,0 @@
|
||||
--- ../arpwatch.orig/arpsnmp.8 Sun Sep 17 16:34:48 2000
|
||||
+++ ./arpsnmp.8 Fri Sep 5 14:46:55 2003
|
||||
@@ -30,6 +30,9 @@
|
||||
] [
|
||||
.B -f
|
||||
.I datafile
|
||||
+] [
|
||||
+.B -m
|
||||
+.I email
|
||||
]
|
||||
.I file
|
||||
[
|
||||
@@ -54,6 +57,12 @@
|
||||
flag is used to set the ethernet/ip address database filename.
|
||||
The default is
|
||||
.IR arp.dat .
|
||||
+.LP
|
||||
+The
|
||||
+.B -m
|
||||
+flag specifies the address that will receive the emails.
|
||||
+The default is
|
||||
+.IR root .
|
||||
.LP
|
||||
Note that an empty
|
||||
.I arp.dat
|
@ -1,67 +0,0 @@
|
||||
--- ../arpwatch.orig/arpsnmp.c Sun Jan 17 20:47:40 1999
|
||||
+++ ./arpsnmp.c Mon Sep 15 14:31:33 2003
|
||||
@@ -63,14 +63,17 @@
|
||||
/* Forwards */
|
||||
int main(int, char **);
|
||||
int readsnmp(char *);
|
||||
-int snmp_add(u_int32_t, u_char *, time_t, char *);
|
||||
+int snmp_add(u_int32_t, u_char *, time_t, char *, char *);
|
||||
__dead void usage(void) __attribute__((volatile));
|
||||
|
||||
char *prog;
|
||||
|
||||
+char *Watcher;
|
||||
+
|
||||
extern int optind;
|
||||
extern int opterr;
|
||||
extern char *optarg;
|
||||
+char *interface = NULL;
|
||||
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
@@ -90,7 +93,7 @@
|
||||
}
|
||||
|
||||
opterr = 0;
|
||||
- while ((op = getopt(argc, argv, "df:")) != EOF)
|
||||
+ while ((op = getopt(argc, argv, "df:m:")) != EOF)
|
||||
switch (op) {
|
||||
|
||||
case 'd':
|
||||
@@ -105,6 +108,10 @@
|
||||
arpfile = optarg;
|
||||
break;
|
||||
|
||||
+ case 'm':
|
||||
+ Watcher = optarg;
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
usage();
|
||||
}
|
||||
@@ -138,7 +145,7 @@
|
||||
static time_t now;
|
||||
|
||||
int
|
||||
-snmp_add(register u_int32_t a, register u_char *e, time_t t, register char *h)
|
||||
+snmp_add(register u_int32_t a, register u_char *e, time_t t, register char *h, register char *i)
|
||||
{
|
||||
/* Watch for ethernet broadcast */
|
||||
if (MEMCMP(e, zero, 6) == 0 || MEMCMP(e, allones, 6) == 0) {
|
||||
@@ -153,7 +160,7 @@
|
||||
}
|
||||
|
||||
/* Use current time (although it would be nice to subtract idle time) */
|
||||
- return (ent_add(a, e, now, h));
|
||||
+ return (ent_add(a, e, now, h, interface));
|
||||
}
|
||||
|
||||
/* Process an snmp file */
|
||||
@@ -184,6 +191,6 @@
|
||||
|
||||
(void)fprintf(stderr, "Version %s\n", version);
|
||||
(void)fprintf(stderr,
|
||||
- "usage: %s [-d] [-f datafile] file [...]\n", prog);
|
||||
+ "usage: %s [-d] [-f datafile] [-m email] file [...]\n", prog);
|
||||
exit(1);
|
||||
}
|
@ -1,128 +0,0 @@
|
||||
--- arpwatch.8.orig Sun Oct 8 16:31:28 2000
|
||||
+++ arpwatch.8 Fri Jun 11 12:35:32 2004
|
||||
@@ -1,4 +1,4 @@
|
||||
-.\" @(#) $Id: arpwatch.8,v 1.13 2000/10/08 20:31:25 leres Exp $ (LBL)
|
||||
+.\" @(#) $Id: arpwatch.8,v 1.5 2004/06/11 16:26:22 mdg Exp $ (LBL)
|
||||
.\"
|
||||
.\" Copyright (c) 1992, 1994, 1996, 1997, 2000
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@@ -30,7 +30,10 @@
|
||||
.B -dN
|
||||
] [
|
||||
.B -f
|
||||
-.I datafile
|
||||
+.I arpfile
|
||||
+] [
|
||||
+.B -e
|
||||
+.I etherfile
|
||||
] [
|
||||
.B -i
|
||||
.I interface
|
||||
@@ -38,6 +41,9 @@
|
||||
.br
|
||||
.ti +8
|
||||
[
|
||||
+.B -m
|
||||
+.I email
|
||||
+] [
|
||||
.B -n
|
||||
.IR net [/ width
|
||||
]] [
|
||||
@@ -67,8 +73,24 @@
|
||||
.IR arp.dat .
|
||||
.LP
|
||||
The
|
||||
+.B -e
|
||||
+flag is used to set the ethernet/interface database filename.
|
||||
+The default is
|
||||
+.IR ether.dat .
|
||||
+.LP
|
||||
+The
|
||||
+.B -i
|
||||
+flag is used to specify a single interface. By default,
|
||||
+.B arpwatch
|
||||
+will listen to all non-loopback interfaces. Using more than one
|
||||
.B -i
|
||||
-flag is used to override the default interface.
|
||||
+option on the same command line is not supported.
|
||||
+.LP
|
||||
+The
|
||||
+.B -m
|
||||
+flag specifies the address that will receive the emails.
|
||||
+The default is
|
||||
+.IR root .
|
||||
.LP
|
||||
The
|
||||
.B -n
|
||||
@@ -81,6 +103,8 @@
|
||||
The
|
||||
.B -N
|
||||
flag disables reporting any bogons.
|
||||
+It is highly recommended that this flag be used on machines with
|
||||
+multiple interfaces.
|
||||
.LP
|
||||
The
|
||||
.B -r
|
||||
@@ -96,21 +120,31 @@
|
||||
.LP
|
||||
Note that an empty
|
||||
.I arp.dat
|
||||
+and
|
||||
+.I ether.dat
|
||||
file must be created before the first time you run
|
||||
.BR arpwatch .
|
||||
.LP
|
||||
.SH "REPORT MESSAGES"
|
||||
Here's a quick list of the report messages generated by
|
||||
-.BR arpwatch (1)
|
||||
+.BR arpwatch
|
||||
(and
|
||||
-.BR arpsnmp (1)):
|
||||
+.BR arpsnmp
|
||||
+):
|
||||
+.TP
|
||||
+.B "new ethernet device"
|
||||
+The ethernet address has not been seen before.
|
||||
+.TP
|
||||
+.B "ethernet device changed interfaces"
|
||||
+An ethernet address associated with one interface has moved to a
|
||||
+different interface.
|
||||
.TP
|
||||
.B "new activity"
|
||||
This ethernet/ip address pair has been used for the first time six
|
||||
months or more.
|
||||
.TP
|
||||
-.B "new station"
|
||||
-The ethernet address has not been seen before.
|
||||
+.B "new active IP address"
|
||||
+The IP address has not been seen before.
|
||||
.TP
|
||||
.B "flip flop"
|
||||
The ethernet address has changed from the most recently seen address to
|
||||
@@ -148,12 +182,25 @@
|
||||
.B "suppressed DECnet flip flop"
|
||||
A "flip flop" report was suppressed because one of the two
|
||||
addresses was a DECnet address.
