Re: net/ngrep diff.

Mon, 30 Mar 2009 14:09:13 -0700 

On Thu, Mar 26, 2009 at 10:36:26PM +0000, Stuart Henderson wrote:
> any comments on this change to the ngrep port?
> 
> - drop privs to a new _ngrep user rather than nobody,
> - chroot to /var/empty,
> - support pppoe,
> - autoconf surgery (functional rather than pretty) to use a version
> of pcre from the century of the fruitbat, 
> - fix license marker, regen plist
> 
> for those who don't know it, here's pkg/DESCR:
this diff reads good to me, although i haven't actually tested it.
i hope you did ;-)

cheers,
jasper

> ngrep strives to provide most of GNU grep's common features,
> applying them to the network layer. ngrep is a pcap-aware tool that
> will allow you to specify extended regular expressions to match
> against data payloads of packets. It currently recognizes TCP and
> UDP across ethernet, ppp and slip interfaces, and understands bpf
> filter logic in the same fashion as more common packet sniffing
> tools, like tcpdump and snoop.
> 
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/net/ngrep/Makefile,v
> retrieving revision 1.27
> diff -N -u -p Makefile
> --- Makefile  15 Sep 2007 22:36:56 -0000      1.27
> +++ Makefile  26 Mar 2009 22:32:02 -0000
> @@ -3,20 +3,22 @@
>  COMMENT=     network grep
>  
>  DISTNAME=    ngrep-1.45
> -PKGNAME=     ${DISTNAME}p0
> +PKGNAME=     ${DISTNAME}p1
>  CATEGORIES=  net
>  MASTER_SITES=        ${MASTER_SITE_SOURCEFORGE:=ngrep/}
>  EXTRACT_SUFX=        .tar.bz2
>  
>  HOMEPAGE=    http://ngrep.sourceforge.net/
>  
> -# GPL 
> +# custom BSD-like
>  PERMIT_PACKAGE_CDROM=        Yes
>  PERMIT_PACKAGE_FTP=  Yes
>  PERMIT_DISTFILES_CDROM=      Yes
>  PERMIT_DISTFILES_FTP=        Yes
> -WANTLIB=             c pcap
>  
> +WANTLIB=     c pcap
> +LIB_DEPENDS= pcre::devel/pcre
> +
>  NO_REGRESS=  Yes
>  
>  USE_GMAKE=   Yes
> @@ -24,6 +26,9 @@ USE_LIBTOOL=        Yes
>  AUTOCONF_VERSION= 2.60
>  CONFIGURE_STYLE= autoconf no-autoheader
>  CONFIGURE_ARGS+= --enable-ipv6 \
> -              --enable-pcre
> +              --enable-pcre \
> +              --with-dropprivs-user=_ngrep
> +CONFIGURE_ENV=       CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
> +             LDFLAGS=-L${LOCALBASE}/lib
>  
>  .include <bsd.port.mk>
> Index: patches/patch-Makefile_in
> ===================================================================
> RCS file: /cvs/ports/net/ngrep/patches/patch-Makefile_in,v
> retrieving revision 1.3
> diff -N -u -p patches/patch-Makefile_in
> --- patches/patch-Makefile_in 23 Jul 2005 19:41:21 -0000      1.3
> +++ patches/patch-Makefile_in 26 Mar 2009 22:32:02 -0000
> @@ -1,7 +1,16 @@
> ---- Makefile.in.orig Thu Jun 30 13:08:14 2005
> -+++ Makefile.in      Fri Jul 22 20:20:25 2005
> -@@ -25,9 +25,9 @@ exec_prefix = @exec_prefix@
> +--- Makefile.in.orig Tue Nov 28 13:35:37 2006
> ++++ Makefile.in      Thu Mar 26 22:14:15 2009
> +@@ -11,7 +11,7 @@ cfla...@cflags@ -...@os@ @DEFS@ @EXTRA_DEFINES@ 
> + includes...@srcdir@ @PCAP_INCLUDE@ @EXTRA_INCLUDES@
>   
> + ldfla...@ldflags@ @PCAP_LINK@
> +-LIBS=-lpcap @EXTRA_LIBS@ 
> ++li...@libs@ @EXTRA_LIBS@ 
> + 
> + stripfl...@stripflag@
> + 
> +@@ -25,14 +25,14 @@ exec_prefix = @exec_prefix@
> + 
>   bindir      = $(prefix)/bin
>   datadir     = $(prefix)/share
