UPDATE: Ipguard-1.04

Fri, 23 Mar 2012 06:12:03 -0700 

Hi,

A little update for ipguard:


* `-c' option - pcap filter expression
* moved from verbose to debug some ARP-sanity checks (irix at ukr.net)


With the rc.d(8) script.


Works on i386.

Ok? Comments?

-- 
Sending from my Computer.

? pkg/ipguard.rc
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/ipguard/Makefile,v
retrieving revision 1.10
diff -u -p -r1.10 Makefile
--- Makefile    11 May 2011 08:24:40 -0000      1.10
+++ Makefile    23 Mar 2012 13:01:17 -0000
@@ -2,9 +2,8 @@
 
 COMMENT =      protect LAN IP address space by ARP spoofing
 
-DISTNAME =     ipguard-1.02
+DISTNAME =     ipguard-1.04
 CATEGORIES =   security
-REVISION =     1
 
 HOMEPAGE =     http://ipguard.deep.perm.ru/
 MASTER_SITES = ${HOMEPAGE}files/
@@ -21,7 +20,6 @@ WANTLIB =     c pcap lib/libnet-1.1/net=11
 
 LIB_DEPENDS =  libnet->=1.1.2.1p0,<1.2:net/libnet/1.1
 
-USE_GROFF =    Yes
 NO_REGRESS =   Yes
 
 .include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/ipguard/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo    5 Dec 2008 22:07:07 -0000       1.3
+++ distinfo    23 Mar 2012 13:01:17 -0000
@@ -1,5 +1,5 @@
-MD5 (ipguard-1.02.tar.gz) = VlyGxUeypsq1qKcb45sRsw==
-RMD160 (ipguard-1.02.tar.gz) = vCQxx/5gAZElAqOKttqpaKDJLzU=
-SHA1 (ipguard-1.02.tar.gz) = z4NCj+DZUJhdXDs1jqR79K+hbLM=
-SHA256 (ipguard-1.02.tar.gz) = YCWKCY6mH7LQk7XqMkMkd/otiH7RjKxB+NXUKFfh/u4=
-SIZE (ipguard-1.02.tar.gz) = 25253
+MD5 (ipguard-1.04.tar.gz) = f0T3wxh28NaHkvAgR+JUCQ==
+RMD160 (ipguard-1.04.tar.gz) = R4HW1BY3tb8c7pmqWfaHzgDIFZo=
+SHA1 (ipguard-1.04.tar.gz) = vyB0U5qMW3+lDzdu1vEd9G2pMnw=
+SHA256 (ipguard-1.04.tar.gz) = lb+XrixYgn401A2qcGXFEH05pn65LiFk93WIRvQ8Qf4=
+SIZE (ipguard-1.04.tar.gz) = 24566
Index: patches/patch-Makefile
===================================================================
RCS file: /cvs/ports/security/ipguard/patches/patch-Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 patch-Makefile
--- patches/patch-Makefile      5 Dec 2008 22:07:07 -0000       1.3
+++ patches/patch-Makefile      23 Mar 2012 13:01:17 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-Makefile,v 1.3 2008/12/05 22:07:07 sthen Exp $
---- Makefile.orig      Mon Nov 24 18:03:11 2008
-+++ Makefile   Fri Nov 28 13:42:13 2008
-@@ -9,12 +9,12 @@ PREFIX?=/usr/local
+--- Makefile.orig      Mon Jul 12 00:46:36 2010
++++ Makefile   Thu Mar 22 11:35:20 2012
+@@ -10,12 +10,12 @@ PREFIX?=/usr/local
  ETHERS?=/etc/ethers
  
  ## FreeBSD
Index: patches/patch-doc_ipguard_8
===================================================================
RCS file: /cvs/ports/security/ipguard/patches/patch-doc_ipguard_8,v
retrieving revision 1.2
diff -u -p -r1.2 patch-doc_ipguard_8
--- patches/patch-doc_ipguard_8 5 Dec 2008 22:07:07 -0000       1.2
+++ patches/patch-doc_ipguard_8 23 Mar 2012 13:01:17 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-doc_ipguard_8,v 1.2 2008/12/05 22:07:07 sthen Exp $
---- doc/ipguard.8.orig Fri Nov 28 13:49:29 2008
-+++ doc/ipguard.8      Fri Nov 28 13:50:08 2008
-@@ -60,10 +60,10 @@ in local ethernet segment.
+--- doc/ipguard.8.orig Mon Jul 12 00:46:52 2010
++++ doc/ipguard.8      Thu Mar 22 11:35:20 2012
+@@ -64,10 +64,10 @@ in local ethernet segment.
  Ethers file. Format of `ethers' file described in `ethers.sample' and 
ethers(5). Default `/etc/ethers'.
  .TP
  .B \-l " \fIlog\fP"
@@ -14,7 +14,7 @@ $OpenBSD: patch-doc_ipguard_8,v 1.2 2008
  .TP
  .B \-m " \fImac\fP"
  Fake MAC address. Will be sent in ARP reply as MAC of unlisted computer. 
Default `de:ad:xx:xx:xx:xx', `x' == random hex number.
-@@ -163,10 +163,10 @@ dump new MAC-IP table in ethers(5) format
+@@ -176,10 +176,10 @@ dump new MAC-IP table in ethers(5) format
  .B /etc/ethers
  MAC-IP pairs list
  .TP
@@ -27,7 +27,7 @@ $OpenBSD: patch-doc_ipguard_8,v 1.2 2008
  pid file
  
  .SH SEE ALSO
-@@ -176,8 +176,6 @@ RFC 826, ethers(5), tcpdump(1), pcap(3), libnet
+@@ -189,8 +189,6 @@ RFC 826, ethers(5), tcpdump(1), pcap(3), libnet
  .SH BUGS
  .PP
  Do not use wildcard IP 0.0.0.0 in `ethers' with -x option. Legal clients will 
be banned. Discovered by irix.
Index: patches/patch-ipguard_c
===================================================================
RCS file: /cvs/ports/security/ipguard/patches/patch-ipguard_c,v
retrieving revision 1.2
diff -u -p -r1.2 patch-ipguard_c
--- patches/patch-ipguard_c     5 Dec 2008 22:07:07 -0000       1.2
+++ patches/patch-ipguard_c     23 Mar 2012 13:01:17 -0000
@@ -1,10 +1,10 @@
 $OpenBSD: patch-ipguard_c,v 1.2 2008/12/05 22:07:07 sthen Exp $
---- ipguard.c.orig     Mon Nov 24 18:46:11 2008
-+++ ipguard.c  Fri Nov 28 13:42:13 2008
-@@ -72,6 +72,7 @@ int main(int argc, char *argv[]) {
+--- ipguard.c.orig     Mon Jul 12 00:46:36 2010
++++ ipguard.c  Thu Mar 22 11:36:33 2012
+@@ -75,6 +75,7 @@ int main(int argc, char *argv[]) {
      srand((unsigned int) getpid());
  
-     iface[0] = fmac[0] = log_name[0] = pid_name[0] = suser[0] = '\0';
+     iface[0] = fmac[0] = pfmac[0] = pcapf[0] = log_name[0] = pid_name[0] = 
suser[0] = '\0';
 +    strlcpy(suser, "_ipguard", MAXLOGNAME);
      strncpy(ethers_name, ETHERSFILE, PATH_MAX);
      strncpy(fmac, FAKEMAC, 18);
Index: patches/patch-ipguard_h
===================================================================
RCS file: /cvs/ports/security/ipguard/patches/patch-ipguard_h,v
retrieving revision 1.2
diff -u -p -r1.2 patch-ipguard_h
--- patches/patch-ipguard_h     5 Dec 2008 22:07:07 -0000       1.2
+++ patches/patch-ipguard_h     23 Mar 2012 13:01:17 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-ipguard_h,v 1.2 2008/12/05 22:07:07 sthen Exp $
---- ipguard.h.orig     Fri Nov 28 13:45:11 2008
-+++ ipguard.h  Fri Nov 28 13:49:18 2008
-@@ -50,8 +50,8 @@
+--- ipguard.h.orig     Mon Jul 12 00:46:36 2010
++++ ipguard.h  Thu Mar 22 11:35:20 2012
+@@ -52,8 +52,8 @@
  #define MAIL            "sead at deep.perm.ru"
  
  #define ETHERSFILE      ETHERS
@@ -10,5 +10,5 @@ $OpenBSD: patch-ipguard_h,v 1.2 2008/12/
 +#define LOGNAME         "/var/log/ipguard/ipguard"
 +#define PIDNAME         "/var/run/ipguard/ipguard"
  #define FAKEMAC         "de:ad:xx:xx:xx:xx"
- #define PCAP_FILTER     "arp"
+ #define PCAPFSIZ        128
  
Index: pkg/MESSAGE
===================================================================
RCS file: /cvs/ports/security/ipguard/pkg/MESSAGE,v
retrieving revision 1.1
diff -u -p -r1.1 MESSAGE
--- pkg/MESSAGE 21 Nov 2008 13:57:31 -0000      1.1
+++ pkg/MESSAGE 23 Mar 2012 13:01:17 -0000
@@ -1,12 +1,6 @@
-To have ipguard start at boot time, add the following line
-to /etc/rc.conf.local, substituting the flags as needed:
+You have a rc.d(8) file to start ipguard at boot time, as
+example the file /etc/rc.d/ipguard have set the device
+em(4), you need to change this for your own device in
+the line:
 
-ipguard_flags="<interface>"
-
-and to /etc/rc.local:
-
-if [ "${ipguard_flags}" != "NO" -a -x ${PREFIX}/sbin/ipguard ]; then
-       install -d -o _ipguard /var/run/ipguard
-       ${PREFIX}/sbin/ipguard ${ipguard_flags}
-       echo -n ' ipguard'
-fi
+daemon_flags="em0"
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/ipguard/pkg/PLIST,v
retrieving revision 1.5
diff -u -p -r1.5 PLIST
--- pkg/PLIST   11 May 2011 08:24:40 -0000      1.5
+++ pkg/PLIST   23 Mar 2012 13:01:17 -0000
@@ -6,3 +6,4 @@
 @extraunexec rm -rf /var/log/ipguard/*
 @group _ipguard
 @sample /var/log/ipguard/
+@rcscript ${RCDIR}/ipguard

#!/bin/sh
#
# $OpenBSD$

daemon="${TRUEPREFIX}/sbin/ipguard"
daemon_flags="em0"

. /etc/rc.d/rc.subr

rc_pre() {
        install -d -o _ipguard /var/run/ipguard
}

rc_cmd $1

Reply via email to