Subject: pkg/22939: updated package: net/p0f
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <adrianp@stindustries.net>
List: netbsd-bugs
Date: 09/24/2003 20:44:03
>Number: 22939
>Category: pkg
>Synopsis: updated package: net/p0f
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Sep 24 20:45:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator: Adrian Portelli
>Release: 1.6.1
>Organization:
STIndustries
>Environment:
NetBSD otto.stindustries.org.uk 1.6.1 NetBSD 1.6.1 (GENERIC) #0: Wed Sep 17 20:29:35 BST 2003 root@otto.stindustries.org.uk:/usr/src/sys/arch/i386/compile/GENERIC i386
>Description:
p0f in pkgsrc is at version 2.0.1 and 2.0.2 is now available.
Made some changes to the origional package including:
- man page actually now installs
- fix p0f to honour NetBSD config dir
From the Changelog:
Version 2.0.2:
--------------
Cleanup of the RST mess in p0fr.fp and p0f.c parser.
Added isprint() text preview for -x mode.
[BUG] Fixed packet size reporting and matching for packets over 255 bytes
(_u8 -> _u16).
Extended RST+ACK to also cover plain RST, added some sane explanations
of the purpose of each mode. Clarification of the RST vs RST+ACK
occurences; test/sendack.c added.
Added -R option for RST+ACK fingerprinting. Created an empty database.
Moved databases from /etc to /etc/p0f/
Windows memory leak mystery solved.
No longer using pcap timeouts for anything. They suck. I first wanted
to use SIGALRM with no SA_RESTART, but it's broken on Linux on this
particular syscall. Fortunately, I spotted an mis-documented pcap_fileno and can now use select(). I just hope it won't break.
Note to self: despite of the documentation saying pcap_open_live with
timeout 0 will simply never timeout (which is irrelevant for
pcap_loop anyway), it does not work on FreeBSD, inhibiting all packet
processing instead. Works fine on Linux. Go figure.
Some minor p0fq fixes to prevent warnings.
Added some SYN+ACK signatures from rfp (p0fa.fp). Hooray!
p0fa.fp is now official. Moved from test/ to ., etc. README updated.
[BUG] Fixed the default TTL for IRIX and Tru64 (60), added a note to
p0f.fp, fixed TTL checker to also support %30 values.
[BUG] Fixed query mode lookup. The old code didn't handle reverse
lookups properly.
Masquerade scoring data is now available via the query interface.
P0fq utility updated to handle this.
Dropped /bin/bash from p0frep, /bin/sh would suffice.
Added a new -c option for -M and -Q cache size scaling, packet ratio
information on Ctrl-C to help estimate the right parameter.
Extra masquerade detection flags: -T for threshold, -V for detailed
flag breakdown; masquerade reporting now recognizes -r.
The new -w option writes all matching packets to a pcap file (regardless
of -K and -U settings).
Added -M option (unix only until p0f-query.c gets ported). This option
enables advanced masquerade detection based on the cyclic buffer
used by -Q. Added - signature flag to the config file. Some
documentation for the new functionality.
[BUG] Cleaned up the -K and -U semantics with -Q.
Replaced some single-character printfs with putchars in signature
reporting code (should be a tad faster). Added signature check
reporting, generic signature count and some other minor tweaks.
The new -x option provides a hexadecimal TCP/IP packet dump. Useful
when comparing two colliding fingerprints to find some differences
not covered by the current quirks set.
PPPoE interface is now handled correctly on NetBSD.
Added a shoddy manpage and updated makefiles.
Removed E quirk and added E to the regular options; removed needless EOL
append code from the parser. Breaks the old signature format in some
rare cases, but the old quirk is still recognized, and the user will be
advised to change it.
[BUG] Fixed ? option parsing bug that prevented RISC OS signature from
working (and would prevent all ? signatures from working, should there
be any other ;-).
New signatures and other database additions, of course.
[BUG] Fixed a very minor parser bug that could cause it to loop over
an unknown option with a declared length of zero. This is not a DoS
condition, because the parser would quit the loop after parsing max. 16
options anyway.