>  -mandir      = $(datadir)/man
> @@ -12,3 +21,29 @@
>   MANDIR_INSTALL = $(mandir)/man8
>   
>   INSTALL = ./install-sh
> + 
> +-regex_d...@regex_dir@
> ++#regex_d...@regex_dir@
> + regex_ob...@regex_objs@
> + 
> + 
> +@@ -55,15 +55,15 @@ install: $(TARGET)
> +     $(CC) $(CFLAGS) $(INCLUDES) -g -c $<
> + 
> + clean:
> +-    make -C $(REGEX_DIR) clean
> ++    #make -C $(REGEX_DIR) clean
> +     rm -f *~ $(OBJS) $(REGEX_OBJS) $(TARGET) $(TARGET).static
> + 
> + distclean: clean 
> +-    make -C $(REGEX_DIR) distclean
> ++    #make -C $(REGEX_DIR) distclean
> +     rm -f config.status config.cache config.log config.h Makefile 
> + 
> +-$(REGEX_OBJS): $(REGEX_OBJS:.o=.c) $(REGEX_DIR)/*.h
> +-    $(MAKE) $(MAKEFLAGS) -C $(REGEX_DIR) $(notdir $(REGEX_OBJS))
> ++#$(REGEX_OBJS): $(REGEX_OBJS:.o=.c) $(REGEX_DIR)/*.h
> ++#   $(MAKE) $(MAKEFLAGS) -C $(REGEX_DIR) $(notdir $(REGEX_OBJS))
> + 
> + $(OBJS): Makefile ngrep.c ngrep.h
> + 
> Index: patches/patch-configure_in
> ===================================================================
> RCS file: /cvs/ports/net/ngrep/patches/patch-configure_in,v
> retrieving revision 1.2
> diff -N -u -p patches/patch-configure_in
> --- patches/patch-configure_in        23 Jul 2005 19:41:21 -0000      1.2
> +++ patches/patch-configure_in        26 Mar 2009 22:32:02 -0000
> @@ -1,9 +1,61 @@
> ---- configure.in.orig        Thu Jun 30 13:22:15 2005
> -+++ configure.in     Fri Jul 22 20:01:45 2005
> -@@ -196,18 +196,6 @@ unsigned short bar = foo.source;
> +--- configure.in.orig        Wed Nov 15 03:43:56 2006
> ++++ configure.in     Thu Mar 26 22:07:10 2009
> +@@ -111,47 +111,12 @@ else
> + fi
> + 
> + 
> +-dnl
> +-dnl Configure the regular expression library.
> +-dnl
> ++AC_CHECK_LIB(pcre, pcre_compile,,echo need pcre lib; exit)
> ++REGEX_OBJS=''
> ++USE_PCRE="1"
> + 
> +-AC_ARG_ENABLE(pcre,
> +-[  --enable-pcre           use PCRE instead of GNU regex],
> +-[ 
> +-  use_pcre="$enableval"
> +-],
> +-[ 
> +-  use_pcre="no"
> +-])
> +-
> +-if test $use_pcre = yes; then
> +-
> +-  echo 
> +-  echo 'Configuring Perl-Compatible Regular Expression (PCRE) library ...' 
> +-  echo 
> +-
> +-  REGEX_DIR='pcre-5.0'
> +-  REGEX_OBJS="$REGEX_DIR/pcre.o $REGEX_DIR/study.o"
> +-  USE_PCRE="1"
> +-
> +-else
> +-
> +-  echo
> +-  echo 'Configuring GNU Regular Expression library ...'
> +-  echo
> +-
> +-  REGEX_DIR='regex-0.12'
> +-  REGEX_OBJS="$REGEX_DIR/regex.o"
> +-  USE_PCRE="0"
> +-
> +-fi
> +-
> +-( cd $REGEX_DIR && ./configure )
> +-
> +-AC_SUBST(REGEX_DIR)
> + AC_SUBST(REGEX_OBJS)
> + 
> +-
> + echo
> + echo 'Configuring Network Grep (ngrep) ...'
> + echo 
> +@@ -193,18 +158,6 @@ unsigned short bar = foo.source;
> + 
>   *bsd*)
>       AC_SUBST(OS, BSD)
> - 
> +-
>  -    if test "$USE_PCAP_RESTART" = "0"; then 
>  -
>  -        AC_MSG_WARN(
> @@ -15,7 +67,6 @@
>  -    sleep 3
>  -
>  -    fi
> --
> + 
>           ;;
>   
> - *solaris*)
> Index: patches/patch-ngrep_c
> ===================================================================
> RCS file: /cvs/ports/net/ngrep/patches/Attic/patch-ngrep_c,v
> diff -N -u -p patches/patch-ngrep_c
> --- /dev/null 26 Mar 2009 22:32:02 -0000
> +++ patches/patch-ngrep_c     26 Mar 2009 22:32:02 -0000
> @@ -0,0 +1,38 @@
> +$OpenBSD$
> +--- ngrep.c.orig     Tue Nov 28 13:38:43 2006
> ++++ ngrep.c  Thu Mar 26 22:31:23 2009
> +@@ -92,7 +92,7 @@
> + #endif
> + 
> + #if USE_PCRE
> +-#include "pcre-5.0/pcre.h"
> ++#include "pcre.h"
> + #else
> + #include "regex-0.12/regex.h"
> + #endif
> +@@ -549,6 +549,10 @@ int main(int argc, char **argv) {
> +             link_offset = PPPHDR_SIZE;
> +             break;
> + 
> ++        case DLT_PPP_ETHER:
> ++            link_offset = PPPOEHDR_SIZE;
> ++            break;
> ++
> + #if HAVE_DLT_LOOP
> +         case DLT_LOOP:
> + #endif
> +@@ -1197,6 +1201,14 @@ void drop_privs(void) {
> +             perror("attempt to drop privileges failed");
> +             clean_exit(-1);
> +         }
> ++    if (chroot("/var/empty") == -1) {
> ++        perror("attempt to drop privileges failed: chroot failed");
> ++        clean_exit(-1);
> ++    }
> ++    if (chdir("/") == -1) {
> ++        perror("attempt to drop privileges failed: chdir failed");
> ++        clean_exit(-1);
> ++    }
> + 
> +     if (((getgid()  != newgid) && (setgid(newgid)  == -1)) ||
> +         ((getegid() != newgid) && (setegid(newgid) == -1)) ||
> Index: patches/patch-ngrep_h
> ===================================================================
> RCS file: patches/patch-ngrep_h
> diff -N -u -p patches/patch-ngrep_h
> --- /dev/null 26 Mar 2009 22:32:02 -0000
> +++ patches/patch-ngrep_h     26 Mar 2009 22:32:02 -0000
> @@ -0,0 +1,11 @@
> +$OpenBSD$
> +--- ngrep.h.orig     Mon Feb 23 17:19:58 2009
> ++++ ngrep.h  Mon Feb 23 17:20:00 2009
> +@@ -17,6 +17,7 @@
> + #define ETHHDR_SIZE 14
> + #define TOKENRING_SIZE 22
> + #define PPPHDR_SIZE 4
> ++#define PPPOEHDR_SIZE 8
> + #define SLIPHDR_SIZE 16
> + #define RAWHDR_SIZE 0
> + #define LOOPHDR_SIZE 4
> Index: patches/patch-regex-0_12_Makefile_in
> ===================================================================
> RCS file: /cvs/ports/net/ngrep/patches/patch-regex-0_12_Makefile_in,v
> retrieving revision 1.3
> diff -N -u -p patches/patch-regex-0_12_Makefile_in
> --- patches/patch-regex-0_12_Makefile_in      23 Jul 2005 19:41:21 -0000      
> 1.3
> +++ /dev/null 1 Nov 2007 14:18:14 -0000
> @@ -1,11 +0,0 @@
> ---- regex-0.12/Makefile.in.orig      Sat Sep 25 13:04:26 2004
> -+++ regex-0.12/Makefile.in   Fri Jul 22 17:02:42 2005
> -@@ -29,7 +29,7 @@ version = 0.12
> - CPPFLAGS = 
> - 
> - # Likewise, you can override CFLAGS to optimize, use -Wall, etc.
> --CFLAGS = -g
> -+#CFLAGS = -g
> - 
> - # Ditto for LDFLAGS and LOADLIBES.
> - LDFLAGS =
> Index: pkg/PLIST
> ===================================================================
> RCS file: /cvs/ports/net/ngrep/pkg/PLIST,v
> retrieving revision 1.5
> diff -N -u -p pkg/PLIST
> --- pkg/PLIST 15 Sep 2004 18:17:42 -0000      1.5
> +++ pkg/PLIST 26 Mar 2009 22:32:02 -0000
> @@ -1,3 +1,5 @@
>  @comment $OpenBSD: PLIST,v 1.5 2004/09/15 18:17:42 espie Exp $
> +...@newgroup _ngrep:622
> +...@newuser _ngrep:622:_ngrep::ngrep user:/nonexistent:/sbin/nologin
>  @man man/man8/ngrep.8
> -sbin/ngrep
> +...@bin sbin/ngrep
> 

-- 
"Intelligence should guide our actions, but in harmony with the
  texture of the situation at hand"
        -- Francisco Varela
  • net/ngrep diff. Stuart Henderson
    • Re: net/ngrep diff. Jasper Lievisse Adriaanse

Reply via email to