|
||||
+.SH "INTERFACE LABELS"
|
||||
+Interfaces can be assigned labels that are displayed in reports
|
||||
+next to the interface name. This is useful for identifying connected
|
||||
+networks. In order to assign a label, create a symbolic link in
|
||||
+the arpwatch data directory. The link should have the same name
|
||||
+as the interface, and should point to the textual label. For example:
|
||||
+.LP
|
||||
+ln -s "Internal Network" dc0
|
||||
+.LP
|
||||
+Labels are read when
|
||||
+.BR arpwatch
|
||||
+initializes. The process must be restarted for label changes to take effect.
|
||||
.SH FILES
|
||||
.na
|
||||
.nh
|
||||
.nf
|
||||
-/usr/operator/arpwatch - default directory
|
||||
+/usr/local/arpwatch - default directory
|
||||
arp.dat - ethernet/ip address database
|
||||
+ether.dat - ethernet/interface address database
|
||||
ethercodes.dat - vendor ethernet block list
|
||||
.ad
|
||||
.hy
|
@ -1,326 +0,0 @@
|
||||
--- arpwatch.c.orig Fri Oct 13 22:07:35 2000
|
||||
+++ arpwatch.c Wed Jul 7 17:08:21 2004
|
||||
@@ -36,6 +36,7 @@
|
||||
#include <sys/ioctl.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/time.h>
|
||||
+#include <pthread.h>
|
||||
|
||||
#if __STDC__
|
||||
struct mbuf;
|
||||
@@ -107,6 +108,8 @@
|
||||
|
||||
char *prog;
|
||||
|
||||
+char *Watcher = NULL;
|
||||
+
|
||||
int can_checkpoint;
|
||||
int swapped;
|
||||
int nobogons;
|
||||
@@ -123,6 +126,14 @@
|
||||
static int nets_ind;
|
||||
static int nets_size;
|
||||
|
||||
+struct aw_threads {
|
||||
+ char *interface;
|
||||
+ pthread_t thread;
|
||||
+};
|
||||
+
|
||||
+struct aw_threads *threads = NULL;
|
||||
+extern pthread_mutex_t mtx_einfo, mtx_ainfo;
|
||||
+
|
||||
extern int optind;
|
||||
extern int opterr;
|
||||
extern char *optarg;
|
||||
@@ -145,14 +156,14 @@
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
register char *cp;
|
||||
- register int op, pid, snaplen, timeout, linktype, status;
|
||||
+ register int op, pid, if_cnt, i;
|
||||
#ifdef TIOCNOTTY
|
||||
register int fd;
|
||||
#endif
|
||||
- register pcap_t *pd;
|
||||
- register char *interface, *rfilename;
|
||||
- struct bpf_program code;
|
||||
+ register char *rfilename;
|
||||
char errbuf[PCAP_ERRBUF_SIZE];
|
||||
+ pcap_if_t *adp, *alldevsp = NULL;
|
||||
+ char *interface = NULL;
|
||||
|
||||
if (argv[0] == NULL)
|
||||
prog = "arpwatch";
|
||||
@@ -167,10 +178,8 @@
|
||||
}
|
||||
|
||||
opterr = 0;
|
||||
- interface = NULL;
|
||||
rfilename = NULL;
|
||||
- pd = NULL;
|
||||
- while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
|
||||
+ while ((op = getopt(argc, argv, "de:f:i:m:n:Nr:")) != EOF)
|
||||
switch (op) {
|
||||
|
||||
case 'd':
|
||||
@@ -181,6 +190,10 @@
|
||||
#endif
|
||||
break;
|
||||
|
||||
+ case 'e':
|
||||
+ etherfile = optarg;
|
||||
+ break;
|
||||
+
|
||||
case 'f':
|
||||
arpfile = optarg;
|
||||
break;
|
||||
@@ -202,6 +215,10 @@
|
||||
rfilename = optarg;
|
||||
break;
|
||||
|
||||
+ case 'm':
|
||||
+ Watcher = optarg;
|
||||
+ break;
|
||||
+
|
||||
default:
|
||||
usage();
|
||||
}
|
||||
@@ -213,50 +230,107 @@
|
||||
net = 0;
|
||||
netmask = 0;
|
||||
} else {
|
||||
- /* Determine interface if not specified */
|
||||
- if (interface == NULL &&
|
||||
- (interface = pcap_lookupdev(errbuf)) == NULL) {
|
||||
- (void)fprintf(stderr, "%s: lookup_device: %s\n",
|
||||
- prog, errbuf);
|
||||
- exit(1);
|
||||
- }
|
||||
+ /* if not specified, do all non loopback interfaces */
|
||||
+ if (interface == NULL) {
|
||||
|
||||
- /* Determine network and netmask */
|
||||
- if (pcap_lookupnet(interface, &net, &netmask, errbuf) < 0) {
|
||||
- (void)fprintf(stderr, "%s: bad interface %s: %s\n",
|
||||
- prog, interface, errbuf);
|
||||
- exit(1);
|
||||
+ pcap_findalldevs(&alldevsp, errbuf);
|
||||
+ if (alldevsp == NULL) {
|
||||
+ (void)fprintf(stderr, "no suitable interfaces\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ if_cnt = 0;
|
||||
+ for(adp = alldevsp; adp != NULL; adp = adp->next) {
|
||||
+ if (adp->flags != PCAP_IF_LOOPBACK)
|
||||
+ ++if_cnt;
|
||||
+ }
|
||||
+
|
||||
+ } else {
|
||||
+ if_cnt = 1;
|
||||
}
|
||||
|
||||
/* Drop into the background if not debugging */
|
||||
if (!debug) {
|
||||
- pid = fork();
|
||||
- if (pid < 0) {
|
||||
- syslog(LOG_ERR, "main fork(): %m");
|
||||
- exit(1);
|
||||
- } else if (pid != 0)
|
||||
- exit(0);
|
||||
- (void)close(fileno(stdin));
|
||||
- (void)close(fileno(stdout));
|
||||
- (void)close(fileno(stderr));
|
||||
-#ifdef TIOCNOTTY
|
||||
- fd = open("/dev/tty", O_RDWR);
|
||||
- if (fd >= 0) {
|
||||
- (void)ioctl(fd, TIOCNOTTY, 0);
|
||||
- (void)close(fd);
|
||||
- }
|
||||
-#else
|
||||
- (void) setsid();
|
||||
-#endif
|
||||
+ daemon(1, 0);
|
||||
}
|
||||
}
|
||||
|
||||
- openlog(prog, 0, LOG_DAEMON);
|
||||
+ if (debug)
|
||||
+ openlog(prog, LOG_PERROR, LOG_DAEMON);
|
||||
+ else
|
||||
+ openlog(prog, 0, LOG_DAEMON);
|
||||
|
||||
if (chdir(arpdir) < 0) {
|
||||
syslog(LOG_ERR, "chdir(%s): %m", arpdir);
|
||||
syslog(LOG_ERR, "(using current working directory)");
|
||||
}
|
||||
+ /* Read in database */
|
||||
+ initializing = 1;
|
||||
+ if (!readdata())
|
||||
+ exit(1);
|
||||
+ sorteinfo();
|
||||
+#ifdef DEBUG
|
||||
+ if (debug > 2) {
|
||||
+ debugdump();
|
||||
+ exit(0);
|
||||
+ }
|
||||
+#endif
|
||||
+ initializing = 0;
|
||||
+
|
||||
+ (void)setsignal(SIGINT, die);
|
||||
+ (void)setsignal(SIGTERM, die);
|
||||
+ (void)setsignal(SIGHUP, die);
|
||||
+ if (rfilename == NULL) {
|
||||
+ (void)setsignal(SIGQUIT, checkpoint);
|
||||
+ (void)setsignal(SIGALRM, checkpoint);
|
||||
+ (void)alarm(CHECKPOINT);
|
||||
+ }
|
||||
+
|
||||
+ threads = (struct aw_threads *) malloc(sizeof(struct aw_threads) * (if_cnt + 1));
|
||||
+ memset((char *)threads, 0, sizeof(*threads) * (if_cnt + 1));
|
||||
+ pthread_mutex_init(&mtx_einfo, NULL);
|
||||
+ pthread_mutex_init(&mtx_ainfo, NULL);
|
||||
+
|
||||
+ if (interface != NULL)
|
||||
+ {
|
||||
+ threads[0].interface = interface;
|
||||
+ pthread_create(&threads[0].thread, NULL, (void *)pcap_thread, interface);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ i = 0;
|
||||
+
|
||||
+ for (adp = alldevsp; adp != NULL; adp = adp->next)
|
||||
+ if (adp->flags != PCAP_IF_LOOPBACK)
|
||||
+ {
|
||||
+ threads[i].interface = adp->name;
|
||||
+ pthread_create(&threads[i++].thread, NULL, (void *)pcap_thread, adp->name);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ for (i=0; i < if_cnt; i++)
|
||||
+ pthread_join(threads[i].thread, NULL);
|
||||
+
|
||||
+ if (!dump())
|
||||
+ exit(1);
|
||||
+ exit(0);
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+pcap_thread(char *interface)
|
||||
+{
|
||||
+ register char *rfilename = NULL;
|
||||
+ char errbuf[PCAP_ERRBUF_SIZE];
|
||||
+ register pcap_t *pd = NULL;
|
||||
+ register int snaplen, timeout, linktype, status;
|
||||
+ struct bpf_program code;
|
||||
+
|
||||
+ /* Determine network and netmask */
|
||||
+ if (pcap_lookupnet(interface, &net, &netmask, errbuf) < 0) {
|
||||
+ (void)fprintf(stderr, "%s: bad interface %s: %s\n",
|
||||
+ prog, interface, errbuf);
|
||||
+ return(1);
|
||||
+ }
|
||||
|
||||
if (rfilename != NULL) {
|
||||
pd = pcap_open_offline(rfilename, errbuf);
|
||||
@@ -306,27 +380,7 @@
|
||||
if (rfilename == NULL)
|
||||
syslog(LOG_INFO, "listening on %s", interface);
|
||||
|
||||
- /* Read in database */
|
||||
- initializing = 1;
|
||||
- if (!readdata())
|
||||
- exit(1);
|
||||
- sorteinfo();
|
||||
-#ifdef DEBUG
|
||||
- if (debug > 2) {
|
||||
- debugdump();
|
||||
- exit(0);
|
||||
- }
|
||||
-#endif
|
||||
- initializing = 0;
|
||||
|
||||
- (void)setsignal(SIGINT, die);
|
||||
- (void)setsignal(SIGTERM, die);
|
||||
- (void)setsignal(SIGHUP, die);
|
||||
- if (rfilename == NULL) {
|
||||
- (void)setsignal(SIGQUIT, checkpoint);
|
||||
- (void)setsignal(SIGALRM, checkpoint);
|
||||
- (void)alarm(CHECKPOINT);
|
||||
- }
|
||||
|
||||
switch (linktype) {
|
||||
|
||||
@@ -347,9 +401,7 @@
|
||||
exit(1);
|
||||
}
|
||||
pcap_close(pd);
|
||||
- if (!dump())
|
||||
- exit(1);
|
||||
- exit(0);
|
||||
+ return(0);
|
||||
}
|
||||
|
||||
/* Process an ethernet arp/rarp packet */
|
||||
@@ -362,6 +414,8 @@
|
||||
register u_char *sea, *sha;
|
||||
register time_t t;
|
||||
u_int32_t sia;
|
||||
+ register pthread_t thread_self = NULL;
|
||||
+ register struct aw_threads *atp = threads;
|
||||
|
||||
eh = (struct ether_header *)p;
|
||||
ea = (struct ether_arp *)(eh + 1);
|
||||
@@ -400,9 +454,16 @@
|
||||
/* Got a live one */
|
||||
t = h->ts.tv_sec;
|
||||
can_checkpoint = 0;
|
||||
- if (!ent_add(sia, sea, t, NULL))
|
||||
+ thread_self = pthread_self();
|
||||
+
|
||||
+ for (atp = threads; atp != NULL; atp++)
|
||||
+ if (pthread_equal(atp->thread, thread_self))
|
||||
+ break;
|
||||
+
|
||||
+ if (!ent_add(sia, sea, t, NULL, atp->interface))
|
||||
syslog(LOG_ERR, "ent_add(%s, %s, %ld) failed",
|
||||
intoa(sia), e2str(sea), t);
|
||||
+
|
||||
can_checkpoint = 1;
|
||||
}
|
||||
|
||||
@@ -507,6 +568,8 @@
|
||||
register u_char *sea, *sha;
|
||||
register time_t t;
|
||||
u_int32_t sia;
|
||||
+ register pthread_t thread_self = NULL;
|
||||
+ register struct aw_threads *atp = threads;
|
||||
|
||||
fh = (struct fddi_header *)p;
|
||||
ea = (struct ether_arp *)(fh + 1);
|
||||
@@ -549,7 +612,13 @@
|
||||
/* Got a live one */
|
||||
t = h->ts.tv_sec;
|
||||
can_checkpoint = 0;
|
||||
- if (!ent_add(sia, sea, t, NULL))
|
||||
+ thread_self = pthread_self();
|
||||
+
|
||||
+ for (atp = threads; atp != NULL; atp++)
|
||||
+ if (atp->thread == thread_self)
|
||||
+ break;
|
||||
+
|
||||
+ if (!ent_add(sia, sea, t, NULL, atp->interface))
|
||||
syslog(LOG_ERR, "ent_add(%s, %s, %ld) failed",
|
||||
intoa(sia), e2str(sea), t);
|
||||
can_checkpoint = 1;
|
||||
@@ -750,7 +819,7 @@
|
||||
extern char version[];
|
||||
|
||||
(void)fprintf(stderr, "Version %s\n", version);
|
||||
- (void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
|
||||
- " [-n net[/width]] [-r file]\n", prog);
|
||||
+ (void)fprintf(stderr, "usage: %s [-dN] [-f arpfile] [-e etherfile] [-i interface]"
|
||||
+ " [-m email] [-n net[/width]] [-r file]\n", prog);
|
||||
exit(1);
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
--- ../arpwatch-2.1a11/arpwatch.h Sat Sep 30 19:40:55 2000
|
||||
+++ ./arpwatch.h Fri Sep 12 17:01:42 2003
|
||||
@@ -1,6 +1,7 @@
|
||||
/* @(#) $Id: arpwatch.h,v 1.29 2000/09/30 23:40:49 leres Exp $ (LBL) */
|
||||
|
||||
#define ARPFILE "arp.dat"
|
||||
+#define ETHERFILE "ether.dat"
|
||||
#define ETHERCODES "ethercodes.dat"
|
||||
#define CHECKPOINT (15*60) /* Checkpoint time in seconds */
|
||||
|
||||
@@ -40,3 +41,5 @@
|
||||
#define SPA(ap) ((ap)->arp_spa)
|
||||
#define TPA(ap) ((ap)->arp_tpa)
|
||||
#endif
|
||||
+
|
||||
+int pcap_thread(char *);
|
@ -1,14 +0,0 @@
|
||||
--- ../arpwatch.orig/configure.in Sat Oct 14 14:19:10 2000
|
||||
+++ ./configure.in Wed Sep 10 13:08:05 2003
|
||||
@@ -170,6 +170,11 @@
|
||||
if test ! -f arp.dat ; then
|
||||
echo 'creating empty arp.dat file'
|
||||
touch arp.dat
|
||||
+fi
|
||||
+
|
||||
+if test ! -f ether.dat ; then
|
||||
+ echo 'creating empty ether.dat file'
|
||||
+ touch ether.dat
|
||||
fi
|
||||
|
||||
if test -f .devel ; then
|
@ -1,32 +0,0 @@
|
||||
--- ../arpwatch.orig/configure Wed May 16 14:26:11 2001
|
||||
+++ ./configure Wed Sep 10 13:08:05 2003
|
||||
@@ -649,7 +649,7 @@
|
||||
:
|
||||
fi
|
||||
|
||||
- V_CCOPT="-O"
|
||||
+# V_CCOPT="-O"
|
||||
V_INCLS=""
|
||||
if test "${srcdir}" != "." ; then
|
||||
V_INCLS="-I\$\(srcdir\)"
|
||||
@@ -2496,7 +2496,7 @@
|
||||
fi
|
||||
V_CCOPT="$V_CCOPT -Wall"
|
||||
if test $ac_cv_lbl_gcc_vers -gt 1 ; then
|
||||
- V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes"
|
||||
+# V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
@@ -3075,6 +3075,11 @@
|
||||
if test ! -f arp.dat ; then
|
||||
echo 'creating empty arp.dat file'
|
||||
touch arp.dat
|
||||
+fi
|
||||
+
|
||||
+if test ! -f ether.dat ; then
|
||||
+ echo 'creating empty ether.dat file'
|
||||
+ touch ether.dat
|
||||
fi
|
||||
|
||||
if test -f .devel ; then
|
@ -1,276 +0,0 @@
|
||||
--- db.c.orig Sat Sep 30 19:39:58 2000
|
||||
+++ db.c Tue Apr 13 14:39:50 2004
|
||||
@@ -41,6 +41,7 @@
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
#include <unistd.h>
|
||||
+#include <pthread.h>
|
||||
|
||||
#include "gnuc.h"
|
||||
#ifdef HAVE_OS_PROTO_H
|
||||
@@ -54,18 +55,9 @@
|
||||
#include "report.h"
|
||||
#include "util.h"
|
||||
|
||||
-#define HASHSIZE (2 << 15)
|
||||
-
|
||||
#define NEWACTIVITY_DELTA (6*30*24*60*60) /* 6 months in seconds */
|
||||
#define FLIPFLIP_DELTA (24*60*60) /* 24 hours in seconds */
|
||||
|
||||
-/* Ethernet info */
|
||||
-struct einfo {
|
||||
- u_char e[6]; /* ether address */
|
||||
- char h[34]; /* simple hostname */
|
||||
- time_t t; /* timestamp */
|
||||
-};
|
||||
-
|
||||
/* Address info */
|
||||
struct ainfo {
|
||||
u_int32_t a; /* ip address */
|
||||
@@ -78,22 +70,69 @@
|
||||
/* Address hash table */
|
||||
static struct ainfo ainfo_table[HASHSIZE];
|
||||
|
||||
+
|
||||
+/* Ethernet hash table */
|
||||
+struct einfo einfo_table[HASHSIZE];
|
||||
+int et_cnt = 0;
|
||||
+
|
||||
static void alist_alloc(struct ainfo *);
|
||||
int cmpeinfo(const void *, const void *);
|
||||
-static struct einfo *elist_alloc(u_int32_t, u_char *, time_t, char *);
|
||||
+static struct einfo *elist_alloc(u_int32_t, u_char *, time_t, char *, char *);
|
||||
static struct ainfo *ainfo_find(u_int32_t);
|
||||
+static struct einfo *einfo_find(u_char *);
|
||||
static void check_hname(struct ainfo *);
|
||||
struct ainfo *newainfo(void);
|
||||
|
||||
+pthread_mutex_t mtx_einfo, mtx_ainfo;
|
||||
+
|
||||
int
|
||||
-ent_add(register u_int32_t a, register u_char *e, time_t t, register char *h)
|
||||
+ent_add(register u_int32_t a, register u_char *e, time_t t, register char *h, register char *interface)
|
||||
{
|
||||
register struct ainfo *ap;
|
||||
- register struct einfo *ep;
|
||||
+ struct einfo *ep;
|
||||
register int i;
|
||||
register u_int len;
|
||||
u_char *e2;
|
||||
time_t t2;
|
||||
+ register evt_type event = 0;
|
||||
+ char *if2 = NULL;
|
||||
+
|
||||
+ pthread_mutex_lock(&mtx_einfo);
|
||||
+
|
||||
+ /* Lookup ethernet address */
|
||||
+ ep = einfo_find(e);
|
||||
+
|
||||
+ /* New einfo? (elist_alloc makes 16 at a time -- no thanks) */
|
||||
+ if (ep == NULL && ! initializing) {
|
||||
+ if (et_cnt >= HASHSIZE) {
|
||||
+ syslog(LOG_ERR, "ERROR: einfo_table too big");
|
||||
+ } else {
|
||||
+ ep = &einfo_table[et_cnt++];
|
||||
+ BCOPY(e, ep->e, sizeof(ep->e));
|
||||
+ if (h == NULL)
|
||||
+ h = getsname(a);
|
||||
+ if (h != NULL)
|
||||
+ strncpy(ep->h, h, sizeof(ep->h));
|
||||
+ ep->t = t;
|
||||
+ strncpy(ep->iface, interface, sizeof(ep->iface));
|
||||
+ event |= ETHER_NEW;
|
||||
+ e2 = NULL;
|
||||
+ t2 = 0;
|
||||
+ }
|
||||
+ } else if (! initializing) {
|
||||
+ if (strncmp(ep->iface, interface, sizeof(ep->iface)) != 0) {
|
||||
+ event |= ETHER_IFCHG;
|
||||
+ asprintf(&if2, "%s", ep->iface);
|
||||
+ memset((char *)ep->iface, 0, sizeof(ep->iface));
|
||||
+ BCOPY(interface, ep->iface, sizeof(ep->iface));
|
||||
+ e2 = NULL;
|
||||
+ t2 = ep->t;
|
||||
+ ep->t = t;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ pthread_mutex_unlock(&mtx_einfo);
|
||||
+ pthread_mutex_lock(&mtx_ainfo);
|
||||
|
||||
/* Lookup ip address */
|
||||
ap = ainfo_find(a);
|
||||
@@ -101,28 +140,30 @@
|
||||
/* Check for the usual case first */
|
||||
if (ap->ecount > 0) {
|
||||
ep = ap->elist[0];
|
||||
- if (MEMCMP(e, ep->e, 6) == 0) {
|
||||
+ if (MEMCMP(e, ep->e, sizeof(ep->e)) == 0) {
|
||||
if (t - ep->t > NEWACTIVITY_DELTA) {
|
||||
- report("new activity", a, e, NULL, &t, &ep->t);
|
||||
+ event |= ACTIVITY_NEW;
|
||||
+ e2 = NULL;
|
||||
+ t2 = ep->t;
|
||||
check_hname(ap);
|
||||
}
|
||||
ep->t = t;
|
||||
- return (1);
|
||||
}
|
||||
}
|
||||
|
||||
/* Check for a virgin ainfo record */
|
||||
if (ap->ecount == 0) {
|
||||
ap->ecount = 1;
|
||||
- ap->elist[0] = elist_alloc(a, e, t, h);
|
||||
- report("new station", a, e, NULL, &t, NULL);
|
||||
- return (1);
|
||||
+ ap->elist[0] = elist_alloc(a, e, t, h, interface);
|
||||
+ event |= IP_NEW;
|
||||
+ e2 = NULL;
|
||||
+ t2 = 0;
|
||||
}
|
||||
|
||||
/* Check for a flip-flop */
|
||||
if (ap->ecount > 1) {
|
||||
ep = ap->elist[1];
|
||||
- if (MEMCMP(e, ep->e, 6) == 0) {
|
||||
+ if (MEMCMP(e, ep->e, sizeof(ep->e)) == 0) {
|
||||
/*
|
||||
* Suppress report when less than
|
||||
* FLIPFLOP_DELTA and one of the two ethernet
|
||||
@@ -131,48 +172,76 @@
|
||||
t2 = ap->elist[0]->t;
|
||||
e2 = ap->elist[0]->e;
|
||||
if (t - t2 < FLIPFLIP_DELTA &&
|
||||
- (isdecnet(e) || isdecnet(e2)))
|
||||
+ (isdecnet(e) || isdecnet(e2))) {
|
||||
dosyslog(LOG_INFO,
|
||||
"suppressed DECnet flip flop", a, e, e2);
|
||||
- else
|
||||
- report("flip flop", a, e, e2, &t, &t2);
|
||||
+ event |= FLIPFLOP_DECNET;
|
||||
+ } else {
|
||||
+ event |= FLIPFLOP;
|
||||
+ }
|
||||
+
|
||||
ap->elist[1] = ap->elist[0];
|
||||
ap->elist[0] = ep;
|
||||
ep->t = t;
|
||||
check_hname(ap);
|
||||
- return (1);
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 2; i < ap->ecount; ++i) {
|
||||
ep = ap->elist[i];
|
||||
- if (MEMCMP(e, ep->e, 6) == 0) {
|
||||
+ if (MEMCMP(e, ep->e, sizeof(ep->e)) == 0) {
|
||||
/* An old entry comes to life */
|
||||
e2 = ap->elist[0]->e;
|
||||
t2 = ap->elist[0]->t;
|
||||
dosyslog(LOG_NOTICE, "reused old ethernet address",
|
||||
a, e, e2);
|
||||
+ event |= IP_ETHER_REUSE;
|
||||
/* Shift entries down */
|
||||
len = i * sizeof(ap->elist[0]);
|
||||
BCOPY(&ap->elist[0], &ap->elist[1], len);
|
||||
ap->elist[0] = ep;
|
||||
ep->t = t;
|
||||
check_hname(ap);
|
||||
- return (1);
|
||||
}
|
||||
}
|
||||
|
||||
- /* New ether address */
|
||||
- e2 = ap->elist[0]->e;
|
||||
- t2 = ap->elist[0]->t;
|
||||
- report("changed ethernet address", a, e, e2, &t, &t2);
|
||||
- /* Make room at head of list */
|
||||
- alist_alloc(ap);
|
||||
- len = ap->ecount * sizeof(ap->elist[0]);
|
||||
- BCOPY(&ap->elist[0], &ap->elist[1], len);
|
||||
- ap->elist[0] = elist_alloc(a, e, t, h);
|
||||
- ++ap->ecount;
|
||||
- return (1);
|
||||
+ /* as originally written, any of these conditions would cause this
|
||||
+ * block never to be reached. ETHER_NEW and ETHER_IFCHG have been added to that list.
|
||||
+ */
|
||||
+ if (event & ~(ACTIVITY_NEW | IP_NEW | FLIPFLOP | FLIPFLOP_DECNET | IP_ETHER_REUSE | ETHER_NEW | ETHER_IFCHG)) {
|
||||
+ /* New ether address */
|
||||
+ e2 = ap->elist[0]->e;
|
||||
+ t2 = ap->elist[0]->t;
|
||||
+ event |= IP_ETHERCHG;
|
||||
+ /* Make room at head of list */
|
||||
+ alist_alloc(ap);
|
||||
+ len = ap->ecount * sizeof(ap->elist[0]);
|
||||
+ BCOPY(&ap->elist[0], &ap->elist[1], len);
|
||||
+ ap->elist[0] = elist_alloc(a, e, t, h, interface);
|
||||
+ ++ap->ecount;
|
||||
+ }
|
||||
+
|
||||
+ pthread_mutex_unlock(&mtx_ainfo);
|
||||
+
|
||||
+ report(event, a, e, e2, &t, &t2, interface, if2);
|
||||
+
|
||||
+ if (if2 != NULL)
|
||||
+ free(if2);
|
||||
+
|
||||
+ return(1);
|
||||
+}
|
||||
+
|
||||
+static struct einfo *
|
||||
+einfo_find(register u_char *e)
|
||||
+{
|
||||
+ register int i;
|
||||
+
|
||||
+ for (i=0; i < et_cnt; i++) {
|
||||
+ if (MEMCMP(einfo_table[i].e, e, sizeof(einfo_table[i].e)) == 0)
|
||||
+ return(&einfo_table[i]);
|
||||
+ }
|
||||
+
|
||||
+ return(NULL);
|
||||
}
|
||||
|
||||
static struct ainfo *
|
||||
@@ -259,7 +328,7 @@
|
||||
/* Allocate and initialize a elist struct */
|
||||
static struct einfo *
|
||||
elist_alloc(register u_int32_t a, register u_char *e, register time_t t,
|
||||
- register char *h)
|
||||
+ register char *h, register char *interface)
|
||||
{
|
||||
register struct einfo *ep;
|
||||
register u_int size;
|
||||
@@ -280,12 +349,16 @@
|
||||
|
||||
ep = elist++;
|
||||
--eleft;
|
||||
- BCOPY(e, ep->e, 6);
|
||||
+ BCOPY(e, ep->e, sizeof(ep->e));
|
||||
if (h == NULL && !initializing)
|
||||
h = getsname(a);
|
||||
- if (h != NULL && !isdigit((int)*h))
|
||||
- strcpy(ep->h, h);
|
||||
+ if (h != NULL)
|
||||
+ strncpy(ep->h, h, sizeof(ep->h));
|
||||
ep->t = t;
|
||||
+
|
||||
+ if (interface != NULL)
|
||||
+ strncpy(ep->iface, interface, sizeof(ep->iface));
|
||||
+
|
||||
return (ep);
|
||||
}
|
||||
|
||||
@@ -301,10 +374,10 @@
|
||||
return;
|
||||
ep = ap->elist[0];
|
||||
h = getsname(ap->a);
|
||||
- if (!isdigit((int)*h) && strcmp(h, ep->h) != 0) {
|
||||
+ if (h != NULL && strcmp(h, ep->h) != 0) {
|
||||
syslog(LOG_INFO, "hostname changed %s %s %s -> %s",
|
||||
intoa(ap->a), e2str(ep->e), ep->h, h);
|
||||
- strcpy(ep->h, h);
|
||||
+ strncpy(ep->h, h, sizeof(ep->h));
|
||||
}
|
||||
}
|
||||
|
@ -1,25 +0,0 @@
|
||||
--- ../arpwatch.orig/db.h Wed Jun 5 01:39:30 1996
|
||||
+++ ./db.h Mon Sep 15 14:55:27 2003
|
||||
@@ -1,10 +1,21 @@
|
||||
/* @(#) $Header: db.h,v 1.8 96/06/04 22:39:29 leres Exp $ (LBL) */
|
||||
|
||||
+#define HASHSIZE (2 << 15)
|
||||
+
|
||||
typedef void (*ent_process)(u_int32_t, u_char *, time_t, char *);
|
||||
|
||||
#ifdef DEBUG
|
||||
void debugdump(void);
|
||||
#endif
|
||||
-int ent_add(u_int32_t, u_char *, time_t, char *);
|
||||
+int ent_add(u_int32_t, u_char *, time_t, char *, char *);
|
||||
int ent_loop(ent_process);
|
||||
void sorteinfo(void);
|
||||
+
|
||||
+/* Ethernet info */
|
||||
+struct einfo {
|
||||
+ u_char e[6]; /* ether address */
|
||||
+ char h[34]; /* simple hostname */
|
||||
+ time_t t; /* timestamp */
|
||||
+ char iface[10]; /* interface name */
|
||||
+};
|
||||
+
|
@ -1,8 +0,0 @@
|
||||
--- ethercodes.dat.orig Thu May 3 21:59:10 2001
|
||||
+++ ethercodes.dat Tue Nov 11 09:35:25 2003
|
||||
@@ -4964,3 +4964,5 @@
|
||||
c0:0:0 Western Digital (may be reversed 00 00 C0?)
|
||||
e2:c:f Kingston Technologies
|
||||
ec:10:0 Enance Source Co., Ltd. PC clones(?)
|
||||
+0:bd:11 VMWare Inc
|
||||
+0:bd:fb VMWare Inc
|
@ -1,26 +0,0 @@
|
||||
--- ../arpwatch.orig/file.c Fri Oct 13 18:29:43 2000
|
||||
+++ ./file.c Fri Sep 12 17:01:42 2003
|
||||
@@ -20,7 +20,7 @@
|
||||
*/
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
- "@(#) $Id: file.c,v 1.25 2000/10/13 22:29:42 leres Exp $ (LBL)";
|
||||
+ "@(#) $Id: file.c,v 1.2 2003/09/12 21:01:42 mdg Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -130,7 +130,13 @@
|
||||
}
|
||||
}
|
||||
|
||||
- if (!(*fn)(a, e, t, h))
|
||||
+ /* NULL for the interface here is ok because we don't do
|
||||
+ * anything in ent_add() for einfo when initializing,
|
||||
+ * and the only time this code section is reached is
|
||||
+ * during initialization (via readdata()). snmp_add()
|
||||
+ * is irrelevant, as no ether tracking has been added to it.
|
||||
+ */
|
||||
+ if (!(*fn)(a, e, t, h, NULL))
|
||||
return(0);
|
||||
}
|
||||
|
@ -1,9 +0,0 @@
|
||||
--- ../arpwatch.orig/file.h Sun Jan 17 20:46:04 1999
|
||||
+++ ./file.h Fri Sep 12 17:01:42 2003
|
||||
@@ -1,5 +1,5 @@
|
||||
/* @(#) $Header: file.h,v 1.4 99/01/17 17:46:03 leres Exp $ (LBL) */
|
||||
|
||||
-typedef int (*file_process)(u_int32_t, u_char *, time_t, char *);
|
||||
+typedef int (*file_process)(u_int32_t, u_char *, time_t, char *, char *);
|
||||
|
||||
int file_loop(FILE *, file_process, const char *);
|
@ -1,191 +0,0 @@
|
||||
--- report.c.orig Sat Sep 30 19:41:10 2000
|
||||
+++ report.c Fri Jun 11 12:35:32 2004
|
||||
@@ -20,7 +20,7 @@
|
||||
*/
|
||||
#ifndef lint
|
||||
static const char rcsid[] =
|
||||
- "@(#) $Id: report.c,v 1.46 2000/09/30 23:41:04 leres Exp $ (LBL)";
|
||||
+ "@(#) $Id: report.c,v 1.8 2004/06/10 19:56:57 mdg Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
/*
|
||||
@@ -45,6 +45,8 @@
|
||||
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
+#include <fcntl.h>
|
||||
+#include <paths.h>
|
||||
#include <signal.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@@ -70,6 +72,8 @@
|
||||
|
||||
#define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
|
||||
|
||||
+extern char *Watcher;
|
||||
+
|
||||
static int cdepth; /* number of outstanding children */
|
||||
|
||||
static char *fmtdate(time_t);
|
||||
@@ -77,6 +81,8 @@
|
||||
RETSIGTYPE reaper(int);
|
||||
static int32_t gmt2local(void);
|
||||
|
||||
+extern struct ifdesc *if_desc;
|
||||
+
|
||||
static char *
|
||||
fmtdelta(register time_t t)
|
||||
{
|
||||
@@ -232,28 +238,37 @@
|
||||
}
|
||||
|
||||
void
|
||||
-report(register char *title, register u_int32_t a, register u_char *e1,
|
||||
- register u_char *e2, register time_t *t1p, register time_t *t2p)
|
||||
+report(evt_type event, register u_int32_t a, register u_char *e1,
|
||||
+ register u_char *e2, register time_t *t1p, register time_t *t2p,
|
||||
+ register char *interface, register char *old_interface)
|
||||
{
|
||||
register char *cp, *hn;
|
||||
register int fd, pid;
|
||||
register FILE *f;
|
||||
char tempfile[64], cpu[64], os[64];
|
||||
char *fmt = "%20s: %s\n";
|
||||
- char *watcher = WATCHER;
|
||||
+ char *watcher = Watcher ? Watcher : WATCHER;
|
||||
char *watchee = WATCHEE;
|
||||
char *sendmail = PATH_SENDMAIL;
|
||||
char *unknown = "<unknown>";
|
||||
char buf[132];
|
||||
+ char *newif, *newif_old;
|
||||
static int init = 0;
|
||||
+ struct ifdesc *idp = if_desc;
|
||||
|
||||
/* No report until we're initialized */
|
||||
if (initializing)
|
||||
return;
|
||||
|
||||
+ /* these types are sent to syslog instead of reported on.
|
||||
+ * only continue if there are other events as well
|
||||
+ */
|
||||
+ if (event == 0 || (event & ~(IP_ETHER_REUSE | FLIPFLOP_DECNET)) == 0)
|
||||
+ return;
|
||||
+
|
||||
if (debug) {
|
||||
if (debug > 1) {
|
||||
- dosyslog(LOG_NOTICE, title, a, e1, e2);
|
||||
+ dosyslog(LOG_NOTICE, "event", a, e1, e2);
|
||||
return;
|
||||
}
|
||||
f = stdout;
|
||||
@@ -270,7 +285,7 @@
|
||||
}
|
||||
|
||||
/* Syslog this event too */
|
||||
- dosyslog(LOG_NOTICE, title, a, e1, e2);
|
||||
+ dosyslog(LOG_NOTICE, "event", a, e1, e2);
|
||||
|
||||
/* Update child depth */
|
||||
++cdepth;
|
||||
@@ -286,6 +301,7 @@
|
||||
|
||||
/* Child */
|
||||
closelog();
|
||||
+
|
||||
(void)strcpy(tempfile, "/tmp/arpwatch.XXXXXX");
|
||||
if ((fd = mkstemp(tempfile)) < 0) {
|
||||
syslog(LOG_ERR, "mkstemp(%s) %m", tempfile);
|
||||
@@ -300,16 +316,52 @@
|
||||
syslog(LOG_ERR, "unlink(%s): %m", tempfile);
|
||||
}
|
||||
|
||||
+ newif = newif_old = NULL;
|
||||
+ if (interface != NULL)
|
||||
+ for (idp = if_desc; idp != NULL; idp = idp->next)
|
||||
+ if (strcmp(idp->name, interface) == 0)
|
||||
+ asprintf(&newif, "%s (%s)", interface, idp->desc);
|
||||
+
|
||||
+ if (newif == NULL && interface != NULL)
|
||||
+ asprintf(&newif, "%s", interface);
|
||||
+
|
||||
+ if (old_interface != NULL)
|
||||
+ for (idp = if_desc; idp != NULL; idp = idp->next)
|
||||
+ if (strcmp(idp->name, old_interface) == 0)
|
||||
+ asprintf(&newif_old, "%s (%s)", old_interface, idp->desc);
|
||||
+
|
||||
+ if (newif_old == NULL && old_interface != NULL)
|
||||
+ asprintf(&newif_old, "%s", old_interface);
|
||||
+
|
||||
(void)fprintf(f, "From: %s\n", watchee);
|
||||
(void)fprintf(f, "To: %s\n", watcher);
|
||||
hn = gethname(a);
|
||||
- if (!isdigit(*hn))
|
||||
- (void)fprintf(f, "Subject: %s (%s)\n", title, hn);
|
||||
+ if (hn != NULL)
|
||||
+ (void)fprintf(f, "Subject: Arpwatch Event (%s)\n", hn);
|
||||
else {
|
||||
- (void)fprintf(f, "Subject: %s\n", title);
|
||||
+ (void)fprintf(f, "Subject: Arpwatch Event\n");
|
||||
hn = unknown;
|
||||
}
|
||||
(void)putc('\n', f);
|
||||
+
|
||||
+ if (event & ETHER_NEW)
|
||||
+ (void)fprintf(f, fmt, "event", "new ethernet device");
|
||||
+ if (event & ETHER_IFCHG)
|
||||
+ (void)fprintf(f, fmt, "event", "ethernet device changed interfaces");
|
||||
+ if (event & ACTIVITY_NEW)
|
||||
+ (void)fprintf(f, fmt, "event", "new activity");
|
||||
+ if (event & IP_NEW)
|
||||
+ (void)fprintf(f, fmt, "event", "new active IP address");
|
||||
+ if (event & IP_ETHERCHG)
|
||||
+ (void)fprintf(f, fmt, "event", "IP changed ethernet address");
|
||||
+ if (event & FLIPFLOP)
|
||||
+ (void)fprintf(f, fmt, "event", "flip flop");
|
||||
+
|
||||
+ (void)fprintf(f, fmt, "interface", newif);
|
||||
+
|
||||
+ if (old_interface != NULL)
|
||||
+ (void)fprintf(f, fmt, "old interface", newif_old);
|
||||
+
|
||||
(void)fprintf(f, fmt, "hostname", hn);
|
||||
(void)fprintf(f, fmt, "ip address", intoa(a));
|
||||
(void)fprintf(f, fmt, "ethernet address", e2str(e1));
|
||||
@@ -339,11 +391,37 @@
|
||||
}
|
||||
|
||||
(void)rewind(f);
|
||||
+
|
||||
+ if (newif != NULL)
|
||||
+ free(newif);
|
||||
+
|
||||
+ if (newif_old != NULL)
|
||||
+ free(newif_old);
|
||||
+
|
||||
if (dup2(fileno(f), fileno(stdin)) < 0) {
|
||||
syslog(LOG_ERR, "dup2: %m");
|
||||
exit(1);
|
||||
}
|
||||
/* XXX Need to freopen()? */
|
||||
+
|
||||
+ /*
|
||||
+ * Open /dev/null as stdout and stderr so that sendmail 8.12.1 (and
|
||||
+ * above ?) won't complain about missing file descriptors.
|
||||
+ */
|
||||
+ if ((fd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
|
||||
+ syslog(LOG_ERR, "Cannot open %s: %m", _PATH_DEVNULL);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ if (dup2(fd, STDOUT_FILENO) == -1) {
|
||||
+ syslog(LOG_ERR, "Cannot dup2 %s to stdout: %m", _PATH_DEVNULL);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ if (dup2(fd, STDERR_FILENO) == -1) {
|
||||
+ syslog(LOG_ERR, "Cannot dup2 %s to stderr: %m", _PATH_DEVNULL);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ close(fd);
|
||||
+
|
||||
/* Always Deliver interactively (pause when child depth gets large) */
|
||||
execl(sendmail, "sendmail", "-odi", watcher, NULL);
|
||||
syslog(LOG_ERR, "execl: %s: %m", sendmail);
|
@ -1,20 +0,0 @@
|
||||
--- ../arpwatch.orig/report.h Wed Jun 5 01:40:54 1996
|
||||
+++ ./report.h Mon Sep 15 15:03:20 2003
|
||||
@@ -1,3 +1,16 @@
|
||||
/* @(#) $Header: report.h,v 1.3 96/06/04 22:40:53 leres Exp $ (LBL) */
|
||||
|
||||
-void report(char *, u_int32_t, u_char *, u_char *, time_t *, time_t *);
|
||||
+
|
||||
+typedef enum
|
||||
+ {
|
||||
+ ETHER_NEW=1,
|
||||
+ ETHER_IFCHG=2,
|
||||
+ ACTIVITY_NEW=4,
|
||||
+ IP_NEW=8,
|
||||
+ IP_ETHERCHG=16,
|
||||
+ IP_ETHER_REUSE=32,
|
||||
+ FLIPFLOP=64,
|
||||
+ FLIPFLOP_DECNET=128
|
||||
+ } evt_type;
|
||||
+
|
||||
+void report(evt_type, u_int32_t, u_char *, u_char *, time_t *, time_t *, char *, char *);
|
@ -1,145 +0,0 @@
|
||||
--- util.c.orig Fri Oct 13 18:49:03 2000
|
||||
+++ util.c Fri Jun 11 12:35:32 2004
|
||||
@@ -39,6 +39,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <syslog.h>
|
||||
+#include <dirent.h>
|
||||
|
||||
#include "gnuc.h"
|
||||
#ifdef HAVE_OS_PROTO_H
|
||||
@@ -53,8 +54,11 @@
|
||||
|
||||
char *arpdir = ARPDIR;
|
||||
char *arpfile = ARPFILE;
|
||||
+char *etherfile = ETHERFILE;
|
||||
char *ethercodes = ETHERCODES;
|
||||
|
||||
+struct ifdesc *if_desc = NULL;
|
||||
+
|
||||
/* Broadcast ethernet addresses */
|
||||
u_char zero[6] = { 0, 0, 0, 0, 0, 0 };
|
||||
u_char allones[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
|
||||
@@ -105,7 +109,7 @@
|
||||
dump(void)
|
||||
{
|
||||
register int fd;
|
||||
- char oldarpfile[256], newarpfile[256];
|
||||
+ char oldarpfile[256], newarpfile[256], *oldetherfile, *newetherfile;
|
||||
|
||||
(void)sprintf(oldarpfile, "%s-", arpfile);
|
||||
(void)sprintf(newarpfile, "%s.new", arpfile);
|
||||
@@ -130,6 +134,32 @@
|
||||
syslog(LOG_ERR, "rename %s -> %s: %m", newarpfile, arpfile);
|
||||
return(0);
|
||||
}
|
||||
+
|
||||
+ /* ether info */
|
||||
+ (void)asprintf(&oldetherfile, "%s-", etherfile);
|
||||
+ (void)asprintf(&newetherfile, "%s.new", etherfile);
|
||||
+
|
||||
+ if ((fd = creat(newetherfile, 0644)) < 0) {
|
||||
+ syslog(LOG_ERR, "creat(%s): %m", newetherfile);
|
||||
+ return(0);
|
||||
+ }
|
||||
+ if ((dumpf = fdopen(fd, "w")) == NULL) {
|
||||
+ syslog(LOG_ERR, "fdopen(%s): %m", newetherfile);
|
||||
+ return(0);
|
||||
+ }
|
||||
+
|
||||
+ fwrite(einfo_table, sizeof(struct einfo), et_cnt, dumpf);
|
||||
+
|
||||
+ (void)fclose(dumpf);
|
||||
+ if (rename(etherfile, oldetherfile) < 0) {
|
||||
+ syslog(LOG_ERR, "rename %s -> %s: %m", etherfile, oldetherfile);
|
||||
+ return(0);
|
||||
+ }
|
||||
+ if (rename(newetherfile, etherfile) < 0) {
|
||||
+ syslog(LOG_ERR, "rename %s -> %s: %m", newetherfile, etherfile);
|
||||
+ return(0);
|
||||
+ }
|
||||
+
|
||||
return(1);
|
||||
}
|
||||
|
||||
@@ -138,7 +168,64 @@
|
||||
readdata(void)
|
||||
{
|
||||
register FILE *f;
|
||||
+ char line[1024];
|
||||
+ char buf[MAXNAMLEN];
|
||||
+ char path[MAXNAMLEN + 1];
|
||||
+ int len, i;
|
||||
+ DIR *dirp;
|
||||
+ struct dirent *dp;
|
||||
+ struct ifdesc *idp;
|
||||
+
|
||||
+ /* interface descriptions */
|
||||
+ if ((dirp = opendir(arpdir)) == NULL)
|
||||
+ {
|
||||
+ syslog(LOG_ERR, "opendir(%s)", arpdir);
|
||||
+ return(0);
|
||||
+ }
|
||||
+
|
||||
+ idp = if_desc = (struct ifdesc *) malloc(sizeof(struct ifdesc));
|
||||
+ idp->name = idp->desc = NULL;
|
||||
+ idp->next = NULL;
|
||||
+
|
||||
+ while ((dp = readdir(dirp)) != NULL)
|
||||
+ {
|
||||
+ if (dp->d_type == DT_LNK)
|
||||
+ {
|
||||
+ for (i=0; i < dp->d_namlen; i++)
|
||||
+ path[i] = dp->d_name[i];
|
||||
+
|
||||
+ path[dp->d_namlen] = '\0';
|
||||
+
|
||||
+ if ((len = readlink(path, buf, MAXNAMLEN)) == -1)
|
||||
+ {
|
||||
+ syslog(LOG_ERR, "readlink(path) failed");
|
||||
+ return(0);
|
||||
+ }
|
||||
+
|
||||
+ buf[len] = '\0';
|
||||
+
|
||||
+ idp->next = (struct ifdesc *) malloc(sizeof(struct ifdesc));
|
||||
+ idp = idp->next;
|
||||
+ idp->next = NULL;
|
||||
+ asprintf(&idp->name, "%s", path);
|
||||
+ asprintf(&idp->desc, "%s", buf);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (if_desc->next == NULL)
|
||||
+ {
|
||||
+ free(if_desc);
|
||||
+ idp = if_desc = NULL;
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ idp = if_desc;
|
||||
+ if_desc = if_desc->next;
|
||||
+ free(idp);
|
||||
+ idp = NULL;
|
||||
+ }
|
||||
|
||||
+ /* arp.dat */
|
||||
if ((f = fopen(arpfile, "r")) == NULL) {
|
||||
syslog(LOG_ERR, "fopen(%s): %m", arpfile);
|
||||
return(0);
|
||||
@@ -147,6 +234,15 @@
|
||||
(void)fclose(f);
|
||||
return(0);
|
||||
}
|
||||
+ (void)fclose(f);
|
||||
+
|
||||
+ /* ether.dat */
|
||||
+ if ((f = fopen(etherfile, "r")) == NULL) {
|
||||
+ syslog(LOG_ERR, "fopen(%s): %m", etherfile);
|
||||
+ return(0);
|
||||
+ }
|
||||
+
|
||||
+ et_cnt = fread(einfo_table, sizeof(struct einfo), HASHSIZE, f);
|
||||
(void)fclose(f);
|
||||
|
||||
/* It's not fatal if we can't open the ethercodes file */
|
@ -1,28 +0,0 @@
|
||||
--- util.h.orig Sun Oct 6 06:22:14 1996
|
||||
+++ util.h Fri Jun 11 12:35:32 2004
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* @(#) $Header: util.h,v 1.2 96/10/06 03:22:13 leres Exp $ (LBL) */
|
||||
+/* @(#) $Header: /src/arpwatch/util.h,v 1.4 2004/06/10 19:19:38 mdg Exp $ (LBL) */
|
||||
|
||||
void dosyslog(int, char *, u_int32_t, u_char *, u_char *);
|
||||
int dump(void);
|
||||
@@ -11,9 +11,19 @@
|
||||
extern char *arpfile;
|
||||
extern char *oldarpfile;
|
||||
extern char *ethercodes;
|
||||
+extern char *etherfile;
|
||||
+extern struct einfo einfo_table[];
|
||||
+extern int et_cnt;
|
||||
|
||||
extern u_char zero[6];
|
||||
extern u_char allones[6];
|
||||
|
||||
extern int debug;
|
||||
extern int initializing;
|
||||
+
|
||||
+struct ifdesc
|
||||
+{
|
||||
+ char *name;
|
||||
+ char *desc;
|
||||
+ struct ifdesc *next;
|
||||
+};
|
@ -1,33 +0,0 @@
|
||||
--- dns.c.orig Fri Oct 13 21:50:52 2000
|
||||
+++ dns.c Tue Apr 13 14:39:50 2004
|
||||
@@ -137,7 +137,7 @@
|
||||
return (0);
|
||||
}
|
||||
|
||||
-/* Return the cannonical name of the host */
|
||||
+/* Return the canonical name of the host (NULL if not found) */
|
||||
char *
|
||||
gethname(u_int32_t a)
|
||||
{
|
||||
@@ -150,18 +150,18 @@
|
||||
hp = gethostbyaddr((char *)&a, sizeof(a), AF_INET);
|
||||
_res.options = options;
|
||||
if (hp == NULL)
|
||||
- return (intoa(a));
|
||||
+ return NULL;
|
||||
return (hp->h_name);
|
||||
}
|
||||
|
||||
-/* Return the simple name of the host */
|
||||
+/* Return the simple name of the host (NULL if not found) */
|
||||
char *
|
||||
getsname(register u_int32_t a)
|
||||
{
|
||||
register char *s, *cp;
|
||||
|
||||
s = gethname(a);
|
||||
- if (!isdigit((int)*s)) {
|
||||
+ if (s != NULL) {
|
||||
cp = strchr(s, '.');
|
||||
if (cp != NULL)
|
||||
*cp = '\0';
|
@ -1,10 +0,0 @@
|
||||
This is a development fork of arpwatch. This has been threaded in
|
||||
order to better deal with the requirements of multi-interface
|
||||
routers. Information regarding MAC addresses and interfaces is
|
||||
maintained by the program, and an alert is issued should a device
|
||||
move between interfaces. In addition, event processing has been
|
||||
refactored, and some bugs have been fixed.
|
||||
|
||||
see net-mgmt/arpwatch/pkg-descr for more information about arpwatch 2.x
|
||||
|
||||
Matthew George <mdg@secureworks.net>
|
@ -1,12 +0,0 @@
|
||||
|
||||
*** ATTENTION ***
|
||||
|
||||
To run arpwatch from startup, add
|
||||
arpwatch_enable="YES" to /etc/rc.conf
|
||||
|
||||
Available variables you add/set to /etc/rc.conf.
|
||||
- arpwatch_enable (bool): Set to "NO" by default.
|
||||
Set it to "YES" to enable arpwatch.
|
||||
- arpwatch_flags (str): Set to "-N" by default.
|
||||
Extra flags passed to start command.
|
||||
|
@ -1,13 +0,0 @@
|
||||
sbin/arpwatch
|
||||
sbin/arpsnmp
|
||||
arpwatch/arp2ethers
|
||||
arpwatch/ethercodes.dat
|
||||
arpwatch/d.awk
|
||||
arpwatch/e.awk
|
||||
arpwatch/p.awk
|
||||
etc/rc.d/arpwatch.sh
|
||||
@unexec test -f %D/arpwatch/arp.dat && test -s %D/arpwatch/arp.dat || rm -f %D/arpwatch/arp.dat
|
||||
@unexec test -f %D/arpwatch/ether.dat && test -s %D/arpwatch/ether.dat || rm -f %D/arpwatch/ether.dat
|
||||
@exec test -f %D/arpwatch/arp.dat || touch %D/arpwatch/arp.dat
|
||||
@exec test -f %D/arpwatch/ether.dat || touch %D/arpwatch/ether.dat
|
||||
@dirrm arpwatch
|
@ -18,8 +18,6 @@ DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.([^\.]*)$/\1/}
|
||||
MAINTAINER= thomas@goodking.ca
|
||||
COMMENT= Monitor arp & rarp requests
|
||||
|
||||
CONFLICTS= arpwatch-devel-2.*
|
||||
|
||||
GNU_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --quiet
|
||||
INSTALL_TARGET= install install-man
|
||||
|
Loading…
Reference in New Issue
Block a user