>How-To-Repeat:
cd net/p0f && make show-var VARNAME=PKGNAME
>Fix:
Index: Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/p0f/Makefile,v
retrieving revision 1.6
diff -u -r1.6 Makefile
--- Makefile 2003/09/06 04:56:28 1.6
+++ Makefile 2003/09/24 20:31:30
@@ -2,7 +2,7 @@
#
DISTNAME= p0f
-PKGNAME= p0f-2.0.1
+PKGNAME= p0f-2.0.2
CATEGORIES= security net
MASTER_SITES= http://lcamtuf.coredump.cx/
EXTRACT_SUFX= .tgz
@@ -14,14 +14,33 @@
USE_BUILDLINK2= yes
USE_PKGINSTALL= yes
-CFLAGS+= -DSYSCONFDIR=\"\\\"${PKG_SYSCONFDIR}\\\"\"
+PKG_SYSCONFSUBDIR= p0f
+
CONF_FILES= ${PREFIX}/share/examples/p0f/p0f.fp ${PKG_SYSCONFDIR}/p0f.fp
+CONF_FILES+= ${PREFIX}/share/examples/p0f/p0fa.fp ${PKG_SYSCONFDIR}/p0fa.fp
+CONF_FILES+= ${PREFIX}/share/examples/p0f/p0fr.fp ${PKG_SYSCONFDIR}/p0fr.fp
+
+pre-build:
+
+ @${SED} -e 's#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g' \
+ < ${WRKSRC}/config.h > ${WRKSRC}/config.h.new
+
+ @${SED} -e 's#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g' \
+ < ${WRKSRC}/p0f.1 > ${WRKSRC}/p0f.1.new
+
+ ${CP} ${WRKSRC}/config.h.new ${WRKSRC}/config.h
+ ${CP} ${WRKSRC}/p0f.1.new ${WRKSRC}/p0f.1
+
do-install:
+
${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin
${INSTALL_DATA} ${WRKSRC}/doc/README ${PREFIX}/share/doc/p0f.README
${INSTALL_DATA} ${WRKSRC}/p0frep ${PREFIX}/share/doc/p0frep
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/p0f
${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/share/examples/p0f
+ ${INSTALL_DATA} ${WRKSRC}/p0fa.fp ${PREFIX}/share/examples/p0f
+ ${INSTALL_DATA} ${WRKSRC}/p0fr.fp ${PREFIX}/share/examples/p0f
+ ${INSTALL_MAN} ${WRKSRC}/p0f.1 ${PREFIX}/man/man1
.include "../../mk/bsd.pkg.mk"
Index: PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/security/p0f/PLIST,v
retrieving revision 1.4
diff -u -r1.4 PLIST
--- PLIST 2003/07/12 01:10:59 1.4
+++ PLIST 2003/09/24 20:31:30
@@ -1,6 +1,9 @@
@comment $NetBSD: PLIST,v 1.4 2003/07/12 01:10:59 zuntum Exp $
bin/p0f
+man/man1/p0f.1
share/doc/p0f.README
share/doc/p0frep
share/examples/p0f/p0f.fp
+share/examples/p0f/p0fa.fp
+share/examples/p0f/p0fr.fp
@dirrm share/examples/p0f
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/security/p0f/distinfo,v
retrieving revision 1.6
diff -u -r1.6 distinfo
--- distinfo 2003/09/06 04:56:28 1.6
+++ distinfo 2003/09/24 20:31:30
@@ -1,5 +1,7 @@
$NetBSD: distinfo,v 1.6 2003/09/06 04:56:28 itojun Exp $
-SHA1 (p0f.tgz) = 52e7e627dcf28e423eb5f85382f1d575cbbf95b4
-Size (p0f.tgz) = 53102 bytes
+SHA1 (p0f.tgz) = 3d863d7a669a3041af46ac4a9a84ec0ca6a30f1d
+Size (p0f.tgz) = 74524 bytes
SHA1 (patch-aa) = 370fa780873e606697acbc21c9fc9fdce81f6ab6
+SHA1 (patch-ab) = b856bd22b20ae7daf51204bfc481caad5be7c837
+SHA1 (patch-ac) = 215f6d24fb4073e4f83640f3f0ffcc47d0e2c6e0
--- /dev/null Wed Sep 24 21:30:06 2003
+++ patches/patch-ab Wed Sep 24 21:21:50 2003
@@ -0,0 +1,13 @@
+$NetBSD$
+
+--- config.h.orig Wed Sep 24 20:45:54 2003
++++ config.h Wed Sep 24 20:48:31 2003
+@@ -19,7 +19,7 @@
+ #ifdef WIN32
+ # define CONFIG_DIR "."
+ #else
+-# define CONFIG_DIR "/etc/p0f"
++# define CONFIG_DIR "@PKG_SYSCONFDIR@"
+ #endif /* WIN32 */
+
+ #define SYN_DB "p0f.fp"
--- /dev/null Wed Sep 24 21:30:06 2003
+++ patches/patch-ac Wed Sep 24 21:26:49 2003
@@ -0,0 +1,26 @@
+$NetBSD$
+
+--- p0f.1.orig Fri Sep 19 17:11:56 2003
++++ p0f.1 Wed Sep 24 21:25:51 2003
+@@ -32,9 +32,9 @@
+ .TP
+ \fB\-f\fR file
+ Read fingerprints from a specified file. By default, p0f reads signatures
+-from ./p0f.fp or /etc/p0f/p0f.fp for SYN (incoming connection) mode,
+-./p0fa.fp and /etc/p0f/p0fa.fp for SYN+ACK (outgoing connection) mode,
+-and ./p0fr.fp and /etc/p0f/p0fr.fp for RST+ mode.
++from ./p0f.fp or @PKG_SYSCONFDIR@/p0f.fp for SYN (incoming connection) mode,
++./p0fa.fp and @PKG_SYSCONFDIR@/p0fa.fp for SYN+ACK (outgoing connection) mode,
++and ./p0fr.fp and @PKG_SYSCONFDIR@/p0fr.fp for RST+ mode.
+ Specifying multiple -f values will NOT combine several signature files
+ together.
+ .TP
+@@ -190,7 +190,7 @@
+ You need to consult the documentation for an up-to-date list of issues.
+ .SH FILES
+ .TP
+-.BI /etc/p0f/p0f.fp\ /etc/p0f/p0fa.fp\ /etc/p0f/p0fr.fp
++.BI @PKG_SYSCONFDIR@/p0f.fp\ @PKG_SYSCONFDIR@/p0fa.fp\ @PKG_SYSCONFDIR@/p0fr.fp
+ default fingerprint database files
+ .SH AUTHOR
+ .B p0f
>Release-Note:
>Audit-Trail:
>Unformatted: